summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
Diffstat (limited to 'gnu')
-rw-r--r--gnu/local.mk16
-rw-r--r--gnu/packages/admin.scm10
-rw-r--r--gnu/packages/algebra.scm4
-rw-r--r--gnu/packages/audio.scm112
-rw-r--r--gnu/packages/backup.scm6
-rw-r--r--gnu/packages/bioinformatics.scm122
-rw-r--r--gnu/packages/code.scm4
-rw-r--r--gnu/packages/crypto.scm50
-rw-r--r--gnu/packages/databases.scm21
-rw-r--r--gnu/packages/disk.scm9
-rw-r--r--gnu/packages/emacs-xyz.scm53
-rw-r--r--gnu/packages/emacs.scm68
-rw-r--r--gnu/packages/emulators.scm6
-rw-r--r--gnu/packages/fonts.scm22
-rw-r--r--gnu/packages/freedesktop.scm8
-rw-r--r--gnu/packages/games.scm74
-rw-r--r--gnu/packages/gcc.scm4
-rw-r--r--gnu/packages/gnome.scm29
-rw-r--r--gnu/packages/gnucash.scm4
-rw-r--r--gnu/packages/gnuzilla.scm7
-rw-r--r--gnu/packages/kde-frameworks.scm7
-rw-r--r--gnu/packages/libedit.scm5
-rw-r--r--gnu/packages/libunwind.scm5
-rw-r--r--gnu/packages/linux.scm46
-rw-r--r--gnu/packages/lisp.scm4
-rw-r--r--gnu/packages/lxqt.scm15
-rw-r--r--gnu/packages/man.scm6
-rw-r--r--gnu/packages/markup.scm2
-rw-r--r--gnu/packages/mastodon.scm66
-rw-r--r--gnu/packages/maths.scm7
-rw-r--r--gnu/packages/mc.scm12
-rw-r--r--gnu/packages/messaging.scm4
-rw-r--r--gnu/packages/music.scm21
-rw-r--r--gnu/packages/netpbm.scm3
-rw-r--r--gnu/packages/networking.scm18
-rw-r--r--gnu/packages/opencl.scm2
-rw-r--r--gnu/packages/package-management.scm4
-rw-r--r--gnu/packages/patches/musescore-fix-use_webengine.patch165
-rw-r--r--gnu/packages/patches/netpbm-CVE-2017-2586.patch21
-rw-r--r--gnu/packages/patches/netpbm-CVE-2017-2587.patch35
-rw-r--r--gnu/packages/patches/openssl-CVE-2019-1559.patch60
-rw-r--r--gnu/packages/patches/wesnoth-newer-boost.patch46
-rw-r--r--gnu/packages/patches/wpa-supplicant-CVE-2017-13082.patch182
-rw-r--r--gnu/packages/patches/wpa-supplicant-CVE-2018-14526.patch53
-rw-r--r--gnu/packages/patches/wpa-supplicant-fix-key-reuse.patch448
-rw-r--r--gnu/packages/patches/wpa-supplicant-fix-nonce-reuse.patch72
-rw-r--r--gnu/packages/patches/wpa-supplicant-fix-zeroed-keys.patch86
-rw-r--r--gnu/packages/patches/wpa-supplicant-krack-followups.patch275
-rw-r--r--gnu/packages/plotutils.scm3
-rw-r--r--gnu/packages/python-crypto.scm8
-rw-r--r--gnu/packages/regex.scm4
-rw-r--r--gnu/packages/rsync.scm40
-rw-r--r--gnu/packages/rust.scm5
-rw-r--r--gnu/packages/simulation.scm4
-rw-r--r--gnu/packages/speech.scm101
-rw-r--r--gnu/packages/spice.scm16
-rw-r--r--gnu/packages/ssh.scm15
-rw-r--r--gnu/packages/tcl.scm8
-rw-r--r--gnu/packages/tex.scm7
-rw-r--r--gnu/packages/textutils.scm35
-rw-r--r--gnu/packages/tls.scm16
-rw-r--r--gnu/packages/version-control.scm16
-rw-r--r--gnu/packages/video.scm14
-rw-r--r--gnu/packages/virtualization.scm91
-rw-r--r--gnu/packages/xdisorg.scm6
-rw-r--r--gnu/services/desktop.scm1
66 files changed, 914 insertions, 1775 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index e58e0125ec..6286f726c0 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -12,7 +12,7 @@
 # Copyright © 2016, 2017, 2018, 2019 Alex Vong <alexvong1995@gmail.com>
 # Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 # Copyright © 2016, 2017 Jan Nieuwenhuizen <janneke@gnu.org>
-# Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+# Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
 # Copyright © 2017, 2018 Clément Lassieur <clement@lassieur.org>
 # Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 # Copyright © 2017, 2018 Gábor Boskovits <boskovits@gmail.com>
@@ -296,8 +296,9 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/lxqt.scm				\
   %D%/packages/m4.scm				\
   %D%/packages/machine-learning.scm		\
-  %D%/packages/man.scm				\
   %D%/packages/magic-wormhole.scm		\
+  %D%/packages/man.scm				\
+  %D%/packages/mastodon.scm			\
   %D%/packages/mail.scm				\
   %D%/packages/make-bootstrap.scm		\
   %D%/packages/markup.scm			\
@@ -1061,11 +1062,12 @@ dist_patch_DATA =						\
   %D%/packages/patches/mumps-build-parallelism.patch		\
   %D%/packages/patches/mupen64plus-ui-console-notice.patch	\
   %D%/packages/patches/mupen64plus-video-z64-glew-correct-path.patch    \
-  %D%/packages/patches/musescore-fix-use_webengine.patch 	\
   %D%/packages/patches/mutt-store-references.patch		\
   %D%/packages/patches/m4-gnulib-libio.patch			\
   %D%/packages/patches/netcdf-date-time.patch			\
   %D%/packages/patches/netcdf-tst_h_par.patch			\
+  %D%/packages/patches/netpbm-CVE-2017-2586.patch		\
+  %D%/packages/patches/netpbm-CVE-2017-2587.patch		\
   %D%/packages/patches/netsurf-message-timestamp.patch		\
   %D%/packages/patches/netsurf-system-utf8proc.patch		\
   %D%/packages/patches/netsurf-y2038-tests.patch		\
@@ -1097,6 +1099,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/openssl-runpath.patch			\
   %D%/packages/patches/openssl-1.1-c-rehash-in.patch		\
   %D%/packages/patches/openssl-c-rehash-in.patch		\
+  %D%/packages/patches/openssl-CVE-2019-1559.patch		\
   %D%/packages/patches/orpheus-cast-errors-and-includes.patch	\
   %D%/packages/patches/osip-CVE-2017-7853.patch			\
   %D%/packages/patches/ots-no-include-missing-file.patch	\
@@ -1318,7 +1321,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/wavpack-CVE-2018-7253.patch		\
   %D%/packages/patches/wavpack-CVE-2018-7254.patch		\
   %D%/packages/patches/weechat-python.patch			\
-  %D%/packages/patches/wesnoth-newer-boost.patch		\
   %D%/packages/patches/wicd-bitrate-none-fix.patch		\
   %D%/packages/patches/wicd-get-selected-profile-fix.patch	\
   %D%/packages/patches/wicd-urwid-1.3.patch			\
@@ -1329,12 +1331,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/wordnet-CVE-2008-2149.patch			\
   %D%/packages/patches/wordnet-CVE-2008-3908-pt1.patch			\
   %D%/packages/patches/wordnet-CVE-2008-3908-pt2.patch			\
-  %D%/packages/patches/wpa-supplicant-CVE-2017-13082.patch	\
-  %D%/packages/patches/wpa-supplicant-CVE-2018-14526.patch	\
-  %D%/packages/patches/wpa-supplicant-fix-key-reuse.patch	\
-  %D%/packages/patches/wpa-supplicant-fix-zeroed-keys.patch	\
-  %D%/packages/patches/wpa-supplicant-fix-nonce-reuse.patch	\
-  %D%/packages/patches/wpa-supplicant-krack-followups.patch	\
   %D%/packages/patches/x265-arm-flags.patch			\
   %D%/packages/patches/xf86-video-ark-remove-mibstore.patch	\
   %D%/packages/patches/xf86-video-geode-glibc-2.20.patch	\
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 97160b8f8e..36a76186f6 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -1070,22 +1070,16 @@ commands and their arguments.")
 (define-public wpa-supplicant-minimal
   (package
     (name "wpa-supplicant-minimal")
-    (version "2.6")
+    (version "2.7")
     (source (origin
               (method url-fetch)
               (uri (string-append
                     "https://w1.fi/releases/wpa_supplicant-"
                     version
                     ".tar.gz"))
-              (patches (search-patches "wpa-supplicant-CVE-2017-13082.patch"
-                                       "wpa-supplicant-CVE-2018-14526.patch"
-                                       "wpa-supplicant-fix-key-reuse.patch"
-                                       "wpa-supplicant-fix-zeroed-keys.patch"
-                                       "wpa-supplicant-fix-nonce-reuse.patch"
-                                       "wpa-supplicant-krack-followups.patch"))
               (sha256
                (base32
-                "0l0l5gz3d5j9bqjsbjlfcv4w4jwndllp9fmyai4x9kg6qhs6v4xl"))))
+                "0x1hqyahq44jyla8jl6791nnwrgicrhidadikrnqxsm2nw36pskn"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
diff --git a/gnu/packages/algebra.scm b/gnu/packages/algebra.scm
index f9ae22b3f3..67385d1875 100644
--- a/gnu/packages/algebra.scm
+++ b/gnu/packages/algebra.scm
@@ -246,7 +246,7 @@ precision.")
 (define-public giac-xcas
   (package
     (name "giac-xcas")
-    (version "1.5.0-37")
+    (version "1.5.0-43")
     (source (origin
               (method url-fetch)
               ;; "~parisse/giac" is not used because the maintainer regularly
@@ -258,7 +258,7 @@ precision.")
                                   "source/giac_" version ".tar.gz"))
               (sha256
                (base32
-                "1c6jmswv3ay13n6mjgh9w7nbpdgm5lbwdcmva5sli3vqn4chn3vq"))))
+                "1j58cvpiddzxswfdh4ixyj1xsva7qwk8xjls29nqvryyykdfm4dp"))))
     (build-system gnu-build-system)
     (outputs '("out" "doc"))            ;77MiB of documentation
     (arguments
diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm
index 4dbd6bac79..d395a52f29 100644
--- a/gnu/packages/audio.scm
+++ b/gnu/packages/audio.scm
@@ -14,7 +14,7 @@
 ;;; Copyright © 2018 Maxim Cournoyer <maxim.cournoyer@gmail.com>
 ;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2018 Brett Gilio <brettg@posteo.net>
-;;; Copyright © 2018 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2018, 2019 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2018 Thorsten Wilms <t_w_@freenet.de>
 ;;; Copyright © 2018 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2018 Brendan Tildesley <brendan.tildesley@openmailbox.org>
@@ -624,59 +624,6 @@ guitar amplification and a small range of classic effects, signal processors and
 generators of mostly elementary and occasionally exotic nature.")
     (license license:gpl3+)))
 
-(define-public espeak
-  (package
-    (name "espeak")
-    (version "1.48.04")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "mirror://sourceforge/espeak/espeak/"
-                                  "espeak-" (version-major+minor version)
-                                  "/espeak-" version "-source.zip"))
-              (sha256
-               (base32
-                "0n86gwh9pw0jqqpdz7mxggllfr8k0r7pc67ayy7w5z6z79kig6mz"))
-              (modules '((guix build utils)))
-              (snippet
-               ;; remove prebuilt binaries
-               '(begin
-                  (delete-file-recursively "linux_32bit")
-                  #t))))
-    (build-system gnu-build-system)
-    (arguments
-     `(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
-                          (string-append "DATADIR="
-                                         (assoc-ref %outputs "out")
-                                         "/share/espeak-data")
-                          (string-append "LDFLAGS=-Wl,-rpath="
-                                         (assoc-ref %outputs "out")
-                                         "/lib")
-                          "AUDIO=pulseaudio")
-       #:tests? #f ; no check target
-       #:phases
-       (modify-phases %standard-phases
-         (replace 'configure
-           (lambda _
-             (chdir "src")
-             ;; We use version 19 of the PortAudio library, so we must copy the
-             ;; corresponding file to be sure that espeak compiles correctly.
-             (copy-file "portaudio19.h" "portaudio.h")
-             (substitute* "Makefile"
-               (("/bin/ln") "ln"))
-             #t)))))
-       (inputs
-        `(("portaudio" ,portaudio)
-          ("pulseaudio" ,pulseaudio)))
-       (native-inputs `(("unzip" ,unzip)))
-       (home-page "http://espeak.sourceforge.net/")
-       (synopsis "Software speech synthesizer")
-       (description "eSpeak is a software speech synthesizer for English and
-other languages.  eSpeak uses a \"formant synthesis\" method.  This allows many
-languages to be provided in a small size.  The speech is clear, and can be used
-at high speeds, but is not as natural or smooth as larger synthesizers which are
-based on human speech recordings.")
-       (license license:gpl3+)))
-
 (define-public infamous-plugins
   (package
     (name "infamous-plugins")
@@ -2135,6 +2082,39 @@ buffers, and audio capture.")
 and ALSA.")
     (license license:gpl3+)))
 
+(define-public pcaudiolib
+  (package
+    (name "pcaudiolib")
+    (version "1.1")
+    (home-page "https://github.com/espeak-ng/pcaudiolib")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference (url home-page) (commit version)))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "0c55hlqqh0m7bcb3nlgv1s4a22s5bgczr1cakjh3767rjb10khi0"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags '("--disable-static")))
+    (native-inputs
+     `(("autoconf" ,autoconf)
+       ("automake" ,automake)
+       ("libtool" ,libtool)
+       ("pkg-config" ,pkg-config)
+       ("which" ,which)))
+    (inputs
+     `(("alsa-lib" ,alsa-lib)
+       ("pulseaudio" ,pulseaudio)))
+    (synopsis "Portable C audio library")
+    (description
+     "The Portable C Audio Library (pcaudiolib) provides a C@tie{}API to
+different audio devices such as ALSA or PulseAudio.")
+    (license (list license:gpl3+
+                   ;; The bundled TPCircularBuffer uses a custom license.
+                   (license:non-copyleft
+                    "file://src/TPCircularBuffer/README.markdown")))))
+
 (define-public qjackctl
   (package
     (name "qjackctl")
@@ -2205,7 +2185,7 @@ background file post-processing.")
 (define-public supercollider
   (package
     (name "supercollider")
-    (version "3.10.1")
+    (version "3.10.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2214,7 +2194,7 @@ background file post-processing.")
                     "/SuperCollider-" version "-Source-linux.tar.bz2"))
               (sha256
                (base32
-                "1yszs9j3sjk8hb8xxz30z3nd4j899ymb9mw9y1v26ikd603d1iig"))))
+                "0ynz1ydcpsd5h57h1n4a7avm6p1cif5a8rkmz4qpr46pr8z9p6iq"))))
     (build-system cmake-build-system)
     (arguments
      `(#:configure-flags '("-DSYSTEM_BOOST=on" "-DSYSTEM_YAMLCPP=on"
@@ -2263,26 +2243,6 @@ background file post-processing.")
                (("add_subdirectory\\(sclang\\)")
                 ""))
              (delete-file "testsuite/sclang/CMakeLists.txt")
-             #t))
-         ;; TODO: Remove after version 3.9.2 is released
-         ;; (see: https://github.com/supercollider/supercollider/pull/3558).
-         (add-after 'disable-broken-tests 'apply-system-yaml-cpp-fix
-           (lambda _
-             ;; cmake: correctly include yaml-cpp (commit f82cec5ae).
-             (substitute* "editors/sc-ide/CMakeLists.txt"
-               (("external_libraries/boost\\)$")
-                "external_libraries/boost)
-include_directories(${YAMLCPP_INCLUDE_DIR})")
-               (("    yaml")
-                "    ${YAMLCPP_LIBRARY}"))
-             ;; set YAMLCPP_LIBRARY and YAMLCPP_INCLUDE_DIR if not using
-             ;; system (commit 031922987).
-             (substitute* "external_libraries/CMakeLists.txt"
-               (("set_property\\( TARGET yaml PROPERTY FOLDER 3rdparty \\)")
-                "set_property( TARGET yaml PROPERTY FOLDER 3rdparty )
-set(YAMLCPP_LIBRARY yaml)
-set(YAMLCPP_INCLUDE_DIR ${CMAKE_SOURCE_DIR}/\
-external_libraries/yaml-cpp/include)"))
              #t)))))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index d615a417e0..b54ac0b3ef 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -95,7 +95,7 @@
      `(("lockfile" ,python2-lockfile)
        ("urllib3" ,python2-urllib3)))
     (inputs
-     `(("librsync" ,librsync)
+     `(("librsync" ,librsync-0.9)
        ("lftp" ,lftp)
        ("gnupg" ,gnupg)                 ; gpg executable needed
        ("util-linux" ,util-linux)       ; for setsid
@@ -362,7 +362,7 @@ list and implement the backup strategy.")
          "0miklk4bqblpyzh1bni4x6lqn88fa8fjn15x1k1n8bxkx60nlymd"))))
     (build-system gnu-build-system)
     (inputs
-     `(("librsync" ,librsync)))
+     `(("librsync" ,librsync-0.9)))
     (arguments
      `(#:make-flags `(,(string-append "PREFIX=" (assoc-ref %outputs "out"))
                       "CC=gcc")
@@ -395,7 +395,7 @@ errors.")
     (build-system python-build-system)
     (inputs
      `(("python" ,python-2)
-       ("librsync" ,librsync)))
+       ("librsync" ,librsync-0.9)))
     (arguments
      `(#:python ,python-2
        #:tests? #f))
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index 5dc3945035..23976ceda0 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -2308,6 +2308,23 @@ data and settings.")
      `(#:tests? #f                      ; there are no tests
        #:phases
        (modify-phases %standard-phases
+         (add-after 'unpack 'fix-latex-errors
+           (lambda _
+             (with-fluids ((%default-port-encoding #f))
+               (substitute* "doc/references.bib"
+                 (("\\{S\\}illanp[^,]+,")
+                  "{S}illanp{\\\"a}{\\\"a},")))
+             ;; XXX: I just can't get pdflatex to not complain about these
+             ;; characters.  They end up in the manual via the generated
+             ;; discrover-cli-help.txt.
+             (substitute* "src/hmm/cli.cpp"
+               (("µ") "mu")
+               (("η") "eta")
+               (("≤") "<="))
+             ;; This seems to be a syntax error.
+             (substitute* "doc/discrover-manual.tex"
+               (("theverbbox\\[t\\]") "theverbbox"))
+             #t))
          (add-after 'unpack 'add-missing-includes
            (lambda _
              (substitute* "src/executioninformation.hpp"
@@ -2316,28 +2333,28 @@ data and settings.")
              (substitute* "src/plasma/fasta.hpp"
                (("#define FASTA_HPP" line)
                 (string-append line "\n#include <random>")))
-             #t)))))
+             #t))
+         ;; FIXME: this is needed because we're using texlive-union, which
+         ;; doesn't handle fonts correctly.  It expects to be able to generate
+         ;; fonts in the home directory.
+         (add-before 'build 'setenv-HOME
+           (lambda _ (setenv "HOME" "/tmp") #t)))))
     (inputs
      `(("boost" ,boost)
-       ("cairo" ,cairo)))
+       ("cairo" ,cairo)
+       ("rmath-standalone" ,rmath-standalone)))
     (native-inputs
-     `(("texlive" ,texlive)
-       ;; TODO: Replace texlive with minimal texlive-union.
-       ;; ("texlive" ,(texlive-union (list texlive-latex-doi
-       ;;                             texlive-latex-hyperref
-       ;;                             texlive-latex-oberdiek
-       ;;                             texlive-generic-ifxetex
-       ;;                             texlive-latex-url
-       ;;                             texlive-latex-pgf
-       ;;                             texlive-latex-examplep
-       ;;                             texlive-latex-natbib
-       ;;                             texlive-latex-verbatimbox
-       ;;                             texlive-latex-ms
-       ;;                             texlive-latex-xcolor
-       ;;                             texlive-fonts-amsfonts
-       ;;                             texlive-latex-amsfonts
-       ;;                             ;; ...
-       ;;                             )))
+     `(("texlive" ,(texlive-union (list texlive-fonts-cm
+                                        texlive-fonts-amsfonts
+
+                                        texlive-latex-doi
+                                        texlive-latex-examplep
+                                        texlive-latex-hyperref
+                                        texlive-latex-ms
+                                        texlive-latex-natbib
+                                        texlive-bibtex         ; style files used by natbib
+                                        texlive-latex-pgf      ; tikz
+                                        texlive-latex-verbatimbox)))
        ("imagemagick" ,imagemagick)))
     (home-page "http://dorina.mdc-berlin.de/public/rajewsky/discrover/")
     (synopsis "Discover discriminative nucleotide sequence motifs")
@@ -2693,6 +2710,11 @@ results.  The FASTX-Toolkit tools perform some of these preprocessing tasks.")
     (arguments
      `(#:phases
        (modify-phases %standard-phases
+         (add-after 'unpack 'do-not-tune-to-CPU
+           (lambda _
+             (substitute* "src/CMakeLists.txt"
+               ((" -march=native") ""))
+             #t))
          (replace 'check
            (lambda* (#:key outputs #:allow-other-keys)
              (setenv "PATH" (string-append (getcwd) ":" (getenv "PATH")))
@@ -12880,7 +12902,7 @@ expression report comparing samples in an easily configurable manner.")
 (define-public pigx-chipseq
   (package
     (name "pigx-chipseq")
-    (version "0.0.20")
+    (version "0.0.21")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/BIMSBbioinfo/pigx_chipseq/"
@@ -12888,7 +12910,7 @@ expression report comparing samples in an easily configurable manner.")
                                   "/pigx_chipseq-" version ".tar.gz"))
               (sha256
                (base32
-                "19a7dclqq0b4kqg3phiz4d4arlwfp34nm3z0rf1gkqdpsy7gghp3"))))
+                "0psgdzlnx5xwhlhpss5yvmnl7yv19y9742l97m04f7awd8w74gxs"))))
     (build-system gnu-build-system)
     ;; parts of the tests rely on access to the network
     (arguments '(#:tests? #f))
@@ -14403,3 +14425,61 @@ datasets.  A popular implementation of t-SNE uses the Barnes-Hut algorithm to
 approximate the gradient at each iteration of gradient descent.  This package
 is a Cython wrapper for FIt-SNE.")
     (license license:bsd-4)))
+
+(define-public velvet
+  (package
+    (name "velvet")
+    (version "1.2.10")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://www.ebi.ac.uk/~zerbino/velvet/"
+                                  "velvet_" version ".tgz"))
+              (sha256
+               (base32
+                "0h3njwy66p6bx14r3ar1byb0ccaxmxka4c65rn4iybyiqa4d8kc8"))
+              ;; Delete bundled libraries
+              (modules '((guix build utils)))
+              (snippet
+               '(begin
+                  (delete-file "Manual.pdf")
+                  (delete-file-recursively "third-party")
+                  #t))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:make-flags '("OPENMP=t")
+       #:test-target "test"
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (add-after 'unpack 'fix-zlib-include
+           (lambda _
+             (substitute* "src/binarySequences.c"
+               (("../third-party/zlib-1.2.3/zlib.h") "zlib.h"))
+             #t))
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (bin (string-append out "/bin"))
+                    (doc (string-append out "/share/doc/velvet")))
+               (mkdir-p bin)
+               (mkdir-p doc)
+               (install-file "velveth" bin)
+               (install-file "velvetg" bin)
+               (install-file "Manual.pdf" doc)
+               (install-file "Columbus_manual.pdf" doc)
+               #t))))))
+    (inputs
+     `(("openmpi" ,openmpi)
+       ("zlib" ,zlib)))
+    (native-inputs
+     `(("texlive" ,(texlive-union (list texlive-latex-graphics
+                                        texlive-latex-hyperref)))))
+    (home-page "https://www.ebi.ac.uk/~zerbino/velvet/")
+    (synopsis "Nucleic acid sequence assembler for very short reads")
+    (description
+     "Velvet is a de novo genomic assembler specially designed for short read
+sequencing technologies, such as Solexa or 454.  Velvet currently takes in
+short read sequences, removes errors then produces high quality unique
+contigs.  It then uses paired read information, if available, to retrieve the
+repeated areas between contigs.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/code.scm b/gnu/packages/code.scm
index cfe014e81e..093e36f4a4 100644
--- a/gnu/packages/code.scm
+++ b/gnu/packages/code.scm
@@ -60,14 +60,14 @@
 (define-public cflow
   (package
     (name "cflow")
-    (version "1.5")
+    (version "1.6")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnu/cflow/cflow-"
                                   version ".tar.bz2"))
               (sha256
                (base32
-                "0yq33k5ap1zpnja64n89iai4zh018ffr72wki5a6mzczd880mr3g"))))
+                "1mzd3yf0dfv8h2av5vsxxlhpk21nw064h91b2kgfrdz92r0pnj1l"))))
     (build-system gnu-build-system)
 
     ;; Needed to have cflow-mode.el installed.
diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm
index 92333753be..e0d4f27874 100644
--- a/gnu/packages/crypto.scm
+++ b/gnu/packages/crypto.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 David Thompson <davet@gnu.org>
 ;;; Copyright © 2015, 2017, 2018, 2019 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2016, 2017, 2018 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016, 2017, 2018, 2019 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox>
 ;;; Copyright © 2016, 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016, 2017 Nils Gillmann <ng0@n0.is>
@@ -68,6 +68,7 @@
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system perl)
+  #:use-module (guix build utils)
   #:use-module (srfi srfi-1)
   #:use-module (srfi srfi-26))
 
@@ -927,3 +928,50 @@ Features:
 that allows for importing token seeds, generating token codes, and various
 utility/testing functions.")
     (license license:lgpl2.1+)))
+
+(define-public hpenc
+  (package
+    (name "hpenc")
+    (version "3.0")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                     (url "https://github.com/vstakhov/hpenc")
+                     (commit version)))
+              (sha256
+               (base32
+                "1fb5yi3d2k8kd4zm7liiqagpz610y168xrr1cvn7cbq314jm2my1"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; No test suite
+       #:make-flags
+       (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
+             ;; Build the program and the docs.
+             "SUBDIRS=src doc")
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure) ; No ./configure script
+         (add-after 'unpack 'patch-path
+           (lambda _
+             (substitute* '("src/Makefile" "doc/Makefile")
+               (("/usr/bin/install")
+                "install"))))
+         (add-before 'install 'make-output-directories
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (bin (string-append out "/bin"))
+                    (man1 (string-append out "/share/man/man1")))
+               (mkdir-p bin)
+               (mkdir-p man1)
+               #t))))))
+    (inputs
+     `(("libsodium" ,libsodium)
+       ("openssl" ,openssl)))
+    (synopsis "High-performance command-line tool for stream encryption")
+    (description "Hpenc is a command-line tool for performing authenticated
+encryption (AES-GCM and ChaCha20-Poly1305) of streaming data.  It does not
+perform an asymmetric key exchange, instead requiring the user to distribute
+pre-shared keys out of band.  It is designed to handle large amounts of data
+quickly by using all your CPU cores and hardware acceleration.")
+    (home-page "https://github.com/vstakhov/hpenc")
+    (license license:bsd-3)))
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 052ebb847f..c1b6a329ee 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -1668,14 +1668,16 @@ database.")
 (define-public lmdb
   (package
     (name "lmdb")
-    (version "0.9.22")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "https://github.com/LMDB/lmdb/archive/"
-                                  "LMDB_" version ".tar.gz"))
-              (sha256
-               (base32
-                "0a7a8535csrvw71mrgx680m5d17bnxmmhcccij30idifi1cpi4pk"))))
+    (version "0.9.23")
+    (source
+     (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/LMDB/lmdb.git")
+             (commit (string-append "LMDB_" version))))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32 "0ag7l5180ajvm73y59m7sn3p52xm8m972d08cshxhpwgwa4v35k6"))))
     (build-system gnu-build-system)
     (arguments
      `(#:test-target "test"
@@ -1683,8 +1685,7 @@ database.")
        (modify-phases %standard-phases
          (replace 'configure
            (lambda* (#:key outputs #:allow-other-keys)
-             (chdir (string-append
-               (getenv "PWD") "/lmdb-LMDB_" ,version "/libraries/liblmdb"))
+             (chdir "libraries/liblmdb")
              (substitute* "Makefile"
                (("/usr/local") (assoc-ref outputs "out")))
             #t)))))
diff --git a/gnu/packages/disk.scm b/gnu/packages/disk.scm
index 16fb2014b0..006a381e26 100644
--- a/gnu/packages/disk.scm
+++ b/gnu/packages/disk.scm
@@ -200,15 +200,14 @@ scheme.")
 (define-public ddrescue
   (package
     (name "ddrescue")
-    (version "1.23")
+    (version "1.24")
     (source
      (origin
       (method url-fetch)
       (uri (string-append "mirror://gnu/ddrescue/ddrescue-"
                           version ".tar.lz"))
       (sha256
-       (base32
-        "13cd6c0x91zq10vdlyl6r5rib47bmsn5sshmkin3igwj8pa2vbm9"))))
+       (base32 "11qh0bbzf00mfb4yq35gnv5m260k4d7q9ixklry6bqvhvvp3ypab"))))
     (build-system gnu-build-system)
     (home-page "https://www.gnu.org/software/ddrescue/ddrescue.html")
     (synopsis "Data recovery utility")
@@ -711,7 +710,7 @@ to create devices with respective mappings for the ATARAID sets discovered.")
 (define-public libblockdev
   (package
     (name "libblockdev")
-    (version "2.20")
+    (version "2.21")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/storaged-project/"
@@ -719,7 +718,7 @@ to create devices with respective mappings for the ATARAID sets discovered.")
                                   version "-1/libblockdev-" version ".tar.gz"))
               (sha256
                (base32
-                "092snk5jyv48na4d46v1ckiy859zwpb3r0ivnxv3km5vzsp76y7q"))))
+                "02p13l4194j0vyd2zs7bb9dmyclcpqq8l3qv9289vjfbsvq2awii"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)
diff --git a/gnu/packages/emacs-xyz.scm b/gnu/packages/emacs-xyz.scm
index 871721af3a..36cc005549 100644
--- a/gnu/packages/emacs-xyz.scm
+++ b/gnu/packages/emacs-xyz.scm
@@ -42,6 +42,7 @@
 ;;; Copyright © 2018 Thorsten Wilms <t_w_@freenet.de>
 ;;; Copyright © 2018 Pierre Langlois <pierre.langlois@gmx.com>
 ;;; Copyright © 2018, 2019 Brett Gilio <brettg@posteo.net>
+;;; Copyright © 2019 Dimakakos Dimos <bendersteed@teknik.io>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -110,6 +111,7 @@
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pdf)
   #:use-module (gnu packages scheme)
+  #:use-module (gnu packages speech)
   #:use-module (gnu packages xiph)
   #:use-module (gnu packages mp3)
   #:use-module (gnu packages gettext)
@@ -4448,7 +4450,7 @@ like @code{org-edit-src-code} but for arbitrary regions.")
 (define-public emacs-projectile
   (package
     (name "emacs-projectile")
-    (version "0.14.0")
+    (version "2.0.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://raw.githubusercontent.com/bbatsov"
@@ -4456,7 +4458,7 @@ like @code{org-edit-src-code} but for arbitrary regions.")
               (file-name (string-append "projectile-" version ".el"))
               (sha256
                (base32
-                "1ql1wnzhblbwnv66hf2y0wq45g71hh6s9inc090lmhm1vgylbd1f"))))
+                "149hablms6n9b4wp78dz4pjz1rzyylfw9ayghq5p9d7k661mvyby"))))
     (build-system emacs-build-system)
     (propagated-inputs
      `(("emacs-dash" ,emacs-dash)
@@ -13139,17 +13141,18 @@ opposed to character-based).")
 (define-public emacs-disk-usage
   (package
     (name "emacs-disk-usage")
-    (version "1.1.0")
-    (home-page "https://gitlab.com/ambrevar/emacs-disk-usage.git")
-    (source (origin
-              (method git-fetch)
-              (uri (git-reference
-                    (url home-page)
-                    (commit version)))
-              (file-name (git-file-name name version))
-              (sha256
-               (base32
-                "1c9jmjn8vf0v4776v79pc5w0labfs4v9aysbv2w9423rg4mangbg"))))
+    (version "1.2.0")
+    (home-page "https://gitlab.com/Ambrevar/emacs-disk-usage")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://elpa.gnu.org/packages/disk-usage-"
+             version
+             ".el"))
+       (sha256
+        (base32
+         "13n6bsrz8q07fl6sd7wi5zvf01m5xw11hmrpdz7wcn49v6vs3whl"))))
     (build-system emacs-build-system)
     (synopsis "Sort and browse disk usage listings with Emacs")
     (description "Disk Usage is a file system analyzer: it offers a tabulated
@@ -13183,3 +13186,27 @@ used to link to certain Magit buffers.  Use the command
 Later you can insert it into an Org buffer using the command
 @code{org-insert-link}.")
       (license license:gpl3+))))
+
+(define-public emacs-amx
+  (package
+    (name "emacs-amx")
+    (version "3.2")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/DarwinAwardWinner/amx")
+                    (commit (string-append "v" version))))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "0bb8y1dmzyqkrb4mg6zndcsxppby3glridv2aap2pv05gv8kx7mj"))))
+    (build-system emacs-build-system)
+    (propagated-inputs `(("emacs-s" ,emacs-s)))
+    (home-page "https://github.com/DarwinAwardWinner/amx")
+    (synopsis "Alternative interface for M-x")
+    (description "Amx is an alternative interface for M-x in Emacs.  It
+provides several enhancements over the ordinary
+@code{execute-extended-command}, such as prioritizing your most-used commands
+in the completion list and showing keyboard shortcuts, and it supports several
+completion systems for selecting commands, such as ido and ivy.")
+    (license license:gpl3+)))
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index 7e8dcadf96..821065c56f 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -254,39 +254,41 @@ editor (without an X toolkit)" )
                        (package-arguments emacs)))))
 
 (define-public guile-emacs
-  (package (inherit emacs)
-    (name "guile-emacs")
-    (version "20150512.41120e0")
-    (source (origin
-              (method git-fetch)
-              (uri (git-reference
-                    (url "git://git.hcoop.net/git/bpt/emacs.git")
-                    (commit "41120e0f595b16387eebfbf731fff70481de1b4b")))
-              (file-name (string-append name "-" version "-checkout"))
-              (patches (search-patches "guile-emacs-fix-configure.patch"))
-              (sha256
-               (base32
-                "0lvcvsz0f4mawj04db35p1dvkffdqkz8pkhc0jzh9j9x2i63kcz6"))))
-    (native-inputs
-     `(("autoconf" ,autoconf)
-       ("automake" ,automake)
-       ("guile" ,guile-for-guile-emacs)
-       ,@(package-native-inputs emacs)))
-    (arguments
-     (substitute-keyword-arguments `(;; Build fails if we allow parallel build.
-                                     #:parallel-build? #f
-                                     ;; Tests aren't passing for now.
-                                     #:tests? #f
-                                     ,@(package-arguments emacs))
-       ((#:phases phases)
-        `(modify-phases ,phases
-           (add-after 'unpack 'autogen
-             (lambda _
-               (invoke "sh" "autogen.sh")))
-           ;; Build sometimes fails: deps/dispnew.d: No such file or directory
-           (add-before 'build 'make-deps-dir
-             (lambda _
-               (invoke "mkdir" "-p" "src/deps")))))))))
+  (let ((commit "41120e0f595b16387eebfbf731fff70481de1b4b")
+        (revision "0"))
+    (package (inherit emacs)
+      (name "guile-emacs")
+      (version (git-version "0.0.0" revision commit))
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://git.hcoop.net/git/bpt/emacs.git")
+                      (commit commit)))
+                (file-name (git-file-name name version))
+                (patches (search-patches "guile-emacs-fix-configure.patch"))
+                (sha256
+                 (base32
+                  "0lvcvsz0f4mawj04db35p1dvkffdqkz8pkhc0jzh9j9x2i63kcz6"))))
+      (native-inputs
+       `(("autoconf" ,autoconf)
+         ("automake" ,automake)
+         ("guile" ,guile-for-guile-emacs)
+         ,@(package-native-inputs emacs)))
+      (arguments
+       (substitute-keyword-arguments `(;; Build fails if we allow parallel build.
+                                       #:parallel-build? #f
+                                       ;; Tests aren't passing for now.
+                                       #:tests? #f
+                                       ,@(package-arguments emacs))
+         ((#:phases phases)
+          `(modify-phases ,phases
+             (add-after 'unpack 'autogen
+               (lambda _
+                 (invoke "sh" "autogen.sh")))
+             ;; Build sometimes fails: deps/dispnew.d: No such file or directory
+             (add-before 'build 'make-deps-dir
+               (lambda _
+                 (invoke "mkdir" "-p" "src/deps"))))))))))
 
 (define-public m17n-db
   (package
diff --git a/gnu/packages/emulators.scm b/gnu/packages/emulators.scm
index 184a3bc859..53d4662588 100644
--- a/gnu/packages/emulators.scm
+++ b/gnu/packages/emulators.scm
@@ -41,6 +41,7 @@
   #:use-module (gnu packages backup)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages curl)
+  #:use-module (gnu packages elf)
   #:use-module (gnu packages fonts)
   #:use-module (gnu packages fontutils)
   #:use-module (gnu packages freedesktop)
@@ -406,7 +407,7 @@ Super Game Boy, BS-X Satellaview, and Sufami Turbo.")
 (define-public mgba
   (package
     (name "mgba")
-    (version "0.7.0")
+    (version "0.7.1")
     (source (origin
               (method git-fetch)
               (uri (git-reference
@@ -415,7 +416,7 @@ Super Game Boy, BS-X Satellaview, and Sufami Turbo.")
               (file-name (git-file-name name version))
               (sha256
                (base32
-                "0s4dl4pi8rxqahvzxnh37xdgsfax36cn5wlh1srdcmabwsrfpb3w"))
+                "0q0yg2zna7gjbvpaswyykbg3lr9k3c8l8fydqa407xrgq77lahq4"))
               (modules '((guix build utils)))
               (snippet
                ;; Make sure we don't use the bundled software.
@@ -436,6 +437,7 @@ Super Game Boy, BS-X Satellaview, and Sufami Turbo.")
     (inputs `(("ffmpeg" ,ffmpeg)
               ("imagemagick" ,imagemagick)
               ("libedit" ,libedit)
+              ("libelf" ,libelf)
               ("libepoxy" ,libepoxy)
               ("libpng" ,libpng)
               ("mesa" ,mesa)
diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm
index b38816f664..6c562d977d 100644
--- a/gnu/packages/fonts.scm
+++ b/gnu/packages/fonts.scm
@@ -199,15 +199,15 @@ sans-serif designed for on-screen reading.  It is used by GNOME@tie{}3.")
 (define-public font-lato
   (package
     (name "font-lato")
-    (version "2.010")
+    (version "2.010")                   ; also update description
     (source (origin
               (method url-fetch/zipbomb)
-              (uri (string-append "http://www.latofonts.com/download/Lato2OFL.zip"))
+              (uri (string-append "https://www.latofonts.com/download/Lato2OFL.zip"))
               (sha256
                (base32
                 "1f5540g0ja1nx3ddd3ywn77xc81ssrxpq8n3gyb9sabyq2b4xda2"))))
     (build-system font-build-system)
-    (home-page "http://www.latofonts.com/lato-free-fonts/")
+    (home-page "https://www.latofonts.com/lato-free-fonts/")
     (synopsis "Lato sans-serif typeface")
     (description
      "Lato is a sanserif typeface family.  It covers over 3000 glyphs per style.
@@ -824,7 +824,7 @@ glyph designs, not just an added slant.")
     (synopsis "Typeface designed for source code")
     (description
      "Hack is designed to be a workhorse typeface for code.  It expands upon
-the Bitstream Vera & DejaVu projects, provides 1561 glyphs, and includes
+the Bitstream Vera & DejaVu projects, provides over 1,500 glyphs, and includes
 Powerline support.")
     (license
      ;; See https://github.com/source-foundry/Hack/issues/271 for details.
@@ -971,17 +971,19 @@ correct spacing.")
 (define-public font-awesome
   (package
    (name "font-awesome")
-   (version "5.7.2")
+   ;; XXX The build scripts of version 5 are not freely licensed and
+   ;; so we have to stick with version 4 for now:
+   ;; <https://bugs.gnu.org/32916>
+   (version "4.7.0")
    (source (origin
             (method url-fetch)
-            (uri (string-append
-                  "https://use.fontawesome.com/releases/v" version "/"
-                  "fontawesome-free-" version "-desktop.zip"))
+            (uri (string-append "http://fontawesome.io/assets/"
+                                name "-" version ".zip"))
             (sha256
              (base32
-              "0v8nfyjkzgi33i5arpjqzs16mgh2hx02sf906b8a9k1k7yfqpbgs"))))
+              "1m1rfwm4sjkv10j3xd2dhwk286a5912b2zgvc692cmxi5gxs68jf"))))
    (build-system font-build-system)
-   (home-page "https://fontawesome.com")
+   (home-page "http://fontawesome.io")
    (synopsis "Font that contains a rich iconset")
    (description
     "Font Awesome is a full suite of pictographic icons for easy scalable
diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm
index f01ea8cbb4..4739f25599 100644
--- a/gnu/packages/freedesktop.scm
+++ b/gnu/packages/freedesktop.scm
@@ -764,15 +764,15 @@ which speak the Mobile Interface Broadband Model (MBIM) protocol.")
 (define-public libqmi
   (package
     (name "libqmi")
-    (version "1.22.0")
+    (version "1.22.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
-                    "https://www.freedesktop.org/software/" name "/"
-                    name "-" version ".tar.xz"))
+                    "https://www.freedesktop.org/software/libqmi/"
+                    "libqmi-" version ".tar.xz"))
               (sha256
                (base32
-                "05xamy608mhvmw9zbnv9n8w3xpk96n10v5mixnvpnqgih6s9ih91"))))
+                "09w20dsgr16bgbqw5ds7r6j2s6ihwyalh9zpbjhcn7cvm0afbwgi"))))
     (build-system gnu-build-system)
     (inputs
      `(("libgudev" ,libgudev)))
diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm
index ac53979af4..53c476330b 100644
--- a/gnu/packages/games.scm
+++ b/gnu/packages/games.scm
@@ -2098,20 +2098,19 @@ falling, themeable graphics and sounds, and replays.")
 (define-public wesnoth
   (package
     (name "wesnoth")
-    (version "1.14.5")
+    (version "1.14.6")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/wesnoth/wesnoth-"
-                                  (version-major+minor version) "/wesnoth-"
-                                  version "/"
-                                  name "-" version ".tar.bz2"))
+                                  (version-major+minor version)
+                                  "/wesnoth-" version "/"
+                                  "wesnoth-" version ".tar.bz2"))
               (sha256
                (base32
-                "1kgpj2f22nnx4mwd1zis3s5ny2983aasgqsmz7wnqaq7n6a7ac85"))
-              (patches (search-patches "wesnoth-newer-boost.patch"))))
+                "0aw3czw3nq8ffakhw2libhvrhnllj61xc5lxpjqv0ig1419s1lj5"))))
     (build-system cmake-build-system)
     (arguments
-     `(#:tests? #f)) ; no check target
+     `(#:tests? #f))                    ; no check target
     (native-inputs
      `(("gettext" ,gettext-minimal)
        ("pkg-config" ,pkg-config)))
@@ -5225,54 +5224,49 @@ Github or Gitlab.")
 (define-public colobot
   (package
     (name "colobot")
-    (version "0.1.11.1-alpha")
+    (version "0.1.12-alpha")
     (source
      (origin
-       (method url-fetch)
-       (uri (string-append "https://github.com/colobot/colobot/archive/"
-                           "colobot-gold-" version ".tar.gz"))
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/colobot/colobot.git")
+             (commit (string-append "colobot-gold-" version))
+             (recursive? #t)))          ;for "data/" subdir
+       (file-name (git-file-name name version))
        (sha256
         (base32
-         "0h6f4icarramhjkxxbzz6siv3v11z5r8ghqisgr1rscw217vhmwf"))))
+         "1c181cclkrnspgs07lvndg2c81cjq3smkv7qim8c470cj88rcrp2"))))
     (build-system cmake-build-system)
     (arguments
      `(#:tests? #f                      ;no test
        #:phases
        (modify-phases %standard-phases
-         (add-after 'unpack 'unpack-data
-           (lambda* (#:key inputs #:allow-other-keys)
-             (let ((data (assoc-ref inputs "colobot-data")))
-               (invoke "tar" "-xvf" data "-Cdata" "--strip-components=1")
-               #t)))
-         (add-after 'unpack-data 'install-music
+         (add-after 'unpack 'make-git-checkout-writable
+           (lambda _
+             (for-each make-file-writable (find-files "."))
+             #t))
+         (add-after 'unpack 'fix-directories
+           (lambda _
+             (substitute* "CMakeLists.txt"
+               (("(\\$\\{CMAKE_INSTALL_PREFIX\\})/games" _ prefix)
+                (string-append prefix "/bin"))
+               (("(\\$\\{CMAKE_INSTALL_PREFIX\\}/share)/games/colobot" _ prefix)
+                (string-append prefix "/colobot")))
+             #t))
+         (add-after 'fix-directories 'install-music
+           ;; Retrieve and install music files.
            (lambda* (#:key inputs #:allow-other-keys)
              ;; Installation process tries to download music files using
-             ;; "wget" if not already present.  Since we are going to install
-             ;; them, skip "wget" command check.
+             ;; "wget" if not already present.  Since we are going another
+             ;; route, skip "wget" command check.
              (substitute* "data/music/CMakeLists.txt"
                (("find_program\\(WGET wget\\)") ""))
-             ;; Effectively install music.
+             ;; Populate "music/" directory.
              (let ((data (assoc-ref inputs "colobot-music")))
-               (invoke "tar" "-xvf" data "-Cdata/music")
-               #t)))
-         (add-after 'install 'fix-install-directory
-           ;; Move binary from "games/" to "bin/".
-           (lambda* (#:key outputs #:allow-other-keys)
-             (let ((out (assoc-ref outputs "out")))
-               (rename-file (string-append out "/games")
-                            (string-append out "/bin"))
-               #t))))))
+               (invoke "tar" "-xvf" data "-Cdata/music"))
+             #t)))))
     (native-inputs
-     `(("colobot-data"
-        ,(origin
-           (method url-fetch)
-           (uri (string-append
-                 "https://github.com/colobot/colobot-data/archive/"
-                 "colobot-gold-" version ".tar.gz"))
-           (sha256
-            (base32
-             "0riznycx2jbxmg4m9nn3mcpqws2c0s7cn2m9skz9zj1w39r5qpjy"))))
-       ("colobot-music"
+     `(("colobot-music"
         ,(origin
            (method url-fetch)
            (uri (string-append "https://colobot.info/files/music/"
diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm
index 1f1e80dde8..b9a9583410 100644
--- a/gnu/packages/gcc.scm
+++ b/gnu/packages/gcc.scm
@@ -508,14 +508,14 @@ It also includes runtime support libraries for these languages.")))
 (define-public gcc-8
   (package
     (inherit gcc-7)
-    (version "8.2.0")
+    (version "8.3.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnu/gcc/gcc-"
                                   version "/gcc-" version ".tar.xz"))
               (sha256
                (base32
-                "10007smilswiiv2ymazr3b6x2i933c0ycxrr529zh4r6p823qv0r"))
+                "0b3xv411xhlnjmin2979nxcbnidgvzqdf4nbhix99x60dkzavfk4"))
               (patches (search-patches "gcc-8-strmov-store-file-names.patch"
                                        "gcc-5.0-libvtv-runpath.patch"))))))
 
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index fdb05090e8..e0e8c850f2 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -2027,15 +2027,15 @@ Hints specification (EWMH).")
 (define-public gnumeric
   (package
     (name "gnumeric")
-    (version "1.12.36")
+    (version "1.12.44")
     (source (origin
               (method url-fetch)
-              (uri (string-append "mirror://gnome/sources/" name "/"
+              (uri (string-append "mirror://gnome/sources/gnumeric/"
                                   (version-major+minor version)  "/"
-                                  name "-" version ".tar.xz"))
+                                  "gnumeric-" version ".tar.xz"))
               (sha256
                (base32
-                "0j28qpbz9a9p80x27kcwxl5n1hf36nn2fa7dxwrbhcdx4rgy5grw"))))
+                "0147962c6ybdsj57rz95nla0rls7g545wc2n7pz59zmzyd5pksk0"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      `(;; The gnumeric developers don't worry much about failing tests.
@@ -3544,9 +3544,9 @@ such as OpenStreetMap, OpenCycleMap, OpenAerialMap, and Maps for free.")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://gnome/sources/" name "/"
+       (uri (string-append "mirror://gnome/sources/gom/"
                            (version-major+minor version) "/"
-                           name "-" version ".tar.xz"))
+                           "gom-" version ".tar.xz"))
        (sha256
         (base32
          "1zaqqwwkyiswib3v1v8wafpbifpbpak0nn2kp13pizzn9bwz1s5w"))))
@@ -4006,15 +4006,15 @@ supports image conversion, rotation, and slideshows.")
   ;; 'XDG_DATA_DIRS' appropriately set.
   (package
     (name "eog-plugins")
-    (version "3.26.2")
+    (version "3.26.3")
     (source (origin
               (method url-fetch)
-              (uri (string-append "mirror://gnome/sources/" name "/"
+              (uri (string-append "mirror://gnome/sources/eog-plugins/"
                                   (version-major+minor version) "/"
-                                  name "-" version ".tar.xz"))
+                                  "eog-plugins-" version ".tar.xz"))
               (sha256
                (base32
-                "1w8zw7kwfvlwlyb1k1inqdvbwnzq959sqawlmnwfb8ykn98hbk8y"))))
+                "06fnjs2p18ad5vk07z685cx26sc7d3azywss00w9xvz794b2i1g3"))))
     (build-system gnu-build-system)
     (home-page "https://wiki.gnome.org/Apps/EyeOfGnome/Plugins")
     (synopsis "Extensions for the Eye of GNOME image viewer")
@@ -7451,17 +7451,18 @@ configurable file renaming. ")
 (define-public workrave
   (package
     (name "workrave")
-    (version "1.10.21")
+    (version "1.10.23")
     (source
      (origin
        (method git-fetch)
        (uri (git-reference
              (url "https://github.com/rcaelers/workrave.git")
-             (commit (string-map (match-lambda (#\_ #\.) (chr chr)) version))))
+             (commit (string-append "v" (string-map
+                                         (match-lambda (#\. #\_) (chr chr))
+                                         version)))))
        (file-name (git-file-name name version))
        (sha256
-        (base32
-         "150qca8c552fakjlzkgarsxgp87l1xcwn19svqsa9d0cygqxjgia"))))
+        (base32 "1qhlwfhwk5agv4904d6bsf83k9k89q7bms6agg967vsca4905vcw"))))
     (build-system glib-or-gtk-build-system)
     (propagated-inputs `(("glib" ,glib)
                          ("gtk+" ,gtk+)
diff --git a/gnu/packages/gnucash.scm b/gnu/packages/gnucash.scm
index 8f1bc20bc2..2207dd3fae 100644
--- a/gnu/packages/gnucash.scm
+++ b/gnu/packages/gnucash.scm
@@ -261,7 +261,7 @@ to be read using the GNOME Yelp program.")
        ("gtk+" ,gtk+)))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
-    (home-page "http://www.aquamaniac.de/sites/aqbanking/index.php")
+    (home-page "https://www.aquamaniac.de/sites/aqbanking/index.php")
     (synopsis "Utility library for networking and security applications")
     (description
      "This package provides a helper library for networking and security
@@ -301,7 +301,7 @@ applications and libraries.  It is used by AqBanking.")
     (native-inputs
      `(("pkg-config" ,pkg-config)
        ("libltdl" ,libltdl)))
-    (home-page "http://www.aquamaniac.de/sites/aqbanking/index.php")
+    (home-page "https://www.aquamaniac.de/sites/aqbanking/index.php")
     (synopsis "Interface for online banking tasks")
     (description
      "AqBanking is a modular and generic interface to online banking tasks,
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index f60f8070ea..16ed207cb1 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -9,6 +9,7 @@
 ;;; Copyright © 2017 Nils Gillmann <ng0@n0.is>
 ;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2019 Ivan Petkov <ivanppetkov@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -866,8 +867,6 @@ from forcing GEXP-PROMISE."
        ;; practice somehow.  See <http://hydra.gnu.org/build/378133>.
        #:validate-runpath? #f
 
-       #:imported-modules ,%cargo-build-system-modules ;for `generate-checksums'
-
        #:configure-flags `("--enable-default-toolkit=cairo-gtk3"
 
                            "--with-distribution-id=org.gnu"
@@ -939,6 +938,8 @@ from forcing GEXP-PROMISE."
                            ;; "--with-system-png"
                            )
 
+       #:imported-modules ,%cargo-utils-modules ;for `generate-checksums'
+
        #:modules ((ice-9 ftw)
                   (ice-9 rdelim)
                   (ice-9 match)
@@ -978,7 +979,7 @@ from forcing GEXP-PROMISE."
              (invoke "sh" "-c" "autoconf old-configure.in > old-configure")))
          (add-after 'patch-source-shebangs 'patch-cargo-checksums
            (lambda _
-             (use-modules (guix build cargo-build-system))
+             (use-modules (guix build cargo-utils))
              (let ((null-file "/dev/null")
                    (null-hash "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855"))
                (substitute* '("Cargo.lock" "servo/Cargo.lock")
diff --git a/gnu/packages/kde-frameworks.scm b/gnu/packages/kde-frameworks.scm
index 6a8d27f34e..2ae5feaf52 100644
--- a/gnu/packages/kde-frameworks.scm
+++ b/gnu/packages/kde-frameworks.scm
@@ -4,7 +4,7 @@
 ;;; Copyright © 2016-2019 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2016 David Craven <david@craven.ch>
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
-;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2019 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -3014,7 +3014,7 @@ types or handled by application specific code.")
               (uri (string-append
                     "mirror://kde/stable/frameworks/"
                     (version-major+minor version) "/"
-                    name "-" version ".tar.xz"))
+                    "ktexteditor-" version ".tar.xz"))
               (sha256
                (base32
                 "0b5zqhm5aw7jj7dj600xa674ik11gwyzamhyz5962xhvsg5pyjwx"))))
@@ -3076,7 +3076,8 @@ types or handled by application specific code.")
              (let ((kst5 (string-append (assoc-ref outputs "out")
                                         "/share/kservicetypes5/")))
                (symlink (string-append kst5 "ktexteditorplugin.desktop")
-                        (string-append kst5 "ktexteditor-plugin.desktop"))))))))
+                        (string-append kst5 "ktexteditor-plugin.desktop"))
+               #t))))))
     (home-page "https://community.kde.org/Frameworks")
     (synopsis "Full text editor component")
     (description "KTextEditor provides a powerful text editor component that you
diff --git a/gnu/packages/libedit.scm b/gnu/packages/libedit.scm
index 095749e868..b5e20f30f8 100644
--- a/gnu/packages/libedit.scm
+++ b/gnu/packages/libedit.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2015 Federico Beffa <beffa@fbengineering.ch>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2019 Gábor Boskovits <boskovits@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -28,7 +29,7 @@
 (define-public libedit
   (package
     (name "libedit")
-    (version "20180525-3.1")
+    (version "20181209-3.1")
     (source
      (origin
       (method url-fetch)
@@ -36,7 +37,7 @@
                           "/" name "-" version ".tar.gz"))
       (sha256
        (base32
-        "05iicng4kag5hxdc7adbyj1gm3qbmvcc33m9cyx5gys0s67yl6y4"))))
+        "0r0hc4lg71xnn0vrrk2g7is42i0k0dra7cbw3fljq3q01c6df498"))))
     (build-system gnu-build-system)
     (inputs
      `(("ncurses" ,ncurses)))
diff --git a/gnu/packages/libunwind.scm b/gnu/packages/libunwind.scm
index 578154f70d..588b5dd314 100644
--- a/gnu/packages/libunwind.scm
+++ b/gnu/packages/libunwind.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2019 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -27,14 +28,14 @@
 (define-public libunwind
   (package
     (name "libunwind")
-    (version "1.2.1")
+    (version "1.3.1")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://savannah/libunwind/libunwind-"
                                  version ".tar.gz"))
              (sha256
               (base32
-               "1jsslwkilwrsj959dc8b479qildawz67r8m4lzxm7glcwa8cngiz"))))
+               "1y0l08k6ak1mqbfj6accf9s5686kljwgsl4vcqpxzk5n74wpm6a3"))))
     (build-system gnu-build-system)
     (arguments
      ;; FIXME: As of glibc 2.25, we get 1 out of 34 test failures (2 are
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 9b417bc515..53b15b414a 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -413,8 +413,8 @@ for ARCH and optionally VARIANT, or #f if there is no such configuration."
 It has been modified to remove all non-free binary blobs.")
     (license license:gpl2)))
 
-(define %linux-libre-version "4.20.12")
-(define %linux-libre-hash "16w52g5s7qhvmmz3srai1myl8949nxv6cqybiw3wx3mwcvp95mlh")
+(define %linux-libre-version "4.20.13")
+(define %linux-libre-hash "00rqdsqyz0csdblcmifyhkgzvsmnqsh090i6h30146rsf3707xad")
 
 (define %linux-libre-4.20-patches
   (list %boot-logo-patch
@@ -427,8 +427,8 @@ It has been modified to remove all non-free binary blobs.")
                     #:patches %linux-libre-4.20-patches
                     #:configuration-file kernel-config))
 
-(define %linux-libre-4.19-version "4.19.25")
-(define %linux-libre-4.19-hash "0kg8gibmyihh4lr7ksp8szrs0jx5sr2g56szm69lff1zmsywpqc6")
+(define %linux-libre-4.19-version "4.19.26")
+(define %linux-libre-4.19-hash "0xp1hqcwimyvzzbci741vymc8mrgk3cycv8l020zas1dfw5wn48c")
 
 (define %linux-libre-4.19-patches
   (list %boot-logo-patch
@@ -441,8 +441,8 @@ It has been modified to remove all non-free binary blobs.")
                     #:patches %linux-libre-4.19-patches
                     #:configuration-file kernel-config))
 
-(define %linux-libre-4.14-version "4.14.103")
-(define %linux-libre-4.14-hash "05zcb7kaj6cni4v0s0qdywwrqzlr63mkqbhxkbmrjz4blxxxdszg")
+(define %linux-libre-4.14-version "4.14.104")
+(define %linux-libre-4.14-hash "0x7jzazl0yzdc9m1ycwcywjpj6w30mabks4qs9asdy5622282b4v")
 
 (define-public linux-libre-4.14
   (make-linux-libre %linux-libre-4.14-version
@@ -451,8 +451,8 @@ It has been modified to remove all non-free binary blobs.")
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.9
-  (make-linux-libre "4.9.160"
-                    "1j3z3kn4n9vm7fkzb63ddmxba9r2pm623kar1jn7i5xsd1vz4qr9"
+  (make-linux-libre "4.9.161"
+                    "0r35qlc8yj9svryv0v91j134vr35d23sz5aj7f2h8c99iakbm6zw"
                     '("x86_64-linux" "i686-linux")
                     #:configuration-file kernel-config))
 
@@ -1572,16 +1572,14 @@ devices.  It replaces @code{iwconfig}, which is deprecated.")
 (define-public powertop
   (package
     (name "powertop")
-    (version "2.9")
+    (version "2.10")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append
-             "https://01.org/sites/default/files/downloads/powertop/powertop-v"
-             version ".tar.gz"))
+       (uri (string-append "https://01.org/sites/default/files/downloads/"
+                           "powertop-v" version ".tar.gz"))
        (sha256
-        (base32
-         "0l4jjlf05li2mc6g8nrss3h435wjhmnqd8m7v3kha3x0x7cbfzxa"))))
+        (base32 "0xaazqccyd42v2q532dxx40nqhb9sfsa6cyx8641rl57mfg4bdyk"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -2702,14 +2700,14 @@ isolation or root privileges.")
 (define-public hdparm
   (package
     (name "hdparm")
-    (version "9.56")
+    (version "9.58")
     (source (origin
               (method url-fetch)
-              (uri (string-append "mirror://sourceforge/" name "/" name "/"
-                                  name "-" version ".tar.gz"))
+              (uri (string-append "mirror://sourceforge/hdparm/hdparm/"
+                                  "hdparm-" version ".tar.gz"))
               (sha256
                (base32
-                "1np42qyhb503khvacnjcl3hb1dqly68gj0a1xip3j5qhbxlyvybg"))))
+                "03z1qm8zbgpxagk3994lvp24yqsshjibkwg05v9p3q1w7y48xrws"))))
     (build-system gnu-build-system)
     (arguments
      `(#:make-flags (let ((out (assoc-ref %outputs "out")))
@@ -4130,15 +4128,15 @@ interface to the variable facility of UEFI boot firmware.")
     (version "16")
     (source (origin
               (method url-fetch)
-              (uri (string-append "https://github.com/rhinstaller/" name
-                                  "/releases/download/" version "/" name
+              (uri (string-append "https://github.com/rhinstaller/efibootmgr"
+                                  "/releases/download/" version "/efibootmgr"
                                   "-" version ".tar.bz2"))
               (sha256
                (base32
                 "0pzn67vxxaf7jna4cd0i4kqm60h04kb21hckksv9z82q9gxra1wm"))))
     (build-system gnu-build-system)
     (arguments
-     `(#:tests? #f ; No tests.
+     `(#:tests? #f ;no tests
        #:make-flags (list (string-append "prefix=" %output)
                           (string-append "libdir=" %output "/lib")
                           ;; EFIDIR denotes a subdirectory relative to the
@@ -4146,11 +4144,7 @@ interface to the variable facility of UEFI boot firmware.")
                           ;; installed (known as OS_VENDOR in the code).
                           ;; GRUB overrides this, as such it's only used if
                           ;; nothing else is specified on the command line.
-                          "EFIDIR=gnu"
-                          ;; Override CFLAGS to add efivar include directory.
-                          (string-append "CFLAGS=-O2 -g -flto -I"
-                                         (assoc-ref %build-inputs "efivar")
-                                         "/include/efivar"))
+                          "EFIDIR=gnu")
        #:phases (modify-phases %standard-phases (delete 'configure))))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
diff --git a/gnu/packages/lisp.scm b/gnu/packages/lisp.scm
index 5aad298399..3d43b7c509 100644
--- a/gnu/packages/lisp.scm
+++ b/gnu/packages/lisp.scm
@@ -318,14 +318,14 @@ an interpreter, a compiler, a debugger, and much more.")
 (define-public sbcl
   (package
     (name "sbcl")
-    (version "1.4.13")
+    (version "1.4.16")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "mirror://sourceforge/sbcl/sbcl/" version "/sbcl-"
                            version "-source.tar.bz2"))
        (sha256
-        (base32 "120rnnz8367lk7ljqlf8xidm4b0d738xqsib4kq0q5ms5r7fzgvm"))
+        (base32 "1myg4wkxnbfn5nz38xy62r1jhjy07x3h0b04vg858n41chdsv4wd"))
        (modules '((guix build utils)))
        (snippet
         ;; Add sbcl-bundle-systems to 'default-system-source-registry'.
diff --git a/gnu/packages/lxqt.scm b/gnu/packages/lxqt.scm
index a37d2a1dd5..9813005a34 100644
--- a/gnu/packages/lxqt.scm
+++ b/gnu/packages/lxqt.scm
@@ -4,7 +4,7 @@
 ;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Nils Gillmann <ng0@n0.is>
-;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018 Meiyo Peng <meiyo.peng@gmail.com>
 ;;; Copyright © 2018 Ricardo Wurmus <rekado@elephly.net>
 ;;;
@@ -128,8 +128,9 @@ to statistics about the system on which it's run.")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "https://github.com/lxqt/" name "/releases/download/"
-                           version "/" name "-" version ".tar.xz"))
+       (uri (string-append "https://github.com/lxqt/lxqt-build-tools/releases"
+                           "/download/" version
+                           "/lxqt-build-tools-" version ".tar.xz"))
        (sha256
         (base32 "13b5x26p6ycnwzlgg1cgvlc88wjrjmlb3snrrmzh0xgh9h6hhvd6"))))
     (build-system cmake-build-system)
@@ -161,8 +162,8 @@ itself as well as other components maintained by the LXQt project.")
      (origin
        (method url-fetch)
        (uri (string-append
-             "https://github.com/lxqt/" name "/releases/download/"
-             version "/" name "-" version ".tar.xz"))
+             "https://github.com/lxqt/libqtxdg/releases/download/"
+             version "/libqtxdg-" version ".tar.xz"))
        (sha256
         (base32 "0lq548pa69hfvnbj2ypba5ygm8n6v6g7bqqm8p5g538l1l3394cl"))))
     (build-system cmake-build-system)
@@ -1149,8 +1150,8 @@ QTermWidget.")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "https://github.com/lxqt/" name "/releases/download/"
-                           version "/" name "-" version ".tar.xz"))
+       (uri (string-append "https://github.com/lxqt/screengrab/releases/download/"
+                           version "/screengrab-" version ".tar.xz"))
        (sha256
         (base32 "17y8rsx9fixvxv2byq8d6c01vry10nv07f8jy85vz7zp4f0rgzz3"))))
     (build-system cmake-build-system)
diff --git a/gnu/packages/man.scm b/gnu/packages/man.scm
index 7a81caf19f..fdb6e723fc 100644
--- a/gnu/packages/man.scm
+++ b/gnu/packages/man.scm
@@ -4,7 +4,7 @@
 ;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018, 2019 Rutger Helling <rhelling@mykolab.com>
 ;;; Copyright © 2018, 2019 Marius Bakke <mbakke@fastmail.com>
 ;;;
@@ -40,7 +40,7 @@
 (define-public libpipeline
   (package
     (name "libpipeline")
-    (version "1.5.0")
+    (version "1.5.1")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -48,7 +48,7 @@
                     version ".tar.gz"))
               (sha256
                (base32
-                "0avg525wvifcvjrwa6i1r6kvahmsswj0mpxrsxzzdzra9wpf2whd"))))
+                "0bwh5xz5f2czwb7f564jz1mp4znm8pldnvf65fs0hpw4gmmp0cyn"))))
     (build-system gnu-build-system)
     (home-page "http://libpipeline.nongnu.org/")
     (synopsis "C library for manipulating pipelines of subprocesses")
diff --git a/gnu/packages/markup.scm b/gnu/packages/markup.scm
index 20da258029..67f2bf2881 100644
--- a/gnu/packages/markup.scm
+++ b/gnu/packages/markup.scm
@@ -114,7 +114,7 @@ convert it to structurally valid XHTML (or HTML).")
              (method url-fetch)
              (uri (string-append
                    "http://www.pell.portland.or.us/~orc/Code/"
-                   name "/" name "-" version ".tar.bz2"))
+                   "discount/discount-" version ".tar.bz2"))
              (sha256
               (base32
                "199hwajpspqil0a4y3yxsmhdp2dm73gqkzfk4mrwzsmlq8y1xzbl"))))
diff --git a/gnu/packages/mastodon.scm b/gnu/packages/mastodon.scm
new file mode 100644
index 0000000000..028745f681
--- /dev/null
+++ b/gnu/packages/mastodon.scm
@@ -0,0 +1,66 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2019 Efraim Flashner <efraim@flashner.co.il>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages mastodon)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix build-system python)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (gnu packages check)
+  #:use-module (gnu packages python-web)
+  #:use-module (gnu packages python-xyz)
+)
+
+(define-public toot
+  (package
+    (name "toot")
+    (version "0.21.0")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (pypi-uri "toot" version))
+        (sha256
+         (base32
+          "1dqv5jckaw3r7dnfns3iygwbfnf27x513qrw2rryzl5y79xrzs1x"))))
+    (build-system python-build-system)
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (delete 'check)
+         (add-after 'install 'check
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (add-installed-pythonpath inputs outputs)
+             (invoke "py.test"))))))
+    (native-inputs
+     `(("python-pytest" ,python-pytest)))
+    (propagated-inputs
+     `(("python-beautifulsoup4" ,python-beautifulsoup4)
+       ("python-requests" ,python-requests)
+       ("python-wcwidth" ,python-wcwidth)))
+    (home-page "https://github.com/ihabunek/toot/")
+    (synopsis "Mastodon CLI client")
+    (description "Interact with Mastodon social network from the command line.
+Features include:
+@itemize
+@item Posting, replying, deleting statuses
+@item Support for media uploads, spoiler text, sensitive content
+@item Search by account or hash tag
+@item Following, muting and blocking accounts
+@item Simple switching between authenticated in Mastodon accounts
+@end itemize")
+    (license license:gpl3)))
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index de0308bb0a..c4e9328071 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -1797,14 +1797,14 @@ scientific applications modeled by partial differential equations.")
 (define-public python-petsc4py
   (package
     (name "python-petsc4py")
-    (version "3.10.0")
+    (version "3.10.1")
     (source
       (origin
         (method url-fetch)
         (uri (pypi-uri "petsc4py" version))
         (sha256
           (base32
-            "0ch3g6dsvxl7qi984fcssv7cxfbif4bw04gkvxl2l1b8wrmvrm25"))))
+            "094hcnran0r2z1wlvmjswsz3ski1m9kqrl5l0ax8jjhnk55x0flh"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
@@ -3669,9 +3669,6 @@ set.")
        ("texlive" ,(texlive-union (list texlive-generic-xypic
                                         texlive-fonts-xypic
                                         texlive-latex-hyperref
-                                        texlive-latex-oberdiek
-                                        texlive-generic-ifxetex
-                                        texlive-latex-url
                                         texlive-bibtex)))
        ("ghostscript" ,ghostscript)))
     (inputs
diff --git a/gnu/packages/mc.scm b/gnu/packages/mc.scm
index 260ac93342..ecac5412e4 100644
--- a/gnu/packages/mc.scm
+++ b/gnu/packages/mc.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016, 2017 Nils Gillmann <ng0@n0.is>
-;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -37,15 +37,14 @@
 (define-public mc
   (package
     (name "mc")
-    (version "4.8.20")
+    (version "4.8.22")
     (source
      (origin
       (method url-fetch)
       (uri (string-append "http://ftp.midnight-commander.org/mc-"
                           version ".tar.xz"))
       (sha256
-       (base32
-        "072h7n9b3j79fqn48xaw0xhlcjavpsmfpz6nyh20lhmfz3sffzh1"))))
+       (base32 "060kh3dmk8fmmsibn1l815qjazzfxzbhgqggrhncz604pbbnhy7f"))))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)
                      ("perl" ,perl)))
@@ -89,6 +88,11 @@
                (substitute* (list "rpm.custom.output"
                                   "rpm.glib.output")
                  (("      0        0") "<<uid>>  <<gid>>")))
+             ;; XXX ERROR:mc_realpath.c:99:realpath_test: assertion failed
+             ;; (resolved_path == data->expected_string): ("" == "/usr/bin")
+             (substitute* "tests/lib/mc_realpath.c"
+               (("/usr/bin") "/")
+               (("usr/bin") "/"))
              #t)))))
     (home-page "https://www.midnight-commander.org")
     (synopsis "Graphical file manager")
diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm
index 674a02937b..ae22218675 100644
--- a/gnu/packages/messaging.scm
+++ b/gnu/packages/messaging.scm
@@ -683,7 +683,7 @@ end-to-end encryption support; XML console.")
 (define-public gajim-omemo
   (package
     (name "gajim-omemo")
-    (version "2.6.26")
+    (version "2.6.27")
     (source (origin
               (method url-fetch/zipbomb)
               (uri (string-append
@@ -691,7 +691,7 @@ end-to-end encryption support; XML console.")
                     version ".zip"))
               (sha256
                (base32
-                "0amqlmnsijz60s0wwkp7bzix60v5p6khqcdsd6qcwawxq5pdayw0"))))
+                "1zy8a6pp8q9qjjxwsa4s2r9h20vs077xk59ycwy9lrfd8x79zw69"))))
     (build-system trivial-build-system)
     (arguments
      `(#:modules ((guix build utils))
diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index 35958eee96..aa001ffe34 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -290,7 +290,7 @@ score, keyboard, guitar, drum and controller views.")
          ("sqlite" ,sqlite-with-column-metadata)
          ("sparsehash" ,sparsehash)
          ("taglib" ,taglib)))
-      (home-page "http://clementine-player.org")
+      (home-page "https://clementine-player.org")
       (synopsis "Music player and library organizer")
       (description "Clementine is a multiplatform music player.  It is inspired
 by Amarok 1.4, focusing on a fast and easy-to-use interface for searching and
@@ -1955,14 +1955,14 @@ browser.")
 (define-public drumstick
   (package
     (name "drumstick")
-    (version "1.1.1")
+    (version "1.1.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/drumstick/"
                                   version "/drumstick-" version ".tar.bz2"))
               (sha256
                (base32
-                "0avwxr6n9ra7narxc5lmkhdqi8ix10gmif8rpd06wp4g9iv46xrn"))))
+                "0kljqyqj7s1i2z52i24x7ail1bywn6dcxxfbad5c59drm8wv94bp"))))
     (build-system cmake-build-system)
     (arguments
      `(#:tests? #f                      ; no test target
@@ -3637,7 +3637,7 @@ audio samples and various soft sythesizers.  It can receive input from a MIDI ke
 (define-public musescore
   (package
     (name "musescore")
-    (version "3.0.2")
+    (version "3.0.3")
     (source (origin
               (method git-fetch)
               (uri (git-reference
@@ -3646,7 +3646,7 @@ audio samples and various soft sythesizers.  It can receive input from a MIDI ke
               (file-name (git-file-name name version))
               (sha256
                (base32
-                "1w9il6gg0dh4yi20nbdcibx5z5z4bvzppq8wsqf1l916hnczsj3s"))
+                "1drgmivqs2c5xck7dy5y9xf41wfnnj7n84069h273q96b783cx3f"))
               (modules '((guix build utils)))
               (snippet
                ;; Un-bundle OpenSSL and remove unused libraries.
@@ -3660,17 +3660,14 @@ audio samples and various soft sythesizers.  It can receive input from a MIDI ke
                             '("thirdparty/freetype"
                               "thirdparty/openssl"
                               "thirdparty/portmidi"))
-                  #t))
-              ;; Fix compilation error due to BUILD_WEBENGINE CMake option not
-              ;; properly handled.  Applied upstream already:
-              ;; <https://github.com/musescore/MuseScore/commit/bb0c1a9b4940f3f6b52c0df535289ec8a3bc9e03>
-              (patches (search-patches "musescore-fix-use_webengine.patch"))))
+                  #t))))
     (build-system cmake-build-system)
     (arguments
      `(#:configure-flags
-       `("-DUSE_SYSTEM_FREETYPE=ON"
+       `("-DBUILD_CRASH_REPORTER=OFF"
          "-DBUILD_WEBENGINE=OFF"
-         "-DDOWNLOAD_SOUNDFONT=OFF")
+         "-DDOWNLOAD_SOUNDFONT=OFF"
+         "-DUSE_SYSTEM_FREETYPE=ON")
        ;; There are tests, but no simple target to run.  The command used to
        ;; run them is:
        ;;
diff --git a/gnu/packages/netpbm.scm b/gnu/packages/netpbm.scm
index 9c0e970257..7fe0503d6f 100644
--- a/gnu/packages/netpbm.scm
+++ b/gnu/packages/netpbm.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2019 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -52,6 +53,8 @@
             (sha256
               (base32
                "1k7as9qi1942wyjxpvbf02wg0h4braw44m3m3vvi8sm9y5z1m967"))
+            (patches (search-patches "netpbm-CVE-2017-2586.patch"
+                                     "netpbm-CVE-2017-2587.patch"))
             (file-name (string-append name "-" version "-checkout"))
             (modules '((guix build utils)))
             (snippet
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index ab253013bf..d43bf619d9 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -416,14 +416,14 @@ receiving NDP messages.")
 (define-public ethtool
   (package
     (name "ethtool")
-    (version "4.17")
+    (version "4.19")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://kernel.org/software/network/"
-                                  name "/" name "-" version ".tar.xz"))
+                                  "ethtool/ethtool-" version ".tar.xz"))
               (sha256
                (base32
-                "11f5503mgcwjn1q4dvhjiqwnw3zmp2gbhirjvgfr71y72ys1wsy4"))))
+                "1j6hyr809af2m3gqm11hdfwks5kljqy1ikspq3d9rhj29qv6r2mi"))))
     (build-system gnu-build-system)
     (home-page "https://www.kernel.org/pub/software/network/ethtool/")
     (synopsis "Display or change Ethernet device settings")
@@ -662,15 +662,14 @@ network frames.")
 (define-public fping
   (package
     (name "fping")
-    (version "4.1")
+    (version "4.2")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://fping.org/dist/fping-"
                            version ".tar.gz"))
        (sha256
-        (base32
-         "0wxbvm480vij8dy4v1pi8f0c7010rx6bidg3qhsvkdf2ijhy4cr7"))))
+        (base32 "0jmnf4vmr43aiwk3h2b5qdsb95gxar8gz1yli8fswnm9nrs9ccvx"))))
     (build-system gnu-build-system)
     (home-page "https://fping.org/")
     (synopsis "Send ICMP ECHO_REQUEST packets to network hosts")
@@ -1997,15 +1996,14 @@ eight bytes) tools
 (define-public asio
   (package
     (name "asio")
-    (version "1.12.1")
+    (version "1.12.2")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "mirror://sourceforge/asio/asio/"
-                           version " (Stable)/" name "-" version ".tar.bz2"))
+                           version " (Stable)/asio-" version ".tar.bz2"))
        (sha256
-        (base32
-         "0nln45662kg799ykvqx5m9z9qcsmadmgg6r5najryls7x16in2d9"))))
+        (base32 "1akray4l3hgahmb92sbvsqg128c7g7s92jrkf1sp1fjnfjrxq9sf"))))
     (build-system gnu-build-system)
     (inputs
      `(("boost" ,boost)
diff --git a/gnu/packages/opencl.scm b/gnu/packages/opencl.scm
index a90b17cee3..fc9c11caa5 100644
--- a/gnu/packages/opencl.scm
+++ b/gnu/packages/opencl.scm
@@ -289,6 +289,8 @@ Haswell, Skylake, Apollolake, etc.  It defines and implements the OpenCL host
 functions required to initialize the device, create the command queues, the
 kernels and the programs, and run them on the GPU.  The code also contains a
 back-end for the LLVM compiler framework.")
+    ;; Beignet only supports Intel processors.
+    (supported-systems '("x86_64-linux" "i686-linux"))
     (license license:lgpl2.1+)))
 
 (define-public pocl
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 477e977bb2..5a455ac116 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -548,13 +548,13 @@ transactions from C or Python.")
 (define-public diffoscope
   (package
     (name "diffoscope")
-    (version "111")
+    (version "112")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri name version))
               (sha256
                (base32
-                "0sgqx3n0ny75bvcw10pfx61z67mdk5hx3mblw4gqnn2h9vc74qz1"))))
+                "00ry8iczfv85qyfxmarxpgdq2h5jfj41z8sl9005brk937a7p2fk"))))
     (build-system python-build-system)
     (arguments
      `(#:phases (modify-phases %standard-phases
diff --git a/gnu/packages/patches/musescore-fix-use_webengine.patch b/gnu/packages/patches/musescore-fix-use_webengine.patch
deleted file mode 100644
index b0b8216a42..0000000000
--- a/gnu/packages/patches/musescore-fix-use_webengine.patch
+++ /dev/null
@@ -1,165 +0,0 @@
-From bb0c1a9b4940f3f6b52c0df535289ec8a3bc9e03 Mon Sep 17 00:00:00 2001
-From: Dmitri Ovodok <dmitrio95@yandex.ru>
-Date: Mon, 4 Feb 2019 21:35:25 +0300
-Subject: [PATCH] Fix build without USE_WEBENGINE and SCRIPT_INTERFACE
-
-Old-style login dialog is used if USE_WEBENGINE is turned off
----
- mscore/logindialog.h            |  2 ++
- mscore/musescore.cpp            |  4 +++-
- mscore/network/loginmanager.cpp | 13 +++++++++++--
- mscore/network/loginmanager.h   |  4 ++++
- mscore/network/loginmanager_p.h |  4 ++++
- 5 files changed, 24 insertions(+), 3 deletions(-)
-
-diff --git a/mscore/logindialog.h b/mscore/logindialog.h
-index 4e86ae7985..f44511d8c0 100644
---- a/mscore/logindialog.h
-+++ b/mscore/logindialog.h
-@@ -21,6 +21,8 @@ class LoginManager;
- 
- //---------------------------------------------------------
- //   LoginDialog
-+//    Old-style login dialog in case QtWebEngine is
-+//    unavailable.
- //---------------------------------------------------------
- 
- class LoginDialog : public QDialog, public Ui::LoginDialog
-diff --git a/mscore/musescore.cpp b/mscore/musescore.cpp
-index 80c712aea9..5bb8354992 100644
---- a/mscore/musescore.cpp
-+++ b/mscore/musescore.cpp
-@@ -7572,12 +7572,14 @@ bool MuseScore::exportPartsPdfsToJSON(const QString& inFilePath, const QString&
-       }
- 
- //---------------------------------------------------------
--//   getQmlEngine
-+//   getPluginEngine
- //---------------------------------------------------------
- 
-+#ifdef SCRIPT_INTERFACE
- QmlPluginEngine* MuseScore::getPluginEngine()
-       {
-       if (!_qmlEngine)
-             _qmlEngine = new QmlPluginEngine(this);
-       return _qmlEngine;
-       }
-+#endif
-diff --git a/mscore/network/loginmanager.cpp b/mscore/network/loginmanager.cpp
-index a53d7fe811..664786ccc8 100644
---- a/mscore/network/loginmanager.cpp
-+++ b/mscore/network/loginmanager.cpp
-@@ -18,7 +18,9 @@
- #include "kQOAuth/kqoauthrequest.h"
- #include "kQOAuth/kqoauthrequest_xauth.h"
- 
-+#ifdef USE_WEBENGINE
- #include <QWebEngineCookieStore>
-+#endif
- 
- namespace Ms {
- 
-@@ -286,8 +288,11 @@ void LoginManager::onTryLoginError(const QString& error)
-       disconnect(this, SIGNAL(getUserError(QString)), this, SLOT(onTryLoginError(QString)));
-       connect(this, SIGNAL(loginSuccess()), this, SLOT(tryLogin()));
-       logout();
-+#ifdef USE_WEBENGINE
-       loginInteractive();
--//       mscore->showLoginDialog(); // TODO: switch depending on USE_WEBENGINE
-+#else
-+      mscore->showLoginDialog();
-+#endif
-       }
- /*------- END - TRY LOGIN ROUTINES ----------------------------*/
- 
-@@ -295,6 +300,7 @@ void LoginManager::onTryLoginError(const QString& error)
- //   loginInteractive
- //---------------------------------------------------------
- 
-+#ifdef USE_WEBENGINE
- void LoginManager::loginInteractive()
-       {
-       QWebEngineView* webView = new QWebEngineView;
-@@ -326,6 +332,7 @@ void LoginManager::loginInteractive()
-       webView->load(ApiInfo::loginUrl);
-       webView->show();
-       }
-+#endif
- 
- //---------------------------------------------------------
- //   login
-@@ -346,7 +353,7 @@ void LoginManager::login(QString login, QString password)
-       connect(reply, &QNetworkReply::finished, this, [this, reply] {
-             onReplyFinished(reply, RequestType::LOGIN);
-             });
--     }
-+      }
- 
- //---------------------------------------------------------
- //   onLoginSuccessReply
-@@ -874,6 +881,7 @@ ApiRequest ApiRequestBuilder::build() const
- //    musescore.com
- //---------------------------------------------------------
- 
-+#ifdef USE_WEBENGINE
- void ApiWebEngineRequestInterceptor::interceptRequest(QWebEngineUrlRequestInfo& request)
-       {
-       const ApiInfo& apiInfo = ApiInfo::instance();
-@@ -881,4 +889,5 @@ void ApiWebEngineRequestInterceptor::interceptRequest(QWebEngineUrlRequestInfo&
-       request.setHttpHeader(apiInfo.clientIdHeader, apiInfo.clientId);
-       request.setHttpHeader(apiInfo.apiKeyHeader, apiInfo.apiKey);
-       }
-+#endif
- }
-diff --git a/mscore/network/loginmanager.h b/mscore/network/loginmanager.h
-index 584eeea30d..327d9fc966 100644
---- a/mscore/network/loginmanager.h
-+++ b/mscore/network/loginmanager.h
-@@ -13,6 +13,8 @@
- #ifndef __LOGINMANAGER_H__
- #define __LOGINMANAGER_H__
- 
-+#include "config.h"
-+
- namespace Ms {
- 
- //---------------------------------------------------------
-@@ -83,7 +85,9 @@ class LoginManager : public QObject
-    public:
-       LoginManager(QAction* uploadAudioMenuAction, QObject* parent = 0);
-       void login(QString login, QString password);
-+#ifdef USE_WEBENGINE
-       void loginInteractive();
-+#endif
-       void upload(const QString& path, int nid, const QString& title, const QString& description, const QString& priv, const QString& license, const QString& tags, const QString& changes);
-       bool hasAccessToken();
-       void getUser();
-diff --git a/mscore/network/loginmanager_p.h b/mscore/network/loginmanager_p.h
-index 88228a3958..2848dde35a 100644
---- a/mscore/network/loginmanager_p.h
-+++ b/mscore/network/loginmanager_p.h
-@@ -20,6 +20,8 @@
- #ifndef __LOGINMANAGER_P_H__
- #define __LOGINMANAGER_P_H__
- 
-+#include "config.h"
-+
- namespace Ms {
- 
- //---------------------------------------------------------
-@@ -102,6 +104,7 @@ class ApiRequestBuilder
- //   ApiWebEngineRequestInterceptor
- //---------------------------------------------------------
- 
-+#ifdef USE_WEBENGINE
- class ApiWebEngineRequestInterceptor : public QWebEngineUrlRequestInterceptor
-       {
-       Q_OBJECT
-@@ -109,6 +112,7 @@ class ApiWebEngineRequestInterceptor : public QWebEngineUrlRequestInterceptor
-       ApiWebEngineRequestInterceptor(QObject* parent) : QWebEngineUrlRequestInterceptor(parent) {}
-       void interceptRequest(QWebEngineUrlRequestInfo& info) override;
-       };
-+#endif
- 
- //---------------------------------------------------------
- //   HttpStatus
diff --git a/gnu/packages/patches/netpbm-CVE-2017-2586.patch b/gnu/packages/patches/netpbm-CVE-2017-2586.patch
new file mode 100644
index 0000000000..99921870af
--- /dev/null
+++ b/gnu/packages/patches/netpbm-CVE-2017-2586.patch
@@ -0,0 +1,21 @@
+From: Tobias Geerinckx-Rice <me@tobias.gr>
+Date: Thu, 28 Feb 2019 20:29:00 +0100
+Subject: [PATCH] netpbm: Fix CVE-2017-2586.
+
+Copied verbatim from Debian[0].
+
+[0]: https://sources.debian.org/data/main/n/netpbm-free/2:10.78.05-0.1/debian/patches/netpbm-CVE-2017-2586.patch
+
+---
+diff -urNp old/converter/other/svgtopam.c new/converter/other/svgtopam.c
+--- old/converter/other/svgtopam.c	2017-02-08 12:11:02.593690917 +0100
++++ new/converter/other/svgtopam.c	2017-02-08 12:13:05.192846469 +0100
+@@ -676,7 +676,7 @@ stringToUint(const char *   const string
+ 
+     /* TODO: move this to nstring.c */
+ 
+-    if (strlen(string) == 0)
++    if (string == NULL || strlen(string) == 0)
+         pm_asprintf(errorP, "Value is a null string");
+     else {
+         char * tailptr;
diff --git a/gnu/packages/patches/netpbm-CVE-2017-2587.patch b/gnu/packages/patches/netpbm-CVE-2017-2587.patch
new file mode 100644
index 0000000000..70fa508f60
--- /dev/null
+++ b/gnu/packages/patches/netpbm-CVE-2017-2587.patch
@@ -0,0 +1,35 @@
+From: Tobias Geerinckx-Rice <me@tobias.gr>
+Date: Thu, 28 Feb 2019 20:29:00 +0100
+Subject: [PATCH] netpbm: Fix CVE-2017-2587.
+
+Copied verbatim from Debian[0].
+
+[0]: https://sources.debian.org/data/main/n/netpbm-free/2:10.78.05-0.1/debian/patches/netpbm-CVE-2017-2587.patch
+
+---
+diff -urNp old/converter/other/svgtopam.c new/converter/other/svgtopam.c
+--- old/converter/other/svgtopam.c	2017-02-08 12:11:02.593690917 +0100
++++ new/converter/other/svgtopam.c	2017-02-08 13:49:38.319029371 +0100
+@@ -771,12 +771,17 @@ createCanvas(unsigned int const width,
+ 
+     MALLOCVAR_NOFAIL(canvasP);
+ 
+-    canvasP->width  = width;
+-    canvasP->height = height;
+-    canvasP->pixels = ppm_allocarray(width, height);
+-    canvasP->maxval = maxval;
++    if(canvasP != NULL){
++        canvasP->width  = width;
++        canvasP->height = height;
++        canvasP->pixels = ppm_allocarray(width, height);
++        canvasP->maxval = maxval;
++
++        *canvasPP = canvasP;
++    } else {
++       pm_error("can't allocate memory for canvas");
++    }
+ 
+-    *canvasPP = canvasP;
+ }
+ 
+ 
diff --git a/gnu/packages/patches/openssl-CVE-2019-1559.patch b/gnu/packages/patches/openssl-CVE-2019-1559.patch
new file mode 100644
index 0000000000..3e630037b5
--- /dev/null
+++ b/gnu/packages/patches/openssl-CVE-2019-1559.patch
@@ -0,0 +1,60 @@
+From e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e Mon Sep 17 00:00:00 2001
+From: Matt Caswell <matt@openssl.org>
+Date: Fri, 14 Dec 2018 07:28:30 +0000
+Subject: [PATCH] Go into the error state if a fatal alert is sent or received
+
+If an application calls SSL_shutdown after a fatal alert has occured and
+then behaves different based on error codes from that function then the
+application may be vulnerable to a padding oracle.
+
+CVE-2019-1559
+
+Reviewed-by: Richard Levitte <levitte@openssl.org>
+---
+ ssl/d1_pkt.c |  1 +
+ ssl/s3_pkt.c | 10 +++++++---
+ 2 files changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
+index 23aa9db..c7fe977 100644
+--- a/ssl/d1_pkt.c
++++ b/ssl/d1_pkt.c
+@@ -1309,6 +1309,7 @@ int dtls1_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
+             ERR_add_error_data(2, "SSL alert number ", tmp);
+             s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+             SSL_CTX_remove_session(s->session_ctx, s->session);
++            s->state = SSL_ST_ERR;
+             return (0);
+         } else {
+             al = SSL_AD_ILLEGAL_PARAMETER;
+diff --git a/ssl/s3_pkt.c b/ssl/s3_pkt.c
+index 6527df8..830b723 100644
+--- a/ssl/s3_pkt.c
++++ b/ssl/s3_pkt.c
+@@ -1500,6 +1500,7 @@ int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek)
+             ERR_add_error_data(2, "SSL alert number ", tmp);
+             s->shutdown |= SSL_RECEIVED_SHUTDOWN;
+             SSL_CTX_remove_session(s->session_ctx, s->session);
++            s->state = SSL_ST_ERR;
+             return (0);
+         } else {
+             al = SSL_AD_ILLEGAL_PARAMETER;
+@@ -1719,9 +1720,12 @@ int ssl3_send_alert(SSL *s, int level, int desc)
+                                           * protocol_version alerts */
+     if (desc < 0)
+         return -1;
+-    /* If a fatal one, remove from cache */
+-    if ((level == 2) && (s->session != NULL))
+-        SSL_CTX_remove_session(s->session_ctx, s->session);
++    /* If a fatal one, remove from cache and go into the error state */
++    if (level == SSL3_AL_FATAL) {
++        if (s->session != NULL)
++            SSL_CTX_remove_session(s->session_ctx, s->session);
++        s->state = SSL_ST_ERR;
++    }
+ 
+     s->s3->alert_dispatch = 1;
+     s->s3->send_alert[0] = level;
+-- 
+2.7.4
+
diff --git a/gnu/packages/patches/wesnoth-newer-boost.patch b/gnu/packages/patches/wesnoth-newer-boost.patch
deleted file mode 100644
index d48a48e801..0000000000
--- a/gnu/packages/patches/wesnoth-newer-boost.patch
+++ /dev/null
@@ -1,46 +0,0 @@
-https://github.com/wesnoth/wesnoth/commit/f6a32792d023d182d350b5a2ed9e469ad67484c8.patch
-This should be able to be removed with wesnoth@1.14.6
-
-From f6a32792d023d182d350b5a2ed9e469ad67484c8 Mon Sep 17 00:00:00 2001
-From: Wedge009 <wedge009@wedge009.net>
-Date: Thu, 27 Dec 2018 08:15:10 +1100
-Subject: [PATCH] Use explicit casts to accommodate changes to boost's tribool
- in 1.69.
-
-(fixes #3646)
----
- src/units/frame.cpp | 8 ++++----
- 1 file changed, 4 insertions(+), 4 deletions(-)
-
-diff --git a/src/units/frame.cpp b/src/units/frame.cpp
-index 3215fa4fa79d..6370ad69566b 100644
---- a/src/units/frame.cpp
-+++ b/src/units/frame.cpp
-@@ -460,15 +460,15 @@ std::vector<std::string> frame_parsed_parameters::debug_strings() const
- 	}
- 
- 	if(!boost::indeterminate(auto_vflip_)) {
--		v.emplace_back("auto_vflip=" + utils::bool_string(auto_vflip_));
-+		v.emplace_back("auto_vflip=" + utils::bool_string(static_cast<bool>(auto_vflip_)));
- 	}
- 
- 	if(!boost::indeterminate(auto_hflip_)) {
--		v.emplace_back("auto_hflip=" + utils::bool_string(auto_hflip_));
-+		v.emplace_back("auto_hflip=" + utils::bool_string(static_cast<bool>(auto_hflip_)));
- 	}
- 
- 	if(!boost::indeterminate(primary_frame_)) {
--		v.emplace_back("primary_frame=" + utils::bool_string(primary_frame_));
-+		v.emplace_back("primary_frame=" + utils::bool_string(static_cast<bool>(primary_frame_)));
- 	}
- 
- 	if(!drawing_layer_.get_original().empty()) {
-@@ -768,7 +768,7 @@ const frame_parameters unit_frame::merge_parameters(int current_time, const fram
- 	}
- 
- 	// Convert the tribool to bool
--	const bool primary = result.primary_frame == true || boost::logic::indeterminate(result.primary_frame);
-+	const bool primary = static_cast<bool>(result.primary_frame) || boost::logic::indeterminate(result.primary_frame);
- 
- 	/** The engine provides a default image to use for the unit when none is available */
- 	result.image = current_val.image.is_void() || current_val.image.get_filename().empty()
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2017-13082.patch b/gnu/packages/patches/wpa-supplicant-CVE-2017-13082.patch
deleted file mode 100644
index 371456d157..0000000000
--- a/gnu/packages/patches/wpa-supplicant-CVE-2017-13082.patch
+++ /dev/null
@@ -1,182 +0,0 @@
-Fix CVE-2017-13082:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13082
-https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
-
-Patch copied from upstream:
-https://w1.fi/security/2017-1/rebased-v2.6-0001-hostapd-Avoid-key-reinstallation-in-FT-handshake.patch
-
-From cf4cab804c7afd5c45505528a8d16e46163243a2 Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Fri, 14 Jul 2017 15:15:35 +0200
-Subject: [PATCH 1/8] hostapd: Avoid key reinstallation in FT handshake
-
-Do not reinstall TK to the driver during Reassociation Response frame
-processing if the first attempt of setting the TK succeeded. This avoids
-issues related to clearing the TX/RX PN that could result in reusing
-same PN values for transmitted frames (e.g., due to CCM nonce reuse and
-also hitting replay protection on the receiver) and accepting replayed
-frames on RX side.
-
-This issue was introduced by the commit
-0e84c25434e6a1f283c7b4e62e483729085b78d2 ('FT: Fix PTK configuration in
-authenticator') which allowed wpa_ft_install_ptk() to be called multiple
-times with the same PTK. While the second configuration attempt is
-needed with some drivers, it must be done only if the first attempt
-failed.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
----
- src/ap/ieee802_11.c  | 16 +++++++++++++---
- src/ap/wpa_auth.c    | 11 +++++++++++
- src/ap/wpa_auth.h    |  3 ++-
- src/ap/wpa_auth_ft.c | 10 ++++++++++
- src/ap/wpa_auth_i.h  |  1 +
- 5 files changed, 37 insertions(+), 4 deletions(-)
-
-diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c
-index 4e04169..333035f 100644
---- a/src/ap/ieee802_11.c
-+++ b/src/ap/ieee802_11.c
-@@ -1841,6 +1841,7 @@ static int add_associated_sta(struct hostapd_data *hapd,
- {
- 	struct ieee80211_ht_capabilities ht_cap;
- 	struct ieee80211_vht_capabilities vht_cap;
-+	int set = 1;
- 
- 	/*
- 	 * Remove the STA entry to ensure the STA PS state gets cleared and
-@@ -1848,9 +1849,18 @@ static int add_associated_sta(struct hostapd_data *hapd,
- 	 * FT-over-the-DS, where a station re-associates back to the same AP but
- 	 * skips the authentication flow, or if working with a driver that
- 	 * does not support full AP client state.
-+	 *
-+	 * Skip this if the STA has already completed FT reassociation and the
-+	 * TK has been configured since the TX/RX PN must not be reset to 0 for
-+	 * the same key.
- 	 */
--	if (!sta->added_unassoc)
-+	if (!sta->added_unassoc &&
-+	    (!(sta->flags & WLAN_STA_AUTHORIZED) ||
-+	     !wpa_auth_sta_ft_tk_already_set(sta->wpa_sm))) {
- 		hostapd_drv_sta_remove(hapd, sta->addr);
-+		wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
-+		set = 0;
-+	}
- 
- #ifdef CONFIG_IEEE80211N
- 	if (sta->flags & WLAN_STA_HT)
-@@ -1873,11 +1883,11 @@ static int add_associated_sta(struct hostapd_data *hapd,
- 			    sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
- 			    sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
- 			    sta->vht_opmode, sta->p2p_ie ? 1 : 0,
--			    sta->added_unassoc)) {
-+			    set)) {
- 		hostapd_logger(hapd, sta->addr,
- 			       HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
- 			       "Could not %s STA to kernel driver",
--			       sta->added_unassoc ? "set" : "add");
-+			       set ? "set" : "add");
- 
- 		if (sta->added_unassoc) {
- 			hostapd_drv_sta_remove(hapd, sta->addr);
-diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
-index 3587086..707971d 100644
---- a/src/ap/wpa_auth.c
-+++ b/src/ap/wpa_auth.c
-@@ -1745,6 +1745,9 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
- #else /* CONFIG_IEEE80211R */
- 		break;
- #endif /* CONFIG_IEEE80211R */
-+	case WPA_DRV_STA_REMOVED:
-+		sm->tk_already_set = FALSE;
-+		return 0;
- 	}
- 
- #ifdef CONFIG_IEEE80211R
-@@ -3250,6 +3253,14 @@ int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm)
- }
- 
- 
-+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm)
-+{
-+	if (!sm || !wpa_key_mgmt_ft(sm->wpa_key_mgmt))
-+		return 0;
-+	return sm->tk_already_set;
-+}
-+
-+
- int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
- 			     struct rsn_pmksa_cache_entry *entry)
- {
-diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
-index 0de8d97..97461b0 100644
---- a/src/ap/wpa_auth.h
-+++ b/src/ap/wpa_auth.h
-@@ -267,7 +267,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
- 		 u8 *data, size_t data_len);
- enum wpa_event {
- 	WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH,
--	WPA_REAUTH_EAPOL, WPA_ASSOC_FT
-+	WPA_REAUTH_EAPOL, WPA_ASSOC_FT, WPA_DRV_STA_REMOVED
- };
- void wpa_remove_ptk(struct wpa_state_machine *sm);
- int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event);
-@@ -280,6 +280,7 @@ int wpa_auth_pairwise_set(struct wpa_state_machine *sm);
- int wpa_auth_get_pairwise(struct wpa_state_machine *sm);
- int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm);
- int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm);
-+int wpa_auth_sta_ft_tk_already_set(struct wpa_state_machine *sm);
- int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm,
- 			     struct rsn_pmksa_cache_entry *entry);
- struct rsn_pmksa_cache_entry *
-diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
-index 42242a5..e63b99a 100644
---- a/src/ap/wpa_auth_ft.c
-+++ b/src/ap/wpa_auth_ft.c
-@@ -780,6 +780,14 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
- 		return;
- 	}
- 
-+	if (sm->tk_already_set) {
-+		/* Must avoid TK reconfiguration to prevent clearing of TX/RX
-+		 * PN in the driver */
-+		wpa_printf(MSG_DEBUG,
-+			   "FT: Do not re-install same PTK to the driver");
-+		return;
-+	}
-+
- 	/* FIX: add STA entry to kernel/driver here? The set_key will fail
- 	 * most likely without this.. At the moment, STA entry is added only
- 	 * after association has been completed. This function will be called
-@@ -792,6 +800,7 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm)
- 
- 	/* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */
- 	sm->pairwise_set = TRUE;
-+	sm->tk_already_set = TRUE;
- }
- 
- 
-@@ -898,6 +907,7 @@ static int wpa_ft_process_auth_req(struct wpa_state_machine *sm,
- 
- 	sm->pairwise = pairwise;
- 	sm->PTK_valid = TRUE;
-+	sm->tk_already_set = FALSE;
- 	wpa_ft_install_ptk(sm);
- 
- 	buflen = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
-diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h
-index 72b7eb3..7fd8f05 100644
---- a/src/ap/wpa_auth_i.h
-+++ b/src/ap/wpa_auth_i.h
-@@ -65,6 +65,7 @@ struct wpa_state_machine {
- 	struct wpa_ptk PTK;
- 	Boolean PTK_valid;
- 	Boolean pairwise_set;
-+	Boolean tk_already_set;
- 	int keycount;
- 	Boolean Pair;
- 	struct wpa_key_replay_counter {
--- 
-2.7.4
-
diff --git a/gnu/packages/patches/wpa-supplicant-CVE-2018-14526.patch b/gnu/packages/patches/wpa-supplicant-CVE-2018-14526.patch
deleted file mode 100644
index d3d5cbc46a..0000000000
--- a/gnu/packages/patches/wpa-supplicant-CVE-2018-14526.patch
+++ /dev/null
@@ -1,53 +0,0 @@
-Fix CVE-2018-14526:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14526
-https://w1.fi/security/2018-1/unauthenticated-eapol-key-decryption.txt
-
-Patch downloaded from upstream:
-
-https://w1.fi/security/2018-1/rebased-v2.6-0001-WPA-Ignore-unauthenticated-encrypted-EAPOL-Key-data.patch
-
-From 3e34cfdff6b192fe337c6fb3f487f73e96582961 Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Sun, 15 Jul 2018 01:25:53 +0200
-Subject: [PATCH] WPA: Ignore unauthenticated encrypted EAPOL-Key data
-
-Ignore unauthenticated encrypted EAPOL-Key data in supplicant
-processing. When using WPA2, these are frames that have the Encrypted
-flag set, but not the MIC flag.
-
-When using WPA2, EAPOL-Key frames that had the Encrypted flag set but
-not the MIC flag, had their data field decrypted without first verifying
-the MIC. In case the data field was encrypted using RC4 (i.e., when
-negotiating TKIP as the pairwise cipher), this meant that
-unauthenticated but decrypted data would then be processed. An adversary
-could abuse this as a decryption oracle to recover sensitive information
-in the data field of EAPOL-Key messages (e.g., the group key).
-(CVE-2018-14526)
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
----
- src/rsn_supp/wpa.c | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff -upr wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c wpa_supplicant-2.6/src/rsn_supp/wpa.c
---- wpa_supplicant-2.6.orig/src/rsn_supp/wpa.c	2016-10-02 21:51:11.000000000 +0300
-+++ wpa_supplicant-2.6/src/rsn_supp/wpa.c	2018-08-08 16:55:11.506831029 +0300
-@@ -2016,6 +2016,17 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, c
- 
- 	if ((sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) &&
- 	    (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
-+		/*
-+		 * Only decrypt the Key Data field if the frame's authenticity
-+		 * was verified. When using AES-SIV (FILS), the MIC flag is not
-+		 * set, so this check should only be performed if mic_len != 0
-+		 * which is the case in this code branch.
-+		 */
-+		if (!(key_info & WPA_KEY_INFO_MIC)) {
-+			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-+				"WPA: Ignore EAPOL-Key with encrypted but unauthenticated data");
-+			goto out;
-+		}
- 		if (wpa_supplicant_decrypt_key_data(sm, key, ver, key_data,
- 						    &key_data_len))
- 			goto out;
diff --git a/gnu/packages/patches/wpa-supplicant-fix-key-reuse.patch b/gnu/packages/patches/wpa-supplicant-fix-key-reuse.patch
deleted file mode 100644
index 20d7c37662..0000000000
--- a/gnu/packages/patches/wpa-supplicant-fix-key-reuse.patch
+++ /dev/null
@@ -1,448 +0,0 @@
-Fix CVE-2017-{13078,13079,13080,13081,13087,13088}:
-
-https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13078
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13079
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13080
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13081
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13087
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13088
-
-These two patches are copied from upstream:
-https://w1.fi/security/2017-1/rebased-v2.6-0002-Prevent-reinstallation-of-an-already-in-use-group-ke.patch
-https://w1.fi/security/2017-1/rebased-v2.6-0003-Extend-protection-of-GTK-IGTK-reinstallation-of-WNM-.patch
-
-From 927f891007c402fefd1ff384645b3f07597c3ede Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Wed, 12 Jul 2017 16:03:24 +0200
-Subject: [PATCH 2/8] Prevent reinstallation of an already in-use group key
-
-Track the current GTK and IGTK that is in use and when receiving a
-(possibly retransmitted) Group Message 1 or WNM-Sleep Mode Response, do
-not install the given key if it is already in use. This prevents an
-attacker from trying to trick the client into resetting or lowering the
-sequence counter associated to the group key.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
----
- src/common/wpa_common.h |  11 +++++
- src/rsn_supp/wpa.c      | 116 ++++++++++++++++++++++++++++++------------------
- src/rsn_supp/wpa_i.h    |   4 ++
- 3 files changed, 87 insertions(+), 44 deletions(-)
-
-diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
-index af1d0f0..d200285 100644
---- a/src/common/wpa_common.h
-+++ b/src/common/wpa_common.h
-@@ -217,6 +217,17 @@ struct wpa_ptk {
- 	size_t tk_len;
- };
- 
-+struct wpa_gtk {
-+	u8 gtk[WPA_GTK_MAX_LEN];
-+	size_t gtk_len;
-+};
-+
-+#ifdef CONFIG_IEEE80211W
-+struct wpa_igtk {
-+	u8 igtk[WPA_IGTK_MAX_LEN];
-+	size_t igtk_len;
-+};
-+#endif /* CONFIG_IEEE80211W */
- 
- /* WPA IE version 1
-  * 00-50-f2:1 (OUI:OUI type)
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 3c47879..95bd7be 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -714,6 +714,15 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- 	const u8 *_gtk = gd->gtk;
- 	u8 gtk_buf[32];
- 
-+	/* Detect possible key reinstallation */
-+	if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
-+	    os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
-+		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
-+			"WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
-+			gd->keyidx, gd->tx, gd->gtk_len);
-+		return 0;
-+	}
-+
- 	wpa_hexdump_key(MSG_DEBUG, "WPA: Group Key", gd->gtk, gd->gtk_len);
- 	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- 		"WPA: Installing GTK to the driver (keyidx=%d tx=%d len=%d)",
-@@ -748,6 +757,9 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- 	}
- 	os_memset(gtk_buf, 0, sizeof(gtk_buf));
- 
-+	sm->gtk.gtk_len = gd->gtk_len;
-+	os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
-+
- 	return 0;
- }
- 
-@@ -854,6 +866,48 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
- }
- 
- 
-+#ifdef CONFIG_IEEE80211W
-+static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
-+				       const struct wpa_igtk_kde *igtk)
-+{
-+	size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
-+	u16 keyidx = WPA_GET_LE16(igtk->keyid);
-+
-+	/* Detect possible key reinstallation */
-+	if (sm->igtk.igtk_len == len &&
-+	    os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
-+		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
-+			"WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
-+			keyidx);
-+		return  0;
-+	}
-+
-+	wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
-+		"WPA: IGTK keyid %d pn %02x%02x%02x%02x%02x%02x",
-+		keyidx, MAC2STR(igtk->pn));
-+	wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK", igtk->igtk, len);
-+	if (keyidx > 4095) {
-+		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-+			"WPA: Invalid IGTK KeyID %d", keyidx);
-+		return -1;
-+	}
-+	if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
-+			   broadcast_ether_addr,
-+			   keyidx, 0, igtk->pn, sizeof(igtk->pn),
-+			   igtk->igtk, len) < 0) {
-+		wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
-+			"WPA: Failed to configure IGTK to the driver");
-+		return -1;
-+	}
-+
-+	sm->igtk.igtk_len = len;
-+	os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
-+
-+	return 0;
-+}
-+#endif /* CONFIG_IEEE80211W */
-+
-+
- static int ieee80211w_set_keys(struct wpa_sm *sm,
- 			       struct wpa_eapol_ie_parse *ie)
- {
-@@ -864,30 +918,14 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
- 	if (ie->igtk) {
- 		size_t len;
- 		const struct wpa_igtk_kde *igtk;
--		u16 keyidx;
-+
- 		len = wpa_cipher_key_len(sm->mgmt_group_cipher);
- 		if (ie->igtk_len != WPA_IGTK_KDE_PREFIX_LEN + len)
- 			return -1;
-+
- 		igtk = (const struct wpa_igtk_kde *) ie->igtk;
--		keyidx = WPA_GET_LE16(igtk->keyid);
--		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: IGTK keyid %d "
--			"pn %02x%02x%02x%02x%02x%02x",
--			keyidx, MAC2STR(igtk->pn));
--		wpa_hexdump_key(MSG_DEBUG, "WPA: IGTK",
--				igtk->igtk, len);
--		if (keyidx > 4095) {
--			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
--				"WPA: Invalid IGTK KeyID %d", keyidx);
--			return -1;
--		}
--		if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
--				   broadcast_ether_addr,
--				   keyidx, 0, igtk->pn, sizeof(igtk->pn),
--				   igtk->igtk, len) < 0) {
--			wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
--				"WPA: Failed to configure IGTK to the driver");
-+		if (wpa_supplicant_install_igtk(sm, igtk) < 0)
- 			return -1;
--		}
- 	}
- 
- 	return 0;
-@@ -2307,7 +2345,7 @@ void wpa_sm_deinit(struct wpa_sm *sm)
-  */
- void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- {
--	int clear_ptk = 1;
-+	int clear_keys = 1;
- 
- 	if (sm == NULL)
- 		return;
-@@ -2333,11 +2371,11 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- 		/* Prepare for the next transition */
- 		wpa_ft_prepare_auth_request(sm, NULL);
- 
--		clear_ptk = 0;
-+		clear_keys = 0;
- 	}
- #endif /* CONFIG_IEEE80211R */
- 
--	if (clear_ptk) {
-+	if (clear_keys) {
- 		/*
- 		 * IEEE 802.11, 8.4.10: Delete PTK SA on (re)association if
- 		 * this is not part of a Fast BSS Transition.
-@@ -2347,6 +2385,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- 		os_memset(&sm->ptk, 0, sizeof(sm->ptk));
- 		sm->tptk_set = 0;
- 		os_memset(&sm->tptk, 0, sizeof(sm->tptk));
-+		os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+#ifdef CONFIG_IEEE80211W
-+		os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+#endif /* CONFIG_IEEE80211W */
- 	}
- 
- #ifdef CONFIG_TDLS
-@@ -2877,6 +2919,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
- 	os_memset(sm->pmk, 0, sizeof(sm->pmk));
- 	os_memset(&sm->ptk, 0, sizeof(sm->ptk));
- 	os_memset(&sm->tptk, 0, sizeof(sm->tptk));
-+	os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+#ifdef CONFIG_IEEE80211W
-+	os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+#endif /* CONFIG_IEEE80211W */
- #ifdef CONFIG_IEEE80211R
- 	os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
- 	os_memset(sm->pmk_r0, 0, sizeof(sm->pmk_r0));
-@@ -2949,29 +2995,11 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
- 		os_memset(&gd, 0, sizeof(gd));
- #ifdef CONFIG_IEEE80211W
- 	} else if (subelem_id == WNM_SLEEP_SUBELEM_IGTK) {
--		struct wpa_igtk_kde igd;
--		u16 keyidx;
--
--		os_memset(&igd, 0, sizeof(igd));
--		keylen = wpa_cipher_key_len(sm->mgmt_group_cipher);
--		os_memcpy(igd.keyid, buf + 2, 2);
--		os_memcpy(igd.pn, buf + 4, 6);
--
--		keyidx = WPA_GET_LE16(igd.keyid);
--		os_memcpy(igd.igtk, buf + 10, keylen);
--
--		wpa_hexdump_key(MSG_DEBUG, "Install IGTK (WNM SLEEP)",
--				igd.igtk, keylen);
--		if (wpa_sm_set_key(sm, wpa_cipher_to_alg(sm->mgmt_group_cipher),
--				   broadcast_ether_addr,
--				   keyidx, 0, igd.pn, sizeof(igd.pn),
--				   igd.igtk, keylen) < 0) {
--			wpa_printf(MSG_DEBUG, "Failed to install the IGTK in "
--				   "WNM mode");
--			os_memset(&igd, 0, sizeof(igd));
-+		const struct wpa_igtk_kde *igtk;
-+
-+		igtk = (const struct wpa_igtk_kde *) (buf + 2);
-+		if (wpa_supplicant_install_igtk(sm, igtk) < 0)
- 			return -1;
--		}
--		os_memset(&igd, 0, sizeof(igd));
- #endif /* CONFIG_IEEE80211W */
- 	} else {
- 		wpa_printf(MSG_DEBUG, "Unknown element id");
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index f653ba6..afc9e37 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -31,6 +31,10 @@ struct wpa_sm {
- 	u8 rx_replay_counter[WPA_REPLAY_COUNTER_LEN];
- 	int rx_replay_counter_set;
- 	u8 request_counter[WPA_REPLAY_COUNTER_LEN];
-+	struct wpa_gtk gtk;
-+#ifdef CONFIG_IEEE80211W
-+	struct wpa_igtk igtk;
-+#endif /* CONFIG_IEEE80211W */
- 
- 	struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
- 
--- 
-2.7.4
-
-From 8280294e74846ea342389a0cd17215050fa5afe8 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 1 Oct 2017 12:12:24 +0300
-Subject: [PATCH 3/8] Extend protection of GTK/IGTK reinstallation of WNM-Sleep
- Mode cases
-
-This extends the protection to track last configured GTK/IGTK value
-separately from EAPOL-Key frames and WNM-Sleep Mode frames to cover a
-corner case where these two different mechanisms may get used when the
-GTK/IGTK has changed and tracking a single value is not sufficient to
-detect a possible key reconfiguration.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/rsn_supp/wpa.c   | 53 +++++++++++++++++++++++++++++++++++++---------------
- src/rsn_supp/wpa_i.h |  2 ++
- 2 files changed, 40 insertions(+), 15 deletions(-)
-
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 95bd7be..7a2c68d 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -709,14 +709,17 @@ struct wpa_gtk_data {
- 
- static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- 				      const struct wpa_gtk_data *gd,
--				      const u8 *key_rsc)
-+				      const u8 *key_rsc, int wnm_sleep)
- {
- 	const u8 *_gtk = gd->gtk;
- 	u8 gtk_buf[32];
- 
- 	/* Detect possible key reinstallation */
--	if (sm->gtk.gtk_len == (size_t) gd->gtk_len &&
--	    os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) {
-+	if ((sm->gtk.gtk_len == (size_t) gd->gtk_len &&
-+	     os_memcmp(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len) == 0) ||
-+	    (sm->gtk_wnm_sleep.gtk_len == (size_t) gd->gtk_len &&
-+	     os_memcmp(sm->gtk_wnm_sleep.gtk, gd->gtk,
-+		       sm->gtk_wnm_sleep.gtk_len) == 0)) {
- 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- 			"WPA: Not reinstalling already in-use GTK to the driver (keyidx=%d tx=%d len=%d)",
- 			gd->keyidx, gd->tx, gd->gtk_len);
-@@ -757,8 +760,14 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
- 	}
- 	os_memset(gtk_buf, 0, sizeof(gtk_buf));
- 
--	sm->gtk.gtk_len = gd->gtk_len;
--	os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
-+	if (wnm_sleep) {
-+		sm->gtk_wnm_sleep.gtk_len = gd->gtk_len;
-+		os_memcpy(sm->gtk_wnm_sleep.gtk, gd->gtk,
-+			  sm->gtk_wnm_sleep.gtk_len);
-+	} else {
-+		sm->gtk.gtk_len = gd->gtk_len;
-+		os_memcpy(sm->gtk.gtk, gd->gtk, sm->gtk.gtk_len);
-+	}
- 
- 	return 0;
- }
-@@ -852,7 +861,7 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
- 	    (wpa_supplicant_check_group_cipher(sm, sm->group_cipher,
- 					       gtk_len, gtk_len,
- 					       &gd.key_rsc_len, &gd.alg) ||
--	     wpa_supplicant_install_gtk(sm, &gd, key_rsc))) {
-+	     wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0))) {
- 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- 			"RSN: Failed to install GTK");
- 		os_memset(&gd, 0, sizeof(gd));
-@@ -868,14 +877,18 @@ static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
- 
- #ifdef CONFIG_IEEE80211W
- static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
--				       const struct wpa_igtk_kde *igtk)
-+				       const struct wpa_igtk_kde *igtk,
-+				       int wnm_sleep)
- {
- 	size_t len = wpa_cipher_key_len(sm->mgmt_group_cipher);
- 	u16 keyidx = WPA_GET_LE16(igtk->keyid);
- 
- 	/* Detect possible key reinstallation */
--	if (sm->igtk.igtk_len == len &&
--	    os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) {
-+	if ((sm->igtk.igtk_len == len &&
-+	     os_memcmp(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len) == 0) ||
-+	    (sm->igtk_wnm_sleep.igtk_len == len &&
-+	     os_memcmp(sm->igtk_wnm_sleep.igtk, igtk->igtk,
-+		       sm->igtk_wnm_sleep.igtk_len) == 0)) {
- 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- 			"WPA: Not reinstalling already in-use IGTK to the driver (keyidx=%d)",
- 			keyidx);
-@@ -900,8 +913,14 @@ static int wpa_supplicant_install_igtk(struct wpa_sm *sm,
- 		return -1;
- 	}
- 
--	sm->igtk.igtk_len = len;
--	os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
-+	if (wnm_sleep) {
-+		sm->igtk_wnm_sleep.igtk_len = len;
-+		os_memcpy(sm->igtk_wnm_sleep.igtk, igtk->igtk,
-+			  sm->igtk_wnm_sleep.igtk_len);
-+	} else {
-+		sm->igtk.igtk_len = len;
-+		os_memcpy(sm->igtk.igtk, igtk->igtk, sm->igtk.igtk_len);
-+	}
- 
- 	return 0;
- }
-@@ -924,7 +943,7 @@ static int ieee80211w_set_keys(struct wpa_sm *sm,
- 			return -1;
- 
- 		igtk = (const struct wpa_igtk_kde *) ie->igtk;
--		if (wpa_supplicant_install_igtk(sm, igtk) < 0)
-+		if (wpa_supplicant_install_igtk(sm, igtk, 0) < 0)
- 			return -1;
- 	}
- 
-@@ -1574,7 +1593,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
- 	if (wpa_supplicant_rsc_relaxation(sm, key->key_rsc))
- 		key_rsc = null_rsc;
- 
--	if (wpa_supplicant_install_gtk(sm, &gd, key_rsc) ||
-+	if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 0) ||
- 	    wpa_supplicant_send_2_of_2(sm, key, ver, key_info) < 0)
- 		goto failed;
- 	os_memset(&gd, 0, sizeof(gd));
-@@ -2386,8 +2405,10 @@ void wpa_sm_notify_assoc(struct wpa_sm *sm, const u8 *bssid)
- 		sm->tptk_set = 0;
- 		os_memset(&sm->tptk, 0, sizeof(sm->tptk));
- 		os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+		os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
- #ifdef CONFIG_IEEE80211W
- 		os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+		os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
- #endif /* CONFIG_IEEE80211W */
- 	}
- 
-@@ -2920,8 +2941,10 @@ void wpa_sm_drop_sa(struct wpa_sm *sm)
- 	os_memset(&sm->ptk, 0, sizeof(sm->ptk));
- 	os_memset(&sm->tptk, 0, sizeof(sm->tptk));
- 	os_memset(&sm->gtk, 0, sizeof(sm->gtk));
-+	os_memset(&sm->gtk_wnm_sleep, 0, sizeof(sm->gtk_wnm_sleep));
- #ifdef CONFIG_IEEE80211W
- 	os_memset(&sm->igtk, 0, sizeof(sm->igtk));
-+	os_memset(&sm->igtk_wnm_sleep, 0, sizeof(sm->igtk_wnm_sleep));
- #endif /* CONFIG_IEEE80211W */
- #ifdef CONFIG_IEEE80211R
- 	os_memset(sm->xxkey, 0, sizeof(sm->xxkey));
-@@ -2986,7 +3009,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
- 
- 		wpa_hexdump_key(MSG_DEBUG, "Install GTK (WNM SLEEP)",
- 				gd.gtk, gd.gtk_len);
--		if (wpa_supplicant_install_gtk(sm, &gd, key_rsc)) {
-+		if (wpa_supplicant_install_gtk(sm, &gd, key_rsc, 1)) {
- 			os_memset(&gd, 0, sizeof(gd));
- 			wpa_printf(MSG_DEBUG, "Failed to install the GTK in "
- 				   "WNM mode");
-@@ -2998,7 +3021,7 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
- 		const struct wpa_igtk_kde *igtk;
- 
- 		igtk = (const struct wpa_igtk_kde *) (buf + 2);
--		if (wpa_supplicant_install_igtk(sm, igtk) < 0)
-+		if (wpa_supplicant_install_igtk(sm, igtk, 1) < 0)
- 			return -1;
- #endif /* CONFIG_IEEE80211W */
- 	} else {
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index afc9e37..9a54631 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -32,8 +32,10 @@ struct wpa_sm {
- 	int rx_replay_counter_set;
- 	u8 request_counter[WPA_REPLAY_COUNTER_LEN];
- 	struct wpa_gtk gtk;
-+	struct wpa_gtk gtk_wnm_sleep;
- #ifdef CONFIG_IEEE80211W
- 	struct wpa_igtk igtk;
-+	struct wpa_igtk igtk_wnm_sleep;
- #endif /* CONFIG_IEEE80211W */
- 
- 	struct eapol_sm *eapol; /* EAPOL state machine from upper level code */
--- 
-2.7.4
-
diff --git a/gnu/packages/patches/wpa-supplicant-fix-nonce-reuse.patch b/gnu/packages/patches/wpa-supplicant-fix-nonce-reuse.patch
deleted file mode 100644
index d8dd9cd204..0000000000
--- a/gnu/packages/patches/wpa-supplicant-fix-nonce-reuse.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-Fix a nonce re-use bug:
-
-https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
-
-Patch copied from upstream:
-
-https://w1.fi/security/2017-1/rebased-v2.6-0005-Fix-PTK-rekeying-to-generate-a-new-ANonce.patch
-
-From 12fac09b437a1dc8a0f253e265934a8aaf4d2f8b Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Sun, 1 Oct 2017 12:32:57 +0300
-Subject: [PATCH 5/8] Fix PTK rekeying to generate a new ANonce
-
-The Authenticator state machine path for PTK rekeying ended up bypassing
-the AUTHENTICATION2 state where a new ANonce is generated when going
-directly to the PTKSTART state since there is no need to try to
-determine the PMK again in such a case. This is far from ideal since the
-new PTK would depend on a new nonce only from the supplicant.
-
-Fix this by generating a new ANonce when moving to the PTKSTART state
-for the purpose of starting new 4-way handshake to rekey PTK.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/ap/wpa_auth.c | 24 +++++++++++++++++++++---
- 1 file changed, 21 insertions(+), 3 deletions(-)
-
-diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
-index 707971d..bf10cc1 100644
---- a/src/ap/wpa_auth.c
-+++ b/src/ap/wpa_auth.c
-@@ -1901,6 +1901,21 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
- }
- 
- 
-+static int wpa_auth_sm_ptk_update(struct wpa_state_machine *sm)
-+{
-+	if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
-+		wpa_printf(MSG_ERROR,
-+			   "WPA: Failed to get random data for ANonce");
-+		sm->Disconnect = TRUE;
-+		return -1;
-+	}
-+	wpa_hexdump(MSG_DEBUG, "WPA: Assign new ANonce", sm->ANonce,
-+		    WPA_NONCE_LEN);
-+	sm->TimeoutCtr = 0;
-+	return 0;
-+}
-+
-+
- SM_STATE(WPA_PTK, INITPMK)
- {
- 	u8 msk[2 * PMK_LEN];
-@@ -2458,9 +2473,12 @@ SM_STEP(WPA_PTK)
- 		SM_ENTER(WPA_PTK, AUTHENTICATION);
- 	else if (sm->ReAuthenticationRequest)
- 		SM_ENTER(WPA_PTK, AUTHENTICATION2);
--	else if (sm->PTKRequest)
--		SM_ENTER(WPA_PTK, PTKSTART);
--	else switch (sm->wpa_ptk_state) {
-+	else if (sm->PTKRequest) {
-+		if (wpa_auth_sm_ptk_update(sm) < 0)
-+			SM_ENTER(WPA_PTK, DISCONNECTED);
-+		else
-+			SM_ENTER(WPA_PTK, PTKSTART);
-+	} else switch (sm->wpa_ptk_state) {
- 	case WPA_PTK_INITIALIZE:
- 		break;
- 	case WPA_PTK_DISCONNECT:
--- 
-2.7.4
-
diff --git a/gnu/packages/patches/wpa-supplicant-fix-zeroed-keys.patch b/gnu/packages/patches/wpa-supplicant-fix-zeroed-keys.patch
deleted file mode 100644
index 7f437271f3..0000000000
--- a/gnu/packages/patches/wpa-supplicant-fix-zeroed-keys.patch
+++ /dev/null
@@ -1,86 +0,0 @@
-Don't install a zeroed encryption key:
-
-https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
-
-Patch copied from upstream:
-https://w1.fi/security/2017-1/rebased-v2.6-0004-Prevent-installation-of-an-all-zero-TK.patch
-
-From 8f82bc94e8697a9d47fa8774dfdaaede1084912c Mon Sep 17 00:00:00 2001
-From: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
-Date: Fri, 29 Sep 2017 04:22:51 +0200
-Subject: [PATCH 4/8] Prevent installation of an all-zero TK
-
-Properly track whether a PTK has already been installed to the driver
-and the TK part cleared from memory. This prevents an attacker from
-trying to trick the client into installing an all-zero TK.
-
-This fixes the earlier fix in commit
-ad00d64e7d8827b3cebd665a0ceb08adabf15e1e ('Fix TK configuration to the
-driver in EAPOL-Key 3/4 retry case') which did not take into account
-possibility of an extra message 1/4 showing up between retries of
-message 3/4.
-
-Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
----
- src/common/wpa_common.h | 1 +
- src/rsn_supp/wpa.c      | 5 ++---
- src/rsn_supp/wpa_i.h    | 1 -
- 3 files changed, 3 insertions(+), 4 deletions(-)
-
-diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h
-index d200285..1021ccb 100644
---- a/src/common/wpa_common.h
-+++ b/src/common/wpa_common.h
-@@ -215,6 +215,7 @@ struct wpa_ptk {
- 	size_t kck_len;
- 	size_t kek_len;
- 	size_t tk_len;
-+	int installed; /* 1 if key has already been installed to driver */
- };
- 
- struct wpa_gtk {
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 7a2c68d..0550a41 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -510,7 +510,6 @@ static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
- 		os_memset(buf, 0, sizeof(buf));
- 	}
- 	sm->tptk_set = 1;
--	sm->tk_to_set = 1;
- 
- 	kde = sm->assoc_wpa_ie;
- 	kde_len = sm->assoc_wpa_ie_len;
-@@ -615,7 +614,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
- 	enum wpa_alg alg;
- 	const u8 *key_rsc;
- 
--	if (!sm->tk_to_set) {
-+	if (sm->ptk.installed) {
- 		wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
- 			"WPA: Do not re-install same PTK to the driver");
- 		return 0;
-@@ -659,7 +658,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
- 
- 	/* TK is not needed anymore in supplicant */
- 	os_memset(sm->ptk.tk, 0, WPA_TK_MAX_LEN);
--	sm->tk_to_set = 0;
-+	sm->ptk.installed = 1;
- 
- 	if (sm->wpa_ptk_rekey) {
- 		eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index 9a54631..41f371f 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -24,7 +24,6 @@ struct wpa_sm {
- 	struct wpa_ptk ptk, tptk;
- 	int ptk_set, tptk_set;
- 	unsigned int msg_3_of_4_ok:1;
--	unsigned int tk_to_set:1;
- 	u8 snonce[WPA_NONCE_LEN];
- 	u8 anonce[WPA_NONCE_LEN]; /* ANonce from the last 1/4 msg */
- 	int renew_snonce;
--- 
-2.7.4
-
diff --git a/gnu/packages/patches/wpa-supplicant-krack-followups.patch b/gnu/packages/patches/wpa-supplicant-krack-followups.patch
deleted file mode 100644
index 00904addb1..0000000000
--- a/gnu/packages/patches/wpa-supplicant-krack-followups.patch
+++ /dev/null
@@ -1,275 +0,0 @@
-These three patches are follow-ups to the bug fixes for the 'KRACK' key
-re-installation attacks on Wi-Fi's WPA2 security protocol. See upstream
-security announcement for more information:
-
-https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
-
-These three patches copied from upstream:
-
-https://w1.fi/security/2017-1/rebased-v2.6-0006-TDLS-Reject-TPK-TK-reconfiguration.patch
-https://w1.fi/security/2017-1/rebased-v2.6-0007-WNM-Ignore-WNM-Sleep-Mode-Response-without-pending-r.patch
-https://w1.fi/security/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
-
-From 6c4bed4f47d1960ec04981a9d50e5076aea5223d Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 22 Sep 2017 11:03:15 +0300
-Subject: [PATCH 6/8] TDLS: Reject TPK-TK reconfiguration
-
-Do not try to reconfigure the same TPK-TK to the driver after it has
-been successfully configured. This is an explicit check to avoid issues
-related to resetting the TX/RX packet number. There was already a check
-for this for TPK M2 (retries of that message are ignored completely), so
-that behavior does not get modified.
-
-For TPK M3, the TPK-TK could have been reconfigured, but that was
-followed by immediate teardown of the link due to an issue in updating
-the STA entry. Furthermore, for TDLS with any real security (i.e.,
-ignoring open/WEP), the TPK message exchange is protected on the AP path
-and simple replay attacks are not feasible.
-
-As an additional corner case, make sure the local nonce gets updated if
-the peer uses a very unlikely "random nonce" of all zeros.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/rsn_supp/tdls.c | 38 ++++++++++++++++++++++++++++++++++++--
- 1 file changed, 36 insertions(+), 2 deletions(-)
-
-diff --git a/src/rsn_supp/tdls.c b/src/rsn_supp/tdls.c
-index e424168..9eb9738 100644
---- a/src/rsn_supp/tdls.c
-+++ b/src/rsn_supp/tdls.c
-@@ -112,6 +112,7 @@ struct wpa_tdls_peer {
- 		u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
- 	} tpk;
- 	int tpk_set;
-+	int tk_set; /* TPK-TK configured to the driver */
- 	int tpk_success;
- 	int tpk_in_progress;
- 
-@@ -192,6 +193,20 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
- 	u8 rsc[6];
- 	enum wpa_alg alg;
- 
-+	if (peer->tk_set) {
-+		/*
-+		 * This same TPK-TK has already been configured to the driver
-+		 * and this new configuration attempt (likely due to an
-+		 * unexpected retransmitted frame) would result in clearing
-+		 * the TX/RX sequence number which can break security, so must
-+		 * not allow that to happen.
-+		 */
-+		wpa_printf(MSG_INFO, "TDLS: TPK-TK for the peer " MACSTR
-+			   " has already been configured to the driver - do not reconfigure",
-+			   MAC2STR(peer->addr));
-+		return -1;
-+	}
-+
- 	os_memset(rsc, 0, 6);
- 
- 	switch (peer->cipher) {
-@@ -209,12 +224,15 @@ static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
- 		return -1;
- 	}
- 
-+	wpa_printf(MSG_DEBUG, "TDLS: Configure pairwise key for peer " MACSTR,
-+		   MAC2STR(peer->addr));
- 	if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
- 			   rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
- 		wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
- 			   "driver");
- 		return -1;
- 	}
-+	peer->tk_set = 1;
- 	return 0;
- }
- 
-@@ -696,7 +714,7 @@ static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
- 	peer->cipher = 0;
- 	peer->qos_info = 0;
- 	peer->wmm_capable = 0;
--	peer->tpk_set = peer->tpk_success = 0;
-+	peer->tk_set = peer->tpk_set = peer->tpk_success = 0;
- 	peer->chan_switch_enabled = 0;
- 	os_memset(&peer->tpk, 0, sizeof(peer->tpk));
- 	os_memset(peer->inonce, 0, WPA_NONCE_LEN);
-@@ -1159,6 +1177,7 @@ skip_rsnie:
- 		wpa_tdls_peer_free(sm, peer);
- 		return -1;
- 	}
-+	peer->tk_set = 0; /* A new nonce results in a new TK */
- 	wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
- 		    peer->inonce, WPA_NONCE_LEN);
- 	os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
-@@ -1751,6 +1770,19 @@ static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer,
- }
- 
- 
-+static int tdls_nonce_set(const u8 *nonce)
-+{
-+	int i;
-+
-+	for (i = 0; i < WPA_NONCE_LEN; i++) {
-+		if (nonce[i])
-+			return 1;
-+	}
-+
-+	return 0;
-+}
-+
-+
- static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
- 				   const u8 *buf, size_t len)
- {
-@@ -2004,7 +2036,8 @@ skip_rsn:
- 	peer->rsnie_i_len = kde.rsn_ie_len;
- 	peer->cipher = cipher;
- 
--	if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
-+	if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0 ||
-+	    !tdls_nonce_set(peer->inonce)) {
- 		/*
- 		 * There is no point in updating the RNonce for every obtained
- 		 * TPK M1 frame (e.g., retransmission due to timeout) with the
-@@ -2020,6 +2053,7 @@ skip_rsn:
- 				"TDLS: Failed to get random data for responder nonce");
- 			goto error;
- 		}
-+		peer->tk_set = 0; /* A new nonce results in a new TK */
- 	}
- 
- #if 0
--- 
-2.7.4
-
-From 53c5eb58e95004f86e65ee9fbfccbc291b139057 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 22 Sep 2017 11:25:02 +0300
-Subject: [PATCH 7/8] WNM: Ignore WNM-Sleep Mode Response without pending
- request
-
-Commit 03ed0a52393710be6bdae657d1b36efa146520e5 ('WNM: Ignore WNM-Sleep
-Mode Response if WNM-Sleep Mode has not been used') started ignoring the
-response when no WNM-Sleep Mode Request had been used during the
-association. This can be made tighter by clearing the used flag when
-successfully processing a response. This adds an additional layer of
-protection against unexpected retransmissions of the response frame.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- wpa_supplicant/wnm_sta.c | 4 +++-
- 1 file changed, 3 insertions(+), 1 deletion(-)
-
-diff --git a/wpa_supplicant/wnm_sta.c b/wpa_supplicant/wnm_sta.c
-index 1b3409c..67a07ff 100644
---- a/wpa_supplicant/wnm_sta.c
-+++ b/wpa_supplicant/wnm_sta.c
-@@ -260,7 +260,7 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
- 
- 	if (!wpa_s->wnmsleep_used) {
- 		wpa_printf(MSG_DEBUG,
--			   "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode has not been used in this association");
-+			   "WNM: Ignore WNM-Sleep Mode Response frame since WNM-Sleep Mode operation has not been requested");
- 		return;
- 	}
- 
-@@ -299,6 +299,8 @@ static void ieee802_11_rx_wnmsleep_resp(struct wpa_supplicant *wpa_s,
- 		return;
- 	}
- 
-+	wpa_s->wnmsleep_used = 0;
-+
- 	if (wnmsleep_ie->status == WNM_STATUS_SLEEP_ACCEPT ||
- 	    wnmsleep_ie->status == WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) {
- 		wpa_printf(MSG_DEBUG, "Successfully recv WNM-Sleep Response "
--- 
-2.7.4
-
-https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
-
-Patch copied from upstream:
-
-https://w1.fi/security/2017-1/rebased-v2.6-0008-FT-Do-not-allow-multiple-Reassociation-Response-fram.patch
-
-From b372ab0b7daea719749194dc554b26e6367603f2 Mon Sep 17 00:00:00 2001
-From: Jouni Malinen <j@w1.fi>
-Date: Fri, 22 Sep 2017 12:06:37 +0300
-Subject: [PATCH 8/8] FT: Do not allow multiple Reassociation Response frames
-
-The driver is expected to not report a second association event without
-the station having explicitly request a new association. As such, this
-case should not be reachable. However, since reconfiguring the same
-pairwise or group keys to the driver could result in nonce reuse issues,
-be extra careful here and do an additional state check to avoid this
-even if the local driver ends up somehow accepting an unexpected
-Reassociation Response frame.
-
-Signed-off-by: Jouni Malinen <j@w1.fi>
----
- src/rsn_supp/wpa.c    | 3 +++
- src/rsn_supp/wpa_ft.c | 8 ++++++++
- src/rsn_supp/wpa_i.h  | 1 +
- 3 files changed, 12 insertions(+)
-
-diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c
-index 0550a41..2a53c6f 100644
---- a/src/rsn_supp/wpa.c
-+++ b/src/rsn_supp/wpa.c
-@@ -2440,6 +2440,9 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
- #ifdef CONFIG_TDLS
- 	wpa_tdls_disassoc(sm);
- #endif /* CONFIG_TDLS */
-+#ifdef CONFIG_IEEE80211R
-+	sm->ft_reassoc_completed = 0;
-+#endif /* CONFIG_IEEE80211R */
- 
- 	/* Keys are not needed in the WPA state machine anymore */
- 	wpa_sm_drop_sa(sm);
-diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c
-index 205793e..d45bb45 100644
---- a/src/rsn_supp/wpa_ft.c
-+++ b/src/rsn_supp/wpa_ft.c
-@@ -153,6 +153,7 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len,
- 	u16 capab;
- 
- 	sm->ft_completed = 0;
-+	sm->ft_reassoc_completed = 0;
- 
- 	buf_len = 2 + sizeof(struct rsn_mdie) + 2 + sizeof(struct rsn_ftie) +
- 		2 + sm->r0kh_id_len + ric_ies_len + 100;
-@@ -681,6 +682,11 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
- 		return -1;
- 	}
- 
-+	if (sm->ft_reassoc_completed) {
-+		wpa_printf(MSG_DEBUG, "FT: Reassociation has already been completed for this FT protocol instance - ignore unexpected retransmission");
-+		return 0;
-+	}
-+
- 	if (wpa_ft_parse_ies(ies, ies_len, &parse) < 0) {
- 		wpa_printf(MSG_DEBUG, "FT: Failed to parse IEs");
- 		return -1;
-@@ -781,6 +787,8 @@ int wpa_ft_validate_reassoc_resp(struct wpa_sm *sm, const u8 *ies,
- 		return -1;
- 	}
- 
-+	sm->ft_reassoc_completed = 1;
-+
- 	if (wpa_ft_process_gtk_subelem(sm, parse.gtk, parse.gtk_len) < 0)
- 		return -1;
- 
-diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h
-index 41f371f..56f88dc 100644
---- a/src/rsn_supp/wpa_i.h
-+++ b/src/rsn_supp/wpa_i.h
-@@ -128,6 +128,7 @@ struct wpa_sm {
- 	size_t r0kh_id_len;
- 	u8 r1kh_id[FT_R1KH_ID_LEN];
- 	int ft_completed;
-+	int ft_reassoc_completed;
- 	int over_the_ds_in_progress;
- 	u8 target_ap[ETH_ALEN]; /* over-the-DS target AP */
- 	int set_ptk_after_assoc;
--- 
-2.7.4
-
diff --git a/gnu/packages/plotutils.scm b/gnu/packages/plotutils.scm
index 2a330695c6..22a62a0f5b 100644
--- a/gnu/packages/plotutils.scm
+++ b/gnu/packages/plotutils.scm
@@ -188,11 +188,10 @@ colors, styles, options and details.")
        ("texinfo" ,texinfo)             ;For generating documentation
        ;; For the manual and the tests.
        ("texlive" ,(texlive-union (list texlive-fonts-amsfonts
-                                        texlive-generic-ifxetex
                                         texlive-latex-amsfonts
                                         texlive-latex-geometry
                                         texlive-latex-graphics
-                                        texlive-latex-oberdiek
+                                        texlive-latex-oberdiek ; for ifluatex
                                         texlive-latex-parskip
                                         texlive-tex-texinfo)))
        ("emacs" ,emacs-minimal)
diff --git a/gnu/packages/python-crypto.scm b/gnu/packages/python-crypto.scm
index 4338854574..688c8c4378 100644
--- a/gnu/packages/python-crypto.scm
+++ b/gnu/packages/python-crypto.scm
@@ -357,14 +357,14 @@ is used by the Requests library to verify HTTPS requests.")
 (define-public python-cryptography-vectors
   (package
     (name "python-cryptography-vectors")
-    (version "2.5")
+    (version "2.6.1")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "cryptography_vectors" version))
        (sha256
         (base32
-         "15qfl3pnw2f11r0z0zhwl56f6pb60ysav8fxmpnz5p80cfwljdik"))))
+         "1bsqcv3h49dzqnyn29ijq8r7k1ra8ikl1y9qcpcns9nbvhaq3wq3"))))
     (build-system python-build-system)
     (home-page "https://github.com/pyca/cryptography")
     (synopsis "Test vectors for the cryptography package")
@@ -379,14 +379,14 @@ is used by the Requests library to verify HTTPS requests.")
 (define-public python-cryptography
   (package
     (name "python-cryptography")
-    (version "2.5")
+    (version "2.6.1")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "cryptography" version))
        (sha256
         (base32
-         "00c4d7gvsymlaw0r13zrm32dcnarmpayjyrh65yymlmr6mrbcij9"))))
+         "19iwz5avym5zl6jrrrkym1rdaa9h61j20ph4cswsqgv8xg5j3j16"))))
     (build-system python-build-system)
     (inputs
      `(("openssl" ,openssl)))
diff --git a/gnu/packages/regex.scm b/gnu/packages/regex.scm
index bfd30278e9..f409565787 100644
--- a/gnu/packages/regex.scm
+++ b/gnu/packages/regex.scm
@@ -30,7 +30,7 @@
 (define-public re2
    (package
      (name "re2")
-     (version "2019-01-01")
+     (version "2019-03-01")
      (home-page "https://github.com/google/re2")
      (source (origin
                (method git-fetch)
@@ -38,7 +38,7 @@
                (file-name (git-file-name name version))
                (sha256
                 (base32
-                 "0wys8bbhj8ppgmgp3842qjmnvkynnzxrm8d7c3a3qyq3p6grqa29"))))
+                 "032lsrb57llq79icpvrrh1fmjzy2i4bdmydfww178nc45ya5wcl4"))))
      (build-system gnu-build-system)
      (arguments
       `(#:modules ((guix build gnu-build-system)
diff --git a/gnu/packages/rsync.scm b/gnu/packages/rsync.scm
index 4fed03523e..b20b841478 100644
--- a/gnu/packages/rsync.scm
+++ b/gnu/packages/rsync.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2019 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -21,12 +22,15 @@
 
 (define-module (gnu packages rsync)
   #:use-module (gnu packages)
-  #:use-module (gnu packages perl)
   #:use-module (gnu packages acl)
   #:use-module (gnu packages base)
-  #:use-module (guix licenses)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages perl)
+  #:use-module (gnu packages popt)
+  #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix build-system cmake)
   #:use-module (guix build-system gnu))
 
 
@@ -51,25 +55,26 @@ to/from another host over any remote shell, or to/from a remote rsync daemon.
 Its delta-transfer algorithm reduces the amount of data sent over the network
 by sending only the differences between the source files and the existing
 files in the destination.")
-   (license gpl3+)
+   (license license:gpl3+)
    (home-page "http://rsync.samba.org/")))
 
 (define-public librsync
   (package
     (name "librsync")
-    (version "0.9.7")
+    (version "2.0.2")
        (source (origin
             (method url-fetch)
-            (uri (string-append "mirror://sourceforge/librsync/librsync/"
-                                version "/librsync-" version ".tar.gz"))
+            (uri (string-append "https://github.com/librsync/librsync/archive/v"
+                                version ".tar.gz"))
             (sha256
              (base32
-              "1mj1pj99mgf1a59q9f2mxjli2fzxpnf55233pc1klxk2arhf8cv6"))))
-   (build-system gnu-build-system)
+              "1waa581pcscc1rnvy06cj584k5dx0dc7jj79wsdj7xw4xqh9ayz6"))))
+   (build-system cmake-build-system)
+   (inputs
+    `(("popt" ,popt)))
    (native-inputs
     `(("which" ,which)
       ("perl" ,perl)))
-   (arguments '(#:configure-flags '("--enable-shared")))
    (home-page "http://librsync.sourceforge.net/")
    (synopsis "Implementation of the rsync remote-delta algorithm")
    (description
@@ -78,4 +83,19 @@ remote-delta algorithm.  This algorithm allows efficient remote updates of a
 file, without requiring the old and new versions to both be present at the
 sending end.  The library uses a \"streaming\" design similar to that of zlib
 with the aim of allowing it to be embedded into many different applications.")
-   (license lgpl2.1+)))
+   (license license:lgpl2.1+)))
+
+(define-public librsync-0.9
+  (package
+    (inherit librsync)
+    (version "0.9.7")
+        (source (origin
+             (method url-fetch)
+            (uri (string-append "mirror://sourceforge/librsync/librsync/"
+                                version "/librsync-" version ".tar.gz"))
+             (sha256
+              (base32
+              "1mj1pj99mgf1a59q9f2mxjli2fzxpnf55233pc1klxk2arhf8cv6"))))
+    (build-system gnu-build-system)
+    (arguments '(#:configure-flags '("--enable-shared")))
+    (inputs '())))
diff --git a/gnu/packages/rust.scm b/gnu/packages/rust.scm
index 5afdf13f43..feadbcddba 100644
--- a/gnu/packages/rust.scm
+++ b/gnu/packages/rust.scm
@@ -7,6 +7,7 @@
 ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018 Danny Milosavljevic <dannym+a@scratchpost.org>
+;;; Copyright © 2019 Ivan Petkov <ivanppetkov@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -196,7 +197,7 @@ safety and thread safety guarantees.")
     (properties '((timeout . 72000)               ;20 hours
                   (max-silent-time . 18000)))     ;5 hours (for armel)
     (arguments
-     `(#:imported-modules ,%cargo-build-system-modules ;for `generate-checksums'
+     `(#:imported-modules ,%cargo-utils-modules ;for `generate-checksums'
        #:modules ((guix build utils) (ice-9 match) (guix build gnu-build-system))
        #:phases
        (modify-phases %standard-phases
@@ -275,7 +276,7 @@ test = { path = \"../libtest\" }
                 (string-append name "\"" ,%cargo-reference-hash "\"")))
              (for-each
               (lambda (filename)
-                (use-modules (guix build cargo-build-system))
+                (use-modules (guix build cargo-utils))
                 (delete-file filename)
                 (let* ((dir (dirname filename)))
                   (display (string-append
diff --git a/gnu/packages/simulation.scm b/gnu/packages/simulation.scm
index 3637cc383b..a8d214794e 100644
--- a/gnu/packages/simulation.scm
+++ b/gnu/packages/simulation.scm
@@ -464,6 +464,10 @@ FFC is part of the FEniCS Project.")
                               "${DOLFIN_SOURCE_DIR} "
                               "${DOLFIN_SOURCE_DIR}/dolfin "
                               "${DOLFIN_BINARY_DIR})\n")))
+            (substitute* "dolfin/nls/PETScSNESSolver.cpp"
+              ;; Remove SNESTEST mapping.  The SNESTEST symbol was removed
+              ;; from PETSc at version 3.10.3.
+              ((".*SNESTEST.*") "" ))
             #t))))
     (build-system cmake-build-system)
     (inputs
diff --git a/gnu/packages/speech.scm b/gnu/packages/speech.scm
index 065aa81543..2d6c63e3f9 100644
--- a/gnu/packages/speech.scm
+++ b/gnu/packages/speech.scm
@@ -1,8 +1,9 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 David Thompson <davet@gnu.org>
-;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2016, 2019 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -23,17 +24,101 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix utils)
   #:use-module (guix build-system gnu)
   #:use-module (gnu packages)
   #:use-module (gnu packages audio)
   #:use-module (gnu packages autotools)
+  #:use-module (gnu packages compression)
   #:use-module (gnu packages gcc)
   #:use-module (gnu packages glib)
+  #:use-module (gnu packages linux)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages pulseaudio)
   #:use-module (gnu packages python)
   #:use-module (gnu packages textutils))
 
+(define-public espeak
+  (package
+    (name "espeak")
+    (version "1.48.04")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://sourceforge/espeak/espeak/"
+                                  "espeak-" (version-major+minor version)
+                                  "/espeak-" version "-source.zip"))
+              (sha256
+               (base32
+                "0n86gwh9pw0jqqpdz7mxggllfr8k0r7pc67ayy7w5z6z79kig6mz"))
+              (modules '((guix build utils)))
+              (snippet
+               ;; remove prebuilt binaries
+               '(begin
+                  (delete-file-recursively "linux_32bit")
+                  #t))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
+                          (string-append "DATADIR="
+                                         (assoc-ref %outputs "out")
+                                         "/share/espeak-data")
+                          (string-append "LDFLAGS=-Wl,-rpath="
+                                         (assoc-ref %outputs "out")
+                                         "/lib")
+                          "AUDIO=pulseaudio")
+       #:tests? #f ; no check target
+       #:phases
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda _
+             (chdir "src")
+             ;; We use version 19 of the PortAudio library, so we must copy the
+             ;; corresponding file to be sure that espeak compiles correctly.
+             (copy-file "portaudio19.h" "portaudio.h")
+             (substitute* "Makefile"
+               (("/bin/ln") "ln"))
+             #t)))))
+       (inputs
+        `(("portaudio" ,portaudio)
+          ("pulseaudio" ,pulseaudio)))
+       (native-inputs `(("unzip" ,unzip)))
+       (home-page "http://espeak.sourceforge.net/")
+       (synopsis "Software speech synthesizer")
+       (description "eSpeak is a software speech synthesizer for English and
+other languages.  eSpeak uses a \"formant synthesis\" method.  This allows many
+languages to be provided in a small size.  The speech is clear, and can be used
+at high speeds, but is not as natural or smooth as larger synthesizers which are
+based on human speech recordings.")
+       (license license:gpl3+)))
+
+(define-public espeak-ng
+  (package
+    (name "espeak-ng")
+    (version "1.49.2")
+    (home-page "https://github.com/espeak-ng/espeak-ng")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append home-page "/releases/download/" version
+                                  "/espeak-ng-" version ".tar.gz"))
+              (sha256
+               (base32 "1d10x9rbvqi2zwcz65fxh04k0x0scnk7732l37laz6xra1ldhzng"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags '("--disable-static")
+       ;; Building in parallel triggers a race condition in 1.49.2.
+       #:parallel-build? #f
+       ;; XXX: Some tests require an audio device.
+       #:tests? #f))
+    (inputs
+     `(("libcap" ,libcap)
+       ("pcaudiolib" ,pcaudiolib)))
+    (synopsis "Software speech synthesizer")
+    (description
+     "eSpeak NG is a software speech synthesizer for more than 100 languages.
+It is based on the eSpeak engine and supports spectral and Klatt formant
+synthesis, and the ability to use MBROLA voices.")
+    (license license:gpl3+)))
+
 (define-public mitlm
   (package
     (name "mitlm")
@@ -60,22 +145,26 @@ efficiency through the use of a compact vector representation of n-grams.")
 (define-public speech-dispatcher
   (package
     (name "speech-dispatcher")
-    (version "0.8.5")
+    (version "0.9.0")
     (source (origin
               (method url-fetch)
-              (uri (string-append "https://devel.freebsoft.org/pub/"
-                                  "projects/speechd/speech-dispatcher-"
+              (uri (string-append "https://github.com/brailcom/speechd/releases"
+                                  "/download/" version "/speech-dispatcher-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "18jlxnhlahyi6njc6l6576hfvmzivjjgfjyd2n7vvrvx9inphjrb"))))
+                "1yd2rb02565picga4gh2a0bvfxbhdyaj0cv9aaj5a8fc5zs29fbk"))))
     (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags '("--disable-static"
+                           ;; Disable support for proprietary TTS engines.
+                           "--with-kali=no" "--with-baratinoo=no")))
     (native-inputs
      `(("intltool" ,intltool)
        ("pkg-config" ,pkg-config)))
     (inputs
      `(("dotconf" ,dotconf)
-       ("espeak" ,espeak)
+       ("espeak" ,espeak-ng)
        ("glib" ,glib)
        ("libltdl" ,libltdl)
        ("libsndfile" ,libsndfile)
diff --git a/gnu/packages/spice.scm b/gnu/packages/spice.scm
index 77939bc8a8..55b551a119 100644
--- a/gnu/packages/spice.scm
+++ b/gnu/packages/spice.scm
@@ -114,22 +114,6 @@ which allows users to view a desktop computing environment.")
     (home-page "https://www.spice-space.org")
     (license (list license:bsd-3 license:lgpl2.1+))))
 
-;; TODO: Package lookingglass doesn't build with spice-protocol 0.12.15. Remove
-;; below once that is fixed.
-(define-public spice-protocol-0.12.14
-  (package
-    (inherit spice-protocol)
-    (name "spice-protocol")
-    (version "0.12.14")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append
-                "https://www.spice-space.org/download/releases/"
-                "spice-protocol-" version ".tar.bz2"))
-              (sha256
-               (base32
-                "170ckpgazvqv7hxy209myg67pqnd6c0gvr4ysbqgsfch6320nd90"))))))
-
 (define-public spice-gtk
   (package
     (name "spice-gtk")
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index 1928ea7634..fc7a711395 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -11,6 +11,7 @@
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017 Nils Gillmann <ng0@n0.is>
 ;;; Copyright © 2018 Manuel Graf <graf@init.at>
+;;; Copyright © 2019 Gábor Boskovits <boskovits@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -39,6 +40,7 @@
   #:use-module (gnu packages gperf)
   #:use-module (gnu packages groff)
   #:use-module (gnu packages guile)
+  #:use-module (gnu packages libedit)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages logging)
   #:use-module (gnu packages m4)
@@ -68,7 +70,7 @@
 (define-public libssh
   (package
     (name "libssh")
-    (version "0.8.6")
+    (version "0.8.7")
     (source (origin
               (method git-fetch)
               (uri (git-reference
@@ -76,7 +78,7 @@
                      (commit (string-append "libssh-" version))))
               (sha256
                (base32
-                "0rq57gpmdawljx7hqya4ipzsfpcbr31yy60kl5qv66krc9wimqda"))
+                "1iqik1ba0g008k1mb1n85iih1azi7giy0c485jnlmsrjxik4q3j2"))
               (file-name (git-file-name name version))))
     (build-system cmake-build-system)
     (outputs '("out" "debug"))
@@ -154,8 +156,10 @@ a server that supports the SSH-2 protocol.")
               (base32
                "1b8sy6v0b8v4ggmknwcqx3y1rjcpsll0f1f8f4vyv11x4ni3njvb"))))
    (build-system gnu-build-system)
-   (native-inputs `(("groff" ,groff)))
-   (inputs `(("openssl" ,openssl)
+   (native-inputs `(("groff" ,groff)
+                    ("pkg-config" ,pkg-config)))
+   (inputs `(("libedit" ,libedit)
+             ("openssl" ,openssl)
              ("pam" ,linux-pam)
              ("mit-krb5" ,mit-krb5)
              ("zlib" ,zlib)
@@ -175,6 +179,9 @@ a server that supports the SSH-2 protocol.")
                                           (assoc-ref %build-inputs "mit-krb5")
                                           "/bin")
 
+                          ;; libedit needed for sftp completion
+                          "--with-libedit"
+
                           ;; Enable PAM support in sshd.
                           "--with-pam")
 
diff --git a/gnu/packages/tcl.scm b/gnu/packages/tcl.scm
index b8c85eb844..eac3297a32 100644
--- a/gnu/packages/tcl.scm
+++ b/gnu/packages/tcl.scm
@@ -234,14 +234,14 @@ interfaces (GUIs) in the Tcl language.")
 (define-public tcllib
   (package
     (name "tcllib")
-    (version "1.18")
+    (version "1.19")
     (source (origin
               (method url-fetch)
-              (uri (string-append "mirror://sourceforge/" name "/" name "/"
-                                  version "/" name "-" version ".tar.gz"))
+              (uri (string-append "mirror://sourceforge/tcllib/tcllib/"
+                                  version "/tcllib-" version ".tar.gz"))
               (sha256
                (base32
-                "05dmrk9qsryah2n17z6z85dj9l9lfyvnsd7faw0p9bs1pp5pwrkj"))))
+                "173abxaazdmf210v651708ab6h7xhskvd52krxk6ifam337qgzh1"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("tcl" ,tcl)))
diff --git a/gnu/packages/tex.scm b/gnu/packages/tex.scm
index 5f294dc84c..c028b79ad8 100644
--- a/gnu/packages/tex.scm
+++ b/gnu/packages/tex.scm
@@ -1667,6 +1667,9 @@ tables.")
                 "1d3rmjgzh0025a1dza55zb6nzzlgd1y9snwx45wq1c1vf42m79h2"))))
     (build-system texlive-build-system)
     (arguments '(#:tex-directory "latex/hyperref"))
+    (propagated-inputs
+     `(("texlive-latex-oberdiek" ,texlive-latex-oberdiek) ; for ltxcmds.sty
+       ("texlive-latex-url" ,texlive-latex-url)))
     (home-page "https://www.ctan.org/pkg/hyperref")
     (synopsis "Extensive support for hypertext in LaTeX")
     (description
@@ -1703,6 +1706,8 @@ pdf and HTML backends.  The package is distributed with the @code{backref} and
              (substitute* "oberdiek.ins"
                (("ifpdf.ins") "ifpdf.dtx"))
              #t)))))
+    (propagated-inputs
+     `(("texlive-generic-ifxetex" ,texlive-generic-ifxetex)))
     (home-page "https://www.ctan.org/pkg/oberdiek")
     (synopsis "Bundle of packages submitted by Heiko Oberdiek")
     (description
@@ -5326,6 +5331,8 @@ striking out (line through words) and crossing out (/// over words).")
            (sha256
             (base32
              "0xkxw26sjzr5npjpzpr28yygwdbhzpdd0hsk80gjpidhcxmz393i"))))))
+    (propagated-inputs
+     `(("texlive-latex-xcolor" ,texlive-latex-xcolor)))
     (arguments
      `(#:modules ((guix build utils))
        #:builder
diff --git a/gnu/packages/textutils.scm b/gnu/packages/textutils.scm
index b0a4462227..d55f27fd6b 100644
--- a/gnu/packages/textutils.scm
+++ b/gnu/packages/textutils.scm
@@ -16,6 +16,7 @@
 ;;; Copyright © 2018 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2018 Pierre Neidhardt <mail@ambrevar.xyz>
 ;;; Copyright © 2018 Meiyo Peng <meiyo.peng@gmail.com>
+;;; Copyright © 2019 Yoshinori Arai <kumagusu08@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -794,3 +795,37 @@ Chinese and Simplified Chinese, supporting character-level conversion,
 phrase-level conversion, variant conversion, and regional idioms among
 Mainland China, Taiwan, and Hong-Kong.")
     (license license:asl2.0)))
+
+(define-public nkf
+  (let ((commit "08043eadf4abdddcf277842217e3c77a24740dc2")
+        (revision "1"))
+    (package
+      (name "nkf")
+      ;; The commits corresponding to specific versions are published
+      ;; here:
+      ;; https://ja.osdn.net/projects/nkf/scm/git/nkf/
+      (version "2.1.5")
+      (source (origin
+                (method git-fetch)
+                (uri (git-reference
+                      (url "https://github.com/nurse/nkf.git")
+                      (commit commit)))
+                (file-name (git-file-name name version))
+                (sha256
+                 (base32
+                  "0anw0knr1iy4p9w3d3b3pbwzh1c43p1i2q4c28kw9zviw8kx2rly"))))
+      (build-system gnu-build-system)
+      (arguments
+       `(#:tests? #f ; test for perl module
+         #:make-flags (list "CC=gcc" "CFLAGS=-O2 -Wall -pedantic"
+                            (string-append "prefix=" %output)
+                            "MKDIR=mkdir -p")
+         #:phases
+         (modify-phases %standard-phases
+           (delete 'configure)))) ; No ./configure script
+      (home-page "https://ja.osdn.net/projects/nkf/")
+      (synopsis "Network Kanji Filter")
+      (description "Nkf is yet another kanji code converter among networks,
+hosts and terminals.  It converts input kanji code to designated kanji code
+such as ISO-2022-JP, Shift_JIS, EUC-JP, UTF-8, UTF-16 or UTF-32.")
+      (license license:zlib))))
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index c10b1a5320..6b131657f9 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -10,7 +10,7 @@
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017, 2018 Marius Bakke <mbakke@fastmail.com>
-;;; Copyright © 2017, 2018 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017, 2018, 2019 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
 ;;; Copyright © 2018 Clément Lassieur <clement@lassieur.org>
 ;;;
@@ -271,6 +271,7 @@ required structures.")
 (define-public openssl
   (package
    (name "openssl")
+   (replacement openssl/fixed)
    (version "1.0.2p")
    (source (origin
              (method url-fetch)
@@ -399,11 +400,20 @@ required structures.")
    (license license:openssl)
    (home-page "https://www.openssl.org/")))
 
+(define-public openssl/fixed
+  (hidden-package
+   (package
+     (inherit openssl)
+     (source (origin
+               (inherit (package-source openssl))
+               (patches (append (origin-patches (package-source openssl))
+                                (search-patches "openssl-CVE-2019-1559.patch"))))))))
+
 (define-public openssl-next
   (package
     (inherit openssl)
     (name "openssl")
-    (version "1.1.1a")
+    (version "1.1.1b")
     (source (origin
              (method url-fetch)
              (uri (list (string-append "https://www.openssl.org/source/openssl-"
@@ -416,7 +426,7 @@ required structures.")
               (patches (search-patches "openssl-1.1-c-rehash-in.patch"))
               (sha256
                (base32
-                "0hcz7znzznbibpy3iyyhvlqrq44y88plxwdj32wjzgbwic7i687w"))))
+                "0jza8cmznnyiia43056dij1jdmz62dx17wsn0zxksh9h6817nmaw"))))
     (outputs '("out"
                "doc"        ; 6.8 MiB of man3 pages and full HTML documentation
                "static"))   ; 6.4 MiB of .a files
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index c18a035c31..674850e0ac 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -22,6 +22,7 @@
 ;;; Copyright © 2018 Christopher Baines <mail@cbaines.net>
 ;;; Copyright © 2018 Timothy Sample <samplet@ngyro.com>
 ;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net>
+;;; Copyright © 2019 Jovany Leandro G.C <bit4bit@riseup.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -1867,7 +1868,7 @@ repository\" with git-annex.")
 (define-public fossil
   (package
     (name "fossil")
-    (version "2.5")
+    (version "2.8")
     (source
      (origin
        (method url-fetch)
@@ -1881,7 +1882,11 @@ repository\" with git-annex.")
               "fossil-src-" version ".tar.gz")))
        (sha256
         (base32
-         "1lxawkhr1ki9fqw8076fxib2b1w673449yzb6vxjshqzh5h77c7r"))))
+         "0pbinf8d2kj1j7niblhzjd2l2khg6r2pn2xvig6gavz27p3vwcka"))
+       (modules '((guix build utils)))
+       (snippet
+        '(begin
+           (delete-file-recursively "compat") #t))))
     (build-system gnu-build-system)
     (native-inputs
      `(("tcl" ,tcl)                     ;for configuration only
@@ -1890,12 +1895,17 @@ repository\" with git-annex.")
     (inputs
      `(("openssl" ,openssl)
        ("zlib" ,zlib)
-       ("sqlite" ,sqlite)))
+       ("sqlite" ,sqlite-3.26.0)))
     (arguments
      `(#:configure-flags (list "--with-openssl=auto"
                                "--disable-internal-sqlite")
        #:test-target "test"
        #:phases (modify-phases %standard-phases
+                  (add-after 'patch-source-shebangs 'patch-sh
+                    (lambda _
+                      (substitute* '("auto.def")
+                        (("/bin/sh") (which "sh")))
+                      #t))
                   (replace 'configure
                     (lambda* (#:key outputs (configure-flags '())
                               #:allow-other-keys)
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index 6524fb6bd3..57d28e7e6e 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -32,6 +32,7 @@
 ;;; Copyright © 2018 Mark Meyer <mark@ofosos.org>
 ;;; Copyright © 2018 Gábor Boskovit <boskovits@gmail.com>
 ;;; Copyright © 2019 Mathieu Othacehe <m.othacehe@gmail.com>
+;;; Copyright © 2019 Timo Eisenmann <eisenmann@fn.de>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -1999,10 +2000,10 @@ from sites like Twitch.tv and pipes them into a video player of choice.")
   (deprecated-package "livestreamer" streamlink))
 
 (define-public twitchy
-  (let ((commit "0c0f925b9c7ff2aed4a3b0046561cb794143c398")) ;Fixes tests.
+  (let ((commit "9beb36d80b16662414129693e74fa3a2fd97554e")) ; 3.4 has no tag
     (package
       (name "twitchy")
-      (version (git-version "3.2" "1" commit))
+      (version (git-version "3.4" "1" commit))
       (source
        (origin
          (method git-fetch)
@@ -2012,11 +2013,18 @@ from sites like Twitch.tv and pipes them into a video player of choice.")
          (file-name (git-file-name name version))
          (sha256
           (base32
-           "02aizvsr744sh8bdqvwwsmp2qpczlzn8fy76h5dyd3517n9nlcz9"))))
+           "0di03h1j9ipp2bbnxxlxz07v87icyg2hmnsr4s7184z5ql8kpzr7"))))
       (build-system python-build-system)
       (arguments
        '(#:phases
          (modify-phases %standard-phases
+           (add-after 'unpack 'patch-paths
+             (lambda* (#:key inputs #:allow-other-keys)
+               (substitute* "twitchy/twitchy_play.py"
+                 (("\"streamlink ")
+                  (string-append "\"" (assoc-ref inputs "streamlink")
+                                 "/bin/streamlink ")))
+               #t))
            (add-before 'check 'check-setup
              (lambda _
                (setenv "HOME" (getcwd)) ;Needs to write to ‘$HOME’.
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index e0fd217730..8d9d2335ee 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -48,6 +48,7 @@
   #:use-module (gnu packages firmware)
   #:use-module (gnu packages flex)
   #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages freedesktop)
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages gl)
   #:use-module (gnu packages glib)
@@ -796,53 +797,55 @@ Machine Protocol.")
     (license license:gpl3+)))
 
 (define-public lookingglass
-  (package
-   (name "lookingglass")
-   (version "a12")
-   (source
-    (origin
-     (method git-fetch)
-     (uri (git-reference (url "https://github.com/gnif/LookingGlass")
-                         (commit version)))
-     (file-name (git-file-name name version))
-     (sha256
-      (base32
-       "0r6bvl9q94039r6ff4f2bg8si95axx9w8bf1h1qr5730d2kv5yxq"))))
-   (build-system cmake-build-system)
-   (inputs `(("fontconfig" ,fontconfig)
-             ("glu" ,glu)
-             ("mesa" ,mesa)
-             ("openssl" ,openssl)
-             ("sdl2" ,sdl2)
-             ("sdl2-ttf" ,sdl2-ttf)
-             ("spice-protocol" ,spice-protocol-0.12.14)))
-   (native-inputs `(("libconfig" ,libconfig)
-                    ("nettle" ,nettle)
-                    ("pkg-config" ,pkg-config)))
-   (arguments
-    `(#:tests? #f ;; No tests are available.
-      #:make-flags '("CC=gcc")
-      #:phases (modify-phases %standard-phases
-                 (add-before 'configure 'chdir-to-client
-                   (lambda* (#:key outputs #:allow-other-keys)
-                     (chdir "client")
-                     #t))
-                 (replace 'install
-                   (lambda* (#:key outputs #:allow-other-keys)
-                     (install-file "looking-glass-client"
-                                   (string-append (assoc-ref outputs "out")
-                                                  "/bin"))
-                     #t))
-                 )))
-   (home-page "https://looking-glass.hostfission.com")
-   (synopsis "KVM Frame Relay (KVMFR) implementation")
-   (description "Looking Glass allows the use of a KVM (Kernel-based Virtual
+  (let ((commit "41f4166aedeba65892f6db4de4de467aec9a2052"))
+    (package
+     (name "lookingglass")
+     (version (string-append "a12-" (string-take commit 7)))
+     (source
+      (origin
+       (method git-fetch)
+       (uri (git-reference (url "https://github.com/gnif/LookingGlass")
+                           (commit commit)))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32
+         "1sjxf4zy7h0zprla3s6dfwsxhmkrwhlhj07svf5bk5ij20bs0dc2"))))
+     (build-system cmake-build-system)
+     (inputs `(("fontconfig" ,fontconfig)
+               ("glu" ,glu)
+               ("mesa" ,mesa)
+               ("openssl" ,openssl)
+               ("sdl2" ,sdl2)
+               ("sdl2-ttf" ,sdl2-ttf)
+               ("spice-protocol" ,spice-protocol)
+               ("wayland" ,wayland)))
+     (native-inputs `(("libconfig" ,libconfig)
+                      ("nettle" ,nettle)
+                      ("pkg-config" ,pkg-config)))
+     (arguments
+      `(#:tests? #f ;; No tests are available.
+        #:make-flags '("CC=gcc")
+        #:phases (modify-phases %standard-phases
+                   (add-before 'configure 'chdir-to-client
+                     (lambda* (#:key outputs #:allow-other-keys)
+                       (chdir "client")
+                       #t))
+                   (replace 'install
+                     (lambda* (#:key outputs #:allow-other-keys)
+                       (install-file "looking-glass-client"
+                                     (string-append (assoc-ref outputs "out")
+                                                    "/bin"))
+                       #t))
+                   )))
+     (home-page "https://looking-glass.hostfission.com")
+     (synopsis "KVM Frame Relay (KVMFR) implementation")
+     (description "Looking Glass allows the use of a KVM (Kernel-based Virtual
 Machine) configured for VGA PCI Pass-through without an attached physical
 monitor, keyboard or mouse.  It displays the VM's rendered contents on your main
 monitor/GPU.")
-   ;; This package requires SSE instructions.
-   (supported-systems '("i686-linux" "x86_64-linux"))
-   (license license:gpl2+)))
+     ;; This package requires SSE instructions.
+     (supported-systems '("i686-linux" "x86_64-linux"))
+     (license license:gpl2+))))
 
 (define-public runc
   (package
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index 50d27b005e..23ea19dec7 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -902,15 +902,15 @@ Escape key when Left Control is pressed and released on its own.")
 (define-public libwacom
   (package
     (name "libwacom")
-    (version "0.31")
+    (version "0.32")
     (source (origin
               (method url-fetch)
               (uri (string-append
                     "https://github.com/linuxwacom/libwacom/releases/download/"
-                    name "-" version "/" name "-" version ".tar.bz2"))
+                    "libwacom-" version "/libwacom-" version ".tar.bz2"))
               (sha256
                (base32
-                "00xzkxhm0s9bvhbf27hscjbh17wa8lcgvxjqbmzm527f9cjqrm8q"))))
+                "102kz0q7i0bjsnl6yy83vcj2rpir12rs2d4xr0wvhw84rs5sp7bb"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
diff --git a/gnu/services/desktop.scm b/gnu/services/desktop.scm
index ce63969dc8..7940f28a26 100644
--- a/gnu/services/desktop.scm
+++ b/gnu/services/desktop.scm
@@ -306,6 +306,7 @@ used by GNOME.")
                                    (time-critical 300)
                                    (time-action 120)
                                    (critical-power-action 'hybrid-sleep))
+  upower-service-type
   "Return a service that runs @uref{http://upower.freedesktop.org/,
 @command{upowerd}}, a system-wide monitor for power consumption and battery
 levels, with the given configuration settings.  It implements the