summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
Diffstat (limited to 'gnu')
-rw-r--r--gnu/build/file-systems.scm196
-rw-r--r--gnu/local.mk46
-rw-r--r--gnu/packages/abiword.scm9
-rw-r--r--gnu/packages/admin.scm12
-rw-r--r--gnu/packages/algebra.scm17
-rw-r--r--gnu/packages/astronomy.scm4
-rw-r--r--gnu/packages/audacity.scm14
-rw-r--r--gnu/packages/audio.scm13
-rw-r--r--gnu/packages/backup.scm28
-rw-r--r--gnu/packages/benchmark.scm4
-rw-r--r--gnu/packages/bioinformatics.scm554
-rw-r--r--gnu/packages/bittorrent.scm40
-rw-r--r--gnu/packages/c.scm34
-rw-r--r--gnu/packages/check.scm4
-rw-r--r--gnu/packages/ci.scm16
-rw-r--r--gnu/packages/compression.scm6
-rw-r--r--gnu/packages/compton.scm106
-rw-r--r--gnu/packages/connman.scm2
-rw-r--r--gnu/packages/crypto.scm38
-rw-r--r--gnu/packages/cups.scm23
-rw-r--r--gnu/packages/cyrus-sasl.scm4
-rw-r--r--gnu/packages/databases.scm43
-rw-r--r--gnu/packages/datamash.scm4
-rw-r--r--gnu/packages/django.scm4
-rw-r--r--gnu/packages/dns.scm16
-rw-r--r--gnu/packages/education.scm56
-rw-r--r--gnu/packages/emacs.scm116
-rw-r--r--gnu/packages/engineering.scm13
-rw-r--r--gnu/packages/enlightenment.scm8
-rw-r--r--gnu/packages/fcitx.scm36
-rw-r--r--gnu/packages/fonts.scm200
-rw-r--r--gnu/packages/freedesktop.scm91
-rw-r--r--gnu/packages/games.scm77
-rw-r--r--gnu/packages/gcal.scm6
-rw-r--r--gnu/packages/gd.scm29
-rw-r--r--gnu/packages/geo.scm93
-rw-r--r--gnu/packages/ghostscript.scm9
-rw-r--r--gnu/packages/gimp.scm3
-rw-r--r--gnu/packages/gl.scm10
-rw-r--r--gnu/packages/glib.scm24
-rw-r--r--gnu/packages/gnome.scm443
-rw-r--r--gnu/packages/gnucash.scm14
-rw-r--r--gnu/packages/gnupg.scm12
-rw-r--r--gnu/packages/gnuzilla.scm90
-rw-r--r--gnu/packages/gsasl.scm2
-rw-r--r--gnu/packages/gtk.scm67
-rw-r--r--gnu/packages/guile.scm86
-rw-r--r--gnu/packages/haskell.scm97
-rw-r--r--gnu/packages/image.scm25
-rw-r--r--gnu/packages/imagemagick.scm7
-rw-r--r--gnu/packages/irc.scm4
-rw-r--r--gnu/packages/java.scm2
-rw-r--r--gnu/packages/kde-frameworks.scm4
-rw-r--r--gnu/packages/kde.scm21
-rw-r--r--gnu/packages/kerberos.scm187
-rw-r--r--gnu/packages/linux-libre-4.9-i686.conf (renamed from gnu/packages/linux-libre-4.8-i686.conf)208
-rw-r--r--gnu/packages/linux-libre-4.9-x86_64.conf (renamed from gnu/packages/linux-libre-4.8-x86_64.conf)216
-rw-r--r--gnu/packages/linux.scm155
-rw-r--r--gnu/packages/lisp.scm4
-rw-r--r--gnu/packages/lua.scm4
-rw-r--r--gnu/packages/lxde.scm23
-rw-r--r--gnu/packages/mail.scm71
-rw-r--r--gnu/packages/mate.scm2
-rw-r--r--gnu/packages/maths.scm10
-rw-r--r--gnu/packages/messaging.scm117
-rw-r--r--gnu/packages/mit-krb5.scm86
-rw-r--r--gnu/packages/mp3.scm4
-rw-r--r--gnu/packages/music.scm141
-rw-r--r--gnu/packages/nano.scm4
-rw-r--r--gnu/packages/networking.scm16
-rw-r--r--gnu/packages/nfs.scm2
-rw-r--r--gnu/packages/nim.scm59
-rw-r--r--gnu/packages/ocaml.scm486
-rw-r--r--gnu/packages/onc-rpc.scm4
-rw-r--r--gnu/packages/openbox.scm37
-rw-r--r--gnu/packages/package-management.scm8
-rw-r--r--gnu/packages/password-utils.scm15
-rw-r--r--gnu/packages/patches/cracklib-fix-buffer-overflow.patch39
-rw-r--r--gnu/packages/patches/duplicity-piped-password.patch20
-rw-r--r--gnu/packages/patches/duplicity-test_selection-tmp.patch18
-rw-r--r--gnu/packages/patches/lcms-fix-out-of-bounds-read.patch34
-rw-r--r--gnu/packages/patches/libtiff-CVE-2016-10092.patch42
-rw-r--r--gnu/packages/patches/libtiff-CVE-2016-10093.patch53
-rw-r--r--gnu/packages/patches/libtiff-CVE-2016-10094.patch34
-rw-r--r--gnu/packages/patches/libtiff-CVE-2017-5225.patch86
-rw-r--r--gnu/packages/patches/libtiff-assertion-failure.patch60
-rw-r--r--gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch63
-rw-r--r--gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch104
-rw-r--r--gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch57
-rw-r--r--gnu/packages/patches/libtiff-divide-by-zero.patch67
-rw-r--r--gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch131
-rw-r--r--gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch132
-rw-r--r--gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch67
-rw-r--r--gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch60
-rw-r--r--gnu/packages/patches/libtiff-invalid-read.patch64
-rw-r--r--gnu/packages/patches/libtiff-null-dereference.patch42
-rw-r--r--gnu/packages/patches/libtiff-tiffcp-underflow.patch41
-rw-r--r--gnu/packages/patches/libxt-guix-search-paths.patch126
-rw-r--r--gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch188
-rw-r--r--gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch36
-rw-r--r--gnu/packages/patches/python-pygpgme-fix-pinentry-tests.patch69
-rw-r--r--gnu/packages/patches/qemu-CVE-2016-10155.patch49
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5525.patch55
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5526.patch58
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-5552.patch44
-rw-r--r--gnu/packages/patches/ruby-yard-fix-skip-of-markdown-tests.patch17
-rw-r--r--gnu/packages/patches/tipp10-fix-compiling.patch213
-rw-r--r--gnu/packages/patches/tipp10-remove-license-code.patch332
-rw-r--r--gnu/packages/patches/totem-debug-format-fix.patch11
-rw-r--r--gnu/packages/patches/upower-builddir.patch2
-rw-r--r--gnu/packages/patches/xf86-video-glint-remove-mibstore.patch24
-rw-r--r--gnu/packages/patches/xf86-video-nv-remove-mibstore.patch72
-rw-r--r--gnu/packages/pdf.scm45
-rw-r--r--gnu/packages/perl.scm29
-rw-r--r--gnu/packages/photo.scm12
-rw-r--r--gnu/packages/popt.scm14
-rw-r--r--gnu/packages/python.scm247
-rw-r--r--gnu/packages/qemu.scm11
-rw-r--r--gnu/packages/qt.scm269
-rw-r--r--gnu/packages/ruby.scm109
-rw-r--r--gnu/packages/rust.scm14
-rw-r--r--gnu/packages/screen.scm8
-rw-r--r--gnu/packages/sdl.scm42
-rw-r--r--gnu/packages/search.scm4
-rw-r--r--gnu/packages/security-token.scm6
-rw-r--r--gnu/packages/shells.scm52
-rw-r--r--gnu/packages/shishi.scm70
-rw-r--r--gnu/packages/ssh.scm4
-rw-r--r--gnu/packages/statistics.scm170
-rw-r--r--gnu/packages/suckless.scm463
-rw-r--r--gnu/packages/tls.scm29
-rw-r--r--gnu/packages/upnp.scm11
-rw-r--r--gnu/packages/version-control.scm18
-rw-r--r--gnu/packages/video.scm23
-rw-r--r--gnu/packages/vim.scm4
-rw-r--r--gnu/packages/vpn.scm5
-rw-r--r--gnu/packages/web.scm10
-rw-r--r--gnu/packages/webkit.scm4
-rw-r--r--gnu/packages/wm.scm67
-rw-r--r--gnu/packages/xdisorg.scm8
-rw-r--r--gnu/packages/xfce.scm7
-rw-r--r--gnu/packages/xfig.scm155
-rw-r--r--gnu/packages/xorg.scm429
-rw-r--r--gnu/services.scm9
-rw-r--r--gnu/services/configuration.scm3
-rw-r--r--gnu/services/cuirass.scm5
-rw-r--r--gnu/services/databases.scm81
-rw-r--r--gnu/services/messaging.scm727
-rw-r--r--gnu/services/networking.scm86
-rw-r--r--gnu/services/vpn.scm491
-rw-r--r--gnu/services/web.scm97
-rw-r--r--gnu/system/file-systems.scm38
-rw-r--r--gnu/system/linux-initrd.scm6
-rw-r--r--gnu/tests/base.scm22
-rw-r--r--gnu/tests/install.scm82
-rw-r--r--gnu/tests/web.scm146
156 files changed, 9646 insertions, 1737 deletions
diff --git a/gnu/build/file-systems.scm b/gnu/build/file-systems.scm
index c121ca5f8b..6e5c6aaf15 100644
--- a/gnu/build/file-systems.scm
+++ b/gnu/build/file-systems.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2016 David Craven <david@craven.ch>
+;;; Copyright © 2016, 2017 David Craven <david@craven.ch>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -135,6 +135,51 @@ if DEVICE does not contain an ext2 file system."
 #f if SBLOCK has no volume name."
   (null-terminated-latin1->string (sub-bytevector sblock 120 16)))
 
+(define (check-ext2-file-system device)
+  "Return the health of an ext2 file system on DEVICE."
+  (match (status:exit-val
+          (system* "e2fsck" "-v" "-p" "-C" "0" device))
+    (0 'pass)
+    (1 'errors-corrected)
+    (2 'reboot-required)
+    (_ 'fatal-error)))
+
+
+;;;
+;;; Btrfs file systems.
+;;;
+
+;; <https://btrfs.wiki.kernel.org/index.php/On-disk_Format#Superblock>.
+
+(define-syntax %btrfs-endianness
+  ;; Endianness of btrfs file systems.
+  (identifier-syntax (endianness little)))
+
+(define (btrfs-superblock? sblock)
+  "Return #t when SBLOCK is a btrfs superblock."
+  (bytevector=? (sub-bytevector sblock 64 8)
+                (string->utf8 "_BHRfS_M")))
+
+(define (read-btrfs-superblock device)
+  "Return the raw contents of DEVICE's btrfs superblock as a bytevector, or #f
+if DEVICE does not contain a btrfs file system."
+  (read-superblock device 65536 4096 btrfs-superblock?))
+
+(define (btrfs-superblock-uuid sblock)
+  "Return the UUID of a btrfs superblock SBLOCK as a 16-byte bytevector."
+  (sub-bytevector sblock 32 16))
+
+(define (btrfs-superblock-volume-name sblock)
+  "Return the volume name of SBLOCK as a string of at most 256 characters, or
+#f if SBLOCK has no volume name."
+  (null-terminated-latin1->string (sub-bytevector sblock 299 256)))
+
+(define (check-btrfs-file-system device)
+  "Return the health of a btrfs file system on DEVICE."
+  (match (status:exit-val
+          (system* "btrfs" "device" "scan"))
+    (0 'pass)
+    (_ 'fatal-error)))
 
 
 ;;;
@@ -230,56 +275,77 @@ warning and #f as the result."
                 (else
                  (apply throw args))))))))
 
-(define (partition-predicate read field =)
+(define (partition-field-reader read field)
+  "Return a procedure that takes a device and returns the value of a FIELD in
+the partition superblock or #f."
+  (let ((read (ENOENT-safe read)))
+    (lambda (device)
+      (let ((sblock (read device)))
+        (and sblock
+             (field sblock))))))
+
+(define (read-partition-field device partition-field-readers)
+  "Returns the value of a FIELD in the partition superblock of DEVICE or #f. It
+takes a list of PARTITION-FIELD-READERS and returns the result of the first
+partition field reader that returned a value."
+  (match (filter-map (cut apply <> (list device)) partition-field-readers)
+    ((field . _) field)
+    (_ #f)))
+
+(define %partition-label-readers
+  (list (partition-field-reader read-ext2-superblock
+                                ext2-superblock-volume-name)
+        (partition-field-reader read-btrfs-superblock
+                                btrfs-superblock-volume-name)))
+
+(define %partition-uuid-readers
+  (list (partition-field-reader read-ext2-superblock
+                                ext2-superblock-uuid)
+        (partition-field-reader read-btrfs-superblock
+                                btrfs-superblock-uuid)))
+
+(define read-partition-label
+  (cut read-partition-field <> %partition-label-readers))
+
+(define read-partition-uuid
+  (cut read-partition-field <> %partition-uuid-readers))
+
+(define (partition-predicate reader =)
   "Return a predicate that returns true if the FIELD of partition header that
 was READ is = to the given value."
-  (let ((read (ENOENT-safe read)))
-    (lambda (expected)
-      "Return a procedure that, when applied to a partition name such as \"sda1\",
-returns #t if that partition's volume name is LABEL."
-      (lambda (part)
-        (let* ((device (string-append "/dev/" part))
-               (sblock (read device)))
-          (and sblock
-               (let ((actual (field sblock)))
-                 (and actual
-                      (= actual expected)))))))))
+  (lambda (expected)
+    (lambda (device)
+      (let ((actual (reader device)))
+        (and actual
+             (= actual expected))))))
 
 (define partition-label-predicate
-  (partition-predicate read-ext2-superblock
-                       ext2-superblock-volume-name
-                       string=?))
+  (partition-predicate read-partition-label string=?))
 
 (define partition-uuid-predicate
-  (partition-predicate read-ext2-superblock
-                       ext2-superblock-uuid
-                       bytevector=?))
+  (partition-predicate read-partition-uuid bytevector=?))
 
 (define luks-partition-uuid-predicate
-  (partition-predicate read-luks-header
-                       luks-header-uuid
-                       bytevector=?))
+  (partition-predicate
+   (partition-field-reader read-luks-header luks-header-uuid)
+   bytevector=?))
 
-(define (find-partition-by-label label)
-  "Return the first partition found whose volume name is LABEL, or #f if none
+(define (find-partition predicate)
+  "Return the first partition found that matches PREDICATE, or #f if none
 were found."
-  (and=> (find (partition-label-predicate label)
-               (disk-partitions))
-         (cut string-append "/dev/" <>)))
-
-(define (find-partition-by-uuid uuid)
-  "Return the first partition whose unique identifier is UUID (a bytevector),
-or #f if none was found."
-  (and=> (find (partition-uuid-predicate uuid)
-               (disk-partitions))
-         (cut string-append "/dev/" <>)))
-
-(define (find-partition-by-luks-uuid uuid)
-  "Return the first LUKS partition whose unique identifier is UUID (a bytevector),
-or #f if none was found."
-  (and=> (find (luks-partition-uuid-predicate uuid)
-               (disk-partitions))
-         (cut string-append "/dev/" <>)))
+  (lambda (expected)
+    (find (predicate expected)
+          (map (cut string-append "/dev/" <>)
+               (disk-partitions)))))
+
+(define find-partition-by-label
+  (find-partition partition-label-predicate))
+
+(define find-partition-by-uuid
+  (find-partition partition-uuid-predicate))
+
+(define find-partition-by-luks-uuid
+  (find-partition luks-partition-uuid-predicate))
 
 
 ;;;
@@ -400,26 +466,34 @@ the following:
 
 (define (check-file-system device type)
   "Run a file system check of TYPE on DEVICE."
-  (define fsck
-    (string-append "fsck." type))
-
-  (let ((status (system* fsck "-v" "-p" "-C" "0" device)))
-    (match (status:exit-val status)
-      (0
-       #t)
-      (1
-       (format (current-error-port) "'~a' corrected errors on ~a; continuing~%"
-               fsck device))
-      (2
-       (format (current-error-port) "'~a' corrected errors on ~a; rebooting~%"
-               fsck device)
-       (sleep 3)
-       (reboot))
-      (code
-       (format (current-error-port) "'~a' exited with code ~a on ~a; \
-spawning Bourne-like REPL~%"
-               fsck code device)
-       (start-repl %bournish-language)))))
+  (define check-procedure
+    (cond
+     ((string-prefix? "ext" type) check-ext2-file-system)
+     ((string-prefix? "btrfs" type) check-btrfs-file-system)
+     (else #f)))
+
+  (if check-procedure
+      (match (check-procedure device)
+        ('pass
+         #t)
+        ('errors-corrected
+         (format (current-error-port)
+                 "File system check corrected errors on ~a; continuing~%"
+                 device))
+        ('reboot-required
+         (format (current-error-port)
+                 "File system check corrected errors on ~a; rebooting~%"
+                 device)
+         (sleep 3)
+         (reboot))
+        ('fatal-error
+         (format (current-error-port)
+                 "File system check on ~a failed; spawning Bourne-like REPL~%"
+                 device)
+         (start-repl %bournish-language)))
+      (format (current-error-port)
+              "No file system check procedure for ~a; skipping~%"
+              device)))
 
 (define (mount-flags->bit-mask flags)
   "Return the number suitable for the 'flags' argument of 'mount' that
diff --git a/gnu/local.mk b/gnu/local.mk
index ca14a85577..532ea51dd2 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1,5 +1,5 @@
 # GNU Guix --- Functional package management for GNU
-# Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+# Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 # Copyright © 2013, 2014, 2015, 2016 Andreas Enge <andreas@enge.fr>
 # Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
 # Copyright © 2013, 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
@@ -78,6 +78,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/code.scm				\
   %D%/packages/commencement.scm			\
   %D%/packages/compression.scm			\
+  %D%/packages/compton.scm 			\
   %D%/packages/conkeror.scm			\
   %D%/packages/conky.scm			\
   %D%/packages/connman.scm			\
@@ -199,6 +200,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/julia.scm			\
   %D%/packages/kde.scm              \
   %D%/packages/kde-frameworks.scm		\
+  %D%/packages/kerberos.scm			\
   %D%/packages/key-mon.scm			\
   %D%/packages/kodi.scm				\
   %D%/packages/language.scm			\
@@ -252,7 +254,6 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/mingw.scm			\
   %D%/packages/mg.scm				\
   %D%/packages/microcom.scm			\
-  %D%/packages/mit-krb5.scm			\
   %D%/packages/moe.scm				\
   %D%/packages/monitoring.scm			\
   %D%/packages/mono.scm				\
@@ -272,6 +273,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/networking.scm			\
   %D%/packages/nfs.scm                          \
   %D%/packages/nickle.scm                       \
+  %D%/packages/nim.scm  			\
   %D%/packages/ninja.scm			\
   %D%/packages/node.scm				\
   %D%/packages/noweb.scm			\
@@ -338,7 +340,6 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/serveez.scm			\
   %D%/packages/shells.scm			\
   %D%/packages/shellutils.scm			\
-  %D%/packages/shishi.scm			\
   %D%/packages/skarnet.scm			\
   %D%/packages/skribilo.scm			\
   %D%/packages/slang.scm			\
@@ -414,6 +415,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/services/lirc.scm				\
   %D%/services/mail.scm				\
   %D%/services/mcron.scm			\
+  %D%/services/messaging.scm			\
   %D%/services/networking.scm			\
   %D%/services/nfs.scm			\
   %D%/services/shepherd.scm			\
@@ -422,6 +424,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/services/spice.scm				\
   %D%/services/ssh.scm				\
   %D%/services/version-control.scm              \
+  %D%/services/vpn.scm				\
   %D%/services/web.scm				\
   %D%/services/xorg.scm				\
 						\
@@ -455,7 +458,8 @@ GNU_SYSTEM_MODULES =				\
   %D%/tests/nfs.scm				\
   %D%/tests/install.scm				\
   %D%/tests/mail.scm				\
-  %D%/tests/ssh.scm
+  %D%/tests/ssh.scm				\
+  %D%/tests/web.scm
 
 
 patchdir = $(guilemoduledir)/%D%/packages/patches
@@ -509,6 +513,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/cpio-CVE-2016-2037.patch			\
   %D%/packages/patches/cpufrequtils-fix-aclocal.patch		\
   %D%/packages/patches/cracklib-CVE-2016-6318.patch		\
+  %D%/packages/patches/cracklib-fix-buffer-overflow.patch	\
   %D%/packages/patches/crda-optional-gcrypt.patch		\
   %D%/packages/patches/crossmap-allow-system-pysam.patch	\
   %D%/packages/patches/csound-header-ordering.patch		\
@@ -523,8 +528,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/doc++-include-directives.patch		\
   %D%/packages/patches/doc++-segfault-fix.patch			\
   %D%/packages/patches/doxygen-test.patch			\
-  %D%/packages/patches/duplicity-piped-password.patch		\
-  %D%/packages/patches/duplicity-test_selection-tmp.patch	\
   %D%/packages/patches/elfutils-tests-ptrace.patch		\
   %D%/packages/patches/elixir-disable-failing-tests.patch	\
   %D%/packages/patches/einstein-build.patch			\
@@ -654,6 +657,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/kobodeluxe-midicon-segmentation-fault.patch	\
   %D%/packages/patches/kobodeluxe-graphics-window-signed-char.patch	\
   %D%/packages/patches/laby-make-install.patch			\
+  %D%/packages/patches/lcms-fix-out-of-bounds-read.patch	\
   %D%/packages/patches/ldc-disable-tests.patch			\
   %D%/packages/patches/liba52-enable-pic.patch			\
   %D%/packages/patches/liba52-link-with-libm.patch		\
@@ -679,6 +683,22 @@ dist_patch_DATA =						\
   %D%/packages/patches/libssh-0.6.5-CVE-2016-0739.patch		\
   %D%/packages/patches/libtar-CVE-2013-4420.patch \
   %D%/packages/patches/libtheora-config-guess.patch		\
+  %D%/packages/patches/libtiff-CVE-2016-10092.patch		\
+  %D%/packages/patches/libtiff-CVE-2016-10093.patch		\
+  %D%/packages/patches/libtiff-CVE-2016-10094.patch		\
+  %D%/packages/patches/libtiff-CVE-2017-5225.patch		\
+  %D%/packages/patches/libtiff-assertion-failure.patch		\
+  %D%/packages/patches/libtiff-divide-by-zero-ojpeg.patch	\
+  %D%/packages/patches/libtiff-divide-by-zero-tiffcp.patch	\
+  %D%/packages/patches/libtiff-divide-by-zero-tiffcrop.patch	\
+  %D%/packages/patches/libtiff-divide-by-zero.patch		\
+  %D%/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch	\
+  %D%/packages/patches/libtiff-heap-overflow-tif-dirread.patch	\
+  %D%/packages/patches/libtiff-heap-overflow-tiffcp.patch	\
+  %D%/packages/patches/libtiff-heap-overflow-tiffcrop.patch	\
+  %D%/packages/patches/libtiff-invalid-read.patch		\
+  %D%/packages/patches/libtiff-null-dereference.patch		\
+  %D%/packages/patches/libtiff-tiffcp-underflow.patch		\
   %D%/packages/patches/libtool-skip-tests2.patch		\
   %D%/packages/patches/libunwind-CVE-2015-3239.patch		\
   %D%/packages/patches/libupnp-CVE-2016-6255.patch		\
@@ -701,6 +721,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/libxml2-CVE-2016-5131.patch		\
   %D%/packages/patches/libxslt-generated-ids.patch		\
   %D%/packages/patches/libxslt-CVE-2016-4738.patch		\
+  %D%/packages/patches/libxt-guix-search-paths.patch		\
   %D%/packages/patches/linux-pam-no-setfsuid.patch		\
   %D%/packages/patches/lirc-localstatedir.patch			\
   %D%/packages/patches/llvm-for-extempore.patch			\
@@ -733,6 +754,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/multiqc-fix-git-subprocess-error.patch	\
   %D%/packages/patches/mumps-build-parallelism.patch		\
   %D%/packages/patches/mupdf-build-with-openjpeg-2.1.patch	\
+  %D%/packages/patches/mupdf-mujs-CVE-2016-10132.patch		\
+  %D%/packages/patches/mupdf-mujs-CVE-2016-10133.patch		\
   %D%/packages/patches/mupen64plus-ui-console-notice.patch	\
   %D%/packages/patches/musl-CVE-2016-8859.patch			\
   %D%/packages/patches/mutt-store-references.patch		\
@@ -826,6 +849,11 @@ dist_patch_DATA =						\
   %D%/packages/patches/python-paste-remove-timing-test.patch	\
   %D%/packages/patches/python-pycrypto-CVE-2013-7459.patch	\
   %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \
+  %D%/packages/patches/python-pygpgme-fix-pinentry-tests.patch	\
+  %D%/packages/patches/qemu-CVE-2016-10155.patch			\
+  %D%/packages/patches/qemu-CVE-2017-5525.patch			\
+  %D%/packages/patches/qemu-CVE-2017-5526.patch			\
+  %D%/packages/patches/qemu-CVE-2017-5552.patch			\
   %D%/packages/patches/qt4-ldflags.patch			\
   %D%/packages/patches/quickswitch-fix-dmenu-check.patch	\
   %D%/packages/patches/rapicorn-isnan.patch			\
@@ -840,7 +868,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/ruby-puma-ignore-broken-test.patch       \
   %D%/packages/patches/ruby-rack-ignore-failing-test.patch      \
   %D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\
-  %D%/packages/patches/ruby-yard-fix-skip-of-markdown-tests.patch \
   %D%/packages/patches/scheme48-tests.patch			\
   %D%/packages/patches/scotch-test-threading.patch		\
   %D%/packages/patches/sdl-libx11-1.6.patch			\
@@ -874,11 +901,12 @@ dist_patch_DATA =						\
   %D%/packages/patches/texi2html-i18n.patch			\
   %D%/packages/patches/tidy-CVE-2015-5522+5523.patch		\
   %D%/packages/patches/tinyxml-use-stl.patch			\
+  %D%/packages/patches/tipp10-fix-compiling.patch		\
+  %D%/packages/patches/tipp10-remove-license-code.patch		\
   %D%/packages/patches/tk-find-library.patch			\
   %D%/packages/patches/ttf2eot-cstddef.patch			\
   %D%/packages/patches/ttfautohint-source-date-epoch.patch	\
   %D%/packages/patches/tophat-build-with-later-seqan.patch	\
-  %D%/packages/patches/totem-debug-format-fix.patch		\
   %D%/packages/patches/tuxpaint-stamps-path.patch		\
   %D%/packages/patches/unrtf-CVE-2016-10091.patch		\
   %D%/packages/patches/unzip-CVE-2014-8139.patch		\
@@ -917,12 +945,10 @@ dist_patch_DATA =						\
   %D%/packages/patches/xf86-video-ark-remove-mibstore.patch	\
   %D%/packages/patches/xf86-video-ast-remove-mibstore.patch	\
   %D%/packages/patches/xf86-video-geode-glibc-2.20.patch	\
-  %D%/packages/patches/xf86-video-glint-remove-mibstore.patch	\
   %D%/packages/patches/xf86-video-i128-remove-mibstore.patch	\
   %D%/packages/patches/xf86-video-intel-compat-api.patch	\
   %D%/packages/patches/xf86-video-intel-glibc-2.20.patch	\
   %D%/packages/patches/xf86-video-mach64-glibc-2.20.patch	\
-  %D%/packages/patches/xf86-video-nv-remove-mibstore.patch	\
   %D%/packages/patches/xf86-video-tga-remove-mibstore.patch	\
   %D%/packages/patches/xfce4-panel-plugins.patch		\
   %D%/packages/patches/xfce4-session-fix-xflock4.patch		\
diff --git a/gnu/packages/abiword.scm b/gnu/packages/abiword.scm
index 8e89bb2f52..514ac0ceb5 100644
--- a/gnu/packages/abiword.scm
+++ b/gnu/packages/abiword.scm
@@ -22,6 +22,7 @@
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix build-system gnu)
+  #:use-module (guix build-system glib-or-gtk)
   #:use-module (gnu packages)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages boost)
@@ -52,11 +53,17 @@
                          "/source/" name "-" version ".tar.gz"))
         (sha256
           (base32 "1ik591rx15nn3n1297cwykl8wvrlgj78i528id9wbidgy3xzd570"))
+        (modules '((guix build utils)))
+        (snippet
+         ;; Ensure reproducibility.
+         '(substitute* "src/wp/main/xp/abi_ver.cpp"
+            (("__DATE__") "\"2017\"")
+            (("__TIME__") "\"00:00\"")))
         (patches
          (search-patches "abiword-wmf-version-lookup-fix.patch"
                          "abiword-explictly-cast-bools.patch"))))
 
-    (build-system gnu-build-system)
+    (build-system glib-or-gtk-build-system)
     (arguments                   ;; NOTE: rsvg is disabled, since Abiword
       `(#:configure-flags        ;; supports it directly, and its BS is broken.
         (list
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 9e912a9543..19dccdcadc 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013 Cyril Roelandt <tipecaml@gmail.com>
 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014, 2015, 2016 Eric Bavier <bavier@member.fsf.org>
@@ -75,7 +75,7 @@
   #:use-module (gnu packages man)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages gnome)
-  #:use-module (gnu packages mit-krb5)
+  #:use-module (gnu packages kerberos)
   #:use-module (gnu packages gtk))
 
 (define-public aide
@@ -474,7 +474,7 @@ connection alive.")
          (bind-minor-version "9")
          (bind-patch-version "9")
          (bind-release-type "-P")         ; for patch release, use "-P"
-         (bind-release-version "4")      ; for patch release, e.g. "4"
+         (bind-release-version "5")      ; for patch release, e.g. "4"
          (bind-version (string-append bind-major-version
                                       "."
                                       bind-minor-version
@@ -590,7 +590,7 @@ connection alive.")
                                         "/bind-" bind-version ".tar.gz"))
                     (sha256
                      (base32
-                      "1qpi23lrs6jfxqx8dakbqfyg3hvrzq5ldchg6my19xcvx8515mgx"))))
+                      "1yn15chkfqf4d7961ip2x10jm27a9wqymz2xqh0a2g89arrirkaw"))))
 
                 ;; When cross-compiling, we need the cross Coreutils and sed.
                 ;; Otherwise just use those from %FINAL-INPUTS.
@@ -1348,14 +1348,14 @@ of supported upstream metrics systems simultaneously.")
 (define-public ansible
   (package
     (name "ansible")
-    (version "2.1.0.0")
+    (version "2.2.1.0")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "ansible" version))
        (sha256
         (base32
-         "1bfc2xiplpad6f2nwi48y0kps7xqnsll85dlz63cy8k5bysl6d20"))))
+         "0gz9i30pdmkchi936ijy873k8di6fmf3v5rv551hxyf0hjkjx8b3"))))
     (build-system python-build-system)
     (native-inputs
      `(("python2-pycrypto" ,python2-pycrypto)
diff --git a/gnu/packages/algebra.scm b/gnu/packages/algebra.scm
index d09e2e83b2..b859da0e7e 100644
--- a/gnu/packages/algebra.scm
+++ b/gnu/packages/algebra.scm
@@ -577,23 +577,6 @@ cosine/ sine transforms or DCT/DST).")
      (string-append (package-description fftw)
                     "  Single-precision version."))))
 
-(define (pthread-variant p)
-  (package
-    (inherit p)
-    (name (string-append (package-name p) "-pthreads"))
-    (arguments
-     (substitute-keyword-arguments (package-arguments fftw)
-       ((#:configure-flags flags)
-        `(cons "--enable-threads" ,flags))))))
-
-;; FIXME: These packages are used temporarily by packages like Ardour until
-;; "--enable-flags" is added to the fftw and fftwf packages.
-(define-public fftw-with-threads
-  (pthread-variant fftw))
-
-(define-public fftwf-with-threads
-  (pthread-variant fftwf))
-
 (define-public fftw-openmpi
   (package (inherit fftw)
     (name "fftw-openmpi")
diff --git a/gnu/packages/astronomy.scm b/gnu/packages/astronomy.scm
index c1b15e1dee..f390ce4486 100644
--- a/gnu/packages/astronomy.scm
+++ b/gnu/packages/astronomy.scm
@@ -58,7 +58,7 @@ in FITS files.")
 (define-public wcslib
   (package
     (name "wcslib")
-    (version "5.15")
+    (version "5.16")
     (source
      (origin
        (method url-fetch)
@@ -66,7 +66,7 @@ in FITS files.")
              "ftp://ftp.atnf.csiro.au/pub/software/wcslib/" name "-" version
              ".tar.bz2"))
        (sha256
-        (base32 "1s2nig327g4bimd9xshlk11ww09a7mrjmsbpdcd8smsmn2kl1glb"))))
+        (base32 "1vwrzkznpig2q40m11j12hsfqvsjz8z44l66pz5fkh6fy461w0zd"))))
     (inputs
      `(("cfitsio" ,cfitsio)))
     (build-system gnu-build-system)
diff --git a/gnu/packages/audacity.scm b/gnu/packages/audacity.scm
index 0f9554deba..a70d0e3a69 100644
--- a/gnu/packages/audacity.scm
+++ b/gnu/packages/audacity.scm
@@ -24,6 +24,7 @@
   #:use-module (gnu packages)
   #:use-module (gnu packages audio)
   #:use-module (gnu packages base)
+  #:use-module (gnu packages gettext)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages mp3)
@@ -38,20 +39,20 @@
 (define-public audacity
   (package
     (name "audacity")
-    (version "2.1.0")
+    (version "2.1.2")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://sourceforge/audacity/audacity/" version
-                           "/audacity-minsrc-" version ".tar.xz"))
+       (uri (string-append "https://github.com/audacity/audacity/archive"
+                           "/Audacity-" version ".zip"))
        (sha256
-        (base32 "1cs2w3fwqylpqmfwkvlgdx5lhclpckfil7pqibl37qlbnf4qvndh"))
+        (base32 "1642i9d5cdmqzj6r0qdl2ldnqsvpb08znnczncysi72x6zpvb5qq"))
        (patches (search-patches "audacity-fix-ffmpeg-binding.patch"))))
     (build-system gnu-build-system)
     (inputs
      ;; TODO: Add portSMF and libwidgetextra once they're packaged.  In-tree
      ;; versions shipping with Audacity are used for now.
-     `(("wxwidgets" ,wxwidgets-2)
+     `(("wxwidgets" ,wxwidgets-gtk2)
        ("gtk" ,gtk+-2)
        ("alsa-lib" ,alsa-lib)
        ("jack" ,jack-1)
@@ -72,7 +73,8 @@
        ("lilv" ,lilv)
        ("portaudio" ,portaudio)))
     (native-inputs
-     `(("pkg-config" ,pkg-config)
+     `(("gettext" ,gettext-minimal)     ;for msgfmt
+       ("pkg-config" ,pkg-config)
        ("python" ,python-2)
        ("which" ,which)))
     (arguments
diff --git a/gnu/packages/audio.scm b/gnu/packages/audio.scm
index f0a6a54de7..84088a6b52 100644
--- a/gnu/packages/audio.scm
+++ b/gnu/packages/audio.scm
@@ -223,6 +223,7 @@ namespace ARDOUR { const char* revision = \"" version "\" ; }")))))
        ("boost" ,boost)
        ("atkmm" ,atkmm)
        ("cairomm" ,cairomm)
+       ("eudev" ,eudev)
        ("gtkmm" ,gtkmm-2)
        ("glibmm" ,glibmm)
        ("libart-lgpl" ,libart-lgpl)
@@ -238,8 +239,8 @@ namespace ARDOUR { const char* revision = \"" version "\" ; }")))))
        ("lv2" ,lv2)
        ("vamp" ,vamp)
        ("curl" ,curl)
-       ("fftw" ,fftw-with-threads)
-       ("fftwf" ,fftwf-with-threads)
+       ("fftw" ,fftw)
+       ("fftwf" ,fftwf)
        ("jack" ,jack-1)
        ("serd" ,serd)
        ("sord" ,sord)
@@ -2101,19 +2102,15 @@ stretching and pitch scaling of audio.  This package contains the library.")
 (define-public wavpack
   (package
     (name "wavpack")
-    (version "4.70.0")
+    (version "5.1.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://www.wavpack.com/"
                                   name "-" version ".tar.bz2"))
               (sha256
                (base32
-                "191h8hv8qk72hfh1crg429i9yq3cminwqb249sy9zadbn1wy7b9c"))))
+                "0i19c6krc0p9krwrqy9s5xahaafigqzxcn31piidmlaqadyn4f8r"))))
     (build-system gnu-build-system)
-    (arguments
-     `(#:configure-flags
-       ;; wavpack.pc.in lacks path substitution for 'exec_prefix'.
-       (list (string-append "--libdir=" %output "/lib"))))
     (home-page "http://www.wavpack.com/")
     (synopsis "Hybrid lossless audio codec")
     (description
diff --git a/gnu/packages/backup.scm b/gnu/packages/backup.scm
index 8308616a1f..cc83a2ef79 100644
--- a/gnu/packages/backup.scm
+++ b/gnu/packages/backup.scm
@@ -34,6 +34,7 @@
   #:use-module (gnu packages compression)
   #:use-module (gnu packages databases)
   #:use-module (gnu packages dejagnu)
+  #:use-module (gnu packages ftp)
   #:use-module (gnu packages glib)
   #:use-module (gnu packages gnupg)
   #:use-module (gnu packages gperf)
@@ -52,7 +53,7 @@
 (define-public duplicity
   (package
     (name "duplicity")
-    (version "0.6.26")
+    (version "0.7.11")
     (source
      (origin
       (method url-fetch)
@@ -62,18 +63,19 @@
                           version ".tar.gz"))
       (sha256
        (base32
-        "0jh79syhr8n3l81jxlwsmwm1pklb4d923m2lgqbswyavh1fqmvwb"))
-      (patches (search-patches "duplicity-piped-password.patch"
-                               "duplicity-test_selection-tmp.patch"))))
+        "01zcq9cwn4pvj68rihgjvcdgccnxvz4jrba38sbv6nqz19cs2ixh"))))
     (build-system python-build-system)
     (native-inputs
-     `(("util-linux" ,util-linux)))     ;setsid command, for the tests
+     `(("util-linux" ,util-linux)     ;setsid command, for the tests
+       ("python-pexpect" ,python2-pexpect)
+       ("mock" ,python2-mock)))
+    (propagated-inputs
+     `(("lockfile" ,python2-lockfile)
+       ("urllib3" ,python2-urllib3)))
     (inputs
-     `(("python" ,python-2)
-       ("librsync" ,librsync)
-       ("mock" ,python2-mock)           ;for testing
-       ("lockfile" ,python2-lockfile)
-       ("gnupg" ,gnupg-1)               ;gpg executable needed
+     `(("librsync" ,librsync)
+       ("lftp" ,lftp)
+       ("gnupg" ,gnupg)                 ;gpg executable needed
        ("util-linux" ,util-linux)       ;for setsid
        ("tzdata" ,tzdata)))
     (arguments
@@ -81,6 +83,12 @@
        #:test-target "test"
        #:phases
        (modify-phases %standard-phases
+         (add-before
+          'build 'patch-source ; embed gpg store name
+          (lambda* (#:key inputs #:allow-other-keys)
+            (substitute* "duplicity/gpginterface.py"
+              (("self.call = 'gpg'")
+               (string-append "self.call = '" (assoc-ref inputs "gnupg") "/bin/gpg'")))))
          (add-before 'check 'check-setup
            (lambda* (#:key inputs #:allow-other-keys)
              (substitute* "testing/functional/__init__.py"
diff --git a/gnu/packages/benchmark.scm b/gnu/packages/benchmark.scm
index 465c81b431..df2be86424 100644
--- a/gnu/packages/benchmark.scm
+++ b/gnu/packages/benchmark.scm
@@ -27,7 +27,7 @@
 (define-public fio
   (package
     (name "fio")
-    (version "2.15")
+    (version "2.16")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -35,7 +35,7 @@
                        "fio-" version ".tar.bz2"))
               (sha256
                (base32
-                "1ggma9c48717z2wz8j9f7jcgb3xqk8qawjl6c9hnabxxry94y130"))))
+                "1v5n5hq500aidwfzmbm3k5d3mhh6ffwbgzq7nys838azga4xd3bx"))))
     (build-system gnu-build-system)
     (arguments
      '(#:tests? #f ; No tests.
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index 14daf59c92..3bf352193c 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -468,6 +468,47 @@ frames} (ORFs) using ribosome profiling (ribo-seq) data.  This package
 provides the Ribotaper pipeline.")
     (license license:gpl3+)))
 
+(define-public ribodiff
+  (package
+    (name "ribodiff")
+    (version "0.2.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/ratschlab/RiboDiff/"
+                           "archive/v" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0wpbwmfv05wdjxv7ikm664f7s7p7cqr8jnw99zrda0q67rl50aaj"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:python ,python-2
+       #:phases
+       (modify-phases %standard-phases
+         ;; Generate an installable executable script wrapper.
+         (add-after 'unpack 'patch-setup.py
+           (lambda _
+             (substitute* "setup.py"
+               (("^(.*)packages=.*" line prefix)
+                (string-append line "\n"
+                               prefix "scripts=['scripts/TE.py'],\n")))
+             #t)))))
+    (inputs
+     `(("python-numpy" ,python2-numpy)
+       ("python-matplotlib" ,python2-matplotlib)
+       ("python-scipy" ,python2-scipy)
+       ("python-statsmodels" ,python2-statsmodels)))
+    (home-page "http://public.bmi.inf.ethz.ch/user/zhongy/RiboDiff/")
+    (synopsis "Detect translation efficiency changes from ribosome footprints")
+    (description "RiboDiff is a statistical tool that detects the protein
+translational efficiency change from Ribo-Seq (ribosome footprinting) and
+RNA-Seq data.  It uses a generalized linear model to detect genes showing
+difference in translational profile taking mRNA abundance into account.  It
+facilitates us to decipher the translational regulation that behave
+independently with transcriptional regulation.")
+    (license license:gpl3+)))
+
 (define-public bioawk
   (package
     (name "bioawk")
@@ -2006,7 +2047,7 @@ identify enrichments with functional annotations of the genome.")
 (define-public diamond
   (package
     (name "diamond")
-    (version "0.8.31")
+    (version "0.8.34")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2015,7 +2056,7 @@ identify enrichments with functional annotations of the genome.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0nh79f4rpgq8vmlga743r7vd0z0ik6spy34f7vfq0v9lcmvfr7xq"))))
+                "0jvr34g346gbz7z1zb9bs0vplivm9p4cxk0lbzklvdpa7g236p39"))))
     (build-system cmake-build-system)
     (arguments
      '(#:tests? #f ; no "check" target
@@ -2722,6 +2763,69 @@ several alignment strategies enable effective alignment of RNA-seq reads, in
 particular, reads spanning multiple exons.")
     (license license:gpl3+)))
 
+(define-public hisat2
+  (package
+    (name "hisat2")
+    (version "2.0.5")
+    (source
+     (origin
+       (method url-fetch)
+       ;; FIXME: a better source URL is
+       ;; (string-append "ftp://ftp.ccb.jhu.edu/pub/infphilo/hisat2"
+       ;;                "/downloads/hisat2-" version "-source.zip")
+       ;; with hash "0lywnr8kijwsc2aw10dwxic0n0yvip6fl3rjlvc8zzwahamy4x7g"
+       ;; but it is currently unavailable.
+       (uri "https://github.com/infphilo/hisat2/archive/cba6e8cb.tar.gz")
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1mf2hdsyv7cd97xm9mp9a4qws02yrj95y6w6f6cdwnq0klp81r50"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f                      ; no check target
+       #:make-flags (list "CC=gcc" "CXX=g++" "allall")
+       #:modules ((guix build gnu-build-system)
+                  (guix build utils)
+                  (srfi srfi-26))
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'make-deterministic
+           (lambda _
+             (substitute* "Makefile"
+               (("`date`") "0"))
+             #t))
+         (delete 'configure)
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (bin (string-append out "/bin/"))
+                    (doc (string-append out "/share/doc/hisat2/")))
+               (for-each
+                (cut install-file <> bin)
+                (find-files "."
+                            "hisat2(-(build|align|inspect)(-(s|l)(-debug)*)*)*$"))
+               (mkdir-p doc)
+               (install-file "doc/manual.inc.html" doc))
+             #t)))))
+    (native-inputs
+     `(("unzip" ,unzip)                 ; needed for archive from ftp
+       ("perl" ,perl)
+       ("pandoc" ,ghc-pandoc)))         ; for documentation
+    (home-page "http://ccb.jhu.edu/software/hisat2/index.shtml")
+    (synopsis "Graph-based alignment of genomic sequencing reads")
+    (description "HISAT2 is a fast and sensitive alignment program for mapping
+next-generation sequencing reads (both DNA and RNA) to a population of human
+genomes (as well as to a single reference genome).  In addition to using one
+global @dfn{graph FM} (GFM) index that represents a population of human
+genomes, HISAT2 uses a large set of small GFM indexes that collectively cover
+the whole genome.  These small indexes, combined with several alignment
+strategies, enable rapid and accurate alignment of sequencing reads.  This new
+indexing scheme is called a @dfn{Hierarchical Graph FM index} (HGFM).")
+    ;; HISAT2 contains files from Bowtie2, which is released under
+    ;; GPLv2 or later.  The HISAT2 source files are released under
+    ;; GPLv3 or later.
+    (license license:gpl3+)))
+
 (define-public hmmer
   (package
     (name "hmmer")
@@ -5159,17 +5263,41 @@ sequence.")
     (supported-systems '("i686-linux" "x86_64-linux"))
     (license license:bsd-3)))
 
+(define-public r-centipede
+  (package
+    (name "r-centipede")
+    (version "1.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://download.r-forge.r-project.org/"
+                                  "src/contrib/CENTIPEDE_" version ".tar.gz"))
+              (sha256
+               (base32
+                "1hsx6qgwr0i67fhy9257zj7s0ppncph2hjgbia5nn6nfmj0ax6l9"))))
+    (build-system r-build-system)
+    (home-page "http://centipede.uchicago.edu/")
+    (synopsis "Predict transcription factor binding sites")
+    (description
+     "CENTIPEDE applies a hierarchical Bayesian mixture model to infer regions
+of the genome that are bound by particular transcription factors.  It starts
+by identifying a set of candidate binding sites, and then aims to classify the
+sites according to whether each site is bound or not bound by a transcription
+factor.  CENTIPEDE is an unsupervised learning algorithm that discriminates
+between two different types of motif instances using as much relevant
+information as possible.")
+    (license (list license:gpl2+ license:gpl3+))))
+
 (define-public r-vegan
   (package
     (name "r-vegan")
-    (version "2.4-1")
+    (version "2.4-2")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "vegan" version))
        (sha256
         (base32
-         "0i0c7rc0nzgbysd1nlxzxd2rvy75qcnw3yc7nggzqjzzj5d7yzsd"))))
+         "12wf64izrpq9z3ix7mgm5421mq0xsm8dw5qblvcrz452nfhjf5w9"))))
     (build-system r-build-system)
     (arguments
      `(#:phases
@@ -7100,6 +7228,41 @@ musculus (Mouse) as provided by UCSC (mm10, December 2011) and stored
 in Biostrings objects.")
     (license license:artistic2.0)))
 
+(define-public r-txdb-mmusculus-ucsc-mm10-knowngene
+  (package
+    (name "r-txdb-mmusculus-ucsc-mm10-knowngene")
+    (version "3.4.0")
+    (source (origin
+              (method url-fetch)
+              ;; We cannot use bioconductor-uri here because this tarball is
+              ;; located under "data/annotation/" instead of "bioc/".
+              (uri (string-append "http://www.bioconductor.org/packages/"
+                                  "release/data/annotation/src/contrib/"
+                                  "TxDb.Mmusculus.UCSC.mm10.knownGene_"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "08gava9wsvpcqz51k2sni3pj03n5155v32d9riqbf305nbirqbkb"))))
+    (properties
+     `((upstream-name . "TxDb.Mmusculus.UCSC.mm10.knownGene")))
+    (build-system r-build-system)
+    ;; As this package provides little more than a very large data file it
+    ;; doesn't make sense to build substitutes.
+    (arguments `(#:substitutable? #f))
+    (propagated-inputs
+     `(("r-bsgenome" ,r-bsgenome)
+       ("r-genomicfeatures" ,r-genomicfeatures)
+       ("r-annotationdbi" ,r-annotationdbi)))
+    (home-page
+     "http://bioconductor.org/packages/TxDb.Mmusculus.UCSC.mm10.knownGene/")
+    (synopsis "Annotation package for TxDb knownGene object(s) for Mouse")
+    (description
+     "This package loads a TxDb object, which is an R interface to
+prefabricated databases contained in this package.  This package provides
+the TxDb object of Mouse data as provided by UCSC (mm10, December 2011)
+based on the knownGene track.")
+    (license license:artistic2.0)))
+
 (define-public r-bsgenome-celegans-ucsc-ce6
   (package
     (name "r-bsgenome-celegans-ucsc-ce6")
@@ -7861,7 +8024,9 @@ replacement for strverscmp.")
        ("python-pyyaml" ,python-pyyaml)
        ("python-click" ,python-click)
        ("python-matplotlib" ,python-matplotlib)
-       ("python-numpy" ,python-numpy)))
+       ("python-numpy" ,python-numpy)
+       ;; MultQC checks for the presence of nose at runtime.
+       ("python-nose" ,python-nose)))
     (home-page "http://multiqc.info")
     (synopsis "Aggregate bioinformatics analysis reports")
     (description
@@ -7960,3 +8125,382 @@ immunoprecipitation and target enrichment on small gene panels.  Thereby,
 CopywriteR constitutes a widely applicable alternative to available copy
 number detection tools.")
     (license license:gpl2)))
+
+(define-public r-sva
+  (package
+    (name "r-sva")
+    (version "3.22.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "sva" version))
+       (sha256
+        (base32
+         "1wc1fjm6dzlsqqagm43y57w8jh8nsh0r0m8z1p6ximcb5gxqh7hn"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-genefilter" ,r-genefilter)))
+    (home-page "http://bioconductor.org/packages/sva")
+    (synopsis "Surrogate variable analysis")
+    (description
+     "This package contains functions for removing batch effects and other
+unwanted variation in high-throughput experiment.  It also contains functions
+for identifying and building surrogate variables for high-dimensional data
+sets.  Surrogate variables are covariates constructed directly from
+high-dimensional data like gene expression/RNA sequencing/methylation/brain
+imaging data that can be used in subsequent analyses to adjust for unknown,
+unmodeled, or latent sources of noise.")
+    (license license:artistic2.0)))
+
+(define-public r-seqminer
+  (package
+    (name "r-seqminer")
+    (version "5.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "seqminer" version))
+       (sha256
+        (base32
+         "0y0gc5lws3hdxasjb84m532ics6imb7qg9sl1zy62h503jh4j9gw"))))
+    (build-system r-build-system)
+    (inputs
+     `(("zlib" ,zlib)))
+    (home-page "http://seqminer.genomic.codes")
+    (synopsis "Read nucleotide sequence data (VCF, BCF, and METAL formats)")
+    (description
+     "This package provides tools to integrate nucleotide sequencing
+data (variant call format, e.g. VCF or BCF) or meta-analysis results in R.")
+    ;; Any version of the GPL is acceptable
+    (license (list license:gpl2+ license:gpl3+))))
+
+(define-public r-raremetals2
+  (package
+    (name "r-raremetals2")
+    (version "0.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://genome.sph.umich.edu/w/images/"
+                           "b/b7/RareMETALS2_" version ".tar.gz"))
+       (sha256
+        (base32
+         "0z5ljcgvnm06ja9lm85a3cniq7slxcy37aqqkxrdidr79an5fs4s"))))
+    (properties `((upstream-name . "RareMETALS2")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-seqminer" ,r-seqminer)
+       ("r-mvtnorm" ,r-mvtnorm)
+       ("r-compquadform" ,r-compquadform)
+       ("r-getopt" ,r-getopt)))
+    (home-page "http://genome.sph.umich.edu/wiki/RareMETALS2")
+    (synopsis "Analyze gene-level association tests for binary trait")
+    (description
+     "The R package rareMETALS2 is an extension of the R package rareMETALS.
+It was designed to meta-analyze gene-level association tests for binary trait.
+While rareMETALS offers a near-complete solution for meta-analysis of
+gene-level tests for quantitative trait, it does not offer the optimal
+solution for binary trait.  The package rareMETALS2 offers improved features
+for analyzing gene-level association tests in meta-analyses for binary
+trait.")
+    (license license:gpl3)))
+
+(define-public r-maldiquant
+  (package
+    (name "r-maldiquant")
+    (version "1.16")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "MALDIquant" version))
+       (sha256
+        (base32
+         "067xbmy10mpsvmv77g62chd7wwhdhcfn5hmp5fisbnz2h5rq0q60"))))
+    (properties `((upstream-name . "MALDIquant")))
+    (build-system r-build-system)
+    (home-page "http://cran.r-project.org/web/packages/MALDIquant")
+    (synopsis "Quantitative analysis of mass spectrometry data")
+    (description
+     "This package provides a complete analysis pipeline for matrix-assisted
+laser desorption/ionization-time-of-flight (MALDI-TOF) and other
+two-dimensional mass spectrometry data.  In addition to commonly used plotting
+and processing methods it includes distinctive features, namely baseline
+subtraction methods such as morphological filters (TopHat) or the
+statistics-sensitive non-linear iterative peak-clipping algorithm (SNIP), peak
+alignment using warping functions, handling of replicated measurements as well
+as allowing spectra with different resolutions.")
+    (license license:gpl3+)))
+
+(define-public r-protgenerics
+  (package
+    (name "r-protgenerics")
+    (version "1.6.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "ProtGenerics" version))
+       (sha256
+        (base32
+         "0hb3vrrvfx6lcfalmjxm8dmigfmi5nba0pzjfgsrzd35c8mbfc6f"))))
+    (properties `((upstream-name . "ProtGenerics")))
+    (build-system r-build-system)
+    (home-page "https://github.com/lgatto/ProtGenerics")
+    (synopsis "S4 generic functions for proteomics infrastructure")
+    (description
+     "This package provides S4 generic functions needed by Bioconductor
+proteomics packages.")
+    (license license:artistic2.0)))
+
+(define-public r-mzr
+  (package
+    (name "r-mzr")
+    (version "2.8.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "mzR" version))
+       (sha256
+        (base32
+         "0ipmhg6l3pf648rdx5g2ha7l5ppd3cja6afxhdw76x8ga3633x0r"))))
+    (properties `((upstream-name . "mzR")))
+    (build-system r-build-system)
+    (inputs
+     `(("netcdf" ,netcdf)))
+    (propagated-inputs
+     `(("r-biobase" ,r-biobase)
+       ("r-biocgenerics" ,r-biocgenerics)
+       ("r-protgenerics" ,r-protgenerics)
+       ("r-rcpp" ,r-rcpp)
+       ("r-zlibbioc" ,r-zlibbioc)))
+    (home-page "https://github.com/sneumann/mzR/")
+    (synopsis "Parser for mass spectrometry data files")
+    (description
+     "The mzR package provides a unified API to the common file formats and
+parsers available for mass spectrometry data.  It comes with a wrapper for the
+ISB random access parser for mass spectrometry mzXML, mzData and mzML files.
+The package contains the original code written by the ISB, and a subset of the
+proteowizard library for mzML and mzIdentML.  The netCDF reading code has
+previously been used in XCMS.")
+    (license license:artistic2.0)))
+
+(define-public r-affyio
+  (package
+    (name "r-affyio")
+    (version "1.44.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "affyio" version))
+       (sha256
+        (base32
+         "1svsl4mpk06xm505pap913x69ywks99262krag8y4ygpllj7dfyy"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-zlibbioc" ,r-zlibbioc)))
+    (inputs
+     `(("zlib" ,zlib)))
+    (home-page "https://github.com/bmbolstad/affyio")
+    (synopsis "Tools for parsing Affymetrix data files")
+    (description
+     "This package provides routines for parsing Affymetrix data files based
+upon file format information.  The primary focus is on accessing the CEL and
+CDF file formats.")
+    (license license:lgpl2.0+)))
+
+(define-public r-affy
+  (package
+    (name "r-affy")
+    (version "1.52.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "affy" version))
+       (sha256
+        (base32
+         "1snq71ligf0wvaxa6zfrl13ydw0zfhspmhdyfk8q3ba3np4cz344"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-affyio" ,r-affyio)
+       ("r-biobase" ,r-biobase)
+       ("r-biocgenerics" ,r-biocgenerics)
+       ("r-biocinstaller" ,r-biocinstaller)
+       ("r-preprocesscore" ,r-preprocesscore)
+       ("r-zlibbioc" ,r-zlibbioc)))
+    (home-page "http://bioconductor.org/packages/affy")
+    (synopsis "Methods for affymetrix oligonucleotide arrays")
+    (description
+     "This package contains functions for exploratory oligonucleotide array
+analysis.")
+    (license license:lgpl2.0+)))
+
+(define-public r-vsn
+  (package
+    (name "r-vsn")
+    (version "3.42.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "vsn" version))
+       (sha256
+        (base32
+         "0mgl0azys2g90simf8wx6jdwd7gyg3m4pf12n6w6507jixm2cg97"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-affy" ,r-affy)
+       ("r-biobase" ,r-biobase)
+       ("r-ggplot2" ,r-ggplot2)
+       ("r-limma" ,r-limma)))
+    (home-page "http://bioconductor.org/packages/release/bioc/html/vsn.html")
+    (synopsis "Variance stabilization and calibration for microarray data")
+    (description
+     "The package implements a method for normalising microarray intensities,
+and works for single- and multiple-color arrays.  It can also be used for data
+from other technologies, as long as they have similar format.  The method uses
+a robust variant of the maximum-likelihood estimator for an
+additive-multiplicative error model and affine calibration.  The model
+incorporates data calibration step (a.k.a.  normalization), a model for the
+dependence of the variance on the mean intensity and a variance stabilizing
+data transformation.  Differences between transformed intensities are
+analogous to \"normalized log-ratios\".  However, in contrast to the latter,
+their variance is independent of the mean, and they are usually more sensitive
+and specific in detecting differential transcription.")
+    (license license:artistic2.0)))
+
+(define-public r-mzid
+  (package
+    (name "r-mzid")
+    (version "1.12.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "mzID" version))
+       (sha256
+        (base32
+         "1zn896cpfvqp1qmq5c4vcj933hb8rxwb6gkck1wqvr7393rpqy1q"))))
+    (properties `((upstream-name . "mzID")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-doparallel" ,r-doparallel)
+       ("r-foreach" ,r-foreach)
+       ("r-iterators" ,r-iterators)
+       ("r-plyr" ,r-plyr)
+       ("r-protgenerics" ,r-protgenerics)
+       ("r-rcpp" ,r-rcpp)
+       ("r-xml" ,r-xml)))
+    (home-page "http://bioconductor.org/packages/mzID")
+    (synopsis "Parser for mzIdentML files")
+    (description
+     "This package provides a parser for mzIdentML files implemented using the
+XML package.  The parser tries to be general and able to handle all types of
+mzIdentML files with the drawback of having less pretty output than a vendor
+specific parser.")
+    (license license:gpl2+)))
+
+(define-public r-pcamethods
+  (package
+    (name "r-pcamethods")
+    (version "1.66.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "pcaMethods" version))
+       (sha256
+        (base32
+         "18mawhxw57pgpn87qha4mwki24gqja7wpqha8q496476vyap11xw"))))
+    (properties `((upstream-name . "pcaMethods")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-biobase" ,r-biobase)
+       ("r-biocgenerics" ,r-biocgenerics)
+       ("r-rcpp" ,r-rcpp)))
+    (home-page "https://github.com/hredestig/pcamethods")
+    (synopsis "Collection of PCA methods")
+    (description
+     "This package provides Bayesian PCA, Probabilistic PCA, Nipals PCA,
+Inverse Non-Linear PCA and the conventional SVD PCA.  A cluster based method
+for missing value estimation is included for comparison.  BPCA, PPCA and
+NipalsPCA may be used to perform PCA on incomplete data as well as for
+accurate missing value estimation.  A set of methods for printing and plotting
+the results is also provided.  All PCA methods make use of the same data
+structure (pcaRes) to provide a common interface to the PCA results.")
+    (license license:gpl3+)))
+
+(define-public r-msnbase
+  (package
+    (name "r-msnbase")
+    (version "2.0.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "MSnbase" version))
+       (sha256
+        (base32
+         "0jjjs29dcwsjaxzfqxy98ycpg3rwxzzchkj77my3cjgdc00sm66n"))))
+    (properties `((upstream-name . "MSnbase")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-affy" ,r-affy)
+       ("r-biobase" ,r-biobase)
+       ("r-biocgenerics" ,r-biocgenerics)
+       ("r-biocparallel" ,r-biocparallel)
+       ("r-digest" ,r-digest)
+       ("r-ggplot2" ,r-ggplot2)
+       ("r-impute" ,r-impute)
+       ("r-iranges" ,r-iranges)
+       ("r-maldiquant" ,r-maldiquant)
+       ("r-mzid" ,r-mzid)
+       ("r-mzr" ,r-mzr)
+       ("r-pcamethods" ,r-pcamethods)
+       ("r-plyr" ,r-plyr)
+       ("r-preprocesscore" ,r-preprocesscore)
+       ("r-protgenerics" ,r-protgenerics)
+       ("r-rcpp" ,r-rcpp)
+       ("r-reshape2" ,r-reshape2)
+       ("r-s4vectors" ,r-s4vectors)
+       ("r-vsn" ,r-vsn)
+       ("r-xml" ,r-xml)))
+    (home-page "https://github.com/lgatto/MSnbase")
+    (synopsis "Base functions and classes for MS-based proteomics")
+    (description
+     "This package provides basic plotting, data manipulation and processing
+of mass spectrometry based proteomics data.")
+    (license license:artistic2.0)))
+
+(define-public r-msnid
+  (package
+    (name "r-msnid")
+    (version "1.8.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "MSnID" version))
+       (sha256
+        (base32
+         "0fkk3za39cxi0jyxmagmycjdslr2xf6vg3ylz14jyffqi0blw9d5"))))
+    (properties `((upstream-name . "MSnID")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-biobase" ,r-biobase)
+       ("r-data-table" ,r-data-table)
+       ("r-doparallel" ,r-doparallel)
+       ("r-dplyr" ,r-dplyr)
+       ("r-foreach" ,r-foreach)
+       ("r-iterators" ,r-iterators)
+       ("r-msnbase" ,r-msnbase)
+       ("r-mzid" ,r-mzid)
+       ("r-mzr" ,r-mzr)
+       ("r-protgenerics" ,r-protgenerics)
+       ("r-r-cache" ,r-r-cache)
+       ("r-rcpp" ,r-rcpp)
+       ("r-reshape2" ,r-reshape2)))
+    (home-page "http://bioconductor.org/packages/MSnID")
+    (synopsis "Utilities for LC-MSn proteomics identifications")
+    (description
+     "This package extracts @dfn{tandem mass spectrometry} (MS/MS) ID data
+from mzIdentML (leveraging the mzID package) or text files.  After collating
+the search results from multiple datasets it assesses their identification
+quality and optimize filtering criteria to achieve the maximum number of
+identifications while not exceeding a specified false discovery rate.  It also
+contains a number of utilities to explore the MS/MS results and assess missed
+and irregular enzymatic cleavages, mass measurement accuracy, etc.")
+    (license license:artistic2.0)))
diff --git a/gnu/packages/bittorrent.scm b/gnu/packages/bittorrent.scm
index 43ec087bf5..716d8b766a 100644
--- a/gnu/packages/bittorrent.scm
+++ b/gnu/packages/bittorrent.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Tomáš Čech <sleep_walker@gnu.org>
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017 Jelle Licht <jlicht@fsfe.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -29,6 +30,7 @@
   #:use-module (guix build-system glib-or-gtk)
   #:use-module ((guix licenses) #:prefix l:)
   #:use-module (gnu packages adns)
+  #:use-module (gnu packages boost)
   #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages crypto)
@@ -326,3 +328,41 @@ the distributed hash table (DHT) and Peer Exchange.  Hashing is multi-threaded
 and will take advantage of multiple processor cores where possible.")
     (license (list l:public-domain      ; sha1.*, used to build without OpenSSL
                    l:gpl2+))))          ; with permission to link with OpenSSL
+
+(define-public libtorrent-rasterbar
+  (package
+    (name "libtorrent-rasterbar")
+    (version "1.0.10")
+    (source (origin
+              (method url-fetch)
+              (uri
+               (string-append
+                "https://github.com/arvidn/libtorrent/releases/download/libtorrent-"
+                "1_0_10" "/libtorrent-rasterbar-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0gjcr892hzmcngvpw5bycjci4dk49v763lsnpvbwsjmim2ncwrd8"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags
+       (list (string-append "--with-boost-libdir="
+                            (assoc-ref %build-inputs "boost")
+                            "/lib")
+             "--enable-python-binding"
+             "--enable-tests")
+       #:make-flags (list
+                     (string-append "LDFLAGS=-Wl,-rpath="
+                                    (assoc-ref %outputs "out") "/lib"))))
+    (inputs `(("boost" ,boost)
+              ("openssl" ,openssl)))
+    (native-inputs `(("python" ,python-2)
+                     ("pkg-config" ,pkg-config)))
+    (home-page "http://www.rasterbar.com/products/libtorrent/")
+    (synopsis "Feature complete BitTorrent implementation")
+    (description
+     "libtorrent-rasterbar is a feature complete C++ BitTorrent implementation
+focusing on efficiency and scalability.  It runs on embedded devices as well as
+desktops.")
+    (license l:bsd-2)))
+
+
diff --git a/gnu/packages/c.scm b/gnu/packages/c.scm
index 4b9791348e..d5b6631506 100644
--- a/gnu/packages/c.scm
+++ b/gnu/packages/c.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -24,6 +24,8 @@
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system trivial)
   #:use-module (gnu packages bootstrap)
+  #:use-module (gnu packages bison)
+  #:use-module (gnu packages flex)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages texinfo)
   #:use-module (gnu packages guile))
@@ -128,3 +130,33 @@ standard.")
              (chmod port #o777)))
          #t)))
     (synopsis "Wrapper providing the 'cc' command for TCC")))
+
+(define-public pcc
+  (package
+    (name "pcc")
+    (version "20170109")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://pcc.ludd.ltu.se/ftp/pub/pcc/pcc-"
+                                  version ".tgz"))
+              (sha256
+               (base32
+                "1p34w496095mi0473f815w6wbi57zxil106mg7pj6sg6gzpjcgww"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (replace 'check
+           (lambda _
+             (zero? (system* "make" "-C" "cc/cpp" "test")))))))
+    (native-inputs
+     `(("bison" ,bison)
+       ("flex" ,flex)))
+    (synopsis "Portable C compiler")
+    (description
+     "PCC is a portable C compiler.  The project goal is to write a C99
+compiler while still keeping it small, simple, fast and understandable.")
+    (home-page "http://pcc.ludd.ltu.se")
+    ;; PCC incorporates code under various BSD licenses; for new code bsd-2 is
+    ;; preferred.  See http://pcc.ludd.ltu.se/licenses/ for more details.
+    (license (list license:bsd-2 license:bsd-3))))
diff --git a/gnu/packages/check.scm b/gnu/packages/check.scm
index f0a6ff4d1c..9ad03cd558 100644
--- a/gnu/packages/check.scm
+++ b/gnu/packages/check.scm
@@ -180,13 +180,13 @@ format.")
 (define-public cppcheck
   (package
     (name "cppcheck")
-    (version "1.76.1")
+    (version "1.77")
     (source (origin
       (method url-fetch)
       (uri (string-append "https://github.com/danmar/cppcheck/archive/"
                           version ".tar.gz"))
       (sha256
-       (base32 "08pcawg36h850n4i794b2158jcv49f8a54dg3dikdkc1cwknwgjz"))
+       (base32 "1fn26p0xvfrdbhxjhy6aqhkk63n3fvrdb2ygcn9wg4vaandhmbkn"))
       (file-name (string-append name "-" version ".tar.gz"))))
     (build-system cmake-build-system)
     (home-page "http://cppcheck.sourceforge.net")
diff --git a/gnu/packages/ci.scm b/gnu/packages/ci.scm
index 05c51bbc4d..15a94c5ee3 100644
--- a/gnu/packages/ci.scm
+++ b/gnu/packages/ci.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
-;;; Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
+;;; Copyright © 2016, 2017 Mathieu Lirzin <mthl@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -186,8 +186,8 @@ their dependencies.")
       (license l:gpl3+))))
 
 (define-public cuirass
-  (let ((commit "cbdb59af8e7a1b40d687f80e62c5892686d384d2")
-        (revision "2"))
+  (let ((commit "d0a5801e397335bb44d8033e5deddf02c1cc99c2")
+        (revision "3"))
     (package
       (name "cuirass")
       (version (string-append "0.0.1-" revision "." (string-take commit 7)))
@@ -199,12 +199,18 @@ their dependencies.")
                 (file-name (string-append name "-" version))
                 (sha256
                  (base32
-                  "0qmhchazg8wyrfn6d2im4jg7d52gb0xp8afjan5szl3bpphi4s28"))))
+                  "0sa94dgp9w6av7i0a570fv9a9yq03jkxdrm5d75h6szsp1kiyw2i"))))
       (build-system gnu-build-system)
       (arguments
        '(#:phases
          (modify-phases %standard-phases
-           (add-after 'unpack 'bootstrap
+           (add-after 'unpack 'disable-repo-tests
+             (λ _
+               ;; Disable tests that use a connection to the Guix daemon.
+               (substitute* "Makefile.am"
+                 (("tests/repo.scm \\\\") "\\"))
+               #t))
+           (add-before 'configure 'bootstrap
              (lambda _ (zero? (system* "sh" "bootstrap"))))
            (add-after 'install 'wrap-program
              (lambda* (#:key inputs outputs #:allow-other-keys)
diff --git a/gnu/packages/compression.scm b/gnu/packages/compression.scm
index 86cb147798..873671cf52 100644
--- a/gnu/packages/compression.scm
+++ b/gnu/packages/compression.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
@@ -57,8 +57,8 @@
       (method url-fetch)
       (uri (list (string-append "http://zlib.net/zlib-"
                                  version ".tar.gz")
-                 (string-append "mirror://sourceforge/libpng/zlib-"
-                                 version ".tar.gz")))
+                 (string-append "mirror://sourceforge/libpng/zlib/"
+                                version "/zlib-" version ".tar.gz")))
       (sha256
        (base32
         "18dighcs333gsvajvvgqp8l4cx7h1x7yx9gd5xacnk80spyykrf3"))))
diff --git a/gnu/packages/compton.scm b/gnu/packages/compton.scm
new file mode 100644
index 0000000000..a0a644db7b
--- /dev/null
+++ b/gnu/packages/compton.scm
@@ -0,0 +1,106 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 José Miguel Sánchez García <jmi2k@openmailbox.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages compton)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix build-system gnu)
+  #:use-module (gnu packages docbook)
+  #:use-module (gnu packages documentation)
+  #:use-module (gnu packages gl)
+  #:use-module (gnu packages glib)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages python)
+  #:use-module (gnu packages textutils)
+  #:use-module (gnu packages xdisorg)
+  #:use-module (gnu packages xml)
+  #:use-module (gnu packages xorg))
+
+(define-public compton
+  (let ((upstream-version "0.1_beta2"))
+    (package
+      (name "compton")
+      (version (string-filter (char-set-complement (char-set #\_))
+                              upstream-version))
+      (source (origin
+                (method url-fetch)
+                (uri (string-append
+                      "https://github.com/chjj/" name "/archive/v"
+                      upstream-version ".tar.gz"))
+                (sha256
+                 (base32
+                  "02dhlqqcwnmlf2dxg7rd4lapgqahgndzixdkbpxicq9jawmdb73v"))
+                (file-name (string-append name "-" version "-checkout"))))
+      (build-system gnu-build-system)
+      (inputs
+       `(("dbus" ,dbus)
+         ("docbook-xml" ,docbook-xml)
+         ("libconfig" ,libconfig)
+         ("libx11" ,libx11)
+         ("libxcomposite" ,libxcomposite)
+         ("libxdamage" ,libxdamage)
+         ("libxext" ,libxext)
+         ("libxfixes" ,libxfixes)
+         ("libxinerama" ,libxinerama)
+         ("libxml2" ,libxml2)
+         ("libxrandr" ,libxrandr)
+         ("libxrender" ,libxrender)
+         ("libxslt" ,libxslt)
+         ("mesa" ,mesa)
+         ("xprop" ,xprop)
+         ("xwininfo" ,xwininfo)))
+      (native-inputs
+       `(("asciidoc" ,asciidoc)
+         ("libdrm" ,libdrm)
+         ("pkg-config" ,pkg-config)
+         ("python" ,python)
+         ("xproto" ,xproto)))
+      (arguments
+       `(#:make-flags (list
+                       "CC=gcc"
+                       "NO_REGEX_PCRE=1"          ; pcre makes build fail
+                       (string-append "PREFIX=" (assoc-ref %outputs "out")))
+         #:tests? #f                              ; no tests
+         #:phases
+         (modify-phases %standard-phases
+           (delete 'configure))))
+      (home-page "https://github.com/chjj/compton")
+      (synopsis "Compositor for X11")
+      (description
+       "Compton is a compositor for the Xorg display server and a for of
+xcompmgr-dana, which implements some changes like:
+
+@itemize
+@item OpenGL backend (@command{--backend glx}), in addition to the old X Render
+backend.
+@item Inactive window transparency (@command{-i}) and dimming
+(@command{--inactive-dim}).
+@item Menu transparency (@command{-m}, thanks to Dana).
+@item Shadows are now enabled for argb windows, e.g terminals with transparency
+@item Removed serverside shadows (and simple compositing) to clean the code,
+the only option that remains is clientside shadows.
+@item Configuration files (see the man page for more details).
+@item Colored shadows (@command{--shadow-[red/green/blue]}).
+@item A new fade system.
+@item VSync support (not always working).
+@item Blur of background of transparent windows, window color inversion (bad in
+performance).
+@item Some more options...
+@end itemize\n")
+      (license license:expat))))
diff --git a/gnu/packages/connman.scm b/gnu/packages/connman.scm
index 870001237d..0fced0be79 100644
--- a/gnu/packages/connman.scm
+++ b/gnu/packages/connman.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Mathieu OTHACEHE <m.othacehe@gmail.com>
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -123,6 +124,7 @@ sharing) to clients via USB, ethernet, WiFi, cellular and Bluetooth.")
     (inputs
      `(("efl" ,efl)
        ("python-2" ,python-2)
+       ("python2-dbus" ,python2-dbus)
        ("python2-efl" ,python2-efl)))
     (home-page "https://www.enlightenment.org")
     (synopsis "Connman User Interface written using the EFL")
diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm
index e4a8a4bd54..d7888e6042 100644
--- a/gnu/packages/crypto.scm
+++ b/gnu/packages/crypto.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 David Thompson <davet@gnu.org>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox>
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
@@ -378,3 +378,39 @@ no man page, refer to the home page for usage details.")
 storage files: it can be operated from commandline and it can integrate with a
 user's graphical desktop.")
     (license license:gpl3+)))
+
+(define-public scrypt
+  (package
+    (name "scrypt")
+    (version "1.2.0")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "https://www.tarsnap.com/scrypt/scrypt-"
+                            version ".tgz"))
+        (sha256
+         (base32
+          "1m39hpfby0fdjam842773i5w7pa0qaj7f0r22jnchxsj824vqm0p"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:phases (modify-phases %standard-phases
+        (add-after 'unpack 'patch-command-invocations
+          (lambda _
+            (substitute* "Makefile.in"
+              (("command -p") ""))
+            #t))
+        (add-after 'install 'install-docs
+          (lambda* (#:key outputs #:allow-other-keys)
+            (let* ((out (assoc-ref %outputs "out"))
+                   (misc (string-append out "/share/doc/scrypt")))
+              (install-file "FORMAT" misc)
+              #t))))))
+    (inputs
+     `(("openssl" ,openssl)))
+    (home-page "https://www.tarsnap.com/scrypt.html")
+    (synopsis "Memory-hard encryption tool based on scrypt")
+    (description "This packages provides a simple password-based encryption
+utility as a demonstration of the @code{scrypt} key derivation function.
+@code{Scrypt} is designed to be far more resistant against hardware brute-force
+attacks than alternative functions such as @code{PBKDF2} or @code{bcrypt}.")
+    (license license:bsd-2)))
diff --git a/gnu/packages/cups.scm b/gnu/packages/cups.scm
index baa77f7aac..39ab41c192 100644
--- a/gnu/packages/cups.scm
+++ b/gnu/packages/cups.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org>
+;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -51,7 +52,8 @@
 (define-public cups-filters
   (package
     (name "cups-filters")
-    (version "1.11.5")
+    (replacement cups-filters/fixed)
+    (version "1.13.1")
     (source(origin
               (method url-fetch)
               (uri
@@ -59,7 +61,7 @@
                               "cups-filters-" version ".tar.xz"))
               (sha256
                (base32
-                "1hcp1cfx1a71aa6fyayajjh7vw1ia7zya6981gz73vsy2pdb23qf"))
+                "0s7hylp2lcvc1vrqpywpv7lspkrh4xf7cyi4nbg10cf38rshj474"))
               (modules '((guix build utils)))
               (snippet
                ;; install backends, banners and filters to cups-filters output
@@ -85,12 +87,16 @@
     (arguments
      `(#:make-flags (list (string-append "PREFIX=" %output))
        #:configure-flags
-       `(,(string-append "--with-test-font-path="
+       `("--disable-driverless" ; TODO: enable this
+         ,(string-append "--with-test-font-path="
                          (assoc-ref %build-inputs "font-dejavu")
                          "/share/fonts/truetype/DejaVuSans.ttf")
          ,(string-append "--with-gs-path="
                          (assoc-ref %build-inputs "ghostscript")
                          "/bin/gsc")
+         ,(string-append "--with-shell="
+                         (assoc-ref %build-inputs "bash")
+                         "/bin/bash")
          ,(string-append "--with-rcdir="
                          (assoc-ref %outputs "out") "/etc/rc.d"))))
     (native-inputs
@@ -100,12 +106,12 @@
      `(("avahi"        ,avahi)
        ("fontconfig"   ,fontconfig)
        ("freetype"     ,freetype)
-       ("font-dejavu"  ,font-dejavu) ;needed by test suite
+       ("font-dejavu"  ,font-dejavu) ; also needed by test suite
        ("ghostscript"  ,(force ghostscript/cups))
        ("ijs"          ,ijs)
        ("dbus"         ,dbus)
        ("lcms"         ,lcms)
-       ("libjpeg-8"    ,libjpeg-8)
+       ("libjpeg"      ,libjpeg)
        ("libpng"       ,libpng)
        ("libtiff"      ,libtiff)
        ("mupdf"        ,mupdf)
@@ -129,6 +135,13 @@ filters for the PDF-centric printing workflow introduced by OpenPrinting.")
                    license:lgpl2.0+
                    license:expat))))
 
+(define mupdf/fixed-instead-of-mupdf
+  (package-input-rewriting `((,mupdf . ,(@@ (gnu packages pdf) mupdf/fixed)))))
+
+;;; Fix CVE-2016-10132 and CVE-2016-10133. See mupdf/fixed for more information.
+(define cups-filters/fixed
+  (mupdf/fixed-instead-of-mupdf cups-filters))
+
 ;; CUPS on non-MacOS systems requires cups-filters.  Since cups-filters also
 ;; depends on CUPS libraries and binaries, cups-minimal has been added to
 ;; satisfy this dependency.
diff --git a/gnu/packages/cyrus-sasl.scm b/gnu/packages/cyrus-sasl.scm
index 3c6a87828a..b48505e5f3 100644
--- a/gnu/packages/cyrus-sasl.scm
+++ b/gnu/packages/cyrus-sasl.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
 ;;;
@@ -21,7 +21,7 @@
 (define-module (gnu packages cyrus-sasl)
   #:use-module (gnu packages)
   #:use-module (gnu packages databases)
-  #:use-module (gnu packages mit-krb5)
+  #:use-module (gnu packages kerberos)
   #:use-module (gnu packages tls)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
diff --git a/gnu/packages/databases.scm b/gnu/packages/databases.scm
index 16d43a31de..c2efc072bf 100644
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@@ -13,6 +13,7 @@
 ;;; Copyright © 2016 David Craven <david@craven.ch>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
 ;;; Copyright © 2016 Andy Patterson <ajpatter@uwaterloo.ca>
+;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -207,6 +208,44 @@ SQL, Key/Value, XML/XQuery or Java Object storage for their data model.")
                (base32
                 "0a1n5hbl7027fbz5lm0vp0zzfp1hmxnz14wx3zl9563h83br5ag0"))))))
 
+(define-public leveldb
+  (package
+    (name "leveldb")
+    (version "1.19")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/google/leveldb"
+                                  "/archive/v" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "00jjgs9xlwycfkg0xd7n1rj6v9zrx7xc7hann6zalrjyhap18ykx"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:make-flags (list "CC=gcc")
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (replace 'install
+           ;; There is no install target, so we do it here.
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (lib (string-append out "/lib"))
+                    (include (string-append out "/include")))
+               (for-each (lambda (file)
+                           (install-file file lib))
+                         (find-files "out-shared" "^libleveldb\\.so.*$"))
+               (copy-recursively "include" include)
+               #t))))))
+    (inputs
+     `(("snappy" ,snappy)))
+    (home-page "http://leveldb.org/")
+    (synopsis "Fast key-value storage library")
+    (description
+     "LevelDB is a fast key-value storage library that provides an ordered
+mapping from string keys to string values.")
+    (license bsd-3)))
+
 (define-public mysql
   (package
     (name "mysql")
@@ -285,7 +324,7 @@ Language.")
 (define-public mariadb
   (package
     (name "mariadb")
-    (version "10.1.20")
+    (version "10.1.21")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://downloads.mariadb.org/f/"
@@ -293,7 +332,7 @@ Language.")
                                   name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1fd0kfw94iyprf0466kjw5mwmj4ky0i997lz6499jkb79pr86kn2"))))
+                "144lcm5awcf0k6a7saqfr4p2kg8r5wbdhdm4cmn2m8hyg1an70as"))))
     (build-system cmake-build-system)
     (arguments
      '(#:configure-flags
diff --git a/gnu/packages/datamash.scm b/gnu/packages/datamash.scm
index 9889f16646..78ed868fa9 100644
--- a/gnu/packages/datamash.scm
+++ b/gnu/packages/datamash.scm
@@ -28,7 +28,7 @@
 (define-public datamash
   (package
     (name "datamash")
-    (version "1.1.0")
+    (version "1.1.1")
     (source
      (origin
       (method url-fetch)
@@ -36,7 +36,7 @@
                           version ".tar.gz"))
       (sha256
        (base32
-        "1c2bj0jrm4fxkf0ykxkzgyk1l9s0idqm8rbzmk3n9pgldb4arrd9"))))
+        "06w0pc828qsabmrlh7bc2zwc823xzxy89paaf37f6bipsyrij222"))))
     (native-inputs
      `(("which" ,which)                 ;for tests
        ("perl" ,perl)))                 ;for help2man
diff --git a/gnu/packages/django.scm b/gnu/packages/django.scm
index bbb2d71db1..9a3c66c45e 100644
--- a/gnu/packages/django.scm
+++ b/gnu/packages/django.scm
@@ -29,13 +29,13 @@
 (define-public python-django
   (package
     (name "python-django")
-    (version "1.10.3")
+    (version "1.10.5")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "Django" version))
               (sha256
                (base32
-                "0c4c8zs7kzb0bdlpy4vlzv6va26dbazr32h91rldf6waxs6z14kg"))))
+                "12szjsmnfhh2yr54sfynyjr8vl0q9gb6qak3ayqcifcinrs97f0d"))))
     (build-system python-build-system)
     (arguments
      '(#:phases
diff --git a/gnu/packages/dns.scm b/gnu/packages/dns.scm
index 55cfc02e95..9d77395243 100644
--- a/gnu/packages/dns.scm
+++ b/gnu/packages/dns.scm
@@ -28,6 +28,7 @@
   #:use-module (gnu packages base)
   #:use-module (gnu packages databases)
   #:use-module (gnu packages crypto)
+  #:use-module (gnu packages glib)
   #:use-module (gnu packages groff)
   #:use-module (gnu packages libevent)
   #:use-module (gnu packages linux)
@@ -53,11 +54,16 @@
                (base32
                 "15lzih6671gh9knzpl8mxchiml7z5lfqzr7jm2r0rjhrxs6nk4jb"))))
     (build-system gnu-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("dbus" ,dbus)))
     (arguments
      `(#:phases
        (alist-delete 'configure %standard-phases)
        #:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
-                          "CC=gcc")
+                          "CC=gcc"
+                          "COPTS=\"-DHAVE_DBUS\"")
        ;; No 'check' target.
        #:tests? #f))
     (home-page "http://www.thekelleys.org.uk/dnsmasq/doc.html")
@@ -76,7 +82,7 @@ and BOOTP/TFTP for network booting of diskless machines.")
 (define-public bind
   (package
     (name "bind")
-    (version "9.10.4-P4")
+    (version "9.10.4-P5")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -84,7 +90,7 @@ and BOOTP/TFTP for network booting of diskless machines.")
                     version ".tar.gz"))
               (sha256
                (base32
-                "11lxkb7d79c75scrs28q4xmr0ii2li69zj1c650al3qxir8yf754"))))
+                "1sqg7wg05h66vdjc8j215r04f8pg7lphkb93nsqxvzhk6r0ppi49"))))
     (build-system gnu-build-system)
     (outputs `("out" "utils"))
     (inputs
@@ -140,7 +146,7 @@ high-volume and high-reliability applications. The name BIND stands for
 (define-public dnscrypt-proxy
   (package
     (name "dnscrypt-proxy")
-    (version "1.8.1")
+    (version "1.9.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -148,7 +154,7 @@ high-volume and high-reliability applications. The name BIND stands for
                     "dnscrypt-proxy-" version ".tar.bz2"))
               (sha256
                (base32
-                "1dz0knslf7ysc2xx33ljrdlqyr4b0fpm9ifrwvwgcjaxgh94l7m8"))
+                "1xb199hpzfj53kmbkkn3awymjh8f44yzkmaj7q5ibb67b5p9fq7d"))
               (modules '((guix build utils)))
               (snippet
                ;; Delete bundled libltdl. XXX: This package also bundles
diff --git a/gnu/packages/education.scm b/gnu/packages/education.scm
index 3a883079fe..5444579059 100644
--- a/gnu/packages/education.scm
+++ b/gnu/packages/education.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org>
-;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -138,3 +139,56 @@ of categories with some of the activities available in that category.
 @end enumerate
 ")
     (license license:gpl3+)))
+
+(define-public tipp10
+  (package
+    (name "tipp10")
+    (version "2.1.0")
+    (source (origin
+              (method url-fetch)
+              ;; guix download is not able to handle the download links on the
+              ;; home-page, which use '<meta http-equiv="refresh" …>'
+              (uri (string-append "mirror://debian/pool/main/"
+                                  "t/tipp10/tipp10_2.1.0.orig.tar.gz"))
+              (sha256
+               (base32
+                "0d387b404j88gsv6kv0rb7wxr23v5g5vl6s5l7602x8pxf7slbbx"))
+              (patches (search-patches "tipp10-fix-compiling.patch"
+                                       "tipp10-remove-license-code.patch"))))
+    (build-system cmake-build-system)
+    (arguments
+     `(#:tests? #f ; packages has no tests
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'disable-new-version-check
+           (lambda _
+             ;; Make new version check to default to false.
+             ;; TODO: Remove the checkbox from the dialog and the check itself
+             (substitute* '("widget/settingspages.cpp" "widget/mainwindow.cpp")
+               (("settings.value(\"check_new_version\", true)")
+                "settings.value(\"check_new_version\", false)"))
+             #t))
+         (replace 'configure
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               ;; Make program honor $PREFIX
+               (substitute* "tipp10.pro"
+                 (("\\.path = /usr/") (string-append ".path = " out "/")))
+               (substitute* "def/defines.h"
+                 (("\"/usr/") (string-append "\"" out "/")))
+               ;; Recreate Makefile
+               (zero? (system* "qmake"))))))))
+    (inputs
+     `(("qt4" ,qt-4)
+       ("sqlite" ,sqlite)))
+    (home-page "https://www.tipp10.com/")
+    (synopsis "Touch typing tutor")
+    (description "Tipp10 is a touch typing tutor.  The ingenious thing about
+the software is its intelligence feature: characters that are mistyped are
+repeated more frequently.  Beginners will find their way around right away so
+they can start practicing without a hitch.
+
+Useful support functions and an extensive progress tracker, topical lessons
+and the ability to create your own practice lessons make learning to type
+easy.")
+    (license license:gpl2)))
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index 7b476e1a0a..e44dae784d 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -4,7 +4,7 @@
 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014, 2015, 2016, 2017 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2015 Federico Beffa <beffa@fbengineering.ch>
-;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Chris Marusich <cmmarusich@gmail.com>
 ;;; Copyright © 2015, 2016 Christopher Allan Webber <cwebber@dustycloud.org>
 ;;; Copyright © 2016 humanitiesNerd <catonano@gmail.com>
@@ -12,11 +12,12 @@
 ;;; Copyright © 2016 David Thompson <davet@gnu.org>
 ;;; Copyright © 2016 Matthew Jordan <matthewjordandevops@yandex.com>
 ;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
-;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2016 Nicolas Goaziou <mail@nicolasgoaziou.fr>
 ;;; Copyright © 2016 Alex Vong <alexvong1995@gmail.com>
 ;;; Copyright © 2016 Arun Isaac <arunisaac@systemreboot.net>
+;;; Copyright © 2017 Christopher Baines <mail@cbaines.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -46,6 +47,7 @@
   #:use-module (guix build-system glib-or-gtk)
   #:use-module (guix build-system trivial)
   #:use-module (gnu packages)
+  #:use-module (gnu packages code)
   #:use-module (gnu packages guile)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages gnome)
@@ -1066,6 +1068,44 @@ like.  It can be linked with various Emacs mail clients (Message and Mail
 mode, Rmail, Gnus, MH-E, and VM).  BBDB is fully customizable.")
     (license license:gpl3+)))
 
+(define-public emacs-ag
+  (package
+    (name "emacs-ag")
+    (version "0.47")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/Wilfred/ag.el/archive/"
+                    version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1rlmp6wnyhqfg86dbz17r914msp58favn4kd4yrdwyia265a4lar"))))
+    (build-system emacs-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-before 'install 'patch-exec-paths
+           (lambda* (#:key inputs #:allow-other-keys)
+             (emacs-substitute-variables "ag.el"
+               ("ag-executable"
+                (string-append (assoc-ref inputs "the-silver-searcher")
+                               "/bin/ag")))
+             #t)))))
+    (inputs
+     `(("the-silver-searcher" ,the-silver-searcher)))
+    (propagated-inputs
+     `(("dash" ,emacs-dash)
+       ("s" ,emacs-s)))
+    (home-page "https://github.com/Wilfred/ag.el")
+    (synopsis "Front-end for ag (the-silver-searcher) for Emacs")
+    (description "This package provides the ability to use the silver
+searcher, a code searching tool, sometimes abbreviated to @code{ag}.  Features
+include version control system awareness, use of Perl compatible regular
+expressions, editing the search results directly and searching file names
+rather than the contents of files.")
+    (license license:gpl3+)))
+
 (define-public emacs-async
   (package
     (name "emacs-async")
@@ -1248,7 +1288,7 @@ and stored in memory.")
 (define-public emacs-bui
   (package
     (name "emacs-bui")
-    (version "1.0.1")
+    (version "1.1.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -1257,7 +1297,7 @@ and stored in memory.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0vsh1v99xxm6hhqp0vg9fbs230kawa7xb5dnd8fidf3vwm622aqh"))))
+                "112k0mq6xpy0r47vk66miw7rxbkv3d06pv3pd0vcmrhcnhnnk486"))))
     (build-system emacs-build-system)
     (propagated-inputs
      `(("dash" ,emacs-dash)))
@@ -1272,7 +1312,7 @@ type, for example: packages, buffers, files, etc.")
 (define-public emacs-guix
   (package
     (name "emacs-guix")
-    (version "0.2.1")
+    (version "0.2.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/alezost/guix.el"
@@ -1280,7 +1320,7 @@ type, for example: packages, buffers, files, etc.")
                                   "/emacs-guix-" version ".tar.gz"))
               (sha256
                (base32
-                "0nhx0c3xc16frpyqikaml73hjyn8a0jijq5ibq8a4zrjiw1pqxwy"))))
+                "1i47yh24xvgmnc778765g3j9ip0xb2y85v6w83r4qmkigk9rl2ck"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
@@ -1391,6 +1431,29 @@ allows easily move between them.")
 strings.")
     (license license:gpl3+)))
 
+(define-public emacs-sx
+  (package
+    (name "emacs-sx")
+    (version "0.4")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/vermiculus/sx.el/"
+                                  "archive/v" version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1w0xghfljqg31axcnv8gzlrd8pw25nji6idnrhflq0af9qh1dw03"))))
+    (build-system emacs-build-system)
+    (propagated-inputs
+     `(("emacs-markdown-mode" ,emacs-markdown-mode)
+       ("let-alist" ,let-alist)))
+    (home-page "https://github.com/vermiculus/sx.el/")
+    (synopsis "Emacs StackExchange client")
+    (description
+     "Emacs StackExchange client.  Ask and answer questions on
+Stack Overflow, Super User, and other StackExchange sites.")
+    (license license:gpl3+)))
+
 (define-public emacs-f
   (package
     (name "emacs-f")
@@ -1440,6 +1503,26 @@ Git, Mercurial, Subversion and Bazaar are supported, and many parts of the
 display and behaviour is easily customisable.")
     (license license:gpl3+)))
 
+(define-public emacs-git-timemachine
+  (package
+    (name "emacs-git-timemachine")
+    (version "3.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/pidu/git-timemachine/"
+                           "archive/" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1l4g0r69wfrnjsywv03v4bpdd53byg6zdx6mzabfxyymss3kvisa"))))
+    (build-system emacs-build-system)
+    (home-page "https://github.com/pidu/git-timemachine")
+    (synopsis "Step through historic versions of Git-controlled files")
+    (description "This package enables you to step through historic versions
+of files under Git version control from within Emacs.")
+    (license license:gpl3+)))
+
 (define-public emacs-el-mock
   (package
     (name "emacs-el-mock")
@@ -1714,6 +1797,27 @@ evaluated in the browser, just like Emacs does with an inferior Lisp process
 in Lisp modes.")
     (license license:unlicense)))
 
+(define-public emacs-stripe-buffer
+  (package
+    (name "emacs-stripe-buffer")
+    (version "0.2.5")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/sabof/stripe-buffer/"
+                           "archive/" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1p515dq7raly5hw94kiwm3vzsfih0d8af622q4ipvvljsm98aiik"))))
+    (build-system emacs-build-system)
+    (home-page "https://github.com/sabof/stripe-buffer/")
+    (synopsis "Add stripes to list buffers")
+    (description
+     "This Emacs package adds faces to add stripes to list buffers and org
+tables.")
+    (license license:gpl2+)))
+
 (define-public emacs-rich-minority
   (package
     (name "emacs-rich-minority")
diff --git a/gnu/packages/engineering.scm b/gnu/packages/engineering.scm
index 831e63beda..b147764a7d 100644
--- a/gnu/packages/engineering.scm
+++ b/gnu/packages/engineering.scm
@@ -3,7 +3,7 @@
 ;;; Copyright © 2015 Federico Beffa <beffa@fbengineering.ch>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 David Thompson <davet@gnu.org>
-;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 Theodoros Foradis <theodoros.for@openmailbox.org>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -545,7 +545,7 @@ as well as pick-place files.")
                                         (getenv "CPLUS_INCLUDE_PATH")))
                  #t)))
            (add-after 'install 'install-guile-bindings
-             (lambda* (#:key outputs #:allow-other-keys)
+             (lambda* (#:key inputs outputs #:allow-other-keys)
                ;; Install the Guile bindings (the build system only installs
                ;; libao.so.)
                (let* ((out    (assoc-ref outputs "out"))
@@ -574,6 +574,14 @@ as well as pick-place files.")
 
                    (install-file "bin/ao-guile"
                                  (string-append out "/bin"))
+
+                   ;; Allow Ao to dlopen the relevant GL libraries.  Otherwise
+                   ;; it fails with:
+                   ;;   Couldn't find current GLX or EGL context.
+                   (let ((mesa (assoc-ref inputs "mesa")))
+                     (wrap-program (string-append out "/bin/ao-guile")
+                       `("LD_LIBRARY_PATH" ":" prefix
+                         (,(string-append mesa "/lib")))))
                    #t)))))))
       (native-inputs
        `(("pkg-config" ,pkg-config)))
@@ -583,6 +591,7 @@ as well as pick-place files.")
          ("libpng" ,libpng)
          ("glfw" ,glfw)
          ("libepoxy" ,libepoxy)
+         ("mesa" ,mesa)
          ("eigen" ,eigen)
          ("glm" ,glm)
          ("guile" ,guile-2.0)))
diff --git a/gnu/packages/enlightenment.scm b/gnu/packages/enlightenment.scm
index ca97104958..a34578afe7 100644
--- a/gnu/packages/enlightenment.scm
+++ b/gnu/packages/enlightenment.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Tomáš Čech <sleep_walker@suse.cz>
 ;;; Copyright © 2015 Daniel Pimentel <d4n1@member.fsf.org>
-;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -146,7 +146,7 @@ removable devices or support for multimedia.")
 (define-public terminology
   (package
     (name "terminology")
-    (version "0.9.1")
+    (version "1.0.0")
     (source (origin
               (method url-fetch)
               (uri
@@ -154,13 +154,13 @@ removable devices or support for multimedia.")
                               "terminology/terminology-" version ".tar.xz"))
               (sha256
                (base32
-                "1kwv9vkhngdm5v38q93xpcykghnyawhjjcb5bgy0p89gpbk7mvpc"))))
+                "1x4j2q4qqj10ckbka0zaq2r2zm66ff1x791kp8slv1ff7fw45vdz"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (inputs
      `(("efl" ,efl)))
-    (home-page "https://www.enlightenment.org")
+    (home-page "https://www.enlightenment.org/about-terminology")
     (synopsis "Powerful terminal emulator based on EFL")
     (description
      "Terminology is fast and feature rich terminal emulator.  It is solely
diff --git a/gnu/packages/fcitx.scm b/gnu/packages/fcitx.scm
index dd8eead7fb..fc55df14a6 100644
--- a/gnu/packages/fcitx.scm
+++ b/gnu/packages/fcitx.scm
@@ -85,3 +85,39 @@
 Pinyin, Quwei and some table-based (Wubi, Cangjie, Erbi, etc.) input methods
 built-in.")
     (license gpl2+)))
+
+(define-public fcitx-configtool
+  (package
+   (name "fcitx-configtool")
+   (version "0.4.8")
+   (source (origin
+            (method url-fetch)
+            (uri (string-append "https://download.fcitx-im.org/fcitx-configtool/"
+                  name "-" version ".tar.xz"))
+            (sha256
+             (base32
+              "1vaim0namw58bfafbvws1vgd4010p19zwqfbx6bd1zi5sgchdg0f"))))
+   (build-system cmake-build-system)
+   (arguments
+    `(#:configure-flags
+      (list "-DENABLE_GTK2=ON"
+            "-DENABLE_GTK3=ON")
+      #:tests? #f)) ; No tests.
+   (native-inputs
+    `(("glib:bin"   ,glib "bin")
+      ("pkg-config" ,pkg-config)))
+   (inputs
+    `(("fcitx"      ,fcitx)
+      ("dbus-glib"  ,dbus-glib)
+      ("gettext"    ,gettext-minimal)
+      ("gtk2"       ,gtk+-2)
+      ("gtk3"       ,gtk+)
+      ("iso-codes"  ,iso-codes)))
+   (home-page "https://fcitx-im.org/wiki/Configtool")
+   (synopsis "Graphic Fcitx configuration tool")
+   (description
+    "Fcitx is an input method framework with extension support.  It has
+Pinyin, Quwei and some table-based (Wubi, Cangjie, Erbi, etc.) input methods
+built-in.  This package provides GTK version of the graphic configuration
+tool of Fcitx.")
+   (license gpl2+)))
diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm
index f01b831559..29ae579bae 100644
--- a/gnu/packages/fonts.scm
+++ b/gnu/packages/fonts.scm
@@ -1,19 +1,20 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2014, 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014 Joshua Grant <tadni@riseup.net>
 ;;; Copyright © 2014 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
 ;;; Copyright © 2015 Eric Dvorsak <eric@dvorsak.fr>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015, 2016 Leo Famulari <leo@famulari.name>
-;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016, 2017 ng0 <ng0@libertad.pw>
 ;;; Copyright © 2016 Jookia <166291@gmail.com>
 ;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2016 Dmitry Nikolaev <cameltheman@gmail.com>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2016 Toni Reina <areina@riseup.net>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -108,12 +109,10 @@ in print.  With attention to detail for high resolution rendering.")
                      (mkdir-p doc-dir)
                      (chdir (string-append "ubuntu-font-family-" ,version))
                      (for-each (lambda (ttf)
-                                 (copy-file ttf
-                                            (string-append font-dir "/" ttf)))
+                                 (install-file ttf font-dir))
                                (find-files "." "\\.ttf$"))
                      (for-each (lambda (doc)
-                                 (copy-file doc
-                                            (string-append doc-dir "/" doc)))
+                                 (install-file doc doc-dir))
                                (find-files "." "\\.txt$"))))))
     (native-inputs `(("source" ,source)
                      ("unzip" ,unzip)))
@@ -165,19 +164,13 @@ TrueType (TTF) files.")
                      (mkdir-p doc-dir)
                      (chdir (string-append "dejavu-fonts-ttf-" ,version))
                      (for-each (lambda (ttf)
-                                 (copy-file ttf
-                                            (string-append font-dir "/"
-                                                           (basename ttf))))
+                                 (install-file ttf font-dir))
                                (find-files "ttf" "\\.ttf$"))
                      (for-each (lambda (conf)
-                                 (copy-file conf
-                                            (string-append conf-dir "/"
-                                                           (basename conf))))
+                                 (install-file conf conf-dir))
                                (find-files "fontconfig" "\\.conf$"))
                      (for-each (lambda (doc)
-                                 (copy-file doc
-                                            (string-append doc-dir "/"
-                                                           (basename doc))))
+                                 (install-file doc doc-dir))
                                (find-files "." "\\.txt$|^[A-Z][A-Z]*$"))))))
     (native-inputs `(("source" ,source)
                      ("tar" ,tar)
@@ -186,7 +179,7 @@ TrueType (TTF) files.")
     (synopsis "Vera font family derivate with additional characters")
     (description "DejaVu provides an expanded version of the Vera font family
 aiming for quality and broader Unicode coverage while retaining the original
-Vera style.  DejaVu currently works towards conformance with the Multilingual
+Vera style.  DejaVu currently works towards conformance to the Multilingual
 European Standards (MES-1 and MES-2) for Unicode coverage.  The DejaVu fonts
 provide serif, sans and monospaced variants.")
     (license
@@ -229,12 +222,10 @@ provide serif, sans and monospaced variants.")
                      (mkdir-p doc-dir)
                      (chdir (string-append "ttf-bitstream-vera-" ,version))
                      (for-each (lambda (ttf)
-                                 (copy-file ttf
-                                            (string-append font-dir "/" ttf)))
+                                 (install-file ttf font-dir))
                                (find-files "." "\\.ttf$"))
                      (for-each (lambda (doc)
-                                 (copy-file doc
-                                            (string-append doc-dir "/" doc)))
+                                 (install-file doc doc-dir))
                                (find-files "." "\\.TXT$"))))))
     (native-inputs `(("source" ,source)
                      ("tar" ,tar)
@@ -250,7 +241,7 @@ package provides the TrueType (TTF) files.")
 (define-public font-cantarell
   (package
     (name "font-abattis-cantarell")
-    (version "0.0.24")
+    (version "0.0.25")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/cantarell-fonts/"
@@ -258,7 +249,7 @@ package provides the TrueType (TTF) files.")
                                   "/cantarell-fonts-" version ".tar.xz"))
               (sha256
                (base32
-                "0r4jnc2x9yncf40lixjb1pqgpq8rzbi2fz33pshlqzjgx2d69bcw"))))
+                "0zvkd8cm1cg2919v1js9qmzwa02sjl7qajj3gcvgqvai1fm2i8hl"))))
     (build-system gnu-build-system)
     (home-page "https://wiki.gnome.org/Projects/CantarellFonts")
     (synopsis "Cantarell sans-serif typeface")
@@ -294,9 +285,7 @@ sans-serif designed for on-screen reading.  It is used by GNOME@tie{}3.")
                        (system* "make" "ttftar")
                        (mkdir-p font-dir)
                        (for-each (lambda (file)
-                                   (copy-file file
-                                              (string-append font-dir "/"
-                                                             (basename file))))
+                                   (install-file file font-dir))
                                  (filter
                                    (lambda (file) (string-suffix? "ttf" file))
                                    (find-files "." "")))))))
@@ -348,14 +337,10 @@ sans-serif designed for on-screen reading.  It is used by GNOME@tie{}3.")
            (mkdir-p doc-dir)
            (chdir (string-append "liberation-fonts-ttf-" ,version))
            (for-each (lambda (ttf)
-                       (copy-file ttf
-                                  (string-append font-dir "/"
-                                                 (basename ttf))))
+                       (install-file ttf font-dir))
                      (find-files "." "\\.ttf$"))
            (for-each (lambda (doc)
-                       (copy-file doc
-                                  (string-append doc-dir "/"
-                                                 (basename doc))))
+                       (install-file doc doc-dir))
                      '("AUTHORS" "ChangeLog" "LICENSE" "README" "TODO"))))))
     (native-inputs
      `(("source" ,source)
@@ -367,17 +352,16 @@ sans-serif designed for on-screen reading.  It is used by GNOME@tie{}3.")
     (description
      "The Liberation font family aims at metric compatibility with
 Arial, Times New Roman, and Courier New.
-
 There are three sets:
 
-- Sans (a substitute for Arial, Albany, Helvetica, Nimbus Sans L, and
+@enumerate
+@item Sans (a substitute for Arial, Albany, Helvetica, Nimbus Sans L, and
 Bitstream Vera Sans);
-
-- Serif (a substitute for Times New Roman, Thorndale, Nimbus Roman, and
+@item Serif (a substitute for Times New Roman, Thorndale, Nimbus Roman, and
 Bitstream Vera Serif);
-
-- Mono (a substitute for Courier New, Cumberland, Courier, Nimbus Mono L,
+@item Mono (a substitute for Courier New, Cumberland, Courier, Nimbus Mono L,
 and Bitstream Vera Sans Mono).
+@end enumerate
 
 The Liberation Fonts are sponsored by Red Hat.")
     (license license:silofl1.1)))
@@ -414,8 +398,8 @@ The Liberation Fonts are sponsored by Red Hat.")
        #:tests? #f)) ;; No test target in tarball
     (home-page "http://terminus-font.sourceforge.net/")
     (synopsis "Simple bitmap programming font")
-    (description "Terminus Font is a clean, fixed width bitmap font, designed
-for long (8 and more hours per day) work with computers.")
+    (description "Terminus Font is a clean, fixed-width bitmap font, designed
+for long periods of working with computers (8 or more hours per day).")
     (license license:silofl1.1)))
 
 (define-public font-adobe-source-han-sans
@@ -501,8 +485,7 @@ text in Simplified Chinese, Traditional Chinese, Japanese, and Korean.")
            (mkdir-p font-dir)
            (system* "tar" "xvf" (assoc-ref %build-inputs "source"))
            (chdir "wqy-zenhei")
-           (copy-file "wqy-zenhei.ttc"
-                      (string-append font-dir "wqy-zenhei.ttc"))))))
+           (install-file "wqy-zenhei.ttc" font-dir)))))
     (native-inputs
      `(("gzip" ,gzip)
        ("tar" ,tar)))
@@ -512,15 +495,60 @@ text in Simplified Chinese, Traditional Chinese, Japanese, and Korean.")
      "WenQuanYi Zen Hei is a Hei-Ti style (sans-serif type) Chinese outline
 font.  It is designed for general purpose text formatting and on-screen
 display of Chinese characters and symbols from many other languages.
-WenQuanYi Zen Hei provides a rather complete coverage to Chinese Hanzi glyphs,
+WenQuanYi Zen Hei provides a rather complete coverage of Chinese Hanzi glyphs,
 including both simplified and traditional forms.  The total glyph number in
 this font is over 35,000, including over 21,000 Chinese Hanzi.  This font has
-full coverage to GBK(CP936) charset, CJK Unified Ideographs, as well as the
-code-points needed for zh_cn, zh_sg, zh_tw, zh_hk, zh_mo, ja (Japanese) and
-ko (Korean) locales for fontconfig.")
+full coverage of the GBK (CP936) charset, CJK Unified Ideographs, as well as
+the code-points needed for zh_cn, zh_sg, zh_tw, zh_hk, zh_mo, ja (Japanese) and
+ko (Korean) locales for @code{fontconfig}.")
     ;; GPLv2 with font embedding exception
     (license license:gpl2)))
 
+(define-public font-wqy-microhei
+  (package
+    (name "font-wqy-microhei")
+    (version "0.2.0-beta")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://sourceforge/wqy/wqy-microhei/"
+                                  version "/wqy-microhei-" version ".tar.gz"))
+              (sha256
+               (base32
+                "0gi1yxqph8xx869ichpzzxvx6y50wda5hi77lrpacdma4f0aq0i8"))))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils))
+         (let ((PATH (string-append (assoc-ref %build-inputs "tar")  "/bin:"
+                                    (assoc-ref %build-inputs "gzip") "/bin"))
+               (font-dir (string-append (assoc-ref %outputs "out")
+                                        "/share/fonts/wenquanyi/")))
+           (setenv "PATH" PATH)
+           (mkdir-p font-dir)
+           (system* "tar" "xvf" (assoc-ref %build-inputs "source"))
+           (chdir "wqy-microhei")
+           (copy-file "wqy-microhei.ttc"
+                      (string-append font-dir "wqy-microhei.ttc"))))))
+    (native-inputs
+     `(("gzip" ,gzip)
+       ("tar" ,tar)))
+    (home-page "http://wenq.org/wqy2/")
+    (synopsis "CJK font")
+    (description
+     "WenQuanYi Micro Hei is a Sans-Serif style (also known as Hei, Gothic or
+Dotum among the Chinese/Japanese/Korean users) high quality CJK outline font.
+It was derived from \"Droid Sans Fallback\" and \"Droid Sans\" released by
+Google Inc.  This font contains all the unified CJK Han glyphs in the range of
+U+4E00-U+9FC3 defined in Unicode Standard 5.1, together with many other
+languages unicode blocks, including Latins, Extended Latins, Hanguls and
+Kanas.  The font file is extremely compact (~4M) compared with most known CJK
+fonts.")
+    ;; This font is licensed under Apache2.0 or GPLv3 with font embedding
+    ;; exceptions.
+    (license license:gpl3)))
+
 (define-public font-tex-gyre
   (package
     (name "font-tex-gyre")
@@ -585,12 +613,10 @@ Heros, Pagella, Schola, Termes.")
            (mkdir-p doc-dir)
            (chdir (string-append "AnonymousPro-" ,version ".001"))
            (for-each (lambda (ttf)
-                       (copy-file ttf
-                                  (string-append font-dir "/" ttf)))
+                       (install-file ttf font-dir))
                      (find-files "." "\\.ttf$"))
            (for-each (lambda (doc)
-                       (copy-file doc
-                                  (string-append doc-dir "/" doc)))
+                       (install-file doc doc-dir))
                      (find-files "." "\\.txt$"))))))
     (native-inputs
      `(("unzip" ,unzip)))
@@ -688,21 +714,62 @@ utilities to ease adding new glyphs to the font.")
 
                      (mkdir-p font-dir)
                      (for-each (lambda (ttf)
-                                 (copy-file ttf
-                                            (string-append font-dir "/" ttf)))
+                                 (install-file ttf font-dir))
                                (find-files "." "\\.ttf$"))
                      (for-each (lambda (otf)
-                                 (copy-file otf
-                                            (string-append font-dir "/" otf)))
+                                 (install-file otf font-dir))
                                (find-files "." "\\.otf$"))))))
     (native-inputs `(("unzip" ,unzip)))
     (home-page "https://www.google.com/get/noto/")
-    (synopsis "Fonts aimed to cover all languages")
-    (description "Googe Noto Fonts is a family of fonts aimed to support all
-languages with a consistent look and aesthetic.  It's goal is to have no Unicode
-symbols unable to be displayed properly.")
+    (synopsis "Fonts to cover all languages")
+    (description "Google Noto Fonts is a family of fonts designed to support
+all languages with a consistent look and aesthetic.  Its goal is to properly
+display all Unicode symbols.")
     (license license:silofl1.1)))
 
+(define-public font-google-roboto
+  (package
+    (name "font-google-roboto")
+    (version "2.136")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/google/roboto/releases/download/"
+                           "v" version "/roboto-hinted.zip"))
+       (file-name (string-append name "-" version ".zip"))
+       (sha256
+        (base32
+         "0spscx08fad7i8qs7icns96iwcapniq8lwwqqvbf7bamvs8qfln4"))))
+    (native-inputs `(("unzip" ,unzip)))
+    (build-system trivial-build-system)
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder (begin
+                   (use-modules (guix build utils)
+                                (srfi srfi-26))
+
+                   (let ((PATH (string-append (assoc-ref %build-inputs
+                                                         "unzip")
+                                              "/bin"))
+                         (font-dir (string-append %output
+                                                  "/share/fonts/truetype")))
+                     (setenv "PATH" PATH)
+                     (system* "unzip" (assoc-ref %build-inputs "source"))
+
+                     (mkdir-p font-dir)
+                     (chdir "roboto-hinted")
+                     (for-each (lambda (ttf)
+                                 (copy-file ttf
+                                            (string-append font-dir "/" ttf)))
+                               (find-files "." "\\.ttf$"))))))
+    (home-page "https://github.com/google/roboto")
+    (synopsis "The Roboto family of fonts")
+    (description
+     "Roboto is Google’s signature family of fonts, the default font on Android
+and Chrome OS, and the recommended font for the
+visual language \"Material Design\".")
+    (license license:asl2.0)))
+
 (define-public font-un
   (package
     (name "font-un")
@@ -735,14 +802,10 @@ symbols unable to be displayed properly.")
            (mkdir-p doc-dir)
            (chdir (string-append "un-fonts"))
            (for-each (lambda (ttf)
-                       (copy-file ttf
-                                  (string-append font-dir "/"
-                                                 (basename ttf))))
+                       (install-file ttf font-dir))
                      (find-files "." "\\.ttf$"))
            (for-each (lambda (doc)
-                       (copy-file doc
-                                  (string-append doc-dir "/"
-                                                 (basename doc))))
+                       (install-file doc doc-dir))
                      '("COPYING" "README"))))))
     (native-inputs
      `(("tar" ,tar)
@@ -840,18 +903,17 @@ glyph designs, not just an added slant.")
 
                      (mkdir-p font-dir)
                      (for-each (lambda (ttf)
-                                 (copy-file ttf
-                                            (string-append font-dir "/" ttf)))
+                                 (install-file ttf font-dir))
                                (find-files "." "\\.ttf$"))))))
     (native-inputs
      `(("source" ,source)
        ("unzip" ,unzip)))
     (home-page "https://sourcefoundry.org/hack/")
-    (synopsis "Typeface designed for sourcecode")
+    (synopsis "Typeface designed for source code")
     (description
-     "Hack is designed to be a workhorse typeface for code, it expands upon
-the Bitstream Vera & DejaVu projects, provides 1561 glyphs including
-powerline support.")
+     "Hack is designed to be a workhorse typeface for code.  It expands upon
+the Bitstream Vera & DejaVu projects, provides 1561 glyphs, and includes
+Powerline support.")
     (license (license:x11-style
               "https://github.com/chrissimpkins/Hack/blob/master/LICENSE.md"
               "Hack Open Font License v2.0"))))
diff --git a/gnu/packages/freedesktop.scm b/gnu/packages/freedesktop.scm
index 18e609751f..f9007b1b36 100644
--- a/gnu/packages/freedesktop.scm
+++ b/gnu/packages/freedesktop.scm
@@ -2,11 +2,12 @@
 ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
 ;;; Copyright © 2015 Andy Wingo <wingo@pobox.com>
-;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 David Hashe <david.hashe@dhashe.com>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2017 Mark H Weaver <mhw@netris.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -42,11 +43,13 @@
   #:use-module (gnu packages gl)
   #:use-module (gnu packages glib)                ;intltool
   #:use-module (gnu packages gnome)
+  #:use-module (gnu packages gnuzilla)
   #:use-module (gnu packages gperf)
   #:use-module (gnu packages graphviz)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages libffi)
   #:use-module (gnu packages libunwind)
+  #:use-module (gnu packages libusb)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages m4)
   #:use-module (gnu packages polkit)
@@ -85,14 +88,14 @@ freedesktop.org project.")
 (define-public libinput
   (package
     (name "libinput")
-    (version "1.5.3")
+    (version "1.6.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://freedesktop.org/software/libinput/"
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1qx623nyr49sxv49ilb0j85skgk1dhkr82vd577ywyjf7d96q84i"))))
+                "0cjq4mjqx8c7iiign330s34dvpw38rlv8byaxlx68p3kim8lylxp"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("cairo" ,cairo)
@@ -748,14 +751,14 @@ messaging clients such as Empathy, GNOME Shell or KDE Telepathy.")
 (define-public telepathy-mission-control
   (package
     (name "telepathy-mission-control")
-    (version "5.16.3")
+    (version "5.16.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://telepathy.freedesktop.org/releases/"
-                                  name "/" name "-" version ".tar.bz2"))
+                                  name "/" name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0zcbx69k0d3p2pjh3g7sa3q2zkd5xchxkqsmlfn3fwxaz0pmsmvi"))))
+                "1jz6wwgsfxixha6ys2hbzbk5faqnj9kh2m5qdlgx5anqgandsscp"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("glib:bin" ,glib "bin") ; for glib-compile-schemas, etc.
@@ -805,3 +808,77 @@ share connections to real-time communication services without conflicting.")
 useful for both applications which need colour management and applications that
 wish to perform colour calibration.")
     (license license:lgpl2.1+)))
+
+(define-public libfprint
+  (package
+    (name "libfprint")
+    (version "0.6.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://people.freedesktop.org/~hadess/"
+                                  name "-" version ".tar.xz"))
+              (sha256
+               (base32
+                "1giwh2z63mn45galsjb59rhyrvgwcy01hvvp4g01iaa2snvzr0r5"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:configure-flags (list (string-append "--with-udev-rules-dir="
+                                              (assoc-ref %outputs "out")
+                                              "/lib/udev/rules.d"))))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("libusb" ,libusb)
+       ("nss" ,nss)
+       ("glib" ,glib)
+       ("eudev" ,eudev)
+       ("pixman" ,pixman)))
+    (home-page "https://www.freedesktop.org/wiki/Software/fprint/libfprint/")
+    (synopsis "Library to access fingerprint readers")
+    (description
+     "libfprint is a library designed to make it easy for application
+developers to add support for consumer fingerprint readers to their
+software.")
+    (license license:lgpl2.1+)))
+
+(define-public fprintd
+  (package
+    (name "fprintd")
+    (version "0.7.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://people.freedesktop.org/~hadess/fprintd-"
+                    version ".tar.xz"))
+              (sha256
+               (base32
+                "05915i0bv7q62fqrs5diqwr8dz3pwqa1c1ivcgggkjyw0xk4ldp5"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:phases (modify-phases %standard-phases
+                  (add-before 'build 'set-sysconfdir
+                    (lambda* (#:key outputs #:allow-other-keys)
+                      ;; Work around a bug whereby the 'SYSCONFDIR' macro
+                      ;; expands literally to '${prefix}/etc'.
+                      (let ((out (assoc-ref outputs "out")))
+                        (substitute* "src/main.c"
+                          (("SYSCONFDIR, \"fprintd.conf\"")
+                           (string-append "\"" out "/etc\", "
+                                          "\"fprintd.conf\"")))
+                        #t))))))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("intltool" ,intltool)))
+    (inputs
+     `(("libfprint" ,libfprint)
+       ("dbus-glib" ,dbus-glib)
+       ("polkit" ,polkit)
+       ("linux-pam" ,linux-pam)))                 ;for pam_fprintd
+    (home-page "https://www.freedesktop.org/wiki/Software/fprint/fprintd/")
+    (synopsis "D-Bus daemon that exposes fingerprint reader functionality")
+    (description
+     "fprintd is a D-Bus daemon that offers functionality of libfprint, a
+library to access fingerprint readers, over the D-Bus interprocess
+communication bus.  This daemon layer above libfprint solves problems related
+to applications simultaneously competing for fingerprint readers.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm
index c449f59549..1580d1fe1f 100644
--- a/gnu/packages/games.scm
+++ b/gnu/packages/games.scm
@@ -2159,42 +2159,45 @@ http://lavachat.symlynx.com/unix/")
 
 (define-public red-eclipse
   (let ((data-sources
-         '(("acerspyro"   "0hqwa3b65l8mz73mcdsvrwbc14mrx1qn52073p5zh69pqd0mlfi0")
-           ("actors"      "0v87wifqwam5j6vsiidmcvw22i51h9h4skgwhi511mxkwryrp26h")
-           ("appleflap"   "0bkh1v125dwd5jhb4rrc1sl0jdlbb2ib53ihbxa66x1p8l27aklw")
-           ("blendbrush"  "1wh88fshsy492kjvadql2ik1q5pqgcj84jz0hc93ngag8xibxhfi")
-           ("caustics"    "0pc5bnd4fmxh06cm3h8045wgiy894f9x5a943n28gymdyql7q4f6")
-           ("crosshairs"  "1w9acqhxw5nm690862msl5jjbk8qlizxm1vv7p95lgm7q7pg0yxx")
-           ("elyvisions"  "04q31lp5jm8b9crf81s6k1jvrn90i1ay3s6vk103iv8g4amsfhdx")
-           ("fonts"       "1rsfk2d9xk0aaazvrcxk4z5n2cnys7pixadh521mv7zrxbx2d95x")
-           ("freezurbern" "0b2xg5x79yxanr30dhw3zr6dsc6x9w7v7aghbh9kp292j31l280m")
-           ("john"        "07pgjg1rxl3bmwriy2yl3g63nnryjws8jl0ry1cza3p9wd59f8rz")
-           ("jojo"        "0lkzd5pwfqan1gaaz22r5iz4z2nq8dkzycddwa0cxavmq8qmj281")
-           ("jwin"        "0mnyp1inhabw56mw5wkhfd4k6z0lvyhr6cjj6hnj3bz2dip2y2zm")
-           ("luckystrike" "1d89xnvahmzlgm0bjh3zhf02vxx1q16b70x2cihbl05dic1v75pr")
-           ("maps"        "19gy8kl7w2llsklym32hnlnd05z2dhq5dhdxhq5ss5na67skv5by")
-           ("mayhem"      "1si2gnsf732ml8ygkhg27ckvic9wafqmkgq0ab1ifpfpy606sa8d")
-           ("mikeplus64"  "0l48czyglbc0d4ack8xz9imarb6r4l29krq0mf3ld7yrxbc296vr")
-           ("misc"        "0fri1l3i1s1pzvr7aah4a7d9h2i877c21x184z80v4jpqv4228f3")
-           ("nobiax"      "1jv2yv2qj9qbxhaj1nd70v5142dpg074gkkh3bw2anchi8pzyhs8")
-           ("particles"   "0gwj6m5197gpwddqb3pwlkaiafgfszqysaz2h1bx60qzh5crgsf9")
-           ("philipk"     "0ngccscmvlgc2z96vira7phr87f65l4v7immbl697zmc5fda6k68")
-           ("projectiles" "1ig6dag5989rgwrhvmz7xz5q8gf5slgnda8h8zmiyhvrnal09hbp")
-           ("props"       "0g3sgrlgmk9zrl67d9pa93hzb4xx3wwznfxa1h3wwilld0m7gzhx")
-           ("skyboxes"    "0lvpzc741vkmy2rnra41ij91wq3pdl28xamy6vapq61mf44xmmvj")
-           ("sounds"      "0jmvvixcx7kv34sxjs4x7vqsyhir6l5av6b3lm8m8rsfi0sdvqml")
-           ("textures"    "1yx01k9yn2v1k79sa68wa51qw1zk03b8irkvxyd14ygibkicvgnb")
-           ("torley"      "1286srp05nfjban6ca124njyil70gr7bm6aqn5p0vz0xr00l4dw5")
-           ("trak"        "1079fg2cbm95psxic3r63i94z3cnbf04wlid2hqnw308s9l9q36c")
-           ("ulukai"      "0yd80ivn51ya60m4cg4bw13wxgijkjagfgskdphy9adgsaqq9n7b")
-           ("unnamed"     "0l21dhw7kbav59p7ysn6dr2sqzjivwxafml4023yznlhxx5fic4m")
-           ("vanities"    "1aqi32lf7y64fv1y00mpixckjr9wj8p1prgyxjiv7s3hf5q7n2b3")
-           ("vegetation"  "0253fdn5sxywrjb79krhvq2884almxpysn6dn0hi6ylpjzl78zrn")
-           ("weapons"     "0y2zsx6g6k9izshgix9id3y01hsisd88mp5zrlm5x9v8y0sf6kf8")
-           ("wicked"      "0ib0325dn6vzpx3p4cr6bhg9qhj8c5s20xyzy88xjc3y2pazbdvx"))))
+         '(("acerspyro"   "0zmg78scrfdv33h7vszqvzylcqjwg7d5b0j2riav3rjfh326j8xx")
+           ("actors"      "0l00rsvppqzdpsikm5qpj38jiygirszxlzay2nxp4g4n2qjq0m4a")
+           ("appleflap"   "0jhfr7f13hk3nswwxqc4jajriipr6zz6j63v955nv4sgxs7lzbjd")
+           ("blendbrush"  "1nk0zaisbqf2khrivq8ls6z2lnh6d51m133m2ppxk7k4c9gq1imq")
+           ("caustics"    "1hq08k476wayi0kmk4ps8h6jr75yinq04f1r2p8r79xsdpxq9my5")
+           ("crosshairs"  "1gmrmjm7i7n9py0qrzamk7ygi63yx1mr2pp6iwz2vwngprl03n8m")
+           ("dziq"        "0gr36ydrv8syjxv7w9dw3ix8waaq201fzxr0klkqp260p8xp215s")
+           ("elyvisions"  "05syxlpsap6nfwxnnd0ls7qj1p4vhw2jxi41pi5inwpfifapfphz")
+           ("fonts"       "184syks602xc657q08973w5ji50x5zssvd4vp2q2ig8m68iyr51c")
+           ("freezurbern" "020gpgcpy4rqjd9d18npfm96j8f02jcjnccbxcgzk1yb58y687ya")
+           ("john"        "0hj5kwlb2gb0gsnl9bk7dkqlk8r7vxcw8gxpgrb3kfn8d9cwcb7k")
+           ("jojo"        "0fij06040r7s5p7jksxm7wxi9jqwkhhm8iywys0dagk8j2wcbvsz")
+           ("jwin"        "0ysfynjvypc8dszf7rsvk02jgw8fmsli49vy2xpm83zpkrqpddgf")
+           ("luckystrike" "1bm0xdqjv35ry5xwbzw3a3v1xf2gj1jwfg29nyl6w3ch0h6crr11")
+           ("maps"        "0c9d1zxmpnngwhchzw6xb6cf84cx8xyycmdqcvyhamrd95d96qma")
+           ("mayhem"      "133pdql7ari159skd9qdmw0p1m73x32d1v6jswkz0xwk8vgxmkil")
+           ("mikeplus64"  "1d5npn9wlw0mviz9vhzzcsj98jvfh1wbvlh1nyqfj4ws5nfxhs7x")
+           ("misc"        "19x2ps6yxnfrz0xdhqdwncaq25ds7i4w2l8sdfi95yh2r7c5k1qn")
+           ("nieb"        "15029nipl92cb0jbh46z00k51hf3jk4v05pwx266b6b11bapdz0c")
+           ("nobiax"      "0k9apim5z4ihd5ajmnbq4gyh24w872dv0mr5v8wqn31a8gxzahhp")
+           ("particles"   "06827r9pnhzjil381xiwcbc93v9nxin7qlr59yrvk9gdzxmklk9m")
+           ("philipk"     "1l6fhl6qz471vjn05hvk29bm8dhwnzqbmi2hdylpa9k998nzkfc1")
+           ("projectiles" "03ay8ik52n3vx723swqlnl5gpkzf1v1gadwj3zcnh43ch7nd2bqh")
+           ("props"       "1yxz7gfmb79sqqrkyfdzp4ar9rf5f1kpfij4nrkk1l8vbw9liksc")
+           ("skyboxes"    "1mm98mhb6yhb006p1hlic91jcwjxhq79mblxciwbqqa9c5g4yki6")
+           ("snipergoth"  "1vlpmwlg71g6l5b706gp82bc07i5bbw2zphzynm2fx49za0zdi44")
+           ("sounds"      "156g5wh8cvdh6zr33haqm566sd28ylnzdf2h4pqzpxbb2i19vbfg")
+           ("textures"    "0wkhl5cgymr9kslzhksi83hs15rb0q01xvax5khi6b4dcl3mrmsh")
+           ("torley"      "1xlag6ndjyqafl984n6d9zi96dv9aif7vrc2nvikc3iwgjwlbxav")
+           ("trak"        "12x9ix8zkqn9svy56qmdgj4x2814qh25f4srplgq691lqn9qjhvd")
+           ("ulukai"      "0gz1hd8hca2biskc85hw4jjacpsmqg9x4w6cwrka8x987xmc92k5")
+           ("unnamed"     "09v8fjy6jqypm1i121kilg3z6zpw7dm0i4gxhd9b7ihprvzvy8r7")
+           ("vanities"    "0m3vfq9l71pbb80qz4s3k8r5azmm158chqbw8snch09ymxm6h462")
+           ("vegetation"  "07yzm9lbzr624j4i652ny5p762p83gadg40c1k8gwff4y7yk55gn")
+           ("weapons"     "05fsp17gdrhjqdwia7rwdw9gcijaqwcnny8lf6krms43xmn8cj0x")
+           ("wicked"      "0jjgwzdibr5my369gwvmvbklpjlwq939zgf643rv0168xc087xb2"))))
     (package
       (name "red-eclipse")
-      (version "1.5.6")
+      (version "1.5.8")
       (source (origin
                 (method url-fetch)
                 (uri (string-append "https://github.com/red-eclipse/base"
@@ -2202,7 +2205,7 @@ http://lavachat.symlynx.com/unix/")
                 (file-name (string-append name "-" version ".tar.gz"))
                 (sha256
                  (base32
-                  "1sv3xhng18sl655sd46lpmqbqz32h32s7nwz68bdr9z9w3iwkf66"))))
+                  "1ah92axwcai0fhgm7pvfb2dxvfdiwwyh8iqyiffndh6782hxz3bc"))))
       (build-system gnu-build-system)
       (arguments
        `(#:tests? #f            ; no check target
@@ -2789,7 +2792,7 @@ the GNU GPL.")
 (define-public tintin++
   (package
     (name "tintin++")
-    (version "2.01.1")
+    (version "2.01.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://sourceforge.net/projects/tintin"
@@ -2797,7 +2800,7 @@ the GNU GPL.")
                                   "/tintin" "-" version ".tar.gz"))
               (sha256
                (base32
-                "195wrfcys8yy953gdrl1gxryhjnx9lg1vqgxm3dyzm8bi18aa2yc"))))
+                "13h39agyhlhm17zyqlb56bmbbxpimikyf5pana3gd3ylvqy1xq81"))))
     (inputs
      `(("gnutls" ,gnutls)
        ("pcre" ,pcre)
diff --git a/gnu/packages/gcal.scm b/gnu/packages/gcal.scm
index 375bbedff3..3e45163d79 100644
--- a/gnu/packages/gcal.scm
+++ b/gnu/packages/gcal.scm
@@ -25,16 +25,16 @@
 (define-public gcal
   (package
     (name "gcal")
-    (version "4")
+    (version "4.1")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/gcal/gcal-"
                                  version ".tar.xz"))
              (sha256
               (base32
-               "0vpzz2pb6xf5wlwyqj9xa29yvx72zdmffb0fv54hdirfn5vciiar"))))
+               "1av11zkfirbixn05hyq4xvilin0ncddfjqzc4zd9pviyp506rdci"))))
     (build-system gnu-build-system)
-    (home-page "http://www.gnu.org/software/gcal")
+    (home-page "https://www.gnu.org/software/gcal")
     (synopsis "Calculating and printing a wide variety of calendars")
     (description
      "Gcal is a program to calculate and print calendars on the
diff --git a/gnu/packages/gd.scm b/gnu/packages/gd.scm
index 0241a81db9..713f7ae91e 100644
--- a/gnu/packages/gd.scm
+++ b/gnu/packages/gd.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2013, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -36,6 +36,7 @@
 (define-public gd
   (package
     (name "gd")
+    (replacement gd-2.2.4)
 
     ;; Note: With libgd.org now pointing to github.com, genuine old
     ;; tarballs are no longer available.  Notably, versions 2.0.x are
@@ -77,6 +78,32 @@ most common applications of GD involve website development.")
                            "See COPYING file in the distribution."))
     (properties '((cpe-name . "libgd")))))
 
+(define gd-2.2.4
+  (package
+    (inherit gd)
+    (version "2.2.4")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "https://github.com/libgd/libgd/releases/download/"
+                            "gd-" version "/libgd-" version ".tar.xz"))
+        (patches (search-patches "gd-fix-gd2-read-test.patch"
+                                 "gd-fix-tests-on-i686.patch"))
+        (sha256
+         (base32
+          "1rp4v7n1dq38b92kl7gkvpvqqkw7nvdfnz6d5kip5klkxfki6zqk"))))
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         ;; This test is known to fail on i686-linux:
+         ;; https://github.com/libgd/libgd/issues/359
+         ;; TODO Replace this substitution with an upstream bug fix.
+         (add-after 'unpack 'disable-failing-test
+           (lambda _
+             (substitute* "tests/gdimagegrayscale/basic.c"
+               (("return gdNumFailures\\(\\)")
+                 "return 0")))))))))
+
 (define-public perl-gd
   (package
     (name "perl-gd")
diff --git a/gnu/packages/geo.scm b/gnu/packages/geo.scm
index 86828e717d..4f137a88d7 100644
--- a/gnu/packages/geo.scm
+++ b/gnu/packages/geo.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
+;;; Copyright © 2017 Björn Höfling <bjoern.hoefling@bjoernhoefling.de>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -19,8 +20,9 @@
 
 (define-module (gnu packages geo)
   #:use-module (guix build-system glib-or-gtk)
+  #:use-module (guix build-system gnu)
   #:use-module (guix download)
-  #:use-module (guix licenses)
+  #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix utils)
   #:use-module (gnu packages glib)
@@ -30,6 +32,43 @@
   #:use-module (gnu packages webkit)
   #:use-module (gnu packages xml))
 
+(define-public geos
+  (package
+    (name "geos")
+    (version "3.6.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://download.osgeo.org/geos/geos-"
+                                  version
+                                  ".tar.bz2"))
+              (sha256
+               (base32
+                "1icz31kd5sml2kdxhjznvmv33zfr6nig9l0i6bdcz9q9g8x4wbja"))))
+    (build-system gnu-build-system)
+    (arguments `(#:phases
+                 (modify-phases %standard-phases
+                   (add-after
+                    'unpack 'patch-test-shebangs
+                    (lambda _
+                      (substitute* '("tests/xmltester/testrunner.sh"
+                                     "tests/geostest/testrunner.sh")
+                        (("/bin/sh") (which "sh")))
+                      #t)))))
+    (inputs
+     `(("glib" ,glib)))
+    (home-page "https://geos.osgeo.org/")
+    (synopsis "Geometry Engine for Geographic Information Systems")
+    (description
+     "GEOS provides a spatial object model and fundamental geometric
+functions.  It is a C++ port of the Java Topology Suite (JTS).  As such,
+it aims to contain the complete functionality of JTS in C++.  This
+includes all the OpenGIS Simple Features for SQL spatial predicate
+functions and spatial operators, as well as specific JTS enhanced
+topology functions.")
+    (license (list license:lgpl2.1+          ; Main distribution.
+                   license:zlib              ; tests/xmltester/tinyxml/*
+                   license:public-domain)))) ; include/geos/timeval.h
+
 ;;; FIXME GNOME Maps only runs within GNOME. On i3, it fails with this error:
 ;;; (org.gnome.Maps:8568): GLib-GIO-ERROR **: Settings schema
 ;;; 'org.gnome.desktop.interface' is not installed
@@ -92,4 +131,54 @@
 the OpenStreetMap project.  It can provide directions for walking, bicycling,
 and driving.")
     (home-page "https://wiki.gnome.org/Apps/Maps")
-    (license gpl2+)))
+    (license license:gpl2+)))
+
+(define-public proj.4
+  (package
+    (name "proj.4")
+    (version "4.9.3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://download.osgeo.org/proj/proj-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "1xw5f427xk9p2nbsj04j6m5zyjlyd66sbvl2bkg8hd1kx8pm9139"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-test-paths
+           (lambda _
+             (substitute* '("nad/test27"
+                            "nad/test83"
+                            "nad/testvarious"
+                            "nad/testdatumfile"
+                            "nad/testflaky"
+                            "nad/testIGNF")
+               (("/bin/rm") (which "rm")))
+             #t))
+         ;; Precision problems on i686 and other platforms. See:
+         ;; https://web.archive.org/web/20151006134301/http://trac.osgeo.org/proj/ticket/255
+         ;; Disable failing test.
+         (add-after 'patch-test-paths 'ignore-failing-tests
+           (lambda _
+             (substitute* '("nad/Makefile.in")
+               (("\tPROJ_LIB.*" all) (string-append  "#" all)))
+             #t)))))
+    (inputs
+     `(("glib" ,glib)))
+    (home-page "http://proj4.org/")
+    (synopsis "Cartographic Projections Library")
+    (description
+     "Proj.4 is a library for converting coordinates between cartographic
+projections.")
+    (license (list license:expat
+                   ;; src/PJ_patterson.c
+                   license:asl2.0
+                   ;; src/geodesic.c/h
+                   license:x11
+                   ;; Embedded EPSG database.
+                   (license:non-copyleft "http://www.epsg.org/TermsOfUse")
+                   ;; cmake/*
+                   license:boost1.0))))
diff --git a/gnu/packages/ghostscript.scm b/gnu/packages/ghostscript.scm
index 0c212ca928..7c217d903b 100644
--- a/gnu/packages/ghostscript.scm
+++ b/gnu/packages/ghostscript.scm
@@ -39,6 +39,7 @@
 (define-public lcms
   (package
    (name "lcms")
+   (replacement lcms/fixed)
    (version "2.6")
    (source (origin
             (method url-fetch)
@@ -58,6 +59,14 @@ Consortium standard (ICC), approved as ISO 15076-1.")
    (license license:x11)
    (home-page "http://www.littlecms.com/")))
 
+(define lcms/fixed
+  (package
+    (inherit lcms)
+    (source
+      (origin
+        (inherit (package-source lcms))
+        (patches (search-patches "lcms-fix-out-of-bounds-read.patch"))))))
+
 (define-public libpaper
   (package
    (name "libpaper")
diff --git a/gnu/packages/gimp.scm b/gnu/packages/gimp.scm
index 169183db62..904d7d9766 100644
--- a/gnu/packages/gimp.scm
+++ b/gnu/packages/gimp.scm
@@ -38,8 +38,7 @@
   #:use-module (gnu packages pdf)
   #:use-module (gnu packages photo)
   #:use-module (gnu packages python)
-  #:use-module (gnu packages xorg)
-  #:use-module (gnu packages imagemagick))
+  #:use-module (gnu packages xorg))
 
 (define-public babl
   (package
diff --git a/gnu/packages/gl.scm b/gnu/packages/gl.scm
index 0e9b5ddb5f..a3862f1ec3 100644
--- a/gnu/packages/gl.scm
+++ b/gnu/packages/gl.scm
@@ -2,9 +2,10 @@
 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2013 Joshua Grant <tadni@riseup.net>
 ;;; Copyright © 2014, 2016 David Thompson <davet@gnu.org>
-;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2014, 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2016 David Thompson <davet@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -196,7 +197,7 @@ also known as DXTn or DXTC) for Mesa.")
 (define-public mesa
   (package
     (name "mesa")
-    (version "13.0.2")
+    (version "13.0.3")
     (source
       (origin
         (method url-fetch)
@@ -204,7 +205,7 @@ also known as DXTn or DXTC) for Mesa.")
                             version "/mesa-" version ".tar.xz"))
         (sha256
          (base32
-          "1m8n8kd8kcs5ddyvldiw09wvpi5wwpfmmxlb87d63vgl8lk65vd6"))
+          "03m4gc6qc50lb0ic06f83r3yl0x4lmj2zjq3sl60vl3nq7jqpanr"))
         (patches
          (search-patches "mesa-wayland-egl-symbols-check-mips.patch"))))
     (build-system gnu-build-system)
@@ -249,6 +250,9 @@ also known as DXTn or DXTC) for Mesa.")
          "--enable-gles2"
          "--enable-gbm"
          "--enable-shared-glapi"
+         ;; Without floating point texture support, drivers such as Nouveau
+         ;; are stuck at OpenGL 2.1 instead of OpenGL 3.0+.
+         "--enable-texture-float"
 
          ;; on non-intel systems, drop i915 and i965
          ;; from the default dri drivers
diff --git a/gnu/packages/glib.scm b/gnu/packages/glib.scm
index a78b188af0..7c61ab3d21 100644
--- a/gnu/packages/glib.scm
+++ b/gnu/packages/glib.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2013 Nikita Karetnikov <nikita@karetnikov.org>
-;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2014, 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox.org>
 ;;;
@@ -38,6 +38,7 @@
   #:use-module (gnu packages gnome)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages libffi)
+  #:use-module (gnu packages linux)
   #:use-module (gnu packages pcre)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
@@ -134,7 +135,7 @@ shared NFS home directories.")
 (define glib
   (package
    (name "glib")
-   (version "2.48.2")
+   (version "2.50.2")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/"
@@ -142,7 +143,7 @@ shared NFS home directories.")
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "1x6kwrk1zyd3csv0ca3pmwc4bnkc33agn95cds15h6nbi4apappj"))
+              "1xgvmiqbhla6grpmbidqs3bl6zrb9mjknfsh7r4hb3163xy76s5y"))
             (patches (search-patches "glib-tests-timer.patch"))))
    (build-system gnu-build-system)
    (outputs '("out"           ; everything
@@ -152,6 +153,7 @@ shared NFS home directories.")
     `(("pcre" ,pcre))) ; in the Requires.private field of glib-2.0.pc
    (inputs
     `(("coreutils" ,coreutils)
+      ("util-linux" ,util-linux)  ; for libmount
       ("libffi" ,libffi)
       ("zlib" ,zlib)
       ("tzdata" ,tzdata)))     ; for tests/gdatetime.c
@@ -279,14 +281,14 @@ dynamic loading, and an object system.")
 (define gobject-introspection
   (package
     (name "gobject-introspection")
-    (version "1.48.0")
+    (version "1.50.0")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnome/sources/"
                    "gobject-introspection/" (version-major+minor version)
                    "/gobject-introspection-" version ".tar.xz"))
              (sha256
-              (base32 "0xsqwxhfqzr79av89mg766kxpb2i41bd0vwspk01xjdzrnn5l9zs"))
+              (base32 "1i9pccig8mv6qf0c1z8fcapays190nmr7j6pyc7cfhzmcv39fr8w"))
              (modules '((guix build utils)))
              (snippet
               '(substitute* "tools/g-ir-tool-template.in"
@@ -427,7 +429,7 @@ translated.")
 (define dbus-glib
   (package
     (name "dbus-glib")
-    (version "0.106")
+    (version "0.108")
     (source (origin
              (method url-fetch)
              (uri
@@ -435,7 +437,7 @@ translated.")
                              version ".tar.gz"))
              (sha256
               (base32
-               "0in0i6v68ixcy0ip28i84hdczf10ykq9x682qgcvls6gdmq552dk"))))
+               "0b307hw9j41npzr6niw1bs6ryp87m5yafg492gqwvsaj4dz0qd4z"))))
     (build-system gnu-build-system)
     (propagated-inputs ; according to dbus-glib-1.pc
      `(("dbus" ,dbus)
@@ -482,7 +484,7 @@ has an ease of use unmatched by other C++ callback libraries.")
 (define glibmm
   (package
     (name "glibmm")
-    (version "2.48.1")
+    (version "2.50.0")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnome/sources/glibmm/"
@@ -490,7 +492,7 @@ has an ease of use unmatched by other C++ callback libraries.")
                                  "/glibmm-" version ".tar.xz"))
              (sha256
               (base32
-               "1pvw2mrm03p51p03179rb6fk9p42iykkwj1jcdv7jr265xymy8nw"))))
+               "152yz5w0lx0y5j9ml72az7pc83p4l92bc0sb8whpcazldqy6wwnz"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases (alist-cons-before
@@ -563,7 +565,7 @@ useful for C++.")
 (define-public python-pygobject
   (package
     (name "python-pygobject")
-    (version "3.20.0")
+    (version "3.22.0")
     (source
      (origin
        (method url-fetch)
@@ -572,7 +574,7 @@ useful for C++.")
                            "/pygobject-" version ".tar.xz"))
        (sha256
         (base32
-         "0ikzh3l7g1gjh8jj8vg6mdvrb25svp63gxcam4m0i404yh0lgari"))))
+         "1ryblpc4wbhxcwf7grgib4drrab5xi6p78ihhrx0zj7g13xrrch8"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("which" ,which)
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 2d97f228f1..f6f7aae696 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
 ;;; Copyright © 2014, 2016 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2014, 2015 Federico Beffa <beffa@fbengineering.ch>
@@ -8,8 +8,8 @@
 ;;; Copyright © 2015 Mathieu Lirzin <mthl@openmailbox.org>
 ;;; Copyright © 2015 Andy Wingo <wingo@igalia.com>
 ;;; Copyright © 2015 David Hashe <david.hashe@dhashe.com>
-;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
@@ -82,6 +82,7 @@
   #:use-module (gnu packages ibus)
   #:use-module (gnu packages iso-codes)
   #:use-module (gnu packages libcanberra)
+  #:use-module (gnu packages libunistring)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages libusb)
   #:use-module (gnu packages lirc)
@@ -89,6 +90,7 @@
   #:use-module (gnu packages image)
   #:use-module (gnu packages networking)
   #:use-module (gnu packages password-utils)
+  #:use-module (gnu packages pcre)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages photo)
   #:use-module (gnu packages pkg-config)
@@ -103,11 +105,12 @@
   #:use-module (gnu packages tls)
   #:use-module (gnu packages web)
   #:use-module (gnu packages webkit)
+  #:use-module (gnu packages xiph)
   #:use-module (gnu packages xorg)
   #:use-module (gnu packages xdisorg)
   #:use-module (gnu packages freedesktop)
   #:use-module (gnu packages mail)
-  #:use-module (gnu packages mit-krb5)
+  #:use-module (gnu packages kerberos)
   #:use-module (gnu packages multiprecision)
   #:use-module (gnu packages backup)
   #:use-module (gnu packages nettle)
@@ -117,6 +120,8 @@
   #:use-module (gnu packages samba)
   #:use-module (gnu packages readline)
   #:use-module (gnu packages fonts)
+  #:use-module (gnu packages qemu)
+  #:use-module (gnu packages zip)
   #:use-module (srfi srfi-1))
 
 (define-public brasero
@@ -242,7 +247,7 @@ commonly used macros.")
 (define-public gnome-desktop
   (package
     (name "gnome-desktop")
-    (version "3.20.2")
+    (version "3.22.2")
     (source
      (origin
       (method url-fetch)
@@ -251,7 +256,7 @@ commonly used macros.")
                           name "-" version ".tar.xz"))
       (sha256
        (base32
-        "1cp2c6q1ybirfq6rqyfj5lr5vyqdizy730bfg5jqnflcmakjsb29"))))
+        "074yjz4g9gii045v2pl1ad34hcg92ci04ynxqcabwnf3lvvypmsi"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("gobject-introspection" ,gobject-introspection)
@@ -464,7 +469,7 @@ forgotten when the session ends.")
 (define-public evince
   (package
     (name "evince")
-    (version "3.20.1")
+    (version "3.22.1")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnome/sources/" name "/"
@@ -472,7 +477,7 @@ forgotten when the session ends.")
                                  name "-" version ".tar.xz"))
              (sha256
               (base32
-               "0m80s98k4i463dclpyk01fqb91cawbb6vvcz5vq2974k6qqc4ypw"))))
+               "0713mcrym5ykhl5smqxi6m9578gz3nkibmkmc794amss7gdkkm7k"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      `(#:configure-flags '("--disable-nautilus")
@@ -536,7 +541,7 @@ on the GNOME Desktop with a single simple application.")
 (define-public gsettings-desktop-schemas
   (package
     (name "gsettings-desktop-schemas")
-    (version "3.20.0")
+    (version "3.22.0")
     (source
      (origin
       (method url-fetch)
@@ -545,7 +550,7 @@ on the GNOME Desktop with a single simple application.")
                           name "-" version ".tar.xz"))
       (sha256
        (base32
-        "1hfrqqsmqscgbnaikmyq4yq8h72554wdg13algh5bf8a7i9ip92m"))))
+        "1qgalzqwg0fl0n22vslqcsnsmj9kc54qj25ib16rxaf36jxcf1hg"))))
     (build-system gnu-build-system)
     (inputs
      `(("glib" ,glib)))
@@ -602,14 +607,14 @@ GNOME and KDE desktops to the icon names proposed in the specification.")
 (define-public desktop-file-utils
   (package
     (name "desktop-file-utils")
-    (version "0.22")
+    (version "0.23")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.freedesktop.org/software/" name
                                   "/releases/" name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1ianvr2a69yjv4rpyv30w7yjsmnsb23crrka5ndqxycj4rkk4dc4"))))
+                "119kj2w0rrxkhg4f9cf5waa55jz1hj8933vh47vcjipcplql02bc"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -666,7 +671,7 @@ update-desktop-database: updates the database containing a cache of MIME types
 (define-public adwaita-icon-theme
   (package (inherit gnome-icon-theme)
     (name "adwaita-icon-theme")
-    (version "3.20")
+    (version "3.22.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -674,21 +679,21 @@ update-desktop-database: updates the database containing a cache of MIME types
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0ddfwwqx8s63qbqimmbb015lqsab4s0rvy1j81jdsh7k95rqh2ks"))))
+                "1dyw8mm72wfpkn83vdqr0ifv5yhy565jhxrcjsd83nc7c3igd2y1"))))
     (native-inputs
      `(("gtk-encode-symbolic-svg" ,gtk+ "bin")))))
 
 (define-public shared-mime-info
   (package
     (name "shared-mime-info")
-    (version "1.7")
+    (version "1.8")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://freedesktop.org/~hadess/"
                                  "shared-mime-info-" version ".tar.xz"))
              (sha256
               (base32
-               "0bjd2j1rqrj150mr04j7ib71lfdlgbf235fg8d70g8mszqf7ik7a"))))
+               "1sc96lv9dp1lkvs8dh3ngm3hbjb274d363dl9avhb61il3qmxx9a"))))
     (build-system gnu-build-system)
     (arguments
      ;; The build system appears not to be parallel-safe.
@@ -712,15 +717,15 @@ database is translated at Transifex.")
 (define-public hicolor-icon-theme
   (package
     (name "hicolor-icon-theme")
-    (version "0.12")
+    (version "0.15")
     (source
      (origin
       (method url-fetch)
       (uri (string-append "https://icon-theme.freedesktop.org/releases/"
-                          "hicolor-icon-theme-" version ".tar.gz"))
+                          "hicolor-icon-theme-" version ".tar.xz"))
       (sha256
        (base32
-        "0wzc7g4ldb2l8zc0x2785ck808c03i857jji942ikakyc68adp4y"))))
+        "1k1kf2c5zbqh31nglc3nxs9j6wr083k9kjyql8p22ccc671mmi4w"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f)) ; no check target
@@ -734,7 +739,7 @@ database is translated at Transifex.")
 (define-public libnotify
   (package
     (name "libnotify")
-    (version "0.7.6")
+    (version "0.7.7")
     (source
      (origin
       (method url-fetch)
@@ -743,7 +748,7 @@ database is translated at Transifex.")
                           name "-" version ".tar.xz"))
       (sha256
        (base32
-        "0dyq8zgjnnzcah31axnx6afb21kl7bks1gvrg4hjh3nk02j1rxhf"))))
+        "017wgq9n00hx39n0hm784zn18hl721hbaijda868cm96bcqwxd4w"))))
     (build-system gnu-build-system)
     (inputs
      `(("gdk-pixbuf" ,gdk-pixbuf)
@@ -767,7 +772,7 @@ some form of information without getting in the user's way.")
 (define-public libpeas
   (package
     (name "libpeas")
-    (version "1.18.0")
+    (version "1.20.0")
     (source
      (origin
       (method url-fetch)
@@ -776,7 +781,7 @@ some form of information without getting in the user's way.")
                           name "-" version ".tar.xz"))
       (sha256
        (base32
-        "09jy2rwwgp0xx7cnypxl56m7zzxnj3j4v58xqjxjasf3chn88jdz"))))
+        "0m6k6fcrx40n92nc1cy3z72vs1ja49sb58dj3fjp40605pzgz4pk"))))
     (build-system gnu-build-system)
     (inputs
      `(("gtk+" ,gtk+)
@@ -904,7 +909,7 @@ XML/CSS rendering engine.")
 (define-public libgsf
   (package
     (name "libgsf")
-    (version "1.14.40")
+    (version "1.14.41")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -912,7 +917,7 @@ XML/CSS rendering engine.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1q2i5p9s5zw0y0502risykrzkfma7p24n3mmh244scjy9f4kh1im"))))
+                "1lq87wnrsjbjafpk3c8xwd56gqx319fhck9xkg2da88hd9c9h2qm"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("intltool" ,intltool)
@@ -1663,7 +1668,7 @@ engineering.")
 (define-public gnome-themes-standard
   (package
     (name "gnome-themes-standard")
-    (version "3.20.2")
+    (version "3.22.2")
     (source
      (origin
        (method url-fetch)
@@ -1672,7 +1677,7 @@ engineering.")
                            version ".tar.xz"))
        (sha256
         (base32
-         "05br99z67f82i18nljpxnwssfnaqp7mph61w3hq0i44z5i5rq3cx"))))
+         "19bxw69ms46px5xgvwbjlhq2vkmrqfx2az49q63w2wxqb76icidk"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags
@@ -1735,7 +1740,7 @@ passwords in the GNOME keyring.")
 (define-public vala
   (package
     (name "vala")
-    (version "0.32.1")
+    (version "0.34.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -1743,7 +1748,7 @@ passwords in the GNOME keyring.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1ab1l44abf9fj1wznzq5956431ia136rl5049cggnk5393jlf3fx"))))
+                "10vbd74jazc3vhfagzx8v197bshrg61hnjzna6y3wmhljhrvs5vb"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases
@@ -1777,7 +1782,7 @@ libraries written in C.")
 (define-public vte
   (package
     (name "vte")
-    (version "0.44.2")
+    (version "0.46.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -1785,7 +1790,7 @@ libraries written in C.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0j899ccrkzh7208w29c835m1yms0cas5cxkck8x6l4xv2i45ksm1"))))
+                "1ipmnfazvhzjp5pjw90mmxbkizivnh7gnlqqml94lw2rqa5wy048"))))
     (build-system gnu-build-system)
     (arguments
      ;; XXX: fails to compile tests with the default flags.
@@ -1804,7 +1809,8 @@ libraries written in C.")
        ("xmllint" ,libxml2)))
     (propagated-inputs
      `(("gtk+" ,gtk+)                             ;required by vte-2.91.pc
-       ("gnutls" ,gnutls)))                       ;ditto
+       ("gnutls" ,gnutls)                         ;ditto
+       ("pcre2" ,pcre2)))                         ;ditto
     (home-page "http://www.gnome.org/")
     (synopsis "Virtual Terminal Emulator")
     (description
@@ -2058,7 +2064,7 @@ library.")
 (define-public glib-networking
   (package
     (name "glib-networking")
-    (version "2.48.2")
+    (version "2.50.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/glib-networking/"
@@ -2066,7 +2072,7 @@ library.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "111spcar6wbp6m0rdxzjscc7vfqx5nawscrfbxlvbf5jsr4hqp4j"))
+                "1vkb53jxawy38y29635izlch64j9xmcwwcimk134jwra7hpl86iz"))
               (patches
                (search-patches "glib-networking-ssl-cert-file.patch"))))
     (build-system gnu-build-system)
@@ -2258,7 +2264,7 @@ and other secrets.  It communicates with the \"Secret Service\" using DBus.")
 (define-public gnome-mines
   (package
     (name "gnome-mines")
-    (version "3.20.1")
+    (version "3.22.2")
     (source
      (origin
        (method url-fetch)
@@ -2267,7 +2273,7 @@ and other secrets.  It communicates with the \"Secret Service\" using DBus.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "0frb1r0f55giz7yqxl9920vvzqlirdivz54ygc9d85r8v63fh5aq"))))
+         "1wia0nj5i244m6pq3lridvk3vx9yipsa9l921nsskd97115mnyza"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      '(#:phases
@@ -2284,6 +2290,7 @@ and other secrets.  It communicates with the \"Secret Service\" using DBus.")
        ("xmllint" ,libxml2)))
     (inputs
      `(("gtk+" ,gtk+)
+       ("libgnome-games-support" ,libgnome-games-support)
        ("librsvg" ,librsvg)))
     (home-page "https://wiki.gnome.org/Apps/Mines")
     (synopsis "Minesweeper game")
@@ -2295,7 +2302,7 @@ floating in an ocean using only your brain and a little bit of luck.")
 (define-public gnome-sudoku
   (package
     (name "gnome-sudoku")
-    (version "3.20.5")
+    (version "3.22.2")
     (source
      (origin
        (method url-fetch)
@@ -2304,7 +2311,7 @@ floating in an ocean using only your brain and a little bit of luck.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "166bbv5k50v7pjp3wbl2rmxcmv1adwr14hxg5rw2ws8kams8151k"))))
+         "1sz2ln2nc9ff7zigghil32vbmr2qhb98dc0rbrz755rlrsh8pi08"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)
@@ -2330,7 +2337,7 @@ more fun.")
 (define-public gnome-terminal
   (package
     (name "gnome-terminal")
-    (version "3.20.2")
+    (version "3.22.1")
     (source
      (origin
        (method url-fetch)
@@ -2339,7 +2346,7 @@ more fun.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "08ssch8h1y85wyhddkyr7ab4v8dnsn17z4ayyc5ff78gfdh30f7m"))))
+         "1m5h3ck7wcvq1kfap05jwhnbpp3kmikc2qy822gnsbdjdqrm41xh"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      '(#:configure-flags
@@ -2526,14 +2533,14 @@ faster results and to avoid unnecessary server load.")
 (define-public upower
   (package
     (name "upower")
-    (version "0.99.3")
+    (version "0.99.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://upower.freedesktop.org/releases/"
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0f6x9mi1jzgqdpycaikyhjljnw3aacsl3gxndyg0dfqkq6y9jwb9"))
+                "1c1ph1j1fnrf3vipxb7ncmdfc36dpvcvpsv8n8lmal7grjk2b8ww"))
               (patches (search-patches "upower-builddir.patch"))))
     (build-system glib-or-gtk-build-system)
     (arguments
@@ -2581,7 +2588,7 @@ service via the system message bus.")
 (define-public libgweather
   (package
     (name "libgweather")
-    (version "3.20.3")
+    (version "3.20.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -2589,7 +2596,7 @@ service via the system message bus.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "02vcnlchcq3hxsm75x2szzkszg1yp1rg164p1b23vnzm9svcaszv"))))
+                "1higj4nmn3srqjbzl4iva7c0b4fkdq74xi4b35xd0qc4qiawbkbx"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags
@@ -2636,7 +2643,7 @@ services for numerous locations.")
 (define-public gnome-settings-daemon
   (package
     (name "gnome-settings-daemon")
-    (version "3.20.1")
+    (version "3.22.1")
     (source
      (origin
        (method url-fetch)
@@ -2645,7 +2652,7 @@ services for numerous locations.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "1rvqisrh3lridsb8rvm7spvncyq206ly0245zgpbm8swi5fhfjp8"))))
+         "1finsr7yqvix6n3rdwclv4fpgagmz6xyrk3qzapkn9ljv76rfzdm"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      `(;; Color management test can't reach the colord system service.
@@ -2691,14 +2698,15 @@ settings, themes, mouse settings, and startup of other daemons.")
 (define-public totem-pl-parser
  (package
    (name "totem-pl-parser")
-   (version "3.10.6")
+   (version "3.10.7")
    (source (origin
             (method url-fetch)
-            (uri (string-append "mirror://gnome/sources/totem-pl-parser/3.10/"
+            (uri (string-append "mirror://gnome/sources/totem-pl-parser/"
+                                (version-major+minor version) "/"
                                 "totem-pl-parser-" version ".tar.xz"))
             (sha256
              (base32
-              "0mv7aw9mw77w04zg95zjf0zmk6ckshpysbb9nap15h5is6zdk9cq"))))
+              "17089sqyh6w6zr8ci865ihmvqshnslcsk9fbsl4s7yii66y8b0lw"))))
    (build-system gnu-build-system)
    (arguments
     ;; FIXME: Tests require gvfs.
@@ -2726,7 +2734,7 @@ playlists in a variety of formats.")
 (define-public aisleriot
   (package
     (name "aisleriot")
-    (version "3.20.2")
+    (version "3.22.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -2734,7 +2742,7 @@ playlists in a variety of formats.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0vhpi7bzm4gbraky1d3ma26rbwnylcqdakav82j67bpqd7f6n0v2"))))
+                "01ydq39kk8xvv8nbqqbh458gpmvx676sms71r1iix42z40a13caj"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      '(#:configure-flags
@@ -2762,7 +2770,7 @@ which are easy to play with the aid of a mouse.")
 (define-public devhelp
   (package
     (name "devhelp")
-    (version "3.20.0")
+    (version "3.22.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -2770,7 +2778,7 @@ which are easy to play with the aid of a mouse.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "078zr92xs5ifp862v1vdmw1j9m6gr9zk5hjbk5065vxjwb17acx2"))))
+                "1c7zqn8apm1lnpsp74bd880rga2vi5wxfjghqdgwqf6j28pf1jjr"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("intltool" ,intltool)
@@ -2789,7 +2797,7 @@ throughout GNOME for API documentation).")
 (define-public cogl
   (package
     (name "cogl")
-    (version "1.22.0")
+    (version "1.22.2")
     (source
      (origin
        (method url-fetch)
@@ -2798,7 +2806,9 @@ throughout GNOME for API documentation).")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "14daxqrid5039xmq9yl4pk86awng1n9zgl6ysblhc4gw2ifzp7b8"))))
+         "03f0ha3qk7ca0nnkkcr1garrm1n1vvfqhkz9lwjm592fnv6ii9rr"))))
+    ;; NOTE: mutter exports a bundled fork of cogl, so when making changes to
+    ;; cogl, corresponding changes may be appropriate in mutter as well.
     (build-system gnu-build-system)
     (native-inputs
      `(("glib:bin" ,glib "bin")     ; for glib-mkenums
@@ -2866,6 +2876,8 @@ without stepping on each others toes.")
        (sha256
         (base32
          "01nfjd4k7j2n3agpx2d9ncff86nfsqv4n23465rb9zmk4iw4wlb7"))))
+    ;; NOTE: mutter exports a bundled fork of clutter, so when making changes
+    ;; to clutter, corresponding changes may be appropriate in mutter as well.
     (build-system gnu-build-system)
     (outputs '("out"
                "doc"))                            ;9 MiB of gtk-doc HTML pages
@@ -2909,7 +2921,7 @@ presentations, kiosk style applications and so on.")
 (define-public clutter-gtk
   (package
     (name "clutter-gtk")
-    (version "1.8.0")
+    (version "1.8.2")
     (source
      (origin
        (method url-fetch)
@@ -2918,7 +2930,7 @@ presentations, kiosk style applications and so on.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "07dzvx0b3fsswxnpxgk0adjgccnrvbxsd971naqwndnfivbgjbkl"))))
+         "153bl9256yjnfcplp7jmgf7lm2zb790zkayjclzsv42l6a3d89ys"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)
@@ -2938,7 +2950,7 @@ presentations, kiosk style applications and so on.")
 (define-public clutter-gst
   (package
     (name "clutter-gst")
-    (version "3.0.18")
+    (version "3.0.22")
     (source
      (origin
        (method url-fetch)
@@ -2947,7 +2959,7 @@ presentations, kiosk style applications and so on.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "14w0pi9myvcn1yxzmk9sk8dghj17m5ji3aqdpfjikk90c060vv0a"))))
+         "1m6zwc7xr7lmbwiqav961g7jhc7gp5gb73dm6j93szpa6bxmgz7i"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("glib:bin" ,glib "bin")     ; for glib-mkenums
@@ -2969,7 +2981,7 @@ GL based interactive canvas library.")
 (define-public libchamplain
   (package
     (name "libchamplain")
-    (version "0.12.13")
+    (version "0.12.14")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -2977,7 +2989,7 @@ GL based interactive canvas library.")
                     version ".tar.xz"))
               (sha256
                (base32
-                "1arzd1hsgq14rbiwa1ih2g250x6ljna2s2kiqfrw155c612s9cxk"))))
+                "13snnka1jqc5qrgij8bm22xy02pncf3dn5ij3jh4rrpzq7g1sqpi"))))
     (build-system gnu-build-system)
     (arguments '(#:configure-flags '("--enable-vala")))
     (native-inputs
@@ -3070,10 +3082,24 @@ queries upon that data.")
 GNOME Games, but it may be used by others.")
     (license license:lgpl3+)))
 
+(define-public libgnome-games-support
+  (package
+    (inherit libgames-support)
+    (name "libgnome-games-support")
+    (version "1.2.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnome/sources/" name "/"
+                                  (version-major+minor version) "/"
+                                  name "-" version ".tar.xz"))
+              (sha256
+               (base32
+                "1rsyf5hbjim7zpk1yar3gv65g1nmw6zbbc0smrmxsfk0f9n3j9m6"))))))
+
 (define-public gnome-klotski
   (package
     (name "gnome-klotski")
-    (version "3.20.2")
+    (version "3.22.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3081,7 +3107,7 @@ GNOME Games, but it may be used by others.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "14w40a1gjlg4l1vhcy0qcf3scmwm2v3vhxnxj269pfqlv8s7alaw"))))
+                "04ragvrz29sydi2kf1zk2aimi3b3hn34jrndfd2lx6h8l45anq3q"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("desktop-file-utils" ,desktop-file-utils)
@@ -3091,7 +3117,7 @@ GNOME Games, but it may be used by others.")
        ("xmllint" ,libxml2)))
     (inputs
      `(("gtk+" ,gtk+)
-       ("libgames-support" ,libgames-support)
+       ("libgnome-games-support" ,libgnome-games-support)
        ("librsvg" ,librsvg)))
     (home-page "https://wiki.gnome.org/Apps/Klotski")
     (synopsis "Sliding block puzzles")
@@ -3105,7 +3131,7 @@ as possible!")
 (define-public grilo
   (package
     (name "grilo")
-    (version "0.3.0")
+    (version "0.3.2")
     (source
      (origin
        (method url-fetch)
@@ -3114,7 +3140,7 @@ as possible!")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "0q5wcvnckpfks48hy0gvlfdmvqm67vnblm3912rssmkgc1ysil8z"))))
+         "0nvzr2gfk2mpzf99442zawv0n5yjcyy50rqkrvdsibknbm56hvzj"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("glib:bin" ,glib "bin")         ; for glib-mkenums and glib-genmarshal
@@ -3127,6 +3153,7 @@ as possible!")
        ("libxml2" ,libxml2)
        ;; XXX TODO: Add oauth
        ("libsoup" ,libsoup)
+       ("nettle" ,nettle)
        ("totem-pl-parser" ,totem-pl-parser)))
     (arguments
      `(#:phases
@@ -3156,7 +3183,7 @@ for application developers.")
 (define-public grilo-plugins
   (package
     (name "grilo-plugins")
-    (version "0.3.1")
+    (version "0.3.3")
     (source
      (origin
        (method url-fetch)
@@ -3165,7 +3192,7 @@ for application developers.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "1akd7q6pqnkcnayrdfjb0qx5w5yyl06kxzwhqp2gxm4y1b208pb0"))))
+         "172vr1y98d2mzlmg5akjn4ibrcj3gh22cwnb3cv9rvvzhj3yhrpy"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("glib:bin" ,glib "bin")     ; for glib-mkenums and glib-genmarshal
@@ -3209,7 +3236,7 @@ for application developers.")
 (define-public totem
   (package
     (name "totem")
-    (version "3.20.1")
+    (version "3.22.0")
     (source
      (origin
        (method url-fetch)
@@ -3218,8 +3245,7 @@ for application developers.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "09swnhp46cyy2svqx02fzy555pjgc61lyjw56v9rz1mfc41lh8kg"))
-       (patches (search-patches "totem-debug-format-fix.patch"))))
+         "1sjgjqhpsh3kipnbc8y31xz64s61xjayxq98pi0vkgbl2rdmnsh2"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)
@@ -3289,7 +3315,7 @@ which can read a large number of file formats.")
 (define-public rhythmbox
  (package
    (name "rhythmbox")
-   (version "3.4")
+   (version "3.4.1")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3297,7 +3323,7 @@ which can read a large number of file formats.")
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "1347747m90aiz47wny1f8rdk5195qf2ph0554c6y91711sm951gg"))))
+              "1dj1hgdyhmwzs6h2zr89b1ipk0p6g7x74rfz56a5yjds3ik8d7q3"))))
    (build-system glib-or-gtk-build-system)
    (arguments
     `(#:configure-flags
@@ -3377,7 +3403,7 @@ supports playlists, song ratings, and any codecs installed through gstreamer.")
 (define-public eog
  (package
    (name "eog")
-   (version "3.20.4")
+   (version "3.20.5")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3385,7 +3411,7 @@ supports playlists, song ratings, and any codecs installed through gstreamer.")
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "1qsv3brhi8l8fr22nd3d0fwq5xhwspqw0bammhkkq3ga0z6791wn"))))
+              "0fqvfc4y1lbv0awh8dbx9khfha0hdkmnj1lzw5jq0l7jmahwbrz6"))))
    (build-system glib-or-gtk-build-system)
    (arguments
     `(#:phases
@@ -3455,7 +3481,7 @@ part of udev-extras, then udev, then systemd.  It's now a project on its own.")
 (define-public gvfs
   (package
     (name "gvfs")
-    (version "1.28.3")
+    (version "1.30.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3463,7 +3489,7 @@ part of udev-extras, then udev, then systemd.  It's now a project on its own.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "05xxy0ids310qy24vmkyl3hc6mq05p39aa8mkr5fzxkhhnv4r325"))))
+                "0xgis1kgglnazy1vm66xiqyz8yvvmiad3h0g3agg7ryai6aa495q"))))
     (build-system gnu-build-system)
     (arguments
      '(#:tests? #f)) ; XXX: requiring `pidof'
@@ -3482,6 +3508,7 @@ part of udev-extras, then udev, then systemd.  It's now a project on its own.")
        ("glib" ,glib)
        ("libarchive" ,libarchive)
        ("libbluray" ,libbluray)
+       ("libcap" ,libcap)
        ("libcdio-paranoia" ,libcdio-paranoia)
        ("libgcrypt" ,libgcrypt)
        ("libgphoto2" ,libgphoto2)
@@ -3492,6 +3519,7 @@ part of udev-extras, then udev, then systemd.  It's now a project on its own.")
        ("libsoup" ,libsoup)
        ("libxml2" ,libxml2)
        ("nettle" ,nettle) ; XXX: required by libarchive.pc
+       ("polkit" ,polkit)
        ("udisks" ,udisks)))
     (home-page "https://wiki.gnome.org/gvfs/")
     (synopsis "Userspace virtual file system for GIO")
@@ -3508,7 +3536,7 @@ DAV, and others.")
 (define-public gusb
   (package
     (name "gusb")
-    (version "0.2.6")
+    (version "0.2.9")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/hughsie/libgusb/archive/"
@@ -3518,7 +3546,7 @@ DAV, and others.")
                                   ".tar.gz"))
               (sha256
                (base32
-                "0h9dzaza81b0mx5jfh5cnc31xdynl0jsxgwvl6vqyhy8mnwfi5nr"))))
+                "1500mgpidmnjfkcz1fzqkbqv547iy1cvr8bwf3k9vqgqcjx3844n"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("glib:bin" ,glib "bin")         ; for glib-genmarshal, etc.
@@ -3606,7 +3634,7 @@ work and the interface is well tested.")
 (define-public epiphany
   (package
     (name "epiphany")
-    (version "3.22.1")
+    (version "3.22.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3614,7 +3642,7 @@ work and the interface is well tested.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "03ncqmb8n06qr88rlwa2rph833gjcwsmxaw2wf1yawadwpnn5cda"))))
+                "0skdsma9rmq01703andigmpbdn2rl34y3lqny19a93v1ph3jb9qk"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      ;; FIXME: tests run under Xvfb, but fail with:
@@ -3652,7 +3680,7 @@ principles are simplicity and standards compliance.")
 (define-public d-feet
   (package
     (name "d-feet")
-    (version "0.3.10")
+    (version "0.3.11")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3660,7 +3688,7 @@ principles are simplicity and standards compliance.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0nb31bvwnj7pcpm85g8bvgjc6s5kbqy8g4qp7pzqf8w6rdgxzw48"))))
+                "1hmrijm4d9vwzx2r8qzzsy8ccpj79l1y6cc569n9jjzqcq699p53"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      '(#:out-of-source? #f ; tests need to run in the source directory.
@@ -3734,7 +3762,7 @@ to format Docbook and Mallard documents.")
 (define-public yelp
   (package
     (name "yelp")
-    (version "3.20.1")
+    (version "3.22.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3742,7 +3770,7 @@ to format Docbook and Mallard documents.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1hh8yqbv0scn9nksk9mq94cb4sdczlzxplclv2wqr41jmm8v186x"))))
+                "13kpi0qmnfx2xwizyhmf5i5xaw9ckcn1k7v0289p7als4dybf5l6"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("glib:bin" ,glib "bin") ; for glib-genmarshal, etc.
@@ -3799,7 +3827,7 @@ wraps things up in a developer-friendly way.")
 (define-public libgee
   (package
     (name "libgee")
-    (version "0.18.0")
+    (version "0.18.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3807,7 +3835,7 @@ wraps things up in a developer-friendly way.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "16a34js81w9m2bw4qd8csm4pcgr3zq5z87867j4b8wfh6zwrxnaa"))))
+                "18ir5264bhdg76kcjn8i5bfs1vz89qqn2py20aavm2cwbaz6ns4r"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -3912,7 +3940,7 @@ share them with others via social networking and more.")
 (define-public file-roller
   (package
     (name "file-roller")
-    (version "3.20.3")
+    (version "3.22.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3920,7 +3948,7 @@ share them with others via social networking and more.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1sa46vjx78d670m6bikpibgz39a5zb6ri8yjmj632lmxqvj2sp3b"))))
+                "1yaxd0lqhajszilblkidqfkaffhzml10l7ib64023y36qgf8q597"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      '(#:phases
@@ -3954,7 +3982,7 @@ such as gzip tarballs.")
 (define-public gnome-session
   (package
     (name "gnome-session")
-    (version "3.20.2")
+    (version "3.22.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -3962,7 +3990,7 @@ such as gzip tarballs.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1npnjm6wirz2v0liv7n23ivp2w0y1q230qcdb681hhzmp7h9fpq2"))))
+                "1xahljysbpnc1zafm1y2lqnmmqi2jh4fx7h2y48d9ipqnknk26in"))))
     (arguments
      '(#:phases
        (modify-phases %standard-phases
@@ -4033,7 +4061,7 @@ configuration program to choose applications starting on login.")
 (define-public gjs
   (package
     (name "gjs")
-    (version "1.44.0")
+    (version "1.46.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4041,7 +4069,7 @@ configuration program to choose applications starting on login.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "106fgpr4y99sj68l72pnfa2za11ps4bn6p9z28fr79j7mpv61jc8"))
+                "1m2ssa6qsipbp8lz4xbhf0nhadhv0xkdpmz1jcvl9187lwgmk0r2"))
               (modules '((guix build utils)))
               (snippet '(substitute* "test/run-with-dbus"
                           (("/bin/rm") "rm")))))
@@ -4052,6 +4080,10 @@ configuration program to choose applications starting on login.")
          (add-before
           'check 'pre-check
           (lambda _
+            ;; The test suite requires a running X server.
+            (system "Xvfb :1 &")
+            (setenv "DISPLAY" ":1")
+
             ;; For the missing /etc/machine-id.
             (setenv "DBUS_FATAL_WARNINGS" "0")
 
@@ -4086,7 +4118,7 @@ javascript engine and the GObject introspection framework.")
 (define-public gedit
   (package
     (name "gedit")
-    (version "3.20.2")
+    (version "3.22.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4094,7 +4126,7 @@ javascript engine and the GObject introspection framework.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1y330hanqfld3kssf77wfphah2qpfg17pa109spsbm50f5m2g89j"))))
+                "0i9z5d31vibb3dd329gwvyga38zq5k1a2glcdq7m93ycbl5mlfq6"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      `(#:configure-flags '("--disable-spell") ; XXX: gspell not packaged yet
@@ -4146,7 +4178,7 @@ powerful general purpose text editor.")
 (define-public zenity
   (package
     (name "zenity")
-    (version "3.20.0")
+    (version "3.22.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4154,7 +4186,7 @@ powerful general purpose text editor.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0j2sy6imwp41l75hy3fwr68n35drvanbwgmr42kc04zqjy9pbs02"))))
+                "0rp4l0vgyjhlkpk2imfwf7b05m1qxjrm8n8kp1rv70ykf48gmk8y"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("gettext" ,gettext-minimal)
@@ -4173,7 +4205,7 @@ to display dialog boxes from the commandline and shell scripts.")
 (define-public mutter
   (package
     (name "mutter")
-    (version "3.20.3")
+    (version "3.22.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4181,32 +4213,69 @@ to display dialog boxes from the commandline and shell scripts.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "05pr78vgq52bkkqpbfnp9mxw14ij2wk91l2yfa69dpjbvxqm4b0l"))))
+                "18lj80klfnkwh0cb3ab0i1vfvzbp0zjl73x9d7pna4dsdhsmi6ym"))))
+     ;; NOTE: Since version 3.21.x, mutter now bundles and exports forked
+     ;; versions of cogl and clutter.  As a result, many of the inputs,
+     ;; propagated-inputs, and configure flags used in cogl and clutter are
+     ;; needed here as well.
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags
        ;; XXX: build fails with [-Werror]:
        ;;    backends/meta-cursor-renderer.c:112:5: error:
        ;;      implicit declaration of function ?roundf?
-       '("--enable-compile-warnings=minimum")))
+       (list "--enable-compile-warnings=minimum"
+
+             "--disable-wayland"           ; TODO enable wayland
+             ;; "--enable-native-backend"  ; TODO enable the native backend
+
+             ;; The following flags are needed for the bundled clutter
+             "--enable-x11-backend=yes"
+
+             ;; the remaining flags are needed for the bundled cogl
+             "--enable-cogl-gst"
+             (string-append "--with-gl-libname="
+                            (assoc-ref %build-inputs "mesa")
+                            "/lib/libGL.so"))))
     (native-inputs
      `(("glib:bin" ,glib "bin") ; for glib-compile-schemas, etc.
        ("gobject-introspection" ,gobject-introspection)
        ("intltool" ,intltool)
        ("pkg-config" ,pkg-config)))
     (propagated-inputs
-     ;; libmutter.pc refers to all these.
-     `(("gsettings-desktop-schemas" ,gsettings-desktop-schemas)
+     `(;; libmutter.pc refers to these:
+       ("gsettings-desktop-schemas" ,gsettings-desktop-schemas)
        ("gtk+" ,gtk+)
-       ("clutter" ,clutter)))
+       ;; mutter-clutter-1.0.pc and mutter-cogl-1.0.pc refer to these:
+       ("atk" ,atk)
+       ("cairo" ,cairo)
+       ("gdk-pixbuf" ,gdk-pixbuf)
+       ("glib" ,glib)
+       ("glib" ,glib)
+       ("gtk+" ,gtk+)
+       ("json-glib" ,json-glib)
+       ("libinput" ,libinput)
+       ("libx11" ,libx11)
+       ("libxcomposite" ,libxcomposite)
+       ("libxdamage" ,libxdamage)
+       ("libxext" ,libxext)
+       ("libxfixes" ,libxfixes)
+       ("libxkbcommon" ,libxkbcommon)
+       ("libxrandr" ,libxrandr)
+       ("mesa" ,mesa)
+       ("pango" ,pango)
+       ("udev" ,eudev)
+       ("wayland" ,wayland)
+       ("wayland-protocols" ,wayland-protocols)
+       ("xinput" ,xinput)))
     (inputs
      `(("gnome-desktop" ,gnome-desktop)
        ("libcanberra-gtk" ,libcanberra)
+       ("libgudev" ,libgudev)
        ("libice" ,libice)
        ("libsm" ,libsm)
-       ("libxkbcommon" ,libxkbcommon)
        ("libxkbfile" ,libxkbfile)
-       ("mesa-headers" ,mesa-headers)
+       ("libxrandr" ,libxrandr)
        ("startup-notification" ,startup-notification)
        ("upower-glib" ,upower)
        ("xkeyboard-config" ,xkeyboard-config)
@@ -4223,7 +4292,7 @@ window manager.")
 (define-public gnome-online-accounts
   (package
     (name "gnome-online-accounts")
-    (version "3.20.3")
+    (version "3.22.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4231,7 +4300,7 @@ window manager.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0ip0q539bik3wqwl867rjc63w2d5rjyvbqzwczkard70yd6c0kq9"))))
+                "13wvnfh3hnasdnb6fhjssybj2327qihd32kpdjjb3r1qiyc8dvqb"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("glib:bin" ,glib "bin") ; for glib-compile-schemas, etc.
@@ -4261,7 +4330,7 @@ Exchange, Last.fm, IMAP/SMTP, Jabber, SIP and Kerberos.")
 (define-public evolution-data-server
   (package
     (name "evolution-data-server")
-    (version "3.20.5")
+    (version "3.22.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4269,7 +4338,7 @@ Exchange, Last.fm, IMAP/SMTP, Jabber, SIP and Kerberos.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0zmybf63y0d5zn48q3xjgkh2p2c3ka9xvzd6labp96bd6b6qc58d"))))
+                "0kygd46s0is6i451bqykagrfx34wjvrgjbjyyszaabnppp1dyn0c"))))
     (build-system gnu-build-system)
     (arguments
      '(;; XXX: fails with:
@@ -4390,7 +4459,7 @@ users.")
 (define-public network-manager
   (package
     (name "network-manager")
-    (version "1.4.2")
+    (version "1.4.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/NetworkManager/"
@@ -4398,7 +4467,7 @@ users.")
                                   "NetworkManager-" version ".tar.xz"))
               (sha256
                (base32
-                "016jc21mwjxvnfiblp5lji55sr8aq6w8a08fsjmqvnpnvm3y6r58"))
+                "029k2f1arx1m5hppmr778i9yg34jj68nmji3i89qs06c33rpi4w2"))
               (snippet
               '(begin
                  (use-modules (guix build utils))
@@ -4563,7 +4632,7 @@ the available networks and allows users to easily switch between them.")
 (define-public libxml++
   (package
     (name "libxml++")
-    (version "3.0.0")
+    (version "3.0.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4571,7 +4640,7 @@ the available networks and allows users to easily switch between them.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0lkrajbdys5f6w6qwfijih3hnbk4c6809qx2mmxkb7bj2w269wrg"))))
+                "19kik79fmg61nv0by0a5f9wchrcfjwzvih4v2waw01hqflhqvp0r"))))
     (build-system gnu-build-system)
     ;; libxml++-3.0.pc refers to all these.
     (propagated-inputs
@@ -4604,7 +4673,7 @@ libxml2.")
 (define-public gdm
   (package
     (name "gdm")
-    (version "3.20.1")
+    (version "3.22.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4612,7 +4681,7 @@ libxml2.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "17vqcnqnwx7s5xzgn358gsgbmpz7k90sh1qrwrh3wnj5r0pm38hh"))))
+                "17wnsrv91mx14xp96wrc21g2hsjjc38yhbkw55kf7hk3yliychva"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags
@@ -4724,7 +4793,7 @@ devices using the GNOME desktop.")
 (define-public gnome-control-center
   (package
     (name "gnome-control-center")
-    (version "3.20.1")
+    (version "3.22.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4732,7 +4801,7 @@ devices using the GNOME desktop.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1vd1h31vwyq7ss5f1151gx1vdsy35sjmapjmmz7x73ppc3y78r6f"))))
+                "06h9937sjfrzjf36pxqybg4wmkc5xdhbxgdkclnkjxiiqidjjsax"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      '(#:phases
@@ -4795,7 +4864,7 @@ properties, screen resolution, and other GNOME parameters.")
 (define-public gnome-shell
   (package
     (name "gnome-shell")
-    (version "3.20.4")
+    (version "3.22.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4803,7 +4872,7 @@ properties, screen resolution, and other GNOME parameters.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0kd9y847pw9v3zl0g52ly7xdcjz0b9v37aqmi19iddfkxjjyn4qc"))))
+                "16smvjfrpyfphv479hjky5261hgl4kli4q86bcb2b8xdcav4w3yq"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      '(#:phases
@@ -4912,10 +4981,98 @@ GTK-VNC implements client side RFB protocol and authentication extensions such
 as SASL, TLS and VeNCrypt.  Additionally it supports encoding extensions.")
     (license license:lgpl2.1+)))
 
+(define-public gnome-autoar
+  (package
+    (name "gnome-autoar")
+    (version "0.1.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnome/sources/" name "/"
+                                  (version-major+minor version) "/"
+                                  name "-" version ".tar.xz"))
+              (sha256
+               (base32
+                "1jcs6jgysg9n3zi3d1l4iqddzmczfdcvz7vkxn607p32nl8bhp7n"))))
+    (build-system glib-or-gtk-build-system)
+    (native-inputs
+     `(("gnome-common" ,gnome-common)
+       ("gobject-introspection" ,gobject-introspection)
+       ("pkg-config" ,pkg-config)))
+    (propagated-inputs
+     `(("libarchive" ,libarchive)))  ; XXX document why
+    (inputs
+     `(("gtk+" ,gtk+)
+       ("nettle" ,nettle))) ; XXX: required by libarchive.pc
+    (synopsis "Archives integration support for GNOME")
+    (home-page "https://git.gnome.org/browse/gnome-autoar/")
+    (description
+     "GNOME Autoar is a library which makes creating and extracting archives
+easy, safe, and automatic.")
+    (license license:lgpl2.1+)))
+
+(define-public tracker
+  (package
+    (name "tracker")
+    (version "1.10.3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnome/sources/" name "/"
+                                  (version-major+minor version) "/"
+                                  name "-" version ".tar.xz"))
+              (sha256
+               (base32
+                "03ch3ndmxghfr9wnw9hfmpkjfa7k5v5cwwf3y1ja6ihk3c5avgbb"))))
+    (build-system glib-or-gtk-build-system)
+    (native-inputs
+     `(("gnome-common" ,gnome-common)
+       ("gobject-introspection" ,gobject-introspection)
+       ("intltool" ,intltool)
+       ("pkg-config" ,pkg-config)
+       ("vala" ,vala)))
+    (inputs
+     `(("gtk+" ,gtk+)
+       ("dbus" ,dbus)
+       ("gstreamer" ,gstreamer)
+       ("gst-plugins-base" ,gst-plugins-base)
+       ("sqlite" ,sqlite)
+       ("nettle" ,nettle)  ; XXX why is this needed?
+       ("poppler" ,poppler)
+       ("libgsf" ,libgsf)
+       ("libexif" ,libexif)
+       ("libpng" ,libpng)
+       ("libtiff" ,libtiff)
+       ("libvorbis" ,libvorbis)
+       ("flac" ,flac)
+       ("totem-pl-parser" ,totem-pl-parser)
+       ("zlib" ,zlib)
+       ("exempi" ,exempi)
+       ("libxml2" ,libxml2)
+       ("upower" ,upower)
+       ("libgee" ,libgee)
+       ("libunistring" ,libunistring)
+       ("giflib" ,giflib)
+       ("openjpeg" ,openjpeg-1)
+       ("libosinfo" ,libosinfo)
+       ("libcue" ,libcue)
+       ("libseccomp" ,libseccomp)
+       ("libuuid" ,util-linux)))
+    (arguments `(#:tests? #f))  ; XXX FIXME enable tests (some fail)
+    (synopsis "Metadata database, indexer and search tool")
+    (home-page "https://wiki.gnome.org/Projects/Tracker")
+    (description
+     "Tracker is an advanced framework for first class objects with associated
+metadata and tags.  It provides a one stop solution for all metadata, tags,
+shared object databases, search tools and indexing.")
+    ;; src/libtracker-*/* and src/tracker-extract/* are covered by lgpl2.1+,
+    ;; src/gvdb/* are covered by lgpl2.0+, and the rest is gpl2+.
+    (license (list license:gpl2+
+                   license:lgpl2.1+
+                   license:lgpl2.0+))))
+
 (define-public nautilus
   (package
     (name "nautilus")
-    (version "3.20.2")
+    (version "3.22.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -4923,11 +5080,11 @@ as SASL, TLS and VeNCrypt.  Additionally it supports encoding extensions.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1bnalv0ljdjzqzvh3rfyg7r4z8vdbq1gdard5q68riqdi2dnfvld"))))
+                "1cv5xsah04svxx0b6di7iah9gcwk6na2c6lp442pal9v2ybrw76f"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      '(#:configure-flags
-       '("--disable-tracker" "--disable-selinux") ; XXX: not packaged
+       '("--disable-selinux") ; XXX: not packaged
        ;; XXX: FAIL: check-nautilus
        ;;   Settings schema 'org.gnome.nautilus.preferences' is not installed
        #:tests? #f))
@@ -4941,6 +5098,9 @@ as SASL, TLS and VeNCrypt.  Additionally it supports encoding extensions.")
        ("gvfs" ,gvfs)
        ("exempi" ,exempi)
        ("gnome-desktop" ,gnome-desktop)
+       ("gnome-autoar" ,gnome-autoar)
+       ("nettle" ,nettle)    ; XXX required by libarchive.pc via gnome-autoar
+       ("tracker" ,tracker)
        ;; XXX: gtk+ is required by libnautilus-extension.pc
        ;;
        ;; Don't propagate it to reduces "profile pollution" of the 'gnome' meta
@@ -4960,7 +5120,7 @@ files.")
 (define-public baobab
   (package
     (name "baobab")
-    (version "3.20.1")
+    (version "3.22.1")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -4969,7 +5129,7 @@ files.")
                     name "-" version ".tar.xz"))
               (sha256
                (base32
-                "07wx4jb3nmipd4caybv21hl8h0gb282qc5a24b731mxhfqmg3pz9"))))
+                "1zwpzj6hbvcyw1ymqzn3zw8w4h29ad7411crbkbh71c8jwbwpssv"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("intltool" ,intltool)
@@ -4992,7 +5152,7 @@ is complete it provides a graphical representation of each selected folder.")
 (define-public gnome-backgrounds
   (package
     (name "gnome-backgrounds")
-    (version "3.20")
+    (version "3.22.1")
     (source
      (origin
        (method url-fetch)
@@ -5001,7 +5161,7 @@ is complete it provides a graphical representation of each selected folder.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "09viag7q53lfwrp074a1w7j0r8izlwpi10xbwjgbf5jwbqb6wv6n"))))
+         "09gfdrm1kaz2knyghhjb0ka1kklgbcbnqgy4c90bg0v3n899ij5z"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("intltool" ,intltool)))
@@ -5020,7 +5180,7 @@ can add your own files to the collection.")
 (define-public gnome-screenshot
   (package
     (name "gnome-screenshot")
-    (version "3.20.1")
+    (version "3.22.0")
     (source
      (origin
        (method url-fetch)
@@ -5029,7 +5189,7 @@ can add your own files to the collection.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "0hz1ywgb5vbfqr0p0cr20hmz5b11msyi3psanszdnv0lhxl9pa06"))))
+         "0c02n1hgv21m4082jx399b1yazsc0cr07ba8k0pv8v3w7i5z21ca"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("glib:bin" ,glib "bin") ; for glib-compile-schemas, etc.
@@ -5051,7 +5211,7 @@ beautifying border effects.")
 (define-public dconf-editor
   (package
     (name "dconf-editor")
-    (version "3.20.3")
+    (version "3.22.1")
     (source
      (origin
        (method url-fetch)
@@ -5060,7 +5220,7 @@ beautifying border effects.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "0yf553bd9l030shhs0jkl5gvkzkfxbxxm56xv0l0nmbplaci8wm8"))))
+         "09n1ljryjgkmxwly542zb2dh9j7h76chc0br2bbhrhkwvjjmc3ha"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      '(#:phases
@@ -5219,7 +5379,7 @@ Microsoft SkyDrive and Hotmail, using their REST protocols.")
 (define-public gnome-calendar
   (package
     (name "gnome-calendar")
-    (version "3.20.2")
+    (version "3.22.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -5227,7 +5387,7 @@ Microsoft SkyDrive and Hotmail, using their REST protocols.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1vny8fclwglapdyxd2g9fbwdlk5hhnb993k2hvq3rf0hcgswycpi"))))
+                "03wivk7hbyqrqcrd7jg0m2xj6q13248la2184qkf7zncnj72g5ih"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("intltool" ,intltool)
@@ -5236,7 +5396,8 @@ Microsoft SkyDrive and Hotmail, using their REST protocols.")
      `(("bdb" ,bdb)
        ("desktop-file-utils" ,desktop-file-utils)
        ("evolution-data-server" ,evolution-data-server)
-       ("gnome-online-accounts" ,gnome-online-accounts)))
+       ("gnome-online-accounts" ,gnome-online-accounts)
+       ("gsettings-desktop-schemas" ,gsettings-desktop-schemas)))
     (home-page "https://wiki.gnome.org/Apps/Calendar")
     (synopsis "GNOME's calendar application")
     (description
@@ -5277,7 +5438,7 @@ existing databases over the internet.")
 (define-public gnome-tweak-tool
   (package
     (name "gnome-tweak-tool")
-    (version "3.20.1")
+    (version "3.22.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/gnome-tweak-tool/"
@@ -5287,7 +5448,7 @@ existing databases over the internet.")
                         (search-patch "gnome-tweak-tool-search-paths.patch")))
               (sha256
                (base32
-                "1fj6wjvnjygzm9br3sw9gya6d18yly1rm69yaiar9spfbkvv4wai"))))
+                "1frs16p2284mdw65g1ldmf9cz5sn3rg16wz58gjrw5pn2cgf2six"))))
     (build-system glib-or-gtk-build-system)
     (arguments
      `(#:configure-flags '("--localstatedir=/tmp"
@@ -5328,7 +5489,7 @@ GNOME Shell appearance and extension, etc.")
 (define-public gnome-shell-extensions
   (package
     (name "gnome-shell-extensions")
-    (version "3.20.1")
+    (version "3.22.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -5336,7 +5497,7 @@ GNOME Shell appearance and extension, etc.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "18rr55krnqx1nzrzlj6kfzh4n67f3crakmwh28rr95y7cg0jwhxw"))))
+                "11wa4f9arr89a4y8nsvla5j58dzwlawjb2q1lz0jn5i9kv324z6z"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags '("--enable-extensions=all")))
@@ -5523,7 +5684,7 @@ GLib/GObject code.")
 (define-public libgnomekbd
   (package
     (name "libgnomekbd")
-    (version "3.6.0")
+    (version "3.22.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/" name "/"
@@ -5531,7 +5692,7 @@ GLib/GObject code.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "02bahnl3vaqyqyr99r9kwka84sxj8qdrz7x0bf97192dysqaa7n4"))))
+                "1pvpbljvxc0riamraiflnm05dpb6i4vlmqqgdh74xggbpzd302rl"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)
@@ -5714,7 +5875,7 @@ Bluefish supports many programming and markup languages.")
 (define-public gnome-system-monitor
   (package
     (name "gnome-system-monitor")
-    (version "3.20.1")
+    (version "3.22.2")
     (source
      (origin
        (method url-fetch)
@@ -5723,7 +5884,7 @@ Bluefish supports many programming and markup languages.")
                            name "-" version ".tar.xz"))
        (sha256
         (base32
-         "1ya41b58syf8g5pc12gw1xm6jhdx3crap803bjwm086r7x2an8wv"))))
+         "10n9bl2q9xxnd6mfi4scfw5x0xyyzvnblz26q9gl8vks2nbv19b8"))))
     (build-system glib-or-gtk-build-system)
     (native-inputs
      `(("glib:bin" ,glib "bin") ; for glib-mkenums.
diff --git a/gnu/packages/gnucash.scm b/gnu/packages/gnucash.scm
index 97a4818be3..e7828b7bbb 100644
--- a/gnu/packages/gnucash.scm
+++ b/gnu/packages/gnucash.scm
@@ -42,7 +42,7 @@
 (define-public gnucash
   (package
     (name "gnucash")
-    (version "2.6.14")
+    (version "2.6.15")
     (source
      (origin
       (method url-fetch)
@@ -50,7 +50,7 @@
                           version "/gnucash-" version ".tar.bz2"))
       (sha256
        (base32
-        "0xcf2nl3v6zsablmla20v283x3r0jdpixcbp37mzap82lln4y51v"))
+        "1bnvnv1sxv85bgpfklykbhymjl4sbfqc1z9as5ym97s3cf1fn68n"))
       (patches (search-patches "gnucash-price-quotes-perl.patch"))))
     (build-system gnu-build-system)
     (inputs
@@ -122,8 +122,7 @@ financial calculations or scheduled transactions.")
      (origin
        (method url-fetch)
        (uri (string-append "http://www.aquamaniac.de/sites/download/download.php?"
-                           "package=01&release=201&file=01&dummy=gwenhywfar-"
-                           version ".tar.gz"))
+                           "package=01&release=201&file=01"))
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
@@ -157,17 +156,16 @@ applications and libraries.  It is used by AqBanking.")
 (define-public aqbanking
   (package
     (name "aqbanking")
-    (version "5.6.10")
+    (version "5.6.12")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "http://www.aquamaniac.de/sites/download/download.php?"
-                           "package=03&release=206&file=01&dummy=aqbanking-"
-                           version ".tar.gz"))
+                           "package=03&release=208&file=01"))
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "1x0isvpk43rq2zlyyb9p0kgjmqv7yq07vgkiprw3f5sjkykvxw6d"))))
+         "08jbwmiv6f3v8iqdr44x4szna496fqcjfi6mlx04cnbx91m70lh6"))))
     (build-system gnu-build-system)
     (arguments
      `(;; Parallel building fails because aqhbci is required before it's
diff --git a/gnu/packages/gnupg.scm b/gnu/packages/gnupg.scm
index 151952663b..051b55f307 100644
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@@ -370,6 +370,15 @@ libskba (working with X.509 certificates and CMS data).")
     (inputs
      `(("gnupg" ,gnupg-2.0)
        ("libassuan" ,libassuan)))
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'configure 'patch-cmake-file
+           (lambda _
+             ;; Work around <https://bugs.gnupg.org/gnupg/issue2877>.
+             (substitute* "lang/cpp/src/GpgmeppConfig.cmake.in"
+               (("@libsuffix@") ".so"))
+             #t)))))
     (home-page "https://www.gnupg.org/related_software/gpgme/")
     (synopsis "Library providing simplified access to GnuPG functionality")
     (description
@@ -425,7 +434,8 @@ distributed separately.")
        ;; Unfortunately, we have to disable some tests due to some gpg-agent
        ;; goofiness... see:
        ;;   https://bugs.launchpad.net/pygpgme/+bug/999949
-       (patches (search-patches "pygpgme-disable-problematic-tests.patch"))))
+       (patches (search-patches "pygpgme-disable-problematic-tests.patch"
+                                "python-pygpgme-fix-pinentry-tests.patch"))))
     (arguments
      `(#:phases
        (modify-phases %standard-phases
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index d87d592b4d..678dc4e27f 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
@@ -36,7 +36,7 @@
   #:use-module (gnu packages gnome)
   #:use-module (gnu packages libcanberra)
   #:use-module (gnu packages cups)
-  #:use-module (gnu packages mit-krb5)
+  #:use-module (gnu packages kerberos)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
@@ -152,7 +152,7 @@ in C/C++.")
 (define-public nspr
   (package
     (name "nspr")
-    (version "4.13.1")
+    (version "4.12")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -160,7 +160,7 @@ in C/C++.")
                    version "/src/nspr-" version ".tar.gz"))
              (sha256
               (base32
-               "1arkg08l6zlp8v44shqbk2c8qzwd913lgh60fb3yfxls6d8ifk2y"))))
+               "1pk98bmc5xzbl62q5wf2d6mryf0v95z6rsmxz27nclwiaqg0mcg0"))))
     (build-system gnu-build-system)
     (native-inputs
       `(("perl" ,perl)))
@@ -186,10 +186,6 @@ in the Mozilla clients.")
 (define-public nss
   (package
     (name "nss")
-    ;; FIXME: NSS 3.27.2 fails its tests on armhf. At least some of the test
-    ;; failures appear to be caused by test certificates that have expired.
-    ;; Search the test suite output for 'PayPalEE.cert' for an example:
-    ;; <https://hydra.gnu.org/build/1712083>
     (version "3.27.1")
     (source (origin
               (method url-fetch)
@@ -321,35 +317,53 @@ standards.")
        (list
         (search-patch "icecat-avoid-bundled-libraries.patch")
         (search-patch "icecat-binutils.patch")
-        (mozilla-patch "icecat-bug-1301381.patch"       "2e5438a92617" "0pyjbzyy04759ldpcar8q8cccv67j1jkxsg46rkq7a3rbhmwmw4p") ;CVE-2016-9897
-        (mozilla-patch "icecat-bug-1317409.patch"       "7391f60fb790" "1hydggpmmm2cs9lb15micnkxn4wl4cda9g74hkn3zmks805vjz3h") ;CVE-2016-9899
-        (mozilla-patch "icecat-bug-1309834.patch"       "744e01001e6e" "0z2fq765kap3ll9as5rvjpnbj3pw26074alw7df0zi215qz47nxr") ;CVE-2016-9893-pt1
-        (mozilla-patch "icecat-bug-1317936-pt1.patch"   "8ae673f34a5b" "1rlbihckl9afa0y91lqs7gpnv6a7zxzrmxjv95y3yrl03kibqp76") ;CVE-2016-9904-pt1
-        (mozilla-patch "icecat-bug-1317936-pt2.patch"   "409c23c144fe" "05kgs16y8s5pxmg2dxp93247zagnj6zgj3209qpm5hz3an7gr13h") ;CVE-2016-9904-pt2
-        (mozilla-patch "icecat-bug-1319122.patch"       "994d9bd0e28d" "007wifyx3b2ln4fwv1i8n24yz5ngjf4mkzd7sqr5bpd3q88ff293") ;CVE-2016-9900
-        (mozilla-patch "icecat-bug-1312609.patch"       "0fc43af8982e" "0pc8q9knzq2knj723mwkay1lnzbzysb07ygxnc16mcb6f7vl2mw8") ;CVE-2016-9893-pt2
-        (mozilla-patch "icecat-bug-1319524.patch"       "19f9a4643d77" "0w5yxj1l0hvs66q9agjp4m5sfby7fj05lx33gaqf899bw4hn4vcf") ;CVE-2016-9893-pt3
-        (mozilla-patch "icecat-bug-1312548.patch"       "c58442c414f5" "1z1w1v8xagkhrwgp51ij1k2gx0ripslia09vm78812n7gcwddaas") ;CVE-2016-9893-pt4
-        (mozilla-patch "icecat-bug-1314442.patch"       "5054047b7328" "0xlw8irymfp3bcaa5jpf7clf7bq6qxp3i8zapp8jya8lzr1nf868") ;CVE-2016-9898
-        (mozilla-patch "icecat-bug-881832-pt1.patch"    "1123263318a3" "1qkxwva3zrcs1zhga8ncmndq03988dx75i896g53gbvpskj06915")
-        (mozilla-patch "icecat-bug-881832-pt2.patch"    "dc87c0a39adf" "01rapf14f3r2wk0cjd16dn1rll4ipgs33cnjmjck48nvk67ikz6h")
-        (mozilla-patch "icecat-bug-881832-pt3.patch"    "f20e5f488368" "15ql9ywifb3gm2g1057k63f821dbs3wqsh3zhndprzf3dn6aha4i")
-        (mozilla-patch "icecat-bug-881832-pt4.patch"    "7950c4d5bd7c" "0jhkg5hq5yfy7rh21k1mpbsbr81ql85aazym30zy3n2cf28xxhd7")
-        (mozilla-patch "icecat-bug-881832-pt5.patch"    "972734ec21b6" "073i4v1f1ydy49i57pvzscz95sjr5bbk9s5sajxvmmcsmwhpjdfy")
-        (mozilla-patch "icecat-bug-1293985-pt1.patch"   "aebd3687e05e" "1qz6hdgflcrqyg7fv66cbg23v4b7q5bc2yxzrgjxs4j1d7jy1s0s") ;CVE-2016-9905-pt1
-        (mozilla-patch "icecat-bug-1293985-pt2.patch"   "63d8e5cd27cb" "11fsgyngy7v59ma30xdbmycwf4izwikzvaljngm3ks4534inpl4a") ;CVE-2016-9905-pt2
-        (mozilla-patch "icecat-bug-1279202.patch"       "e560997291af" "1hn35slasfcj3ryka4fsarx4l9r99z0iwj67fmbv6zxz4z133kks")
-        (mozilla-patch "icecat-bug-1320039.patch"       "21c615b65048" "0ibgsxa36x9ajn2jqbhxxvrfvj6x6iyspsmzzn4brdz11n93skhr") ;CVE-2016-9902
-        (mozilla-patch "icecat-bug-1320057.patch"       "c15e5afc0430" "17gj32agqs94548z8lvz0l6zz3kbwajn8as0y4iw5nb6jsll4c66") ;CVE-2016-9901
-        (mozilla-patch "icecat-bug-1163212.patch"       "46163fb1cb34" "1yikayczfgfla3aka0159apq3149d52sgvlca0sivx4myd0lvjm7") ;CVE-2016-9893-pt5
-        (mozilla-patch "icecat-bug-1317805.patch"       "cde2a37100f5" "100abggnhwyw84almxrkxqfpyfkd4pqkcrh5y9g4d3jd2h16asvl") ;CVE-2016-9893-pt6
-        (mozilla-patch "icecat-bug-1298773-pt1.patch"   "9b78ab1e6d07" "19ib6bp96xk000ll40b8qxvizkncyzclz2rsb9w5fa42qs9978ff") ;CVE-2016-9893-pt7
-        (mozilla-patch "icecat-bug-1298773-pt2.patch"   "78ebf9c9dfb0" "1shgr4rk6r2zxr1qqk1j3qnnqzqxnbi093qhlrfh8q5q1ivqf6k1") ;CVE-2016-9893-pt8
-        (mozilla-patch "icecat-bug-1299098.patch"       "a46a9f16823c" "0dwkyz3kcqnfcbhbfh2lss7s0yh87rgzb871qxx3x4ynyqph9mnz") ;CVE-2016-9893-pt9
-        (mozilla-patch "icecat-bug-1311687.patch"       "6bc7cc7a33a6" "1wggcqv84n8mp7xps7hy4rwy61fkh45imfqzc0b46s3w5hyhypn2")
-        (mozilla-patch "icecat-bug-1287912.patch"       "778f65148b40" "0j2a153sk0654vv2lnxjib4lwml3mlqn6vs46c2pp82iba8nyfrm") ;CVE-2016-9893-pt10
-        (mozilla-patch "icecat-bug-1312272.patch"       "94bd2b43c766" "10h0qpr6m9cqyqxxnkbb6mzb3cagavzlynkxgd7a4izyq1bv28rk") ;CVE-2016-9895
-        (mozilla-patch "icecat-bug-1315631.patch"       "893de7431d51" "11gyik8mwipl6ipypkvdq519pw7ccbg0g0bnvxb7271n44cqqcq5"))) ;CVE-2016-9893-pt11
+        (mozilla-patch "icecat-CVE-2016-9897.patch"      "2e5438a92617" "0pyjbzyy04759ldpcar8q8cccv67j1jkxsg46rkq7a3rbhmwmw4p")
+        (mozilla-patch "icecat-CVE-2016-9899.patch"      "7391f60fb790" "1hydggpmmm2cs9lb15micnkxn4wl4cda9g74hkn3zmks805vjz3h")
+        (mozilla-patch "icecat-CVE-2016-9893-pt1.patch"  "744e01001e6e" "0z2fq765kap3ll9as5rvjpnbj3pw26074alw7df0zi215qz47nxr")
+        (mozilla-patch "icecat-CVE-2016-9904-pt1.patch"  "8ae673f34a5b" "1rlbihckl9afa0y91lqs7gpnv6a7zxzrmxjv95y3yrl03kibqp76")
+        (mozilla-patch "icecat-CVE-2016-9904-pt2.patch"  "409c23c144fe" "05kgs16y8s5pxmg2dxp93247zagnj6zgj3209qpm5hz3an7gr13h")
+        (mozilla-patch "icecat-CVE-2016-9900.patch"      "994d9bd0e28d" "007wifyx3b2ln4fwv1i8n24yz5ngjf4mkzd7sqr5bpd3q88ff293")
+        (mozilla-patch "icecat-CVE-2016-9893-pt2.patch"  "0fc43af8982e" "0pc8q9knzq2knj723mwkay1lnzbzysb07ygxnc16mcb6f7vl2mw8")
+        (mozilla-patch "icecat-CVE-2016-9893-pt3.patch"  "19f9a4643d77" "0w5yxj1l0hvs66q9agjp4m5sfby7fj05lx33gaqf899bw4hn4vcf")
+        (mozilla-patch "icecat-CVE-2016-9893-pt4.patch"  "c58442c414f5" "1z1w1v8xagkhrwgp51ij1k2gx0ripslia09vm78812n7gcwddaas")
+        (mozilla-patch "icecat-CVE-2016-9898.patch"      "5054047b7328" "0xlw8irymfp3bcaa5jpf7clf7bq6qxp3i8zapp8jya8lzr1nf868")
+        (mozilla-patch "icecat-bug-881832-pt1.patch"     "1123263318a3" "1qkxwva3zrcs1zhga8ncmndq03988dx75i896g53gbvpskj06915")
+        (mozilla-patch "icecat-bug-881832-pt2.patch"     "dc87c0a39adf" "01rapf14f3r2wk0cjd16dn1rll4ipgs33cnjmjck48nvk67ikz6h")
+        (mozilla-patch "icecat-bug-881832-pt3.patch"     "f20e5f488368" "15ql9ywifb3gm2g1057k63f821dbs3wqsh3zhndprzf3dn6aha4i")
+        (mozilla-patch "icecat-bug-881832-pt4.patch"     "7950c4d5bd7c" "0jhkg5hq5yfy7rh21k1mpbsbr81ql85aazym30zy3n2cf28xxhd7")
+        (mozilla-patch "icecat-bug-881832-pt5.patch"     "972734ec21b6" "073i4v1f1ydy49i57pvzscz95sjr5bbk9s5sajxvmmcsmwhpjdfy")
+        (mozilla-patch "icecat-CVE-2016-9905-pt1.patch"  "aebd3687e05e" "1qz6hdgflcrqyg7fv66cbg23v4b7q5bc2yxzrgjxs4j1d7jy1s0s")
+        (mozilla-patch "icecat-CVE-2016-9905-pt2.patch"  "63d8e5cd27cb" "11fsgyngy7v59ma30xdbmycwf4izwikzvaljngm3ks4534inpl4a")
+        (mozilla-patch "icecat-bug-1279202.patch"        "e560997291af" "1hn35slasfcj3ryka4fsarx4l9r99z0iwj67fmbv6zxz4z133kks")
+        (mozilla-patch "icecat-CVE-2016-9902.patch"      "21c615b65048" "0ibgsxa36x9ajn2jqbhxxvrfvj6x6iyspsmzzn4brdz11n93skhr")
+        (mozilla-patch "icecat-CVE-2016-9901.patch"      "c15e5afc0430" "17gj32agqs94548z8lvz0l6zz3kbwajn8as0y4iw5nb6jsll4c66")
+        (mozilla-patch "icecat-CVE-2016-9893-pt5.patch"  "46163fb1cb34" "1yikayczfgfla3aka0159apq3149d52sgvlca0sivx4myd0lvjm7")
+        (mozilla-patch "icecat-CVE-2016-9893-pt6.patch"  "cde2a37100f5" "100abggnhwyw84almxrkxqfpyfkd4pqkcrh5y9g4d3jd2h16asvl")
+        (mozilla-patch "icecat-CVE-2016-9893-pt7.patch"  "9b78ab1e6d07" "19ib6bp96xk000ll40b8qxvizkncyzclz2rsb9w5fa42qs9978ff")
+        (mozilla-patch "icecat-CVE-2016-9893-pt8.patch"  "78ebf9c9dfb0" "1shgr4rk6r2zxr1qqk1j3qnnqzqxnbi093qhlrfh8q5q1ivqf6k1")
+        (mozilla-patch "icecat-CVE-2016-9893-pt9.patch"  "a46a9f16823c" "0dwkyz3kcqnfcbhbfh2lss7s0yh87rgzb871qxx3x4ynyqph9mnz")
+        (mozilla-patch "icecat-bug-1311687.patch"        "6bc7cc7a33a6" "1wggcqv84n8mp7xps7hy4rwy61fkh45imfqzc0b46s3w5hyhypn2")
+        (mozilla-patch "icecat-CVE-2016-9893-pt10.patch" "778f65148b40" "0j2a153sk0654vv2lnxjib4lwml3mlqn6vs46c2pp82iba8nyfrm")
+        (mozilla-patch "icecat-CVE-2016-9895.patch"      "94bd2b43c766" "10h0qpr6m9cqyqxxnkbb6mzb3cagavzlynkxgd7a4izyq1bv28rk")
+        (mozilla-patch "icecat-CVE-2016-9893-pt11.patch" "893de7431d51" "11gyik8mwipl6ipypkvdq519pw7ccbg0g0bnvxb7271n44cqqcq5")
+        (mozilla-patch "icecat-bug-1323338.patch"        "b21dee058b2c" "005khpimffqzas7slajid4dd2c15nyk7rjk6fsps87bgnx0gx0s4")
+        (mozilla-patch "icecat-bug-1258410-pt1.patch"    "cd23c5d74be8" "1myzkpzg6pmjacjz8az06m9kz84in1mwsiaw5sgx47pm02598wm5")
+        (mozilla-patch "icecat-bug-1258410-pt2.patch"    "b83594617d15" "171cqflc9jh47az96im1whwhyq4ayicspqsczsmn2x5ll9lqw5fq")
+        (mozilla-patch "icecat-bug-1322107.patch"        "d6c6f5e4e641" "10x9f46ylm2q3i669hj1csd6agdm8w7xa0iln691z8ayg2hcrxdz")
+        (mozilla-patch "icecat-bug-1285833.patch"        "122f5fbfc563" "05pp2f4pg4j8a8pdgjhfrc8g2chhkhsarn9n8sbyag0fy3ig1cvd")
+        (mozilla-patch "icecat-bug-1297361.patch"        "297c675ddadc" "1jc1b5i69vq1fvz3qfnnv52c9cj17bjbmfyzmqlw5ywna0wfvabz")
+        (mozilla-patch "icecat-bug-1325877.patch"        "3cff736e3bb6" "1nxqwnl9zksvkfkmis7zica4xrhwfndjyy2sxc1dvrh9rshk1swq")
+        (mozilla-patch "icecat-bug-1285960.patch"        "2732280adabc" "0zrpq3aybaw2yy38vs6883a4nw01x4kxn3lfqn9yhcgjvngmmyia")
+        (mozilla-patch "icecat-bug-1325938.patch"        "81c9fdbd96e8" "0scv1zyi4vbsjdsyj4w70n5jd50baq0dzw3qpxqf1n69nfb9k214")
+        (mozilla-patch "icecat-bug-1322420.patch"        "a386ca6a3013" "1m1scz2pxzmg9wya8is5dcr3mgvkx3g1xlykgigmw2mqs5zcdg9s")
+        (mozilla-patch "icecat-bug-1328834.patch"        "0521b0e4707c" "1mv057p4hcvapibpbd9apryag19aiqdzafc6df2angl97m4mcbjx")
+        (mozilla-patch "icecat-bug-1290037.patch"        "bf0dd9ae6807" "02iw5ngsvvij95arnn69a744d6si27g1x41ixg16l51dbn900b3r")
+        (mozilla-patch "icecat-bug-1322666.patch"        "576f03e362c5" "0m88xs0jwhzx2lg12cvimxjknp7rpsvvhxxblhiqqjwnqip0pyc0")
+        (mozilla-patch "icecat-bug-1304266.patch"        "4d82e7314a72" "1rrrw4rw0xv7c2myiypcqh1fk47rk3fvic79zh6m04bl3knclr1r")
+        (mozilla-patch "icecat-bug-1322315.patch"        "0617dd4b444d" "1ipags2cl2p521pm0qx110h5di2mgif6h1r3g8l9b0rc5m9b1y2j")
+        (mozilla-patch "icecat-bug-1325200.patch"        "ead08c2a6c57" "1nnnwdr7411xpz6n9j869g6sz447cq6xsmds9cw6d24iprcinp5m")
+        (mozilla-patch "icecat-bug-1312001.patch"        "c5e67d41bdd0" "05kwn5zv381lsiw9vbzm8fh6s1lddx47l8f4pwg487h9dj7vbdfq")
+        (mozilla-patch "icecat-bug-1331058.patch"        "2ce94f2ea797" "1yrnjqpafjns68z99s1m6jins3agid7c1z3v9qgk5xzfcddl31pn")))
       (modules '((guix build utils)))
       (snippet
        '(begin
diff --git a/gnu/packages/gsasl.scm b/gnu/packages/gsasl.scm
index ce39aed655..4c8f818f91 100644
--- a/gnu/packages/gsasl.scm
+++ b/gnu/packages/gsasl.scm
@@ -21,7 +21,7 @@
   #:use-module (gnu packages compression)
   #:use-module (gnu packages libidn)
   #:use-module (gnu packages nettle)
-  #:use-module (gnu packages shishi)
+  #:use-module (gnu packages kerberos)
   #:use-module (gnu packages tls)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
diff --git a/gnu/packages/gtk.scm b/gnu/packages/gtk.scm
index fc4677c247..a506949aba 100644
--- a/gnu/packages/gtk.scm
+++ b/gnu/packages/gtk.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2014, 2015, 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2015 Federico Beffa <beffa@fbengineering.ch>
 ;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
@@ -70,7 +70,7 @@
 (define-public atk
   (package
    (name "atk")
-   (version "2.20.0")
+   (version "2.22.0")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/" name "/"
@@ -78,7 +78,7 @@
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "1w1q29yfxcq67j7fyqrfm0l0n1vy4zn539c0sf4ga9d0qkv50fj9"))))
+              "1dj47ndvspa7lghw1jvjhv3v08q5f9ab5rb395mcgjbl975gajfk"))))
    (build-system gnu-build-system)
    (outputs '("out" "doc"))
    (arguments
@@ -102,14 +102,14 @@ tools have full access to view and control running applications.")
 (define-public cairo
   (package
    (name "cairo")
-   (version "1.14.6")
+   (version "1.14.8")
    (source (origin
             (method url-fetch)
-            (uri (string-append "http://cairographics.org/releases/cairo-"
+            (uri (string-append "https://cairographics.org/releases/cairo-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "0lmjlzmghmr27y615px9hkm552x7ap6pmq9mfbzr6smp8y2b6g31"))
+              "082ypjlh03ss5616amgjp9ap3xwwccyh2knyyrj1a4d4x65dkwni"))
             (patches (search-patches "cairo-CVE-2016-9082.patch"))))
    (build-system gnu-build-system)
    (propagated-inputs
@@ -150,7 +150,7 @@ Bézier splines, transforming and compositing translucent images, and
 antialiased text rendering.  All drawing operations can be transformed by any
 affine transformation (scale, rotation, shear, etc.).")
    (license license:lgpl2.1) ; or Mozilla Public License 1.1
-   (home-page "http://cairographics.org/")))
+   (home-page "https://cairographics.org/")))
 
 (define-public cairo-xcb
   (package
@@ -168,7 +168,7 @@ affine transformation (scale, rotation, shear, etc.).")
 (define-public harfbuzz
   (package
    (name "harfbuzz")
-   (version "1.3.3")
+   (version "1.4.1")
    (source (origin
              (method url-fetch)
              (uri (string-append "https://www.freedesktop.org/software/"
@@ -176,7 +176,7 @@ affine transformation (scale, rotation, shear, etc.).")
                                  version ".tar.bz2"))
              (sha256
               (base32
-               "1jdkdjvci5d6r26vimsz24hz3xqqrk5xq40n693jn4m42mqrh816"))))
+               "1g8mndf0p0fzjfvxrprga84zvqq186gbddnw6wbna7cscfmpz8l5"))))
    (build-system gnu-build-system)
    (outputs '("out"
               "bin")) ; 160K, only hb-view depend on cairo
@@ -206,7 +206,7 @@ affine transformation (scale, rotation, shear, etc.).")
 (define-public pango
   (package
    (name "pango")
-   (version "1.40.1")
+   (version "1.40.3")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/pango/"
@@ -214,7 +214,7 @@ affine transformation (scale, rotation, shear, etc.).")
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "0h0sbh0b5kh3lvrxrb82bs86rqakf33a9jakpv33lay7f90zayp2"))))
+              "1lqi4yncw5q0v7g5makzxyp18g5cksqyld8m1wx0qli8wxf8pfmb"))))
    (build-system gnu-build-system)
    (propagated-inputs
     `(("cairo" ,cairo)
@@ -377,7 +377,7 @@ printing and other features typical of a source code editor.")
 (define-public gtksourceview
  (package
    (name "gtksourceview")
-   (version "3.20.4")
+   (version "3.22.2")
    (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnome/sources/" name "/"
@@ -385,7 +385,7 @@ printing and other features typical of a source code editor.")
                                  name "-" version ".tar.xz"))
              (sha256
               (base32
-               "009xag7df07ngav2wzs0rdrrx4s2m6ahx93pxzc2p1pkbz4nl3ks"))))
+               "0pmgff3p9q1z500aiqfn5l4mmij4yfi4qhq8fxscqc89vlql5s3c"))))
    (build-system gnu-build-system)
    (arguments
     '(#:phases
@@ -425,7 +425,7 @@ highlighting and other features typical of a source code editor.")
 (define-public gdk-pixbuf
   (package
    (name "gdk-pixbuf")
-   (version "2.34.0")
+   (version "2.36.3")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/" name "/"
@@ -433,7 +433,7 @@ highlighting and other features typical of a source code editor.")
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "0yc8indbl3hf18z6x6kjg59xp9sngm1d8vmz4c7bs6g27qw5npnm"))))
+              "1v1rssjd8p5s3lymsfhiq5mbs2pc0h1r6jd0asrwdbrign7i68sj"))))
    (build-system gnu-build-system)
    (arguments
     '(#:configure-flags '("--with-x11")
@@ -506,7 +506,7 @@ in the GNOME project.")
 (define-public at-spi2-core
   (package
    (name "at-spi2-core")
-   (version "2.20.2")
+   (version "2.22.0")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/" name "/"
@@ -514,7 +514,7 @@ in the GNOME project.")
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "0hx12snd9as4cq99ka3bn056xdf13f87pd1ilp6177qk8ffxx948"))))
+              "02n8ybhg8344mpjwvkhnzvr0qbvvl6ryi2q9irwhi0ri46ps6pj1"))))
    (build-system gnu-build-system)
    (outputs '("out" "doc"))
    (arguments
@@ -551,7 +551,7 @@ is part of the GNOME accessibility project.")
 (define-public at-spi2-atk
   (package
    (name "at-spi2-atk")
-   (version "2.20.1")
+   (version "2.22.0")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/" name "/"
@@ -559,7 +559,7 @@ is part of the GNOME accessibility project.")
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "13mzfwra0izmkzn7dsdgy5zj19n8izp0wdy7w1yg9s0qx6aafn13"))))
+              "1h8k271ad78smm41c9bmw5dc4gki0wfy324cn2g25svkp2zfvgg8"))))
    (build-system gnu-build-system)
    (arguments
     '(#:phases
@@ -649,7 +649,9 @@ application suites.")
 (define-public gtk+
   (package (inherit gtk+-2)
    (name "gtk+")
-   (version "3.20.9")
+   ;; NOTE: When updating the version of 'gtk+', the hash of 'mate-themes' in
+   ;;       mate.scm will also need to be updated.
+   (version "3.22.6")
    (source (origin
             (method url-fetch)
             (uri (string-append "mirror://gnome/sources/" name "/"
@@ -657,7 +659,7 @@ application suites.")
                                 name "-" version ".tar.xz"))
             (sha256
              (base32
-              "05xcwvy68p7f4hdhi4bgdm3aycvqqr4pr5kkkr8ba91l5yx0k9l3"))
+              "0bqpx8825b1fdjmz14wq20zq58gq1yi1p5xjps8l6zqid8hmm9zb"))
             (patches (search-patches "gtk3-respect-GUIX_GTK3_PATH.patch"
                                      "gtk3-respect-GUIX_GTK3_IM_MODULE_FILE.patch"))))
    (outputs '("out" "bin" "doc"))
@@ -929,15 +931,14 @@ guile-gnome-platform (GNOME developer libraries), and guile-gtksourceview.")
 (define-public cairomm
   (package
     (name "cairomm")
-    (version "1.12.0")
+    (version "1.12.2")
     (source (origin
               (method url-fetch)
-              (uri (string-append "mirror://gnome/sources/cairomm/"
-                                  (version-major+minor version) "/"
-                                  name "-" version ".tar.xz"))
+              (uri (string-append "https://www.cairographics.org/releases/"
+                                  name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1rmgs6zjj2vaxh9hsa0944m23fdn1psycqh7bi984qd8jj1xljm5"))))
+                "16fmigxsaz85c3lgcls7biwyz8zy8c8h3jndfm54cxxas3a7zi25"))))
     (build-system gnu-build-system)
     (arguments
      ;; The examples lack -lcairo.
@@ -948,7 +949,7 @@ guile-gnome-platform (GNOME developer libraries), and guile-gtksourceview.")
        ("freetype" ,freetype)
        ("fontconfig" ,fontconfig)
        ("cairo" ,cairo)))
-    (home-page "http://cairographics.org/")
+    (home-page "https://cairographics.org/")
     (synopsis "C++ bindings to the Cairo 2D graphics library")
     (description
      "Cairomm provides a C++ programming interface to the Cairo 2D graphics
@@ -1007,7 +1008,7 @@ toolkit.")
 (define-public gtkmm
   (package
     (name "gtkmm")
-    (version "3.20.1")
+    (version "3.22.0")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnome/sources/" name "/"
@@ -1015,7 +1016,7 @@ toolkit.")
                                  name "-" version ".tar.xz"))
              (sha256
               (base32
-               "04n631a127pyidaz82ypdy9syq1hzj636r32y9hyr9kcfnwf2785"))))
+               "1x8l0ny6r3ym53z82q9d5fan4m9vi93xy3b3hj1hrclgc95lvnh5"))))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)
                      ("glib" ,glib "bin")        ;for 'glib-compile-resources'
@@ -1053,7 +1054,7 @@ extensive documentation, including API reference and a tutorial.")
 (define-public gtkmm-2
   (package (inherit gtkmm)
     (name "gtkmm")
-    (version "2.24.4")
+    (version "2.24.5")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnome/sources/" name "/"
@@ -1061,7 +1062,7 @@ extensive documentation, including API reference and a tutorial.")
                                  name "-" version ".tar.xz"))
              (sha256
               (base32
-               "1vpmjqv0aqb1ds0xi6nigxnhlr0c74090xzi15b92amlzkrjyfj4"))))
+               "0wkbzvsx4kgw16f6xjdc1dz7f77ldngdila4yi5lw2zrgcxsb006"))))
     (arguments
      '(#:configure-flags '("CPPFLAGS=-std=c++11"))) ; required by libsigc++
     (native-inputs `(("pkg-config" ,pkg-config)))
@@ -1197,7 +1198,7 @@ write GNOME applications.")
 (define-public girara
   (package
     (name "girara")
-    (version "0.2.6")
+    (version "0.2.7")
     (source (origin
               (method url-fetch)
               (uri
@@ -1205,7 +1206,7 @@ write GNOME applications.")
                               version ".tar.gz"))
               (sha256
                (base32
-                "03wsxj27hvcbs3x96nah7j3paclifwlfag8kdph4kldl48srp9pb"))))
+                "1r9jbhf9n40zj4ddqv1q5spijpjm683nxg4hr5lnir4a551s7rlq"))))
     (native-inputs `(("pkg-config" ,pkg-config)
                      ("gettext" ,gettext-minimal)))
     (inputs `(("gtk+" ,gtk+)
diff --git a/gnu/packages/guile.scm b/gnu/packages/guile.scm
index a408f8f9aa..917f1357c7 100644
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2015 Christopher Allan Webber <cwebber@dustycloud.org>
+;;; Copyright © 2015, 2017 Christopher Allan Webber <cwebber@dustycloud.org>
 ;;; Copyright © 2016 Alex Sassmannshausen <alex@pompo.co>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Erik Edrosa <erik.edrosa@gmail.com>
@@ -9,6 +9,7 @@
 ;;; Copyright © 2016 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2016 Adonay "adfeno" Felipe Nogueira <https://libreplanet.org/wiki/User:Adfeno> <adfeno@openmailbox.org>
 ;;; Copyright © 2016 Amirouche <amirouche@hypermove.net>
+;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -512,6 +513,46 @@ format is also supported.")
                                    (,modules)))
                                #t))))))))))))
 
+(define-public guile-ics
+  (package
+    (name "guile-ics")
+    (version "0.1.1")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/artyom-poptsov/guile-ics")
+                    (commit "v0.1.1")))
+              (file-name (string-append name "-" version "-checkout"))
+              (sha256
+               (base32
+                "1pvg6j48inpbq47hq00yh5hhl2qd2srvrx5yjl7w7ky1jsjadp86"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:phases (modify-phases %standard-phases
+                  (add-before 'configure 'autoreconf
+                              (lambda _
+                                ;; Repository comes with a broken symlink
+                                (delete-file "README")
+                                (symlink "README.org" "README")
+                                (zero? (system* "autoreconf" "-fi")))))))
+    (native-inputs
+     `(("autoconf" ,(autoconf-wrapper))
+       ("automake" ,automake)
+       ("texinfo" ,texinfo)
+       ;; Gettext brings 'AC_LIB_LINKFLAGS_FROM_LIBS'.
+       ("gettext" ,gettext-minimal)
+       ("pkg-config" ,pkg-config)))
+    (inputs `(("guile" ,guile-2.0) ("which" ,which)))
+    (propagated-inputs `(("guile-lib" ,guile-lib)))
+    (home-page "https://github.com/artyom-poptsov/guile-ics")
+    (synopsis "Guile parser library for the iCalendar format")
+    (description
+     "Guile-ICS is an iCalendar (RFC5545) format parser library written in
+pure Scheme.  The library can be used to read and write iCalendar data.
+
+The library is shipped with documentation in Info format and usage examples.")
+    (license gpl3+)))
+
 (define-public guile-lib
   (package
     (name "guile-lib")
@@ -559,14 +600,14 @@ for Guile\".")
 (define-public guile-json
   (package
     (name "guile-json")
-    (version "0.5.0")
+    (version "0.6.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://savannah/guile-json/guile-json-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0l8a34l92nrdszy7ykycfvr8y0n0yi5qb3ccliycvpvf9mzk5n8d"))
+                "1qmjg7lbgciw95fkdzvlp9f68vv17kdjky42ywfzd4ffzwww0lgc"))
               (modules '((guix build utils)))
               (snippet
                ;; Make sure everything goes under .../site/X.Y, like Guile's
@@ -836,8 +877,10 @@ Guile's foreign function interface.")
       (name "guile-sqlite3")
       (version (string-append "0.0-0." (string-take commit 7)))
 
-      ;; XXX: Gitorious being dead, this is not a reliable home page.
-      (home-page "https://www.gitorious.org/guile-sqlite3/guile-sqlite3.git/")
+      ;; XXX: This used to be available read-only at
+      ;; <https://www.gitorious.org/guile-sqlite3/guile-sqlite3.git/> but it
+      ;; eventually disappeared, so we have our own copy here.
+      (home-page "https://notabug.org/civodul/guile-sqlite3.git")
       (source (origin
                 (method git-fetch)
                 (uri (git-reference
@@ -1483,4 +1526,37 @@ enable -f ~/.guix-profile/lib/bash/libguile-bash.so scm
 and then run @command{scm example.scm}.")
       (license gpl3+))))
 
+(define-public guile-8sync
+  (package
+    (name "guile-8sync")
+    (version "0.4.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://gnu/8sync/8sync-" version
+                                  ".tar.gz"))
+              (sha256
+               (base32
+                "1fvf8d2s3vvg4nyskbqaiqmlm2x571hv7hizcnmny45zvalydr9h"))))
+    (build-system gnu-build-system)
+    (native-inputs `(("autoconf" ,autoconf)
+                     ("automake" ,automake)
+                     ("guile" ,guile-next)
+                     ("pkg-config" ,pkg-config)
+                     ("texinfo" ,texinfo)))
+    (arguments
+     `(#:phases (modify-phases %standard-phases
+                  (add-before 'configure 'setenv
+                    (lambda _
+                      ;; quiet warnings
+                      (setenv "GUILE_AUTO_COMPILE" "0")
+                      #t)))))
+    (home-page "https://gnu.org/s/8sync/")
+    (synopsis "Asynchronous actor model library for Guile")
+    (description
+     "GNU 8sync (pronounced \"eight-sync\") is an asynchronous programming
+library for GNU Guile based on the actor model.
+
+Note that 8sync is only available for Guile 2.2 (guile-next in Guix).")
+    (license lgpl3+)))
+
 ;;; guile.scm ends here
diff --git a/gnu/packages/haskell.scm b/gnu/packages/haskell.scm
index ac0eac3fe8..56b0090ee0 100644
--- a/gnu/packages/haskell.scm
+++ b/gnu/packages/haskell.scm
@@ -6,8 +6,9 @@
 ;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016, 2017 David Craven <david@craven.ch>
+;;; Copyright © 2017 Danny Milosavljevic <dannym@scratchpost.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -48,6 +49,7 @@
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system haskell)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix utils)
@@ -1605,6 +1607,25 @@ UTF8 without truncation.")
 environment variables.")
     (license license:expat)))
 
+(define-public ghc-setlocale
+  (package
+    (name "ghc-setlocale")
+    (version "1.0.0.4")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://hackage.haskell.org/package/setlocale-"
+                    version "/setlocale-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1sd73zgpijr9xjdj5p562cmlcxmx5iff5k8xh9b6rpcgrgnnlf9j"))))
+    (build-system haskell-build-system)
+    (home-page "https://hackage.haskell.org/package/setlocale")
+    (synopsis "Haskell bindings to setlocale")
+    (description "This package provides Haskell bindings to the
+@code{setlocale} C function.")
+    (license license:bsd-3)))
+
 (define-public ghc-x11
   (package
     (name "ghc-x11")
@@ -2974,7 +2995,7 @@ writing to stdout and other handles.")
 (define-public ghc-quickcheck-instances
   (package
     (name "ghc-quickcheck-instances")
-    (version "0.3.11")
+    (version "0.3.12")
     (source
      (origin
        (method url-fetch)
@@ -2984,13 +3005,15 @@ writing to stdout and other handles.")
              version ".tar.gz"))
        (sha256
         (base32
-         "041s6963czs1pz0fc9cx17lgd6p83czqy2nxji7bhxqxwl2j15h2"))))
+         "1wwvkzpams7i0j7nk5qj8vvhj8x5zcbgbgrpczszgvshva4bkmfx"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-old-time" ,ghc-old-time)
        ("ghc-unordered-containers" ,ghc-unordered-containers)
        ("ghc-hashable" ,ghc-hashable)
        ("ghc-quickcheck" ,ghc-quickcheck)
+       ("ghc-scientific" ,ghc-scientific)
+       ("ghc-vector" ,ghc-vector)
        ("ghc-text" ,ghc-text)))
     (home-page
      "https://github.com/aslatter/qc-instances")
@@ -3050,7 +3073,7 @@ use HUnit assertions as QuickCheck properties.")
 (define-public ghc-quickcheck
   (package
     (name "ghc-quickcheck")
-    (version "2.8.1")
+    (version "2.8.2")
     (outputs '("out" "doc"))
     (source
      (origin
@@ -3061,7 +3084,7 @@ use HUnit assertions as QuickCheck properties.")
              ".tar.gz"))
        (sha256
         (base32
-         "0fvnfl30fxmj5q920l13641ar896d53z0z6z66m7c1366lvalwvh"))))
+         "1ai6k5v0bibaxq8xffcblc6rwmmk6gf8vjyd9p2h3y6vwbhlvilq"))))
     (build-system haskell-build-system)
     (arguments
      `(#:tests? #f  ; FIXME: currently missing libraries used for tests.
@@ -4571,7 +4594,7 @@ just a @code{Semigroup} are added.")
 (define-public ghc-semigroups
   (package
     (name "ghc-semigroups")
-    (version "0.17.0.1")
+    (version "0.18.2")
     (source
      (origin
        (method url-fetch)
@@ -4581,7 +4604,7 @@ just a @code{Semigroup} are added.")
              ".tar.gz"))
        (sha256
         (base32
-         "0gvpfi7s6ys4qha3y9a1zl1a15gf9cgg33wjb94ghg82ivcxnc3r"))))
+         "1r6hsn3am3dpf4rprrj4m04d9318v9iq02bin0pl29dg4a3gzjax"))))
     (build-system haskell-build-system)
     (inputs
      `(("ghc-nats" ,ghc-nats)
@@ -8100,4 +8123,64 @@ and a large set of GNU extensions.")
 same time is a literate Haskell program.")
     (license license:expat)))
 
+(define-public corrode
+  (let ((commit "b6699fb2fa552a07c6091276285a44133e5c9789"))
+    (package
+      (name "corrode")
+      (version (string-append "0.0.1-" (string-take commit 7)))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/jameysharp/corrode.git")
+               (commit "b6699fb2fa552a07c6091276285a44133e5c9789")))
+         (file-name
+          (string-append name "-" version "-checkout"))
+         (sha256
+          (base32 "02v0yyj6sk4gpg2222wzsdqjxn8w66scbnf6b20x0kbmc69qcz4r"))))
+      (build-system haskell-build-system)
+      (inputs
+       `(("ghc-language-c" ,ghc-language-c)
+         ("ghc-markdown-unlit" ,ghc-markdown-unlit)))
+      (home-page "https://github.com/jameysharp/corrode")
+      (synopsis "Automatic semantics-preserving translation from C to Rust")
+      (description
+       "This program reads a C source file and prints an equivalent module in
+Rust syntax.  It is intended to be useful for two different purposes:
+
+@enumerate
+@item Partial automation for migrating legacy code that was implemented in C.
+@item A new, complementary approach to static analysis for C programs.
+@end enumerate\n")
+      (license license:gpl2+))))
+
+(define-public ghc-wave
+  (package
+    (name "ghc-wave")
+    (version "0.1.4")
+    (source (origin
+      (method url-fetch)
+      (uri (string-append
+             "https://hackage.haskell.org/package/wave/wave-"
+             version
+             ".tar.gz"))
+      (sha256
+        (base32
+          "1g5nmqfk6p25v9ismwz4i66ay91bd1qh39xwj0hm4z6a5mw8frk8"))))
+    (build-system haskell-build-system)
+    (inputs
+     `(("ghc-cereal" ,ghc-cereal)
+       ("ghc-data-default-class"
+        ,ghc-data-default-class)
+       ("ghc-quickcheck" ,ghc-quickcheck)
+       ("ghc-temporary" ,ghc-temporary)))
+    (native-inputs
+     `(("hspec-discover" ,hspec-discover)
+       ("ghc-hspec" ,ghc-hspec)))
+    (home-page "https://github.com/mrkkrp/wave")
+    (synopsis "Work with WAVE and RF64 files in Haskell")
+    (description "This package allows you to work with WAVE and RF64
+files in Haskell.")
+    (license license:bsd-3)))
+
 ;;; haskell.scm ends here
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 4e40533a21..637819947c 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -8,6 +8,7 @@
 ;;; Copyright © 2015 Amirouche Boubekki <amirouche@hypermove.net>
 ;;; Copyright © 2014 John Darrington <jmd@gnu.org>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
@@ -258,6 +259,7 @@ extracting icontainer icon files.")
 (define-public libtiff
   (package
    (name "libtiff")
+   (replacement libtiff/fixed)
    (version "4.0.7")
    (source (origin
             (method url-fetch)
@@ -290,6 +292,29 @@ collection of tools for doing simple manipulations of TIFF images.")
                                   "See COPYRIGHT in the distribution."))
    (home-page "http://www.simplesystems.org/libtiff/")))
 
+(define libtiff/fixed
+  (package
+    (inherit libtiff)
+    (source
+      (origin
+        (inherit (package-source libtiff))
+        (patches (search-patches "libtiff-heap-overflow-tiffcp.patch"
+                                 "libtiff-null-dereference.patch"
+                                 "libtiff-heap-overflow-tif-dirread.patch"
+                                 "libtiff-heap-overflow-pixarlog-luv.patch"
+                                 "libtiff-divide-by-zero.patch"
+                                 "libtiff-divide-by-zero-ojpeg.patch"
+                                 "libtiff-tiffcp-underflow.patch"
+                                 "libtiff-invalid-read.patch"
+                                 "libtiff-CVE-2016-10092.patch"
+                                 "libtiff-heap-overflow-tiffcrop.patch"
+                                 "libtiff-divide-by-zero-tiffcrop.patch"
+                                 "libtiff-CVE-2016-10093.patch"
+                                 "libtiff-divide-by-zero-tiffcp.patch"
+                                 "libtiff-assertion-failure.patch"
+                                 "libtiff-CVE-2016-10094.patch"
+                                 "libtiff-CVE-2017-5225.patch"))))))
+
 (define-public libwmf
   (package
     (name "libwmf")
diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm
index 48d468734b..f956f9cb36 100644
--- a/gnu/packages/imagemagick.scm
+++ b/gnu/packages/imagemagick.scm
@@ -43,14 +43,17 @@
 (define-public imagemagick
   (package
     (name "imagemagick")
-    (version "6.9.7-0")
+    ;; The 7 release series has an incompatible API, while the 6 series is still
+    ;; maintained. Don't update to 7 until we've made sure that the ImageMagick
+    ;; users are ready for the 7-series API.
+    (version "6.9.7-5")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://imagemagick/ImageMagick-"
                                  version ".tar.xz"))
              (sha256
               (base32
-               "0c6ff1am2mhc0dc26h50l78yx6acwqymwpwgkxgx69cb6jfpwrdx"))))
+               "013f3g9pvvqgxchdkjxx4nr80sfq51nmkc3ij39m2xzyc438bq8c"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags '("--with-frozenpaths" "--without-gcc-arch")
diff --git a/gnu/packages/irc.scm b/gnu/packages/irc.scm
index 44e21af7d6..82eb103688 100644
--- a/gnu/packages/irc.scm
+++ b/gnu/packages/irc.scm
@@ -140,14 +140,14 @@ SILC and ICB protocols via plugins.")
 (define-public weechat
   (package
     (name "weechat")
-    (version "1.6")
+    (version "1.7")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://weechat.org/files/src/weechat-"
                                   version ".tar.xz"))
               (sha256
                (base32
-                "1qqnb9bdi15l30378rnmhf26ndacwi5hmq5vpz4lfyihk17xnryn"))
+                "1crdwlxj5liik32svflfac0s87vm6p8xm208yndigzsbg8rli4sr"))
               (patches (search-patches "weechat-python.patch"))))
     (build-system gnu-build-system)
     (native-inputs `(("autoconf" ,autoconf)
diff --git a/gnu/packages/java.scm b/gnu/packages/java.scm
index 3a08fd83a8..d7df4f6bad 100644
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@@ -47,7 +47,7 @@
   #:use-module (gnu packages wget)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages perl)
-  #:use-module (gnu packages mit-krb5)
+  #:use-module (gnu packages kerberos)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages xorg)
   #:use-module (gnu packages zip)
diff --git a/gnu/packages/kde-frameworks.scm b/gnu/packages/kde-frameworks.scm
index a7f2cabbc4..86a5853366 100644
--- a/gnu/packages/kde-frameworks.scm
+++ b/gnu/packages/kde-frameworks.scm
@@ -1296,8 +1296,8 @@ integrated it into your application's other widgets.")
          (add-before 'check 'start-xorg-server
            (lambda* (#:key inputs #:allow-other-keys)
              ;; The test suite requires a running X server.
-             (system (string-append (assoc-ref inputs "xorg-server")
-                                    "/bin/Xvfb :1 &"))
+             (system "Xvfb :1 &")
+             (sleep 2)              ;XXX: give the server enough time to start
              (setenv "DISPLAY" ":1")
              #t)))))
     (home-page "https://community.kde.org/Frameworks")
diff --git a/gnu/packages/kde.scm b/gnu/packages/kde.scm
index db8609a645..aef56bb202 100644
--- a/gnu/packages/kde.scm
+++ b/gnu/packages/kde.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016 Thomas Danckaert <post@thomasdanckaert.be>
+;;; Copyright © 2016, 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -39,7 +39,7 @@
 (define-public kdevelop
   (package
     (name "kdevelop")
-    (version "5.0.2")
+    (version "5.0.3")
     (source
       (origin
         (method url-fetch)
@@ -48,7 +48,7 @@
                             version ".tar.xz"))
         (sha256
          (base32
-          "0rl6csmzf14gf0r0mk7z2lj7cq8fggf5qmlbxq6j68vp2q0pj0cv"))))
+          "00gn2c66pyd9qaa0zhn2lqam0zsg7fbyi13hk32wclxq73y8v98p"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -98,15 +98,18 @@
              (let* ((out  (assoc-ref outputs "out"))
                     (kdevplatform (assoc-ref inputs "kdevplatform"))
                     (kio (assoc-ref inputs "kio"))
+                    (kcmutils (assoc-ref inputs "kcmutils"))
                     (qtquickcontrols (assoc-ref inputs "qtquickcontrols"))
                     (qtdeclarative (assoc-ref inputs "qtdeclarative"))
-                    (plugins "/lib/plugins")
+                    (profile "$HOME/.guix-profile")
                     (qml "/qml"))
                (wrap-program (string-append out "/bin/kdevelop")
+                 `("XDG_DATA_DIRS" ":" prefix
+                   ,(map (lambda (s) (string-append s "/share"))
+                         (list profile out kdevplatform kcmutils)))
                  `("QT_PLUGIN_PATH" ":" prefix
-                   (,(string-append out plugins)
-                    ,(string-append kdevplatform plugins)
-                    ,(string-append kio plugins)))
+                   ,(map (lambda (s) (string-append s "/lib/plugins"))
+                         (list profile out kdevplatform kio)))
                  `("QML2_IMPORT_PATH" ":" prefix
                    (,(string-append qtquickcontrols qml)
                     ,(string-append qtdeclarative qml))))))))))
@@ -145,14 +148,14 @@ for some KDevelop language plugins (Ruby, PHP, CSS...).")
 (define-public kdevplatform
   (package
     (name "kdevplatform")
-    (version "5.0.2")
+    (version "5.0.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/KDE/kdevplatform/archive/v"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1m8c0ixv91diyy9bvq53d4jik4zrnf7bix7clad4ywxnlpcs4ahr"))
+                "1k40wg08iwyswnpbs4bfh4yq38pp0qi78shjh4pf7yfa2kbid30j"))
               (file-name (string-append name "-" version ".tar.gz"))))
     (build-system cmake-build-system)
     (native-inputs
diff --git a/gnu/packages/kerberos.scm b/gnu/packages/kerberos.scm
new file mode 100644
index 0000000000..9f042bd707
--- /dev/null
+++ b/gnu/packages/kerberos.scm
@@ -0,0 +1,187 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2012, 2013 Andreas Enge <andreas@enge.fr>
+;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2012, 2013 Nikita Karetnikov <nikita@karetnikov.org>
+;;; Copyright © 2012, 2017 Ludovic Courtès <ludo@gnu.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages kerberos)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages bison)
+  #:use-module (gnu packages perl)
+  #:use-module (gnu packages gnupg)
+  #:use-module (gnu packages libidn)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages pkg-config)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages databases)
+  #:use-module (gnu packages readline)
+  #:use-module (gnu packages tls)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages)
+  #:use-module (guix download)
+  #:use-module (guix utils)
+  #:use-module (guix build-system gnu))
+
+(define-public mit-krb5
+  (package
+    (name "mit-krb5")
+    (version "1.14.4")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://web.mit.edu/kerberos/dist/krb5/"
+                                  (version-major+minor version)
+                                  "/krb5-" version ".tar.gz"))
+              (sha256
+               (base32
+                "158bgq9xcg5ljgzia1880ak7m9g6vf2r009rzdqif5n9h111m9h3"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("bison" ,bison)
+       ("perl" ,perl)))
+    (arguments
+     `(;; Work around "No rule to make target '../../include/gssapi/gssapi.h',
+       ;; needed by 'authgss_prot.so'."
+       #:parallel-build? #f
+
+       ;; Likewise with tests.
+       #:parallel-tests? #f
+
+       ;; XXX: On 32-bit systems, 'kdb5_util' hangs on an fcntl/F_SETLKW call
+       ;; while running the tests in 'src/tests'.
+       #:tests? ,(string=? (%current-system) "x86_64-linux")
+
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'enter-source-directory
+           (lambda _
+             (chdir "src")
+             #t))
+         (add-before 'check 'pre-check
+           (lambda* (#:key inputs #:allow-other-keys)
+             (let ((perl (assoc-ref inputs "perl")))
+               (substitute* "plugins/kdb/db2/libdb2/test/run.test"
+                 (("/bin/cat") (string-append perl "/bin/perl"))
+                 (("D/bin/sh") (string-append "D" (which "sh")))
+                 (("bindir=/bin/.") (string-append "bindir=" perl "/bin"))))
+
+             ;; avoid service names since /etc/services is unavailable
+             (substitute* "tests/resolve/Makefile"
+               (("-p telnet") "-p 23"))
+             #t)))))
+    (synopsis "MIT Kerberos 5")
+    (description
+     "Massachusetts Institute of Technology implementation of Kerberos.
+Kerberos is a network authentication protocol designed to provide strong
+authentication for client/server applications by using secret-key
+cryptography.")
+    (license (license:non-copyleft "file://NOTICE"
+                                   "See NOTICE in the distribution."))
+    (home-page "http://web.mit.edu/kerberos/")))
+
+(define-public shishi
+  (package
+    (name "shishi")
+    (version "1.0.2")
+    (source
+     (origin
+      (method url-fetch)
+      (uri (string-append "mirror://gnu/shishi/shishi-"
+                          version ".tar.gz"))
+      (sha256
+       (base32
+        "032qf72cpjdfffq1yq54gz3ahgqf2ijca4vl31sfabmjzq9q370d"))))
+    (build-system gnu-build-system)
+    (native-inputs `(("pkg-config" ,pkg-config)))
+    (inputs
+     `(("gnutls" ,gnutls)
+       ("libidn" ,libidn)
+       ("linux-pam" ,linux-pam-1.2)
+       ("zlib" ,zlib)
+       ;; libgcrypt 1.6 fails because of the following test:
+       ;;  #include <gcrypt.h>
+       ;; /* GCRY_MODULE_ID_USER was added in 1.4.4 and gc-libgcrypt.c
+       ;;    will fail on startup if we don't have 1.4.4 or later, so
+       ;;    test for it early. */
+       ;; #if !defined GCRY_MODULE_ID_USER
+       ;; error too old libgcrypt
+       ;; #endif
+       ("libgcrypt" ,libgcrypt-1.5)
+       ("libtasn1" ,libtasn1)))
+    (home-page "http://www.gnu.org/software/shishi/")
+    (synopsis "Implementation of the Kerberos 5 network security system")
+    (description
+     "GNU Shishi is a free implementation of the Kerberos 5 network security
+system.  It is used to allow non-secure network nodes to communicate in a
+secure manner through client-server mutual authentication via tickets.")
+    (license license:gpl3+)))
+
+(define-public heimdal
+  (package
+    (name "heimdal")
+    (version "1.5.3")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://www.h5l.org/dist/src/heimdal-"
+                                  version ".tar.gz"))
+              (sha256
+               (base32
+                "19gypf9vzfrs2bw231qljfl4cqc1riyg0ai0xmm1nd1wngnpphma"))
+              (modules '((guix build utils)))
+              (snippet
+               '(substitute* "configure"
+                  (("User=.*$") "User=Guix\n")
+                  (("Date=.*$") "Date=2017\n")))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:configure-flags (list
+                          ;; Work around a linker error.
+                          "CFLAGS=-pthread"
+
+                          ;; Avoid 7 MiB of .a files.
+                          "--disable-static"
+
+                          ;; Do not build libedit.
+                          (string-append
+                           "--with-readline-lib="
+                           (assoc-ref %build-inputs "readline") "/lib")
+                          (string-append
+                           "--with-readline-include="
+                           (assoc-ref %build-inputs "readline") "/include"))
+
+       #:phases (modify-phases %standard-phases
+                  (add-before 'check 'skip-tests
+                    (lambda _
+                      ;; The test simply runs 'ftp --version && ftp --help'
+                      ;; but that fails in the chroot because 'ftp' tries to
+                      ;; do a service lookup before printing the help/version.
+                      (substitute* "appl/ftp/ftp/Makefile.in"
+                        (("^CHECK_LOCAL =.*")
+                         "CHECK_LOCAL = no-check-local\n"))
+                      #t)))))
+    (native-inputs `(("e2fsprogs" ,e2fsprogs)))   ;for 'compile_et'
+    (inputs `(("readline" ,readline)
+              ("bdb" ,bdb)
+              ("e2fsprogs" ,e2fsprogs)))          ;for libcom_err
+    (home-page "http://www.h5l.org/")
+    (synopsis "Kerberos 5 network authentication")
+    (description
+     "Heimdal is an implementation of Kerberos 5 network authentication
+service.")
+    (license license:bsd-3)))
diff --git a/gnu/packages/linux-libre-4.8-i686.conf b/gnu/packages/linux-libre-4.9-i686.conf
index 75c9824cb1..4f3a9f9271 100644
--- a/gnu/packages/linux-libre-4.8-i686.conf
+++ b/gnu/packages/linux-libre-4.9-i686.conf
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.8.0-gnu Kernel Configuration
+# Linux/x86 4.9.0-gnu Kernel Configuration
 #
 # CONFIG_64BIT is not set
 CONFIG_X86_32=y
@@ -43,6 +43,7 @@ CONFIG_PGTABLE_LEVELS=3
 CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
 CONFIG_IRQ_WORK=y
 CONFIG_BUILDTIME_EXTABLE_SORT=y
+CONFIG_THREAD_INFO_IN_TASK=y
 
 #
 # General setup
@@ -281,6 +282,7 @@ CONFIG_SECCOMP_FILTER=y
 CONFIG_HAVE_GCC_PLUGINS=y
 CONFIG_GCC_PLUGINS=y
 # CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
+# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
 CONFIG_HAVE_CC_STACKPROTECTOR=y
 CONFIG_CC_STACKPROTECTOR=y
 # CONFIG_CC_STACKPROTECTOR_NONE is not set
@@ -302,6 +304,7 @@ CONFIG_CLONE_BACKWARDS=y
 CONFIG_OLD_SIGSUSPEND3=y
 CONFIG_OLD_SIGACTION=y
 # CONFIG_CPU_NO_EFFICIENT_FFS is not set
+# CONFIG_HAVE_ARCH_VMAP_STACK is not set
 
 #
 # GCOV-based kernel profiling
@@ -353,6 +356,7 @@ CONFIG_KARMA_PARTITION=y
 CONFIG_EFI_PARTITION=y
 CONFIG_SYSV68_PARTITION=y
 CONFIG_CMDLINE_PARTITION=y
+CONFIG_BLK_MQ_PCI=y
 
 #
 # IO Schedulers
@@ -686,6 +690,7 @@ CONFIG_ACPI_APEI_PCIEAER=y
 CONFIG_ACPI_APEI_EINJ=m
 # CONFIG_ACPI_APEI_ERST_DEBUG is not set
 CONFIG_DPTF_POWER=m
+CONFIG_ACPI_WATCHDOG=y
 CONFIG_ACPI_EXTLOG=m
 # CONFIG_PMIC_OPREGION is not set
 CONFIG_ACPI_CONFIGFS=m
@@ -717,7 +722,7 @@ CONFIG_CPU_FREQ_GOV_POWERSAVE=y
 CONFIG_CPU_FREQ_GOV_USERSPACE=y
 CONFIG_CPU_FREQ_GOV_ONDEMAND=y
 CONFIG_CPU_FREQ_GOV_CONSERVATIVE=y
-CONFIG_CPU_FREQ_GOV_SCHEDUTIL=m
+CONFIG_CPU_FREQ_GOV_SCHEDUTIL=y
 
 #
 # CPU frequency scaling drivers
@@ -784,6 +789,7 @@ CONFIG_PCIEASPM_DEFAULT=y
 # CONFIG_PCIEASPM_PERFORMANCE is not set
 CONFIG_PCIE_PME=y
 CONFIG_PCIE_DPC=y
+CONFIG_PCIE_PTM=y
 CONFIG_PCI_BUS_ADDR_T_64BIT=y
 CONFIG_PCI_MSI=y
 CONFIG_PCI_MSI_IRQ_DOMAIN=y
@@ -879,7 +885,6 @@ CONFIG_BINFMT_MISC=m
 CONFIG_COREDUMP=y
 CONFIG_HAVE_ATOMIC_IOMAP=y
 CONFIG_PMC_ATOM=y
-# CONFIG_VMD is not set
 CONFIG_NET=y
 CONFIG_NET_INGRESS=y
 CONFIG_NET_EGRESS=y
@@ -954,6 +959,7 @@ CONFIG_TCP_CONG_YEAH=m
 CONFIG_TCP_CONG_ILLINOIS=m
 CONFIG_TCP_CONG_DCTCP=m
 CONFIG_TCP_CONG_CDG=m
+CONFIG_TCP_CONG_BBR=m
 CONFIG_DEFAULT_CUBIC=y
 # CONFIG_DEFAULT_RENO is not set
 CONFIG_DEFAULT_TCP_CONG="cubic"
@@ -1049,9 +1055,10 @@ CONFIG_NF_TABLES_INET=m
 CONFIG_NF_TABLES_NETDEV=m
 CONFIG_NFT_EXTHDR=m
 CONFIG_NFT_META=m
+CONFIG_NFT_NUMGEN=m
 CONFIG_NFT_CT=m
-CONFIG_NFT_RBTREE=m
-CONFIG_NFT_HASH=m
+CONFIG_NFT_SET_RBTREE=m
+CONFIG_NFT_SET_HASH=m
 CONFIG_NFT_COUNTER=m
 CONFIG_NFT_LOG=m
 CONFIG_NFT_LIMIT=m
@@ -1059,9 +1066,11 @@ CONFIG_NFT_MASQ=m
 CONFIG_NFT_REDIR=m
 CONFIG_NFT_NAT=m
 CONFIG_NFT_QUEUE=m
+CONFIG_NFT_QUOTA=m
 CONFIG_NFT_REJECT=m
 CONFIG_NFT_REJECT_INET=m
 CONFIG_NFT_COMPAT=m
+CONFIG_NFT_HASH=m
 CONFIG_NF_DUP_NETDEV=m
 CONFIG_NFT_DUP_NETDEV=m
 CONFIG_NFT_FWD_NETDEV=m
@@ -1487,9 +1496,12 @@ CONFIG_NET_ACT_CSUM=m
 CONFIG_NET_ACT_VLAN=m
 CONFIG_NET_ACT_BPF=m
 CONFIG_NET_ACT_CONNMARK=m
+CONFIG_NET_ACT_SKBMOD=m
 CONFIG_NET_ACT_IFE=m
+CONFIG_NET_ACT_TUNNEL_KEY=m
 CONFIG_NET_IFE_SKBMARK=m
 CONFIG_NET_IFE_SKBPRIO=m
+CONFIG_NET_IFE_SKBTCINDEX=m
 # CONFIG_NET_CLS_IND is not set
 CONFIG_NET_SCH_FIFO=y
 CONFIG_DCB=y
@@ -1500,6 +1512,7 @@ CONFIG_BATMAN_ADV_BLA=y
 CONFIG_BATMAN_ADV_DAT=y
 CONFIG_BATMAN_ADV_NC=y
 CONFIG_BATMAN_ADV_MCAST=y
+CONFIG_BATMAN_ADV_DEBUGFS=y
 # CONFIG_BATMAN_ADV_DEBUG is not set
 CONFIG_OPENVSWITCH=m
 CONFIG_OPENVSWITCH_GRE=m
@@ -1704,6 +1717,7 @@ CONFIG_BT_HCIUART_INTEL=y
 CONFIG_BT_HCIUART_BCM=y
 CONFIG_BT_HCIUART_QCA=y
 CONFIG_BT_HCIUART_AG6XX=y
+CONFIG_BT_HCIUART_MRVL=y
 CONFIG_BT_HCIBCM203X=m
 CONFIG_BT_HCIBPA10X=m
 CONFIG_BT_HCIBFUSB=m
@@ -1717,9 +1731,12 @@ CONFIG_BT_MRVL_SDIO=m
 CONFIG_BT_ATH3K=m
 CONFIG_BT_WILINK=m
 CONFIG_AF_RXRPC=m
+CONFIG_AF_RXRPC_IPV6=y
+# CONFIG_AF_RXRPC_INJECT_LOSS is not set
 # CONFIG_AF_RXRPC_DEBUG is not set
 # CONFIG_RXKAD is not set
 CONFIG_AF_KCM=m
+CONFIG_STREAM_PARSER=m
 CONFIG_FIB_RULES=y
 CONFIG_WIRELESS=y
 CONFIG_WIRELESS_EXT=y
@@ -1843,6 +1860,7 @@ CONFIG_ALLOW_DEV_COREDUMP=y
 CONFIG_DEV_COREDUMP=y
 # CONFIG_DEBUG_DRIVER is not set
 # CONFIG_DEBUG_DEVRES is not set
+# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set
 CONFIG_SYS_HYPERVISOR=y
 # CONFIG_GENERIC_CPU_DEVICES is not set
 CONFIG_GENERIC_CPU_AUTOPROBE=y
@@ -2124,9 +2142,6 @@ CONFIG_HMC6352=m
 CONFIG_DS1682=m
 CONFIG_TI_DAC7512=m
 CONFIG_VMWARE_BALLOON=m
-CONFIG_BMP085=m
-CONFIG_BMP085_I2C=m
-CONFIG_BMP085_SPI=m
 CONFIG_PCH_PHUB=m
 CONFIG_USB_SWITCH_FSA9480=m
 CONFIG_LATTICE_ECP3_CONFIG=m
@@ -2253,7 +2268,6 @@ CONFIG_BLK_DEV_3W_XXXX_RAID=m
 CONFIG_SCSI_HPSA=m
 CONFIG_SCSI_3W_9XXX=m
 CONFIG_SCSI_3W_SAS=m
-CONFIG_SCSI_7000FASST=m
 CONFIG_SCSI_ACARD=m
 CONFIG_SCSI_AHA152X=m
 CONFIG_SCSI_AHA1542=m
@@ -2279,7 +2293,6 @@ CONFIG_SCSI_MVSAS=m
 CONFIG_SCSI_MVUMI=m
 CONFIG_SCSI_DPT_I2O=m
 CONFIG_SCSI_ADVANSYS=m
-CONFIG_SCSI_IN2000=m
 CONFIG_SCSI_ARCMSR=m
 CONFIG_SCSI_ESAS2R=m
 CONFIG_MEGARAID_NEWGEN=y
@@ -2291,6 +2304,7 @@ CONFIG_SCSI_MPT3SAS=m
 CONFIG_SCSI_MPT2SAS_MAX_SGE=128
 CONFIG_SCSI_MPT3SAS_MAX_SGE=128
 CONFIG_SCSI_MPT2SAS=m
+CONFIG_SCSI_SMARTPQI=m
 CONFIG_SCSI_UFSHCD=m
 CONFIG_SCSI_UFSHCD_PCI=m
 # CONFIG_SCSI_UFS_DWC_TC_PCI is not set
@@ -2309,7 +2323,6 @@ CONFIG_FCOE_FNIC=m
 CONFIG_SCSI_SNIC=m
 # CONFIG_SCSI_SNIC_DEBUG_FS is not set
 CONFIG_SCSI_DMX3191D=m
-CONFIG_SCSI_DTC3280=m
 CONFIG_SCSI_EATA=m
 CONFIG_SCSI_EATA_TAGGED_QUEUE=y
 CONFIG_SCSI_EATA_LINKED_COMMANDS=y
@@ -2336,7 +2349,6 @@ CONFIG_SCSI_SYM53C8XX_MMIO=y
 CONFIG_SCSI_IPR=m
 CONFIG_SCSI_IPR_TRACE=y
 CONFIG_SCSI_IPR_DUMP=y
-CONFIG_SCSI_PAS16=m
 CONFIG_SCSI_QLOGIC_FAS=m
 CONFIG_SCSI_QLOGIC_1280=m
 CONFIG_SCSI_QLA_FC=m
@@ -2349,12 +2361,6 @@ CONFIG_SCSI_SIM710=m
 CONFIG_SCSI_SYM53C416=m
 CONFIG_SCSI_DC395x=m
 CONFIG_SCSI_AM53C974=m
-CONFIG_SCSI_T128=m
-CONFIG_SCSI_U14_34F=m
-CONFIG_SCSI_U14_34F_TAGGED_QUEUE=y
-CONFIG_SCSI_U14_34F_LINKED_COMMANDS=y
-CONFIG_SCSI_U14_34F_MAX_TAGS=8
-CONFIG_SCSI_ULTRASTOR=m
 CONFIG_SCSI_NSP32=m
 CONFIG_SCSI_WD719X=m
 CONFIG_SCSI_DEBUG=m
@@ -2663,6 +2669,8 @@ CONFIG_NET_VENDOR_ALTEON=y
 CONFIG_ACENIC=m
 # CONFIG_ACENIC_OMIT_TIGON_I is not set
 CONFIG_ALTERA_TSE=m
+CONFIG_NET_VENDOR_AMAZON=y
+CONFIG_ENA_ETHERNET=m
 CONFIG_NET_VENDOR_AMD=y
 CONFIG_AMD8111_ETH=m
 CONFIG_LANCE=m
@@ -2825,6 +2833,7 @@ CONFIG_QED=m
 CONFIG_QED_SRIOV=y
 CONFIG_QEDE=m
 CONFIG_NET_VENDOR_QUALCOMM=y
+CONFIG_QCOM_EMAC=m
 CONFIG_NET_VENDOR_REALTEK=y
 CONFIG_ATP=m
 CONFIG_8139CP=m
@@ -2897,37 +2906,43 @@ CONFIG_PHYLIB=y
 CONFIG_SWPHY=y
 
 #
+# MDIO bus device drivers
+#
+CONFIG_MDIO_BCM_UNIMAC=m
+CONFIG_MDIO_BITBANG=m
+CONFIG_MDIO_GPIO=m
+
+#
 # MII PHY device drivers
 #
+CONFIG_AMD_PHY=m
 CONFIG_AQUANTIA_PHY=m
 CONFIG_AT803X_PHY=m
-CONFIG_AMD_PHY=m
-CONFIG_MARVELL_PHY=m
-CONFIG_DAVICOM_PHY=m
-CONFIG_QSEMI_PHY=m
-CONFIG_LXT_PHY=m
-CONFIG_CICADA_PHY=m
-CONFIG_VITESSE_PHY=m
-CONFIG_TERANETICS_PHY=m
-CONFIG_SMSC_PHY=m
-CONFIG_BCM_NET_PHYLIB=m
-CONFIG_BROADCOM_PHY=m
 CONFIG_BCM7XXX_PHY=m
 CONFIG_BCM87XX_PHY=m
-CONFIG_ICPLUS_PHY=m
-CONFIG_REALTEK_PHY=m
-CONFIG_NATIONAL_PHY=m
-CONFIG_STE10XP=m
-CONFIG_LSI_ET1011C_PHY=m
-CONFIG_MICREL_PHY=m
+CONFIG_BCM_NET_PHYLIB=m
+CONFIG_BROADCOM_PHY=m
+CONFIG_CICADA_PHY=m
+CONFIG_DAVICOM_PHY=m
 CONFIG_DP83848_PHY=m
 CONFIG_DP83867_PHY=m
-CONFIG_MICROCHIP_PHY=m
 CONFIG_FIXED_PHY=y
-CONFIG_MDIO_BITBANG=m
-CONFIG_MDIO_GPIO=m
-CONFIG_MDIO_BCM_UNIMAC=m
+CONFIG_ICPLUS_PHY=m
 CONFIG_INTEL_XWAY_PHY=m
+CONFIG_LSI_ET1011C_PHY=m
+CONFIG_LXT_PHY=m
+CONFIG_MARVELL_PHY=m
+CONFIG_MICREL_PHY=m
+CONFIG_MICROCHIP_PHY=m
+CONFIG_MICROSEMI_PHY=m
+CONFIG_NATIONAL_PHY=m
+CONFIG_QSEMI_PHY=m
+CONFIG_REALTEK_PHY=m
+CONFIG_SMSC_PHY=m
+CONFIG_STE10XP=m
+CONFIG_TERANETICS_PHY=m
+CONFIG_VITESSE_PHY=m
+CONFIG_XILINX_GMII2RGMII=m
 CONFIG_MICREL_KS8995MA=m
 CONFIG_PLIP=m
 CONFIG_PPP=y
@@ -3458,6 +3473,7 @@ CONFIG_INPUT_EVDEV=y
 # Input Device Drivers
 #
 CONFIG_INPUT_KEYBOARD=y
+CONFIG_KEYBOARD_ADC=m
 CONFIG_KEYBOARD_ADP5520=m
 CONFIG_KEYBOARD_ADP5588=m
 CONFIG_KEYBOARD_ADP5589=m
@@ -3559,6 +3575,7 @@ CONFIG_TOUCHSCREEN_AD7879=m
 CONFIG_TOUCHSCREEN_AD7879_I2C=m
 CONFIG_TOUCHSCREEN_AD7879_SPI=m
 CONFIG_TOUCHSCREEN_ATMEL_MXT=m
+# CONFIG_TOUCHSCREEN_ATMEL_MXT_T37 is not set
 CONFIG_TOUCHSCREEN_AUO_PIXCIR=m
 CONFIG_TOUCHSCREEN_BU21013=m
 CONFIG_TOUCHSCREEN_CY8CTMG110=m
@@ -3574,11 +3591,11 @@ CONFIG_TOUCHSCREEN_DYNAPRO=m
 CONFIG_TOUCHSCREEN_HAMPSHIRE=m
 CONFIG_TOUCHSCREEN_EETI=m
 CONFIG_TOUCHSCREEN_EGALAX_SERIAL=m
-CONFIG_TOUCHSCREEN_FT6236=m
 CONFIG_TOUCHSCREEN_FUJITSU=m
 CONFIG_TOUCHSCREEN_GOODIX=m
 CONFIG_TOUCHSCREEN_ILI210X=m
 CONFIG_TOUCHSCREEN_GUNZE=m
+CONFIG_TOUCHSCREEN_EKTF2127=m
 CONFIG_TOUCHSCREEN_ELAN=m
 CONFIG_TOUCHSCREEN_ELO=m
 CONFIG_TOUCHSCREEN_WACOM_W8001=m
@@ -3662,6 +3679,7 @@ CONFIG_INPUT_APANEL=m
 CONFIG_INPUT_GP2A=m
 CONFIG_INPUT_GPIO_BEEPER=m
 CONFIG_INPUT_GPIO_TILT_POLLED=m
+CONFIG_INPUT_GPIO_DECODER=m
 CONFIG_INPUT_WISTRON_BTNS=m
 CONFIG_INPUT_ATLAS_BTNS=m
 CONFIG_INPUT_ATI_REMOTE2=m
@@ -3708,6 +3726,7 @@ CONFIG_RMI4_2D_SENSOR=y
 CONFIG_RMI4_F11=y
 CONFIG_RMI4_F12=y
 CONFIG_RMI4_F30=y
+# CONFIG_RMI4_F54 is not set
 
 #
 # Hardware I/O ports
@@ -3790,6 +3809,7 @@ CONFIG_SERIAL_8250_RSA=y
 # CONFIG_SERIAL_8250_FSL is not set
 CONFIG_SERIAL_8250_DW=m
 CONFIG_SERIAL_8250_RT288X=y
+CONFIG_SERIAL_8250_LPSS=m
 CONFIG_SERIAL_8250_MID=m
 CONFIG_SERIAL_8250_MOXA=m
 
@@ -4078,7 +4098,6 @@ CONFIG_PINCTRL_INTEL=m
 CONFIG_PINCTRL_BROXTON=m
 CONFIG_PINCTRL_SUNRISEPOINT=m
 CONFIG_GPIOLIB=y
-CONFIG_GPIO_DEVRES=y
 CONFIG_GPIO_ACPI=y
 CONFIG_GPIOLIB_IRQCHIP=y
 # CONFIG_DEBUG_GPIO is not set
@@ -4090,11 +4109,13 @@ CONFIG_GPIO_MAX730X=m
 # Memory mapped GPIO drivers
 #
 CONFIG_GPIO_AMDPT=m
+CONFIG_GPIO_AXP209=m
 CONFIG_GPIO_DWAPB=m
 CONFIG_GPIO_GENERIC_PLATFORM=m
 CONFIG_GPIO_ICH=m
 CONFIG_GPIO_LYNXPOINT=y
 CONFIG_GPIO_MENZ127=m
+# CONFIG_GPIO_MOCKUP is not set
 CONFIG_GPIO_VX855=m
 CONFIG_GPIO_ZX=y
 
@@ -4105,6 +4126,7 @@ CONFIG_GPIO_104_DIO_48E=m
 CONFIG_GPIO_104_IDIO_16=m
 CONFIG_GPIO_104_IDI_48=m
 CONFIG_GPIO_F7188X=m
+CONFIG_GPIO_GPIO_MM=m
 CONFIG_GPIO_IT87=m
 CONFIG_GPIO_SCH=m
 CONFIG_GPIO_SCH311X=m
@@ -4120,6 +4142,7 @@ CONFIG_GPIO_PCA953X=m
 CONFIG_GPIO_PCF857X=m
 CONFIG_GPIO_SX150X=y
 CONFIG_GPIO_TPIC2810=m
+CONFIG_GPIO_TS4900=m
 
 #
 # MFD GPIO expanders
@@ -4134,6 +4157,7 @@ CONFIG_GPIO_DLN2=m
 CONFIG_GPIO_JANZ_TTL=m
 CONFIG_GPIO_KEMPLD=m
 CONFIG_GPIO_LP3943=m
+CONFIG_GPIO_LP873X=m
 CONFIG_GPIO_MSIC=y
 CONFIG_GPIO_PALMAS=y
 CONFIG_GPIO_RC5T583=y
@@ -4146,6 +4170,7 @@ CONFIG_GPIO_TPS65912=m
 CONFIG_GPIO_TWL4030=m
 CONFIG_GPIO_TWL6040=m
 CONFIG_GPIO_UCB1400=m
+CONFIG_GPIO_WHISKEY_COVE=m
 CONFIG_GPIO_WM831X=m
 CONFIG_GPIO_WM8350=m
 CONFIG_GPIO_WM8994=m
@@ -4205,6 +4230,9 @@ CONFIG_W1_SLAVE_DS2780=m
 CONFIG_W1_SLAVE_DS2781=m
 CONFIG_W1_SLAVE_DS28E04=m
 CONFIG_W1_SLAVE_BQ27000=m
+CONFIG_POWER_AVS=y
+CONFIG_POWER_RESET=y
+CONFIG_POWER_RESET_RESTART=y
 CONFIG_POWER_SUPPLY=y
 # CONFIG_POWER_SUPPLY_DEBUG is not set
 CONFIG_PDA_POWER=m
@@ -4258,9 +4286,6 @@ CONFIG_BATTERY_GAUGE_LTC2941=m
 CONFIG_BATTERY_RT5033=m
 CONFIG_CHARGER_RT9455=m
 CONFIG_AXP20X_POWER=m
-CONFIG_POWER_RESET=y
-CONFIG_POWER_RESET_RESTART=y
-CONFIG_POWER_AVS=y
 CONFIG_HWMON=y
 CONFIG_HWMON_VID=m
 # CONFIG_HWMON_DEBUG_CHIP is not set
@@ -4428,6 +4453,7 @@ CONFIG_SENSORS_W83627HF=m
 CONFIG_SENSORS_W83627EHF=m
 CONFIG_SENSORS_WM831X=m
 CONFIG_SENSORS_WM8350=m
+CONFIG_SENSORS_XGENE=m
 
 #
 # ACPI drivers
@@ -4458,6 +4484,7 @@ CONFIG_INTEL_SOC_DTS_THERMAL=m
 CONFIG_INT340X_THERMAL=m
 CONFIG_ACPI_THERMAL_REL=m
 CONFIG_INT3406_THERMAL=m
+CONFIG_INTEL_BXT_PMIC_THERMAL=m
 CONFIG_INTEL_PCH_THERMAL=m
 CONFIG_GENERIC_ADC_THERMAL=m
 CONFIG_WATCHDOG=y
@@ -4474,6 +4501,7 @@ CONFIG_DA9055_WATCHDOG=m
 CONFIG_DA9063_WATCHDOG=m
 CONFIG_DA9062_WATCHDOG=m
 CONFIG_MENF21BMC_WATCHDOG=m
+CONFIG_WDAT_WDT=m
 CONFIG_WM831X_WATCHDOG=m
 CONFIG_WM8350_WATCHDOG=m
 CONFIG_XILINX_WATCHDOG=m
@@ -4544,6 +4572,11 @@ CONFIG_WDTPCI=m
 # USB-based Watchdog Cards
 #
 CONFIG_USBPCWATCHDOG=m
+
+#
+# Watchdog Pretimeout Governors
+#
+# CONFIG_WATCHDOG_PRETIMEOUT_GOV is not set
 CONFIG_SSB_POSSIBLE=y
 
 #
@@ -4603,6 +4636,7 @@ CONFIG_MFD_DA9062=m
 CONFIG_MFD_DA9063=y
 CONFIG_MFD_DA9150=m
 CONFIG_MFD_DLN2=m
+CONFIG_MFD_EXYNOS_LPASS=m
 CONFIG_MFD_MC13XXX=m
 CONFIG_MFD_MC13XXX_SPI=m
 CONFIG_MFD_MC13XXX_I2C=m
@@ -4662,6 +4696,7 @@ CONFIG_TPS6507X=m
 CONFIG_MFD_TPS65086=m
 CONFIG_MFD_TPS65090=y
 CONFIG_MFD_TPS65217=m
+CONFIG_MFD_TI_LP873X=m
 CONFIG_MFD_TPS65218=m
 CONFIG_MFD_TPS6586X=y
 CONFIG_MFD_TPS65910=y
@@ -4725,6 +4760,7 @@ CONFIG_REGULATOR_LP872X=m
 CONFIG_REGULATOR_LP8755=m
 CONFIG_REGULATOR_LP8788=m
 CONFIG_REGULATOR_LTC3589=m
+CONFIG_REGULATOR_LTC3676=m
 CONFIG_REGULATOR_MAX14577=m
 CONFIG_REGULATOR_MAX1586=m
 CONFIG_REGULATOR_MAX8649=m
@@ -4793,6 +4829,7 @@ CONFIG_VIDEO_V4L2_SUBDEV_API=y
 CONFIG_VIDEO_V4L2=m
 # CONFIG_VIDEO_ADV_DEBUG is not set
 # CONFIG_VIDEO_FIXED_MINOR_RANGES is not set
+# CONFIG_VIDEO_PCI_SKELETON is not set
 CONFIG_VIDEO_TUNER=m
 CONFIG_V4L2_MEM2MEM_DEV=m
 CONFIG_V4L2_FLASH_LED_CLASS=m
@@ -4948,6 +4985,7 @@ CONFIG_VIDEO_TM6000_DVB=m
 #
 CONFIG_DVB_USB=m
 # CONFIG_DVB_USB_DEBUG is not set
+CONFIG_DVB_USB_DIB3000MC=m
 CONFIG_DVB_USB_A800=m
 CONFIG_DVB_USB_DIBUSB_MB=m
 # CONFIG_DVB_USB_DIBUSB_MB_FAULTY is not set
@@ -5015,6 +5053,7 @@ CONFIG_MEDIA_PCI_SUPPORT=y
 #
 CONFIG_VIDEO_MEYE=m
 CONFIG_VIDEO_SOLO6X10=m
+CONFIG_VIDEO_TW5864=m
 CONFIG_VIDEO_TW68=m
 CONFIG_VIDEO_TW686X=m
 CONFIG_VIDEO_ZORAN=m
@@ -5170,7 +5209,7 @@ CONFIG_SMS_SIANO_DEBUGFS=y
 CONFIG_VIDEO_V4L2_TPG=m
 
 #
-# Media ancillary drivers (tuners, sensors, i2c, frontends)
+# Media ancillary drivers (tuners, sensors, i2c, spi, frontends)
 #
 CONFIG_MEDIA_SUBDRV_AUTOSELECT=y
 CONFIG_MEDIA_ATTACH=y
@@ -5236,6 +5275,7 @@ CONFIG_VIDEO_ADV7511=m
 #
 CONFIG_VIDEO_OV7640=m
 CONFIG_VIDEO_OV7670=m
+CONFIG_VIDEO_MT9M111=m
 CONFIG_VIDEO_MT9V011=m
 
 #
@@ -5393,6 +5433,7 @@ CONFIG_DVB_RTL2832=m
 CONFIG_DVB_RTL2832_SDR=m
 CONFIG_DVB_SI2168=m
 CONFIG_DVB_AS102_FE=m
+CONFIG_DVB_GP8PSK_FE=m
 
 #
 # DVB-C (cable) frontends
@@ -5498,15 +5539,13 @@ CONFIG_DRM_TTM=m
 CONFIG_DRM_I2C_CH7006=m
 CONFIG_DRM_I2C_SIL164=m
 CONFIG_DRM_I2C_NXP_TDA998X=m
-CONFIG_DRM_TDFX=m
-CONFIG_DRM_R128=m
 CONFIG_DRM_RADEON=m
 # CONFIG_DRM_RADEON_USERPTR is not set
 CONFIG_DRM_AMDGPU=m
+# CONFIG_DRM_AMDGPU_SI is not set
 # CONFIG_DRM_AMDGPU_CIK is not set
 CONFIG_DRM_AMDGPU_USERPTR=y
 # CONFIG_DRM_AMDGPU_GART_DEBUGFS is not set
-# CONFIG_DRM_AMD_POWERPLAY is not set
 
 #
 # ACP (Audio CoProcessor) Configuration
@@ -5516,7 +5555,6 @@ CONFIG_DRM_NOUVEAU=m
 CONFIG_NOUVEAU_DEBUG=5
 CONFIG_NOUVEAU_DEBUG_DEFAULT=3
 CONFIG_DRM_NOUVEAU_BACKLIGHT=y
-CONFIG_DRM_I810=m
 CONFIG_DRM_I915=m
 # CONFIG_DRM_I915_PRELIMINARY_HW_SUPPORT is not set
 CONFIG_DRM_I915_USERPTR=y
@@ -5527,10 +5565,6 @@ CONFIG_DRM_I915_USERPTR=y
 #
 # CONFIG_DRM_I915_WERROR is not set
 # CONFIG_DRM_I915_DEBUG is not set
-CONFIG_DRM_MGA=m
-CONFIG_DRM_SIS=m
-CONFIG_DRM_VIA=m
-CONFIG_DRM_SAVAGE=m
 CONFIG_DRM_VGEM=m
 CONFIG_DRM_VMWGFX=m
 CONFIG_DRM_VMWGFX_FBCON=y
@@ -5556,6 +5590,7 @@ CONFIG_DRM_BRIDGE=y
 # Display Interface Bridges
 #
 CONFIG_DRM_ANALOGIX_ANX78XX=m
+# CONFIG_DRM_LEGACY is not set
 
 #
 # Frame buffer Devices
@@ -5747,6 +5782,7 @@ CONFIG_SND=m
 CONFIG_SND_TIMER=m
 CONFIG_SND_PCM=m
 CONFIG_SND_PCM_ELD=y
+CONFIG_SND_PCM_IEC958=y
 CONFIG_SND_DMAENGINE_PCM=m
 CONFIG_SND_HWDEP=m
 CONFIG_SND_RAWMIDI=m
@@ -6012,12 +6048,6 @@ CONFIG_SND_SOC_INTEL_SKYLAKE=m
 CONFIG_SND_SOC_INTEL_SKL_RT286_MACH=m
 CONFIG_SND_SOC_INTEL_SKL_NAU88L25_SSM4567_MACH=m
 CONFIG_SND_SOC_INTEL_SKL_NAU88L25_MAX98357A_MACH=m
-
-#
-# Allwinner SoC Audio support
-#
-CONFIG_SND_SUN4I_CODEC=m
-CONFIG_SND_SUN4I_I2S=m
 CONFIG_SND_SOC_XTFPGA_I2S=m
 CONFIG_SND_SOC_I2C_AND_SPI=m
 
@@ -6052,6 +6082,7 @@ CONFIG_SND_SOC_CS4349=m
 CONFIG_SND_SOC_CS53L30=m
 CONFIG_SND_SOC_DA7219=m
 CONFIG_SND_SOC_DMIC=m
+CONFIG_SND_SOC_HDMI_CODEC=m
 CONFIG_SND_SOC_ES8328=m
 CONFIG_SND_SOC_GTM601=m
 CONFIG_SND_SOC_HDAC_HDMI=m
@@ -6079,6 +6110,7 @@ CONFIG_SND_SOC_RT5631=m
 CONFIG_SND_SOC_RT5640=m
 CONFIG_SND_SOC_RT5645=m
 CONFIG_SND_SOC_RT5651=m
+CONFIG_SND_SOC_RT5663=m
 CONFIG_SND_SOC_RT5670=m
 # CONFIG_SND_SOC_RT5677_SPI is not set
 CONFIG_SND_SOC_SGTL5000=m
@@ -6127,6 +6159,7 @@ CONFIG_SND_SOC_WM8962=m
 CONFIG_SND_SOC_WM8974=m
 CONFIG_SND_SOC_WM8978=m
 CONFIG_SND_SOC_WM8985=m
+CONFIG_SND_SOC_NAU8810=m
 CONFIG_SND_SOC_NAU8825=m
 CONFIG_SND_SOC_TPA6130A2=m
 CONFIG_SND_SIMPLE_CARD_UTILS=m
@@ -6270,7 +6303,7 @@ CONFIG_USB_DYNAMIC_MINORS=y
 # CONFIG_USB_OTG is not set
 # CONFIG_USB_OTG_WHITELIST is not set
 # CONFIG_USB_OTG_BLACKLIST_HUB is not set
-CONFIG_USB_ULPI_BUS=m
+CONFIG_USB_LEDS_TRIGGER_USBPORT=m
 CONFIG_USB_MON=m
 CONFIG_USB_WUSB=m
 CONFIG_USB_WUSB_CBAF=m
@@ -6348,6 +6381,8 @@ CONFIG_USB_MDC800=m
 CONFIG_USB_MICROTEK=m
 CONFIG_USBIP_CORE=m
 CONFIG_USBIP_VHCI_HCD=m
+CONFIG_USBIP_VHCI_HC_PORTS=8
+CONFIG_USBIP_VHCI_NR_HCS=1
 CONFIG_USBIP_HOST=m
 CONFIG_USBIP_VUDC=m
 # CONFIG_USBIP_DEBUG is not set
@@ -6491,6 +6526,7 @@ CONFIG_USB_ISIGHTFW=m
 CONFIG_USB_YUREX=m
 CONFIG_USB_EZUSB_FX2=m
 CONFIG_USB_HSIC_USB3503=m
+CONFIG_USB_HSIC_USB4604=m
 CONFIG_USB_LINK_LAYER_TEST=m
 CONFIG_USB_CHAOSKEY=m
 CONFIG_UCSI=m
@@ -6609,6 +6645,7 @@ CONFIG_USB_G_DBGP=m
 CONFIG_USB_G_DBGP_SERIAL=y
 CONFIG_USB_G_WEBCAM=m
 CONFIG_USB_LED_TRIG=y
+CONFIG_USB_ULPI_BUS=m
 CONFIG_UWB=m
 CONFIG_UWB_HWA=m
 CONFIG_UWB_WHCI=m
@@ -6816,6 +6853,7 @@ CONFIG_RTC_DRV_ABB5ZES3=m
 CONFIG_RTC_DRV_ABX80X=m
 CONFIG_RTC_DRV_DS1307=m
 CONFIG_RTC_DRV_DS1307_HWMON=y
+# CONFIG_RTC_DRV_DS1307_CENTURY is not set
 CONFIG_RTC_DRV_DS1374=m
 CONFIG_RTC_DRV_DS1374_WDT=y
 CONFIG_RTC_DRV_DS1672=m
@@ -6828,7 +6866,6 @@ CONFIG_RTC_DRV_MAX8997=m
 CONFIG_RTC_DRV_RS5C372=m
 CONFIG_RTC_DRV_ISL1208=m
 CONFIG_RTC_DRV_ISL12022=m
-CONFIG_RTC_DRV_ISL12057=m
 CONFIG_RTC_DRV_X1205=m
 CONFIG_RTC_DRV_PCF8523=m
 CONFIG_RTC_DRV_PCF85063=m
@@ -6961,6 +6998,7 @@ CONFIG_KS0108_PORT=0x378
 CONFIG_KS0108_DELAY=2
 CONFIG_CFAG12864B=m
 CONFIG_CFAG12864B_RATE=20
+CONFIG_IMG_ASCII_LCD=m
 CONFIG_UIO=m
 CONFIG_UIO_CIF=m
 CONFIG_UIO_PDRV_GENIRQ=m
@@ -7179,9 +7217,6 @@ CONFIG_RTL8192E=m
 CONFIG_R8712U=m
 CONFIG_R8188EU=m
 CONFIG_88EU_AP_MODE=y
-CONFIG_R8723AU=m
-CONFIG_8723AU_AP_MODE=y
-CONFIG_8723AU_BT_COEXIST=y
 CONFIG_RTS5208=m
 CONFIG_VT6655=m
 CONFIG_VT6656=m
@@ -7317,7 +7352,6 @@ CONFIG_MTD_SPINAND_ONDIEECC=y
 CONFIG_LNET=m
 CONFIG_LNET_MAX_PAYLOAD=1048576
 # CONFIG_LNET_SELFTEST is not set
-CONFIG_LNET_XPRT_IB=m
 # CONFIG_LUSTRE_FS is not set
 CONFIG_DGNC=m
 CONFIG_GS_FPGABOOT=m
@@ -7376,6 +7410,7 @@ CONFIG_ISDN_DRV_ICN=m
 CONFIG_ISDN_DRV_PCBIT=m
 CONFIG_ISDN_DRV_ACT2000=m
 CONFIG_KS7010=m
+# CONFIG_GREYBUS is not set
 CONFIG_X86_PLATFORM_DEVICES=y
 CONFIG_ACER_WMI=m
 CONFIG_ACERHDF=m
@@ -7469,7 +7504,6 @@ CONFIG_COMMON_CLK_PALMAS=m
 CONFIG_COMMON_CLK_PWM=m
 # CONFIG_COMMON_CLK_PXA is not set
 # CONFIG_COMMON_CLK_PIC32 is not set
-# CONFIG_SUNXI_CCU is not set
 
 #
 # Hardware Spinlock drivers
@@ -7553,6 +7587,7 @@ CONFIG_EXTCON_MAX77693=m
 CONFIG_EXTCON_MAX77843=m
 CONFIG_EXTCON_MAX8997=m
 CONFIG_EXTCON_PALMAS=m
+CONFIG_EXTCON_QCOM_SPMI_MISC=m
 CONFIG_EXTCON_RT8973A=m
 CONFIG_EXTCON_SM5502=m
 CONFIG_EXTCON_USB_GPIO=m
@@ -7577,12 +7612,16 @@ CONFIG_BMA220=m
 CONFIG_BMC150_ACCEL=m
 CONFIG_BMC150_ACCEL_I2C=m
 CONFIG_BMC150_ACCEL_SPI=m
+CONFIG_DMARD09=m
 CONFIG_HID_SENSOR_ACCEL_3D=m
 CONFIG_IIO_ST_ACCEL_3AXIS=m
 CONFIG_IIO_ST_ACCEL_I2C_3AXIS=m
 CONFIG_IIO_ST_ACCEL_SPI_3AXIS=m
 CONFIG_KXSD9=m
+CONFIG_KXSD9_SPI=m
+CONFIG_KXSD9_I2C=m
 CONFIG_KXCJK1013=m
+CONFIG_MC3230=m
 CONFIG_MMA7455=m
 CONFIG_MMA7455_I2C=m
 CONFIG_MMA7455_SPI=m
@@ -7615,6 +7654,7 @@ CONFIG_DA9150_GPADC=m
 CONFIG_HI8435=m
 CONFIG_INA2XX_ADC=m
 CONFIG_LP8788_ADC=m
+CONFIG_LTC2485=m
 CONFIG_MAX1027=m
 CONFIG_MAX1363=m
 CONFIG_MCP320X=m
@@ -7624,9 +7664,12 @@ CONFIG_NAU7802=m
 CONFIG_PALMAS_GPADC=m
 CONFIG_QCOM_SPMI_IADC=m
 CONFIG_QCOM_SPMI_VADC=m
+CONFIG_STX104=m
 CONFIG_TI_ADC081C=m
 CONFIG_TI_ADC0832=m
+CONFIG_TI_ADC12138=m
 CONFIG_TI_ADC128S052=m
+CONFIG_TI_ADC161S626=m
 CONFIG_TI_ADS1015=m
 CONFIG_TI_AM335X_ADC=m
 CONFIG_TWL4030_MADC=m
@@ -7681,11 +7724,12 @@ CONFIG_AD5761=m
 CONFIG_AD5764=m
 CONFIG_AD5791=m
 CONFIG_AD7303=m
+CONFIG_CIO_DAC=m
+CONFIG_AD8801=m
 CONFIG_M62332=m
 CONFIG_MAX517=m
 CONFIG_MCP4725=m
 CONFIG_MCP4922=m
-CONFIG_STX104=m
 
 #
 # IIO dummy driver
@@ -7786,6 +7830,7 @@ CONFIG_LTR501=m
 CONFIG_MAX44000=m
 CONFIG_OPT3001=m
 CONFIG_PA12203001=m
+CONFIG_SI1145=m
 CONFIG_STK3310=m
 CONFIG_TCS3414=m
 CONFIG_TCS3472=m
@@ -7839,6 +7884,9 @@ CONFIG_TPL0102=m
 #
 # Pressure sensors
 #
+CONFIG_BMP280=m
+CONFIG_BMP280_I2C=m
+CONFIG_BMP280_SPI=m
 CONFIG_HID_SENSOR_PRESS=m
 CONFIG_HP03=m
 CONFIG_MPL115=m
@@ -7854,6 +7902,9 @@ CONFIG_IIO_ST_PRESS_I2C=m
 CONFIG_IIO_ST_PRESS_SPI=m
 CONFIG_T5403=m
 CONFIG_HP206C=m
+CONFIG_ZPA2326=m
+CONFIG_ZPA2326_I2C=m
+CONFIG_ZPA2326_SPI=m
 
 #
 # Lightning sensors
@@ -7869,6 +7920,7 @@ CONFIG_SX9500=m
 #
 # Temperature sensors
 #
+CONFIG_MAXIM_THERMOCOUPLE=m
 CONFIG_MLX90614=m
 CONFIG_TMP006=m
 CONFIG_TSYS01=m
@@ -7885,6 +7937,7 @@ CONFIG_VME_BUS=y
 #
 CONFIG_VME_CA91CX42=m
 CONFIG_VME_TSI148=m
+# CONFIG_VME_FAKE is not set
 
 #
 # VME Board Drivers
@@ -7912,7 +7965,16 @@ CONFIG_IPACK_BUS=m
 CONFIG_BOARD_TPCI200=m
 CONFIG_SERIAL_IPOCTAL=m
 CONFIG_RESET_CONTROLLER=y
+# CONFIG_RESET_ATH79 is not set
+# CONFIG_RESET_BERLIN is not set
+# CONFIG_RESET_LPC18XX is not set
+# CONFIG_RESET_MESON is not set
+# CONFIG_RESET_PISTACHIO is not set
+# CONFIG_RESET_SOCFPGA is not set
+# CONFIG_RESET_STM32 is not set
+# CONFIG_RESET_SUNXI is not set
 CONFIG_TI_SYSCON_RESET=m
+# CONFIG_RESET_ZYNQ is not set
 CONFIG_FMC=m
 CONFIG_FMC_FAKEDEV=m
 CONFIG_FMC_TRIVIAL=m
@@ -7935,6 +7997,7 @@ CONFIG_POWERCAP=y
 CONFIG_INTEL_RAPL=m
 CONFIG_MCB=m
 CONFIG_MCB_PCI=m
+CONFIG_MCB_LPC=m
 
 #
 # Performance monitor support
@@ -7954,6 +8017,7 @@ CONFIG_ND_CLAIM=y
 CONFIG_ND_BTT=m
 CONFIG_BTT=y
 CONFIG_DEV_DAX=m
+CONFIG_NR_DEV_DAX=32768
 CONFIG_NVMEM=m
 CONFIG_STM=m
 CONFIG_STM_DUMMY=m
@@ -7971,7 +8035,6 @@ CONFIG_INTEL_TH_PTI=m
 # FPGA Configuration Support
 #
 CONFIG_FPGA=m
-CONFIG_FPGA_MGR_ZYNQ_FPGA=m
 
 #
 # Firmware Drivers
@@ -8003,6 +8066,7 @@ CONFIG_EFI_RUNTIME_MAP=y
 CONFIG_EFI_RUNTIME_WRAPPERS=y
 CONFIG_EFI_BOOTLOADER_CONTROL=m
 # CONFIG_EFI_CAPSULE_LOADER is not set
+# CONFIG_EFI_TEST is not set
 CONFIG_UEFI_CPER=y
 
 #
@@ -8477,7 +8541,6 @@ CONFIG_USER_STACKTRACE_SUPPORT=y
 CONFIG_NOP_TRACER=y
 CONFIG_HAVE_FUNCTION_TRACER=y
 CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y
-CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST=y
 CONFIG_HAVE_DYNAMIC_FTRACE=y
 CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y
 CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y
@@ -8497,6 +8560,7 @@ CONFIG_FUNCTION_TRACER=y
 CONFIG_FUNCTION_GRAPH_TRACER=y
 # CONFIG_IRQSOFF_TRACER is not set
 CONFIG_SCHED_TRACER=y
+# CONFIG_HWLAT_TRACER is not set
 CONFIG_FTRACE_SYSCALLS=y
 CONFIG_TRACER_SNAPSHOT=y
 # CONFIG_TRACER_SNAPSHOT_PER_CPU_SWAP is not set
@@ -8563,6 +8627,7 @@ CONFIG_KDB_DEFAULT_ENABLE=0x1
 CONFIG_KDB_KEYBOARD=y
 CONFIG_KDB_CONTINUE_CATASTROPHIC=0
 CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y
+# CONFIG_ARCH_WANTS_UBSAN_NO_NULL is not set
 # CONFIG_UBSAN is not set
 CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y
 CONFIG_STRICT_DEVMEM=y
@@ -8628,10 +8693,10 @@ CONFIG_SECURITY_SELINUX_DISABLE=y
 CONFIG_SECURITY_SELINUX_DEVELOP=y
 CONFIG_SECURITY_SELINUX_AVC_STATS=y
 CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
-# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set
 CONFIG_SECURITY_SMACK=y
 # CONFIG_SECURITY_SMACK_BRINGUP is not set
 CONFIG_SECURITY_SMACK_NETFILTER=y
+# CONFIG_SECURITY_SMACK_APPEND_SIGNALS is not set
 CONFIG_SECURITY_TOMOYO=y
 CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048
 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024
@@ -8843,6 +8908,7 @@ CONFIG_CRYPTO_DEV_QAT_C62X=m
 CONFIG_CRYPTO_DEV_QAT_DH895xCCVF=m
 CONFIG_CRYPTO_DEV_QAT_C3XXXVF=m
 CONFIG_CRYPTO_DEV_QAT_C62XVF=m
+CONFIG_CRYPTO_DEV_CHELSIO=m
 CONFIG_ASYMMETRIC_KEY_TYPE=y
 CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y
 CONFIG_X509_CERTIFICATE_PARSER=y
@@ -8960,7 +9026,6 @@ CONFIG_DQL=y
 CONFIG_GLOB=y
 # CONFIG_GLOB_SELFTEST is not set
 CONFIG_NLATTR=y
-CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE=y
 CONFIG_LRU_CACHE=m
 CONFIG_CLZ_TAB=y
 CONFIG_CORDIC=m
@@ -8978,3 +9043,4 @@ CONFIG_FONT_8x16=y
 CONFIG_SG_POOL=y
 CONFIG_ARCH_HAS_SG_CHAIN=y
 CONFIG_ARCH_HAS_MMIO_FLUSH=y
+CONFIG_SBITMAP=y
diff --git a/gnu/packages/linux-libre-4.8-x86_64.conf b/gnu/packages/linux-libre-4.9-x86_64.conf
index bbddf58861..ca0fcded61 100644
--- a/gnu/packages/linux-libre-4.8-x86_64.conf
+++ b/gnu/packages/linux-libre-4.9-x86_64.conf
@@ -1,6 +1,6 @@
 #
 # Automatically generated file; DO NOT EDIT.
-# Linux/x86 4.8.0-gnu Kernel Configuration
+# Linux/x86 4.9.0-gnu Kernel Configuration
 #
 CONFIG_64BIT=y
 CONFIG_X86_64=y
@@ -46,6 +46,7 @@ CONFIG_PGTABLE_LEVELS=4
 CONFIG_DEFCONFIG_LIST="/lib/modules/$UNAME_RELEASE/.config"
 CONFIG_IRQ_WORK=y
 CONFIG_BUILDTIME_EXTABLE_SORT=y
+CONFIG_THREAD_INFO_IN_TASK=y
 
 #
 # General setup
@@ -291,6 +292,7 @@ CONFIG_SECCOMP_FILTER=y
 CONFIG_HAVE_GCC_PLUGINS=y
 CONFIG_GCC_PLUGINS=y
 # CONFIG_GCC_PLUGIN_CYC_COMPLEXITY is not set
+# CONFIG_GCC_PLUGIN_LATENT_ENTROPY is not set
 CONFIG_HAVE_CC_STACKPROTECTOR=y
 CONFIG_CC_STACKPROTECTOR=y
 # CONFIG_CC_STACKPROTECTOR_NONE is not set
@@ -318,6 +320,8 @@ CONFIG_HAVE_STACK_VALIDATION=y
 CONFIG_OLD_SIGSUSPEND3=y
 CONFIG_COMPAT_OLD_SIGACTION=y
 # CONFIG_CPU_NO_EFFICIENT_FFS is not set
+CONFIG_HAVE_ARCH_VMAP_STACK=y
+CONFIG_VMAP_STACK=y
 
 #
 # GCOV-based kernel profiling
@@ -369,6 +373,7 @@ CONFIG_EFI_PARTITION=y
 CONFIG_SYSV68_PARTITION=y
 CONFIG_CMDLINE_PARTITION=y
 CONFIG_BLOCK_COMPAT=y
+CONFIG_BLK_MQ_PCI=y
 
 #
 # IO Schedulers
@@ -415,6 +420,7 @@ CONFIG_X86_NUMACHIP=y
 # CONFIG_X86_UV is not set
 # CONFIG_X86_GOLDFISH is not set
 # CONFIG_X86_INTEL_MID is not set
+# CONFIG_MLX_PLATFORM is not set
 CONFIG_X86_INTEL_LPSS=y
 CONFIG_X86_AMD_PLATFORM_DEVICE=y
 CONFIG_IOSF_MBI=y
@@ -700,6 +706,7 @@ CONFIG_ACPI_APEI_MEMORY_FAILURE=y
 CONFIG_ACPI_APEI_EINJ=m
 # CONFIG_ACPI_APEI_ERST_DEBUG is not set
 CONFIG_DPTF_POWER=m
+CONFIG_ACPI_WATCHDOG=y
 CONFIG_ACPI_EXTLOG=m
 # CONFIG_PMIC_OPREGION is not set
 CONFIG_ACPI_CONFIGFS=m
@@ -724,7 +731,7 @@ CONFIG_CPU_FREQ_GOV_POWERSAVE=y
 CONFIG_CPU_FREQ_GOV_USERSPACE=y
 CONFIG_CPU_FREQ_GOV_ONDEMAND=y
 CONFIG_CPU_FREQ_GOV_CONSERVATIVE=y
-CONFIG_CPU_FREQ_GOV_SCHEDUTIL=m
+CONFIG_CPU_FREQ_GOV_SCHEDUTIL=y
 
 #
 # CPU frequency scaling drivers
@@ -779,6 +786,7 @@ CONFIG_PCIEASPM_DEFAULT=y
 # CONFIG_PCIEASPM_PERFORMANCE is not set
 CONFIG_PCIE_PME=y
 CONFIG_PCIE_DPC=y
+CONFIG_PCIE_PTM=y
 CONFIG_PCI_BUS_ADDR_T_64BIT=y
 CONFIG_PCI_MSI=y
 CONFIG_PCI_MSI_IRQ_DOMAIN=y
@@ -805,6 +813,7 @@ CONFIG_HOTPLUG_PCI_SHPC=m
 # PCI host controller drivers
 #
 # CONFIG_PCIE_DW_PLAT is not set
+# CONFIG_VMD is not set
 # CONFIG_ISA_BUS is not set
 CONFIG_ISA_DMA_API=y
 CONFIG_AMD_NB=y
@@ -865,7 +874,6 @@ CONFIG_SYSVIPC_COMPAT=y
 CONFIG_KEYS_COMPAT=y
 CONFIG_X86_DEV_DMA_OPS=y
 CONFIG_PMC_ATOM=y
-# CONFIG_VMD is not set
 CONFIG_NET=y
 CONFIG_COMPAT_NETLINK_MESSAGES=y
 CONFIG_NET_INGRESS=y
@@ -941,6 +949,7 @@ CONFIG_TCP_CONG_YEAH=m
 CONFIG_TCP_CONG_ILLINOIS=m
 CONFIG_TCP_CONG_DCTCP=m
 CONFIG_TCP_CONG_CDG=m
+CONFIG_TCP_CONG_BBR=m
 CONFIG_DEFAULT_CUBIC=y
 # CONFIG_DEFAULT_RENO is not set
 CONFIG_DEFAULT_TCP_CONG="cubic"
@@ -1036,9 +1045,10 @@ CONFIG_NF_TABLES_INET=m
 CONFIG_NF_TABLES_NETDEV=m
 CONFIG_NFT_EXTHDR=m
 CONFIG_NFT_META=m
+CONFIG_NFT_NUMGEN=m
 CONFIG_NFT_CT=m
-CONFIG_NFT_RBTREE=m
-CONFIG_NFT_HASH=m
+CONFIG_NFT_SET_RBTREE=m
+CONFIG_NFT_SET_HASH=m
 CONFIG_NFT_COUNTER=m
 CONFIG_NFT_LOG=m
 CONFIG_NFT_LIMIT=m
@@ -1046,9 +1056,11 @@ CONFIG_NFT_MASQ=m
 CONFIG_NFT_REDIR=m
 CONFIG_NFT_NAT=m
 CONFIG_NFT_QUEUE=m
+CONFIG_NFT_QUOTA=m
 CONFIG_NFT_REJECT=m
 CONFIG_NFT_REJECT_INET=m
 CONFIG_NFT_COMPAT=m
+CONFIG_NFT_HASH=m
 CONFIG_NF_DUP_NETDEV=m
 CONFIG_NFT_DUP_NETDEV=m
 CONFIG_NFT_FWD_NETDEV=m
@@ -1470,9 +1482,12 @@ CONFIG_NET_ACT_CSUM=m
 CONFIG_NET_ACT_VLAN=m
 CONFIG_NET_ACT_BPF=m
 CONFIG_NET_ACT_CONNMARK=m
+CONFIG_NET_ACT_SKBMOD=m
 CONFIG_NET_ACT_IFE=m
+CONFIG_NET_ACT_TUNNEL_KEY=m
 CONFIG_NET_IFE_SKBMARK=m
 CONFIG_NET_IFE_SKBPRIO=m
+CONFIG_NET_IFE_SKBTCINDEX=m
 # CONFIG_NET_CLS_IND is not set
 CONFIG_NET_SCH_FIFO=y
 CONFIG_DCB=y
@@ -1483,6 +1498,7 @@ CONFIG_BATMAN_ADV_BLA=y
 CONFIG_BATMAN_ADV_DAT=y
 CONFIG_BATMAN_ADV_NC=y
 CONFIG_BATMAN_ADV_MCAST=y
+CONFIG_BATMAN_ADV_DEBUGFS=y
 # CONFIG_BATMAN_ADV_DEBUG is not set
 CONFIG_OPENVSWITCH=m
 CONFIG_OPENVSWITCH_GRE=m
@@ -1681,6 +1697,7 @@ CONFIG_BT_HCIUART_INTEL=y
 CONFIG_BT_HCIUART_BCM=y
 CONFIG_BT_HCIUART_QCA=y
 CONFIG_BT_HCIUART_AG6XX=y
+CONFIG_BT_HCIUART_MRVL=y
 CONFIG_BT_HCIBCM203X=m
 CONFIG_BT_HCIBPA10X=m
 CONFIG_BT_HCIBFUSB=m
@@ -1694,9 +1711,12 @@ CONFIG_BT_MRVL_SDIO=m
 CONFIG_BT_ATH3K=m
 CONFIG_BT_WILINK=m
 CONFIG_AF_RXRPC=m
+CONFIG_AF_RXRPC_IPV6=y
+# CONFIG_AF_RXRPC_INJECT_LOSS is not set
 # CONFIG_AF_RXRPC_DEBUG is not set
 # CONFIG_RXKAD is not set
 CONFIG_AF_KCM=m
+CONFIG_STREAM_PARSER=m
 CONFIG_FIB_RULES=y
 CONFIG_WIRELESS=y
 CONFIG_WIRELESS_EXT=y
@@ -1821,6 +1841,7 @@ CONFIG_ALLOW_DEV_COREDUMP=y
 CONFIG_DEV_COREDUMP=y
 # CONFIG_DEBUG_DRIVER is not set
 # CONFIG_DEBUG_DEVRES is not set
+# CONFIG_DEBUG_TEST_DRIVER_REMOVE is not set
 CONFIG_SYS_HYPERVISOR=y
 # CONFIG_GENERIC_CPU_DEVICES is not set
 CONFIG_GENERIC_CPU_AUTOPROBE=y
@@ -2095,9 +2116,6 @@ CONFIG_HMC6352=m
 CONFIG_DS1682=m
 CONFIG_TI_DAC7512=m
 CONFIG_VMWARE_BALLOON=m
-CONFIG_BMP085=m
-CONFIG_BMP085_I2C=m
-CONFIG_BMP085_SPI=m
 CONFIG_USB_SWITCH_FSA9480=m
 CONFIG_LATTICE_ECP3_CONFIG=m
 CONFIG_SRAM=y
@@ -2266,6 +2284,7 @@ CONFIG_SCSI_MPT3SAS=m
 CONFIG_SCSI_MPT2SAS_MAX_SGE=128
 CONFIG_SCSI_MPT3SAS_MAX_SGE=128
 CONFIG_SCSI_MPT2SAS=m
+CONFIG_SCSI_SMARTPQI=m
 CONFIG_SCSI_UFSHCD=m
 CONFIG_SCSI_UFSHCD_PCI=m
 # CONFIG_SCSI_UFS_DWC_TC_PCI is not set
@@ -2611,6 +2630,8 @@ CONFIG_NET_VENDOR_ALTEON=y
 CONFIG_ACENIC=m
 # CONFIG_ACENIC_OMIT_TIGON_I is not set
 CONFIG_ALTERA_TSE=m
+CONFIG_NET_VENDOR_AMAZON=y
+CONFIG_ENA_ETHERNET=m
 CONFIG_NET_VENDOR_AMD=y
 CONFIG_AMD8111_ETH=m
 CONFIG_PCNET32=m
@@ -2645,6 +2666,7 @@ CONFIG_NET_VENDOR_CAVIUM=y
 CONFIG_THUNDER_NIC_PF=m
 CONFIG_THUNDER_NIC_VF=m
 CONFIG_THUNDER_NIC_BGX=m
+CONFIG_THUNDER_NIC_RGX=m
 CONFIG_LIQUIDIO=m
 CONFIG_NET_VENDOR_CHELSIO=y
 CONFIG_CHELSIO_T1=m
@@ -2768,9 +2790,12 @@ CONFIG_QLCNIC_HWMON=y
 CONFIG_QLGE=m
 CONFIG_NETXEN_NIC=m
 CONFIG_QED=m
+CONFIG_QED_LL2=y
 CONFIG_QED_SRIOV=y
 CONFIG_QEDE=m
+CONFIG_QED_RDMA=y
 CONFIG_NET_VENDOR_QUALCOMM=y
+CONFIG_QCOM_EMAC=m
 CONFIG_NET_VENDOR_REALTEK=y
 CONFIG_ATP=m
 CONFIG_8139CP=m
@@ -2842,40 +2867,46 @@ CONFIG_PHYLIB=y
 CONFIG_SWPHY=y
 
 #
+# MDIO bus device drivers
+#
+CONFIG_MDIO_BCM_UNIMAC=m
+CONFIG_MDIO_BITBANG=m
+CONFIG_MDIO_CAVIUM=m
+CONFIG_MDIO_GPIO=m
+CONFIG_MDIO_OCTEON=m
+CONFIG_MDIO_THUNDER=m
+
+#
 # MII PHY device drivers
 #
+CONFIG_AMD_PHY=m
 CONFIG_AQUANTIA_PHY=m
 CONFIG_AT803X_PHY=m
-CONFIG_AMD_PHY=m
-CONFIG_MARVELL_PHY=m
-CONFIG_DAVICOM_PHY=m
-CONFIG_QSEMI_PHY=m
-CONFIG_LXT_PHY=m
-CONFIG_CICADA_PHY=m
-CONFIG_VITESSE_PHY=m
-CONFIG_TERANETICS_PHY=m
-CONFIG_SMSC_PHY=m
-CONFIG_BCM_NET_PHYLIB=m
-CONFIG_BROADCOM_PHY=m
 CONFIG_BCM7XXX_PHY=m
 CONFIG_BCM87XX_PHY=m
-CONFIG_ICPLUS_PHY=m
-CONFIG_REALTEK_PHY=m
-CONFIG_NATIONAL_PHY=m
-CONFIG_STE10XP=m
-CONFIG_LSI_ET1011C_PHY=m
-CONFIG_MICREL_PHY=m
+CONFIG_BCM_NET_PHYLIB=m
+CONFIG_BROADCOM_PHY=m
+CONFIG_CICADA_PHY=m
+CONFIG_DAVICOM_PHY=m
 CONFIG_DP83848_PHY=m
 CONFIG_DP83867_PHY=m
-CONFIG_MICROCHIP_PHY=m
 CONFIG_FIXED_PHY=y
-CONFIG_MDIO_BITBANG=m
-CONFIG_MDIO_GPIO=m
-CONFIG_MDIO_CAVIUM=m
-CONFIG_MDIO_OCTEON=m
-CONFIG_MDIO_THUNDER=m
-CONFIG_MDIO_BCM_UNIMAC=m
+CONFIG_ICPLUS_PHY=m
 CONFIG_INTEL_XWAY_PHY=m
+CONFIG_LSI_ET1011C_PHY=m
+CONFIG_LXT_PHY=m
+CONFIG_MARVELL_PHY=m
+CONFIG_MICREL_PHY=m
+CONFIG_MICROCHIP_PHY=m
+CONFIG_MICROSEMI_PHY=m
+CONFIG_NATIONAL_PHY=m
+CONFIG_QSEMI_PHY=m
+CONFIG_REALTEK_PHY=m
+CONFIG_SMSC_PHY=m
+CONFIG_STE10XP=m
+CONFIG_TERANETICS_PHY=m
+CONFIG_VITESSE_PHY=m
+CONFIG_XILINX_GMII2RGMII=m
 CONFIG_MICREL_KS8995MA=m
 CONFIG_PLIP=m
 CONFIG_PPP=y
@@ -3388,6 +3419,7 @@ CONFIG_INPUT_EVDEV=y
 # Input Device Drivers
 #
 CONFIG_INPUT_KEYBOARD=y
+CONFIG_KEYBOARD_ADC=m
 CONFIG_KEYBOARD_ADP5520=m
 CONFIG_KEYBOARD_ADP5588=m
 CONFIG_KEYBOARD_ADP5589=m
@@ -3486,6 +3518,7 @@ CONFIG_TOUCHSCREEN_AD7879=m
 CONFIG_TOUCHSCREEN_AD7879_I2C=m
 CONFIG_TOUCHSCREEN_AD7879_SPI=m
 CONFIG_TOUCHSCREEN_ATMEL_MXT=m
+# CONFIG_TOUCHSCREEN_ATMEL_MXT_T37 is not set
 CONFIG_TOUCHSCREEN_AUO_PIXCIR=m
 CONFIG_TOUCHSCREEN_BU21013=m
 CONFIG_TOUCHSCREEN_CY8CTMG110=m
@@ -3501,11 +3534,11 @@ CONFIG_TOUCHSCREEN_DYNAPRO=m
 CONFIG_TOUCHSCREEN_HAMPSHIRE=m
 CONFIG_TOUCHSCREEN_EETI=m
 CONFIG_TOUCHSCREEN_EGALAX_SERIAL=m
-CONFIG_TOUCHSCREEN_FT6236=m
 CONFIG_TOUCHSCREEN_FUJITSU=m
 CONFIG_TOUCHSCREEN_GOODIX=m
 CONFIG_TOUCHSCREEN_ILI210X=m
 CONFIG_TOUCHSCREEN_GUNZE=m
+CONFIG_TOUCHSCREEN_EKTF2127=m
 CONFIG_TOUCHSCREEN_ELAN=m
 CONFIG_TOUCHSCREEN_ELO=m
 CONFIG_TOUCHSCREEN_WACOM_W8001=m
@@ -3587,6 +3620,7 @@ CONFIG_INPUT_APANEL=m
 CONFIG_INPUT_GP2A=m
 CONFIG_INPUT_GPIO_BEEPER=m
 CONFIG_INPUT_GPIO_TILT_POLLED=m
+CONFIG_INPUT_GPIO_DECODER=m
 CONFIG_INPUT_ATLAS_BTNS=m
 CONFIG_INPUT_ATI_REMOTE2=m
 CONFIG_INPUT_KEYSPAN_REMOTE=m
@@ -3632,6 +3666,7 @@ CONFIG_RMI4_2D_SENSOR=y
 CONFIG_RMI4_F11=y
 CONFIG_RMI4_F12=y
 CONFIG_RMI4_F30=y
+# CONFIG_RMI4_F54 is not set
 
 #
 # Hardware I/O ports
@@ -3709,6 +3744,7 @@ CONFIG_SERIAL_8250_RSA=y
 # CONFIG_SERIAL_8250_FSL is not set
 CONFIG_SERIAL_8250_DW=m
 CONFIG_SERIAL_8250_RT288X=y
+CONFIG_SERIAL_8250_LPSS=m
 CONFIG_SERIAL_8250_MID=m
 CONFIG_SERIAL_8250_MOXA=m
 
@@ -3983,7 +4019,6 @@ CONFIG_PINCTRL_INTEL=m
 CONFIG_PINCTRL_BROXTON=m
 CONFIG_PINCTRL_SUNRISEPOINT=m
 CONFIG_GPIOLIB=y
-CONFIG_GPIO_DEVRES=y
 CONFIG_GPIO_ACPI=y
 CONFIG_GPIOLIB_IRQCHIP=y
 # CONFIG_DEBUG_GPIO is not set
@@ -3995,11 +4030,13 @@ CONFIG_GPIO_MAX730X=m
 # Memory mapped GPIO drivers
 #
 CONFIG_GPIO_AMDPT=m
+CONFIG_GPIO_AXP209=m
 CONFIG_GPIO_DWAPB=m
 CONFIG_GPIO_GENERIC_PLATFORM=m
 CONFIG_GPIO_ICH=m
 CONFIG_GPIO_LYNXPOINT=y
 CONFIG_GPIO_MENZ127=m
+# CONFIG_GPIO_MOCKUP is not set
 CONFIG_GPIO_VX855=m
 CONFIG_GPIO_ZX=y
 
@@ -4021,6 +4058,7 @@ CONFIG_GPIO_PCA953X=m
 CONFIG_GPIO_PCF857X=m
 CONFIG_GPIO_SX150X=y
 CONFIG_GPIO_TPIC2810=m
+# CONFIG_GPIO_TS4900 is not set
 
 #
 # MFD GPIO expanders
@@ -4034,6 +4072,7 @@ CONFIG_GPIO_DLN2=m
 CONFIG_GPIO_JANZ_TTL=m
 CONFIG_GPIO_KEMPLD=m
 CONFIG_GPIO_LP3943=m
+CONFIG_GPIO_LP873X=m
 CONFIG_GPIO_PALMAS=y
 CONFIG_GPIO_RC5T583=y
 CONFIG_GPIO_TPS65086=m
@@ -4044,6 +4083,7 @@ CONFIG_GPIO_TPS65912=m
 CONFIG_GPIO_TWL4030=m
 CONFIG_GPIO_TWL6040=m
 CONFIG_GPIO_UCB1400=m
+CONFIG_GPIO_WHISKEY_COVE=m
 CONFIG_GPIO_WM831X=m
 CONFIG_GPIO_WM8350=m
 CONFIG_GPIO_WM8994=m
@@ -4100,6 +4140,9 @@ CONFIG_W1_SLAVE_DS2780=m
 CONFIG_W1_SLAVE_DS2781=m
 CONFIG_W1_SLAVE_DS28E04=m
 CONFIG_W1_SLAVE_BQ27000=m
+CONFIG_POWER_AVS=y
+CONFIG_POWER_RESET=y
+CONFIG_POWER_RESET_RESTART=y
 CONFIG_POWER_SUPPLY=y
 # CONFIG_POWER_SUPPLY_DEBUG is not set
 CONFIG_PDA_POWER=m
@@ -4152,9 +4195,6 @@ CONFIG_BATTERY_GAUGE_LTC2941=m
 CONFIG_BATTERY_RT5033=m
 CONFIG_CHARGER_RT9455=m
 CONFIG_AXP20X_POWER=m
-CONFIG_POWER_RESET=y
-CONFIG_POWER_RESET_RESTART=y
-CONFIG_POWER_AVS=y
 CONFIG_HWMON=y
 CONFIG_HWMON_VID=m
 # CONFIG_HWMON_DEBUG_CHIP is not set
@@ -4322,6 +4362,7 @@ CONFIG_SENSORS_W83627HF=m
 CONFIG_SENSORS_W83627EHF=m
 CONFIG_SENSORS_WM831X=m
 CONFIG_SENSORS_WM8350=m
+CONFIG_SENSORS_XGENE=m
 
 #
 # ACPI drivers
@@ -4352,6 +4393,7 @@ CONFIG_INTEL_SOC_DTS_THERMAL=m
 CONFIG_INT340X_THERMAL=m
 CONFIG_ACPI_THERMAL_REL=m
 CONFIG_INT3406_THERMAL=m
+CONFIG_INTEL_BXT_PMIC_THERMAL=m
 CONFIG_INTEL_PCH_THERMAL=m
 CONFIG_GENERIC_ADC_THERMAL=m
 CONFIG_WATCHDOG=y
@@ -4368,6 +4410,7 @@ CONFIG_DA9055_WATCHDOG=m
 CONFIG_DA9063_WATCHDOG=m
 CONFIG_DA9062_WATCHDOG=m
 CONFIG_MENF21BMC_WATCHDOG=m
+CONFIG_WDAT_WDT=m
 CONFIG_WM831X_WATCHDOG=m
 CONFIG_WM8350_WATCHDOG=m
 CONFIG_XILINX_WATCHDOG=m
@@ -4425,6 +4468,13 @@ CONFIG_WDTPCI=m
 # USB-based Watchdog Cards
 #
 CONFIG_USBPCWATCHDOG=m
+
+#
+# Watchdog Pretimeout Governors
+#
+# CONFIG_WATCHDOG_PRETIMEOUT_GOV is not set
+# CONFIG_WATCHDOG_PRETIMEOUT_DEFAULT_GOV_NOOP is not set
+# CONFIG_WATCHDOG_PRETIMEOUT_DEFAULT_GOV_PANIC is not set
 CONFIG_SSB_POSSIBLE=y
 
 #
@@ -4483,6 +4533,7 @@ CONFIG_MFD_DA9062=m
 CONFIG_MFD_DA9063=y
 CONFIG_MFD_DA9150=m
 CONFIG_MFD_DLN2=m
+CONFIG_MFD_EXYNOS_LPASS=m
 CONFIG_MFD_MC13XXX=m
 CONFIG_MFD_MC13XXX_SPI=m
 CONFIG_MFD_MC13XXX_I2C=m
@@ -4541,6 +4592,7 @@ CONFIG_TPS6507X=m
 CONFIG_MFD_TPS65086=m
 CONFIG_MFD_TPS65090=y
 CONFIG_MFD_TPS65217=m
+CONFIG_MFD_TI_LP873X=m
 CONFIG_MFD_TPS65218=m
 CONFIG_MFD_TPS6586X=y
 CONFIG_MFD_TPS65910=y
@@ -4603,6 +4655,7 @@ CONFIG_REGULATOR_LP872X=m
 CONFIG_REGULATOR_LP8755=m
 CONFIG_REGULATOR_LP8788=m
 CONFIG_REGULATOR_LTC3589=m
+CONFIG_REGULATOR_LTC3676=m
 CONFIG_REGULATOR_MAX14577=m
 CONFIG_REGULATOR_MAX1586=m
 CONFIG_REGULATOR_MAX8649=m
@@ -4671,6 +4724,7 @@ CONFIG_VIDEO_V4L2_SUBDEV_API=y
 CONFIG_VIDEO_V4L2=m
 # CONFIG_VIDEO_ADV_DEBUG is not set
 # CONFIG_VIDEO_FIXED_MINOR_RANGES is not set
+# CONFIG_VIDEO_PCI_SKELETON is not set
 CONFIG_VIDEO_TUNER=m
 CONFIG_V4L2_MEM2MEM_DEV=m
 CONFIG_V4L2_FLASH_LED_CLASS=m
@@ -4826,6 +4880,7 @@ CONFIG_VIDEO_TM6000_DVB=m
 #
 CONFIG_DVB_USB=m
 # CONFIG_DVB_USB_DEBUG is not set
+CONFIG_DVB_USB_DIB3000MC=m
 CONFIG_DVB_USB_A800=m
 CONFIG_DVB_USB_DIBUSB_MB=m
 # CONFIG_DVB_USB_DIBUSB_MB_FAULTY is not set
@@ -4893,6 +4948,7 @@ CONFIG_MEDIA_PCI_SUPPORT=y
 #
 CONFIG_VIDEO_MEYE=m
 CONFIG_VIDEO_SOLO6X10=m
+CONFIG_VIDEO_TW5864=m
 CONFIG_VIDEO_TW68=m
 CONFIG_VIDEO_TW686X=m
 CONFIG_VIDEO_ZORAN=m
@@ -5033,7 +5089,7 @@ CONFIG_SMS_SIANO_DEBUGFS=y
 CONFIG_VIDEO_V4L2_TPG=m
 
 #
-# Media ancillary drivers (tuners, sensors, i2c, frontends)
+# Media ancillary drivers (tuners, sensors, i2c, spi, frontends)
 #
 CONFIG_MEDIA_SUBDRV_AUTOSELECT=y
 CONFIG_MEDIA_ATTACH=y
@@ -5099,6 +5155,7 @@ CONFIG_VIDEO_ADV7511=m
 #
 CONFIG_VIDEO_OV7640=m
 CONFIG_VIDEO_OV7670=m
+CONFIG_VIDEO_MT9M111=m
 CONFIG_VIDEO_MT9V011=m
 
 #
@@ -5256,6 +5313,7 @@ CONFIG_DVB_RTL2832=m
 CONFIG_DVB_RTL2832_SDR=m
 CONFIG_DVB_SI2168=m
 CONFIG_DVB_AS102_FE=m
+CONFIG_DVB_GP8PSK_FE=m
 
 #
 # DVB-C (cable) frontends
@@ -5355,15 +5413,13 @@ CONFIG_DRM_TTM=m
 CONFIG_DRM_I2C_CH7006=m
 CONFIG_DRM_I2C_SIL164=m
 CONFIG_DRM_I2C_NXP_TDA998X=m
-CONFIG_DRM_TDFX=m
-CONFIG_DRM_R128=m
 CONFIG_DRM_RADEON=m
 # CONFIG_DRM_RADEON_USERPTR is not set
 CONFIG_DRM_AMDGPU=m
+# CONFIG_DRM_AMDGPU_SI is not set
 # CONFIG_DRM_AMDGPU_CIK is not set
 CONFIG_DRM_AMDGPU_USERPTR=y
 # CONFIG_DRM_AMDGPU_GART_DEBUGFS is not set
-# CONFIG_DRM_AMD_POWERPLAY is not set
 
 #
 # ACP (Audio CoProcessor) Configuration
@@ -5373,7 +5429,6 @@ CONFIG_DRM_NOUVEAU=m
 CONFIG_NOUVEAU_DEBUG=5
 CONFIG_NOUVEAU_DEBUG_DEFAULT=3
 CONFIG_DRM_NOUVEAU_BACKLIGHT=y
-CONFIG_DRM_I810=m
 CONFIG_DRM_I915=m
 # CONFIG_DRM_I915_PRELIMINARY_HW_SUPPORT is not set
 CONFIG_DRM_I915_USERPTR=y
@@ -5384,10 +5439,6 @@ CONFIG_DRM_I915_USERPTR=y
 #
 # CONFIG_DRM_I915_WERROR is not set
 # CONFIG_DRM_I915_DEBUG is not set
-CONFIG_DRM_MGA=m
-CONFIG_DRM_SIS=m
-CONFIG_DRM_VIA=m
-CONFIG_DRM_SAVAGE=m
 CONFIG_DRM_VGEM=m
 CONFIG_DRM_VMWGFX=m
 CONFIG_DRM_VMWGFX_FBCON=y
@@ -5413,6 +5464,7 @@ CONFIG_DRM_BRIDGE=y
 #
 CONFIG_DRM_ANALOGIX_ANX78XX=m
 CONFIG_HSA_AMD=m
+# CONFIG_DRM_LEGACY is not set
 
 #
 # Frame buffer Devices
@@ -5597,6 +5649,7 @@ CONFIG_SND=m
 CONFIG_SND_TIMER=m
 CONFIG_SND_PCM=m
 CONFIG_SND_PCM_ELD=y
+CONFIG_SND_PCM_IEC958=y
 CONFIG_SND_DMAENGINE_PCM=m
 CONFIG_SND_HWDEP=m
 CONFIG_SND_RAWMIDI=m
@@ -5805,12 +5858,6 @@ CONFIG_SND_SOC_INTEL_SKYLAKE=m
 CONFIG_SND_SOC_INTEL_SKL_RT286_MACH=m
 CONFIG_SND_SOC_INTEL_SKL_NAU88L25_SSM4567_MACH=m
 CONFIG_SND_SOC_INTEL_SKL_NAU88L25_MAX98357A_MACH=m
-
-#
-# Allwinner SoC Audio support
-#
-CONFIG_SND_SUN4I_CODEC=m
-CONFIG_SND_SUN4I_I2S=m
 CONFIG_SND_SOC_XTFPGA_I2S=m
 CONFIG_SND_SOC_I2C_AND_SPI=m
 
@@ -5845,6 +5892,7 @@ CONFIG_SND_SOC_CS4349=m
 CONFIG_SND_SOC_CS53L30=m
 CONFIG_SND_SOC_DA7219=m
 CONFIG_SND_SOC_DMIC=m
+CONFIG_SND_SOC_HDMI_CODEC=m
 CONFIG_SND_SOC_ES8328=m
 CONFIG_SND_SOC_GTM601=m
 CONFIG_SND_SOC_HDAC_HDMI=m
@@ -5872,6 +5920,7 @@ CONFIG_SND_SOC_RT5631=m
 CONFIG_SND_SOC_RT5640=m
 CONFIG_SND_SOC_RT5645=m
 CONFIG_SND_SOC_RT5651=m
+CONFIG_SND_SOC_RT5663=m
 CONFIG_SND_SOC_RT5670=m
 # CONFIG_SND_SOC_RT5677_SPI is not set
 CONFIG_SND_SOC_SGTL5000=m
@@ -5919,6 +5968,7 @@ CONFIG_SND_SOC_WM8962=m
 CONFIG_SND_SOC_WM8974=m
 CONFIG_SND_SOC_WM8978=m
 CONFIG_SND_SOC_WM8985=m
+CONFIG_SND_SOC_NAU8810=m
 CONFIG_SND_SOC_NAU8825=m
 CONFIG_SND_SOC_TPA6130A2=m
 CONFIG_SND_SIMPLE_CARD_UTILS=m
@@ -6047,6 +6097,11 @@ CONFIG_USB_MOUSE=m
 # I2C HID support
 #
 CONFIG_I2C_HID=m
+
+#
+# Intel ISH HID support
+#
+CONFIG_INTEL_ISH_HID=m
 CONFIG_USB_OHCI_LITTLE_ENDIAN=y
 CONFIG_USB_SUPPORT=y
 CONFIG_USB_COMMON=y
@@ -6062,7 +6117,7 @@ CONFIG_USB_DYNAMIC_MINORS=y
 # CONFIG_USB_OTG is not set
 # CONFIG_USB_OTG_WHITELIST is not set
 # CONFIG_USB_OTG_BLACKLIST_HUB is not set
-CONFIG_USB_ULPI_BUS=m
+CONFIG_USB_LEDS_TRIGGER_USBPORT=m
 CONFIG_USB_MON=m
 CONFIG_USB_WUSB=m
 CONFIG_USB_WUSB_CBAF=m
@@ -6140,6 +6195,8 @@ CONFIG_USB_MDC800=m
 CONFIG_USB_MICROTEK=m
 CONFIG_USBIP_CORE=m
 CONFIG_USBIP_VHCI_HCD=m
+CONFIG_USBIP_VHCI_HC_PORTS=8
+CONFIG_USBIP_VHCI_NR_HCS=1
 CONFIG_USBIP_HOST=m
 CONFIG_USBIP_VUDC=m
 # CONFIG_USBIP_DEBUG is not set
@@ -6283,6 +6340,7 @@ CONFIG_USB_ISIGHTFW=m
 CONFIG_USB_YUREX=m
 CONFIG_USB_EZUSB_FX2=m
 CONFIG_USB_HSIC_USB3503=m
+CONFIG_USB_HSIC_USB4604=m
 CONFIG_USB_LINK_LAYER_TEST=m
 CONFIG_USB_CHAOSKEY=m
 CONFIG_UCSI=m
@@ -6401,6 +6459,7 @@ CONFIG_USB_G_DBGP=m
 CONFIG_USB_G_DBGP_SERIAL=y
 CONFIG_USB_G_WEBCAM=m
 CONFIG_USB_LED_TRIG=y
+CONFIG_USB_ULPI_BUS=m
 CONFIG_UWB=m
 CONFIG_UWB_HWA=m
 CONFIG_UWB_WHCI=m
@@ -6505,6 +6564,7 @@ CONFIG_LEDS_MENF21BMC=m
 # LED driver for blink(1) USB RGB LED is under Special HID drivers (HID_THINGM)
 #
 CONFIG_LEDS_BLINKM=m
+CONFIG_LEDS_MLXCPLD=m
 
 #
 # LED Triggers
@@ -6561,6 +6621,7 @@ CONFIG_INFINIBAND_HFI1=m
 # CONFIG_HFI1_DEBUG_SDMA_ORDER is not set
 CONFIG_HFI1_VERBS_31BIT_PSN=y
 # CONFIG_SDMA_VERBOSITY is not set
+CONFIG_INFINIBAND_QEDR=m
 CONFIG_EDAC_ATOMIC_SCRUB=y
 CONFIG_EDAC_SUPPORT=y
 CONFIG_EDAC=y
@@ -6610,6 +6671,7 @@ CONFIG_RTC_DRV_ABB5ZES3=m
 CONFIG_RTC_DRV_ABX80X=m
 CONFIG_RTC_DRV_DS1307=m
 CONFIG_RTC_DRV_DS1307_HWMON=y
+# CONFIG_RTC_DRV_DS1307_CENTURY is not set
 CONFIG_RTC_DRV_DS1374=m
 CONFIG_RTC_DRV_DS1374_WDT=y
 CONFIG_RTC_DRV_DS1672=m
@@ -6622,7 +6684,6 @@ CONFIG_RTC_DRV_MAX8997=m
 CONFIG_RTC_DRV_RS5C372=m
 CONFIG_RTC_DRV_ISL1208=m
 CONFIG_RTC_DRV_ISL12022=m
-CONFIG_RTC_DRV_ISL12057=m
 CONFIG_RTC_DRV_X1205=m
 CONFIG_RTC_DRV_PCF8523=m
 CONFIG_RTC_DRV_PCF85063=m
@@ -6755,6 +6816,7 @@ CONFIG_KS0108_PORT=0x378
 CONFIG_KS0108_DELAY=2
 CONFIG_CFAG12864B=m
 CONFIG_CFAG12864B_RATE=20
+CONFIG_IMG_ASCII_LCD=m
 CONFIG_UIO=m
 CONFIG_UIO_CIF=m
 CONFIG_UIO_PDRV_GENIRQ=m
@@ -6974,9 +7036,6 @@ CONFIG_RTL8192E=m
 CONFIG_R8712U=m
 CONFIG_R8188EU=m
 CONFIG_88EU_AP_MODE=y
-CONFIG_R8723AU=m
-CONFIG_8723AU_AP_MODE=y
-CONFIG_8723AU_BT_COEXIST=y
 CONFIG_RTS5208=m
 CONFIG_VT6655=m
 CONFIG_VT6656=m
@@ -7108,7 +7167,6 @@ CONFIG_MTD_SPINAND_ONDIEECC=y
 CONFIG_LNET=m
 CONFIG_LNET_MAX_PAYLOAD=1048576
 # CONFIG_LNET_SELFTEST is not set
-CONFIG_LNET_XPRT_IB=m
 # CONFIG_LUSTRE_FS is not set
 CONFIG_DGNC=m
 CONFIG_GS_FPGABOOT=m
@@ -7170,6 +7228,7 @@ CONFIG_HDM_USB=m
 # Old ISDN4Linux (deprecated)
 #
 CONFIG_KS7010=m
+# CONFIG_GREYBUS is not set
 CONFIG_X86_PLATFORM_DEVICES=y
 CONFIG_ACER_WMI=m
 CONFIG_ACERHDF=m
@@ -7258,7 +7317,6 @@ CONFIG_COMMON_CLK_PALMAS=m
 CONFIG_COMMON_CLK_PWM=m
 # CONFIG_COMMON_CLK_PXA is not set
 # CONFIG_COMMON_CLK_PIC32 is not set
-# CONFIG_SUNXI_CCU is not set
 
 #
 # Hardware Spinlock drivers
@@ -7343,6 +7401,7 @@ CONFIG_EXTCON_MAX77693=m
 CONFIG_EXTCON_MAX77843=m
 CONFIG_EXTCON_MAX8997=m
 CONFIG_EXTCON_PALMAS=m
+CONFIG_EXTCON_QCOM_SPMI_MISC=m
 CONFIG_EXTCON_RT8973A=m
 CONFIG_EXTCON_SM5502=m
 CONFIG_EXTCON_USB_GPIO=m
@@ -7367,12 +7426,16 @@ CONFIG_BMA220=m
 CONFIG_BMC150_ACCEL=m
 CONFIG_BMC150_ACCEL_I2C=m
 CONFIG_BMC150_ACCEL_SPI=m
+CONFIG_DMARD09=m
 CONFIG_HID_SENSOR_ACCEL_3D=m
 CONFIG_IIO_ST_ACCEL_3AXIS=m
 CONFIG_IIO_ST_ACCEL_I2C_3AXIS=m
 CONFIG_IIO_ST_ACCEL_SPI_3AXIS=m
 CONFIG_KXSD9=m
+CONFIG_KXSD9_SPI=m
+CONFIG_KXSD9_I2C=m
 CONFIG_KXCJK1013=m
+CONFIG_MC3230=m
 CONFIG_MMA7455=m
 CONFIG_MMA7455_I2C=m
 CONFIG_MMA7455_SPI=m
@@ -7405,6 +7468,7 @@ CONFIG_DA9150_GPADC=m
 CONFIG_HI8435=m
 CONFIG_INA2XX_ADC=m
 CONFIG_LP8788_ADC=m
+CONFIG_LTC2485=m
 CONFIG_MAX1027=m
 CONFIG_MAX1363=m
 CONFIG_MCP320X=m
@@ -7416,7 +7480,9 @@ CONFIG_QCOM_SPMI_IADC=m
 CONFIG_QCOM_SPMI_VADC=m
 CONFIG_TI_ADC081C=m
 CONFIG_TI_ADC0832=m
+CONFIG_TI_ADC12138=m
 CONFIG_TI_ADC128S052=m
+CONFIG_TI_ADC161S626=m
 CONFIG_TI_ADS1015=m
 CONFIG_TI_AM335X_ADC=m
 CONFIG_TWL4030_MADC=m
@@ -7471,6 +7537,7 @@ CONFIG_AD5761=m
 CONFIG_AD5764=m
 CONFIG_AD5791=m
 CONFIG_AD7303=m
+CONFIG_AD8801=m
 CONFIG_M62332=m
 CONFIG_MAX517=m
 CONFIG_MCP4725=m
@@ -7575,6 +7642,7 @@ CONFIG_LTR501=m
 CONFIG_MAX44000=m
 CONFIG_OPT3001=m
 CONFIG_PA12203001=m
+CONFIG_SI1145=m
 CONFIG_STK3310=m
 CONFIG_TCS3414=m
 CONFIG_TCS3472=m
@@ -7628,6 +7696,9 @@ CONFIG_TPL0102=m
 #
 # Pressure sensors
 #
+CONFIG_BMP280=m
+CONFIG_BMP280_I2C=m
+CONFIG_BMP280_SPI=m
 CONFIG_HID_SENSOR_PRESS=m
 CONFIG_HP03=m
 CONFIG_MPL115=m
@@ -7643,6 +7714,9 @@ CONFIG_IIO_ST_PRESS_I2C=m
 CONFIG_IIO_ST_PRESS_SPI=m
 CONFIG_T5403=m
 CONFIG_HP206C=m
+CONFIG_ZPA2326=m
+CONFIG_ZPA2326_I2C=m
+CONFIG_ZPA2326_SPI=m
 
 #
 # Lightning sensors
@@ -7658,6 +7732,7 @@ CONFIG_SX9500=m
 #
 # Temperature sensors
 #
+CONFIG_MAXIM_THERMOCOUPLE=m
 CONFIG_MLX90614=m
 CONFIG_TMP006=m
 CONFIG_TSYS01=m
@@ -7676,6 +7751,7 @@ CONFIG_VME_BUS=y
 #
 CONFIG_VME_CA91CX42=m
 CONFIG_VME_TSI148=m
+# CONFIG_VME_FAKE is not set
 
 #
 # VME Board Drivers
@@ -7703,7 +7779,16 @@ CONFIG_IPACK_BUS=m
 CONFIG_BOARD_TPCI200=m
 CONFIG_SERIAL_IPOCTAL=m
 CONFIG_RESET_CONTROLLER=y
+# CONFIG_RESET_ATH79 is not set
+# CONFIG_RESET_BERLIN is not set
+# CONFIG_RESET_LPC18XX is not set
+# CONFIG_RESET_MESON is not set
+# CONFIG_RESET_PISTACHIO is not set
+# CONFIG_RESET_SOCFPGA is not set
+# CONFIG_RESET_STM32 is not set
+# CONFIG_RESET_SUNXI is not set
 CONFIG_TI_SYSCON_RESET=m
+# CONFIG_RESET_ZYNQ is not set
 CONFIG_FMC=m
 CONFIG_FMC_FAKEDEV=m
 CONFIG_FMC_TRIVIAL=m
@@ -7726,6 +7811,7 @@ CONFIG_POWERCAP=y
 CONFIG_INTEL_RAPL=m
 CONFIG_MCB=m
 CONFIG_MCB_PCI=m
+CONFIG_MCB_LPC=m
 
 #
 # Performance monitor support
@@ -7749,6 +7835,7 @@ CONFIG_NVDIMM_PFN=y
 CONFIG_NVDIMM_DAX=y
 CONFIG_DEV_DAX=m
 CONFIG_DEV_DAX_PMEM=m
+CONFIG_NR_DEV_DAX=32768
 CONFIG_NVMEM=m
 CONFIG_STM=m
 CONFIG_STM_DUMMY=m
@@ -7766,7 +7853,6 @@ CONFIG_INTEL_TH_PTI=m
 # FPGA Configuration Support
 #
 CONFIG_FPGA=m
-CONFIG_FPGA_MGR_ZYNQ_FPGA=m
 
 #
 # Firmware Drivers
@@ -7798,6 +7884,7 @@ CONFIG_EFI_RUNTIME_MAP=y
 CONFIG_EFI_RUNTIME_WRAPPERS=y
 CONFIG_EFI_BOOTLOADER_CONTROL=m
 # CONFIG_EFI_CAPSULE_LOADER is not set
+# CONFIG_EFI_TEST is not set
 CONFIG_UEFI_CPER=y
 
 #
@@ -7933,6 +8020,7 @@ CONFIG_TMPFS_POSIX_ACL=y
 CONFIG_TMPFS_XATTR=y
 CONFIG_HUGETLBFS=y
 CONFIG_HUGETLB_PAGE=y
+CONFIG_ARCH_HAS_GIGANTIC_PAGE=y
 CONFIG_CONFIGFS_FS=m
 CONFIG_EFIVAR_FS=y
 CONFIG_MISC_FILESYSTEMS=y
@@ -8277,7 +8365,6 @@ CONFIG_USER_STACKTRACE_SUPPORT=y
 CONFIG_NOP_TRACER=y
 CONFIG_HAVE_FUNCTION_TRACER=y
 CONFIG_HAVE_FUNCTION_GRAPH_TRACER=y
-CONFIG_HAVE_FUNCTION_GRAPH_FP_TEST=y
 CONFIG_HAVE_DYNAMIC_FTRACE=y
 CONFIG_HAVE_DYNAMIC_FTRACE_WITH_REGS=y
 CONFIG_HAVE_FTRACE_MCOUNT_RECORD=y
@@ -8298,6 +8385,7 @@ CONFIG_FUNCTION_TRACER=y
 CONFIG_FUNCTION_GRAPH_TRACER=y
 # CONFIG_IRQSOFF_TRACER is not set
 CONFIG_SCHED_TRACER=y
+# CONFIG_HWLAT_TRACER is not set
 CONFIG_FTRACE_SYSCALLS=y
 CONFIG_TRACER_SNAPSHOT=y
 # CONFIG_TRACER_SNAPSHOT_PER_CPU_SWAP is not set
@@ -8364,6 +8452,7 @@ CONFIG_KDB_DEFAULT_ENABLE=0x1
 CONFIG_KDB_KEYBOARD=y
 CONFIG_KDB_CONTINUE_CATASTROPHIC=0
 CONFIG_ARCH_HAS_UBSAN_SANITIZE_ALL=y
+# CONFIG_ARCH_WANTS_UBSAN_NO_NULL is not set
 # CONFIG_UBSAN is not set
 CONFIG_ARCH_HAS_DEVMEM_IS_ALLOWED=y
 CONFIG_STRICT_DEVMEM=y
@@ -8430,10 +8519,10 @@ CONFIG_SECURITY_SELINUX_DISABLE=y
 CONFIG_SECURITY_SELINUX_DEVELOP=y
 CONFIG_SECURITY_SELINUX_AVC_STATS=y
 CONFIG_SECURITY_SELINUX_CHECKREQPROT_VALUE=1
-# CONFIG_SECURITY_SELINUX_POLICYDB_VERSION_MAX is not set
 CONFIG_SECURITY_SMACK=y
 # CONFIG_SECURITY_SMACK_BRINGUP is not set
 CONFIG_SECURITY_SMACK_NETFILTER=y
+# CONFIG_SECURITY_SMACK_APPEND_SIGNALS is not set
 CONFIG_SECURITY_TOMOYO=y
 CONFIG_SECURITY_TOMOYO_MAX_ACCEPT_ENTRY=2048
 CONFIG_SECURITY_TOMOYO_MAX_AUDIT_LOG=1024
@@ -8665,6 +8754,7 @@ CONFIG_CRYPTO_DEV_QAT_C62X=m
 CONFIG_CRYPTO_DEV_QAT_DH895xCCVF=m
 CONFIG_CRYPTO_DEV_QAT_C3XXXVF=m
 CONFIG_CRYPTO_DEV_QAT_C62XVF=m
+CONFIG_CRYPTO_DEV_CHELSIO=m
 CONFIG_ASYMMETRIC_KEY_TYPE=y
 CONFIG_ASYMMETRIC_PUBLIC_KEY_SUBTYPE=y
 CONFIG_X509_CERTIFICATE_PARSER=y
@@ -8782,7 +8872,6 @@ CONFIG_DQL=y
 CONFIG_GLOB=y
 # CONFIG_GLOB_SELFTEST is not set
 CONFIG_NLATTR=y
-CONFIG_ARCH_HAS_ATOMIC64_DEC_IF_POSITIVE=y
 CONFIG_LRU_CACHE=m
 CONFIG_CLZ_TAB=y
 CONFIG_CORDIC=m
@@ -8801,3 +8890,4 @@ CONFIG_SG_POOL=y
 CONFIG_ARCH_HAS_SG_CHAIN=y
 CONFIG_ARCH_HAS_PMEM_API=y
 CONFIG_ARCH_HAS_MMIO_FLUSH=y
+CONFIG_SBITMAP=y
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 5e450a72a7..aa49d40b7b 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -1,13 +1,13 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013, 2014, 2015, 2016 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2012 Nikita Karetnikov <nikita@karetnikov.org>
-;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2014, 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Federico Beffa <beffa@fbengineering.ch>
 ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Christopher Allan Webber <cwebber@dustycloud.org>
-;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2016 Raymond Nicholson <rain1@openmailbox.org>
 ;;; Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
@@ -19,6 +19,7 @@
 ;;; Copyright © 2016 Rene Saavedra <rennes@openmailbox.org>
 ;;; Copyright © 2016 Carlos Sánchez de La Lama <csanchezdll@gmail.com>
 ;;; Copyright © 2016 ng0 <ng0@libertad.pw>
+;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -342,26 +343,26 @@ It has been modified to remove all non-free binary blobs.")
 (define %intel-compatible-systems '("x86_64-linux" "i686-linux"))
 
 (define-public linux-libre
-  (make-linux-libre "4.8.15"
-                    "0msgi44mh1ighfawysrzrljikwrapkvk418d6h0v45vj2i5rwln9"
+  (make-linux-libre "4.9.5"
+                    "1s8lip1hxjsza0qqw93kwp3281rbgzhk4vnvy6fmny8iz7y75vzd"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.4
-  (make-linux-libre "4.4.39"
-                    "0aqi44xshib7lx9zjc0kj2v172ywa0iy2kb6z0whbiw3f841hv43"
+  (make-linux-libre "4.4.44"
+                    "0rg5iw7qxry84hha8vfnzrjq0sfnr3vvdwhdz858y7pblg2vr3f0"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.1
-  (make-linux-libre "4.1.37"
-                    "0q79cxmrz0j5wh7z1dc103q6q6qf7rqgjl7ka8lvn4vl32pr0kq1"
+  (make-linux-libre "4.1.38"
+                    "165kmzglhg63hn7y4q7r6cb2dpsljxiq1czvgyx0bkd1vd2bcvsa"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
 ;; Avoid rebuilding kernel variants when there is a minor version bump.
-(define %linux-libre-version "4.8.15")
-(define %linux-libre-hash "0msgi44mh1ighfawysrzrljikwrapkvk418d6h0v45vj2i5rwln9")
+(define %linux-libre-version "4.9.5")
+(define %linux-libre-hash "1s8lip1hxjsza0qqw93kwp3281rbgzhk4vnvy6fmny8iz7y75vzd")
 
 (define-public linux-libre-arm-generic
   (make-linux-libre %linux-libre-version
@@ -606,7 +607,7 @@ slabtop, and skill.")
     (build-system gnu-build-system)
     (inputs
      `(("libusb" ,libusb)
-       ("eudev" ,eudev)))
+       ("eudev" ,eudev-with-hwdb)))
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (home-page "http://www.linux-usb.org/")
@@ -631,9 +632,15 @@ slabtop, and skill.")
                "1ix0b83zgw5n0p2grh2961c6796m92yr2jqc2sbr23x3lfsp8r71"))
              (modules '((guix build utils)))
              (snippet
-              '(substitute* "MCONFIG.in"
-                 (("INSTALL_SYMLINK = /bin/sh")
-                  "INSTALL_SYMLINK = sh")))))
+              '(begin
+                 (substitute* "MCONFIG.in"
+                   (("INSTALL_SYMLINK = /bin/sh")
+                    "INSTALL_SYMLINK = sh"))
+
+                 ;; Do not include a timestamp in libext2fs.info.gz.
+                 (substitute* "doc/Makefile.in"
+                   (("gzip -9")
+                    "gzip -9n"))))))
     (build-system gnu-build-system)
     (inputs `(("util-linux" ,util-linux)))
     (native-inputs `(("pkg-config" ,pkg-config)
@@ -650,6 +657,11 @@ slabtop, and skill.")
                            "--disable-libuuid" "--disable-uuidd"
                            "--disable-fsck"
 
+                           ;; Use symlinks instead of hard links for
+                           ;; 'fsck.extN' etc.  This makes the resulting nar
+                           ;; smaller and is preserved across copies.
+                           "--enable-symlink-install"
+
                            ;; Install libext2fs et al.
                            "--enable-elf-shlibs")
 
@@ -715,6 +727,8 @@ slabtop, and skill.")
     (version (package-version e2fsprogs))
     (build-system trivial-build-system)
     (source #f)
+    (inputs
+     `(("e2fsprogs" ,e2fsprogs/static)))
     (arguments
      `(#:modules ((guix build utils))
        #:builder
@@ -723,23 +737,18 @@ slabtop, and skill.")
                       (ice-9 ftw)
                       (srfi srfi-26))
 
-         (let ((source (string-append (assoc-ref %build-inputs "e2fsprogs")
-                                      "/sbin"))
+         (let ((e2fsck (string-append (assoc-ref %build-inputs "e2fsprogs")
+                                      "/sbin/e2fsck"))
                (bin    (string-append (assoc-ref %outputs "out") "/sbin")))
            (mkdir-p bin)
            (with-directory-excursion bin
-             (for-each (lambda (file)
-                         (copy-file (string-append source "/" file)
-                                    file)
-                         (remove-store-references file)
-                         (chmod file #o555))
-                       (scandir source (cut string-prefix? "fsck." <>))))))))
-    (inputs `(("e2fsprogs" ,e2fsprogs/static)))
-    (synopsis "Statically-linked fsck.* commands from e2fsprogs")
-    (description
-     "This package provides statically-linked command of fsck.ext[234] taken
-from the e2fsprogs package.  It is meant to be used in initrds.")
+             (copy-file e2fsck "e2fsck")
+             (remove-store-references "e2fsck")
+             (chmod "e2fsck" #o555))))))
     (home-page (package-home-page e2fsprogs))
+    (synopsis "Statically-linked e2fsck command from e2fsprogs")
+    (description "This package provides statically-linked e2fsck command taken
+from the e2fsprogs package.  It is meant to be used in initrds.")
     (license (package-license e2fsprogs))))
 
 (define-public extundelete
@@ -1668,7 +1677,7 @@ to use Linux' inotify mechanism, which allows file accesses to be monitored.")
 (define-public kmod
   (package
     (name "kmod")
-    (version "22")
+    (version "23")
     (source (origin
               (method url-fetch)
               (uri
@@ -1676,7 +1685,7 @@ to use Linux' inotify mechanism, which allows file accesses to be monitored.")
                               "kmod-" version ".tar.xz"))
               (sha256
                (base32
-                "10lzfkmnpq6a43a3gkx7x633njh216w0bjwz31rv8a1jlgg1sfxs"))
+                "0mc12sx06p8il1ym3hdmgxxb37apn9yv7xij26gddjdfkx8xa0yk"))
               (patches (search-patches "kmod-module-directory.patch"))))
     (build-system gnu-build-system)
     (native-inputs
@@ -1741,6 +1750,21 @@ device nodes from /dev/, handles hotplug events and loads drivers at boot
 time.")
     (license license:gpl2+)))
 
+(define-public eudev-with-hwdb
+  ;; TODO: Merge with 'eudev'.
+  (package
+    (inherit eudev)
+    (name "eudev-with-hwdb")
+    (arguments
+     '(#:phases (modify-phases %standard-phases
+                  (add-after 'install 'build-hwdb
+                    (lambda* (#:key outputs #:allow-other-keys)
+                      ;; Build OUT/etc/udev/hwdb.bin.  This allows 'lsusb' and
+                      ;; similar tools to display product names.
+                      (let ((out (assoc-ref outputs "out")))
+                        (zero? (system* (string-append out "/bin/udevadm")
+                                        "hwdb" "--update"))))))))))
+
 (define-public lvm2
   (package
     (name "lvm2")
@@ -2759,6 +2783,36 @@ easy administration.")
     ;; GPL2: Everything else.
     (license (list license:gpl2 license:gpl2+))))
 
+(define-public btrfs-progs/static
+  (package
+    (name "btrfs-progs-static")
+    (version (package-version btrfs-progs))
+    (source #f)
+    (build-system trivial-build-system)
+    (inputs
+     `(("btrfs-progs:static" ,btrfs-progs "static")))
+    (arguments
+     `(#:modules ((guix build utils))
+       #:builder
+       (begin
+         (use-modules (guix build utils)
+                      (ice-9 ftw)
+                      (srfi srfi-26))
+
+         (let* ((btrfs  (assoc-ref %build-inputs "btrfs-progs:static"))
+                (out    (assoc-ref %outputs "out"))
+                (source (string-append btrfs "/bin/btrfs.static"))
+                (target (string-append out "/bin/btrfs")))
+           (mkdir-p (dirname target))
+           (copy-file source target)
+           (remove-store-references target)
+           (chmod target #o555)))))
+    (home-page (package-home-page btrfs-progs))
+    (synopsis "Statically-linked btrfs command from btrfsprogs")
+    (description "This package provides statically-linked command of btrfs taken
+from the btrfsprogs package.  It is meant to be used in initrds.")
+    (license (package-license btrfs-progs))))
+
 (define-public freefall
   (package
     (name "freefall")
@@ -3072,14 +3126,14 @@ the default @code{nsswitch} and the experimental @code{umich_ldap}.")
 (define-public mcelog
   (package
     (name "mcelog")
-    (version "146")
+    (version "147")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://git.kernel.org/cgit/utils/cpu/mce/"
                                   "mcelog.git/snapshot/v" version ".tar.gz"))
               (sha256
                (base32
-                "0jjx4q1mfa380319cqz86nw5wv6jnbpvq2r8n0dyh87mhvrgb4wi"))
+                "10xxmqpd348ifbs7w8j0m53agp28r6imv237ha3kmhp632hmyf1d"))
               (file-name (string-append name "-" version ".tar.gz"))
               (modules '((guix build utils)))
               (snippet
@@ -3281,3 +3335,40 @@ Extensible Firmware Interface (EFI) Boot Manager.  This application can
 create and destroy boot entries, change the boot order, change the next
 running boot option, and more.")
     (license license:gpl2+)))
+
+(define-public sysstat
+  (package
+    (name "sysstat")
+    (version "11.4.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://perso.orange.fr/sebastien.godard/"
+                                  "sysstat-" version ".tar.xz"))
+              (sha256
+               (base32
+                "0f8gk1hma3bk198ziwrhh5jhisnbbgc1v4rxhny58n0zjzw0gm0z"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; No test suite.
+       ;; Without this flag, it tries to install the man pages with group 'root'
+       ;; and fails because /etc/passwd lacks an entry for the root user.
+       #:configure-flags
+       (list "--disable-file-attr"
+             (string-append "conf_dir=" (assoc-ref %outputs "out") "/etc"))
+       #:phases
+       (modify-phases %standard-phases
+         ;; The build process tries to create '/var/lib/sa', so we skip that
+         ;; instruction.
+         (add-after 'build 'skip-touching-var
+           (lambda _
+             (substitute* "Makefile"
+               (("mkdir -p \\$\\(DESTDIR\\)\\$\\(SA_DIR\\)")
+                ""))
+             #t)))))
+    (home-page "http://sebastien.godard.pagesperso-orange.fr/")
+    (synopsis "Performance monitoring tools for Linux")
+    (description "The sysstat utilities are a collection of performance
+monitoring tools for Linux.  These include @code{mpstat}, @code{iostat},
+@code{tapestat}, @code{cifsiostat}, @code{pidstat}, @code{sar}, @code{sadc},
+@code{sadf} and @code{sa}.")
+    (license license:gpl2+)))
diff --git a/gnu/packages/lisp.scm b/gnu/packages/lisp.scm
index e226443626..80161de01b 100644
--- a/gnu/packages/lisp.scm
+++ b/gnu/packages/lisp.scm
@@ -756,14 +756,14 @@ from other CLXes around the net.")
 (define-public sbcl-stumpwm
   (package
     (name "sbcl-stumpwm")
-    (version "0.9.9")
+    (version "1.0.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
                     "https://github.com/stumpwm/stumpwm/archive/"
                     version ".tar.gz"))
               (sha256
-               (base32 "1fqabij4zcsqg1ywgdv2irp1ys23dwc8ms9ai55lb2i47hgv7z3x"))
+               (base32 "1maxp98gh64az3d9vz9br6zdd6rc9fmj2imvax4by85g6kxvdz1i"))
               (file-name (string-append "stumpwm-" version ".tar.gz"))))
     (build-system asdf-build-system/sbcl)
     (inputs `(("sbcl-cl-ppcre" ,sbcl-cl-ppcre)
diff --git a/gnu/packages/lua.scm b/gnu/packages/lua.scm
index 65c335d373..721eceddf1 100644
--- a/gnu/packages/lua.scm
+++ b/gnu/packages/lua.scm
@@ -371,13 +371,13 @@ Notable examples are GTK+, GStreamer and Webkit.")
 (define-public lua-lpeg
   (package
     (name "lua-lpeg")
-    (version "1.0.0")
+    (version "1.0.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://www.inf.puc-rio.br/~roberto/lpeg/lpeg-"
                                   version ".tar.gz"))
               (sha256
-               (base32 "13mz18s359wlkwm9d9iqlyyrrwjc6iqfpa99ai0icam2b3khl68h"))))
+               (base32 "0sq25z3r324a324ky73izgq9mbf66j2xvjp0fxf227rwxalzgnb2"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
diff --git a/gnu/packages/lxde.scm b/gnu/packages/lxde.scm
index dedaaee27b..e8db6271f5 100644
--- a/gnu/packages/lxde.scm
+++ b/gnu/packages/lxde.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Mathieu Lirzin <mthl@openmailbox.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -33,7 +34,7 @@
 (define-public libfm
   (package
     (name "libfm")
-    (version "1.2.4")
+    (version "1.2.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/pcmanfm/"
@@ -41,7 +42,7 @@
                                   "%29/LibFM/" name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0bsh4p7h2glhxf1cc1lvbxyb4qy0y1zsnl9izf7vrldkikrgc13q"))))
+                "0nlvfwh09gbq8bkbvwnw6iqr918rrs9gc9ljb9pjspyg408bn1n7"))))
     (build-system gnu-build-system)
     (inputs `(("glib" ,glib)
               ("gtk+" ,gtk+-2)))
@@ -143,16 +144,20 @@ toolkit.  It allows users to monitor and control of running processes.")
 (define-public lxterminal
   (package
     (name "lxterminal")
-    (version "0.2.0")
+    (version "0.3.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/lxde/LXTerminal"
                                   "%20%28terminal%20emulator%29/LXTerminal%20"
-                                  version "/" name "-" version ".tar.gz"))
+                                  version "/" name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1brb506vmnncih8nyvlrckrrn6msbsvz2vwbm7bsqwigcnchwjqp"))))
+                "1yf76s15zvfw0h42b0ay1slpq47khgjmcry8ki2z812zar9lchia"))))
     (build-system gnu-build-system)
+    (arguments
+     `(;; Tests for "po" fail with "No rule to make target '../src/encoding.c'
+       ;; needed by 'lxterminal.pot'. Stop."
+       #:tests? #f))
     (inputs `(("gtk+" ,gtk+-2)
               ("vte"  ,vte/gtk+-2)))
     (native-inputs `(("intltool"   ,intltool)
@@ -168,7 +173,7 @@ performance, all instances of the terminal are sharing a single process.")
 (define-public menu-cache
   (package
     (name "menu-cache")
-    (version "1.0.1")
+    (version "1.0.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/lxde/" name "/"
@@ -176,7 +181,7 @@ performance, all instances of the terminal are sharing a single process.")
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0ngxvwfj9drabqi3lyzgpi0d0za6431sy2ijb010filrj54jdiqa"))))
+                "1m8j40npykfcfqs43kc0fmksal2jfmfi8lnb3mq3xy1lvvrfv0vg"))))
     (build-system gnu-build-system)
     (inputs `(("glib"  ,glib)
               ("libfm" ,libfm-extra)))
@@ -190,7 +195,7 @@ speed up the access to freedesktop.org defined application menus.")
 (define-public pcmanfm
   (package
     (name "pcmanfm")
-    (version "1.2.4")
+    (version "1.2.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://sourceforge/" name "/"
@@ -198,7 +203,7 @@ speed up the access to freedesktop.org defined application menus.")
                                   "%29/PCManFM/" name "-" version ".tar.xz"))
               (sha256
                (base32
-                "04z3vd9si24yi4c8calqncdpb9b6mbj4cs4f3fs86i6j05gvpk9q"))))
+                "0rxdh0dfzc84l85c54blq42gczygq8adhr3l9hqzy1dp530cm1hc"))))
     (build-system gnu-build-system)
     ;; (#:configure-flags '("--sysconfdir=/etc")) suggested in README.
     (inputs `(("gtk+"   ,gtk+-2)
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 70d9b4eee2..dbbe629bca 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2014, 2015, 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
 ;;; Copyright © 2014 Sou Bunnbu <iyzsong@gmail.com>
 ;;; Copyright © 2014 Julien Lepiller <julien@lepiller.eu>
@@ -15,7 +15,7 @@
 ;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox.org>
 ;;; Copyright © 2016 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2016 Troy Sankey <sankeytms@gmail.com>
-;;; Copyright © 2016 ng0 <ngillmann@runbox.com>
+;;; Copyright © 2016, 2017 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2016 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2016 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
@@ -250,7 +250,7 @@ operating systems.")
 (define-public gmime
   (package
     (name "gmime")
-    (version "2.6.20")
+    (version "2.6.22")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnome/sources/gmime/"
@@ -258,7 +258,7 @@ operating systems.")
                                   "/gmime-" version ".tar.xz"))
               (sha256
                (base32
-                "0rfzbgsh8ira5p76kdghygl5i3fvmmx4wbw5rp7f8ajc4vxp18g0"))))
+                "0fjmsphvz8srsmcdl4v13p2z4jp2migaybyny444hal4snbr0py2"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)
@@ -528,14 +528,14 @@ invoking @command{notifymuch} from the post-new hook.")
 (define-public notmuch
   (package
     (name "notmuch")
-    (version "0.23.4")
+    (version "0.23.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://notmuchmail.org/releases/notmuch-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0fs5crf8v3jghc8jnm61cv7wxhclcg88hi5894d8fma9kkixcv8h"))))
+                "0ry2k9sdwd1vw8cf6svch8wk98523s07mwxvsf7b8kghqnrr89n6"))))
     (build-system gnu-build-system)
     (arguments
      '(#:make-flags (list "V=1") ; Verbose test output.
@@ -1740,3 +1740,62 @@ the GNU Mailman 3 REST API.")
 
 (define-public python2-mailmanclient
   (package-with-python2 python-mailmanclient))
+
+(define-public mlmmj
+  (package
+    (name "mlmmj")
+    (version "1.2.19.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://mlmmj.org/releases/mlmmj-"
+                           version ".tar.bz2"))
+       (sha256
+        (base32
+         "1piwvcxkqadjwk5x8jicaiyz9nngmaj3w13ghdqgaki32xd7zk9v"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("perl" ,perl))) ; For "contrib/web/"
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (arguments
+     `(#:configure-flags
+       ;; mlmmj-receive-strip is a replacement for mlmmj-receive
+       ;; It opens the files control/mimedeny and control/mimestrip to get a list
+       ;; of mimetypes for parts of multipart/mime messages that should be denied
+       ;; or stripped. The parts then get stripped directly when the mail is
+       ;; received. mlmmj-receive-strip also appends an extra header
+       ;; X-ThisMailContainsUnwantedMimeParts: Y when the mail contains unwanted
+       ;; mime parts
+       (list "--enable-receive-strip")
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'install 'install-contrib
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (share (string-append out "/share/mlmmj"))
+                    (contrib (string-append share "/contrib/web"))
+                    (texts (string-append share "/listtexts")))
+               (copy-recursively "contrib/web/" contrib)
+               (copy-recursively "listtexts" texts)
+               (rename-file texts (string-append share "/texts"))
+               #t))))))
+    (home-page "http://mlmmj.org")
+    (synopsis "Mailing list managing made joyful")
+    (description
+     "Mlmmj is a simple and slim mailing list manager (MLM) inspired by ezmlm.
+It works with many different Mail Transport Agents (MTAs) and is simple for a
+system adminstrator to install, configure and integrate with other software.
+As it uses very few resources, and requires no daemons, it is ideal for
+installation on systems where resources are limited.  Its features include:
+@enumerate
+@item Archive, Custom headers / footer,
+@item Fully automated bounce handling (similar to ezmlm),
+@item Complete requeueing functionality, Moderation functionality, Subject prefix,
+@item Subscribers only posting, Regular expression access control,
+@item Functionality to retrieve old posts, Web interface, Digests,
+@item No-mail subscription, VERP support,
+@item Delivery Status Notification (RFC1891) support,
+@item Rich and customisable texts for automated operations.
+@end enumerate\n")
+    (license license:expat)))
diff --git a/gnu/packages/mate.scm b/gnu/packages/mate.scm
index fc4eb84864..8600539adf 100644
--- a/gnu/packages/mate.scm
+++ b/gnu/packages/mate.scm
@@ -70,7 +70,7 @@
                                   ".tar.xz"))
               (sha256
                (base32
-                "12p6xvqs8smbk9nivi43089fiw1jbb3g9836arr0sksmmziklnvy"))))
+                "1gsfzrcbwp7835pbilk7cvda8hjsf9g3gl4llbm61y9j7a4x2kn6"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index 18b06e7765..fbf0f6a546 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -252,7 +252,7 @@ numbers.")
 (define-public glpk
   (package
     (name "glpk")
-    (version "4.60")
+    (version "4.61")
     (source
      (origin
       (method url-fetch)
@@ -260,13 +260,13 @@ numbers.")
                           version ".tar.gz"))
       (sha256
        (base32
-        "15z2ymzqhxwss6wgdj5f7vkyqlqdsjgrvm0x871kmlx0n0664mhk"))))
+        "1adbvwiaqrv9pql9ry3lhn2vfsxnff2vh4fs477d90kpfx0xwrlq"))))
     (build-system gnu-build-system)
     (inputs
      `(("gmp" ,gmp)))
     (arguments
      `(#:configure-flags '("--with-gmp")))
-    (home-page "http://www.gnu.org/software/glpk/")
+    (home-page "https://www.gnu.org/software/glpk/")
     (synopsis "GNU Linear Programming Kit, supporting the MathProg language")
     (description
      "GLPK is a C library for solving large-scale linear programming (LP),
@@ -484,14 +484,14 @@ computations.")
 (define-public hdf4
   (package
     (name "hdf4")
-    (version "4.2.11")
+    (version "4.2.12")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://support.hdfgroup.org/ftp/HDF/releases/HDF"
                            version "/src/hdf-" version ".tar.bz2"))
        (sha256
-        (base32 "16yr50j845zlfx20skmw3y75ww77akk9gg0affjqkg66ih5r03mv"))
+        (base32 "020jh563sjyxsgml8l809d2i1d4ms9shivwj3gbm7n0ilxbll8id"))
        (patches (search-patches "hdf4-architectures.patch"
                                 "hdf4-reproducibility.patch"
                                 "hdf4-shared-fortran.patch"))))
diff --git a/gnu/packages/messaging.scm b/gnu/packages/messaging.scm
index 95c265b987..0c88059dca 100644
--- a/gnu/packages/messaging.scm
+++ b/gnu/packages/messaging.scm
@@ -5,9 +5,9 @@
 ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016 ng0 <ng0@libertad.pw>
+;;; Copyright © 2016, 2017 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2016 Andy Patterson <ajpatter@uwaterloo.ca>
-;;; Copyright © 2016 Clément Lassieur <clement@lassieur.org>
+;;; Copyright © 2016, 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -37,8 +37,10 @@
   #:use-module (guix build-system cmake)
   #:use-module (gnu packages)
   #:use-module (gnu packages aidc)
+  #:use-module (gnu packages aspell)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages avahi)
+  #:use-module (gnu packages base)
   #:use-module (gnu packages check)
   #:use-module (gnu packages crypto)
   #:use-module (gnu packages cyrus-sasl)
@@ -535,6 +537,14 @@ end-to-end encryption support; XML console.")
              (substitute* "configure"
                (("exit 1") ""))
              #t))
+         (add-after 'unpack 'fix-makefile
+           (lambda _
+             (substitute* "Makefile"
+               ;; prosodyctl needs to read the configuration file.
+               (("^INSTALLEDCONFIG =.*") "INSTALLEDCONFIG = /etc/prosody\n")
+               ;; prosodyctl needs a place to put auto-generated certificates.
+               (("^INSTALLEDDATA =.*") "INSTALLEDDATA = /var/lib/prosody\n"))
+             #t))
          (add-after 'install 'wrap-programs
            (lambda* (#:key inputs outputs #:allow-other-keys)
              ;; Make sure all executables in "bin" find the required Lua
@@ -546,22 +556,30 @@ end-to-end encryption support; XML console.")
                                               (if (string-prefix? "lua" label)
                                                   directory #f)))
                                            inputs)))
-                    (path  (string-join
-                            (map (lambda (path)
-                                   (string-append path "/share/lua/5.1/?.lua;"
-                                                  path "/share/lua/5.1/?/?.lua"))
-                                 (cons out deps))
-                            ";"))
-                    (cpath (string-join
-                            (map (lambda (path)
-                                   (string-append path "/lib/lua/5.1/?.so;"
-                                                  path "/lib/lua/5.1/?/?.so"))
-                                 (cons out deps))
-                            ";")))
+                    (lua-path (string-join
+                               (map (lambda (path)
+                                      (string-append
+                                       path "/share/lua/5.1/?.lua;"
+                                       path "/share/lua/5.1/?/?.lua"))
+                                    (cons out deps))
+                               ";"))
+                    (lua-cpath (string-join
+                                (map (lambda (path)
+                                       (string-append
+                                        path "/lib/lua/5.1/?.so;"
+                                        path "/lib/lua/5.1/?/?.so"))
+                                     (cons out deps))
+                                ";"))
+                    (openssl (assoc-ref inputs "openssl"))
+                    (coreutils (assoc-ref inputs "coreutils"))
+                    (path (map (lambda (dir)
+                                 (string-append dir "/bin"))
+                               (list openssl coreutils))))
                (for-each (lambda (file)
                            (wrap-program file
-                             `("LUA_PATH"  ";" = (,path))
-                             `("LUA_CPATH" ";" = (,cpath))))
+                             `("LUA_PATH"  ";" = (,lua-path))
+                             `("LUA_CPATH" ";" = (,lua-cpath))
+                             `("PATH" ":" prefix ,path)))
                          (find-files bin ".*"))
                #t))))))
     (inputs
@@ -1103,4 +1121,71 @@ Conferencing (PSYC).  psycLPC is a fork of LDMud with some new features and
 many bug fixes.")
     (license license:gpl2))))
 
+(define-public loudmouth
+  (package
+    (name "loudmouth")
+    (version "1.5.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://mcabber.com/files/loudmouth/"
+                           name "-" version ".tar.bz2"))
+       (sha256
+        (base32
+         "0b6kd5gpndl9nzis3n6hcl0ldz74bnbiypqgqa1vgb0vrcar8cjl"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("glib" ,glib)
+       ("gnutls" ,gnutls)
+       ("libidn" ,libidn)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("check" ,check)
+       ("glib" ,glib "bin") ; gtester
+       ("gtk-doc" ,gtk-doc)))
+    (home-page "https://mcabber.com/")
+    (description
+     "Loudmouth is a lightweight and easy-to-use C library for programming
+with the XMPP (formerly known as Jabber) protocol.  It is designed to be
+easy to get started with and yet extensible to let you do anything the XMPP
+protocol allows.")
+    (synopsis "Asynchronous XMPP library")
+    ;; The files have LGPL2.0+ headers, but COPYING specifies LGPL2.1.
+    (license license:lgpl2.0+)))
+
+(define-public mcabber
+  (package
+    (name "mcabber")
+    (version "1.0.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://mcabber.com/files/"
+                           name "-" version ".tar.bz2"))
+       (sha256
+        (base32
+         "02nfn5r7cjpnacym95l6bvczii232v3x2gi79gfa9syc7w0brdk3"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:configure-flags (list "--enable-otr"
+                               "--enable-aspell")))
+    (inputs
+     `(("gpgme" ,gpgme)
+       ("libotr" ,libotr)
+       ("aspell" ,aspell)
+       ("libidn" ,libidn)
+       ("glib" ,glib)
+       ("ncurses" ,ncurses)
+       ("loudmouth" ,loudmouth)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (home-page "https://mcabber.com")
+    (description
+     "Mcabber is a small XMPP (Jabber) console client, which includes features
+such as SASL and TLS support, @dfn{Multi-User Chat} (MUC) support, logging,
+command-completion, OpenPGP encryption, @dfn{Off-the-Record Messaging} (OTR)
+support, and more.")
+    (synopsis "Small XMPP console client")
+    (license license:gpl2+)))
+
 ;;; messaging.scm ends here
diff --git a/gnu/packages/mit-krb5.scm b/gnu/packages/mit-krb5.scm
deleted file mode 100644
index f9e1e9009c..0000000000
--- a/gnu/packages/mit-krb5.scm
+++ /dev/null
@@ -1,86 +0,0 @@
-;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
-;;;
-;;; This file is part of GNU Guix.
-;;;
-;;; GNU Guix is free software; you can redistribute it and/or modify it
-;;; under the terms of the GNU General Public License as published by
-;;; the Free Software Foundation; either version 3 of the License, or (at
-;;; your option) any later version.
-;;;
-;;; GNU Guix is distributed in the hope that it will be useful, but
-;;; WITHOUT ANY WARRANTY; without even the implied warranty of
-;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-;;; GNU General Public License for more details.
-;;;
-;;; You should have received a copy of the GNU General Public License
-;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
-
-(define-module (gnu packages mit-krb5)
-  #:use-module (gnu packages)
-  #:use-module (gnu packages bison)
-  #:use-module (gnu packages perl)
-  #:use-module (guix licenses)
-  #:use-module (guix packages)
-  #:use-module (guix download)
-  #:use-module (guix utils)
-  #:use-module (guix build-system gnu))
-
-(define-public mit-krb5
-  (package
-    (name "mit-krb5")
-    (version "1.14.4")
-    (source (origin
-              (method url-fetch)
-              (uri (string-append "http://web.mit.edu/kerberos/dist/krb5/"
-                                  (version-major+minor version)
-                                  "/krb5-" version ".tar.gz"))
-              (sha256
-               (base32
-                "158bgq9xcg5ljgzia1880ak7m9g6vf2r009rzdqif5n9h111m9h3"))))
-    (build-system gnu-build-system)
-    (native-inputs
-     `(("bison" ,bison)
-       ("perl" ,perl)))
-    (arguments
-     `(;; Work around "No rule to make target '../../include/gssapi/gssapi.h',
-       ;; needed by 'authgss_prot.so'."
-       #:parallel-build? #f
-
-       ;; Likewise with tests.
-       #:parallel-tests? #f
-
-       ;; XXX: On 32-bit systems, 'kdb5_util' hangs on an fcntl/F_SETLKW call
-       ;; while running the tests in 'src/tests'.
-       #:tests? ,(string=? (%current-system) "x86_64-linux")
-
-       #:phases
-       (modify-phases %standard-phases
-         (add-after 'unpack 'enter-source-directory
-           (lambda _
-             (chdir "src")
-             #t))
-         (add-before 'check 'pre-check
-           (lambda* (#:key inputs #:allow-other-keys)
-             (let ((perl (assoc-ref inputs "perl")))
-               (substitute* "plugins/kdb/db2/libdb2/test/run.test"
-                 (("/bin/cat") (string-append perl "/bin/perl"))
-                 (("D/bin/sh") (string-append "D" (which "sh")))
-                 (("bindir=/bin/.") (string-append "bindir=" perl "/bin"))))
-
-             ;; avoid service names since /etc/services is unavailable
-             (substitute* "tests/resolve/Makefile"
-               (("-p telnet") "-p 23"))
-             #t)))))
-    (synopsis "MIT Kerberos 5")
-    (description
-     "Massachusetts Institute of Technology implementation of Kerberos.
-Kerberos is a network authentication protocol designed to provide strong
-authentication for client/server applications by using secret-key
-cryptography.")
-    (license (non-copyleft "file://NOTICE"
-                           "See NOTICE in the distribution."))
-    (home-page "http://web.mit.edu/kerberos/")))
diff --git a/gnu/packages/mp3.scm b/gnu/packages/mp3.scm
index 4f799bd200..e60bd5c5c1 100644
--- a/gnu/packages/mp3.scm
+++ b/gnu/packages/mp3.scm
@@ -458,7 +458,7 @@ compression format (.mpc files).")
 (define-public eyed3
   (package
     (name "eyed3")
-    (version "0.7.9")
+    (version "0.7.10")
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -466,7 +466,7 @@ compression format (.mpc files).")
                   version ".tar.gz"))
              (sha256
               (base32
-               "08mzhqg3k63d244cgwd0y1xrb8x9m6b99ykyskpnwyxl4wxrgrzp"))))
+               "0wjicszs64ksj2y5jbk09yjd08znc1qnarlq8ssmx13f2d4x59wq"))))
     (build-system python-build-system)
     (arguments
      `(#:python ,python-2))
diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index 59fd508f62..b8b97eb141 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 Paul van der Walt <paul@denknerd.org>
 ;;; Copyright © 2016 Al McElrath <hello@yrns.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
@@ -842,7 +842,7 @@ your own lessons.")
 (define-public powertabeditor
   (package
     (name "powertabeditor")
-    (version "2.0.0-alpha8")
+    (version "2.0.0-alpha9")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -851,27 +851,20 @@ your own lessons.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0gaa2x209v3azql8ak3r1n9a9qbxjx2ssirvwdxwklv2lmfqkm82"))
+                "1zjdz1qpkl83xr6dkap8airqcyjs3mxc5dzfyhrrvkyr7dics7ii"))
               (modules '((guix build utils)))
               (snippet
                '(begin
                   ;; Remove bundled sources for external libraries
                   (delete-file-recursively "external")
+                  ;; Use only system libraries
                   (substitute* "CMakeLists.txt"
-                    (("include_directories\\(\\$\\{PROJECT_SOURCE_DIR\\}/external/.*") "")
-                    (("add_subdirectory\\(external\\)") ""))
-                  (substitute* "test/CMakeLists.txt"
-                    (("include_directories\\(\\$\\{PROJECT_SOURCE_DIR\\}/external/.*") ""))
-
-                  ;; Add install target
-                  (substitute* "source/CMakeLists.txt"
-                    (("qt5_use_modules")
-                     (string-append
-                      "install(TARGETS powertabeditor "
-                      "RUNTIME DESTINATION ${CMAKE_INSTALL_PREFIX}/bin)\n"
-                      "install(FILES data/tunings.json DESTINATION "
-                      "${CMAKE_INSTALL_PREFIX}/share/powertabeditor/)\n"
-                      "qt5_use_modules")))
+                    (("include\\( PTE_ThirdParty \\)")
+                     "\
+include(third_party/Qt)
+include(third_party/boost)
+add_library( Catch INTERFACE IMPORTED )
+add_library( rapidjson INTERFACE IMPORTED )"))
                   #t))))
     (build-system cmake-build-system)
     (arguments
@@ -882,42 +875,45 @@ your own lessons.")
        ;; CMake appears to lose the RUNPATH for some reason, so it has to be
        ;; explicitly set with CMAKE_INSTALL_RPATH.
        (list "-DCMAKE_BUILD_WITH_INSTALL_RPATH=TRUE"
-             "-DCMAKE_ENABLE_PRECOMPILED_HEADERS=OFF" ; if ON pte_tests cannot be built
              (string-append "-DCMAKE_INSTALL_RPATH="
                             (string-join (map (match-lambda
                                                 ((name . directory)
                                                  (string-append directory "/lib")))
-                                              %build-inputs) ";")))
+                                              %build-inputs) ";"))
+             "-DPTE_DATA_DIR=share/powertabeditor")
        #:phases
        (modify-phases %standard-phases
-         (replace
-          'check
-          (lambda _
-            (zero? (system* "bin/pte_tests"
-                            ;; Exclude this failing test
-                            "~Formats/PowerTabOldImport/Directions"))))
-         (add-before
-          'configure 'fix-tests
-          (lambda _
-            ;; Tests cannot be built with precompiled headers
-            (substitute* "test/CMakeLists.txt"
-              (("cotire\\(pte_tests\\)") ""))
-            #t))
-         (add-before
-          'configure 'remove-third-party-libs
-          (lambda* (#:key inputs #:allow-other-keys)
-            ;; Link with required static libraries, because we're not
-            ;; using the bundled version of withershins.
-            (substitute* '("source/CMakeLists.txt"
-                           "test/CMakeLists.txt")
-              (("target_link_libraries\\((powertabeditor|pte_tests)" _ target)
-               (string-append "target_link_libraries(" target " "
-                              (assoc-ref inputs "binutils")
-                              "/lib/libbfd.a "
-                              (assoc-ref inputs "libiberty")
-                              "/lib/libiberty.a "
-                              "dl")))
-            #t)))))
+         (replace 'check
+           (lambda _
+             (zero? (system* "bin/pte_tests"
+                             ;; FIXME: one test fails.
+                             "exclude:Formats/PowerTabOldImport/Directions"))))
+         (add-after 'unpack 'set-target-directories
+           (lambda _
+             (substitute* "cmake/PTE_Executable.cmake"
+               (("set\\( install_dir.*")
+                "set( install_dir bin )\n"))
+             (substitute* "cmake/PTE_Paths.cmake"
+               (("set\\( PTE_DATA_DIR .*")
+                "set( PTE_DATA_DIR share/powertabeditor )\n"))
+             ;; Tests hardcode the data directory as "data"
+             (substitute* "test/CMakeLists.txt"
+               (("\\$\\{PTE_DATA_DIR\\}") "data"))
+             #t))
+         (add-before 'configure 'remove-third-party-libs
+           (lambda* (#:key inputs #:allow-other-keys)
+             ;; Link with required static libraries, because we're not
+             ;; using the bundled version of withershins.
+             (substitute* "source/build/CMakeLists.txt"
+               (("withershins" line)
+                (string-append line "\n"
+                               (assoc-ref inputs "binutils")
+                               "/lib/libbfd.a\n"
+                               (assoc-ref inputs "libiberty")
+                               "/lib/libiberty.a\n"
+                               "dl\n"
+                               "z\n")))
+             #t)))))
     (inputs
      `(("boost" ,boost)
        ("alsa-lib" ,alsa-lib)
@@ -1687,6 +1683,35 @@ synths, microtonal capabilities, custom envelopes, effects, etc.  Yoshimi
 improves on support for JACK features, such as JACK MIDI.")
     (license license:gpl2)))
 
+(define-public libgig
+  (package
+    (name "libgig")
+    (version "4.0.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://download.linuxsampler.org/packages/"
+                                  "libgig-" version ".tar.bz2"))
+              (sha256
+               (base32
+                "1wr8mwjmqpnyz6bx9757lspiii1zzn8zfbqsvn2ipzpgqkxv6kaz"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("libuuid" ,util-linux)
+       ("libsndfile" ,libsndfile)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (home-page "http://linuxsampler.org/libgig/")
+    (synopsis "C++ library for working with Gigasampler (.gig) files")
+    (description
+     "Libgig is a C++ library for loading, modifying existing and creating new
+Gigasampler (.gig) files and DLS (Downloadable Sounds) Level 1/2 files, KORG
+sample based instruments (.KSF and .KMP files), SoundFont v2 (.sf2) files and
+AKAI sampler data.  The package includes a couple of command line tools based
+on the library.")
+    ;; The library and tools are released under the GPL, except the AKAI
+    ;; classes which are released under the LGPL.
+    (license (list license:gpl2+ license:lgpl2.1+))))
+
 (define-public jack-keyboard
   (package
     (name "jack-keyboard")
@@ -1889,8 +1914,8 @@ analogue-like user interface.")
                #t)))))
       (inputs
        `(("lilv" ,lilv)
-         ("fftw" ,fftw-with-threads)
-         ("fftwf" ,fftwf-with-threads)
+         ("fftw" ,fftw)
+         ("fftwf" ,fftwf)
          ("lv2" ,lv2)
          ("jack" ,jack-1)
          ("readline" ,readline)))
@@ -1941,13 +1966,13 @@ event-based scripts for scrobbling, notifications, etc.")
 (define-public python-mutagen
   (package
     (name "python-mutagen")
-    (version "1.35.1")
+    (version "1.36")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "mutagen" version))
               (sha256
                (base32
-                "0klk68c1n3285vvm2xzk8ii7mlqp1dxii04askan0gi1wlpagka9"))))
+                "1kabb9b81hgvpd3wcznww549vss12b1xlvpnxg1r6n4c7gikgvnp"))))
     (build-system python-build-system)
     (native-inputs
      `(("python-pytest" ,python-pytest)))
@@ -2056,13 +2081,13 @@ websites such as Libre.fm.")
 (define-public beets
   (package
     (name "beets")
-    (version "1.4.2")
+    (version "1.4.3")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "beets" version))
               (sha256
                (base32
-                "0sna2hx8sdaa36jnvw5a7m31wzfm717lw2ixh906fsfp43i74k5m"))))
+                "0r743a2pv1iyw50jsdl01v2ml3pdkhdp920a5d1wsacak48vwgxr"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
@@ -2179,7 +2204,7 @@ with a number of bugfixes and changes to improve IT playback.")
 (define-public moc
   (package
     (name "moc")
-    (version "2.5.1")
+    (version "2.5.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://ftp.daper.net/pub/soft/"
@@ -2187,7 +2212,13 @@ with a number of bugfixes and changes to improve IT playback.")
                                   name "-" version ".tar.bz2"))
               (sha256
                (base32
-                "1wn4za08z64bhsgfhr9c0crfyvy8c3b6a337wx7gz19am5srqh8v"))))
+                "026v977kwb0wbmlmf6mnik328plxg8wykfx9ryvqhirac0aq39pk"))
+              (modules '((guix build utils)))
+              (snippet
+               ;; Remove use of __DATE__ and __TIME__ for reproducibility.
+               '(substitute* "main.c"
+                  (("printf \\(\"            Built : %s\", __DATE__\\);") "")
+                  (("printf \\(\" %s\", __TIME__\\);") "")))))
     (build-system gnu-build-system)
     (inputs
      `(("alsa-lib" ,alsa-lib)
diff --git a/gnu/packages/nano.scm b/gnu/packages/nano.scm
index 68444771a0..5fafe78e2e 100644
--- a/gnu/packages/nano.scm
+++ b/gnu/packages/nano.scm
@@ -29,7 +29,7 @@
 (define-public nano
   (package
     (name "nano")
-    (version "2.7.3")
+    (version "2.7.4")
     (source
      (origin
       (method url-fetch)
@@ -37,7 +37,7 @@
                           version ".tar.gz"))
       (sha256
        (base32
-        "123si2acvfhnl2kip08bqm413yv36zy3pmj75ibkn7q59mcx8x1m"))))
+        "135wzlv77p9za8679j2jpfkpvainvyagrhkdxngp71ynabgc5zr3"))))
     (build-system gnu-build-system)
     (inputs
      `(("gettext" ,gettext-minimal)
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index 3c7c073497..87ee0a1d8e 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015, 2016 Stefan Reichör <stefan@xsteve.at>
@@ -8,7 +8,7 @@
 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
 ;;; Copyright © 2016 Nicolas Goaziou <mail@nicolasgoaziou.fr>
 ;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016, 2017 ng0 <ng0@libertad.pw>
 ;;; Copyright © 2016 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2016 Benz Schenk <benz.schenk@uzh.ch>
 ;;;
@@ -53,7 +53,7 @@
   #:use-module (gnu packages libidn)
   #:use-module (gnu packages linux)
   #:use-module (gnu packages lua)
-  #:use-module (gnu packages mit-krb5)
+  #:use-module (gnu packages kerberos)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages pcre)
   #:use-module (gnu packages perl)
@@ -430,7 +430,7 @@ and up to 1 Mbit/s downstream.")
 (define-public whois
   (package
     (name "whois")
-    (version "5.2.13")
+    (version "5.2.14")
     (source
      (origin
        (method url-fetch)
@@ -438,7 +438,7 @@ and up to 1 Mbit/s downstream.")
                            name "_" version ".tar.xz"))
        (sha256
         (base32
-         "0r3bbxpwsxssa99d8dcjnp79mw1cjwqxgmqjm1537q277jwsk0yc"))))
+         "1lmh7168yby1ma8r1svgvmv9hbgjyniy9c64r6lby3zdmd0sy7d4"))))
     (build-system gnu-build-system)
     ;; TODO: unbundle mkpasswd binary + its po files.
     (arguments
@@ -879,15 +879,15 @@ sockets in Perl.")
 (define-public proxychains-ng
   (package
     (name "proxychains-ng")
-    (version "4.11")
+    (version "4.12")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/rofl0r/" name "/releases/"
                                   "download/v" version "/" name "-" version
-                                  ".tar.bz2"))
+                                  ".tar.xz"))
               (sha256
                (base32
-                "1dkncdzw852488gkh5zhn4b5i03qyj8rgh1wcvcva7yd12c19i6w"))))
+                "0kiss3ih6cwayzvqi5cx4kw4vh7r2kfxlbgk56v1f1066ncm8aj8"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; there are no tests
diff --git a/gnu/packages/nfs.scm b/gnu/packages/nfs.scm
index 650a2af0d6..f18fe6cb51 100644
--- a/gnu/packages/nfs.scm
+++ b/gnu/packages/nfs.scm
@@ -22,7 +22,7 @@
   #:use-module (gnu packages databases)
   #:use-module (gnu packages gsasl)
   #:use-module (gnu packages libevent)
-  #:use-module (gnu packages mit-krb5)
+  #:use-module (gnu packages kerberos)
   #:use-module (gnu packages onc-rpc)
   #:use-module (gnu packages pkg-config)
   #:use-module (guix build-system cmake)
diff --git a/gnu/packages/nim.scm b/gnu/packages/nim.scm
new file mode 100644
index 0000000000..c249e2be93
--- /dev/null
+++ b/gnu/packages/nim.scm
@@ -0,0 +1,59 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 José Miguel Sánchez García <jmi2k@openmailbox.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages nim)
+  #:use-module (guix build-system gnu)
+  #:use-module (guix download)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (guix packages))
+
+(define-public nim
+  (package
+    (name "nim")
+    (version "0.16.0")
+    (source
+     (origin
+      (method url-fetch)
+      (uri (string-append "http://nim-lang.org/download/"
+                          name "-" version ".tar.xz"))
+      (sha256
+       (base32
+        "0rsibhkc5n548bn9yyb9ycrdgaph5kq84sfxc9gabjs7pqirh6cy"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; No tests.
+       #:phases
+         (modify-phases %standard-phases
+           (delete 'configure)
+           (add-after 'unpack 'patch-installer
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let ((out (assoc-ref outputs "out")))
+                 (substitute* "install.sh"
+                   (("1/nim") "1"))
+                 #t)))
+           (replace 'install
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let ((out (assoc-ref outputs "out")))
+                 (zero? (system* "./install.sh" out))))))))
+    (home-page "http://nim-lang.org")
+    (synopsis "Statically-typed, imperative programming language")
+    (description "Nim (formerly known as Nimrod) is a statically-typed,
+imperative programming language that tries to give the programmer ultimate power
+without compromises on runtime efficiency.  This means it focuses on compile-time
+mechanisms in all their various forms.")
+    (license license:expat)))
diff --git a/gnu/packages/ocaml.scm b/gnu/packages/ocaml.scm
index 93020f1c06..28c6ab34fa 100644
--- a/gnu/packages/ocaml.scm
+++ b/gnu/packages/ocaml.scm
@@ -32,8 +32,10 @@
   #:use-module (gnu packages emacs)
   #:use-module (gnu packages gcc)
   #:use-module (gnu packages ghostscript)
+  #:use-module (gnu packages glib)
   #:use-module (gnu packages gnome)
   #:use-module (gnu packages gtk)
+  #:use-module (gnu packages libevent)
   #:use-module (gnu packages lynx)
   #:use-module (gnu packages m4)
   #:use-module (gnu packages multiprecision)
@@ -44,6 +46,7 @@
   #:use-module (gnu packages tex)
   #:use-module (gnu packages texinfo)
   #:use-module (gnu packages time)
+  #:use-module (gnu packages tls)
   #:use-module (gnu packages version-control)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages xorg)
@@ -804,10 +807,19 @@ other XUnit testing frameworks.")
      `(#:phases
        (modify-phases %standard-phases
          (delete 'configure)
-         (add-before 'install 'fix-install-name
-           (lambda* (#:key #:allow-other-keys)
-             (substitute* "Makefile"
-               (("install zip") "install camlzip")))))
+         (add-after 'install 'install-camlzip
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (dir (string-append out "/lib/ocaml/site-lib/camlzip")))
+               (mkdir-p dir)
+               (call-with-output-file (string-append dir "/META")
+                 (lambda (port)
+                   (format port "version=\"1.06\"\n")
+                   (format port "requires=\"unix\"\n")
+                   (format port "archive(byte)=\"zip.cma\"\n")
+                   (format port "archive(native)=\"zip.cmxa\"\n")
+                   (format port "archive(native,plugin)=\"zip.cmxs\"\n")
+                   (format port "directory=\"../zip\"\n")))))))
        #:install-target "install-findlib"
        #:make-flags
        (list "all" "allopt"
@@ -1218,3 +1230,469 @@ module automatically handles syntax errors, help messages and UNIX man page
 generation. It supports programs with single or multiple commands and respects
 most of the POSIX and GNU conventions.")
     (license license:bsd-3)))
+
+(define-public ocaml-fmt
+  (package
+    (name "ocaml-fmt")
+    (version "0.8.0")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "http://erratique.ch/software/fmt/releases/fmt-"
+                            version ".tbz"))
+        (sha256 (base32
+                  "16y7ibndnairb53j8a6qgipyqwjxncn4pl9jiw5bxjfjm59108px"))))
+    (build-system ocaml-build-system)
+    (native-inputs `(("opam" ,opam)
+                     ("topkg" ,ocaml-topkg)))
+    (propagated-inputs `(("result" ,ocaml-result)
+                         ("cmdliner" ,ocaml-cmdliner)))
+    (arguments `(#:tests? #f
+                 #:build-flags (list "build" "--with-base-unix" "true"
+                                     "--with-cmdliner" "true")
+                 #:phases
+                 (modify-phases %standard-phases
+                   (delete 'configure))))
+    (home-page "http://erratique.ch/software/fmt")
+    (synopsis "OCaml Format pretty-printer combinators")
+    (description "Fmt exposes combinators to devise Format pretty-printing
+functions.")
+    (license license:isc)))
+
+(define-public ocaml-astring
+  (package
+    (name "ocaml-astring")
+    (version "0.8.3")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "http://erratique.ch/software/astring/releases/astring-"
+                            version ".tbz"))
+        (sha256 (base32
+                  "0ixjwc3plrljvj24za3l9gy0w30lsbggp8yh02lwrzw61ls4cri0"))))
+    (build-system ocaml-build-system)
+    (native-inputs `(("opam" ,opam)
+                     ("topkg" ,ocaml-topkg)))
+    (arguments `(#:tests? #f
+                 #:build-flags (list "build")
+                 #:phases
+                 (modify-phases %standard-phases
+                   (delete 'configure))))
+    (home-page "http://erratique.ch/software/astring")
+    (synopsis "Alternative String module for OCaml")
+    (description "Astring exposes an alternative String module for OCaml.  This
+module balances minimality and expressiveness for basic, index-free, string
+processing and provides types and functions for substrings, string sets and
+string maps.  The String module exposed by Astring has exception safe functions,
+removes deprecated and rarely used functions, alters some signatures and names,
+adds a few missing functions and fully exploits OCaml's newfound string
+immutability.")
+    (license license:isc)))
+
+(define-public ocaml-alcotest
+  (package
+    (name "ocaml-alcotest")
+    (version "0.7.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/mirage/alcotest/releases/"
+                                  "download/" version "/alcotest-" version ".tbz"))
+              (sha256
+                (base32
+                  "0g5lzk0gpfx4q8hyhr460gr4lab5wakfxsmhfwvb3yinxwzs95gc"))))
+    (build-system ocaml-build-system)
+    (arguments `(#:tests? #f
+                 #:build-flags (list "build")
+                 #:phases
+                 (modify-phases %standard-phases
+                   (delete 'configure))))
+    (native-inputs `(("opam" ,opam)
+                     ("topkg" ,ocaml-topkg)))
+    (propagated-inputs `(("fmt" ,ocaml-fmt)
+                         ("astring" ,ocaml-astring)))
+    (home-page "https://github.com/mirage/alcotest")
+    (synopsis "Lightweight OCaml test framework")
+    (description "Alcotest exposes simple interface to perform unit tests.  It
+exposes a simple TESTABLE module type, a check function to assert test
+predicates and a run function to perform a list of unit -> unit test callbacks.
+Alcotest provides a quiet and colorful output where only faulty runs are fully
+displayed at the end of the run (with the full logs ready to inspect), with a
+simple (yet expressive) query language to select the tests to run.")
+    (license license:isc)))
+
+(define-public ocaml-ppx-tools
+  (package
+    (name "ocaml-ppx-tools")
+    (version "5.0+4.02.0")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "https://github.com/alainfrisch/ppx_tools/archive/"
+                            version ".tar.gz"))
+        (sha256 (base32
+                  "0rjg4rngi8k9873z4zq95zn9hj8qyw1vcrf11y15aqasfpqq16rc"))))
+    (build-system ocaml-build-system)
+    (arguments `(#:phases (modify-phases %standard-phases (delete 'configure))
+                 #:tests? #f))
+    (home-page "https://github.com/alainfrisch/ppx_tools")
+    (synopsis "Tools for authors of ppx rewriters and other syntactic tools")
+    (description "Tools for authors of ppx rewriters and other syntactic tools.")
+    (license license:expat)))
+
+(define-public ocaml-react
+  (package
+    (name "ocaml-react")
+    (version "1.2.0")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "http://erratique.ch/software/react/releases/react-"
+                            version ".tbz"))
+        (sha256 (base32
+                  "0knhgbngphv5sp1yskfd97crf169qhpc0igr6w7vqw0q36lswyl8"))))
+    (build-system ocaml-build-system)
+    (native-inputs `(("opam" ,opam)))
+    (arguments `(#:tests? #f
+                 #:build-flags (list "native=true" "native-dynlink=true")
+                 #:phases
+                 (modify-phases %standard-phases
+                   (delete 'configure))))
+    (home-page "http://erratique.ch/software/react")
+    (synopsis "Declarative events and signals for OCaml")
+    (description "React is an OCaml module for functional reactive programming
+(FRP).  It provides support to program with time varying values: declarative
+events and signals.  React doesn't define any primitive event or signal, it
+lets the client choose the concrete timeline.")
+    (license license:bsd-3)))
+
+(define-public ocaml-ssl
+  (package
+    (name "ocaml-ssl")
+    (version "0.5.3")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "https://github.com/savonet/ocaml-ssl/archive/"
+                            version ".tar.gz"))
+        (sha256 (base32
+                  "1ds5gzyzpcgwn7h40dmjkll7g990cr82ay05b2a7nrclvv6fdpg8"))))
+    (build-system ocaml-build-system)
+    (arguments `(#:tests? #f
+                 #:make-flags (list "OCAMLFIND_LDCONF=ignore")
+                 #:phases
+                 (modify-phases %standard-phases
+                   (add-before 'configure 'bootstrap
+                     (lambda* (#:key #:allow-other-keys)
+                       (system* "./bootstrap")
+                       (substitute* "src/OCamlMakefile"
+                         (("/bin/sh") (which "bash")))
+                       (substitute* "configure"
+                         (("/bin/sh") (which "bash"))))))))
+    (native-inputs `(("autoconf" ,autoconf)
+                     ("automake" ,automake)
+                     ("which" ,which)))
+    (propagated-inputs `(("openssl" ,openssl)))
+    (home-page "https://github.com/savonet/ocaml-ssl/")
+    (synopsis "OCaml bindings for OpenSSL")
+    (description "OCaml bindings for OpenSSL.")
+    (license license:lgpl2.1)))
+
+(define-public ocaml-lwt
+  (package
+    (name "ocaml-lwt")
+    (version "2.6.0")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "https://github.com/ocsigen/lwt/archive/" version
+                            ".tar.gz"))
+        (sha256 (base32
+                  "1gbw0g8a5a4b16diqrmlhc8ilnikrm4w3jjm1zq310maqg8z0zxz"))))
+    (build-system ocaml-build-system)
+    (arguments
+     `(#:configure-flags
+       (list "--enable-ssl" "--enable-glib" "--enable-react"
+             "--enable-ppx")
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'disable-some-checks
+           (lambda* (#:key #:allow-other-keys)
+             (substitute* "tests/unix/main.ml"
+               (("Test_mcast.suite;") ""))))
+         (add-after 'install 'link-stubs
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out (assoc-ref outputs "out"))
+                    (stubs (string-append out "/lib/ocaml/site-lib/stubslibs"))
+                    (lib (string-append out "/lib/ocaml/site-lib/lwt")))
+               (mkdir-p stubs)
+               (symlink (string-append lib "/dlllwt-glib_stubs.so")
+                        (string-append stubs "/dlllwt-glib_stubs.so"))
+               (symlink (string-append lib "/dlllwt-unix_stubs.so")
+                        (string-append stubs "/dlllwt-unix_stubs.so"))))))))
+    (native-inputs `(("pkg-config" ,pkg-config)
+                     ("ppx-tools" ,ocaml-ppx-tools)))
+    (inputs `(("libev" ,libev)
+              ("glib" ,glib)))
+    (propagated-inputs `(("result" ,ocaml-result)
+                         ("ocaml-ssl" ,ocaml-ssl)
+                         ("ocaml-react" ,ocaml-react)))
+    (home-page "https://github.com/ocsigen/lwt")
+    (synopsis "Cooperative threads and I/O in monadic style")
+    (description "Lwt provides typed, composable cooperative threads.  These
+make it easy to run normally-blocking I/O operations concurrently in a single
+process.  Also, in many cases, Lwt threads can interact without the need for
+locks or other synchronization primitives.")
+    (license license:lgpl2.1)))
+
+(define-public ocaml-logs
+  (package
+    (name "ocaml-logs")
+    (version "0.6.2")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://erratique.ch/software/logs/releases/"
+                                  "logs-" version ".tbz"))
+              (sha256
+                (base32
+                  "1khbn7jqpid83zn8rvyh1x1sirls7zc878zj4fz985m5xlsfy853"))))
+    (build-system ocaml-build-system)
+    (arguments `(#:tests? #f
+                 #:build-flags (list "build" "--with-js_of_ocaml" "false")
+                 #:phases
+                 (modify-phases %standard-phases
+                   (delete 'configure))))
+    (native-inputs `(("opam" ,opam)))
+    (propagated-inputs `(("fmt" ,ocaml-fmt)
+                         ("lwt" ,ocaml-lwt)
+                         ("mtime" ,ocaml-mtime)
+                         ("result" ,ocaml-result)
+                         ("cmdliner" ,ocaml-cmdliner)
+                         ("topkg" ,ocaml-topkg)))
+    (home-page "http://erratique.ch/software/logs")
+    (synopsis "Logging infrastructure for OCaml")
+    (description "Logs provides a logging infrastructure for OCaml.  Logging is
+performed on sources whose reporting level can be set independently.  Log
+message report is decoupled from logging and is handled by a reporter.")
+    (license license:isc)))
+
+(define-public ocaml-fpath
+  (package
+    (name "ocaml-fpath")
+    (version "0.7.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://erratique.ch/software/fpath/releases/"
+                                  "fpath-" version ".tbz"))
+              (sha256
+                (base32
+                  "05134ij27xjl6gaqsc65yl19vfj6cjxq3mbm9bf4mija8grdpn6g"))))
+    (build-system ocaml-build-system)
+    (arguments `(#:tests? #f
+                 #:build-flags (list "build")
+                 #:phases
+                 (modify-phases %standard-phases
+                   (delete 'configure))))
+    (native-inputs `(("opam" ,opam)))
+    (propagated-inputs `(("topkg" ,ocaml-topkg)
+                         ("astring" ,ocaml-astring)))
+    (home-page "http://erratique.ch/software/fpath")
+    (synopsis "File system paths for OCaml")
+    (description "Fpath is an OCaml module for handling file system paths with
+POSIX or Windows conventions.  Fpath processes paths without accessing the
+file system and is independent from any system library.")
+    (license license:isc)))
+
+(define-public ocaml-bos
+  (package
+    (name "ocaml-bos")
+    (version "0.1.4")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://erratique.ch/software/bos/releases/"
+                                  "bos-" version ".tbz"))
+              (sha256
+                (base32
+                  "1ly66lysk4w6mdy4k1n3ynlpfpq7lw4wshcpzgx58v6x613w5s7q"))))
+    (build-system ocaml-build-system)
+    (arguments `(#:tests? #f
+                 #:build-flags (list "build")
+                 #:phases
+                 (modify-phases %standard-phases
+                   (delete 'configure))))
+    (native-inputs `(("opam" ,opam)))
+    (propagated-inputs `(("topkg" ,ocaml-topkg)
+                         ("astring" ,ocaml-astring)
+                         ("fmt" ,ocaml-fmt)
+                         ("fpath" ,ocaml-fpath)
+                         ("logs" ,ocaml-logs)
+                         ("rresult" ,ocaml-rresult)))
+    (home-page "http://erratique.ch/software/bos")
+    (synopsis "Basic OS interaction for OCaml")
+    (description "Bos provides support for basic and robust interaction with
+the operating system in OCaml.  It has functions to access the process
+environment, parse command line arguments, interact with the file system and
+run command line programs.")
+    (license license:isc)))
+
+(define-public ocaml-xmlm
+  (package
+    (name "ocaml-xmlm")
+    (version "1.2.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://erratique.ch/software/xmlm/releases/"
+                                  "xmlm-" version ".tbz"))
+              (sha256
+                (base32
+                  "1jywcrwn5z3gkgvicr004cxmdaqfmq8wh72f81jqz56iyn5024nh"))))
+    (build-system ocaml-build-system)
+    (arguments `(#:tests? #f
+                 #:phases
+                 (modify-phases %standard-phases
+                   (delete 'configure)
+                   (replace 'build
+                     (lambda* (#:key #:allow-other-keys)
+                       (zero? (system* "pkg/build" "true")))))))
+    (native-inputs `(("opam" ,opam)))
+    (home-page "http://erratique.ch/software/xmlm")
+    (synopsis "Streaming XML codec for OCaml")
+    (description "Xmlm is a streaming codec to decode and encode the XML data
+format.  It can process XML documents without a complete in-memory
+representation of the data.")
+    (license license:isc)))
+
+(define-public ocaml-ulex
+  (package
+    (name "ocaml-ulex")
+    (version "1.1")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://www.cduce.org/download/ulex-"
+                                  version ".tar.gz"))
+              (sha256
+                (base32
+                  "0fjlkwps14adfgxdrbb4yg65fhyimplvjjs1xqj5np197cig67x0"))))
+    (build-system ocaml-build-system)
+    (arguments `(#:phases (modify-phases %standard-phases (delete 'configure))
+                 #:tests? #f
+                 #:make-flags
+                 (list "all.opt"
+                       (string-append "OCAMLBUILD=ocamlbuild -byte-plugin "
+                                      "-cflags -I,"
+                                      (assoc-ref %build-inputs "camlp4")
+                                      "/lib/ocaml/site-lib/camlp4"))))
+    (native-inputs `(("camlp4" ,camlp4)))
+    (home-page "http://www.cduce.org/download.html#side")
+    (synopsis "Lexer generator for Unicode and OCaml")
+    (description "Lexer generator for Unicode and OCaml.")
+    (license license:expat)))
+
+(define-public ocaml-uchar
+  (package
+    (name "ocaml-uchar")
+    (version "0.0.1")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (string-append "https://github.com/ocaml/uchar/releases/download/v"
+                            version "/uchar-" version ".tbz"))
+        (sha256 (base32
+                  "0ficw1x7ymbd6m8hqw3w1aycwm1hbwd6bad3c5pspwnzh3qlikhi"))))
+    (build-system ocaml-build-system)
+    (arguments `(#:tests? #f
+                 #:build-flags (list "native=true" "native-dynlink=true")
+                 #:phases
+                 (modify-phases %standard-phases
+                   (delete 'configure))))
+    (native-inputs `(("opam" ,opam)))
+    (home-page "https://github.com/ocaml/uchar")
+    (synopsis "Compatibility library for OCaml's Uchar module")
+    (description "The uchar package provides a compatibility library for the
+`Uchar` module introduced in OCaml 4.03.")
+    (license license:lgpl2.1)))
+
+(define-public ocaml-uutf
+  (package
+    (name "ocaml-uutf")
+    (version "1.0.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://erratique.ch/software/uutf/releases/"
+                                  "uutf-" version ".tbz"))
+              (sha256
+                (base32
+                  "08i0cw02cxw4mi2rs01v9xi307qshs6fnd1dlqyb52kcxzblpp37"))))
+    (build-system ocaml-build-system)
+    (arguments `(#:tests? #f
+                 #:build-flags (list "build")
+                 #:phases
+                 (modify-phases %standard-phases
+                   (delete 'configure))))
+    (native-inputs `(("opam" ,opam)
+                     ("topkg" ,ocaml-topkg)))
+    (propagated-inputs `(("uchar" ,ocaml-uchar)
+                         ("cmdliner" ,ocaml-cmdliner)))
+    (home-page "http://erratique.ch/software/uutf")
+    (synopsis "Non-blocking streaming Unicode codec for OCaml")
+    (description "Uutf is a non-blocking streaming codec to decode and encode
+the UTF-8, UTF-16, UTF-16LE and UTF-16BE encoding schemes.  It can efficiently
+work character by character without blocking on IO.  Decoders perform character
+position tracking and support newline normalization.
+
+Functions are also provided to fold over the characters of UTF encoded OCaml
+string values and to directly encode characters in OCaml Buffer.t values.")
+    (license license:isc)))
+
+(define-public ocaml-jsonm
+  (package
+    (name "ocaml-jsonm")
+    (version "1.0.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://erratique.ch/software/jsonm/releases/"
+                                  "jsonm-" version ".tbz"))
+              (sha256
+                (base32
+                  "1v3ln6d965lplj28snjdqdqablpp1kx8bw2cfx0m6i157mqyln62"))))
+    (build-system ocaml-build-system)
+    (arguments `(#:tests? #f
+                 #:build-flags (list "build")
+                 #:phases
+                 (modify-phases %standard-phases
+                   (delete 'configure))))
+    (native-inputs `(("opam" ,opam)
+                     ("topkg" ,ocaml-topkg)))
+    (propagated-inputs `(("uutf" ,ocaml-uutf)
+                         ("cmdliner" ,ocaml-cmdliner)))
+    (home-page "http://erratique.ch/software/jsonm")
+    (synopsis "Non-blocking streaming JSON codec for OCaml")
+    (description "Jsonm is a non-blocking streaming codec to decode and encode
+the JSON data format.  It can process JSON text without blocking on IO and
+without a complete in-memory representation of the data.")
+    (license license:isc)))
+
+(define-public ocaml-ocurl
+  (package
+    (name "ocaml-ocurl")
+    (version "0.7.9")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://ygrek.org.ua/p/release/ocurl/ocurl-"
+                                  version ".tar.gz"))
+              (sha256
+                (base32
+                  "0pm6nm33wi0p9h765k6zb94ljpknryam4qd1hmb2rsk2y0y1181n"))))
+    (build-system ocaml-build-system)
+    (arguments `(#:phases
+                 (modify-phases %standard-phases
+                   (add-before 'configure 'fix-/bin/sh
+                     (lambda* (#:key inputs #:allow-other-keys)
+                       (substitute* "configure"
+                         (("-/bin/sh") (string-append "-" (which "bash")))))))))
+    (native-inputs `(("pkg-config" ,pkg-config)))
+    (inputs `(("curl" ,curl)))
+    (home-page "http://ocurl.forge.ocamlcore.org/")
+    (synopsis "OCaml bindings for libcurl")
+    (description "Client-side URL transfer library, supporting HTTP and a
+multitude of other network protocols (FTP/SMTP/RTSP/etc).")
+    (license license:isc)))
diff --git a/gnu/packages/onc-rpc.scm b/gnu/packages/onc-rpc.scm
index 5353846ece..5f67823a40 100644
--- a/gnu/packages/onc-rpc.scm
+++ b/gnu/packages/onc-rpc.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -21,7 +21,7 @@
   #:use-module (guix licenses)
   #:use-module (guix packages)
   #:use-module (guix download)
-  #:use-module (gnu packages mit-krb5)
+  #:use-module (gnu packages kerberos)
   #:use-module (gnu packages pkg-config)
   #:use-module (guix build-system gnu))
 
diff --git a/gnu/packages/openbox.scm b/gnu/packages/openbox.scm
index 36e39d8267..2200c837ba 100644
--- a/gnu/packages/openbox.scm
+++ b/gnu/packages/openbox.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 Julien Lepiller <julien@lepiller.eu>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -23,11 +24,13 @@
   #:use-module (guix download)
   #:use-module (guix build-system gnu)
   #:use-module (gnu packages freedesktop)
+  #:use-module (gnu packages gettext)
   #:use-module (gnu packages gnome)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages image)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
+  #:use-module (gnu packages xdisorg)
   #:use-module (gnu packages xml)
   #:use-module (gnu packages xorg))
 
@@ -67,4 +70,38 @@ implementations.")
     (home-page "http://openbox.org/wiki/Main_Page")
     (license gpl2+)))
 
+(define-public obconf
+  (package
+    (name "obconf")
+    (version "2.0.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://openbox.org/dist/" name
+                           "/" name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1fanjdmd8727kk74x5404vi8v7s4kpq48l583d12fsi4xvsfb8vi"))))
+    (inputs
+     `(("gtk+-2" ,gtk+-2)
+       ("imlib2" ,imlib2)
+       ("libglade" ,libglade)
+       ("openbox" ,openbox)
+       ("startup-notification" ,startup-notification)
+       ("libsm" ,libsm)
+       ("librsvg" ,librsvg)
+       ("libxft" ,libxft)))
+    (native-inputs
+     `(("gettext" ,gettext-minimal)
+       ("pkg-config" ,pkg-config)))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags (list "--enable-nls")))
+    (home-page "http://openbox.org/wiki/ObConf:About")
+    (synopsis "Openbox configuration tool")
+    (description
+     "Obconf is a tool for configuring the Openbox window manager.
+You can configure its appearance, themes, and much more.")
+    (license gpl2+)))
+
 ;;; openbox.scm ends here
diff --git a/gnu/packages/package-management.scm b/gnu/packages/package-management.scm
index 23f34cd306..92787d76cc 100644
--- a/gnu/packages/package-management.scm
+++ b/gnu/packages/package-management.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -224,9 +224,9 @@ the Nix package manager.")
   ;;
   ;; Note: use a very short commit id; with a longer one, the limit on
   ;; hash-bang lines would be exceeded while running the tests.
-  (let ((commit "b291b3271a025dfe41e1a7fdfadd393373b0128d"))
+  (let ((commit "d9da3a757d3081403081577c4e07763c9b809043"))
     (package (inherit guix-0.12.0)
-      (version (string-append "0.12.0-2." (string-take commit 4)))
+      (version (string-append "0.12.0-4." (string-take commit 4)))
       (source (origin
                 (method git-fetch)
                 (uri (git-reference
@@ -236,7 +236,7 @@ the Nix package manager.")
                       (commit commit)))
                 (sha256
                  (base32
-                  "1hris387xn2wk4lcl20x1zyhiz96060w34xs1x13b4vmvkkvcpg4"))
+                  "17w9jdzm3lvfbchx7qrlkczp2jsfsi6v8cpfqh290cip5gxgz9bn"))
                 (file-name (string-append "guix-" version "-checkout"))))
       (arguments
        (substitute-keyword-arguments (package-arguments guix-0.12.0)
diff --git a/gnu/packages/password-utils.scm b/gnu/packages/password-utils.scm
index f8111b2abf..feb6848e09 100644
--- a/gnu/packages/password-utils.scm
+++ b/gnu/packages/password-utils.scm
@@ -173,7 +173,8 @@ and vice versa.")
               (uri (string-append "https://github.com/cracklib/cracklib/"
                                   "releases/download/" name "-" version "/"
                                   name "-" version ".tar.gz"))
-              (patches (search-patches "cracklib-CVE-2016-6318.patch"))
+              (patches (search-patches "cracklib-CVE-2016-6318.patch"
+                                       "cracklib-fix-buffer-overflow.patch"))
               (sha256
                (base32
                 "0hrkb0prf7n92w6rxgq0ilzkk6rkhpys2cfqkrbzswp27na7dkqp"))))
@@ -293,7 +294,17 @@ any X11 window.")
                               '("coreutils" "getopt" "git" "gnupg" "pwgen"
                                 "sed" "tree" "which" "xclip"))))
                (wrap-program (string-append out "/bin/pass")
-                 `("PATH" ":" prefix (,(string-join path ":"))))))))
+                 `("PATH" ":" prefix (,(string-join path ":"))))
+               #t)))
+         (add-after 'wrap-path 'install-shell-completions
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let* ((out      (assoc-ref outputs "out"))
+                    (bashcomp (string-append out "/etc/bash_completion.d")))
+               ;; TODO: install fish and zsh completions.
+               (mkdir-p bashcomp)
+               (copy-file "src/completion/pass.bash-completion"
+                          (string-append bashcomp "/pass"))
+               #t))))
        #:make-flags (list "CC=gcc" (string-append "PREFIX=" %output))
        ;; Parallel tests may cause a race condition leading to a
        ;; timeout in some circumstances.
diff --git a/gnu/packages/patches/cracklib-fix-buffer-overflow.patch b/gnu/packages/patches/cracklib-fix-buffer-overflow.patch
new file mode 100644
index 0000000000..b1c990f282
--- /dev/null
+++ b/gnu/packages/patches/cracklib-fix-buffer-overflow.patch
@@ -0,0 +1,39 @@
+Fix buffer overflow processing long words in Mangle().
+
+Patch adpated from upstream commit, omitting changes to 'NEWS':
+
+https://github.com/cracklib/cracklib/commit/33d7fa4585247cd2247a1ffa032ad245836c6edb
+
+From 33d7fa4585247cd2247a1ffa032ad245836c6edb Mon Sep 17 00:00:00 2001
+From: Jan Dittberner <jan@dittberner.info>
+Date: Thu, 25 Aug 2016 17:17:53 +0200
+Subject: [PATCH] Fix a buffer overflow processing long words
+
+A buffer overflow processing long words has been discovered. This commit
+applies the patch from
+https://build.opensuse.org/package/view_file/Base:System/cracklib/0004-overflow-processing-long-words.patch
+by Howard Guo.
+
+See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835386 and
+http://www.openwall.com/lists/oss-security/2016/08/23/8
+---
+ src/NEWS        | 1 +
+ src/lib/rules.c | 5 ++---
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/src/lib/rules.c b/src/lib/rules.c
+index d193cc0..3a2aa46 100644
+--- a/lib/rules.c
++++ b/lib/rules.c
+@@ -434,9 +434,8 @@ Mangle(input, control)		/* returns a pointer to a controlled Mangle */
+ {
+     int limit;
+     register char *ptr;
+-    static char area[STRINGSIZE];
+-    char area2[STRINGSIZE];
+-    area[0] = '\0';
++    static char area[STRINGSIZE * 2] = {0};
++    char area2[STRINGSIZE * 2] = {0};
+     strcpy(area, input);
+ 
+     for (ptr = control; *ptr; ptr++)
diff --git a/gnu/packages/patches/duplicity-piped-password.patch b/gnu/packages/patches/duplicity-piped-password.patch
deleted file mode 100644
index db50f5df32..0000000000
--- a/gnu/packages/patches/duplicity-piped-password.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-This test, on three occasions, is failing with the error:
-
-  EOF: End Of File (EOF) in read_nonblocking(). Braindead platform.
-
---- duplicity-0.6.24/testing/functional/test_final.py	2014-09-28 13:14:52.146001614 -0500
-+++ duplicity-0.6.24/testing/functional/test_final.py	2014-09-28 13:13:20.333546342 -0500
-@@ -156,13 +156,6 @@
-         self.run_duplicity(options=["remove-older-than", "50000", "--force", self.backend_url])
-         self.assertEqual(self.get_backend_files(), second_chain)
- 
--    def test_piped_password(self):
--        """Make sure that prompting for a password works"""
--        self.set_environ("PASSPHRASE", None)
--        self.backup("full", "testfiles/empty_dir",
--                    passphrase_input=[self.sign_passphrase, self.sign_passphrase])
--        self.restore(passphrase_input=[self.sign_passphrase])
--
- 
- class OldFilenamesFinalTest(FinalTest):
- 
diff --git a/gnu/packages/patches/duplicity-test_selection-tmp.patch b/gnu/packages/patches/duplicity-test_selection-tmp.patch
deleted file mode 100644
index 8f66be4dcc..0000000000
--- a/gnu/packages/patches/duplicity-test_selection-tmp.patch
+++ /dev/null
@@ -1,18 +0,0 @@
-Reported upstream at https://bugs.launchpad.net/duplicity/+bug/1375019
-
---- duplicity-0.6.24/testing/unit/test_selection.py	2014-05-09 08:27:40.000000000 -0500
-+++ duplicity-0.6.24/testing/unit/test_selection.py	2014-09-28 12:28:53.932324380 -0500
-@@ -431,10 +431,10 @@
-                        [(), ('1',), ('1', '1'), ('1', '2'), ('1', '3')])
- 
-         self.root = Path("/")
--        self.ParseTest([("--exclude", "/home/*"),
--                        ("--include", "/home"),
-+        self.ParseTest([("--exclude", "/tmp/*"),
-+                        ("--include", "/tmp"),
-                         ("--exclude", "/")],
--                       [(), ("home",)])
-+                       [(), ("tmp",)])
- 
- if __name__ == "__main__":
-     unittest.main()
diff --git a/gnu/packages/patches/lcms-fix-out-of-bounds-read.patch b/gnu/packages/patches/lcms-fix-out-of-bounds-read.patch
new file mode 100644
index 0000000000..d9f7ac6a36
--- /dev/null
+++ b/gnu/packages/patches/lcms-fix-out-of-bounds-read.patch
@@ -0,0 +1,34 @@
+Fix an out-of-bounds heap read in Type_MLU_Read():
+
+http://seclists.org/oss-sec/2016/q3/288
+https://bugzilla.redhat.com/show_bug.cgi?id=1367357
+
+Patch copied from upstream source repository:
+
+https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2
+
+From 5ca71a7bc18b6897ab21d815d15e218e204581e2 Mon Sep 17 00:00:00 2001
+From: Marti <marti.maria@tktbrainpower.com>
+Date: Mon, 15 Aug 2016 23:31:39 +0200
+Subject: [PATCH] Added an extra check to MLU bounds
+
+Thanks to Ibrahim el-sayed for spotting the bug
+---
+ src/cmstypes.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/cmstypes.c b/src/cmstypes.c
+index cb61860..c7328b9 100644
+--- a/src/cmstypes.c
++++ b/src/cmstypes.c
+@@ -1460,6 +1460,7 @@ void *Type_MLU_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU
+ 
+         // Check for overflow
+         if (Offset < (SizeOfHeader + 8)) goto Error;
++        if ((Offset + Len) > SizeOfTag + 8) goto Error;
+ 
+         // True begin of the string
+         BeginOfThisString = Offset - SizeOfHeader - 8;
+-- 
+2.11.0
+
diff --git a/gnu/packages/patches/libtiff-CVE-2016-10092.patch b/gnu/packages/patches/libtiff-CVE-2016-10092.patch
new file mode 100644
index 0000000000..d5fd796169
--- /dev/null
+++ b/gnu/packages/patches/libtiff-CVE-2016-10092.patch
@@ -0,0 +1,42 @@
+Fix CVE-2016-10092:
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2620
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10092
+https://security-tracker.debian.org/tracker/CVE-2016-10092
+
+2016-12-03 Even Rouault <even.rouault at spatialys.com>
+
+        * tools/tiffcrop.c: fix readContigStripsIntoBuffer() in -i (ignore)
+	mode so that the output buffer is correctly incremented to avoid write
+	outside bounds.
+        Reported by Agostino Sarubbo.
+        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2620
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
+new revision: 1.1178; previous revision: 1.1177
+/cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v  <--  tools/tiffcrop.c
+new revision: 1.47; previous revision: 1.46
+
+Index: libtiff/tools/tiffcrop.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v
+retrieving revision 1.46
+retrieving revision 1.47
+diff -u -r1.46 -r1.47
+--- libtiff/tools/tiffcrop.c	18 Nov 2016 14:58:46 -0000	1.46
++++ libtiff/tools/tiffcrop.c	3 Dec 2016 11:35:56 -0000	1.47
+@@ -1,4 +1,4 @@
+-/* $Id: tiffcrop.c,v 1.46 2016-11-18 14:58:46 erouault Exp $ */
++/* $Id: tiffcrop.c,v 1.47 2016-12-03 11:35:56 erouault Exp $ */
+ 
+ /* tiffcrop.c -- a port of tiffcp.c extended to include manipulations of
+  * the image data through additional options listed below
+@@ -3698,7 +3698,7 @@
+                                   (unsigned long) strip, (unsigned long)rows);
+                         return 0;
+                 }
+-                bufp += bytes_read;
++                bufp += stripsize;
+         }
+ 
+         return 1;
diff --git a/gnu/packages/patches/libtiff-CVE-2016-10093.patch b/gnu/packages/patches/libtiff-CVE-2016-10093.patch
new file mode 100644
index 0000000000..5897ec1029
--- /dev/null
+++ b/gnu/packages/patches/libtiff-CVE-2016-10093.patch
@@ -0,0 +1,53 @@
+Fix CVE-2016-10093:
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2610
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10093
+https://security-tracker.debian.org/tracker/CVE-2016-10093
+
+2016-12-03 Even Rouault <even.rouault at spatialys.com>
+
+        * tools/tiffcp.c: fix uint32 underflow/overflow that can cause
+	heap-based buffer overflow.
+        Reported by Agostino Sarubbo.
+        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2610
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
+new revision: 1.1187; previous revision: 1.1186
+/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
+new revision: 1.59; previous revision: 1.58
+
+Index: libtiff/tools/tiffcp.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
+retrieving revision 1.58
+retrieving revision 1.59
+diff -u -r1.58 -r1.59
+--- libtiff/tools/tiffcp.c	3 Dec 2016 15:44:15 -0000	1.58
++++ libtiff/tools/tiffcp.c	3 Dec 2016 16:40:01 -0000	1.59
+@@ -1163,7 +1163,7 @@
+ 
+ static void
+ cpStripToTile(uint8* out, uint8* in,
+-    uint32 rows, uint32 cols, int outskew, int inskew)
++    uint32 rows, uint32 cols, int outskew, int64 inskew)
+ {
+ 	while (rows-- > 0) {
+ 		uint32 j = cols;
+@@ -1320,7 +1320,7 @@
+ 	tdata_t tilebuf;
+ 	uint32 imagew = TIFFScanlineSize(in);
+ 	uint32 tilew  = TIFFTileRowSize(in);
+-	int iskew = imagew - tilew;
++	int64 iskew = (int64)imagew - (int64)tilew;
+ 	uint8* bufp = (uint8*) buf;
+ 	uint32 tw, tl;
+ 	uint32 row;
+@@ -1348,7 +1348,7 @@
+ 				status = 0;
+ 				goto done;
+ 			}
+-			if (colb + tilew > imagew) {
++			if (colb > iskew) {
+ 				uint32 width = imagew - colb;
+ 				uint32 oskew = tilew - width;
+ 				cpStripToTile(bufp + colb,
diff --git a/gnu/packages/patches/libtiff-CVE-2016-10094.patch b/gnu/packages/patches/libtiff-CVE-2016-10094.patch
new file mode 100644
index 0000000000..9018773565
--- /dev/null
+++ b/gnu/packages/patches/libtiff-CVE-2016-10094.patch
@@ -0,0 +1,34 @@
+Fix CVE-2016-10094:
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2640
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10094
+https://security-tracker.debian.org/tracker/CVE-2016-10094
+
+2016-12-20 Even Rouault <even.rouault at spatialys.com>
+
+        * tools/tiff2pdf.c: avoid potential heap-based overflow in
+        t2p_readwrite_pdf_image_tile().
+        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2640
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
+new revision: 1.1199; previous revision: 1.1198
+/cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v  <--  tools/tiff2pdf.c
+new revision: 1.101; previous revision: 1.100
+
+Index: libtiff/tools/tiff2pdf.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v
+retrieving revision 1.100
+retrieving revision 1.101
+diff -u -r1.100 -r1.101
+--- libtiff/tools/tiff2pdf.c	20 Dec 2016 17:24:35 -0000	1.100
++++ libtiff/tools/tiff2pdf.c	20 Dec 2016 17:28:17 -0000	1.101
+@@ -2895,7 +2895,7 @@
+ 				return(0);
+ 			}
+ 			if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) {
+-				if (count >= 4) {
++				if (count > 4) {
+                                         int retTIFFReadRawTile;
+                     /* Ignore EOI marker of JpegTables */
+ 					_TIFFmemcpy(buffer, jpt, count - 2);
diff --git a/gnu/packages/patches/libtiff-CVE-2017-5225.patch b/gnu/packages/patches/libtiff-CVE-2017-5225.patch
new file mode 100644
index 0000000000..3158b49360
--- /dev/null
+++ b/gnu/packages/patches/libtiff-CVE-2017-5225.patch
@@ -0,0 +1,86 @@
+Fix CVE-2017-5225 (Heap based buffer overflow in tools/tiffcp):
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2656
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5225
+https://security-tracker.debian.org/tracker/CVE-2017-5225
+
+2017-01-11 Even Rouault <even.rouault at spatialys.com>
+
+        * tools/tiffcp.c: error out cleanly in cpContig2SeparateByRow and
+        cpSeparate2ContigByRow if BitsPerSample != 8 to avoid heap based
+overflow.
+        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2656 and
+        http://bugzilla.maptools.org/show_bug.cgi?id=2657
+
+
+less C/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
+new revision: 1.1210; previous revision: 1.1209
+/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
+new revision: 1.61; previous revision: 1.60
+
+Index: libtiff/tools/tiffcp.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
+retrieving revision 1.60
+retrieving revision 1.61
+diff -u -r1.60 -r1.61
+--- libtiff/tools/tiffcp.c	3 Dec 2016 16:50:02 -0000	1.60
++++ libtiff/tools/tiffcp.c	11 Jan 2017 19:26:14 -0000	1.61
+#@@ -1,4 +1,4 @@
+#-/* $Id: tiffcp.c,v 1.60 2016-12-03 16:50:02 erouault Exp $ */
+#+/* $Id: tiffcp.c,v 1.61 2017-01-11 19:26:14 erouault Exp $ */
+# 
+# /*
+#  * Copyright (c) 1988-1997 Sam Leffler
+@@ -591,7 +591,7 @@
+ static int
+ tiffcp(TIFF* in, TIFF* out)
+ {
+-	uint16 bitspersample, samplesperpixel = 1;
++	uint16 bitspersample = 1, samplesperpixel = 1;
+ 	uint16 input_compression, input_photometric = PHOTOMETRIC_MINISBLACK;
+ 	copyFunc cf;
+ 	uint32 width, length;
+@@ -1067,6 +1067,16 @@
+ 	register uint32 n;
+ 	uint32 row;
+ 	tsample_t s;
++        uint16 bps = 0;
++
++        (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
++        if( bps != 8 )
++        {
++            TIFFError(TIFFFileName(in),
++                      "Error, can only handle BitsPerSample=8 in %s",
++                      "cpContig2SeparateByRow");
++            return 0;
++        }
+ 
+ 	inbuf = _TIFFmalloc(scanlinesizein);
+ 	outbuf = _TIFFmalloc(scanlinesizeout);
+@@ -1120,6 +1130,16 @@
+ 	register uint32 n;
+ 	uint32 row;
+ 	tsample_t s;
++        uint16 bps = 0;
++
++        (void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
++        if( bps != 8 )
++        {
++            TIFFError(TIFFFileName(in),
++                      "Error, can only handle BitsPerSample=8 in %s",
++                      "cpSeparate2ContigByRow");
++            return 0;
++        }
+ 
+ 	inbuf = _TIFFmalloc(scanlinesizein);
+ 	outbuf = _TIFFmalloc(scanlinesizeout);
+@@ -1784,7 +1804,7 @@
+ 	uint32 w, l, tw, tl;
+ 	int bychunk;
+ 
+-	(void) TIFFGetField(in, TIFFTAG_PLANARCONFIG, &shortv);
++	(void) TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &shortv);
+ 	if (shortv != config && bitspersample != 8 && samplesperpixel > 1) {
+ 		fprintf(stderr,
+ 		    "%s: Cannot handle different planar configuration w/ bits/sample != 8\n",
diff --git a/gnu/packages/patches/libtiff-assertion-failure.patch b/gnu/packages/patches/libtiff-assertion-failure.patch
new file mode 100644
index 0000000000..ef747fbdd7
--- /dev/null
+++ b/gnu/packages/patches/libtiff-assertion-failure.patch
@@ -0,0 +1,60 @@
+Fix assertion failure in readSeparateTilesIntoBuffer():
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2605
+
+2016-12-03 Even Rouault <even.rouault at spatialys.com>
+
+        * tools/tiffcp.c: replace assert( (bps % 8) == 0 ) by a non assert
+check.
+        Reported by Agostino Sarubbo.
+        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2605
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
+new revision: 1.1188; previous revision: 1.1187
+/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
+new revision: 1.60; previous revision: 1.59
+
+Index: libtiff/tools/tiffcp.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
+retrieving revision 1.59
+retrieving revision 1.60
+diff -u -r1.59 -r1.60
+--- libtiff/tools/tiffcp.c	3 Dec 2016 16:40:01 -0000	1.59
++++ libtiff/tools/tiffcp.c	3 Dec 2016 16:50:02 -0000	1.60
+@@ -45,7 +45,6 @@
+ #include <string.h>
+ 
+ #include <ctype.h>
+-#include <assert.h>
+ 
+ #ifdef HAVE_UNISTD_H
+ # include <unistd.h>
+@@ -1393,7 +1392,12 @@
+             status = 0;
+             goto done;
+         }
+-	assert( bps % 8 == 0 );
++        if( (bps % 8) != 0 )
++        {
++            TIFFError(TIFFFileName(in), "Error, cannot handle BitsPerSample that is not a multiple of 8");
++            status = 0;
++            goto done;
++        }
+ 	bytes_per_sample = bps/8;
+ 
+ 	for (row = 0; row < imagelength; row += tl) {
+@@ -1584,7 +1588,12 @@
+             _TIFFfree(obuf);
+             return 0;
+         }
+-	assert( bps % 8 == 0 );
++        if( (bps % 8) != 0 )
++        {
++            TIFFError(TIFFFileName(out), "Error, cannot handle BitsPerSample that is not a multiple of 8");
++            _TIFFfree(obuf);
++            return 0;
++        }
+ 	bytes_per_sample = bps/8;
+ 
+ 	for (row = 0; row < imagelength; row += tl) {
diff --git a/gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch b/gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch
new file mode 100644
index 0000000000..2a96b68521
--- /dev/null
+++ b/gnu/packages/patches/libtiff-divide-by-zero-ojpeg.patch
@@ -0,0 +1,63 @@
+Fix divide-by-zero in OJPEGDecodeRaw():
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2611
+
+2016-12-03 Even Rouault <even.rouault at spatialys.com>
+
+        * libtiff/tif_ojpeg.c: make OJPEGDecode() early exit in case of failure
+in
+        OJPEGPreDecode(). This will avoid a divide by zero, and potential other
+issues.
+        Reported by Agostino Sarubbo.
+        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2611
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
+new revision: 1.1177; previous revision: 1.1176
+/cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v  <--  libtiff/tif_ojpeg.c
+new revision: 1.66; previous revision: 1.65
+
+Index: libtiff/libtiff/tif_ojpeg.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_ojpeg.c,v
+retrieving revision 1.65
+retrieving revision 1.66
+diff -u -r1.65 -r1.66
+--- libtiff/libtiff/tif_ojpeg.c	4 Sep 2016 21:32:56 -0000	1.65
++++ libtiff/libtiff/tif_ojpeg.c	3 Dec 2016 11:15:18 -0000	1.66
+@@ -1,4 +1,4 @@
+-/* $Id: tif_ojpeg.c,v 1.65 2016-09-04 21:32:56 erouault Exp $ */
++/* $Id: tif_ojpeg.c,v 1.66 2016-12-03 11:15:18 erouault Exp $ */
+ 
+ /* WARNING: The type of JPEG encapsulation defined by the TIFF Version 6.0
+    specification is now totally obsolete and deprecated for new applications and
+@@ -244,6 +244,7 @@
+ 
+ typedef struct {
+ 	TIFF* tif;
++        int decoder_ok;
+ 	#ifndef LIBJPEG_ENCAP_EXTERNAL
+ 	JMP_BUF exit_jmpbuf;
+ 	#endif
+@@ -722,6 +723,7 @@
+ 		}
+ 		sp->write_curstrile++;
+ 	}
++	sp->decoder_ok = 1;
+ 	return(1);
+ }
+ 
+@@ -784,8 +786,14 @@
+ static int
+ OJPEGDecode(TIFF* tif, uint8* buf, tmsize_t cc, uint16 s)
+ {
++        static const char module[]="OJPEGDecode";
+ 	OJPEGState* sp=(OJPEGState*)tif->tif_data;
+ 	(void)s;
++        if( !sp->decoder_ok )
++        {
++            TIFFErrorExt(tif->tif_clientdata,module,"Cannot decode: decoder not correctly initialized");
++            return 0;
++        }
+ 	if (sp->libjpeg_jpeg_query_style==0)
+ 	{
+ 		if (OJPEGDecodeRaw(tif,buf,cc)==0)
diff --git a/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch b/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch
new file mode 100644
index 0000000000..d3f1c2b60e
--- /dev/null
+++ b/gnu/packages/patches/libtiff-divide-by-zero-tiffcp.patch
@@ -0,0 +1,104 @@
+Fix two divide-by-zero bugs in readSeparateTilesIntoBuffer():
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2597
+http://bugzilla.maptools.org/show_bug.cgi?id=2607
+
+2016-12-03 Even Rouault <even.rouault at spatialys.com>
+
+        * tools/tiffcp.c: avoid potential division by zero is BitsPerSamples
+tag is
+        missing.
+        Reported by Agostino sarubbo.
+        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2597
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
+new revision: 1.1183; previous revision: 1.1182
+/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
+new revision: 1.57; previous revision: 1.56
+
+Index: libtiff/tools/tiffcp.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
+retrieving revision 1.56
+retrieving revision 1.57
+diff -u -r1.56 -r1.57
+--- libtiff/tools/tiffcp.c	2 Dec 2016 22:13:32 -0000	1.56
++++ libtiff/tools/tiffcp.c	3 Dec 2016 14:42:40 -0000	1.57
+@@ -1,4 +1,4 @@
+-/* $Id: tiffcp.c,v 1.56 2016-12-02 22:13:32 erouault Exp $ */
++/* $Id: tiffcp.c,v 1.57 2016-12-03 14:42:40 erouault Exp $ */
+ 
+ /*
+  * Copyright (c) 1988-1997 Sam Leffler
+@@ -1378,7 +1378,7 @@
+ 	uint8* bufp = (uint8*) buf;
+ 	uint32 tw, tl;
+ 	uint32 row;
+-	uint16 bps, bytes_per_sample;
++	uint16 bps = 0, bytes_per_sample;
+ 
+ 	tilebuf = _TIFFmalloc(tilesize);
+ 	if (tilebuf == 0)
+@@ -1387,6 +1387,12 @@
+ 	(void) TIFFGetField(in, TIFFTAG_TILEWIDTH, &tw);
+ 	(void) TIFFGetField(in, TIFFTAG_TILELENGTH, &tl);
+ 	(void) TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
++        if( bps == 0 )
++        {
++            TIFFError(TIFFFileName(in), "Error, cannot read BitsPerSample");
++            status = 0;
++            goto done;
++        }
+ 	assert( bps % 8 == 0 );
+ 	bytes_per_sample = bps/8;
+
+2016-12-03 Even Rouault <even.rouault at spatialys.com>
+
+        * tools/tiffcp.c: avoid potential division by zero is BitsPerSamples
+tag is
+        missing.
+        Reported by Agostino Sarubbo.
+        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2607
+
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
+new revision: 1.1186; previous revision: 1.1185
+/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
+new revision: 1.58; previous revision: 1.57
+ 
+Index: libtiff/tools/tiffcp.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
+retrieving revision 1.57
+retrieving revision 1.58
+diff -u -r1.57 -r1.58
+--- libtiff/tools/tiffcp.c	3 Dec 2016 14:42:40 -0000	1.57
++++ libtiff/tools/tiffcp.c	3 Dec 2016 15:44:15 -0000	1.58
+@@ -1,4 +1,4 @@
+-/* $Id: tiffcp.c,v 1.57 2016-12-03 14:42:40 erouault Exp $ */
++/* $Id: tiffcp.c,v 1.58 2016-12-03 15:44:15 erouault Exp $ */
+ 
+ /*
+  * Copyright (c) 1988-1997 Sam Leffler
+@@ -1569,7 +1569,7 @@
+ 	uint8* bufp = (uint8*) buf;
+ 	uint32 tl, tw;
+ 	uint32 row;
+-	uint16 bps, bytes_per_sample;
++	uint16 bps = 0, bytes_per_sample;
+ 
+ 	obuf = _TIFFmalloc(TIFFTileSize(out));
+ 	if (obuf == NULL)
+@@ -1578,6 +1578,12 @@
+ 	(void) TIFFGetField(out, TIFFTAG_TILELENGTH, &tl);
+ 	(void) TIFFGetField(out, TIFFTAG_TILEWIDTH, &tw);
+ 	(void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps);
++        if( bps == 0 )
++        {
++            TIFFError(TIFFFileName(out), "Error, cannot read BitsPerSample");
++            _TIFFfree(obuf);
++            return 0;
++        }
+ 	assert( bps % 8 == 0 );
+ 	bytes_per_sample = bps/8;
+ 
diff --git a/gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch b/gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch
new file mode 100644
index 0000000000..823293f1cf
--- /dev/null
+++ b/gnu/packages/patches/libtiff-divide-by-zero-tiffcrop.patch
@@ -0,0 +1,57 @@
+Fix divide-by-zero in readSeparateStripsIntoBuffer():
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2619
+
+2016-12-03 Even Rouault <even.rouault at spatialys.com>
+
+        * tools/tiffcrop.c: fix integer division by zero when BitsPerSample is
+missing.
+        Reported by Agostina Sarubo.
+        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2619
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
+new revision: 1.1180; previous revision: 1.1179
+/cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v  <--  tools/tiffcrop.c
+new revision: 1.49; previous revision: 1.48
+
+Index: libtiff/tools/tiffcrop.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v
+retrieving revision 1.48
+retrieving revision 1.49
+diff -u -r1.48 -r1.49
+--- libtiff/tools/tiffcrop.c	3 Dec 2016 12:19:32 -0000	1.48
++++ libtiff/tools/tiffcrop.c	3 Dec 2016 13:00:04 -0000	1.49
+@@ -1,4 +1,4 @@
+-/* $Id: tiffcrop.c,v 1.48 2016-12-03 12:19:32 erouault Exp $ */
++/* $Id: tiffcrop.c,v 1.49 2016-12-03 13:00:04 erouault Exp $ */
+ 
+ /* tiffcrop.c -- a port of tiffcp.c extended to include manipulations of
+  * the image data through additional options listed below
+@@ -1164,7 +1164,7 @@
+   tdata_t  obuf;
+ 
+   (void) TIFFGetFieldDefaulted(out, TIFFTAG_ROWSPERSTRIP, &rowsperstrip);
+-  (void) TIFFGetField(out, TIFFTAG_BITSPERSAMPLE, &bps);
++  (void) TIFFGetFieldDefaulted(out, TIFFTAG_BITSPERSAMPLE, &bps);
+   bytes_per_sample = (bps + 7) / 8;
+   if( width == 0 ||
+       (uint32)bps * (uint32)spp > TIFF_UINT32_MAX / width ||
+@@ -4760,7 +4760,7 @@
+   int i, bytes_per_sample, bytes_per_pixel, shift_width, result = 1;
+   uint32 j;
+   int32  bytes_read = 0;
+-  uint16 bps, planar;
++  uint16 bps = 0, planar;
+   uint32 nstrips;
+   uint32 strips_per_sample;
+   uint32 src_rowsize, dst_rowsize, rows_processed, rps;
+@@ -4780,7 +4780,7 @@
+     }
+ 
+   memset (srcbuffs, '\0', sizeof(srcbuffs));
+-  TIFFGetField(in, TIFFTAG_BITSPERSAMPLE, &bps);
++  TIFFGetFieldDefaulted(in, TIFFTAG_BITSPERSAMPLE, &bps);
+   TIFFGetFieldDefaulted(in, TIFFTAG_PLANARCONFIG, &planar);
+   TIFFGetFieldDefaulted(in, TIFFTAG_ROWSPERSTRIP, &rps);
+   if (rps > length)
diff --git a/gnu/packages/patches/libtiff-divide-by-zero.patch b/gnu/packages/patches/libtiff-divide-by-zero.patch
new file mode 100644
index 0000000000..6dbd4666cd
--- /dev/null
+++ b/gnu/packages/patches/libtiff-divide-by-zero.patch
@@ -0,0 +1,67 @@
+Fix an integer overflow in TIFFReadEncodedStrip() that led to division-by-zero:
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2596
+
+2016-12-02 Even Rouault <even.rouault at spatialys.com>
+
+        * libtiff/tif_read.c, libtiff/tiffiop.h: fix uint32 overflow in
+        TIFFReadEncodedStrip() that caused an integer division by zero.
+        Reported by Agostino Sarubbo.
+        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2596
+
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
+new revision: 1.1173; previous revision: 1.1172
+/cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v  <--  libtiff/tif_read.c
+new revision: 1.50; previous revision: 1.49
+/cvs/maptools/cvsroot/libtiff/libtiff/tiffiop.h,v  <--  libtiff/tiffiop.h
+new revision: 1.90; previous revision: 1.89
+
+Index: libtiff/libtiff/tif_read.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_read.c,v
+retrieving revision 1.49
+retrieving revision 1.50
+diff -u -r1.49 -r1.50
+--- libtiff/libtiff/tif_read.c	10 Jul 2016 18:00:21 -0000	1.49
++++ libtiff/libtiff/tif_read.c	2 Dec 2016 21:56:56 -0000	1.50
+@@ -1,4 +1,4 @@
+-/* $Id: tif_read.c,v 1.49 2016-07-10 18:00:21 erouault Exp $ */
++/* $Id: tif_read.c,v 1.50 2016-12-02 21:56:56 erouault Exp $ */
+ 
+ /*
+  * Copyright (c) 1988-1997 Sam Leffler
+@@ -346,7 +346,7 @@
+ 	rowsperstrip=td->td_rowsperstrip;
+ 	if (rowsperstrip>td->td_imagelength)
+ 		rowsperstrip=td->td_imagelength;
+-	stripsperplane=((td->td_imagelength+rowsperstrip-1)/rowsperstrip);
++	stripsperplane= TIFFhowmany_32_maxuint_compat(td->td_imagelength, rowsperstrip);
+ 	stripinplane=(strip%stripsperplane);
+ 	plane=(uint16)(strip/stripsperplane);
+ 	rows=td->td_imagelength-stripinplane*rowsperstrip;
+Index: libtiff/libtiff/tiffiop.h
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tiffiop.h,v
+retrieving revision 1.89
+retrieving revision 1.90
+diff -u -r1.89 -r1.90
+--- libtiff/libtiff/tiffiop.h	23 Jan 2016 21:20:34 -0000	1.89
++++ libtiff/libtiff/tiffiop.h	2 Dec 2016 21:56:56 -0000	1.90
+@@ -1,4 +1,4 @@
+-/* $Id: tiffiop.h,v 1.89 2016-01-23 21:20:34 erouault Exp $ */
++/* $Id: tiffiop.h,v 1.90 2016-12-02 21:56:56 erouault Exp $ */
+ 
+ /*
+  * Copyright (c) 1988-1997 Sam Leffler
+@@ -250,6 +250,10 @@
+ #define TIFFhowmany_32(x, y) (((uint32)x < (0xffffffff - (uint32)(y-1))) ? \
+ 			   ((((uint32)(x))+(((uint32)(y))-1))/((uint32)(y))) : \
+ 			   0U)
++/* Variant of TIFFhowmany_32() that doesn't return 0 if x close to MAXUINT. */
++/* Caution: TIFFhowmany_32_maxuint_compat(x,y)*y might overflow */
++#define TIFFhowmany_32_maxuint_compat(x, y) \
++			   (((uint32)(x) / (uint32)(y)) + ((((uint32)(x) % (uint32)(y)) != 0) ? 1 : 0))
+ #define TIFFhowmany8_32(x) (((x)&0x07)?((uint32)(x)>>3)+1:(uint32)(x)>>3)
+ #define TIFFroundup_32(x, y) (TIFFhowmany_32(x,y)*(y))
+ #define TIFFhowmany_64(x, y) ((((uint64)(x))+(((uint64)(y))-1))/((uint64)(y)))
diff --git a/gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch b/gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch
new file mode 100644
index 0000000000..2d5e23586d
--- /dev/null
+++ b/gnu/packages/patches/libtiff-heap-overflow-pixarlog-luv.patch
@@ -0,0 +1,131 @@
+Fix heap-based buffer overflow in _TIFFmemcpy():
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2604
+
+2016-12-03 Even Rouault <even.rouault at spatialys.com>
+
+        * libtiff/tif_pixarlog.c, libtiff/tif_luv.c: fix heap-based buffer
+        overflow on generation of PixarLog / LUV compressed files, with
+        ColorMap, TransferFunction attached and nasty plays with bitspersample.
+        The fix for LUV has not been tested, but suffers from the same kind
+        of issue of PixarLog.
+        Reported by Agostino Sarubbo.
+        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2604
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
+new revision: 1.1175; previous revision: 1.1174
+/cvs/maptools/cvsroot/libtiff/libtiff/tif_luv.c,v  <--  libtiff/tif_luv.c
+new revision: 1.44; previous revision: 1.43
+/cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v  <-- 
+libtiff/tif_pixarlog.c
+new revision: 1.49; previous revision: 1.48
+
+Index: libtiff/libtiff/tif_luv.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_luv.c,v
+retrieving revision 1.43
+retrieving revision 1.44
+diff -u -r1.43 -r1.44
+--- libtiff/libtiff/tif_luv.c	4 Sep 2016 21:32:56 -0000	1.43
++++ libtiff/libtiff/tif_luv.c	2 Dec 2016 23:05:51 -0000	1.44
+@@ -1,4 +1,4 @@
+-/* $Id: tif_luv.c,v 1.43 2016-09-04 21:32:56 erouault Exp $ */
++/* $Id: tif_luv.c,v 1.44 2016-12-02 23:05:51 erouault Exp $ */
+ 
+ /*
+  * Copyright (c) 1997 Greg Ward Larson
+@@ -158,6 +158,7 @@
+ typedef struct logLuvState LogLuvState;
+ 
+ struct logLuvState {
++        int                     encoder_state;  /* 1 if encoder correctly initialized */
+ 	int                     user_datafmt;   /* user data format */
+ 	int                     encode_meth;    /* encoding method */
+ 	int                     pixel_size;     /* bytes per pixel */
+@@ -1552,6 +1553,7 @@
+ 		    td->td_photometric, "must be either LogLUV or LogL");
+ 		break;
+ 	}
++	sp->encoder_state = 1;
+ 	return (1);
+ notsupported:
+ 	TIFFErrorExt(tif->tif_clientdata, module,
+@@ -1563,19 +1565,27 @@
+ static void
+ LogLuvClose(TIFF* tif)
+ {
++        LogLuvState* sp = (LogLuvState*) tif->tif_data;
+ 	TIFFDirectory *td = &tif->tif_dir;
+ 
++	assert(sp != 0);
+ 	/*
+ 	 * For consistency, we always want to write out the same
+ 	 * bitspersample and sampleformat for our TIFF file,
+ 	 * regardless of the data format being used by the application.
+ 	 * Since this routine is called after tags have been set but
+ 	 * before they have been recorded in the file, we reset them here.
++         * Note: this is really a nasty approach. See PixarLogClose
+ 	 */
+-	td->td_samplesperpixel =
+-	    (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3;
+-	td->td_bitspersample = 16;
+-	td->td_sampleformat = SAMPLEFORMAT_INT;
++        if( sp->encoder_state )
++        {
++            /* See PixarLogClose. Might avoid issues with tags whose size depends
++             * on those below, but not completely sure this is enough. */
++            td->td_samplesperpixel =
++                (td->td_photometric == PHOTOMETRIC_LOGL) ? 1 : 3;
++            td->td_bitspersample = 16;
++            td->td_sampleformat = SAMPLEFORMAT_INT;
++        }
+ }
+ 
+ static void
+Index: libtiff/libtiff/tif_pixarlog.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_pixarlog.c,v
+retrieving revision 1.48
+retrieving revision 1.49
+diff -u -r1.48 -r1.49
+--- libtiff/libtiff/tif_pixarlog.c	23 Sep 2016 22:12:18 -0000	1.48
++++ libtiff/libtiff/tif_pixarlog.c	2 Dec 2016 23:05:51 -0000	1.49
+@@ -1,4 +1,4 @@
+-/* $Id: tif_pixarlog.c,v 1.48 2016-09-23 22:12:18 erouault Exp $ */
++/* $Id: tif_pixarlog.c,v 1.49 2016-12-02 23:05:51 erouault Exp $ */
+ 
+ /*
+  * Copyright (c) 1996-1997 Sam Leffler
+@@ -1233,8 +1233,10 @@
+ static void
+ PixarLogClose(TIFF* tif)
+ {
++        PixarLogState* sp = (PixarLogState*) tif->tif_data;
+ 	TIFFDirectory *td = &tif->tif_dir;
+ 
++	assert(sp != 0);
+ 	/* In a really sneaky (and really incorrect, and untruthful, and
+ 	 * troublesome, and error-prone) maneuver that completely goes against
+ 	 * the spirit of TIFF, and breaks TIFF, on close, we covertly
+@@ -1243,8 +1245,19 @@
+ 	 * readers that don't know about PixarLog, or how to set
+ 	 * the PIXARLOGDATFMT pseudo-tag.
+ 	 */
+-	td->td_bitspersample = 8;
+-	td->td_sampleformat = SAMPLEFORMAT_UINT;
++
++        if (sp->state&PLSTATE_INIT) {
++            /* We test the state to avoid an issue such as in
++             * http://bugzilla.maptools.org/show_bug.cgi?id=2604
++             * What appends in that case is that the bitspersample is 1 and
++             * a TransferFunction is set. The size of the TransferFunction
++             * depends on 1<<bitspersample. So if we increase it, an access
++             * out of the buffer will happen at directory flushing.
++             * Another option would be to clear those targs. 
++             */
++            td->td_bitspersample = 8;
++            td->td_sampleformat = SAMPLEFORMAT_UINT;
++        }
+ }
+ 
+ static void
diff --git a/gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch b/gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch
new file mode 100644
index 0000000000..68889b121b
--- /dev/null
+++ b/gnu/packages/patches/libtiff-heap-overflow-tif-dirread.patch
@@ -0,0 +1,132 @@
+Fix heap-based buffer overflow in TIFFFillStrip():
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2608
+
+2016-12-03 Even Rouault <even.rouault at spatialys.com>
+
+        * libtiff/tif_dirread.c: modify ChopUpSingleUncompressedStrip() to
+        instanciate compute ntrips as TIFFhowmany_32(td->td_imagelength,
+rowsperstrip),
+        instead of a logic based on the total size of data. Which is faulty is
+        the total size of data is not sufficient to fill the whole image, and
+thus
+        results in reading outside of the StripByCounts/StripOffsets arrays
+when
+        using TIFFReadScanline().
+        Reported by Agostino Sarubbo.
+        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2608.
+
+        * libtiff/tif_strip.c: revert the change in TIFFNumberOfStrips() done
+        for http://bugzilla.maptools.org/show_bug.cgi?id=2587 / CVE-2016-9273
+since
+        the above change is a better fix that makes it unnecessary.
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
+new revision: 1.1176; previous revision: 1.1175
+/cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v  <-- 
+libtiff/tif_dirread.c
+new revision: 1.205; previous revision: 1.204
+/cvs/maptools/cvsroot/libtiff/libtiff/tif_strip.c,v  <--  libtiff/tif_strip.c
+new revision: 1.38; previous revision: 1.37
+
+Index: libtiff/libtiff/tif_dirread.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dirread.c,v
+retrieving revision 1.204
+retrieving revision 1.205
+diff -u -r1.204 -r1.205
+--- libtiff/libtiff/tif_dirread.c	16 Nov 2016 15:14:15 -0000	1.204
++++ libtiff/libtiff/tif_dirread.c	3 Dec 2016 11:02:15 -0000	1.205
+@@ -1,4 +1,4 @@
+-/* $Id: tif_dirread.c,v 1.204 2016-11-16 15:14:15 erouault Exp $ */
++/* $Id: tif_dirread.c,v 1.205 2016-12-03 11:02:15 erouault Exp $ */
+ 
+ /*
+  * Copyright (c) 1988-1997 Sam Leffler
+@@ -5502,8 +5502,7 @@
+ 	uint64 rowblockbytes;
+ 	uint64 stripbytes;
+ 	uint32 strip;
+-	uint64 nstrips64;
+-	uint32 nstrips32;
++	uint32 nstrips;
+ 	uint32 rowsperstrip;
+ 	uint64* newcounts;
+ 	uint64* newoffsets;
+@@ -5534,18 +5533,17 @@
+ 	    return;
+ 
+ 	/*
+-	 * never increase the number of strips in an image
++	 * never increase the number of rows per strip
+ 	 */
+ 	if (rowsperstrip >= td->td_rowsperstrip)
+ 		return;
+-	nstrips64 = TIFFhowmany_64(bytecount, stripbytes);
+-	if ((nstrips64==0)||(nstrips64>0xFFFFFFFF)) /* something is wonky, do nothing. */
+-	    return;
+-	nstrips32 = (uint32)nstrips64;
++        nstrips = TIFFhowmany_32(td->td_imagelength, rowsperstrip);
++        if( nstrips == 0 )
++            return;
+ 
+-	newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
++	newcounts = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
+ 				"for chopped \"StripByteCounts\" array");
+-	newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips32, sizeof (uint64),
++	newoffsets = (uint64*) _TIFFCheckMalloc(tif, nstrips, sizeof (uint64),
+ 				"for chopped \"StripOffsets\" array");
+ 	if (newcounts == NULL || newoffsets == NULL) {
+ 		/*
+@@ -5562,18 +5560,18 @@
+ 	 * Fill the strip information arrays with new bytecounts and offsets
+ 	 * that reflect the broken-up format.
+ 	 */
+-	for (strip = 0; strip < nstrips32; strip++) {
++	for (strip = 0; strip < nstrips; strip++) {
+ 		if (stripbytes > bytecount)
+ 			stripbytes = bytecount;
+ 		newcounts[strip] = stripbytes;
+-		newoffsets[strip] = offset;
++		newoffsets[strip] = stripbytes ? offset : 0;
+ 		offset += stripbytes;
+ 		bytecount -= stripbytes;
+ 	}
+ 	/*
+ 	 * Replace old single strip info with multi-strip info.
+ 	 */
+-	td->td_stripsperimage = td->td_nstrips = nstrips32;
++	td->td_stripsperimage = td->td_nstrips = nstrips;
+ 	TIFFSetField(tif, TIFFTAG_ROWSPERSTRIP, rowsperstrip);
+ 
+ 	_TIFFfree(td->td_stripbytecount);
+Index: libtiff/libtiff/tif_strip.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_strip.c,v
+retrieving revision 1.37
+retrieving revision 1.38
+diff -u -r1.37 -r1.38
+--- libtiff/libtiff/tif_strip.c	9 Nov 2016 23:00:49 -0000	1.37
++++ libtiff/libtiff/tif_strip.c	3 Dec 2016 11:02:15 -0000	1.38
+@@ -1,4 +1,4 @@
+-/* $Id: tif_strip.c,v 1.37 2016-11-09 23:00:49 erouault Exp $ */
++/* $Id: tif_strip.c,v 1.38 2016-12-03 11:02:15 erouault Exp $ */
+ 
+ /*
+  * Copyright (c) 1991-1997 Sam Leffler
+@@ -63,15 +63,6 @@
+ 	TIFFDirectory *td = &tif->tif_dir;
+ 	uint32 nstrips;
+ 
+-    /* If the value was already computed and store in td_nstrips, then return it,
+-       since ChopUpSingleUncompressedStrip might have altered and resized the
+-       since the td_stripbytecount and td_stripoffset arrays to the new value
+-       after the initial affectation of td_nstrips = TIFFNumberOfStrips() in
+-       tif_dirread.c ~line 3612.
+-       See http://bugzilla.maptools.org/show_bug.cgi?id=2587 */
+-    if( td->td_nstrips )
+-        return td->td_nstrips;
+-
+ 	nstrips = (td->td_rowsperstrip == (uint32) -1 ? 1 :
+ 	     TIFFhowmany_32(td->td_imagelength, td->td_rowsperstrip));
+ 	if (td->td_planarconfig == PLANARCONFIG_SEPARATE)
diff --git a/gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch b/gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch
new file mode 100644
index 0000000000..f0fef08bf3
--- /dev/null
+++ b/gnu/packages/patches/libtiff-heap-overflow-tiffcp.patch
@@ -0,0 +1,67 @@
+Fix heap buffer overflow in tiffcp when parsing number of inks:
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2599
+
+2016-12-03 Even Rouault <even.rouault at spatialys.com>
+
+        * tools/tif_dir.c: when TIFFGetField(, TIFFTAG_NUMBEROFINKS, ) is
+called,
+        limit the return number of inks to SamplesPerPixel, so that code that
+parses
+        ink names doesn't go past the end of the buffer.
+        Reported by Agostino Sarubbo.
+        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599
+
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
+new revision: 1.1184; previous revision: 1.1183
+/cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v  <--  libtiff/tif_dir.c
+new revision: 1.128; previous revision: 1.127
+
+Index: libtiff/libtiff/tif_dir.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/libtiff/tif_dir.c,v
+retrieving revision 1.127
+retrieving revision 1.128
+diff -u -r1.127 -r1.128
+--- libtiff/libtiff/tif_dir.c	25 Oct 2016 21:35:15 -0000	1.127
++++ libtiff/libtiff/tif_dir.c	3 Dec 2016 15:30:31 -0000	1.128
+@@ -1,4 +1,4 @@
+-/* $Id: tif_dir.c,v 1.127 2016-10-25 21:35:15 erouault Exp $ */
++/* $Id: tif_dir.c,v 1.128 2016-12-03 15:30:31 erouault Exp $ */
+ 
+ /*
+  * Copyright (c) 1988-1997 Sam Leffler
+@@ -854,6 +854,32 @@
+ 	if( fip == NULL ) /* cannot happen since TIFFGetField() already checks it */
+ 	    return 0;
+ 	
++        if( tag == TIFFTAG_NUMBEROFINKS )
++        {
++            int i;
++            for (i = 0; i < td->td_customValueCount; i++) {
++                uint16 val;
++                TIFFTagValue *tv = td->td_customValues + i;
++                if (tv->info->field_tag != tag)
++                    continue;
++                val = *(uint16 *)tv->value;
++                /* Truncate to SamplesPerPixel, since the */
++                /* setting code for INKNAMES assume that there are SamplesPerPixel */
++                /* inknames. */
++                /* Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2599 */
++                if( val > td->td_samplesperpixel )
++                {
++                    TIFFWarningExt(tif->tif_clientdata,"_TIFFVGetField",
++                                   "Truncating NumberOfInks from %u to %u",
++                                   val, td->td_samplesperpixel);
++                    val = td->td_samplesperpixel;
++                }
++                *va_arg(ap, uint16*) = val;
++                return 1;
++            }
++            return 0;
++        }
++
+ 	/*
+ 	 * We want to force the custom code to be used for custom
+ 	 * fields even if the tag happens to match a well known 
diff --git a/gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch b/gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch
new file mode 100644
index 0000000000..8166c55758
--- /dev/null
+++ b/gnu/packages/patches/libtiff-heap-overflow-tiffcrop.patch
@@ -0,0 +1,60 @@
+Fix heap-based buffer overflow in combineSeparateSamples16bits():
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2621
+
+2016-12-03 Even Rouault <even.rouault at spatialys.com>
+
+        * tools/tiffcrop.c: add 3 extra bytes at end of strip buffer in
+        readSeparateStripsIntoBuffer() to avoid read outside of heap allocated
+buffer.
+        Reported by Agostina Sarubo.
+        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2621
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
+new revision: 1.1179; previous revision: 1.1178
+/cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v  <--  tools/tiffcrop.c
+new revision: 1.48; previous revision: 1.47
+
+Index: libtiff/tools/tiffcrop.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcrop.c,v
+retrieving revision 1.47
+retrieving revision 1.48
+diff -u -r1.47 -r1.48
+--- libtiff/tools/tiffcrop.c	3 Dec 2016 11:35:56 -0000	1.47
++++ libtiff/tools/tiffcrop.c	3 Dec 2016 12:19:32 -0000	1.48
+@@ -1,4 +1,4 @@
+-/* $Id: tiffcrop.c,v 1.47 2016-12-03 11:35:56 erouault Exp $ */
++/* $Id: tiffcrop.c,v 1.48 2016-12-03 12:19:32 erouault Exp $ */
+ 
+ /* tiffcrop.c -- a port of tiffcp.c extended to include manipulations of
+  * the image data through additional options listed below
+@@ -4815,10 +4815,17 @@
+   nstrips = TIFFNumberOfStrips(in);
+   strips_per_sample = nstrips /spp;
+ 
++  /* Add 3 padding bytes for combineSeparateSamples32bits */
++  if( (size_t) stripsize > 0xFFFFFFFFU - 3U )
++  {
++      TIFFError("readSeparateStripsIntoBuffer", "Integer overflow when calculating buffer size.");
++      exit(-1);
++  }
++
+   for (s = 0; (s < spp) && (s < MAX_SAMPLES); s++)
+     {
+     srcbuffs[s] = NULL;
+-    buff = _TIFFmalloc(stripsize);
++    buff = _TIFFmalloc(stripsize + 3);
+     if (!buff)
+       {
+       TIFFError ("readSeparateStripsIntoBuffer", 
+@@ -4827,6 +4834,9 @@
+         _TIFFfree (srcbuffs[i]);
+       return 0;
+       }
++    buff[stripsize] = 0;
++    buff[stripsize+1] = 0;
++    buff[stripsize+2] = 0;
+     srcbuffs[s] = buff;
+     }
+ 
diff --git a/gnu/packages/patches/libtiff-invalid-read.patch b/gnu/packages/patches/libtiff-invalid-read.patch
new file mode 100644
index 0000000000..92742d8757
--- /dev/null
+++ b/gnu/packages/patches/libtiff-invalid-read.patch
@@ -0,0 +1,64 @@
+Fix invalid read in t2p_writeproc():
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2639
+
+2016-12-20 Even Rouault <even.rouault at spatialys.com>
+
+        * tools/tiff2pdf.c: avoid potential invalid memory read in
+        t2p_writeproc.
+        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2639
+
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
+new revision: 1.1198; previous revision: 1.1197
+/cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v  <--  tools/tiff2pdf.c
+new revision: 1.100; previous revision: 1.99
+
+Index: libtiff/tools/tiff2pdf.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiff2pdf.c,v
+retrieving revision 1.99
+retrieving revision 1.100
+diff -u -r1.99 -r1.100
+--- libtiff/tools/tiff2pdf.c	20 Dec 2016 17:13:26 -0000	1.99
++++ libtiff/tools/tiff2pdf.c	20 Dec 2016 17:24:35 -0000	1.100
+@@ -2896,6 +2896,7 @@
+ 			}
+ 			if(TIFFGetField(input, TIFFTAG_JPEGTABLES, &count, &jpt) != 0) {
+ 				if (count >= 4) {
++                                        int retTIFFReadRawTile;
+                     /* Ignore EOI marker of JpegTables */
+ 					_TIFFmemcpy(buffer, jpt, count - 2);
+ 					bufferoffset += count - 2;
+@@ -2903,22 +2904,23 @@
+ 					table_end[0] = buffer[bufferoffset-2];
+ 					table_end[1] = buffer[bufferoffset-1];
+ 					xuint32 = bufferoffset;
+-                    bufferoffset -= 2;
+-					bufferoffset += TIFFReadRawTile(
++                                        bufferoffset -= 2;
++                                        retTIFFReadRawTile= TIFFReadRawTile(
+ 						input, 
+ 						tile, 
+ 						(tdata_t) &(((unsigned char*)buffer)[bufferoffset]), 
+ 						-1);
++                                        if( retTIFFReadRawTile < 0 )
++                                        {
++                                            _TIFFfree(buffer);
++                                            t2p->t2p_error = T2P_ERR_ERROR;
++                                            return(0);
++                                        }
++					bufferoffset += retTIFFReadRawTile;
+                     /* Overwrite SOI marker of image scan with previously */
+                     /* saved end of JpegTables */
+ 					buffer[xuint32-2]=table_end[0];
+ 					buffer[xuint32-1]=table_end[1];
+-				} else {
+-					bufferoffset += TIFFReadRawTile(
+-						input, 
+-						tile, 
+-						(tdata_t) &(((unsigned char*)buffer)[bufferoffset]), 
+-						-1);
+ 				}
+ 			}
+ 			t2pWriteFile(output, (tdata_t) buffer, bufferoffset);
diff --git a/gnu/packages/patches/libtiff-null-dereference.patch b/gnu/packages/patches/libtiff-null-dereference.patch
new file mode 100644
index 0000000000..8c6345b804
--- /dev/null
+++ b/gnu/packages/patches/libtiff-null-dereference.patch
@@ -0,0 +1,42 @@
+Fix NULL pointer dereference in TIFFReadRawData():
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2594
+
+
+2016-12-03 Even Rouault <even.rouault at spatialys.com>
+
+        * tools/tiffinfo.c: fix null pointer dereference in -r mode when
+        * the
+image has
+        no StripByteCount tag.
+        Reported by Agostino Sarubbo.
+        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2594
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
+new revision: 1.1182; previous revision: 1.1181
+/cvs/maptools/cvsroot/libtiff/tools/tiffinfo.c,v  <--  tools/tiffinfo.c
+new revision: 1.26; previous revision: 1.25
+
+Index: libtiff/tools/tiffinfo.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffinfo.c,v
+retrieving revision 1.25
+retrieving revision 1.26
+diff -u -r1.25 -r1.26
+--- libtiff/tools/tiffinfo.c	12 Nov 2016 20:06:05 -0000	1.25
++++ libtiff/tools/tiffinfo.c	3 Dec 2016 14:18:49 -0000	1.26
+@@ -1,4 +1,4 @@
+-/* $Id: tiffinfo.c,v 1.25 2016-11-12 20:06:05 bfriesen Exp $ */
++/* $Id: tiffinfo.c,v 1.26 2016-12-03 14:18:49 erouault Exp $ */
+ 
+ /*
+  * Copyright (c) 1988-1997 Sam Leffler
+@@ -417,7 +417,7 @@
+ 	uint64* stripbc=NULL;
+ 
+ 	TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &stripbc);
+-	if (nstrips > 0) {
++	if (stripbc != NULL && nstrips > 0) {
+ 		uint32 bufsize = (uint32) stripbc[0];
+ 		tdata_t buf = _TIFFmalloc(bufsize);
+ 		tstrip_t s;
diff --git a/gnu/packages/patches/libtiff-tiffcp-underflow.patch b/gnu/packages/patches/libtiff-tiffcp-underflow.patch
new file mode 100644
index 0000000000..5615cbb3e1
--- /dev/null
+++ b/gnu/packages/patches/libtiff-tiffcp-underflow.patch
@@ -0,0 +1,41 @@
+Fix a integer underflow in tiffcp that led to heap overflows in
+TIFFReverseBits():
+
+http://bugzilla.maptools.org/show_bug.cgi?id=2598
+
+2016-12-02 Even Rouault <even.rouault at spatialys.com>
+
+        * tools/tiffcp.c: avoid uint32 underflow in cpDecodedStrips that 
+        can cause various issues, such as buffer overflows in the library.
+        Reported by Agostino Sarubbo.
+        Fixes http://bugzilla.maptools.org/show_bug.cgi?id=2598
+
+
+/cvs/maptools/cvsroot/libtiff/ChangeLog,v  <--  ChangeLog
+new revision: 1.1174; previous revision: 1.1173
+/cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v  <--  tools/tiffcp.c
+new revision: 1.56; previous revision: 1.55
+
+Index: libtiff/tools/tiffcp.c
+===================================================================
+RCS file: /cvs/maptools/cvsroot/libtiff/tools/tiffcp.c,v
+retrieving revision 1.55
+retrieving revision 1.56
+diff -u -r1.55 -r1.56
+--- libtiff/tools/tiffcp.c	8 Oct 2016 15:54:57 -0000	1.55
++++ libtiff/tools/tiffcp.c	2 Dec 2016 22:13:32 -0000	1.56
+@@ -1,4 +1,4 @@
+-/* $Id: tiffcp.c,v 1.55 2016-10-08 15:54:57 erouault Exp $ */
++/* $Id: tiffcp.c,v 1.56 2016-12-02 22:13:32 erouault Exp $ */
+ 
+ /*
+  * Copyright (c) 1988-1997 Sam Leffler
+@@ -985,7 +985,7 @@
+ 		tstrip_t s, ns = TIFFNumberOfStrips(in);
+ 		uint32 row = 0;
+ 		_TIFFmemset(buf, 0, stripsize);
+-		for (s = 0; s < ns; s++) {
++		for (s = 0; s < ns && row < imagelength; s++) {
+ 			tsize_t cc = (row + rowsperstrip > imagelength) ?
+ 			    TIFFVStripSize(in, imagelength - row) : stripsize;
+ 			if (TIFFReadEncodedStrip(in, s, buf, cc) < 0
diff --git a/gnu/packages/patches/libxt-guix-search-paths.patch b/gnu/packages/patches/libxt-guix-search-paths.patch
new file mode 100644
index 0000000000..c618f48da5
--- /dev/null
+++ b/gnu/packages/patches/libxt-guix-search-paths.patch
@@ -0,0 +1,126 @@
+--- libXt-1.1.5/src/Intrinsic.c	2015-05-01 07:36:20.000000000 +0200
++++ Intrinsic.c	2016-12-12 00:42:16.567388450 +0100
+@@ -1303,21 +1303,101 @@
+     } else (void) strcpy(*rest, string);
+ }
+ 
+-/*
+- * default path used if environment variable XFILESEARCHPATH
+- * is not defined.  Also substitued for %D.
+- * The exact value should be documented in the implementation
+- * notes for any Xt implementation.
++
++
++/* 
++   Return the default search path for the function
++   XtResolvePathname to use if XFILESEARCHPATH is 
++   not defined.
++
++   It returns the combination the set of values which are the 6 "stems" below,
++   prepended with "/run/current-system/profile", and $GUIX_PROFILE and 
++   "$HOME/.guix-profile"
++
++   These values provide the default paths where Guix/GuixSD  can expect
++   to find resources for installed packages.
+  */
+-static const char *implementation_default_path(void)
++static const char *guix_default_path(void)
+ {
+-#if defined(WIN32)
+-    static char xfilesearchpath[] = "";
+-
+-    return xfilesearchpath;
+-#else
+-    return XFILESEARCHPATHDEFAULT;
+-#endif
++  static const char *search_path_default_stem[] = {
++    "/lib/X11/%L/%T/%N%C%S",
++    "/lib/X11/%l/%T/%N%C%S",
++    "/lib/X11/%T/%N%C%S",
++    "/lib/X11/%L/%T/%N%S",
++    "/lib/X11/%l/%T/%N%S",
++    "/lib/X11/%T/%N%S"
++  };
++
++#define SIZEOF_STEMS  (strlen (search_path_default_stem[0])	\
++		       + strlen (search_path_default_stem[1])	\
++		       + strlen (search_path_default_stem[2])	\
++		       + strlen (search_path_default_stem[3])	\
++		       + strlen (search_path_default_stem[4])	\
++		       + strlen (search_path_default_stem[5]))
++
++
++  int i;
++  const char *current_profile = "/run/current-system/profile";
++  char *home = getenv ("HOME");
++  char *guix_profile = getenv ("GUIX_PROFILE");
++
++  size_t bytesAllocd = SIZEOF_STEMS + 1; 
++
++  /* This function is evaluated multiple times and the calling
++     code assumes that it is idempotent. So we must not allow
++     (say) a changed environment variable to cause it to return
++     something different. */
++  static char *path = NULL;
++  if (path)
++    return path;
++
++  bytesAllocd += 6 * (1 + strlen (current_profile));
++
++  if (guix_profile != NULL)
++    {
++      bytesAllocd += SIZEOF_STEMS;
++      bytesAllocd += 6 * (1 + strlen (guix_profile));
++    }
++
++  if (home != NULL)
++    {
++      bytesAllocd += SIZEOF_STEMS;
++      bytesAllocd += 6 * (1 + strlen(home) + strlen ("/.guix-profile"));
++    }
++
++  path = XtMalloc(bytesAllocd);
++  if (path == NULL) _XtAllocError(NULL);
++
++  memset (path, 0, bytesAllocd);
++  
++  for (i = 0 ; i < 6 ; ++i)
++    {
++      strcat (path, current_profile);
++      strcat (path, search_path_default_stem[i]);
++      strcat (path, ":");
++    }
++
++  if (guix_profile != NULL)
++    for (i = 0 ; i < 6 ; ++i)
++      {
++	strcat (path, guix_profile);
++	strcat (path, search_path_default_stem[i]);
++	strcat (path, ":");
++      }
++
++  if (home != NULL)
++    for (i = 0 ; i < 6 ; ++i)
++      {
++	strcat (path, home);
++	strcat (path, "/.guix-profile");
++	strcat (path, search_path_default_stem[i]);
++	strcat (path, ":");
++      }
++
++  /* Remove final : */
++  path[strlen(path) - 1] = '\0';
++  
++  return path;
+ }
+ 
+ 
+@@ -1345,7 +1425,7 @@
+ {
+     XtPerDisplay pd;
+     static const char *defaultPath = NULL;
+-    const char *impl_default = implementation_default_path();
++    const char *impl_default = guix_default_path();
+     int idef_len = strlen(impl_default);
+     char *massagedPath;
+     int bytesAllocd, bytesLeft;
diff --git a/gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch b/gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch
new file mode 100644
index 0000000000..e752e57ec5
--- /dev/null
+++ b/gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch
@@ -0,0 +1,188 @@
+Fix CVE-2016-10132:
+
+https://bugs.ghostscript.com/show_bug.cgi?id=697381
+http://seclists.org/oss-sec/2017/q1/74
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10132
+
+Patch lifted from upstream source repository:
+
+http://git.ghostscript.com/?p=mujs.git;h=fd003eceda531e13fbdd1aeb6e9c73156496e569
+
+From fd003eceda531e13fbdd1aeb6e9c73156496e569 Mon Sep 17 00:00:00 2001
+From: Tor Andersson <tor@ccxvii.net>
+Date: Fri, 2 Dec 2016 14:56:20 -0500
+Subject: [PATCH] Fix 697381: check allocation when compiling regular
+ expressions.
+
+Also use allocator callback function.
+---
+ thirdparty/mujs/jsgc.c     |  2 +-
+ thirdparty/mujs/jsregexp.c |  2 +-
+ thirdparty/mujs/jsstate.c  |  6 ------
+ thirdparty/mujs/regexp.c   | 45 +++++++++++++++++++++++++++++++++++----------
+ thirdparty/mujs/regexp.h   |  7 +++++++
+ 5 files changed, 44 insertions(+), 18 deletions(-)
+
+diff --git a/thirdparty/mujs/jsgc.c b/thirdparty/mujs/jsgc.c
+index 4f7e7dc..f80111e 100644
+--- a/thirdparty/mujs/jsgc.c
++++ b/thirdparty/mujs/jsgc.c
+@@ -46,7 +46,7 @@ static void jsG_freeobject(js_State *J, js_Object *obj)
+ 		jsG_freeproperty(J, obj->head);
+ 	if (obj->type == JS_CREGEXP) {
+ 		js_free(J, obj->u.r.source);
+-		js_regfree(obj->u.r.prog);
++		js_regfreex(J->alloc, J->actx, obj->u.r.prog);
+ 	}
+ 	if (obj->type == JS_CITERATOR)
+ 		jsG_freeiterator(J, obj->u.iter.head);
+diff --git a/thirdparty/mujs/jsregexp.c b/thirdparty/mujs/jsregexp.c
+index a2d5156..7b09c06 100644
+--- a/thirdparty/mujs/jsregexp.c
++++ b/thirdparty/mujs/jsregexp.c
+@@ -16,7 +16,7 @@ void js_newregexp(js_State *J, const char *pattern, int flags)
+ 	if (flags & JS_REGEXP_I) opts |= REG_ICASE;
+ 	if (flags & JS_REGEXP_M) opts |= REG_NEWLINE;
+ 
+-	prog = js_regcomp(pattern, opts, &error);
++	prog = js_regcompx(J->alloc, J->actx, pattern, opts, &error);
+ 	if (!prog)
+ 		js_syntaxerror(J, "regular expression: %s", error);
+ 
+diff --git a/thirdparty/mujs/jsstate.c b/thirdparty/mujs/jsstate.c
+index 638cab3..fd5bcf6 100644
+--- a/thirdparty/mujs/jsstate.c
++++ b/thirdparty/mujs/jsstate.c
+@@ -9,12 +9,6 @@
+ 
+ static void *js_defaultalloc(void *actx, void *ptr, int size)
+ {
+-	if (size == 0) {
+-		free(ptr);
+-		return NULL;
+-	}
+-	if (!ptr)
+-		return malloc((size_t)size);
+ 	return realloc(ptr, (size_t)size);
+ }
+ 
+diff --git a/thirdparty/mujs/regexp.c b/thirdparty/mujs/regexp.c
+index 9852be2..01c18a3 100644
+--- a/thirdparty/mujs/regexp.c
++++ b/thirdparty/mujs/regexp.c
+@@ -807,23 +807,31 @@ static void dumpprog(Reprog *prog)
+ }
+ #endif
+ 
+-Reprog *regcomp(const char *pattern, int cflags, const char **errorp)
++Reprog *regcompx(void *(*alloc)(void *ctx, void *p, int n), void *ctx,
++	const char *pattern, int cflags, const char **errorp)
+ {
+ 	struct cstate g;
+ 	Renode *node;
+ 	Reinst *split, *jump;
+ 	int i;
+ 
+-	g.prog = malloc(sizeof (Reprog));
+-	g.pstart = g.pend = malloc(sizeof (Renode) * strlen(pattern) * 2);
++	g.pstart = NULL;
++	g.prog = NULL;
+ 
+ 	if (setjmp(g.kaboom)) {
+ 		if (errorp) *errorp = g.error;
+-		free(g.pstart);
+-		free(g.prog);
++		alloc(ctx, g.pstart, 0);
++		alloc(ctx, g.prog, 0);
+ 		return NULL;
+ 	}
+ 
++	g.prog = alloc(ctx, NULL, sizeof (Reprog));
++	if (!g.prog)
++		die(&g, "cannot allocate regular expression");
++	g.pstart = g.pend = alloc(ctx, NULL, sizeof (Renode) * strlen(pattern) * 2);
++	if (!g.pstart)
++		die(&g, "cannot allocate regular expression parse list");
++
+ 	g.source = pattern;
+ 	g.ncclass = 0;
+ 	g.nsub = 1;
+@@ -840,7 +848,9 @@ Reprog *regcomp(const char *pattern, int cflags, const char **errorp)
+ 		die(&g, "syntax error");
+ 
+ 	g.prog->nsub = g.nsub;
+-	g.prog->start = g.prog->end = malloc((count(node) + 6) * sizeof (Reinst));
++	g.prog->start = g.prog->end = alloc(ctx, NULL, (count(node) + 6) * sizeof (Reinst));
++	if (!g.prog->start)
++		die(&g, "cannot allocate regular expression instruction list");
+ 
+ 	split = emit(g.prog, I_SPLIT);
+ 	split->x = split + 3;
+@@ -859,20 +869,35 @@ Reprog *regcomp(const char *pattern, int cflags, const char **errorp)
+ 	dumpprog(g.prog);
+ #endif
+ 
+-	free(g.pstart);
++	alloc(ctx, g.pstart, 0);
+ 
+ 	if (errorp) *errorp = NULL;
+ 	return g.prog;
+ }
+ 
+-void regfree(Reprog *prog)
++void regfreex(void *(*alloc)(void *ctx, void *p, int n), void *ctx, Reprog *prog)
+ {
+ 	if (prog) {
+-		free(prog->start);
+-		free(prog);
++		alloc(ctx, prog->start, 0);
++		alloc(ctx, prog, 0);
+ 	}
+ }
+ 
++static void *default_alloc(void *ctx, void *p, int n)
++{
++	return realloc(p, (size_t)n);
++}
++
++Reprog *regcomp(const char *pattern, int cflags, const char **errorp)
++{
++	return regcompx(default_alloc, NULL, pattern, cflags, errorp);
++}
++
++void regfree(Reprog *prog)
++{
++	regfreex(default_alloc, NULL, prog);
++}
++
+ /* Match */
+ 
+ static int isnewline(int c)
+diff --git a/thirdparty/mujs/regexp.h b/thirdparty/mujs/regexp.h
+index 4bb4615..6bb73e8 100644
+--- a/thirdparty/mujs/regexp.h
++++ b/thirdparty/mujs/regexp.h
+@@ -1,6 +1,8 @@
+ #ifndef regexp_h
+ #define regexp_h
+ 
++#define regcompx js_regcompx
++#define regfreex js_regfreex
+ #define regcomp js_regcomp
+ #define regexec js_regexec
+ #define regfree js_regfree
+@@ -8,6 +10,11 @@
+ typedef struct Reprog Reprog;
+ typedef struct Resub Resub;
+ 
++Reprog *regcompx(void *(*alloc)(void *ctx, void *p, int n), void *ctx,
++	const char *pattern, int cflags, const char **errorp);
++void regfreex(void *(*alloc)(void *ctx, void *p, int n), void *ctx,
++	Reprog *prog);
++
+ Reprog *regcomp(const char *pattern, int cflags, const char **errorp);
+ int regexec(Reprog *prog, const char *string, Resub *sub, int eflags);
+ void regfree(Reprog *prog);
+-- 
+2.9.1
+
diff --git a/gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch b/gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch
new file mode 100644
index 0000000000..d73849262c
--- /dev/null
+++ b/gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch
@@ -0,0 +1,36 @@
+Fix CVE-2016-10133:
+
+https://bugs.ghostscript.com/show_bug.cgi?id=697401
+http://seclists.org/oss-sec/2017/q1/74
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10133
+
+Patch lifted from upstream source repository:
+
+https://git.ghostscript.com/?p=mujs.git;h=77ab465f1c394bb77f00966cd950650f3f53cb24
+
+From 77ab465f1c394bb77f00966cd950650f3f53cb24 Mon Sep 17 00:00:00 2001
+From: Tor Andersson <tor.andersson@gmail.com>
+Date: Thu, 12 Jan 2017 14:47:01 +0100
+Subject: [PATCH] Fix 697401: Error when dropping extra arguments to
+ lightweight functions.
+
+---
+ thirdparty/mujs/jsrun.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/thirdparty/mujs/jsrun.c b/thirdparty/mujs/jsrun.c
+index ee80845..782a6f9 100644
+--- a/thirdparty/mujs/jsrun.c
++++ b/thirdparty/mujs/jsrun.c
+@@ -937,7 +937,7 @@ static void jsR_calllwfunction(js_State *J, int n, js_Function *F, js_Environmen
+ 	jsR_savescope(J, scope);
+ 
+ 	if (n > F->numparams) {
+-		js_pop(J, F->numparams - n);
++		js_pop(J, n - F->numparams);
+ 		n = F->numparams;
+ 	}
+ 	for (i = n; i < F->varlen; ++i)
+-- 
+2.9.1
+
diff --git a/gnu/packages/patches/python-pygpgme-fix-pinentry-tests.patch b/gnu/packages/patches/python-pygpgme-fix-pinentry-tests.patch
new file mode 100644
index 0000000000..1f7a4cadb7
--- /dev/null
+++ b/gnu/packages/patches/python-pygpgme-fix-pinentry-tests.patch
@@ -0,0 +1,69 @@
+Fix test failure of test_XXX caused by upgrade of gpgme from 1.6.0 to
+1.8.0:
+
+======================================================================
+FAIL: test_encrypt_to_signonly (tests.test_encrypt_decrypt.EncryptDecryptTestCase)
+----------------------------------------------------------------------
+Traceback (most recent call last):
+  File "/tmp/guix-build-python2-pygpgme-0.3.drv-0/pygpgme-0.3/tests/test_encrypt_decrypt.py", line 185, in test_encrypt_to_signonly
+    self.assertEqual(exc.args[0], gpgme.ERR_SOURCE_UNKNOWN)
+AssertionError: 7 != 0
+
+----------------------------------------------------------------------
+
+Patch copied from the Debian package pygpgme-0.3-1.2:
+
+https://sources.debian.net/src/pygpgme/0.3-1.2/debian/patches/0005-Fix-test-failures-with-pinentry.patch/
+
+From: "Dr. Tobias Quathamer" <toddy@debian.org>
+Date: Thu, 24 Nov 2016 12:20:54 +0100
+Subject: Fix test failures with pinentry
+
+---
+ tests/test_encrypt_decrypt.py | 5 +++--
+ tests/test_passphrase.py      | 2 ++
+ 2 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/tests/test_encrypt_decrypt.py b/tests/test_encrypt_decrypt.py
+index 21ae83e..05707e1 100644
+--- a/tests/test_encrypt_decrypt.py
++++ b/tests/test_encrypt_decrypt.py
+@@ -132,6 +132,7 @@ class EncryptDecryptTestCase(GpgHomeTestCase):
+             os.write(fd, b'Symmetric passphrase\n')
+         ctx = gpgme.Context()
+         ctx.armor = True
++        ctx.pinentry_mode = gpgme.PINENTRY_MODE_LOOPBACK
+         ctx.passphrase_cb = passphrase
+         ctx.encrypt(None, 0, plaintext, ciphertext)
+         self.assertTrue(
+@@ -182,8 +183,8 @@ class EncryptDecryptTestCase(GpgHomeTestCase):
+             ctx.encrypt([recipient], gpgme.ENCRYPT_ALWAYS_TRUST,
+                         plaintext, ciphertext)
+         except gpgme.GpgmeError as exc:
+-            self.assertEqual(exc.args[0], gpgme.ERR_SOURCE_UNKNOWN)
+-            self.assertEqual(exc.args[1], gpgme.ERR_GENERAL)
++            self.assertEqual(exc.args[0], gpgme.ERR_SOURCE_GPGME)
++            self.assertEqual(exc.args[1], gpgme.ERR_UNUSABLE_PUBKEY)
+         else:
+             self.fail('gpgme.GpgmeError not raised')
+ 
+diff --git a/tests/test_passphrase.py b/tests/test_passphrase.py
+index 35b3c59..05e6811 100644
+--- a/tests/test_passphrase.py
++++ b/tests/test_passphrase.py
+@@ -34,6 +34,7 @@ class PassphraseTestCase(GpgHomeTestCase):
+         ctx = gpgme.Context()
+         key = ctx.get_key('EFB052B4230BBBC51914BCBB54DCBBC8DBFB9EB3')
+         ctx.signers = [key]
++        ctx.pinentry_mode = gpgme.PINENTRY_MODE_LOOPBACK
+         plaintext = BytesIO(b'Hello World\n')
+         signature = BytesIO()
+ 
+@@ -55,6 +56,7 @@ class PassphraseTestCase(GpgHomeTestCase):
+         ctx = gpgme.Context()
+         key = ctx.get_key('EFB052B4230BBBC51914BCBB54DCBBC8DBFB9EB3')
+         ctx.signers = [key]
++        ctx.pinentry_mode = gpgme.PINENTRY_MODE_LOOPBACK
+         ctx.passphrase_cb = self.passphrase_cb
+         plaintext = BytesIO(b'Hello World\n')
+         signature = BytesIO()
diff --git a/gnu/packages/patches/qemu-CVE-2016-10155.patch b/gnu/packages/patches/qemu-CVE-2016-10155.patch
new file mode 100644
index 0000000000..825edaa815
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2016-10155.patch
@@ -0,0 +1,49 @@
+From eb7a20a3616085d46aa6b4b4224e15587ec67e6e Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Mon, 28 Nov 2016 17:49:04 -0800
+Subject: [PATCH] watchdog: 6300esb: add exit function
+
+When the Intel 6300ESB watchdog is hot unplug. The timer allocated
+in realize isn't freed thus leaking memory leak. This patch avoid
+this through adding the exit function.
+
+http://git.qemu.org/?p=qemu.git;a=patch;h=eb7a20a3616085d46aa6b4b4224e15587ec67e6e
+this patch is from qemu-git.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Message-Id: <583cde9c.3223ed0a.7f0c2.886e@mx.google.com>
+Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
+---
+ hw/watchdog/wdt_i6300esb.c |    9 +++++++++
+ 1 files changed, 9 insertions(+), 0 deletions(-)
+
+diff --git a/hw/watchdog/wdt_i6300esb.c b/hw/watchdog/wdt_i6300esb.c
+index a83d951..49b3cd1 100644
+--- a/hw/watchdog/wdt_i6300esb.c
++++ b/hw/watchdog/wdt_i6300esb.c
+@@ -428,6 +428,14 @@ static void i6300esb_realize(PCIDevice *dev, Error **errp)
+     /* qemu_register_coalesced_mmio (addr, 0x10); ? */
+ }
+ 
++static void i6300esb_exit(PCIDevice *dev)
++{
++    I6300State *d = WATCHDOG_I6300ESB_DEVICE(dev);
++
++    timer_del(d->timer);
++    timer_free(d->timer);
++}
++
+ static WatchdogTimerModel model = {
+     .wdt_name = "i6300esb",
+     .wdt_description = "Intel 6300ESB",
+@@ -441,6 +449,7 @@ static void i6300esb_class_init(ObjectClass *klass, void *data)
+     k->config_read = i6300esb_config_read;
+     k->config_write = i6300esb_config_write;
+     k->realize = i6300esb_realize;
++    k->exit = i6300esb_exit;
+     k->vendor_id = PCI_VENDOR_ID_INTEL;
+     k->device_id = PCI_DEVICE_ID_INTEL_ESB_9;
+     k->class_id = PCI_CLASS_SYSTEM_OTHER;
+-- 
+1.7.0.4
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5525.patch b/gnu/packages/patches/qemu-CVE-2017-5525.patch
new file mode 100644
index 0000000000..d0c0c82a4a
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5525.patch
@@ -0,0 +1,55 @@
+From 12351a91da97b414eec8cdb09f1d9f41e535a401 Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Wed, 14 Dec 2016 18:30:21 -0800
+Subject: [PATCH] audio: ac97: add exit function
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+http://git.qemu.org/?p=qemu.git;a=patch;h=12351a91da97b414eec8cdb09f1d9f41e535a401
+this patch is from qemu-git
+
+Currently the ac97 device emulation doesn't have a exit function,
+hot unplug this device will leak some memory. Add a exit function to
+avoid this.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Message-id: 58520052.4825ed0a.27a71.6cae@mx.google.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/audio/ac97.c |   11 +++++++++++
+ 1 files changed, 11 insertions(+), 0 deletions(-)
+
+diff --git a/hw/audio/ac97.c b/hw/audio/ac97.c
+index cbd959e..c306575 100644
+--- a/hw/audio/ac97.c
++++ b/hw/audio/ac97.c
+@@ -1387,6 +1387,16 @@ static void ac97_realize(PCIDevice *dev, Error **errp)
+     ac97_on_reset (&s->dev.qdev);
+ }
+ 
++static void ac97_exit(PCIDevice *dev)
++{
++    AC97LinkState *s = DO_UPCAST(AC97LinkState, dev, dev);
++
++    AUD_close_in(&s->card, s->voice_pi);
++    AUD_close_out(&s->card, s->voice_po);
++    AUD_close_in(&s->card, s->voice_mc);
++    AUD_remove_card(&s->card);
++}
++
+ static int ac97_init (PCIBus *bus)
+ {
+     pci_create_simple (bus, -1, "AC97");
+@@ -1404,6 +1414,7 @@ static void ac97_class_init (ObjectClass *klass, void *data)
+     PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
+ 
+     k->realize = ac97_realize;
++    k->exit = ac97_exit;
+     k->vendor_id = PCI_VENDOR_ID_INTEL;
+     k->device_id = PCI_DEVICE_ID_INTEL_82801AA_5;
+     k->revision = 0x01;
+-- 
+1.7.0.4
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5526.patch b/gnu/packages/patches/qemu-CVE-2017-5526.patch
new file mode 100644
index 0000000000..5a6d796458
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5526.patch
@@ -0,0 +1,58 @@
+From 069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da Mon Sep 17 00:00:00 2001
+From: Li Qiang <liqiang6-s@360.cn>
+Date: Wed, 14 Dec 2016 18:32:22 -0800
+Subject: [PATCH] audio: es1370: add exit function
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+http://git.qemu.org/?p=qemu.git;a=patch;h=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da
+this patch is from qemu-git.
+
+Currently the es1370 device emulation doesn't have a exit function,
+hot unplug this device will leak some memory. Add a exit function to
+avoid this.
+
+Signed-off-by: Li Qiang <liqiang6-s@360.cn>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Message-id: 585200c9.a968ca0a.1ab80.4c98@mx.google.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/audio/es1370.c |   14 ++++++++++++++
+ 1 files changed, 14 insertions(+), 0 deletions(-)
+
+diff --git a/hw/audio/es1370.c b/hw/audio/es1370.c
+index 8449b5f..883ec69 100644
+--- a/hw/audio/es1370.c
++++ b/hw/audio/es1370.c
+@@ -1041,6 +1041,19 @@ static void es1370_realize(PCIDevice *dev, Error **errp)
+     es1370_reset (s);
+ }
+ 
++static void es1370_exit(PCIDevice *dev)
++{
++    ES1370State *s = ES1370(dev);
++    int i;
++
++    for (i = 0; i < 2; ++i) {
++        AUD_close_out(&s->card, s->dac_voice[i]);
++    }
++
++    AUD_close_in(&s->card, s->adc_voice);
++    AUD_remove_card(&s->card);
++}
++
+ static int es1370_init (PCIBus *bus)
+ {
+     pci_create_simple (bus, -1, TYPE_ES1370);
+@@ -1053,6 +1066,7 @@ static void es1370_class_init (ObjectClass *klass, void *data)
+     PCIDeviceClass *k = PCI_DEVICE_CLASS (klass);
+ 
+     k->realize = es1370_realize;
++    k->exit = es1370_exit;
+     k->vendor_id = PCI_VENDOR_ID_ENSONIQ;
+     k->device_id = PCI_DEVICE_ID_ENSONIQ_ES1370;
+     k->class_id = PCI_CLASS_MULTIMEDIA_AUDIO;
+-- 
+1.7.0.4
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-5552.patch b/gnu/packages/patches/qemu-CVE-2017-5552.patch
new file mode 100644
index 0000000000..50911f4f36
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-5552.patch
@@ -0,0 +1,44 @@
+From 33243031dad02d161225ba99d782616da133f689 Mon Sep 17 00:00:00 2001
+From: Li Qiang <liq3ea@gmail.com>
+Date: Thu, 29 Dec 2016 03:11:26 -0500
+Subject: [PATCH] virtio-gpu-3d: fix memory leak in resource attach backing
+MIME-Version: 1.0
+Content-Type: text/plain; charset=utf8
+Content-Transfer-Encoding: 8bit
+
+If the virgl_renderer_resource_attach_iov function fails the
+'res_iovs' will be leaked. Add check of the return value to
+free the 'res_iovs' when failing.
+
+http://git.qemu.org/?p=qemu.git;a=patch;h=33243031dad02d161225ba99d782616da133f689
+this patch is from qemu-git.
+
+Signed-off-by: Li Qiang <liq3ea@gmail.com>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+Message-id: 1482999086-59795-1-git-send-email-liq3ea@gmail.com
+Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
+---
+ hw/display/virtio-gpu-3d.c |    7 +++++--
+ 1 files changed, 5 insertions(+), 2 deletions(-)
+
+diff --git a/hw/display/virtio-gpu-3d.c b/hw/display/virtio-gpu-3d.c
+index e29f099..b13ced3 100644
+--- a/hw/display/virtio-gpu-3d.c
++++ b/hw/display/virtio-gpu-3d.c
+@@ -291,8 +291,11 @@ static void virgl_resource_attach_backing(VirtIOGPU *g,
+         return;
+     }
+ 
+-    virgl_renderer_resource_attach_iov(att_rb.resource_id,
+-                                       res_iovs, att_rb.nr_entries);
++    ret = virgl_renderer_resource_attach_iov(att_rb.resource_id,
++                                             res_iovs, att_rb.nr_entries);
++
++    if (ret != 0)
++        virtio_gpu_cleanup_mapping_iov(res_iovs, att_rb.nr_entries);
+ }
+ 
+ static void virgl_resource_detach_backing(VirtIOGPU *g,
+-- 
+1.7.0.4
+
diff --git a/gnu/packages/patches/ruby-yard-fix-skip-of-markdown-tests.patch b/gnu/packages/patches/ruby-yard-fix-skip-of-markdown-tests.patch
deleted file mode 100644
index f592f5cd51..0000000000
--- a/gnu/packages/patches/ruby-yard-fix-skip-of-markdown-tests.patch
+++ /dev/null
@@ -1,17 +0,0 @@
-The tests currently fail due to use of 'skip' rather than 'pending' to skip a
-test usually not skipped by upstream.  This patch has been proposed upstream
-at https://github.com/lsegal/yard/pull/1033
-
-diff --git a/spec/templates/helpers/html_helper_spec.rb b/spec/templates/helpers/html_helper_spec.rb
-index 84624c3..9c4fc2b 100644
---- a/spec/templates/helpers/html_helper_spec.rb
-+++ b/spec/templates/helpers/html_helper_spec.rb
-@@ -184,7 +184,7 @@ describe YARD::Templates::Helpers::HtmlHelper do
-     it "creates tables (markdown specific)" do
-       log.enter_level(Logger::FATAL) do
-         unless markup_class(:markdown).to_s == "RedcarpetCompat"
--          skip "This test depends on a markdown engine that supports tables"
-+          pending "This test depends on a markdown engine that supports tables"
-         end
-       end
- 
diff --git a/gnu/packages/patches/tipp10-fix-compiling.patch b/gnu/packages/patches/tipp10-fix-compiling.patch
new file mode 100644
index 0000000000..4c206d4d83
--- /dev/null
+++ b/gnu/packages/patches/tipp10-fix-compiling.patch
@@ -0,0 +1,213 @@
+Description: Debian patches to make tipp10 compile
+Author: Christoph Martin <chrism@debian.org>
+Last-Update: 2016-07-20
+
+https://sources.debian.net/data/main/t/tipp10/2.1.0-2/debian/patches/0001-FixCompiling
+
+--- a/widget/tickerboard.cpp
++++ b/widget/tickerboard.cpp
+@@ -97,7 +97,8 @@ void TickerBoard::startTicker(bool wasPa
+ 

+ 		if (tickerSpeed == 50) {

+ 			scrollOffset = 290;

+-			scroll(-290, 0, QRect::QRect(10, 15, 590, 35)); //contentsRect());

++			const QRect qr = QRect(10, 15, 590, 35);

++			scroll(-290, 0, qr); //contentsRect());

+ 		}

+ 

+ 		startFlag = true;

+@@ -153,7 +154,8 @@ void TickerBoard::changeChar() {
+ 			scrollOffset = 0;

+ 		} else {

+ 			scrollOffset = 290;

+-			scroll(-290, 0, QRect::QRect(10, 15, 590, 35)); //contentsRect());

++			const QRect qr = QRect(10, 15, 590, 35);

++			scroll(-290, 0, qr); //contentsRect());

+ 		}

+ 		splitLesson();

+ 	}

+@@ -242,7 +244,8 @@ void TickerBoard::progress() {
+ 

+ 				// Move ticker 1 pixel to left

+ 				scrollOffset++;

+-				scroll(-1, 0, QRect::QRect(10, 15, 590, 35)); //contentsRect());

++				const QRect qr = QRect(10, 15, 590, 35);

++				scroll(-1, 0, qr); //contentsRect());

+ 

+ 				if ((lessonOffset - scrollOffset) <= 30) {

+ 					setSpeed(tickerSpeed);

+@@ -265,14 +268,16 @@ void TickerBoard::progress() {
+ 			// 160 pixels overage (because the user must see at least the next word)

+ 			if ((lessonOffset - scrollOffset) > 200) {

+ 				scrollOffset += (lessonOffset - scrollOffset) - 200;

+-				scroll(-((lessonOffset - scrollOffset) - 200), 0, QRect::QRect(10, 15, 590, 35)); //contentsRect());

++				const QRect qr = QRect(10, 15, 590, 35);

++				scroll(-((lessonOffset - scrollOffset) - 200), 0, qr); //contentsRect());

+ 			}

+ 		} else {

+ 			// If the user types faster than the ticker, move ticker faster after

+ 			// 160 pixels overage (because the user must see at least the next word)

+ 			if ((lessonOffset - scrollOffset) > 280) {

+ 				scrollOffset += 570;

+-				scroll(-570, 0, QRect::QRect(10, 15, 590, 35)); //contentsRect());

++				const QRect qr = QRect(10, 15, 590, 35);

++				scroll(-570, 0, qr); //contentsRect());

+ 			}

+ 

+ 		}

+--- a/widget/settingspages.cpp
++++ b/widget/settingspages.cpp
+@@ -501,7 +501,7 @@ void DatabasePage::writeSettings() {
+ 	QSettings settings;

+ 	#endif

+ 	settings.beginGroup("database");

+-	settings.setValue("pathpro", lineDatabasePath->text() + "/" + QString::QString(APP_USER_DB));

++	settings.setValue("pathpro", lineDatabasePath->text() + "/" + QString(APP_USER_DB));

+ 	settings.endGroup();

+ }

+ 

+--- a/widget/lessondialog.cpp
++++ b/widget/lessondialog.cpp
+@@ -89,7 +89,7 @@ void LessonDialog::updateContent() {
+ 			*lessonData = lineLessonContent->toPlainText().split("\n", QString::SkipEmptyParts);

+ 			// Delete empty lines

+ 			for (int i = 0; i < lessonData->size(); i++) {

+-				if (QString::QString(lessonData->at(i).toLocal8Bit().constData()).simplified() == "") {

++				if (QString(lessonData->at(i).toLocal8Bit().constData()).simplified() == "") {

+ 					lessonData->removeAt(i);

+ 				}

+ 			}

+@@ -259,7 +259,7 @@ void LessonDialog::clickSave() {
+ 	contentList = lineLessonContent->toPlainText().split("\n", QString::SkipEmptyParts);

+ 	// Delete empty lines

+ 	for (i = 0; i < contentList.size(); i++) {

+-		if (QString::QString(contentList.at(i).toLocal8Bit().constData()).simplified() == "") {

++		if (QString(contentList.at(i).toLocal8Bit().constData()).simplified() == "") {

+ 			contentList.removeAt(i);

+ 		}

+ 	}

+--- a/sql/chartablesql.cpp
++++ b/sql/chartablesql.cpp
+@@ -57,7 +57,7 @@ QVariant CharSqlModel::data(const QModel
+ 			// Read the unicode value

+ 			unicode = value.toInt();

+ 			// Convert unicode to a char

+-			unicodeToChar = QString::QString(QChar(unicode)); //"\'" + QString::QString(QChar(unicode)) + "\'";

++			unicodeToChar = QString(QChar(unicode)); //"\'" + QString::QString(QChar(unicode)) + "\'";

+ 			return unicodeToChar;

+ 		} else {

+ 			// Last column (error weight)

+--- a/sql/startsql.cpp
++++ b/sql/startsql.cpp
+@@ -344,7 +344,7 @@ bool StartSql::updateOwnLesson(QString l
+ 		for (i = 0; i < content.size(); i++) {

+ 			//simplifiedContent = QString::QString(

+ 			//	content.at(i)).replace(QChar(0x27), "''", Qt::CaseSensitive).simplified();

+-			simplifiedContent = trim(QString::QString(

++			simplifiedContent = trim(QString(

+ 				content.at(i)).replace(QChar(0x27), "''", Qt::CaseSensitive));

+ 

+ 			if (!query.exec("INSERT INTO own_content VALUES(NULL,'" +

+--- a/def/defines.h
++++ b/def/defines.h
+@@ -27,9 +27,9 @@ Foundation, Inc., 51 Franklin Street, Fi
+ #define DEFINES_H

+ 

+ // OS constants

+-#define APP_WIN						true

++#define APP_WIN						false

+ #define APP_MAC						false

+-#define APP_X11						false

++#define APP_X11						true

+ #define APP_PORTABLE				false //at least one of the 3 OS must be true too!

+ 

+ // Languages

+@@ -47,6 +47,7 @@ Foundation, Inc., 51 Franklin Street, Fi
+ #define APP_URL 					"http://www.tipp10.com"

+ #define APP_DB 						"tipp10v2.template"

+ #define APP_USER_DB					"tipp10v2.db"

++#define APP_SHARE_DIR					"/usr/share/tipp10"

+ 

+ // Update constants

+ #define UPDATE_URL 					"www.tipp10.com"

+--- a/tipp10.pro
++++ b/tipp10.pro
+@@ -88,3 +88,15 @@ SOURCES         += 	main.cpp \
+                     sql/startsql.cpp \

+                     games/abcrainwidget.cpp \

+                     games/charball.cpp

++

++target.path = /usr/bin/

++INSTALLS += target

++share.path = /usr/share/tipp10/

++share.files = release/* *wav

++INSTALLS += share

++desktop.path = /usr/share/applications/

++desktop.files = tipp10.desktop

++INSTALLS += desktop

++pixmap.path = /usr/share/pixmaps/

++pixmap.files = tipp10.png

++INSTALLS += pixmap

+--- a/sql/connection.h
++++ b/sql/connection.h
+@@ -179,11 +179,13 @@ static bool createConnection() {
+ 				CANCEL_NO, "Betroffener Pfad:\n" + dbPath);*/

+ 			// Try to create new databae in user path

+ 			// Exist a database in the program dir?

+-			if (QFile::exists(QCoreApplication::applicationDirPath() + "/" + dbNameTemplate)) {

++			// if (QFile::exists(QCoreApplication::applicationDirPath() + "/" + dbNameTemplate)) {

++		  	if (QFile::exists(QString(APP_SHARE_DIR) + "/" + dbNameTemplate)) {

+ 			//if (QFile::exists(":/" + dbNameTemplate)) {

+ 				// A database exist in the program dir

+ 				// -> copy database to user home dir

+-				QFile file(QCoreApplication::applicationDirPath() + "/" + dbNameTemplate);

++				// QFile file(QCoreApplication::applicationDirPath() + "/" + dbNameTemplate);

++			  	QFile file(QString(APP_SHARE_DIR) + "/" + dbNameTemplate);

+ 				//QFile file(":/" + dbNameTemplate);

+ 				if (file.copy(dbPath)) {

+ 					QFile::setPermissions(dbPath, QFile::permissions(dbPath) | QFile::WriteUser);

+@@ -229,7 +231,8 @@ static bool createConnection() {
+ 		// Exist a database in user's home dir?

+ 		if (!QFile::exists(dbPath)) {

+ 			// Exist a database template in the program dir?

+-			dbPath = QCoreApplication::applicationDirPath() + "/" + dbNameTemplate;

++			// dbPath = QCoreApplication::applicationDirPath() + "/" + dbNameTemplate;

++		  	dbPath = QString(APP_SHARE_DIR) + "/" + dbNameTemplate;

+ 			//dbPath = ":/" + dbNameTemplate;

+ 			if (QFile::exists(dbPath)) {

+ 				// A database template exist in the program dir

+--- a/widget/helpbrowser.cpp
++++ b/widget/helpbrowser.cpp
+@@ -52,13 +52,15 @@ HelpBrowser::HelpBrowser(QString link, Q
+     textBrowser->setOpenExternalLinks(true);

+ 	

+     textBrowser->setSource(QString("file:///") + 

+-    	QCoreApplication::applicationDirPath() + 

++	// QCoreApplication::applicationDirPath() + 

++    	APP_SHARE_DIR + 

+     	QString("/help/") + language + QString("/index.html"));

+     	

+     if (link != "") {

+     

+ 		textBrowser->setSource(QString("file:///") + 

+-			QCoreApplication::applicationDirPath() + 

++			// QCoreApplication::applicationDirPath() + 

++			APP_SHARE_DIR + 

+ 			QString("/help/") + language + QString("/content/") + link);

+ 			

+ 	}

+--- a/tipp10.desktop
++++ b/tipp10.desktop
+@@ -1,10 +1,10 @@
+ [Desktop Entry]
+-Encoding=UTF-8
+ Name=TIPP10
+ Comment=Touch Typing Tutor
+ Comment[de]=10-Finger-Schreibtrainer
+-Exec=tipp10
++Exec=/usr/bin/tipp10
+ Icon=tipp10.png
+ Terminal=false
+ Type=Application
+ Categories=Education;
++Keywords=learning;touchtyping
diff --git a/gnu/packages/patches/tipp10-remove-license-code.patch b/gnu/packages/patches/tipp10-remove-license-code.patch
new file mode 100644
index 0000000000..4b7487e726
--- /dev/null
+++ b/gnu/packages/patches/tipp10-remove-license-code.patch
@@ -0,0 +1,332 @@
+Description: Remove license dialog and license key checking
+
+https://sources.debian.net/data/main/t/tipp10/2.1.0-2/debian/patches/0002-RemoveLicenseCode
+
+--- a/main.cpp
++++ b/main.cpp
+@@ -33,7 +33,6 @@ Foundation, Inc., 51 Franklin Street, Fi
+ #include "def/defines.h"

+ #include "sql/connection.h"

+ #include "widget/mainwindow.h"

+-#include "widget/licensedialog.h"

+ #include "widget/illustrationdialog.h"

+ 

+ int main(int argc, char *argv[]) {

+@@ -59,7 +58,7 @@ int main(int argc, char *argv[]) {
+ 	QSettings settings;

+ 	#endif

+ 

+-	// Read/write language, license key and show illustration flag

++	// Read/write language and show illustration flag

+ 	settings.beginGroup("general");

+ 	QString languageGui = settings.value("language_gui",

+ 		QLocale::system().name()).toString();

+@@ -101,7 +100,6 @@ int main(int argc, char *argv[]) {
+ 	QString languageLesson = settings.value("language_lesson",

+ 		"").toString();

+ 

+-	QString licenseKey = settings.value("licensekey", "").toString();

+ 	bool showIllustration = settings.value("check_illustration", true).toBool();

+ 	bool useNativeStyle = settings.value("check_native_style", false).toBool();

+ 	settings.endGroup();

+--- a/tipp10.pro
++++ b/tipp10.pro
+@@ -43,7 +43,6 @@ HEADERS         += 	def/defines.h \
+                     widget/helpbrowser.h \

+                     widget/companylogo.h \

+                     widget/errormessage.h \

+-                    widget/licensedialog.h \

+                     widget/txtmessagedialog.h \

+                     widget/checkversion.h \

+                     sql/connection.h \

+@@ -78,7 +77,6 @@ SOURCES         += 	main.cpp \
+                     widget/helpbrowser.cpp \

+                     widget/companylogo.cpp \

+                     widget/errormessage.cpp \

+-                    widget/licensedialog.cpp \

+                     widget/txtmessagedialog.cpp \

+                     widget/checkversion.cpp \

+                     sql/lessontablesql.cpp \

+--- a/widget/licensedialog.cpp
++++ /dev/null
+@@ -1,168 +0,0 @@
+-/*

+-Copyright (c) 2006-2009, Tom Thielicke IT Solutions

+-

+-This program is free software; you can redistribute it and/or

+-modify it under the terms of the GNU General Public License

+-as published by the Free Software Foundation; either version 2

+-of the License.

+-

+-This program is distributed in the hope that it will be useful,

+-but WITHOUT ANY WARRANTY; without even the implied warranty of

+-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+-GNU General Public License for more details.

+-

+-You should have received a copy of the GNU General Public License

+-along with this program; if not, write to the Free Software

+-Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA

+-02110-1301, USA.

+-*/

+-

+-/****************************************************************

+-**

+-** Implementation of the LicenseDialog class

+-** File name: licensedialog.cpp

+-**

+-****************************************************************/

+-

+-#include <QHBoxLayout>

+-#include <QVBoxLayout>

+-#include <QMessageBox>

+-#include <QSettings>

+-#include <QCoreApplication>

+-

+-#include "licensedialog.h"

+-#include "def/defines.h"

+-

+-LicenseDialog::LicenseDialog(QWidget *parent) : QDialog(parent) {

+-

+-	setWindowFlags(windowFlags() ^ Qt::WindowContextHelpButtonHint);

+-

+-	setWindowTitle(tr("Lizenznummer"));

+-	setWindowIcon(QIcon(":/img/" + QString(ICON_FILENAME)));

+-

+-	// Create texbox

+-    createLineEdit();

+-

+-	// Create buttons

+-    createButtons();

+-

+-	// Set the layout of all widgets created above

+-	createLayout();

+-

+-	lineLicensing->setFocus();

+-}

+-

+-void LicenseDialog::createButtons() {

+-	//Buttons

+-	buttonOk = new QPushButton(this);

+-	buttonDemo = new QPushButton(this);

+-

+-	buttonOk->setText(tr("&Ok"));

+-	buttonDemo->setText(tr("&Demo starten"));

+-	buttonDemo->setToolTip(tr("Im Demo-Modus koennen pro Lektion nur\n"

+-		"10 Schriftzeichen eingegeben werden"));

+-

+-	buttonOk->setDefault(true);

+-	// Widget connections

+-    connect(buttonOk, SIGNAL(clicked()), this, SLOT(clickOk()));

+-    connect(buttonDemo, SIGNAL(clicked()), this, SLOT(clickDemo()));

+-}

+-

+-void LicenseDialog::createLineEdit() {

+-

+-	lineLicensing = new QLineEdit();

+-	lineLicensing->setInputMask(">NNNNNNNNNNNNNN");

+-

+-	labelLicensing = new QLabel(tr("Bitte geben Sie Ihre Lizenznummer "

+-		"(ohne Leerzeichen) ein, "

+-		"die Sie im Arbeitsbuch (Schulbuch) auf Seite 3 finden:"));

+-

+-	labelLicensing->setWordWrap(true);

+-}

+-

+-void LicenseDialog::createLayout() {

+-	// Button layout horizontal

+-	QHBoxLayout *buttonLayoutHorizontal = new QHBoxLayout;

+-    buttonLayoutHorizontal->addStretch(1);

+-    buttonLayoutHorizontal->addWidget(buttonDemo);

+-    buttonLayoutHorizontal->addWidget(buttonOk);

+-	// Full layout of all widgets vertical

+-	QVBoxLayout *mainLayout = new QVBoxLayout;

+-    mainLayout->addSpacing(1);

+-    mainLayout->addWidget(labelLicensing);

+-    mainLayout->addSpacing(1);

+-    mainLayout->addWidget(lineLicensing);

+-    mainLayout->addSpacing(1);

+-    mainLayout->addLayout(buttonLayoutHorizontal);

+-    mainLayout->setMargin(15);

+-    mainLayout->setSpacing(15);

+-    // Pass layout to parent widget (this)

+-	this->setLayout(mainLayout);

+-}

+-

+-void LicenseDialog::clickOk() {

+-

+-	// Check license key

+-	if (!checkLicenseKey(lineLicensing->text())) {

+-

+-		// License key is wrong

+-

+-		// Message to the user

+-		QMessageBox::information(0, APP_NAME,

+-			tr("Die eingegebene Lizenznummer ist leider nicht "

+-			"korrekt.\nBitte ueberpruefen Sie die Schreibweise."));

+-

+-		lineLicensing->setFocus();

+-

+-	} else {

+-

+-		// License key is ok

+-		writeSettings();

+-		accept();

+-	}

+-}

+-

+-void LicenseDialog::clickDemo() {

+-	accept();

+-}

+-

+-bool LicenseDialog::checkLicenseKey(QString licenseKey) {

+-	if (licenseKey.size() == 14 &&

+-		licenseKey[0].isLetter() &&

+-		licenseKey[1].isLetter() &&

+-		(licenseKey.mid(2, 2) == "39" ||

+-		licenseKey.mid(2, 2) == "41" ||

+-		licenseKey.mid(2, 2) == "43" ||

+-		licenseKey.mid(2, 2) == "49" ||

+-		licenseKey.mid(2, 2) == "99") &&

+-		licenseKey[4].isDigit() &&

+-		licenseKey[5].isDigit() &&

+-		licenseKey[6].isDigit() &&

+-		licenseKey[7].isLetter() &&

+-		licenseKey[8].isDigit() &&

+-		licenseKey[9].isDigit() &&

+-		licenseKey[10].isDigit() &&

+-		licenseKey[11].isDigit() &&

+-		licenseKey[12].isLetter() &&

+-		licenseKey[13].isLetter()) {

+-

+-		return true;

+-	}

+-	return false;

+-}

+-

+-void LicenseDialog::writeSettings() {

+-	// Saves settings of the startwiget

+-	// (uses the default constructor of QSettings, passing

+-	// the application and company name see main function)

+-	#if APP_PORTABLE

+-	QSettings settings(QCoreApplication::applicationDirPath() +

+-    	"/portable/settings.ini", QSettings::IniFormat);

+-    #else

+-	QSettings settings;

+-	#endif

+-

+-	settings.beginGroup("general");

+-	settings.setValue("licensekey", lineLicensing->text());

+-	settings.endGroup();

+-}

+--- a/widget/licensedialog.h
++++ /dev/null
+@@ -1,85 +0,0 @@
+-/*

+-Copyright (c) 2006-2009, Tom Thielicke IT Solutions

+-

+-This program is free software; you can redistribute it and/or

+-modify it under the terms of the GNU General Public License

+-as published by the Free Software Foundation; either version 2

+-of the License.

+-

+-This program is distributed in the hope that it will be useful,

+-but WITHOUT ANY WARRANTY; without even the implied warranty of

+-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

+-GNU General Public License for more details.

+-

+-You should have received a copy of the GNU General Public License

+-along with this program; if not, write to the Free Software

+-Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA

+-02110-1301, USA.

+-*/

+-

+-/****************************************************************

+-**

+-** Definition of the LicenseDialog class

+-** File name: licensedialog.h

+-**

+-****************************************************************/

+-

+-#ifndef LICENSEDIALOG_H

+-#define LICENSEDIALOG_H

+-

+-#include <QDialog>

+-#include <QWidget>

+-#include <QPushButton>

+-#include <QLabel>

+-#include <QLineEdit>

+-#include <QString>

+-

+-//! The LicenseDialog class provides a license input widget.

+-/*!

+-	The LicenseDialog class shows a dialog to enter a license key.

+-

+-	@author Tom Thielicke, s712715

+-	@version 0.0.1

+-	@date 09.09.2008

+-*/

+-class LicenseDialog : public QDialog {

+-	Q_OBJECT

+-

+-	public:

+-

+-		//! Constructor, creates two table objects and provide it in two tabs.

+-		LicenseDialog(QWidget *parent = 0);

+-

+-		bool checkLicenseKey(QString licenseKey);

+-

+-	public slots:

+-

+-	private slots:

+-

+-		//! Start button pressed

+-		void clickOk();

+-

+-		//! Demo button pressed

+-		void clickDemo();

+-

+-	private:

+-

+-		//! Creates a cancel and a ok button.

+-		void createButtons();

+-

+-		//! Creates a textbox.

+-		void createLineEdit();

+-

+-		//! Creates the layout of the complete class.

+-		void createLayout();

+-

+-		//! Writes user settings

+-		void writeSettings();

+-

+-		QPushButton *buttonOk;

+-		QPushButton *buttonDemo;

+-		QLabel *labelLicensing;

+-		QLineEdit *lineLicensing;

+-};

+-

+-#endif //LICENSEDIALOG_H

+--- a/widget/mainwindow.cpp
++++ b/widget/mainwindow.cpp
+@@ -116,11 +116,6 @@ void MainWindow::closeEvent(QCloseEvent
+ 	}

+ }

+ 

+-bool MainWindow::checkLicenseKey(QString licenseKey) {

+-

+-    return false;

+-}

+-

+ void MainWindow::createMenu() {

+ 	//Mac-Version:

+ 	//-----------

+--- a/widget/mainwindow.h
++++ b/widget/mainwindow.h
+@@ -39,7 +39,6 @@ Foundation, Inc., 51 Franklin Street, Fi
+ #include "trainingwidget.h"

+ #include "evaluationwidget.h"

+ #include "illustrationdialog.h"

+-#include "licensedialog.h"

+ #include "games/abcrainwidget.h"

+ #include "helpbrowser.h"

+ 

diff --git a/gnu/packages/patches/totem-debug-format-fix.patch b/gnu/packages/patches/totem-debug-format-fix.patch
deleted file mode 100644
index 7ddd31ee10..0000000000
--- a/gnu/packages/patches/totem-debug-format-fix.patch
+++ /dev/null
@@ -1,11 +0,0 @@
---- totem-3.20.1/src/backend/bacon-video-widget.c.orig	2016-03-22 12:45:32.000000000 -0400
-+++ totem-3.20.1/src/backend/bacon-video-widget.c	2016-05-11 02:49:55.299109551 -0400
-@@ -2334,7 +2334,7 @@
-     if (!gst_toc_entry_get_start_stop_times (entry, &start, &stop)) {
-       GST_DEBUG ("Chapter #%d (couldn't get times)", i);
-     } else {
--      GST_DEBUG ("Chapter #%d (start: %li stop: %li)", i, start, stop);
-+      GST_DEBUG ("Chapter #%d (start: %li stop: %li)", i, (long) start, (long) stop);
-     }
-   }
- 
diff --git a/gnu/packages/patches/upower-builddir.patch b/gnu/packages/patches/upower-builddir.patch
index 13cef5876a..d59d4364b8 100644
--- a/gnu/packages/patches/upower-builddir.patch
+++ b/gnu/packages/patches/upower-builddir.patch
@@ -37,7 +37,7 @@ Patch by Andy Wingo <wingo@igalia.com>
 -	if (g_file_test ("../etc/UPower.conf", G_FILE_TEST_EXISTS))
 -		g_setenv ("UPOWER_CONF_FILE_NAME", "../etc/UPower.conf", TRUE);
 -	else
--		g_setenv ("UPOWER_CONF_FILE_NAME", "../../etc/UPower.conf", TRUE);
+-		g_setenv ("UPOWER_CONF_FILE_NAME", "../../../etc/UPower.conf", TRUE);
 -
  	/* tests go here */
  	g_test_add_func ("/power/backend", up_test_backend_func);
diff --git a/gnu/packages/patches/xf86-video-glint-remove-mibstore.patch b/gnu/packages/patches/xf86-video-glint-remove-mibstore.patch
deleted file mode 100644
index 969ed7e41e..0000000000
--- a/gnu/packages/patches/xf86-video-glint-remove-mibstore.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Removes references to mibstore.h and miInitializeBackingStore, which
-have been removed from xorg-server.  Zack Rusin <zackr@vmware.com>
-wrote: "It was a noop for at least 5 years and it has been removed."
-See: http://patches.openembedded.org/patch/46133/
-
---- xf86-video-glint-1.2.8/src/glint_driver.c.~1~	2012-07-15 22:50:47.000000000 -0400
-+++ xf86-video-glint-1.2.8/src/glint_driver.c	2014-12-19 00:42:39.162714279 -0500
-@@ -52,8 +52,6 @@
- #include "compiler.h"
- #include "mipointer.h"
- 
--#include "mibstore.h"
--
- #include "pm3_regs.h"
- #include "glint_regs.h"
- #include "IBM.h"
-@@ -2904,7 +2902,6 @@
-         }
-     }
- 
--    miInitializeBackingStore(pScreen);
-     xf86SetBackingStore(pScreen);
-     xf86SetSilkenMouse(pScreen);
- 
diff --git a/gnu/packages/patches/xf86-video-nv-remove-mibstore.patch b/gnu/packages/patches/xf86-video-nv-remove-mibstore.patch
deleted file mode 100644
index 48588ed0e4..0000000000
--- a/gnu/packages/patches/xf86-video-nv-remove-mibstore.patch
+++ /dev/null
@@ -1,72 +0,0 @@
-Removes references to mibstore.h and miInitializeBackingStore, which
-have been removed from xorg-server.  Zack Rusin <zackr@vmware.com>
-wrote: "It was a noop for at least 5 years and it has been removed."
-See: http://patches.openembedded.org/patch/46133/
-
-diff -ru xf86-video-nv-2.1.20.orig/src/g80_driver.c xf86-video-nv-2.1.20/src/g80_driver.c
---- xf86-video-nv-2.1.20.orig/src/g80_driver.c	2012-07-17 02:47:02.000000000 -0400
-+++ xf86-video-nv-2.1.20/src/g80_driver.c	2014-12-17 10:11:42.197579082 -0500
-@@ -34,7 +34,6 @@
- #include <xf86Resources.h>
- #endif
- #include <mipointer.h>
--#include <mibstore.h>
- #include <micmap.h>
- #include <xf86cmap.h>
- #include <fb.h>
-@@ -833,7 +832,6 @@
-         }
-     }
- 
--    miInitializeBackingStore(pScreen);
-     xf86SetBackingStore(pScreen);
-     xf86SetSilkenMouse(pScreen);
- 
-diff -ru xf86-video-nv-2.1.20.orig/src/nv_driver.c xf86-video-nv-2.1.20/src/nv_driver.c
---- xf86-video-nv-2.1.20.orig/src/nv_driver.c	2012-07-17 02:47:02.000000000 -0400
-+++ xf86-video-nv-2.1.20/src/nv_driver.c	2014-12-17 10:11:39.037563413 -0500
-@@ -2550,7 +2550,6 @@
-     if (!pNv->NoAccel)
- 	NVAccelInit(pScreen);
-     
--    miInitializeBackingStore(pScreen);
-     xf86SetBackingStore(pScreen);
-     xf86SetSilkenMouse(pScreen);
- 
-diff -ru xf86-video-nv-2.1.20.orig/src/nv_include.h xf86-video-nv-2.1.20/src/nv_include.h
---- xf86-video-nv-2.1.20.orig/src/nv_include.h	2012-07-17 02:48:19.000000000 -0400
-+++ xf86-video-nv-2.1.20/src/nv_include.h	2014-12-17 10:11:22.089479372 -0500
-@@ -24,9 +24,6 @@
- /* All drivers initialising the SW cursor need this */
- #include "mipointer.h"
- 
--/* All drivers implementing backing store need this */
--#include "mibstore.h"
--
- #include "micmap.h"
- 
- #include "xf86DDC.h"
-diff -ru xf86-video-nv-2.1.20.orig/src/riva_driver.c xf86-video-nv-2.1.20/src/riva_driver.c
---- xf86-video-nv-2.1.20.orig/src/riva_driver.c	2012-07-17 02:47:02.000000000 -0400
-+++ xf86-video-nv-2.1.20/src/riva_driver.c	2014-12-17 10:11:31.101524060 -0500
-@@ -1168,7 +1168,6 @@
-     if (!pRiva->NoAccel)
- 	RivaAccelInit(pScreen);
-     
--    miInitializeBackingStore(pScreen);
-     xf86SetBackingStore(pScreen);
-     xf86SetSilkenMouse(pScreen);
- 
-diff -ru xf86-video-nv-2.1.20.orig/src/riva_include.h xf86-video-nv-2.1.20/src/riva_include.h
---- xf86-video-nv-2.1.20.orig/src/riva_include.h	2012-07-17 02:48:45.000000000 -0400
-+++ xf86-video-nv-2.1.20/src/riva_include.h	2014-12-17 10:11:12.229430478 -0500
-@@ -22,9 +22,6 @@
- /* All drivers initialising the SW cursor need this */
- #include "mipointer.h"
- 
--/* All drivers implementing backing store need this */
--#include "mibstore.h"
--
- #include "micmap.h"
- 
- #include "xf86DDC.h"
diff --git a/gnu/packages/pdf.scm b/gnu/packages/pdf.scm
index 3f329c5426..2ea48e5999 100644
--- a/gnu/packages/pdf.scm
+++ b/gnu/packages/pdf.scm
@@ -6,10 +6,11 @@
 ;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
 ;;; Coypright © 2016 ng0 <ng0@we.make.ritual.n0.is>
 ;;; Coypright © 2016 Efraim Flashner <efraim@flashner.co.il>
-;;; Coypright © 2016 Marius Bakke <mbakke@fastmail.com>
+;;; Coypright © 2016, 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Coypright © 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Coypright © 2016 Julien Lepiller <julien@lepiller.eu>
 ;;; Copyright © 2016 Arun Isaac <arunisaac@systemreboot.net>
+;;; Copyright © 2017 Leo Famulari <leo@famulari.name>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -72,14 +73,14 @@
 (define-public poppler
   (package
    (name "poppler")
-   (version "0.47.0")
+   (version "0.50.0")
    (source (origin
             (method url-fetch)
             (uri (string-append "https://poppler.freedesktop.org/poppler-"
                                 version ".tar.xz"))
             (sha256
              (base32
-              "0hnjkcqqk87dw3hlda4gh4l7brkslniax9a79g772jn3iwiffwmq"))))
+              "0dmwnh59m75vhii6dw63x8l0qa0ha733pb8bdqzr7lw9nwc37jf9"))))
    (build-system gnu-build-system)
    ;; FIXME:
    ;;  use libcurl:        no
@@ -89,7 +90,7 @@
              ("libpng" ,libpng)
              ("libtiff" ,libtiff)
              ("lcms" ,lcms)
-             ("openjpeg-1" ,openjpeg-1)
+             ("openjpeg-1" ,openjpeg-1) ; prefers openjpeg-1
              ("zlib" ,zlib)
 
              ;; To build poppler-glib (as needed by Evince), we need Cairo and
@@ -117,7 +118,8 @@
             (setenv "CPATH"
                     (string-append (assoc-ref %build-inputs "openjpeg-1")
                                    "/include/openjpeg-1.5"
-                                   ":" (or (getenv "CPATH") ""))))))))
+                                   ":" (or (getenv "CPATH") "")))
+            #t)))))
    (synopsis "PDF rendering library")
    (description
     "Poppler is a PDF rendering library based on the xpdf-3.0 code base.")
@@ -270,7 +272,7 @@ reading and editing of existing PDF files.")
 (define-public zathura-cb
   (package
     (name "zathura-cb")
-    (version "0.1.5")
+    (version "0.1.6")
     (source (origin
               (method url-fetch)
               (uri
@@ -278,7 +280,7 @@ reading and editing of existing PDF files.")
                               version ".tar.gz"))
               (sha256
                (base32
-                "1zbazysdjwwnzw01qlnzyixwmsi8rqskc76mp81qcr3rpl96jprp"))))
+                "1fim4mpm8l2g3msj1vg70ks3c9lrwllv3yh4jv8l9f8k3r19b3l8"))))
     (native-inputs `(("pkg-config" ,pkg-config)))
     (propagated-inputs `(("girara" ,girara)))
     (inputs `(("libarchive" ,libarchive)
@@ -301,7 +303,7 @@ using libarchive.")
 (define-public zathura-ps
   (package
     (name "zathura-ps")
-    (version "0.2.3")
+    (version "0.2.4")
     (source (origin
               (method url-fetch)
               (uri
@@ -309,7 +311,7 @@ using libarchive.")
                               version ".tar.gz"))
               (sha256
                (base32
-                "18wsfy8pqficdgj8wy2aws7j4fy8z78157rhqk17mj5f295zgvm9"))))
+                "1nxbl0glnzpan78fhdfzhkcd0cikcvrkzf9m56mb0pvnwzlwg7zv"))))
     (native-inputs `(("pkg-config" ,pkg-config)))
     (propagated-inputs `(("girara" ,girara)))
     (inputs `(("libspectre" ,libspectre)
@@ -332,7 +334,7 @@ using libspectre.")
 (define-public zathura-djvu
   (package
     (name "zathura-djvu")
-    (version "0.2.5")
+    (version "0.2.6")
     (source (origin
               (method url-fetch)
               (uri
@@ -340,7 +342,7 @@ using libspectre.")
                               version ".tar.gz"))
               (sha256
                (base32
-                "03cw54d2fipvbrnbqy0xccqkx6s77dyhyymx479aj5ryy4513dq8"))))
+                "0py0ra44f65cg064xzds0qr6vnglj2a5bwhnbwa0dyh2nyizdzmf"))))
     (native-inputs `(("pkg-config" ,pkg-config)))
     (propagated-inputs `(("girara" ,girara)))
     (inputs
@@ -364,7 +366,7 @@ using the DjVuLibre library.")
 (define-public zathura-pdf-poppler
   (package
     (name "zathura-pdf-poppler")
-    (version "0.2.6")
+    (version "0.2.7")
     (source (origin
               (method url-fetch)
               (uri
@@ -372,7 +374,7 @@ using the DjVuLibre library.")
                               version ".tar.gz"))
               (sha256
                (base32
-                "1maqiv7yv8d8hymlffa688c5z71v85kbzmx2j88i8z349xx0rsyi"))))
+                "1h43sgxpsbrsnn5z19661642plzhpv6b0y3f4kyzshv1rr6lwplq"))))
     (native-inputs `(("pkg-config" ,pkg-config)))
     (propagated-inputs `(("girara" ,girara)))
     (inputs
@@ -397,7 +399,7 @@ by using the poppler rendering engine.")
 (define-public zathura
   (package
     (name "zathura")
-    (version "0.3.6")
+    (version "0.3.7")
     (source (origin
               (method url-fetch)
               (uri
@@ -405,7 +407,7 @@ by using the poppler rendering engine.")
                               version ".tar.gz"))
               (sha256
                (base32
-                "0fyb5hak0knqvg90rmdavwcmilhnrwgg1s5ykx9wd3skbpi8nsh8"))
+                "1w0g74dq4z2vl3f99s2gkaqrb5pskgzig10qhbxj4gq9yj4zzbr2"))
               (patches (search-patches
                         "zathura-plugindir-environment-variable.patch"))))
     (native-inputs `(("pkg-config" ,pkg-config)
@@ -479,6 +481,7 @@ extracting content or merging files.")
 (define-public mupdf
   (package
     (name "mupdf")
+    (replacement mupdf/fixed)
     (version "1.10a")
     (source
       (origin
@@ -537,6 +540,18 @@ line tools for batch rendering (pdfdraw), rewriting files (pdfclean),
 and examining the file structure (pdfshow).")
     (license license:agpl3+)))
 
+(define mupdf/fixed
+  (package
+    (inherit mupdf)
+    (source
+      (origin
+        (inherit (package-source mupdf))
+        (patches
+          (append
+            (origin-patches (package-source mupdf))
+            (search-patches "mupdf-mujs-CVE-2016-10132.patch"
+                            "mupdf-mujs-CVE-2016-10133.patch")))))))
+
 (define-public qpdf
   (package
    (name "qpdf")
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index 8f103ec6d7..fb294eb42d 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -12,6 +12,7 @@
 ;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
 ;;; Copyright © 2016 Ben Woodcroft <donttrustben@gmail.com>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
+;;; Copyright © 2017 Raoul J.P. Bonnal <ilpuccio.febo@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -5014,6 +5015,30 @@ show those variables which are in scope at the point of the call.  PadWalker
 is particularly useful for debugging.")
     (license (package-license perl))))
 
+(define-public perl-parallel-forkmanager
+  (package
+    (name "perl-parallel-forkmanager")
+    (version "1.19")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://cpan/authors/id/Y/YA/YANICK/Parallel-ForkManager-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "0wm4wp6p3ah5z212jl12728z68nmxmfr0f03z1jpvdzffnc2xppi"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-test-warn" ,perl-test-warn)))
+    (home-page "http://search.cpan.org/dist/Parallel-ForkManager")
+    (synopsis "Simple parallel processing fork manager")
+    (description "@code{Parallel::ForkManager} is intended for use in
+operations that can be done in parallel where the number of
+processes to be forked off should be limited.")
+    (license (package-license perl))))
+
 (define-public perl-params-util
   (package
     (name "perl-params-util")
@@ -5925,7 +5950,7 @@ done, how much is left to do, and estimate how long it will take.")
 (define-public perl-term-readkey
   (package
     (name "perl-term-readkey")
-    (version "2.32")
+    (version "2.37")
     (source
      (origin
        (method url-fetch)
@@ -5933,7 +5958,7 @@ done, how much is left to do, and estimate how long it will take.")
                            "TermReadKey-" version ".tar.gz"))
        (sha256
         (base32
-         "1y79w5cj98w0a1nqxjhmaw01p2hfhzfw340m2qxd11p6124hxfaq"))))
+         "0hdj5mldpj3pyprd4hbbalfx9yjgi5p59gg2ixk9808f5v7q74sa"))))
     (build-system perl-build-system)
     (home-page "http://search.cpan.org/dist/TermReadKey")
     (synopsis "Simple terminal control")
diff --git a/gnu/packages/photo.scm b/gnu/packages/photo.scm
index 8e823cfc21..ce71d2a441 100644
--- a/gnu/packages/photo.scm
+++ b/gnu/packages/photo.scm
@@ -163,7 +163,7 @@ MTP, and much more.")
 (define-public perl-image-exiftool
   (package
     (name "perl-image-exiftool")
-    (version "10.20")
+    (version "10.40")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -171,7 +171,7 @@ MTP, and much more.")
                     version ".tar.gz"))
               (sha256
                (base32
-                "0akdnxvb23ibcwa63ncibaj5m5k56cb34x8gy90z9lqcjl0f4sph"))))
+                "1p05d9k94win8a24cr7lsllb6wjl3dagsmdbcxzv6f68z7i1jdly"))))
     (build-system perl-build-system)
     (arguments
      '(#:phases (alist-cons-after
@@ -186,10 +186,10 @@ MTP, and much more.")
                                    `("PERL5LIB" prefix (,lib)))))
                  %standard-phases)))
     (home-page "http://search.cpan.org/dist/Image-ExifTool")
-    (synopsis "Program and Perl library to manipulate EXIF tags")
-    (description
-     "This package provides the 'exiftool' command and the 'Image::ExifTool'
-Perl library to manipulate EXIF tags of digital images.")
+    (synopsis "Program and Perl library to manipulate EXIF and other metadata")
+    (description "This package provides the @code{exiftool} command and the
+@code{Image::ExifTool} Perl library to manipulate EXIF tags of digital images
+and a wide variety of other metadata.")
     (license (package-license perl))))
 
 (define-public libpano13
diff --git a/gnu/packages/popt.scm b/gnu/packages/popt.scm
index 3200873d58..a9b5f501da 100644
--- a/gnu/packages/popt.scm
+++ b/gnu/packages/popt.scm
@@ -20,7 +20,6 @@
 (define-module (gnu packages popt)
   #:use-module (guix packages)
   #:use-module (guix download)
-  #:use-module (guix git-download)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system cmake)
   #:use-module (guix licenses))
@@ -95,16 +94,15 @@ similar to getopt(3), it contains a number of enhancements, including:
 (define-public gflags
   (package
     (name "gflags")
-    (version "2.1.2")
+    (version "2.2.0")
     (source (origin
-              (method git-fetch)
-              (uri (git-reference
-                    (commit (string-append "v" version))
-                    (url "https://github.com/gflags/gflags.git")))
+              (method url-fetch)
+              (uri (string-append "https://github.com/gflags/gflags"
+                                  "/archive/v" version ".tar.gz"))
               (sha256
                (base32
-                "0qxvr9cyxq3px60jglkm94pq5bil8dkjjdb99l3ypqcds7iypx9w"))
-              (file-name (string-append name "-" version "-checkout"))))
+                "120z4w40zr4s8wvfyw1bdmqvincwrwjnimzlwhs1ficaa333cv26"))
+              (file-name (string-append name "-" version ".tar.gz"))))
     (build-system cmake-build-system)
     (arguments
      '(#:configure-flags '("-DBUILD_SHARED_LIBS=ON"
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index d8ca83d810..5feca2b68e 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -26,7 +26,7 @@
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
 ;;; Copyright © 2016 Dylan Jeffers <sapientech@sapientech@openmailbox.org>
 ;;; Copyright © 2016 David Craven <david@craven.ch>
-;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
+;;; Copyright © 2016, 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2016 Stefan Reichoer <stefan@xsteve.at>
 ;;; Copyright © 2016 Dylan Jeffers <sapientech@sapientech@openmailbox.org>
 ;;; Copyright © 2016 Alex Vong <alexvong1995@gmail.com>
@@ -34,6 +34,7 @@
 ;;; Copyright © 2016 Julien Lepiller <julien@lepiller.eu>
 ;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 Thomas Danckaert <post@thomasdanckaert.be>
+;;; Copyright © 2017 Carlo Zancanaro <carlo@zancanaro.id.au>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -1321,7 +1322,7 @@ Python 3.3+.")
     (arguments `(#:python ,python-2
                  #:tests? #f))                    ; invalid command "test"
     (home-page "https://fedorahosted.org/dogtail/")
-    (synopsis "GUI test tool and automation framework written in ​Python")
+    (synopsis "GUI test tool and automation framework written in Python")
     (description
      "Dogtail is a GUI test tool and automation framework written in Python.
 It uses Accessibility (a11y) technologies to communicate with desktop
@@ -2369,14 +2370,14 @@ is used by the Requests library to verify HTTPS requests.")
 (define-public python-click
   (package
     (name "python-click")
-    (version "6.6")
+    (version "6.7")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "click" version))
        (sha256
         (base32
-         "1sggipyz52crrybwbr9xvwxd4aqigvplf53k9w3ygxmzivd1jsnc"))))
+         "02qkfpykbq35id8glfgwc38yc430427yd05z1wc5cnld8zgicmgi"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
@@ -3463,14 +3464,14 @@ association studies (GWAS) on extremely large data sets.")
 (define-public python-pygit2
   (package
     (name "python-pygit2")
-    (version "0.24.2")
+    (version "0.25.0")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "pygit2" version))
        (sha256
         (base32
-         "0shnafv9zc483wmcr4fzgvirg1qzz42xpdqd4a3ad39sdj1qbbia"))))
+         "0wf5rp0fvrw7j3j18dvwjq6xqlbm611wd55aphrfpps0v1gxh3ny"))))
     (build-system python-build-system)
     (propagated-inputs
      `(("python-six" ,python-six)
@@ -4157,6 +4158,34 @@ SQLAlchemy Database Toolkit for Python.")
 (define-public python2-alembic
   (package-with-python2 python-alembic))
 
+(define-public python-autopep8
+  (package
+  (name "python-autopep8")
+  (version "1.2.4")
+  (source
+   (origin
+     (method url-fetch)
+     (uri (pypi-uri "autopep8" version))
+     (sha256
+      (base32
+       "18parm383lfn42a00wklv3qf20p4v277f1x3cn58x019dqk1xqrq"))))
+  (build-system python-build-system)
+  (propagated-inputs
+    `(("python-pep8" ,python-pep8)))
+  (home-page "https://github.com/hhatto/autopep8")
+  (synopsis "Format Python code according to the PEP 8 style guide")
+  (description
+    "@code{autopep8} automatically formats Python code to conform to
+the PEP 8 style guide.  It uses the pycodestyle utility to determine
+what parts of the code needs to be formatted.  @code{autopep8} is
+capable of fixing most of the formatting issues that can be reported
+by pycodestyle.")
+  (license (license:non-copyleft
+            "https://github.com/hhatto/autopep8/blob/master/LICENSE"))))
+
+(define-public python2-autopep8
+  (package-with-python2 python-autopep8))
+
 (define-public python-distutils-extra
   (package
     (name "python-distutils-extra")
@@ -6057,6 +6086,65 @@ pseudo terminal (pty), and interact with both the process and its pty.")
 (define-public python2-ptyprocess
   (package-with-python2 python-ptyprocess))
 
+(define-public python-cram
+  (package
+    (name "python-cram")
+    (version "0.7")
+    (home-page "https://bitheap.org/cram/")
+    (source (origin
+              (method url-fetch)
+              (uri (list (string-append home-page "cram-"
+                                        version ".tar.gz")
+                         (pypi-uri "cram" version)))
+              (sha256
+               (base32
+                "0bvz6fwdi55rkrz3f50zsy35gvvwhlppki2yml5bj5ffy9d499vx"))))
+    (arguments
+     '(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-source
+           (lambda _
+             (substitute* (find-files "cram" ".*\\.py$")
+               ;; Replace default shell path.
+               (("/bin/sh") (which "sh")))
+             (substitute* (find-files "tests" ".*\\.t$")
+               (("md5") "md5sum")
+               (("/bin/bash") (which "bash"))
+               (("/bin/sh") (which "sh")))
+             (substitute* "cram/_test.py"
+               ;; This hack works around a bug triggered by substituting
+               ;; the /bin/sh paths. "tests/usage.t" compares the output of
+               ;; "cram -h", which breaks the output at 80 characters. This
+               ;; causes the line showing the default shell to break into two
+               ;; lines, but the test expects a single line...
+               (("env\\['COLUMNS'\\] = '80'")
+                "env['COLUMNS'] = '160'"))
+             #t))
+         (delete 'check)
+         (add-after 'install 'check
+           ;; The test phase uses the built library and executable.
+           ;; It's easier to run it after install since the build
+           ;; directory contains version-specific PATH.
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (add-installed-pythonpath inputs outputs)
+             (setenv "PATH" (string-append (getenv "PATH") ":"
+                                           (assoc-ref outputs "out") "/bin"))
+             (zero? (system* "make" "test")))))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("python-coverage" ,python-coverage)
+       ("which" ,which)))
+    (synopsis "Simple testing framework for command line applications")
+    (description
+     "Cram is a functional testing framework for command line applications.
+Cram tests look like snippets of interactive shell sessions.  Cram runs each
+command and compares the command output in the test with the command’s actual
+output.")
+    (license license:gpl2+)))
+
+(define-public python2-cram
+  (package-with-python2 python-cram))
+
 (define-public python-terminado
   (package
     (name "python-terminado")
@@ -6771,26 +6859,21 @@ library.")
 (define-public python-pip
   (package
     (name "python-pip")
-    (version "8.0.2")
+    (version "9.0.1")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "pip" version))
        (sha256
         (base32
-         "08cm8d4228fj0qnrysy3qv1a6022zr3dcs25amd14lgxil6vvx26"))))
+         "03clr9c1dih5n9c00c592zzvf6r1ffimywkaq9agcqdllzhl7wh9"))))
     (build-system python-build-system)
-    (native-inputs
-      `(;; Tests
-        ("python-virtualenv" ,python-virtualenv)
-        ("python-mock" ,python-mock)
-        ("python-pytest" ,python-pytest)
-        ("python-scripttest" ,python-scripttest)))
+    (arguments
+     '(#:tests? #f))          ; there are no tests in the pypi archive.
     (home-page "https://pip.pypa.io/")
-    (synopsis
-      "Package manager for Python software")
+    (synopsis "Package manager for Python software")
     (description
-      "Pip is a package manager for Python software, that finds packages on the
+     "Pip is a package manager for Python software, that finds packages on the
 Python Package Index (PyPI).")
     (license license:expat)))
 
@@ -8229,13 +8312,13 @@ processes across test runs.")
 (define-public python-icalendar
   (package
     (name "python-icalendar")
-    (version "3.11.1")
+    (version "3.11.2")
     (source (origin
              (method url-fetch)
              (uri (pypi-uri "icalendar" version))
              (sha256
               (base32
-               "1bvi7rzh7scl4nmgj2n2cy7k0v3p29y15cqy2hcdnfq9mnhdr63y"))))
+               "17rcy6rb9kqjf4p707ivmx7phjq7ngcz3bf7zriwxrqgrjagj7ag"))))
     (build-system python-build-system)
     (propagated-inputs
      `(("python-dateutil-2" ,python-dateutil-2)
@@ -10156,7 +10239,7 @@ different processes.  This allows better error handling when running code over
 multiple processes (imagine multiprocessing, billiard, futures, celery etc).
 
 @item Parse traceback strings and raise with the parsed tracebacks.
-@end itemize")
+@end enumerate\n")
     (license license:bsd-3)))
 
 (define-public python2-tblib
@@ -12336,3 +12419,127 @@ possible on all supported Python versions.")
 
 (define-public python2-xopen
   (package-with-python2 python-xopen))
+
+(define-public python2-cheetah
+  (package
+    (name "python2-cheetah")
+    (version "2.4.4")
+    (source
+      (origin
+        (method url-fetch)
+        (uri (pypi-uri "Cheetah" version))
+        (sha256
+          (base32
+            "0l5mm4lnysjkzpjr95q5ydm9xc8bv43fxmr79ypybrf1y0lq4c5y"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:python ,python-2))
+    (propagated-inputs
+     `(("python2-markdown" ,python2-markdown)))
+    (home-page "https://pythonhosted.org/Cheetah/")
+    (synopsis "Template engine")
+    (description "Cheetah is a text-based template engine and Python code
+generator.
+
+Cheetah can be used as a standalone templating utility or referenced as
+a library from other Python applications.  It has many potential uses,
+but web developers looking for a viable alternative to ASP, JSP, PHP and
+PSP are expected to be its principle user group.
+
+Features:
+@enumerate
+@item Generates HTML, SGML, XML, SQL, Postscript, form email, LaTeX, or any other
+   text-based format.
+@item Cleanly separates content, graphic design, and program code.
+@item Blends the power and flexibility of Python with a simple template language
+   that non-programmers can understand.
+@item Gives template writers full access to any Python data structure, module,
+   function, object, or method in their templates.
+@item Makes code reuse easy by providing an object-orientated interface to
+   templates that is accessible from Python code or other Cheetah templates.
+   One template can subclass another and selectively reimplement sections of it.
+@item Provides a simple, yet powerful, caching mechanism that can dramatically
+   improve the performance of a dynamic website.
+@item Compiles templates into optimized, yet readable, Python code.
+@end enumerate")
+    (license (license:x11-style "file://LICENSE"))))
+
+(define-public python-pbkdf2
+  (package
+    (name "python-pbkdf2")
+    (version "1.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "pbkdf2" version))
+       (sha256
+        (base32
+         "0yb99rl2mbsaamj571s1mf6vgniqh23v98k4632150hjkwv9fqxc"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("python-pycrypto" ,python-pycrypto)))  ; optional
+    (home-page "http://www.dlitz.net/software/python-pbkdf2/")
+    (synopsis "Password-based key derivation")
+    (description "This module implements the password-based key derivation
+function, PBKDF2, specified in RSA PKCS#5 v2.0.
+
+PKCS#5 v2.0 Password-Based Key Derivation is a key derivation function which
+is part of the RSA Public Key Cryptography Standards series.  The provided
+implementation takes a password or a passphrase and a salt value (and
+optionally a iteration count, a digest module, and a MAC module) and provides
+a file-like object from which an arbitrarly-sized key can be read.")
+    (license license:expat)))
+
+(define-public python2-pbkdf2
+  (package-with-python2 python-pbkdf2))
+
+(define-public python-qrcode
+  (package
+    (name "python-qrcode")
+    (version "5.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "qrcode" version))
+       (sha256
+        (base32
+         "0kljfrfq0c2rmxf8am57333ia41kd0snbm2rnqbdy816hgpcq5a1"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("python-lxml" ,python-lxml)     ; for SVG output
+       ("python-pillow" ,python-pillow) ; for PNG output
+       ("python-six" ,python-six)))
+    (home-page "https://github.com/lincolnloop/python-qrcode")
+    (synopsis "QR Code image generator")
+    (description "This package provides a pure Python QR Code generator
+module.  It uses the Python Imaging Library (PIL) to allow for the generation
+of QR Codes.
+
+In addition this package provides a command line tool to generate QR codes and
+either write these QR codes to a file or do the output as ascii art at the
+console.")
+    (license license:bsd-3)))
+
+(define-public python2-qrcode
+  (package-with-python2 python-qrcode))
+
+;; SlowAES isn't compatible with Python 3.
+(define-public python2-slowaes
+  (package
+    (name "python2-slowaes")
+    (version "0.1a1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "slowaes" version))
+       (sha256
+        (base32
+         "02dzajm83a7lqgxf6r3hgj64wfmcxz8gs4nvgxpvj5n19kjqlrc3"))))
+    (build-system python-build-system)
+    (arguments `(#:python ,python-2))
+    (home-page "http://code.google.com/p/slowaes/")
+    (synopsis "Implementation of AES in Python")
+    (description "This package contains an implementation of AES in Python.
+This implementation is slow (hence the project name) but still useful when
+faster ones are not available.")
+    (license license:asl2.0)))
diff --git a/gnu/packages/qemu.scm b/gnu/packages/qemu.scm
index 4c47a09902..1c10ab9aee 100644
--- a/gnu/packages/qemu.scm
+++ b/gnu/packages/qemu.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2015, 2016 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -76,7 +76,11 @@
                                  version ".tar.bz2"))
              (sha256
               (base32
-               "0qjy3rcrn89n42y5iz60kgr0rrl29hpnj8mq2yvbc1wrcizmvzfs"))))
+               "0qjy3rcrn89n42y5iz60kgr0rrl29hpnj8mq2yvbc1wrcizmvzfs"))
+             (patches (search-patches "qemu-CVE-2016-10155.patch"
+                                      "qemu-CVE-2017-5525.patch"
+                                      "qemu-CVE-2017-5526.patch"
+                                      "qemu-CVE-2017-5552.patch"))))
     (build-system gnu-build-system)
     (arguments
      '(;; Running tests in parallel can occasionally lead to failures, like:
@@ -237,6 +241,7 @@ server and embedded PowerPC, and S390 guests.")
         ,(origin
            (method url-fetch)
            (uri "http://linux-usb.cvs.sourceforge.net/viewvc/linux-usb/htdocs/usb.ids?revision=1.539")
+           (file-name "usb.ids")
            (sha256
             (base32
              "0w9ila7662lzpx416lqy69zx6gfwq2xiigwd5fdyqcrg3dj07m80"))))))
diff --git a/gnu/packages/qt.scm b/gnu/packages/qt.scm
index 15beb8037e..b2fe6e445c 100644
--- a/gnu/packages/qt.scm
+++ b/gnu/packages/qt.scm
@@ -2,8 +2,8 @@
 ;;; Copyright © 2013, 2014, 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
 ;;; Copyright © 2015 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 ng0 <ng0@libertad.pw>
 ;;; Copyright © 2016 Thomas Danckaert <post@thomasdanckaert.be>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -55,6 +55,7 @@
   #:use-module (gnu packages pulseaudio)
   #:use-module (gnu packages python)
   #:use-module (gnu packages ruby)
+  #:use-module (gnu packages sdl)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages xdisorg)
   #:use-module (gnu packages xorg)
@@ -553,14 +554,22 @@ developers using C++ or QML, a CSS & JavaScript like language.")
          (replace 'configure
            (lambda* (#:key outputs #:allow-other-keys)
              (let ((out (assoc-ref outputs "out")))
-               (zero? (system* "qmake" (string-append "PREFIX=" out))))))
+               ;; Valid QT_BUILD_PARTS variables are:
+               ;; libs tools tests examples demos docs translations
+               (zero? (system* "qmake" "QT_BUILD_PARTS = libs tools tests"
+                               (string-append "PREFIX=" out))))))
          (add-before 'install 'fix-Makefiles
            (lambda* (#:key inputs outputs #:allow-other-keys)
              (let ((out    (assoc-ref outputs "out"))
                    (qtbase (assoc-ref inputs "qtbase")))
                (substitute* (find-files "." "Makefile")
                             (((string-append "INSTALL_ROOT)" qtbase))
-                             (string-append "INSTALL_ROOT)" out)))))))))))
+                             (string-append "INSTALL_ROOT)" out)))
+               #t)))
+            (add-before 'check 'set-display
+              (lambda _
+                (setenv "QT_QPA_PLATFORM" "offscreen")
+                #t)))))))
 
 (define-public qtimageformats
   (package (inherit qtsvg)
@@ -602,6 +611,9 @@ developers using C++ or QML, a CSS & JavaScript like language.")
              (sha256
               (base32
                "09z49jm70f5i0gcdz9a16z00pg96x8pz7vri5wpirh3fqqn0qnjz"))))
+    (arguments
+     (substitute-keyword-arguments (package-arguments qtsvg)
+       ((#:tests? _ #f) #f))) ; TODO: Enable the tests
     (native-inputs `(("perl" ,perl)))
     (inputs
      `(("mesa" ,mesa)
@@ -620,6 +632,15 @@ developers using C++ or QML, a CSS & JavaScript like language.")
              (sha256
               (base32
                "1rgqnpg64gn5agmvjwy0am8hp5fpxl3cdkixr1yrsdxi5a6961d8"))))
+    (arguments
+     (substitute-keyword-arguments (package-arguments qtsvg)
+       ((#:phases phases)
+        `(modify-phases ,phases
+           (add-after 'unpack 'disable-network-tests
+             (lambda _ (substitute* "tests/auto/auto.pro"
+                         (("qxmlquery") "# qxmlquery")
+                         (("xmlpatterns") "# xmlpatterns"))
+               #t))))))
     (native-inputs `(("perl" ,perl)))
     (inputs `(("qtbase" ,qtbase)))))
 
@@ -636,6 +657,9 @@ developers using C++ or QML, a CSS & JavaScript like language.")
              (sha256
               (base32
                "0mjxfwnplpx60jc6y94krg00isddl9bfwc7dayl981njb4qds4zx"))))
+    (arguments
+     (substitute-keyword-arguments (package-arguments qtsvg)
+       ((#:tests? _ #f) #f))) ; TODO: Enable the tests
     (native-inputs
      `(("perl" ,perl)
        ("pkg-config" ,pkg-config)
@@ -680,6 +704,9 @@ developers using C++ or QML, a CSS & JavaScript like language.")
              (sha256
               (base32
                "1laj0slwibs0bg69kgrdhc9k1s6yisq3pcsr0r9rhbkzisv7aajw"))))
+    (arguments
+     (substitute-keyword-arguments (package-arguments qtsvg)
+       ((#:tests? _ #f) #f))) ; TODO: Enable the tests
     (native-inputs
      `(("perl" ,perl)
        ("qtdeclarative" ,qtdeclarative)))
@@ -720,7 +747,13 @@ developers using C++ or QML, a CSS & JavaScript like language.")
              (snippet
               '(begin
                  (delete-file-recursively
-                   "examples/multimedia/spectrum/3rdparty")))))
+                   "examples/multimedia/spectrum/3rdparty")
+                 ;; We also prevent the spectrum example from being built.
+                 (substitute* "examples/multimedia/multimedia.pro"
+                   (("spectrum") "#"))))))
+    (arguments
+     (substitute-keyword-arguments (package-arguments qtsvg)
+       ((#:tests? _ #f) #f))) ; TODO: Enable the tests
     (native-inputs
      `(("perl" ,perl)
        ("pkg-config" ,pkg-config)
@@ -781,6 +814,23 @@ developers using C++ or QML, a CSS & JavaScript like language.")
      `(("qtbase" ,qtbase)
        ("eudev" ,eudev)))))
 
+(define-public qtserialbus
+  (package (inherit qtsvg)
+    (name "qtserialbus")
+    (version "5.7.1")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append "https://download.qt.io/official_releases/qt/"
+                                 (version-major+minor version) "/" version
+                                 "/submodules/" name "-opensource-src-"
+                                 version ".tar.xz"))
+             (sha256
+              (base32
+               "0mxi43l2inpbar8rmg21qjg33bv3f1ycxjgvzjf12ncnybhdnzkj"))))
+    (inputs
+     `(("qtbase" ,qtbase)
+       ("qtserialport" ,qtserialport)))))
+
 (define-public qtwebchannel
   (package (inherit qtsvg)
     (name "qtwebchannel")
@@ -813,6 +863,9 @@ developers using C++ or QML, a CSS & JavaScript like language.")
              (sha256
               (base32
                "17zkzffzwbg6aqhsggs23cmwzq4y45m938842lsc423hfm7fdsgr"))))
+    (arguments
+     (substitute-keyword-arguments (package-arguments qtsvg)
+       ((#:tests? _ #f) #f))) ; TODO: Enable the tests
     (native-inputs
      `(("perl" ,perl)
        ("qtdeclarative" ,qtdeclarative)
@@ -833,6 +886,9 @@ developers using C++ or QML, a CSS & JavaScript like language.")
              (sha256
               (base32
                "1b6zqa5690b8lqms7rrhb8rcq0xg5hp117v3m08qngbcd0i706b4"))))
+    (arguments
+     (substitute-keyword-arguments (package-arguments qtsvg)
+       ((#:tests? _ #f) #f))) ; TODO: Enable the tests
     (native-inputs
      `(("perl" ,perl)
        ("qtdeclarative" ,qtdeclarative)))
@@ -872,6 +928,9 @@ developers using C++ or QML, a CSS & JavaScript like language.")
              (sha256
               (base32
                "17cyfyqzjbm9dhq9pjscz36y84y16rmxwk6h826gjfprddrimsvg"))))
+    (arguments
+     (substitute-keyword-arguments (package-arguments qtsvg)
+       ((#:tests? _ #f) #f))) ; TODO: Enable the tests
     (inputs
      `(("qtbase" ,qtbase)
        ("qtdeclarative" ,qtdeclarative)))))
@@ -889,6 +948,9 @@ developers using C++ or QML, a CSS & JavaScript like language.")
              (sha256
               (base32
                "1v77ydy4k15lksp3bi2kgha2h7m79g4n7c2qhbr09xnvpb8ars7j"))))
+    (arguments
+     (substitute-keyword-arguments (package-arguments qtsvg)
+       ((#:tests? _ #f) #f))) ; TODO: Enable the tests
     (inputs
      `(("qtbase" ,qtbase)
        ("qtdeclarative" ,qtdeclarative)))))
@@ -906,6 +968,169 @@ developers using C++ or QML, a CSS & JavaScript like language.")
              (sha256
               (base32
                "1j2drnx7zp3w6cgvy7bn00fyk5v7vw1j1hidaqcg78lzb6zgls1c"))))
+    (arguments
+     (substitute-keyword-arguments (package-arguments qtsvg)
+       ((#:tests? _ #f) #f))) ; TODO: Enable the tests
+    (inputs
+     `(("qtbase" ,qtbase)
+       ("qtdeclarative" ,qtdeclarative)))))
+
+(define-public qtdeclarative-render2d
+  (package (inherit qtsvg)
+    (name "qtdeclarative-render2d")
+    (version "5.7.1")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append "https://download.qt.io/official_releases/qt/"
+                                 (version-major+minor version) "/" version
+                                 "/submodules/" name "-opensource-src-"
+                                 version ".tar.xz"))
+             (sha256
+              (base32
+               "0zwch9vn17f3bpy300jcfxx6cx9qymk5j7khx0x9k1xqid4166c3"))
+             (modules '((guix build utils)))
+             (snippet
+              '(delete-file-recursively "tools/opengldummy/3rdparty"))))
+    (native-inputs `())
+    (inputs
+     `(("qtbase" ,qtbase)
+       ("qtdeclarative" ,qtdeclarative)))))
+
+(define-public qtgamepad
+  (package (inherit qtsvg)
+    (name "qtgamepad")
+    (version "5.7.1")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append "https://download.qt.io/official_releases/qt/"
+                                 (version-major+minor version) "/" version
+                                 "/submodules/" name "-opensource-src-"
+                                 version ".tar.xz"))
+             (sha256
+              (base32
+               "10lijbsg9xx5ddbbjymdgl41nxz99yn1qgiww2kkggxwwdjj2axv"))))
+    (native-inputs
+     `(("perl" ,perl)
+       ("pkg-config" ,pkg-config)))
+    (inputs
+     `(("fontconfig" ,fontconfig)
+       ("freetype" ,freetype)
+       ("libxrender" ,libxrender)
+       ("sdl2" ,sdl2)
+       ("qtbase" ,qtbase)
+       ("qtdeclarative" ,qtdeclarative)))))
+
+(define-public qtscxml
+  (package (inherit qtsvg)
+    (name "qtscxml")
+    (version "5.7.1")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append "https://download.qt.io/official_releases/qt/"
+                                 (version-major+minor version) "/" version
+                                 "/submodules/" name "-opensource-src-"
+                                 version ".tar.xz"))
+             (sha256
+              (base32
+               "135kknqdmib2cjryfmvfgv7a2qx9pyba3m7i7nkbc5d742r4mbcx"))
+             (modules '((guix build utils)))
+             (snippet
+              '(begin
+                 (delete-file-recursively "tests/3rdparty")
+                 ;; the scion test refers to the bundled 3rd party test code.
+                 (substitute* "tests/auto/auto.pro"
+                   (("scion") "#"))))))
+    (inputs
+     `(("qtbase" ,qtbase)
+       ("qtdeclarative" ,qtdeclarative)))))
+
+(define-public qtpurchasing
+  (package (inherit qtsvg)
+    (name "qtpurchasing")
+    (version "5.7.1")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append "https://download.qt.io/official_releases/qt/"
+                                 (version-major+minor version) "/" version
+                                 "/submodules/" name "-opensource-src-"
+                                 version ".tar.xz"))
+             (sha256
+              (base32
+               "0hkvrgafz1hx9q4yc3nskv3pd3fszghvvd5a7mj33ynf55wpb57n"))))
+    (inputs
+     `(("qtbase" ,qtbase)
+       ("qtdeclarative" ,qtdeclarative)))))
+
+(define-public qtcanvas3d
+  (package (inherit qtsvg)
+    (name "qtcanvas3d")
+    (version "5.7.1")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append "https://download.qt.io/official_releases/qt/"
+                                 (version-major+minor version) "/" version
+                                 "/submodules/" name "-opensource-src-"
+                                 version ".tar.xz"))
+             (sha256
+              (base32
+               "1d5xpq3mhjg4ipxzap7s2vnlfcd02d3yq720npv10xxp2ww0i1x8"))
+             (modules '((guix build utils)))
+             (snippet
+              '(delete-file-recursively "examples/canvas3d/3rdparty"))))
+    (arguments
+     (substitute-keyword-arguments (package-arguments qtsvg)
+      ;; Building the tests depends on the bundled 3rd party javascript files,
+      ;; and the test phase fails to import QtCanvas3D, causing the phase to
+      ;; fail, so we skip building them for now.
+      ((#:phases phases)
+       `(modify-phases ,phases
+         (replace 'configure
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out")))
+               (zero? (system* "qmake" "QT_BUILD_PARTS = libs tools"
+                               (string-append "PREFIX=" out))))))))
+       ((#:tests? _ #f) #f))) ; TODO: Enable the tests
+    (native-inputs `())
+    (inputs
+     `(("qtbase" ,qtbase)
+       ("qtdeclarative" ,qtdeclarative)))))
+
+(define-public qtcharts
+  (package (inherit qtsvg)
+    (name "qtcharts")
+    (version "5.7.1")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append "https://download.qt.io/official_releases/qt/"
+                                 (version-major+minor version) "/" version
+                                 "/submodules/" name "-opensource-src-"
+                                 version ".tar.xz"))
+             (sha256
+              (base32
+               "1qrzcddwff2hxsbxrraff16j4abah2zkra2756s1mvydj9lyxzl5"))))
+    (arguments
+     (substitute-keyword-arguments (package-arguments qtsvg)
+       ((#:tests? _ #f) #f))) ; TODO: Enable the tests
+    (inputs
+     `(("qtbase" ,qtbase)
+       ("qtdeclarative" ,qtdeclarative)))))
+
+(define-public qtdatavis3d
+  (package (inherit qtsvg)
+    (name "qtdatavis3d")
+    (version "5.7.1")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append "https://download.qt.io/official_releases/qt/"
+                                 (version-major+minor version) "/" version
+                                 "/submodules/" name "-opensource-src-"
+                                 version ".tar.xz"))
+             (sha256
+              (base32
+               "1y00p0wyj5cw9c2925y537vpmmg9q3kpf7qr1s7sv67dvvf8bzqv"))))
+    (arguments
+     (substitute-keyword-arguments (package-arguments qtsvg)
+       ((#:tests? _ #f) #f))) ; TODO: Enable the tests
     (inputs
      `(("qtbase" ,qtbase)
        ("qtdeclarative" ,qtdeclarative)))))
@@ -1313,3 +1538,37 @@ embed content from the World Wide Web into your Qt application.  At the same
 time Web content can be enhanced with native controls.")
 
     (license license:lgpl2.1+)))
+
+(define-public dotherside
+  (package
+    (name "dotherside")
+    (version "0.5.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/filcuc/DOtherSide/"
+                           "archive/v" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0pqlrvy4ajjir80ra79ka3n0rjj0ir0f0m91cq86iz3nnw8w148z"))))
+    (build-system cmake-build-system)
+    (native-inputs
+     `(("qttools" ,qttools)))
+    (inputs
+     `(("qtbase" ,qtbase)
+       ("qtdeclarative" ,qtdeclarative)))
+    (home-page "https://github.com/frankosterfeld/qtkeychain")
+    (synopsis "C language library for creating bindings for the Qt QML language")
+    (description
+     "DOtherSide is a C language library for creating bindings for the
+QT QML language.  The following features are implementable from
+a binding language:
+@itemize
+@item Creating custom QObject
+@item Creating custom QAbstractListModels
+@item Creating custom properties, signals and slots
+@item Creating from QML QObject defined in the binded language
+@item Creating from Singleton QML QObject defined in the binded language
+@end itemize\n")
+    (license license:lgpl3)))                    ;version 3 only (+ exception)
diff --git a/gnu/packages/ruby.scm b/gnu/packages/ruby.scm
index 50dde3f48c..0f1ecd29d0 100644
--- a/gnu/packages/ruby.scm
+++ b/gnu/packages/ruby.scm
@@ -4,7 +4,8 @@
 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014, 2015 David Thompson <davet@gnu.org>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2015, 2016 Ben Woodcroft <donttrustben@gmail.com>
+;;; Copyright © 2015, 2016, 2017 Ben Woodcroft <donttrustben@gmail.com>
+;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -425,13 +426,13 @@ expectations and mocks frameworks.")
 (define-public bundler
   (package
     (name "bundler")
-    (version "1.13.6")
+    (version "1.14.2")
     (source (origin
               (method url-fetch)
               (uri (rubygems-uri "bundler" version))
               (sha256
                (base32
-                "1xyhy9cn8w9passp64p6hb3df2fpiqbds6rj7xha1335xpgj5zgs"))))
+                "1sfcmqmimssjmh4gjq6ls6a33l2hc353hb13g628kjh15qmddar7"))))
     (build-system ruby-build-system)
     (arguments
      '(#:tests? #f)) ; avoid dependency cycles
@@ -3049,44 +3050,40 @@ features such as filtering and fine grained logging.")
     (license license:expat)))
 
 (define-public ruby-yard
-  ;; Use git reference because gem is >100 commits out of date and the tests
-  ;; do not pass with the released gem.
-  (let ((commit "d816482a0d4850506c3bcccc9434550c536c28c6"))
-    (package
-      (name "ruby-yard")
-      (version (string-append "0.9.5-1." (string-take commit 8)))
-      (source
-       (origin
-         (method git-fetch)
-         (uri (git-reference
-               (url "https://github.com/lsegal/yard.git")
-               (commit commit)))
-         (file-name (string-append name "-" version "-checkout"))
-         (sha256
-          (base32
-           "1j16c85x22if7y0fzi3c900p9wzkx2riq1y7vsj92a0zvwsxai4i"))
-         (patches (search-patches "ruby-yard-fix-skip-of-markdown-tests.patch"))))
-      (build-system ruby-build-system)
-      (arguments
-       `(#:test-target "spec"
-         #:phases
-         (modify-phases %standard-phases
-           (add-before 'check 'set-HOME-and-disable-failing-test
-             (lambda _
-               ;; $HOME needs to be set to somewhere writeable for tests to run
-               (setenv "HOME" "/tmp")
-               #t)))))
-      (native-inputs
-       `(("ruby-rspec" ,ruby-rspec-2)
-         ("ruby-rack" ,ruby-rack)))
-      (synopsis "Documentation generation tool for Ruby")
-      (description
-       "YARD is a documentation generation tool for the Ruby programming
+  (package
+    (name "ruby-yard")
+    (version "0.9.6")
+    (source
+     (origin
+       (method url-fetch)
+       ;; Tests do not pass if we build from the distributed gem.
+       (uri (string-append "https://github.com/lsegal/yard/archive/v"
+                           version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0rsz4bghgx7fryzyhlz8wlnd2m9xgyvf1xhrq58mnzfrrfm41bdg"))))
+    (build-system ruby-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (replace 'check
+           (lambda _
+             ;; $HOME needs to be set to somewhere writeable for tests to run
+             (setenv "HOME" "/tmp")
+             ;; Run tests without using 'rake' to avoid dependencies.
+             (zero? (system* "rspec")))))))
+    (native-inputs
+     `(("ruby-rspec" ,ruby-rspec)
+       ("ruby-rack" ,ruby-rack)))
+    (synopsis "Documentation generation tool for Ruby")
+    (description
+     "YARD is a documentation generation tool for the Ruby programming
 language.  It enables the user to generate consistent, usable documentation
 that can be exported to a number of formats very easily, and also supports
 extending for custom Ruby constructs such as custom class level definitions.")
-      (home-page "http://yardoc.org")
-      (license license:expat))))
+    (home-page "http://yardoc.org")
+    (license license:expat)))
 
 (define-public ruby-clap
   (package
@@ -3304,14 +3301,14 @@ neither too verbose nor too minimal.")
 (define-public ruby-sqlite3
   (package
     (name "ruby-sqlite3")
-    (version "1.3.12")
+    (version "1.3.13")
     (source
      (origin
        (method url-fetch)
        (uri (rubygems-uri "sqlite3" version))
        (sha256
         (base32
-         "0hld87rvwyy31xsxzhicv2lj3g3kmvmwfxj09kw13g6lacdjz4bx"))))
+         "01ifzp8nwzqppda419c9wcvr8n82ysmisrs0hph9pdmv1lpa4f5i"))))
     (build-system ruby-build-system)
     (arguments
      `(#:phases
@@ -4202,3 +4199,35 @@ RFC 2617.  This enables the use of the digest authentication scheme instead
 of the more insecure basic authentication scheme.")
     (home-page "http://github.com/drbrain/net-http-digest_auth")
     (license license:expat)))
+
+(define-public ruby-mail
+  (package
+    (name "ruby-mail")
+    (version "2.6.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (rubygems-uri "mail" version))
+       (sha256
+        (base32
+         "0c9vqfy0na9b5096i5i4qvrvhwamjnmajhgqi3kdsdfl8l6agmkp"))))
+    (build-system ruby-build-system)
+    (propagated-inputs
+     `(("ruby-mime-types" ,ruby-mime-types)))
+    (arguments
+     ;; Tests require extra gems not included in the Gemfile.
+     ;; XXX: Try enabling this for the next version with mini_mime.
+     `(#:tests? #f))
+    (synopsis "Mail library for Ruby")
+    (description
+     "Mail is an internet library for Ruby that is designed to handle email
+generation, parsing and sending.  The purpose of this library is to provide
+a single point of access to handle all email functions, including sending
+and receiving emails.  All network type actions are done through proxy
+methods to @code{Net::SMTP}, @code{Net::POP3} etc.
+
+Mail has been designed with a very simple object oriented system that
+really opens up the email messages you are parsing, if you know what you
+are doing, you can fiddle with every last bit of your email directly.")
+    (home-page "https://github.com/mikel/mail")
+    (license license:expat)))
diff --git a/gnu/packages/rust.scm b/gnu/packages/rust.scm
index 97d0d7cb0d..ae04530041 100644
--- a/gnu/packages/rust.scm
+++ b/gnu/packages/rust.scm
@@ -241,6 +241,7 @@ rustc-bootstrap and cargo-bootstrap packages.")
            (lambda* (#:key inputs outputs #:allow-other-keys)
              (let* ((out (assoc-ref outputs "out"))
                     (gcc (assoc-ref inputs "gcc"))
+                    (binutils (assoc-ref inputs "binutils"))
                     (python (assoc-ref inputs "python-2"))
                     (rustc (assoc-ref inputs "rustc-bootstrap"))
                     (llvm (assoc-ref inputs "llvm"))
@@ -250,7 +251,7 @@ rustc-bootstrap and cargo-bootstrap packages.")
                             (string-append "--datadir=" out "/share")
                             (string-append "--infodir=" out "/share/info")
                             (string-append "--default-linker=" gcc "/bin/gcc")
-                            (string-append "--default-ar=" gcc "/bin/ar")
+                            (string-append "--default-ar=" binutils "/bin/ar")
                             (string-append "--python=" python "/bin/python2")
                             (string-append "--local-rust-root=" rustc)
                             (string-append "--llvm-root=" llvm)
@@ -261,7 +262,16 @@ rustc-bootstrap and cargo-bootstrap packages.")
                             ;;"--enable-rustbuild"
                             "--disable-manage-submodules")))
                ;; Rust uses a custom configure script (no autoconf).
-               (zero? (apply system* "./configure" flags))))))))
+               (zero? (apply system* "./configure" flags)))))
+         (add-after 'install 'wrap-rustc
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (let ((out (assoc-ref outputs "out"))
+                   (libc (assoc-ref inputs "libc"))
+                   (ld-wrapper (assoc-ref inputs "ld-wrapper")))
+               ;; Let gcc find ld and libc startup files.
+               (wrap-program (string-append out "/bin/rustc")
+                 `("PATH" ":" prefix (,(string-append ld-wrapper "/bin")))
+                 `("LIBRARY_PATH" ":" suffix (,(string-append libc "/lib"))))))))))
     (synopsis "Compiler for the Rust progamming language")
     (description "Rust is a systems programming language that provides memory
 safety and thread safety guarantees.")
diff --git a/gnu/packages/screen.scm b/gnu/packages/screen.scm
index e0e46411b8..4f8109abbe 100644
--- a/gnu/packages/screen.scm
+++ b/gnu/packages/screen.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2013 Cyril Roelandt <tipecaml@gmail.com>
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -35,13 +35,13 @@
 (define-public screen
   (package
     (name "screen")
-    (version "4.4.0")
+    (version "4.5.0")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/screen/screen-"
                                  version ".tar.gz"))
              (sha256
-              (base32 "12r12xwhsg59mlprikbbmn60gh8lqhrvyar7mlxg4fwsfma2lwpg"))))
+              (base32 "1c7grw03a9iwvqbxfd6hmjb681rp8gb55zsxm7b3apqqcb1sghq1"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("makeinfo" ,texinfo)))
@@ -53,7 +53,7 @@
        ;; By default, screen supports 16 colors, but we want 256 when
        ;; ~/.screenrc contains 'term xterm-256color'.
        '("--enable-colors256")))
-    (home-page "http://www.gnu.org/software/screen/")
+    (home-page "https://www.gnu.org/software/screen/")
     (synopsis "Full-screen window manager providing multiple terminals")
     (description
      "GNU Screen is a terminal window manager that multiplexes a single
diff --git a/gnu/packages/sdl.scm b/gnu/packages/sdl.scm
index cb0af1ceed..5103aeed6c 100644
--- a/gnu/packages/sdl.scm
+++ b/gnu/packages/sdl.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2015, 2017 David Thompson <dthompson2@worcester.edu>
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2015 Sou Bunnbu <iyzsong@gmail.com>
+;;; Copyright © 2015, 2017 Sou Bunnbu <iyzsong@member.fsf.org>
 ;;; Copyright © 2015 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;;
@@ -425,3 +425,43 @@ Layer (SDL).  With them, Guile programmers can have easy access to graphics,
 sound and device input (keyboards, joysticks, mice, etc.).")
     (home-page "http://gnu.org/s/guile-sdl")
     (license gpl3+)))
+
+(define-public guile-sdl2
+  (package
+    (name "guile-sdl2")
+    (version "0.2.0")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://files.dthompson.us/guile-sdl2/guile-sdl2-"
+                    version ".tar.gz"))
+              (sha256
+               (base32
+                "0yq9lsl17cdvj77padvpk3jcw2g6g0pck9jrchc7n2767rrc012b"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:make-flags '("GUILE_AUTO_COMPILE=0")
+       #:configure-flags
+       (list (string-append "--with-libsdl2-prefix="
+                            (assoc-ref %build-inputs "sdl2"))
+             (string-append "--with-libsdl2-image-prefix="
+                            (assoc-ref %build-inputs "sdl2-image"))
+             (string-append "--with-libsdl2-ttf-prefix="
+                            (assoc-ref %build-inputs "sdl2-ttf"))
+             (string-append "--with-libsdl2-mixer-prefix="
+                            (assoc-ref %build-inputs "sdl2-mixer")))))
+    (native-inputs
+     `(("guile" ,guile-2.0)
+       ("pkg-config" ,pkg-config)))
+    (inputs
+     `(("sdl2" ,sdl2)
+       ("sdl2-image" ,sdl2-image)
+       ("sdl2-mixer" ,sdl2-mixer)
+       ("sdl2-ttf" ,sdl2-ttf)))
+    (synopsis "Guile bindings for SDL2")
+    (home-page "https://dthompson.us/projects/guile-sdl2.html")
+    (description
+     "Guile-SDL2 provides Guile Scheme bindings for the SDL2 C shared library.
+The bindings are written in pure Scheme using Guile's foreign function
+interface.")
+    (license lgpl3+)))
diff --git a/gnu/packages/search.scm b/gnu/packages/search.scm
index f0dbbc9b11..cb8b670757 100644
--- a/gnu/packages/search.scm
+++ b/gnu/packages/search.scm
@@ -35,13 +35,13 @@
 (define-public xapian
   (package
     (name "xapian")
-    (version "1.4.1")
+    (version "1.4.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://oligarchy.co.uk/xapian/" version
                                   "/xapian-core-" version ".tar.xz"))
               (sha256
-               (base32 "1svhrs5zl7cyv9kqh70k02zc3cmpcpn6nvgdkv0pl1iwwx6m7wn5"))))
+               (base32 "1kp18r97qm2zky9z6ym8csjg1kj81zvqn88n4cppl4lq54sw9hmf"))))
     (build-system gnu-build-system)
     (inputs `(("zlib" ,zlib)
               ("util-linux" ,util-linux)))
diff --git a/gnu/packages/security-token.scm b/gnu/packages/security-token.scm
index e1b87adff9..7bce8c5aa7 100644
--- a/gnu/packages/security-token.scm
+++ b/gnu/packages/security-token.scm
@@ -35,15 +35,15 @@
 (define-public ccid
   (package
     (name "ccid")
-    (version "1.4.25")
+    (version "1.4.26")
     (source (origin
               (method url-fetch)
               (uri (string-append
-                    "https://alioth.debian.org/frs/download.php/file/4187/"
+                    "https://alioth.debian.org/frs/download.php/file/4205/"
                     "ccid-" version ".tar.bz2"))
               (sha256
                (base32
-                "029n4lpy5nvg278s4mybisyj4lm0bcjslvwfslw6hkghw162n1kb"))))
+                "0bxy835c133ajalpj4gx60nqkjvpf9y1n97n04pw105pi9qbyrrj"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags (list (string-append "--enable-usbdropdir=" %output
diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm
index 960cb1f2a2..4ed1f4696b 100644
--- a/gnu/packages/shells.scm
+++ b/gnu/packages/shells.scm
@@ -5,6 +5,8 @@
 ;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 Stefan Reichör <stefan@xsteve.at>
+;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -26,6 +28,7 @@
   #:use-module (gnu packages algebra)
   #:use-module (gnu packages autotools)
   #:use-module (gnu packages base)
+  #:use-module (gnu packages bison)
   #:use-module (gnu packages documentation)
   #:use-module (gnu packages libedit)
   #:use-module (gnu packages ncurses)
@@ -106,14 +109,17 @@ direct descendant of NetBSD's Almquist Shell (@command{ash}).")
        #:configure-flags '("--sysconfdir=/etc")
        #:phases
        (modify-phases %standard-phases
-         ;; Replace 'bc' by its absolute file name in the store.
-         (add-after 'unpack 'patch-bc
+         ;; Embed absolute paths to store items.
+         (add-after 'unpack 'embed-store-paths
            (lambda* (#:key inputs outputs #:allow-other-keys)
              (substitute* '("share/functions/math.fish"
                             "share/functions/seq.fish")
                (("\\| bc")
                 (string-append "| " (assoc-ref %build-inputs "bc")
-                               "/bin/bc"))))))))
+                               "/bin/bc")))
+             (substitute* "share/functions/fish_update_completions.fish"
+               (("python") (which "python")))
+             #t)))))
     (synopsis "The friendly interactive shell")
     (description
      "Fish (friendly interactive shell) is a shell focused on interactive use,
@@ -172,6 +178,42 @@ has a small feature set similar to a traditional Bourne shell.")
     (home-page "http://github.com/rakitzis/rc")
     (license zlib)))
 
+(define-public es
+  (package
+    (name "es")
+    (version "0.9.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/wryun/es-shell/releases/"
+                           "download/v" version "/es-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1fplzxc6lncz2lv2fyr2ig23rgg5j96rm2bbl1rs28mik771zd5h"))
+       (file-name (string-append name "-" version ".tar.gz"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:test-target "test"
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 're-enter-rootdir
+           ;; The tarball has no folder.
+           (lambda _
+             (chdir ".."))))))
+    (inputs
+     `(("readline" ,readline)))
+    (native-inputs
+     `(("bison" ,bison)))
+    (synopsis "Extensible shell with higher-order functions")
+    (description
+     "Es is an extensible shell.  The language was derived from the Plan 9
+shell, rc, and was influenced by functional programming languages, such as
+Scheme, and the Tcl embeddable programming language.  This implementation is
+derived from Byron Rakitzis's public domain implementation of rc, and was
+written by Paul Haahr and Byron Rakitzis.")
+    (home-page "https://wryun.github.io/es-shell/")
+    (license public-domain)))
+
 (define-public tcsh
   (package
     (name "tcsh")
@@ -299,14 +341,14 @@ ksh, and tcsh.")
 (define-public xonsh
   (package
     (name "xonsh")
-    (version "0.5.1")
+    (version "0.5.2")
     (source
       (origin
         (method url-fetch)
         (uri (pypi-uri "xonsh" version))
         (sha256
           (base32
-            "1a3jkvfh1xc6aw557y8zjn498q89bapyx4dxc3md7qwrmnj9pkv3"))
+            "13ndyq9cal2j93qqbjyp2jn3cshiavdxsaj2qjzm6mas0gzywmf0"))
         (modules '((guix build utils)))
         (snippet
          `(begin
diff --git a/gnu/packages/shishi.scm b/gnu/packages/shishi.scm
deleted file mode 100644
index 7e02843d38..0000000000
--- a/gnu/packages/shishi.scm
+++ /dev/null
@@ -1,70 +0,0 @@
-;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013 Nikita Karetnikov <nikita@karetnikov.org>
-;;; Copyright © 2012 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
-;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
-;;;
-;;; This file is part of GNU Guix.
-;;;
-;;; GNU Guix is free software; you can redistribute it and/or modify it
-;;; under the terms of the GNU General Public License as published by
-;;; the Free Software Foundation; either version 3 of the License, or (at
-;;; your option) any later version.
-;;;
-;;; GNU Guix is distributed in the hope that it will be useful, but
-;;; WITHOUT ANY WARRANTY; without even the implied warranty of
-;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-;;; GNU General Public License for more details.
-;;;
-;;; You should have received a copy of the GNU General Public License
-;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
-
-(define-module (gnu packages shishi)
-  #:use-module ((guix licenses) #:select (gpl3+))
-  #:use-module (gnu packages)
-  #:use-module (gnu packages gnupg)
-  #:use-module (gnu packages libidn)
-  #:use-module (gnu packages linux)
-  #:use-module (gnu packages pkg-config)
-  #:use-module (gnu packages compression)
-  #:use-module (gnu packages tls)
-  #:use-module (guix packages)
-  #:use-module (guix download)
-  #:use-module (guix build-system gnu))
-
-(define-public shishi
-  (package
-    (name "shishi")
-    (version "1.0.2")
-    (source
-     (origin
-      (method url-fetch)
-      (uri (string-append "mirror://gnu/shishi/shishi-"
-                          version ".tar.gz"))
-      (sha256
-       (base32
-        "032qf72cpjdfffq1yq54gz3ahgqf2ijca4vl31sfabmjzq9q370d"))))
-    (build-system gnu-build-system)
-    (native-inputs `(("pkg-config" ,pkg-config)))
-    (inputs
-     `(("gnutls" ,gnutls)
-       ("libidn" ,libidn)
-       ("linux-pam" ,linux-pam-1.2)
-       ("zlib" ,zlib)
-       ;; libgcrypt 1.6 fails because of the following test:
-       ;;  #include <gcrypt.h>
-       ;; /* GCRY_MODULE_ID_USER was added in 1.4.4 and gc-libgcrypt.c
-       ;;    will fail on startup if we don't have 1.4.4 or later, so
-       ;;    test for it early. */
-       ;; #if !defined GCRY_MODULE_ID_USER
-       ;; error too old libgcrypt
-       ;; #endif
-       ("libgcrypt" ,libgcrypt-1.5)
-       ("libtasn1" ,libtasn1)))
-    (home-page "http://www.gnu.org/software/shishi/")
-    (synopsis "Implementation of the Kerberos 5 network security system")
-    (description
-     "GNU Shishi is a free implementation of the Kerberos 5 network security
-system.  It is used to allow non-secure network nodes to communicate in a
-secure manner through client-server mutual authentication via tickets.")
-    (license gpl3+)))
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index 5b6800346c..c48e3e6f90 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
@@ -38,7 +38,7 @@
   #:use-module (gnu packages multiprecision)
   #:use-module (gnu packages ncurses)
   #:use-module (gnu packages nettle)
-  #:use-module (gnu packages mit-krb5)
+  #:use-module (gnu packages kerberos)
   #:use-module (gnu packages perl)
   #:use-module (gnu packages pkg-config)
   #:autoload   (gnu packages protobuf) (protobuf)
diff --git a/gnu/packages/statistics.scm b/gnu/packages/statistics.scm
index 40a511b6ed..596c2baf5c 100644
--- a/gnu/packages/statistics.scm
+++ b/gnu/packages/statistics.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 Vicente Vera Parra <vicentemvp@gmail.com>
 ;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
@@ -727,7 +727,8 @@ legends.")
        ("r-lazyeval" ,r-lazyeval)
        ("r-tibble" ,r-tibble)
        ("r-reshape2" ,r-reshape2)
-       ("r-scales" ,r-scales)))
+       ("r-scales" ,r-scales)
+       ("r-svglite" ,r-svglite))) ; Needed for 'ggsave'
     (home-page "http://ggplot2.org")
     (synopsis "An implementation of the grammar of graphics")
     (description
@@ -3954,6 +3955,31 @@ such that the arrangement of points within a category reflects the density of
 data at that region, and avoids over-plotting.")
     (license license:gpl2+)))
 
+(define-public r-ggthemes
+  (package
+    (name "r-ggthemes")
+    (version "3.3.0")
+    (source (origin
+              (method url-fetch)
+              (uri (cran-uri "ggthemes" version))
+              (sha256
+               (base32
+                "1qdxg2siwsiq32fmgcxn4vihgxad9v8q0aqigl7a94c26bwxs7y2"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-assertthat" ,r-assertthat)
+       ("r-colorspace" ,r-colorspace)
+       ("r-ggplot2" ,r-ggplot2)
+       ("r-scales" ,r-scales)))
+    (home-page "https://cran.rstudio.com/web/packages/ggthemes")
+    (synopsis "Extra themes, scales and geoms for @code{ggplot2}")
+    (description "This package provides extra themes and scales for
+@code{ggplot2} that replicate the look of plots by Edward Tufte and
+Stephen Few in Fivethirtyeight, The Economist, Stata, Excel, and The
+Wall Street Journal, among others.  This package also provides
+@code{geoms} for Tufte's box plot and range frame.")
+    (license license:gpl2)))
+
 (define-public r-statmod
   (package
     (name "r-statmod")
@@ -3979,3 +4005,143 @@ generalized linear model functions that implement secure convergence,
 dispersion modeling and Tweedie power-law families.")
     ;; Statmod is distributed under either license
     (license (list license:gpl2 license:gpl3))))
+
+(define-public r-fivethirtyeight
+  (package
+    (name "r-fivethirtyeight")
+    (version "0.1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://mran.microsoft.com/src/contrib/"
+                           "fivethirtyeight_" version ".tar.gz"))
+       (sha256
+        (base32
+         "0fcc8rq745nsghp27dk0lgih90y4zx8hrzcvsn6ih786yv7qxhvl"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-knitr" ,r-knitr)
+       ("r-rmarkdown" ,r-rmarkdown)
+       ("r-dplyr" ,r-dplyr)
+       ("r-readr" ,r-readr)
+       ("r-ggplot2" ,r-ggplot2)
+       ("r-magrittr" ,r-magrittr)
+       ("r-stringr" ,r-stringr)))
+    (home-page "https://mran.microsoft.com/package/fivethirtyeight/")
+    (synopsis "Data and code behind the stories at FiveThirtyEight")
+    (description "This R package provides access to the code and data sets
+published by the statistics blog FiveThirtyEight.")
+    (license license:expat)))
+
+(define-public r-compquadform
+  (package
+    (name "r-compquadform")
+    (version "1.4.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "CompQuadForm" version))
+       (sha256
+        (base32
+         "0bsgbdblxpv57mbwnf51xyiydp2bqyxkg4zzwqki85cv5xqlrq1n"))))
+    (properties `((upstream-name . "CompQuadForm")))
+    (build-system r-build-system)
+    (home-page "http://cran.r-project.org/web/packages/CompQuadForm")
+    (synopsis "Distribution function of quadratic forms in normal variables")
+    (description
+     "This package provides functions to compute the distribution function of
+quadratic forms in normal variables using Imhof's method, Davies's algorithm,
+Farebrother's algorithm or Liu et al.'s algorithm.")
+    (license license:gpl2+)))
+
+(define-public r-cowplot
+  (package
+    (name "r-cowplot")
+    (version "0.7.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "cowplot" version))
+       (sha256
+        (base32
+         "03iimcsh1pk7iqzjdlfcj43b8khijdk4hg00j4jdllv19xsfb0hx"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-ggplot2" ,r-ggplot2)
+       ("r-gtable" ,r-gtable)
+       ("r-plyr" ,r-plyr)))
+    (home-page "https://github.com/wilkelab/cowplot")
+    (synopsis "Streamlined plot theme and plot annotations for ggplot2")
+    (description
+     "This package provides some helpful extensions and modifications to the
+ggplot2 package to combine multiple ggplot2 plots into one and label them with
+letters, as is often required for scientific publications.")
+    (license license:gpl2)))
+
+(define-public r-mixtools
+  (package
+    (name "r-mixtools")
+    (version "1.0.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "mixtools" version))
+       (sha256
+        (base32
+         "133rr17ywmlhsc6457hs8qxi8ng443ql9ashxpwc8875gjhv1x32"))))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-segmented" ,r-segmented)))
+    (home-page "http://cran.r-project.org/web/packages/mixtools")
+    (synopsis "Tools for analyzing finite mixture models")
+    (description
+     "This package provides a collection of R functions for analyzing finite
+mixture models.")
+    (license license:gpl2+)))
+
+(define-public r-lars
+  (package
+    (name "r-lars")
+    (version "1.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "lars" version))
+       (sha256
+        (base32
+         "0blj44wqrx6lmym1m9v6wkz8zxzbjax2zl6swgdczci0ixb5nx34"))))
+    (build-system r-build-system)
+    (inputs
+     `(("gfortran" ,gfortran)))
+    (home-page "http://www-stat.stanford.edu/~hastie/Papers/#LARS")
+    (synopsis "Least angle regression software")
+    (description
+     "Least Angle Regression (\"LAR\") is a model selection algorithm; a
+useful and less greedy version of traditional forward selection methods.  A
+simple modification of the LAR algorithm implements Tibshirani's Lasso; the
+Lasso modification of LARS calculates the entire Lasso path of coefficients
+for a given problem at the cost of a single least squares fit.  Another LARS
+modification efficiently implements epsilon Forward Stagewise linear
+regression.")
+    (license license:gpl2)))
+
+(define-public r-fastica
+  (package
+    (name "r-fastica")
+    (version "1.2-0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "fastICA" version))
+       (sha256
+        (base32
+         "0ykk78fsk5da2g16i4wji85bvji7nayjvkfp07hyaxq9d15jmf0r"))))
+    (properties `((upstream-name . "fastICA")))
+    (build-system r-build-system)
+    (home-page "http://cran.r-project.org/web/packages/fastICA")
+    (synopsis "FastICA algorithms to perform ICA and projection pursuit")
+    (description
+     "This package provides an implementation of the FastICA algorithm to
+perform @dfn{independent component analysis} (ICA) and projection pursuit.")
+    ;; Any GPL version.
+    (license license:gpl3+)))
diff --git a/gnu/packages/suckless.scm b/gnu/packages/suckless.scm
index a00420312d..e30a0883a3 100644
--- a/gnu/packages/suckless.scm
+++ b/gnu/packages/suckless.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2013 Cyril Roelandt <tipecaml@gmail.com>
 ;;; Copyright © 2015 Amirouche Boubekki <amirouche@hypermove.net>
 ;;; Copyright © 2016 Al McElrath <hello@yrns.org>
-;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2015 Dmitry Bogatov <KAction@gnu.org>
 ;;; Copyright © 2015 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
@@ -27,6 +27,7 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix packages)
   #:use-module (guix download)
+  #:use-module (guix git-download)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system glib-or-gtk)
   #:use-module (gnu packages)
@@ -36,7 +37,15 @@
   #:use-module (gnu packages fonts)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages webkit)
-  #:use-module (gnu packages fontutils))
+  #:use-module (gnu packages fontutils)
+  #:use-module (gnu packages mpd)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages cups)
+  #:use-module (gnu packages ncurses)
+  #:use-module (gnu packages gawk)
+  #:use-module (gnu packages base)
+  #:use-module (gnu packages libbsd))
 
 (define-public dwm
   (package
@@ -55,19 +64,36 @@
                                          (assoc-ref %build-inputs "freetype")
                                          "/include/freetype2"))
        #:phases
-       (alist-replace
-        'configure
-        (lambda _
-         (substitute* "Makefile" (("\\$\\{CC\\}") "gcc"))
-         #t)
-        (alist-replace
-         'install
-         (lambda* (#:key outputs #:allow-other-keys)
-          (let ((out (assoc-ref outputs "out")))
-           (zero?
-            (system* "make" "install"
-                     (string-append "DESTDIR=" out) "PREFIX="))))
-         %standard-phases))))
+       (modify-phases %standard-phases
+         (replace 'configure
+           (lambda _
+             (substitute* "Makefile" (("\\$\\{CC\\}") "gcc"))
+             #t))
+        (replace 'install
+          (lambda* (#:key outputs #:allow-other-keys)
+            (let ((out (assoc-ref outputs "out")))
+              (zero?
+               (system* "make" "install"
+                        (string-append "DESTDIR=" out) "PREFIX=")))))
+        (add-after 'build 'install-xsession
+          (lambda* (#:key outputs #:allow-other-keys)
+            ;; Add a .desktop file to xsessions.
+            (let* ((output (assoc-ref outputs "out"))
+                   (xsessions (string-append output "/share/xsessions")))
+              (mkdir-p xsessions)
+              (with-output-to-file
+                  (string-append xsessions "/dwm.desktop")
+                (lambda _
+                  (format #t
+                    "[Desktop Entry]~@
+                     Name=dwm~@
+                     Comment=Dynamic Window Manager~@
+                     Exec=~a/bin/dwm~@
+                     TryExec=~@*~a/bin/dwm~@
+                     Icon=~@
+                     Type=Application~%"
+                    output)))
+              #t))))))
     (inputs
      `(("freetype" ,freetype)
        ("libx11" ,libx11)
@@ -114,6 +140,34 @@ optimising the environment for the application in use and the task performed.")
 numbers of user-defined menu items efficiently.")
     (license license:x11)))
 
+(define-public spoon
+  (package
+    (name "spoon")
+    (version "0.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://dl.2f30.org/releases/"
+                           name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "10c5i7ykpy7inzzfiw1dh0srpkljycr3blxhvd8160wsvplbws48"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; No tests
+       #:make-flags (list "CC=gcc"
+                          (string-append "PREFIX=" %output))))
+    (inputs
+     `(("libx11" ,libx11)
+       ("libxkbfile" ,libxkbfile)
+       ("alsa-lib" ,alsa-lib)
+       ("libmpdclient" ,libmpdclient)))
+    (home-page "http://git.2f30.org/spoon/")
+    (synopsis "Set dwm status")
+    (description
+     "Spoon can be used to set the dwm status.")
+    (license license:isc)))
+
 (define-public slock
   (package
     (name "slock")
@@ -257,3 +311,382 @@ allows you to write down the presentation for a quick lightning talk within a
 few minutes.")
     (home-page "http://tools.suckless.org/sent")
     (license license:x11)))
+
+(define-public xbattmon
+  (package
+    (name "xbattmon")
+    (version "0.9")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://dl.2f30.org/releases/"
+                           name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0n2rrjq03pgqrdkl7cz5snsfdanf4s58w9h6dbvnl7p8bbd3j2kn"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; No tests
+       #:make-flags (list "CC=gcc"
+                          (string-append "PREFIX=" %output))))
+    (inputs
+     `(("libx11" ,libx11)))
+    (home-page "http://git.2f30.org/xbattmon/")
+    (synopsis "Simple battery monitor for X")
+    (description
+     "Xbattmon is a simple battery monitor for X.")
+    (license license:isc)))
+
+(define-public wificurse
+  (package
+    (name "wificurse")
+    (version "0.3.9")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://dl.2f30.org/releases/"
+                           name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "067ghr1xly5ca41kc83xila1p5hpq0bxfcmc8jvxi2ggm6wrhavn"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; No tests
+       #:make-flags (list
+                     (string-append "PREFIX=" %output))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)))) ; No configure script
+    (home-page "http://git.2f30.org/wificurse/")
+    (synopsis "Wifi DoS attack tool")
+    (description
+     "Wificurses listens for beacons sent from wireless access points
+in the range of your wireless station.  Once received the program
+extracts the BSSID of the AP and transmits deauthentication packets
+using the broadcast MAC address.  This results to the disconnection
+of all clients connected to the AP at the time of the attack.  This
+is essencially a WiFi DoS attack tool created for educational
+purposes only.  It works only in Linux and requires wireless card
+drivers capable of injecting packets in wireless networks.")
+    (license license:gpl3+)))
+
+(define-public skroll
+  (package
+    (name "skroll")
+    (version "0.6")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://dl.2f30.org/releases/"
+                           name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0km6bjfz4ssb1z0xwld6iiixnn7d255ax8yjs3zkdm42z8q9yl0f"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; No tests
+       #:make-flags (list "CC=gcc"
+                          (string-append "PREFIX=" %output))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)))) ; No configure script
+    (home-page "http://2f30.org")
+    (synopsis "Commandline utility which scrolls text")
+    (description
+     "Skroll is a small utility that you can use to make a text scroll.
+Pipe text to it, and it will scroll a given number of letters from right to
+left.")
+    (license license:wtfpl2)))
+
+(define-public sbm
+  (package
+    (name "sbm")
+    (version "0.9")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://dl.2f30.org/releases/"
+                           name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1nks5mkh5wn30kyjzlkjlgi31bv1wq52kbp0r6nzbyfnvfdlywik"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; No tests
+       #:make-flags (list "CC=gcc"
+                          (string-append "PREFIX=" %output))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)))) ; No configure script
+    (home-page "http://git.2f30.org/sbm/")
+    (synopsis "Simple bandwidth monitor")
+    (description
+     "Sbm is a simple bandwidth monitor.")
+    (license license:isc)))
+
+(define-public prout
+  (package
+    (name "prout")
+    (version "0.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://dl.2f30.org/releases/"
+                           name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1s6c3ygg1h1fyxkh8gd7nzjk6qhnwsb4535d2k780kxnwns5fzas"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; No tests
+       #:make-flags (list "CC=gcc"
+                          (string-append "PREFIX=" %output))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)))) ; No configure script
+    (inputs
+     `(("cups-minimal" ,cups-minimal)
+       ("zlib" ,zlib)))
+    (home-page "http://git.2f30.org/prout/")
+    (synopsis "Smaller lp command")
+    (description
+     "Prout (PRint OUT) is a small utility one can use to send
+documents to a printer.
+It has no feature, and does nothing else.  Just set your default
+printer in client.conf(5) and start printing.  No need for a local
+cups server to be installed.")
+    (license license:wtfpl2)))
+
+(define-public noice
+  (package
+    (name "noice")
+    (version "0.6")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://dl.2f30.org/releases/"
+                           name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0ldkbb71z6k4yzj4kpg3s94ijj1c1kx9dfcjz393py09scfyg5hr"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; No tests
+       #:make-flags (list "CC=gcc"
+                          (string-append "PREFIX=" %output))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure) ; No configure script
+         (add-before 'build 'curses
+           (lambda _
+             (substitute* "Makefile"
+               (("lcurses") "lncurses")))))))
+    (inputs
+     `(("ncurses" ,ncurses)))
+    (home-page "http://git.2f30.org/noice/")
+    (synopsis "Small file browser")
+    (description
+     "Noice is a small curses-based file browser.")
+    (license license:bsd-2)))
+
+;;; We want some commits that are more recent than the latest release, 0.2
+(define-public human
+  (let ((commit "50c80e6ba12823184b6866e06b955dbd2ccdc5d7")
+        (revision "1"))
+    (package
+      (name "human")
+      (version (string-append "0.2-" revision "." (string-take commit 7)))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "git://git.2f30.org/human.git")
+               (commit commit)))
+         (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "18xngm4h9vsyip52zwd79rrp1irzg6rs462lpbp61amf7hj955gn"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; No tests
+       #:make-flags (list "CC=gcc"
+                          (string-append "PREFIX=" %output))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)))) ; No configure script
+    (home-page "http://git.2f30.org/human/")
+    (synopsis "Convert bytes to human readable formats")
+    (description
+     "Human is a small program which translate numbers into a
+human readable format.  By default, it tries to detect the best
+factorisation, but you can force its output.
+You can adjust the number of decimals with the @code{SCALE}
+environment variable.")
+    (license license:wtfpl2))))
+
+(define-public fortify-headers
+  (package
+    (name "fortify-headers")
+    (version "0.8")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://dl.2f30.org/releases/"
+                           name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1cacdczpjb49c4i1168g541wnl3i3gbpv2m2wbnmw5wddlyhgkdg"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; No tests
+       #:make-flags (list "CC=gcc"
+                          (string-append "PREFIX=" %output))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)))) ; No configure script
+    (home-page "http://git.2f30.org/fortify-headers/")
+    (synopsis "Standalone fortify-source implementation")
+    (description
+     "This is a standalone implementation of fortify source.  It provides
+compile time buffer checks.  It is libc-agnostic and simply overlays the
+system headers by using the @code{#include_next} extension found in GCC.  It was
+initially intended to be used on musl based Linux distributions.
+
+@itemize
+@item It is portable, works on *BSD, Linux, Solaris and possibly others.
+@item It will only trap non-conformant programs.  This means that fortify
+  level 2 is treated in the same way as level 1.
+@item Avoids making function calls when undefined behaviour has already been
+  invoked.  This is handled by using __builtin_trap().
+@item Support for out-of-bounds read interfaces, such as send(), write(),
+  fwrite() etc.
+@item No ABI is enforced.  All of the fortify check functions are inlined
+  into the resulting binary.
+@end itemize\n")
+    (license license:isc)))
+
+(define-public colors
+  (package
+    (name "colors")
+    (version "0.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "http://dl.2f30.org/releases/"
+                           name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1lckmqpgj89841splng0sszbls2ag71ggkgr1wsv9y3v6y87589z"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:tests? #f ; No tests
+       #:make-flags (list "CC=gcc"
+                          (string-append "PREFIX=" %output))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)))) ; No configure script
+    (inputs
+     `(("libpng" ,libpng)))
+    (home-page "http://git.2f30.org/colors/")
+    (synopsis "Extract colors from pictures")
+    (description
+     "Extract colors from PNG files.  It is similar to
+strings(1) but for pictures.  For a given input file it outputs a
+colormap to stdout.")
+    (license license:isc)))
+
+;; No new releases were made at github, this repository is more active than
+;; the one at http://git.suckless.org/libutf/ and it is
+;; done by the same developer.
+(define-public libutf
+  (let ((revision "1")
+        (commit "ff4c60635e1f455b0a0b4200f8183fbd5a88225b"))
+    (package
+      (name "libutf")
+      (version (string-append "0.0.0-" revision "." (string-take commit 7)))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/cls/libutf")
+               (commit commit)))
+         (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "1ih5vjavilzggyr1j1z6w1z12c2fs5fg77cfnv7ami5ivsy3kg3d"))))
+      (build-system gnu-build-system)
+      (arguments
+       `(#:tests? #f ; No tests
+         #:make-flags (list "CC=gcc"
+                            (string-append "PREFIX=" %output))
+         #:phases
+         (modify-phases %standard-phases
+           (delete 'configure)))) ; No configure script
+      (inputs
+       `(("gawk" ,gawk)))
+      (home-page "https://github.com/cls/libutf")
+      (synopsis "Plan 9 compatible UTF-8 library")
+      (description
+       "This is a C89 UTF-8 library, with an API compatible with that of
+Plan 9's libutf, but with a number of improvements:
+
+@itemize
+@item Support for runes beyond the Basic Multilingual Plane.
+@item utflen and utfnlen cannot overflow on 32- or 64-bit machines.
+@item chartorune treats all invalid codepoints as though Runeerror.
+@item fullrune, utfecpy, and utfnlen do not overestimate the length
+of malformed runes.
+@item An extra function, charntorune(p,s,n), equivalent to
+fullrune(s,n) ? chartorune(p,s): 0.
+@item Runeerror may be set to an alternative replacement value, such
+as -1, to be used instead of U+FFFD.
+@end itemize\n")
+      (license license:expat))))
+
+;; No release tarballs so far.
+(define-public lchat
+  (let ((revision "1")
+        (commit "bbde23732f8c7769b982f0c1bda9b99fbf93f932"))
+    (package
+      (name "lchat")
+      (version (string-append "0.0.0-" revision "." (string-take commit 7)))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/younix/lchat")
+               (commit commit)))
+         (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "00q3rc0aa5416jvjvrj71x1wnr0331kxhvjjs7pyxgnq4xf36k63"))))
+      (build-system gnu-build-system)
+      (arguments
+       `(#:tests? #f ; No tests
+         #:make-flags (list "CC=gcc"
+                            (string-append "PREFIX=" %output))
+         #:phases
+         (modify-phases %standard-phases
+           (delete 'configure) ; No configure script
+           (add-before 'build 'libbsd
+             (lambda _
+               (substitute* "Makefile"
+                 (("-lutf") "-lutf -lbsd"))))
+           (replace 'install
+             (lambda* (#:key outputs #:allow-other-keys)
+               (let* ((out (assoc-ref outputs "out"))
+                      (bin (string-append out "/bin")))
+                 (install-file "lchat" bin)
+                 #t))))))
+      (inputs
+       `(("grep" ,grep)
+         ("ncurses" ,ncurses)
+         ("libutf" ,libutf)
+         ("libbsd" ,libbsd)))
+      (home-page "https://github.com/younix/lchat")
+      (synopsis "Line chat is a frontend for the irc client ii from suckless")
+      (description
+       "Lchat (line chat) is the little and small brother of cii.
+It is a front end for ii-like chat programs.  It uses tail(1) -f to get the
+chat output in background.")
+      (license license:isc))))
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 49d4c318fd..4a81250339 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -1,10 +1,11 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2012, 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014 Ian Denhardt <ian@zenhack.net>
 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
 ;;; Copyright © 2015, 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
@@ -45,7 +46,8 @@
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages python)
   #:use-module (gnu packages texinfo)
-  #:use-module (gnu packages base))
+  #:use-module (gnu packages base)
+  #:use-module (srfi srfi-1))
 
 (define-public libtasn1
   (package
@@ -211,6 +213,19 @@ required structures.")
     (properties '((ftp-server . "ftp.gnutls.org")
                   (ftp-directory . "/gcrypt/gnutls")))))
 
+(define-public gnutls/guile-2.2
+  ;; GnuTLS for Guile 2.2.  This is supported by GnuTLS >= 3.5.5.
+  (package
+    (inherit gnutls)
+    (name "guile2.2-gnutls")
+    (arguments
+     ;; Remove '--with-guile-site-dir=…/2.0'.
+     (substitute-keyword-arguments (package-arguments gnutls)
+       ((#:configure-flags flags)
+        `(cdr ,flags))))
+    (inputs `(("guile" ,guile-next)
+              ,@(alist-delete "guile" (package-inputs gnutls))))))
+
 (define-public openssl
   (package
    (name "openssl")
@@ -454,13 +469,13 @@ security, and applying best practice development processes.")
 (define-public python-acme
   (package
     (name "python-acme")
-    (version "0.9.3")
+    (version "0.10.1")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri "acme" version))
       (sha256
-        (base32
-         "16a02bb0apnk1bm68bcabdmmwd6rnvnjzanrmcb46bpbapwz3vx6"))))
+       (base32
+        "04d2464klbhvrsrlmca10qxyd968qz7xizdppr53cihnlfq2y77m"))))
     (build-system python-build-system)
     (arguments
      `(#:phases
@@ -503,13 +518,13 @@ security, and applying best practice development processes.")
 (define-public certbot
   (package
     (name "certbot")
-    (version "0.9.3")
+    (version "0.10.1")
     (source (origin
               (method url-fetch)
               (uri (pypi-uri name version))
               (sha256
                (base32
-                "1c7k4lfq5j78d1rvrwrb9082ngwibz92cwkf4kazaa9b76w9q538"))))
+                "0hx71ba7w8kf8hpg1wy5zf8ggczb57g3kcsdg83kxjpqnfnrkmp0"))))
     (build-system python-build-system)
     (arguments
      `(#:python ,python-2
diff --git a/gnu/packages/upnp.scm b/gnu/packages/upnp.scm
index f680a52881..9be9741202 100644
--- a/gnu/packages/upnp.scm
+++ b/gnu/packages/upnp.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 Sree Harsha Totakura <sreeharsha@totakura.in>
-;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -28,15 +28,14 @@
 (define-public miniupnpc
   (package
     (name "miniupnpc")
-    (version "2.0")
+    (version "2.0.20161216")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append
-             "http://miniupnp.tuxfamily.org/files/miniupnpc-"
-             version ".tar.gz"))
+       (uri (string-append "https://miniupnp.tuxfamily.org/files/"
+                           name "-" version ".tar.gz"))
        (sha256
-        (base32 "0fzrc6fs8vzb2yvk01bd3q5jkarysl7gjlyaqncy3yvfk2wcwd6l"))))
+        (base32 "0gpxva9jkjvqwawff5y51r6bmsmdhixl3i5bmzlqsqpwsq449q81"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("python" ,python-2)))
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index bf1842010f..49f95ef9b8 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -6,11 +6,11 @@
 ;;; Copyright © 2015, 2016 Mathieu Lirzin <mthl@gnu.org>
 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014, 2016 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2015 Kyle Meyer <kyle@kyleam.com>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
-;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -327,7 +327,7 @@ everything from small to very large projects with speed and efficiency.")
 (define-public libgit2
   (package
     (name "libgit2")
-    (version "0.24.3")
+    (version "0.25.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/libgit2/libgit2/"
@@ -335,7 +335,7 @@ everything from small to very large projects with speed and efficiency.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0m37b2jq8g70bmxlgrhbj4p23c893vxwmlmw1v5ywfxz3njyc90a"))))
+                "1cdwcw38frc1wf28x5ppddazv9hywc718j92f3xa3ybzzycyds3s"))))
     (build-system cmake-build-system)
     (arguments
      `(#:phases
@@ -842,19 +842,19 @@ masters from remote CVS hosts.")
 (define-public vc-dwim
   (package
     (name "vc-dwim")
-    (version "1.7")
+    (version "1.8")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnu/vc-dwim/vc-dwim-"
                                  version ".tar.xz"))
              (sha256
               (base32
-               "094pjwshvazlgagc254in2xvrp93vhcj0kb5ms17qs7sch99x9z2"))))
+               "0d5sqafc40l878m8wjr35jxmalj4kam1m6ph60v08ng4ml5g7931"))))
     (build-system gnu-build-system)
     (inputs `(("perl" ,perl)
               ("inetutils" ,inetutils))) ; for `hostname', used in the tests
     (native-inputs `(("emacs" ,emacs-minimal))) ; for `ctags'
-    (home-page "http://www.gnu.org/software/vc-dwim/")
+    (home-page "https://www.gnu.org/software/vc-dwim/")
     (synopsis "Version-control-agnostic ChangeLog diff and commit tool")
     (description
      "The vc-dwim package contains two tools, \"vc-dwim\" and \"vc-chlog\".
@@ -1240,14 +1240,14 @@ a built-in wiki, built-in file browsing, built-in tickets system, etc.")
 (define-public stagit
   (package
     (name "stagit")
-    (version "0.4")
+    (version "0.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://dl.2f30.org/releases/"
                                   name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0z5r06wqrfnsz24ci4hjqbd62svclvhkgzaq9npsyjcp6jnf7izc"))))
+                "0ym1dwzn2z23hcg53qh1m1g5pfibrfnnlp3sm3z1v4mhz0pgaj56"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; No tests
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index b9f2d69100..e0de564e14 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -7,7 +7,7 @@
 ;;; Copyright © 2015 Andy Patterson <ajpatter@uwaterloo.ca>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015, 2016 Alex Vong <alexvong1995@gmail.com>
-;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
+;;; Copyright © 2016, 2017 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
 ;;; Copyright © 2016 Dmitry Nikolaev <cameltheman@gmail.com>
 ;;; Copyright © 2016 Andy Patterson <ajpatter@uwaterloo.ca>
@@ -904,7 +904,7 @@ projects while introducing many more.")
 (define-public gnome-mpv
   (package
     (name "gnome-mpv")
-    (version "0.10")
+    (version "0.11")
     (source
      (origin
        (method url-fetch)
@@ -913,7 +913,7 @@ projects while introducing many more.")
                            ".tar.xz"))
        (sha256
         (base32
-         "10zizf926a82c753a80bi49rb5c4yqjyd6zin4xgmggspfxngncj"))))
+         "1hn3mpsxbrwf2m0nz4vzji4i6i896y8kqjb9kijqpk04cnrs3fgz"))))
     (native-inputs
      `(("intltool" ,intltool)
        ("pkg-config" ,pkg-config)))
@@ -970,15 +970,15 @@ access to mpv's powerful playback capabilities.")
 (define-public youtube-dl
   (package
     (name "youtube-dl")
-    (version "2016.12.15")
+    (version "2017.01.14")
     (source (origin
               (method url-fetch)
-              (uri (string-append "https://youtube-dl.org/downloads/"
+              (uri (string-append "https://yt-dl.org/downloads/"
                                   version "/youtube-dl-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "17m3dimgpn6139w95drc7zncfx2mskjx45qvmj74zhdqxnk3gnc5"))))
+                "1jlwz6p7ryj9ygmwqm4r3pykd9qw21rsiqpifbx0p0kcvdvvvj3n"))))
     (build-system python-build-system)
     (arguments
      ;; The problem here is that the directory for the man page and completion
@@ -1006,7 +1006,7 @@ access to mpv's powerful playback capabilities.")
     (description
      "Youtube-dl is a small command-line program to download videos from
 YouTube.com and a few more sites.")
-    (home-page "https://youtube-dl.org")
+    (home-page "https://yt-dl.org")
     (license license:public-domain)))
 
 (define-public libbluray
@@ -1485,7 +1485,7 @@ be used for realtime video capture via Linux-specific APIs.")
 (define-public obs
   (package
     (name "obs")
-    (version "0.16.6")
+    (version "17.0.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/jp9000/obs-studio"
@@ -1493,7 +1493,7 @@ be used for realtime video capture via Linux-specific APIs.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "00vwdnf0gnwp029sznsr0s4lcky3brxbmpy0ch7igjpk5sf6mkqp"))))
+                "02cfhpkcsq718zwhwwsm48gjggf95qr38hqpi0kwrvsy18ll0msm"))))
     (build-system cmake-build-system)
     (arguments
      `(#:tests? #f ; no tests
@@ -1513,9 +1513,11 @@ be used for realtime video capture via Linux-specific APIs.")
     (native-inputs
      `(("pkg-config" ,pkg-config)))
     (inputs
-     `(("curl" ,curl)
+     `(("alsa-lib" ,alsa-lib)
+       ("curl" ,curl)
        ("eudev" ,eudev)
        ("ffmpeg" ,ffmpeg)
+       ("fontconfig" ,fontconfig)
        ("freetype" ,freetype)
        ("jack" ,jack-1)
        ("jansson" ,jansson)
@@ -1525,6 +1527,7 @@ be used for realtime video capture via Linux-specific APIs.")
        ("pulseaudio" ,pulseaudio)
        ("qtbase" ,qtbase)
        ("qtx11extras" ,qtx11extras)
+       ("speex" ,speex)
        ("v4l-utils" ,v4l-utils)
        ("zlib" ,zlib)))
     (synopsis "Live streaming software")
diff --git a/gnu/packages/vim.scm b/gnu/packages/vim.scm
index 0c359967d9..c2c0ccad9a 100644
--- a/gnu/packages/vim.scm
+++ b/gnu/packages/vim.scm
@@ -49,7 +49,7 @@
 (define-public vim
   (package
     (name "vim")
-    (version "8.0.0133")
+    (version "8.0.0194")
     (source (origin
              (method url-fetch)
              (uri (string-append "https://github.com/vim/vim/archive/v"
@@ -57,7 +57,7 @@
              (file-name (string-append name "-" version ".tar.gz"))
              (sha256
               (base32
-               "1965lb3sq378kz2fxb5swi442bdvzj416znvslb7saapqx3pjj51"))))
+               "0rvhlgfms6w7h1v17lxwvfp32nmxx92vc0xsmgj5xgapz43l2sp0"))))
     (build-system gnu-build-system)
     (arguments
      `(#:test-target "test"
diff --git a/gnu/packages/vpn.scm b/gnu/packages/vpn.scm
index 0ce51aaf88..8c7f07a263 100644
--- a/gnu/packages/vpn.scm
+++ b/gnu/packages/vpn.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -152,7 +153,7 @@ and probably others.")
 (define-public openvpn
   (package
     (name "openvpn")
-    (version "2.3.14")
+    (version "2.4.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -160,7 +161,7 @@ and probably others.")
                     version ".tar.xz"))
               (sha256
                (base32
-                "167frlmmg2raffn9h7ww3agdwgfdl0wa5wm9fsgl0i6mz3md187k"))))
+                "0zpqnbhjaifdalyxwmvk5kcyd7cpxbcigbn7967nbsyvl54vl8vg"))))
     (build-system gnu-build-system)
     (arguments
      '(#:configure-flags '("--enable-iproute2=yes")))
diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 5901e0ef6d..c8f8c63ecf 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2013, 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2013 Aljosha Papsch <misc@rpapsch.de>
-;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
@@ -58,7 +58,7 @@
   #:use-module (gnu packages databases)
   #:use-module (gnu packages bison)
   #:use-module (gnu packages flex)
-  #:use-module (gnu packages mit-krb5)
+  #:use-module (gnu packages kerberos)
   #:use-module (gnu packages gd)
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages glib)
@@ -146,7 +146,7 @@ and its related documentation.")
          (add-before 'configure 'patch-/bin/sh
            (lambda _
              (substitute* "auto/feature"
-               (("/bin/sh") (which "bash")))
+               (("/bin/sh") (which "sh")))
              #t))
          (replace 'configure
            (lambda* (#:key outputs #:allow-other-keys)
@@ -527,7 +527,7 @@ for efficient socket-like bidirectional reliable communication channels.")
 (define-public libpsl
   (package
     (name "libpsl")
-    (version "0.16.1")
+    (version "0.17.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/rockdaboot/libpsl/"
@@ -535,7 +535,7 @@ for efficient socket-like bidirectional reliable communication channels.")
                                   "/libpsl-" version ".tar.gz"))
               (sha256
                (base32
-                "1srrd0iyz9p5xgl8q0hrzqg7p8cl9ar0cdb8f54hls4kllf3f80l"))))
+                "0jyxwc6bcvkcahkwcq237a0x209cysb63n5lak5m7zbglbb2jmq2"))))
     (build-system gnu-build-system)
     (inputs
      `(("icu4c" ,icu4c)
diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm
index 79b49f0a85..4742322360 100644
--- a/gnu/packages/webkit.scm
+++ b/gnu/packages/webkit.scm
@@ -53,14 +53,14 @@
 (define-public webkitgtk
   (package
     (name "webkitgtk")
-    (version "2.14.2")
+    (version "2.14.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.webkitgtk.org/releases/"
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0mjmcxhafh6l6j062z2nwfqbbvfyx16iqrzrbajswijh23awpnrf"))))
+                "0v0hkvggxi38cdb3v672qwr0m0y3x2rmnwh8j3q28869li8d9shb"))))
     (build-system cmake-build-system)
     (arguments
      '(#:tests? #f ; no tests
diff --git a/gnu/packages/wm.scm b/gnu/packages/wm.scm
index 6713560c5f..8612867f4a 100644
--- a/gnu/packages/wm.scm
+++ b/gnu/packages/wm.scm
@@ -9,9 +9,10 @@
 ;;; Copyright © 2016 Al McElrath <hello@yrns.org>
 ;;; Copyright © 2016 Carlo Zancanaro <carlo@zancanaro.id.au>
 ;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2016 ng0 <ng0@libertad.pw>
+;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2016 doncatnip <gnopap@gmail.com>
 ;;; Copyright © 2016 Ivan Vilata i Balaguer <ivan@selidor.net>
+;;; Copyright © 2017 Mekeor Melire <mekeor.melire@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -50,6 +51,7 @@
   #:use-module (gnu packages docbook)
   #:use-module (gnu packages image)
   #:use-module (gnu packages pcre)
+  #:use-module (gnu packages python)
   #:use-module (gnu packages gtk)
   #:use-module (gnu packages libevent)
   #:use-module (gnu packages fribidi)
@@ -319,7 +321,7 @@ prompt.")
 (define-public xmonad
   (package
     (name "xmonad")
-    (version "0.11.1")
+    (version "0.12")
     (synopsis "Tiling window manager")
     (source (origin
               (method url-fetch)
@@ -327,22 +329,15 @@ prompt.")
                                   name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1pfjssamiwpwjp1qqkm9m9p9s35pv381m0cwg6jxg0ppglibzq1r"))
-              (modules '((guix build utils)))
-              (snippet
-               ;; Here we update the constraints on the utf8-string package in
-               ;; the Cabal file.  We allow a newer version which is compatible
-               ;; with GHC 7.10.2.  The same change is applied on Hackage.  See
-               ;; <https://hackage.haskell.org/package/xmonad-0.11.1/revisions/>.
-               '(substitute* "xmonad.cabal"
-                  (("utf8-string >= 0.3 && < 0.4")
-                   "utf8-string >= 0.3 && < 1.1")))))
+                "1mzx3p17ppgmi30q3phaj58x6kxn73pbbkn9v9gzgmd8skdlkxp8"))))
     (build-system haskell-build-system)
     (inputs
-     `(("ghc-mtl" ,ghc-mtl)
-       ("ghc-utf8-string" ,ghc-utf8-string)
-       ("ghc-extensible-exceptions" ,ghc-extensible-exceptions)
-       ("ghc-x11" ,ghc-x11)))
+     `(("ghc-extensible-exceptions" ,ghc-extensible-exceptions)
+       ("ghc-mtl"                   ,ghc-mtl)
+       ("ghc-quickcheck"            ,ghc-quickcheck)
+       ("ghc-setlocale"             ,ghc-setlocale)
+       ("ghc-utf8-string"           ,ghc-utf8-string)
+       ("ghc-x11"                   ,ghc-x11)))
     (arguments
      `(#:phases
        (modify-phases %standard-phases
@@ -375,7 +370,7 @@ tiled on several screens.")
 (define-public ghc-xmonad-contrib
   (package
     (name "ghc-xmonad-contrib")
-    (version "0.11.4")
+    (version "0.12")
     (source
      (origin
        (method url-fetch)
@@ -383,7 +378,7 @@ tiled on several screens.")
                            "xmonad-contrib-" version ".tar.gz"))
        (sha256
         (base32
-         "1g5cw9vvnfbiyi599fngk02zlmdhrf82x0bndhypkn6kybab6yd3"))))
+         "04gk449dxwmimmb6y2d2hvvmv91r91xlj879qzlyq0mcf723278k"))))
     (build-system haskell-build-system)
     (propagated-inputs
      `(("ghc-mtl" ,ghc-mtl)
@@ -601,3 +596,39 @@ experience.")
 dynamic and extensible using the Lua programming language.")
     (license license:gpl2+)
     (home-page "https://awesome.naquadah.org/")))
+
+(define-public menumaker
+  (package
+    (name "menumaker")
+    (version "0.99.10")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://sourceforge/menumaker/"
+                           "menumaker-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1mm4cvg3kphkkd8nwrhcg6d9nm5ar7mgc0wf6fxk6zck1l7xn8ky"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("python" ,python)))
+    (synopsis "Heuristics-driven menu generator")
+    (description
+     "MenuMaker is a menu generation utility for a number of X window
+managers and desktop environments.  It is capable of finding lots of
+installed programs and generating a root menu consistent across all
+supported window managers, so one will get (almost) the same menu in
+all of them.  Currently supported window managers include:
+
+@enumerate
+@item BlackBox
+@item Deskmenu
+@item FluxBox
+@item IceWM
+@item OpenBox
+@item PekWM
+@item WindowMaker
+@item XFCE
+@end enumerate\n")
+    (home-page "http://menumaker.sourceforge.net/")
+    (license license:bsd-2)))
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index 615e539e20..7771b16534 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -852,7 +852,7 @@ color temperature should be set to match the lamps in your room.")
 (define-public xscreensaver
   (package
     (name "xscreensaver")
-    (version "5.35")
+    (version "5.36")
     (source
      (origin
        (method url-fetch)
@@ -861,7 +861,7 @@ color temperature should be set to match the lamps in your room.")
                        version ".tar.gz"))
        (sha256
         (base32
-         "08kbb0ry7ih436ab4i5g6lnhaaz13zkcdmbdibrn4j5gm5qq8v0y"))))
+         "0v60mdhvv42jla5hljp77igng11kxpah5fs9j7ci65kz0hw552vb"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f  ; no check target
@@ -940,7 +940,7 @@ connectivity of the X server running on a particular @code{DISPLAY}.")
 (define-public rofi
   (package
     (name "rofi")
-    (version "1.3.0")
+    (version "1.3.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/DaveDavenport/rofi/"
@@ -948,7 +948,7 @@ connectivity of the X server running on a particular @code{DISPLAY}.")
                                   version "/rofi-" version ".tar.xz"))
               (sha256
                (base32
-                "1a65ai93ygras5bi7wc0s5i3zqslzqlnw3klq3sdnp2p0d6hjjqn"))))
+                "1s47biv6d68nblpz6d3aklsar1xxxcilzr4y77v3hz2w1wbz2b5m"))))
     (build-system gnu-build-system)
     (inputs
      `(("pango" ,pango)
diff --git a/gnu/packages/xfce.scm b/gnu/packages/xfce.scm
index 5639f1daa3..fce47d93ce 100644
--- a/gnu/packages/xfce.scm
+++ b/gnu/packages/xfce.scm
@@ -4,6 +4,7 @@
 ;;; Copyright © 2016 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2016 Florian Paul Schmidt <mista.tapas@gmx.net>
 ;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -661,7 +662,7 @@ devices and folders.")
 (define-public xfce4-terminal
   (package
     (name "xfce4-terminal")
-    (version "0.6.3")
+    (version "0.8.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://archive.xfce.org/src/apps/" name "/"
@@ -669,14 +670,14 @@ devices and folders.")
                                   name "-" version ".tar.bz2"))
               (sha256
                (base32
-                "023y0lkfijifh05yz8grimxadqpi98mrivr00sl18nirq8b4fbwi"))))
+                "1w8jvi9nw00aki825mm8f7wpkhxxicw4f6j9v4ka71z8p2ry9rj0"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)
        ("intltool" ,intltool)))
     (inputs
      `(("libxfce4ui" ,libxfce4ui)
-       ("vte" ,vte/gtk+-2)))
+       ("vte" ,vte)))
     (home-page "http://www.xfce.org/")
     (synopsis "Xfce terminal emulator")
     (description
diff --git a/gnu/packages/xfig.scm b/gnu/packages/xfig.scm
index 6436e52ad6..2e65000eb7 100644
--- a/gnu/packages/xfig.scm
+++ b/gnu/packages/xfig.scm
@@ -34,12 +34,12 @@
     (version "3.2.5c")
     (source
      (origin
-      (method url-fetch)
-      (uri (string-append "mirror://sourceforge/mcj/mcj-source/xfig."
-                          version ".full.tar.gz"))
-      (sha256
-       (base32
-        "1yd1jclvw5w3ja4jjzr1ysbn8iklh88wq84jn9d1gavrbfbqyqpa"))))
+       (method url-fetch)
+       (uri (string-append "mirror://sourceforge/mcj/mcj-source/xfig."
+                           version ".full.tar.gz"))
+       (sha256
+        (base32
+         "1yd1jclvw5w3ja4jjzr1ysbn8iklh88wq84jn9d1gavrbfbqyqpa"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("imake" ,imake)
@@ -59,51 +59,54 @@
     (arguments
      `(#:tests? #f
        #:phases
-       (alist-replace
-        'configure
-        (lambda* (#:key inputs outputs #:allow-other-keys)
-          (let ((imake (assoc-ref inputs "imake"))
-                (out   (assoc-ref outputs "out")))
-           (substitute* "Imakefile"
-             (("XCOMM (BINDIR = )[[:graph:]]*" _ front)
-              (string-append front out "/bin"))
-             (("(PNGLIBDIR = )[[:graph:]]*" _ front)
-              (string-append front (assoc-ref inputs "libpng") "/lib"))
-             (("(PNGINC = -I)[[:graph:]]*" _ front)
-              (string-append front (assoc-ref inputs "libpng") "/include"))
-             (("(JPEGLIBDIR = )[[:graph:]]*" _ front)
-              (string-append front (assoc-ref inputs "libjpeg") "/lib"))
-             (("(JPEGINC = -I)[[:graph:]]*" _ front)
-              (string-append front (assoc-ref inputs "libjpeg") "/include"))
-             (("(ZLIBDIR = )[[:graph:]]*" _ front)
-              (string-append front (assoc-ref inputs "zlib") "/lib"))
-             (("(XPMLIBDIR = )[[:graph:]]*" _ front)
-              (string-append front (assoc-ref inputs "libxpm") "/lib"))
-             (("(XPMINC = -I)[[:graph:]]*" _ front)
-              (string-append front (assoc-ref inputs "libxpm") "/include"))
-             (("(XFIGLIBDIR = )[[:graph:]]*" _ front)
-              (string-append front out "/lib"))
-             (("(XFIGDOCDIR = )[[:graph:]]*" _ front)
-              (string-append front out "/share/doc"))
-             (("XCOMM USEINLINE") "USEINLINE"))
-           ;; The -a argument is required in order to pick up the correct paths
-           ;; to several X header files.
-           (zero? (system* "xmkmf" "-a"))
-           ;; Reset some variables that are inherited from imake templates
-           (substitute* "Makefile"
-             ;; These imake variables somehow remain undefined
-             (("DefaultGcc2[[:graph:]]*Opt") "-O2")
-             ;; Reset a few variable defaults that are set in imake templates
-             ((imake) out)
-             (("(MANPATH = )[[:graph:]]*" _ front)
-              (string-append front out "/share/man"))
-             (("(CONFDIR = )([[:graph:]]*)" _ front default)
-              (string-append front out default)))))
-        (alist-cons-after
-         'install 'install/libs
-         (lambda _
-           (zero? (system* "make" "install.libs")))
-         (alist-cons-after
+       (modify-phases %standard-phases
+         (replace 'configure
+                  (lambda* (#:key inputs outputs #:allow-other-keys)
+                    (let ((imake (assoc-ref inputs "imake"))
+                          (out   (assoc-ref outputs "out")))
+                      (substitute* "Imakefile"
+                        (("XCOMM XAPPLOADDIR = /home/user/xfig *")
+                         (string-append "XAPPLOADDIR = " out ,%app-defaults-dir))
+                        (("XCOMM (BINDIR = )[[:graph:]]*" _ front)
+                         (string-append front out "/bin"))
+                        (("(PNGLIBDIR = )[[:graph:]]*" _ front)
+                         (string-append front (assoc-ref inputs "libpng") "/lib"))
+                        (("(PNGINC = -I)[[:graph:]]*" _ front)
+                         (string-append front (assoc-ref inputs "libpng") "/include"))
+                        (("(JPEGLIBDIR = )[[:graph:]]*" _ front)
+                         (string-append front (assoc-ref inputs "libjpeg") "/lib"))
+                        (("(JPEGINC = -I)[[:graph:]]*" _ front)
+                         (string-append front (assoc-ref inputs "libjpeg") "/include"))
+                        (("(ZLIBDIR = )[[:graph:]]*" _ front)
+                         (string-append front (assoc-ref inputs "zlib") "/lib"))
+                        (("(XPMLIBDIR = )[[:graph:]]*" _ front)
+                         (string-append front (assoc-ref inputs "libxpm") "/lib"))
+                        (("(XPMINC = -I)[[:graph:]]*" _ front)
+                         (string-append front (assoc-ref inputs "libxpm") "/include"))
+                        (("(XFIGLIBDIR = )[[:graph:]]*" _ front)
+                         (string-append front out "/lib"))
+                        (("(XFIGDOCDIR = )[[:graph:]]*" _ front)
+                         (string-append front out "/share/doc"))
+                        (("XCOMM USEINLINE") "USEINLINE"))
+                      ;; The -a argument is required in order to pick up the correct paths
+                      ;; to several X header files.
+                      (zero? (system* "xmkmf" "-a"))
+                      ;; Reset some variables that are inherited from imake templates
+                      (substitute* "Makefile"
+                        ;; These imake variables somehow remain undefined
+                        (("DefaultGcc2[[:graph:]]*Opt") "-O2")
+                        ;; Reset a few variable defaults that are set in imake templates
+                        ((imake) out)
+                        (("(MANPATH = )[[:graph:]]*" _ front)
+                         (string-append front out "/share/man"))
+                        (("(CONFDIR = )([[:graph:]]*)" _ front default)
+                         (string-append front out default))))
+                    #t))
+         (add-after
+          'install 'install/libs
+          (lambda _
+            (zero? (system* "make" "install.libs"))))
+         (add-after
           'install 'install/doc
           (lambda _
             (begin
@@ -118,15 +121,7 @@
                   (dump-port in out)
                   (close-pipe in)
                   (close-port out)))
-              (zero? (system* "make" "install.doc"))))
-          (alist-cons-after
-           'install 'wrap-xfig
-           (lambda* (#:key outputs #:allow-other-keys)
-             (let ((out (assoc-ref outputs "out")))
-               (wrap-program (string-append out "/bin/xfig")
-                             `("XAPPLRESDIR" suffix
-                               (,(string-append out "/etc/X11/app-defaults"))))))
-           %standard-phases))))))
+              (zero? (system* "make" "install.doc"))))))))
     (home-page "http://xfig.org/")
     (synopsis "Interactive drawing tool")
     (description
@@ -144,12 +139,12 @@ selected in various ways.  For text, 35 fonts are available.")
     (version "3.2.5e")
     (source
      (origin
-      (method url-fetch)
-      (uri (string-append "mirror://sourceforge/mcj/mcj-source/transfig."
-                          version ".tar.gz"))
-      (sha256
-       (base32
-        "0i3p7qmg2w8qrad3pn42b0miwarql7yy0gpd49b1bpal6bqsiicf"))))
+       (method url-fetch)
+       (uri (string-append "mirror://sourceforge/mcj/mcj-source/transfig."
+                           version ".tar.gz"))
+       (sha256
+        (base32
+         "0i3p7qmg2w8qrad3pn42b0miwarql7yy0gpd49b1bpal6bqsiicf"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("imake" ,imake)
@@ -183,20 +178,20 @@ selected in various ways.  For text, 35 fonts are available.")
               (("(XPMINC = -I)[[:graph:]]*" _ front)
                (string-append front (assoc-ref inputs "libxpm") "/include/X11"))
               (("/usr/local/lib/fig2dev") (string-append out "/lib")))
-           ;; The -a argument is required in order to pick up the correct paths
-           ;; to several X header files.
-           (zero? (system* "xmkmf" "-a"))
-           (substitute* '("Makefile"
-                          "fig2dev/Makefile"
-                          "transfig/Makefile")
-             ;; These imake variables somehow remain undefined
-             (("DefaultGcc2[[:graph:]]*Opt") "-O2")
-             ;; Reset a few variable defaults that are set in imake templates
-             ((imake) out)
-             (("(MANPATH = )[[:graph:]]*" _ front)
-              (string-append front out "/share/man"))
-             (("(CONFDIR = )([[:graph:]]*)" _ front default)
-              (string-append front out default)))))
+            ;; The -a argument is required in order to pick up the correct paths
+            ;; to several X header files.
+            (zero? (system* "xmkmf" "-a"))
+            (substitute* '("Makefile"
+                           "fig2dev/Makefile"
+                           "transfig/Makefile")
+              ;; These imake variables somehow remain undefined
+              (("DefaultGcc2[[:graph:]]*Opt") "-O2")
+              ;; Reset a few variable defaults that are set in imake templates
+              ((imake) out)
+              (("(MANPATH = )[[:graph:]]*" _ front)
+               (string-append front out "/share/man"))
+              (("(CONFDIR = )([[:graph:]]*)" _ front default)
+               (string-append front out default)))))
         (alist-cons-after
          'install 'install/doc
          (lambda _
diff --git a/gnu/packages/xorg.scm b/gnu/packages/xorg.scm
index 1267d3106d..7a534592b4 100644
--- a/gnu/packages/xorg.scm
+++ b/gnu/packages/xorg.scm
@@ -2,7 +2,7 @@
 ;;; Copyright © 2013, 2014 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014, 2015 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Eric Dvorsak <eric@dvorsak.fr>
 ;;; Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
 ;;; Copyright © 2015 Cyrill Schenkel <cyrill.schenkel@gmail.com>
@@ -10,7 +10,7 @@
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
 ;;; Copyright © 2016 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2016 David Craven <david@craven.ch>
-;;; Copyright © 2016 John Darrington <jmd@gnu.org>
+;;; Copyright © 2016, 2017 John Darrington <jmd@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -335,6 +335,7 @@ provided.")
     (license (license:x11-style "file://dri3proto.h"
                                 "See 'dri3proto.h' in the distribution."))))
 
+(define-public %app-defaults-dir "/lib/X11/app-defaults")
 
 (define-public editres
   (package
@@ -354,7 +355,7 @@ provided.")
     (arguments
      `(#:configure-flags
        (list (string-append "--with-appdefaultdir="
-                            %output "/lib/X11/app-defaults"))))
+                            %output ,%app-defaults-dir))))
     (inputs
      `(("libxaw" ,libxaw)
        ("libxmu" ,libxmu)
@@ -398,21 +399,31 @@ Resources file.")
     (description "Xorg font encoding files.")
     (license license:public-domain)))
 
+(define (%xorg-font-origin font version hash)
+  (origin
+    (method url-fetch)
+    (uri (string-append "mirror://xorg/individual/font/" font "-"
+                        version ".tar.bz2"))
+    (sha256 hash)
+    (modules '((guix build utils)))
+    (snippet
+     ;; Do not include timestamps in '.pcf.gz' files.
+     '(substitute* "Makefile.in"
+        (("^COMPRESS = (.*)$" _ rest)
+         (string-append "COMPRESS = " (string-trim-right rest)
+                        " --no-name\n"))))))
+
+(define-syntax-rule (xorg-font-origin font version hash)
+  "Expand to the 'origin' form for the given Xorg font package."
+  (%xorg-font-origin font version (base32 hash)))
 
 (define-public font-adobe100dpi
   (package
     (name "font-adobe100dpi")
     (version "1.0.3")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-adobe-100dpi-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "0m60f5bd0caambrk8ksknb5dks7wzsg7g7xaf0j21jxmx8rq9h5j"))))
+    (source (xorg-font-origin
+             "font-adobe-100dpi" version
+             "0m60f5bd0caambrk8ksknb5dks7wzsg7g7xaf0j21jxmx8rq9h5j"))
     (build-system gnu-build-system)
     (inputs
       `(("bdftopcf" ,bdftopcf)
@@ -435,16 +446,9 @@ Resources file.")
   (package
     (name "font-adobe75dpi")
     (version "1.0.3")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-adobe-75dpi-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "02advcv9lyxpvrjv8bjh1b797lzg6jvhipclz49z8r8y98g4l0n6"))))
+    (source (xorg-font-origin
+             "font-adobe-75dpi" version
+             "02advcv9lyxpvrjv8bjh1b797lzg6jvhipclz49z8r8y98g4l0n6"))
     (build-system gnu-build-system)
     (inputs
       `(("bdftopcf" ,bdftopcf)
@@ -471,16 +475,9 @@ Resources file.")
   (package
     (name "font-alias")
     (version "1.0.3")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-alias-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "16ic8wfwwr3jicaml7b5a0sk6plcgc1kg84w02881yhwmqm3nicb"))))
+    (source (xorg-font-origin
+             name version
+             "16ic8wfwwr3jicaml7b5a0sk6plcgc1kg84w02881yhwmqm3nicb"))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)))
     (arguments
@@ -512,16 +509,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-arabic-misc")
     (version "1.0.3")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-arabic-misc-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "1x246dfnxnmflzf0qzy62k8jdpkb6jkgspcjgbk8jcq9lw99npah"))))
+    (source (xorg-font-origin
+             name version
+             "1x246dfnxnmflzf0qzy62k8jdpkb6jkgspcjgbk8jcq9lw99npah"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -549,16 +539,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-cronyx-cyrillic")
     (version "1.0.3")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-cronyx-cyrillic-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "0ai1v4n61k8j9x2a1knvfbl2xjxk3xxmqaq3p9vpqrspc69k31kf"))))
+    (source (xorg-font-origin
+             name version
+             "0ai1v4n61k8j9x2a1knvfbl2xjxk3xxmqaq3p9vpqrspc69k31kf"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -582,16 +565,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-dec-misc")
     (version "1.0.3")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-dec-misc-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "0yzza0l4zwyy7accr1s8ab7fjqkpwggqydbm2vc19scdby5xz7g1"))))
+    (source (xorg-font-origin
+             name version
+             "0yzza0l4zwyy7accr1s8ab7fjqkpwggqydbm2vc19scdby5xz7g1"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -611,16 +587,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-isas-misc")
     (version "1.0.3")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-isas-misc-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "0rx8q02rkx673a7skkpnvfkg28i8gmqzgf25s9yi0lar915sn92q"))))
+    (source (xorg-font-origin
+             name version
+             "0rx8q02rkx673a7skkpnvfkg28i8gmqzgf25s9yi0lar915sn92q"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -641,16 +610,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-micro-misc")
     (version "1.0.3")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-micro-misc-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "1dldxlh54zq1yzfnrh83j5vm0k4ijprrs5yl18gm3n9j1z0q2cws"))))
+    (source (xorg-font-origin
+             name version
+             "1dldxlh54zq1yzfnrh83j5vm0k4ijprrs5yl18gm3n9j1z0q2cws"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -667,16 +629,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-misc-cyrillic")
     (version "1.0.3")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-misc-cyrillic-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "0q2ybxs8wvylvw95j6x9i800rismsmx4b587alwbfqiw6biy63z4"))))
+    (source (xorg-font-origin
+             name version
+             "0q2ybxs8wvylvw95j6x9i800rismsmx4b587alwbfqiw6biy63z4"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -693,16 +648,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-misc-ethiopic")
     (version "1.0.3")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-misc-ethiopic-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "19cq7iq0pfad0nc2v28n681fdq3fcw1l1hzaq0wpkgpx7bc1zjsk"))))
+    (source (xorg-font-origin
+             name version
+             "19cq7iq0pfad0nc2v28n681fdq3fcw1l1hzaq0wpkgpx7bc1zjsk"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -723,16 +671,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-misc-misc")
     (version "1.1.2")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-misc-misc-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "150pq6n8n984fah34n3k133kggn9v0c5k07igv29sxp1wi07krxq"))))
+    (source (xorg-font-origin
+             name version
+             "150pq6n8n984fah34n3k133kggn9v0c5k07igv29sxp1wi07krxq"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -753,16 +694,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-mutt-misc")
     (version "1.0.3")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-mutt-misc-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "13qghgr1zzpv64m0p42195k1kc77pksiv059fdvijz1n6kdplpxx"))))
+    (source (xorg-font-origin
+             name version
+             "13qghgr1zzpv64m0p42195k1kc77pksiv059fdvijz1n6kdplpxx"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -779,16 +713,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-schumacher-misc")
     (version "1.1.2")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-schumacher-misc-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "0nkym3n48b4v36y4s927bbkjnsmicajarnf6vlp7wxp0as304i74"))))
+    (source (xorg-font-origin
+             name version
+             "0nkym3n48b4v36y4s927bbkjnsmicajarnf6vlp7wxp0as304i74"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -809,16 +736,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-screen-cyrillic")
     (version "1.0.4")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-screen-cyrillic-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "0yayf1qlv7irf58nngddz2f1q04qkpr5jwp4aja2j5gyvzl32hl2"))))
+    (source (xorg-font-origin
+             name version
+             "0yayf1qlv7irf58nngddz2f1q04qkpr5jwp4aja2j5gyvzl32hl2"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -835,16 +755,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-sony-misc")
     (version "1.0.3")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-sony-misc-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "1xfgcx4gsgik5mkgkca31fj3w72jw9iw76qyrajrsz1lp8ka6hr0"))))
+    (source (xorg-font-origin
+             name version
+             "1xfgcx4gsgik5mkgkca31fj3w72jw9iw76qyrajrsz1lp8ka6hr0"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -861,16 +774,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-sun-misc")
     (version "1.0.3")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-sun-misc-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "1q6jcqrffg9q5f5raivzwx9ffvf7r11g6g0b125na1bhpz5ly7s8"))))
+    (source (xorg-font-origin
+             name version
+             "1q6jcqrffg9q5f5raivzwx9ffvf7r11g6g0b125na1bhpz5ly7s8"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -910,16 +816,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-winitzki-cyrillic")
     (version "1.0.3")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-winitzki-cyrillic-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "181n1bgq8vxfxqicmy1jpm1hnr6gwn1kdhl6hr4frjigs1ikpldb"))))
+    (source (xorg-font-origin
+             name version
+             "181n1bgq8vxfxqicmy1jpm1hnr6gwn1kdhl6hr4frjigs1ikpldb"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -936,16 +835,9 @@ For example: '6x10', '9x15bold', etc.")
   (package
     (name "font-xfree86-type1")
     (version "1.0.4")
-    (source
-      (origin
-        (method url-fetch)
-        (uri (string-append
-               "mirror://xorg/individual/font/font-xfree86-type1-"
-               version
-               ".tar.bz2"))
-        (sha256
-          (base32
-            "0jp3zc0qfdaqfkgzrb44vi9vi0a8ygb35wp082yz7rvvxhmg9sya"))))
+    (source (xorg-font-origin
+             name version
+             "0jp3zc0qfdaqfkgzrb44vi9vi0a8ygb35wp082yz7rvvxhmg9sya"))
     (build-system gnu-build-system)
     (inputs
       `(("mkfontdir" ,mkfontdir)
@@ -1458,7 +1350,7 @@ treat it as part of their software base when porting.")
 (define-public libxpm
   (package
     (name "libxpm")
-    (version "3.5.11")
+    (version "3.5.12")
     (source
       (origin
         (method url-fetch)
@@ -1468,7 +1360,7 @@ treat it as part of their software base when porting.")
                ".tar.bz2"))
         (sha256
           (base32
-            "07041q4k8m4nirzl7lrqn8by2zylx0xvh6n0za301qqs3njszgf5"))))
+            "1v5xaiw4zlhxspvx76y3hq4wpxv7mpj6parqnwdqvpj8vbinsspx"))))
     (build-system gnu-build-system)
     (inputs
       `(("gettext" ,gettext-minimal)
@@ -2425,7 +2317,7 @@ devices, thus making direct access unnecessary.")
 (define-public xf86-input-evdev
   (package
     (name "xf86-input-evdev")
-    (version "2.10.4")
+    (version "2.10.5")
     (source
       (origin
         (method url-fetch)
@@ -2435,7 +2327,7 @@ devices, thus making direct access unnecessary.")
                ".tar.bz2"))
         (sha256
           (base32
-            "1hhc97k1qmgs85fp8p2i3gq4p18azlczbvklv33w19p1phzs1xmv"))))
+           "03dphgwjaxxyys8axc1kyysp6xvy9bjxicsdrhi2jvdgbchadnly"))))
     (build-system gnu-build-system)
     (inputs
       `(("udev" ,eudev)
@@ -2828,7 +2720,7 @@ compositing.  Both support Xv overlay and dynamic rotation with XRandR.")
 (define-public xf86-video-glint
   (package
     (name "xf86-video-glint")
-    (version "1.2.8")
+    (version "1.2.9")
     (source
       (origin
         (method url-fetch)
@@ -2838,8 +2730,7 @@ compositing.  Both support Xv overlay and dynamic rotation with XRandR.")
                ".tar.bz2"))
         (sha256
           (base32
-           "08a2aark2yn9irws9c78d9q44dichr03i9zbk61jgr54ncxqhzv5"))
-        (patches (search-patches "xf86-video-glint-remove-mibstore.patch"))))
+           "1lkpspvrvrp9s539bhfdjfh4andaqyk63l6zjn8m3km95smk6a45"))))
     (build-system gnu-build-system)
     (inputs `(("xf86dgaproto" ,xf86dgaproto)
               ("xorg-server" ,xorg-server)))
@@ -2958,7 +2849,7 @@ the same level of support for generic VGA or 8514/A adapters.")
 (define-public xf86-video-mga
   (package
     (name "xf86-video-mga")
-    (version "1.6.4")
+    (version "1.6.5")
     (source
       (origin
         (method url-fetch)
@@ -2968,7 +2859,7 @@ the same level of support for generic VGA or 8514/A adapters.")
                ".tar.bz2"))
         (sha256
           (base32
-           "0kyl8w99arviv27pc349zsy2vinnm7mdpy34vr9nzisicw5nkij8"))))
+           "08ll52hlar9z446v0wwca5qkj3hxhswwm7vvcgic9xv4cf7csqxn"))))
     (build-system gnu-build-system)
     (inputs `(("mesa" ,mesa)
               ("xf86driproto" ,xf86driproto)
@@ -3061,7 +2952,7 @@ kernel mode setting (KMS).")
 (define-public xf86-video-nv
   (package
     (name "xf86-video-nv")
-    (version "2.1.20")
+    (version "2.1.21")
     (source
       (origin
         (method url-fetch)
@@ -3071,8 +2962,7 @@ kernel mode setting (KMS).")
                ".tar.bz2"))
         (sha256
           (base32
-           "1gqh1khc4zalip5hh2nksgs7i3piqq18nncgmsx9qvzi05azd5c3"))
-        (patches (search-patches "xf86-video-nv-remove-mibstore.patch"))))
+           "0bdk3pc5y0n7p53q4gc2ff7bw16hy5hwdjjxkm5j3s7hdyg6960z"))))
     (build-system gnu-build-system)
     (inputs `(("xorg-server" ,xorg-server)))
     (native-inputs `(("pkg-config" ,pkg-config)))
@@ -3174,7 +3064,7 @@ This driver is intended for the spice qxl virtio device.")
 (define-public xf86-video-r128
   (package
     (name "xf86-video-r128")
-    (version "6.10.1")
+    (version "6.10.2")
     (source
       (origin
         (method url-fetch)
@@ -3184,7 +3074,7 @@ This driver is intended for the spice qxl virtio device.")
                ".tar.bz2"))
         (sha256
           (base32
-           "1sp4glyyj23rs77vgffmn0mar5h504a86701nzvi56qwhd4yzgsy"))))
+           "1pkpka5m4cd6iy0f8iqnmg6xci14nb6887ilvxzn3xrsgx8j3nl4"))))
     (build-system gnu-build-system)
     (inputs `(("mesa" ,mesa)
               ("xf86driproto" ,xf86driproto)
@@ -3201,7 +3091,7 @@ This driver is intended for ATI Rage 128 based cards.")
 (define-public xf86-video-savage
   (package
     (name "xf86-video-savage")
-    (version "2.3.8")
+    (version "2.3.9")
     (source
       (origin
         (method url-fetch)
@@ -3211,7 +3101,7 @@ This driver is intended for ATI Rage 128 based cards.")
                ".tar.bz2"))
         (sha256
           (base32
-            "0qzshncynjdmyhavhqw4x5ha3gwbygi0zbsy158fpg1jcnla9kpx"))))
+           "11pcrsdpdrwk0mrgv83s5nsx8a9i4lhmivnal3fjbrvi3zdw94rc"))))
     (build-system gnu-build-system)
     (inputs `(("mesa" ,mesa)
               ("xf86driproto" ,xf86driproto)
@@ -3227,7 +3117,7 @@ This driver is intended for ATI Rage 128 based cards.")
 (define-public xf86-video-siliconmotion
   (package
     (name "xf86-video-siliconmotion")
-    (version "1.7.8")
+    (version "1.7.9")
     (source
       (origin
         (method url-fetch)
@@ -3237,7 +3127,7 @@ This driver is intended for ATI Rage 128 based cards.")
                ".tar.bz2"))
         (sha256
           (base32
-           "1sqv0y31mi4zmh9yaxqpzg7p8y2z01j6qys433hb8n4yznllkm79"))))
+           "1g2r6gxqrmjdff95d42msxdw6vmkg2zn5sqv0rxd420iwy8wdwyh"))))
     (build-system gnu-build-system)
     (inputs `(("xorg-server" ,xorg-server)))
     (native-inputs `(("pkg-config" ,pkg-config)))
@@ -3252,7 +3142,7 @@ Xorg X server.")
 (define-public xf86-video-sis
   (package
     (name "xf86-video-sis")
-    (version "0.10.8")
+    (version "0.10.9")
     (source
       (origin
         (method url-fetch)
@@ -3262,7 +3152,7 @@ Xorg X server.")
                ".tar.bz2"))
         (sha256
           (base32
-           "1znkqwdyd6am23xbsfjzamq125j5rrylg5mzqky4scv9gxbz5wy8"))))
+           "03f1abjjf68y8y1iz768rn95va9d33wmbwfbsqrgl6k0gi0bf9jj"))))
     (build-system gnu-build-system)
     (inputs `(("mesa" ,mesa)
               ("xf86dgaproto" ,xf86dgaproto)
@@ -3329,7 +3219,7 @@ This driver supports SiS chipsets of 300/315/330/340 series.")
 (define-public xf86-video-tdfx
   (package
     (name "xf86-video-tdfx")
-    (version "1.4.6")
+    (version "1.4.7")
     (source
       (origin
         (method url-fetch)
@@ -3339,7 +3229,7 @@ This driver supports SiS chipsets of 300/315/330/340 series.")
                ".tar.bz2"))
         (sha256
           (base32
-           "0dvdrhyn1iv6rr85v1c52s1gl0j1qrxgv7x0r7qn3ba0gj38i2is"))))
+           "0hia45z4jc472fxp00803nznizcn4h1ybp63jcsb4lmd9vhqxx2c"))))
     (build-system gnu-build-system)
     (inputs `(("mesa" ,mesa)
               ("xf86driproto" ,xf86driproto)
@@ -3382,7 +3272,7 @@ X server.")
 (define-public xf86-video-trident
   (package
     (name "xf86-video-trident")
-    (version "1.3.7")
+    (version "1.3.8")
     (source
       (origin
         (method url-fetch)
@@ -3392,7 +3282,7 @@ X server.")
                ".tar.bz2"))
         (sha256
           (base32
-           "1bhkwic2acq9za4yz4bwj338cwv5mdrgr2qmgkhlj3bscbg1imgc"))))
+           "0gxcar434kx813fxdpb93126lhmkl3ikabaljhcj5qn3fkcijlcy"))))
     (build-system gnu-build-system)
     (inputs `(("xf86dgaproto" ,xf86dgaproto)
               ("xorg-server" ,xorg-server)))
@@ -3982,23 +3872,9 @@ protocol.")
                 "1grir464hy52a71r3mpm9mzvkf7nwr3vk0b1vc27pd3gp588a38p"))))
     (build-system gnu-build-system)
     (arguments
-     ;; By default, it tries to install XFontSel file in
-     ;; "/gnu/store/<libxt>/share/X11/app-defaults": it defines this
-     ;; directory from 'libxt' (using 'pkg-config').  To put this file
-     ;; inside output dir and to use it properly, we need to configure
-     ;; --with-appdefaultdir and to wrap 'xfontsel' binary.
-     (let ((app-defaults-dir "/share/X11/app-defaults"))
-       `(#:configure-flags
-         (list (string-append "--with-appdefaultdir="
-                              %output ,app-defaults-dir))
-         #:phases
-         (modify-phases %standard-phases
-           (add-after 'install 'wrap-xfontsel
-             (lambda* (#:key outputs #:allow-other-keys)
-               (let ((out (assoc-ref outputs "out")))
-                 (wrap-program (string-append out "/bin/xfontsel")
-                   `("XAPPLRESDIR" =
-                     (,(string-append out ,app-defaults-dir)))))))))))
+     `(#:configure-flags
+       (list (string-append "--with-appdefaultdir="
+                            %output ,%app-defaults-dir))))
     (inputs
      `(("libx11" ,libx11)
        ("libxaw" ,libxaw)
@@ -4028,19 +3904,9 @@ Font Description (XLFD) full name for a font.")
                 "0n97iqqap9wyxjan2n520vh4rrf5bc0apsw2k9py94dqzci258y1"))))
     (build-system gnu-build-system)
     (arguments
-     ;; The same 'app-defaults' problem as with 'xfontsel' package.
-     (let ((app-defaults-dir "/share/X11/app-defaults"))
        `(#:configure-flags
          (list (string-append "--with-appdefaultdir="
-                              %output ,app-defaults-dir))
-         #:phases
-         (modify-phases %standard-phases
-           (add-after 'install 'wrap-xfd
-             (lambda* (#:key outputs #:allow-other-keys)
-               (let ((out (assoc-ref outputs "out")))
-                 (wrap-program (string-append out "/bin/xfd")
-                   `("XAPPLRESDIR" =
-                     (,(string-append out ,app-defaults-dir)))))))))))
+                              %output ,%app-defaults-dir))))
     (inputs
      `(("fontconfig" ,fontconfig)
        ("libx11" ,libx11)
@@ -5304,7 +5170,8 @@ draggable titlebars and borders.")
                ".tar.bz2"))
         (sha256
           (base32
-            "06lz6i7rbrp19kgikpaz4c97fw7n31k2h2aiikczs482g2zbdvj6"))))
+           "06lz6i7rbrp19kgikpaz4c97fw7n31k2h2aiikczs482g2zbdvj6"))
+        (patches (search-patches "libxt-guix-search-paths.patch"))))
     (build-system gnu-build-system)
     (outputs '("out"
                "doc"))                            ;2 MiB of man pages + XML
@@ -5357,6 +5224,36 @@ draggable titlebars and borders.")
 Intrinsics (Xt) Library.")
     (license license:x11)))
 
+(define-public twm
+  (package
+    (name "twm")
+    (version "1.0.9")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://xorg/individual/app/" name "-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "1s1r00x8add3f27xjqxg6q7mwplwrb72gakbh4y6j052as25wchw"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("libxt" ,libxt)
+       ("libxmu" ,libxmu)
+       ("libxext" ,libxext)
+       ("xproto" ,xproto)))
+    (native-inputs
+     `(("bison" ,bison)
+       ("pkg-config" ,pkg-config)))
+    (home-page "https://www.x.org/wiki/")
+    (synopsis "Tab Window Manager for the X Window System")
+    (description "Twm is a window manager for the X Window System.
+It provides titlebars, shaped windows, several forms of icon management,
+user-defined macro functions, click-to-type and pointer-driven
+keyboard focus, and user-specified key and pointer button bindings.")
+    (license license:x11)))
 
 (define-public xcb-util
   (package
@@ -5616,6 +5513,66 @@ user-friendly mechanism to start the X server.")
 Intrinsics (Xt) Library.")
     (license license:x11)))
 
+(define-public xmag
+  (package
+    (name "xmag")
+    (version "1.0.6")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://xorg/individual/app/" name "-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "19bsg5ykal458d52v0rvdx49v54vwxwqg8q36fdcsv9p2j8yri87"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags
+       (list (string-append "--with-appdefaultdir="
+                            %output ,%app-defaults-dir))))
+    (inputs
+     `(("libxaw" ,libxaw)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (home-page "https://www.x.org/wiki/")
+    (synopsis "Display or capture a magnified part of a X11 screen")
+    (description "Xmag displays and captures a magnified snapshot of a portion
+of an X11 screen.")
+    (license license:x11)))
+
+(define-public xmessage
+  (package
+    (name "xmessage")
+    (version "1.0.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://xorg/individual/app/" name "-"
+             version
+             ".tar.gz"))
+       (sha256
+        (base32
+         "1jmcac1xbwplbxfl75sr6w3zqhx1khpdzlqippjsr31cjp1rjc48"))))
+    (build-system gnu-build-system)
+    (arguments
+     `(#:configure-flags
+       (list (string-append "--with-appdefaultdir="
+                            %output ,%app-defaults-dir))))
+    (inputs
+     `(("libxaw" ,libxaw)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (home-page "https://www.x.org/wiki/")
+    (synopsis "Displays a message or query in a window")
+    (description
+     "Xmessage displays a message or query in a window.   The user can click
+on a button to dismiss it or can select one of several buttons
+to answer a question.  Xmessage can also exit after a specified time.")
+    (license license:x11)))
+
 (define-public xterm
   (package
     (name "xterm")
diff --git a/gnu/services.scm b/gnu/services.scm
index 03112f7515..f72d4d5785 100644
--- a/gnu/services.scm
+++ b/gnu/services.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 Chris Marusich <cmmarusich@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
@@ -38,6 +38,8 @@
   #:use-module (ice-9 match)
   #:export (service-extension
             service-extension?
+            service-extension-target
+            service-extension-compute
 
             service-type
             service-type?
@@ -338,6 +340,11 @@ ACTIVATION-SCRIPT-TYPE."
                       (activate-/bin/sh
                        (string-append #$(canonical-package bash) "/bin/sh"))
 
+                      ;; Make sure the user accounting database exists.  If it
+                      ;; does not exist, 'setutxent' does not create it and
+                      ;; thus there is no accounting at all.
+                      (close-port (open-file "/var/run/utmpx" "a0"))
+
                       ;; Set up /run/current-system.  Among other things this
                       ;; sets up locales, which the activation snippets
                       ;; executed below may expect.
diff --git a/gnu/services/configuration.scm b/gnu/services/configuration.scm
index 94c5f21557..a98db64fa5 100644
--- a/gnu/services/configuration.scm
+++ b/gnu/services/configuration.scm
@@ -28,10 +28,13 @@
   #:use-module (srfi srfi-35)
   #:export (configuration-field
             configuration-field-name
+            configuration-field-type
             configuration-missing-field
             configuration-field-error
             configuration-field-serializer
             configuration-field-getter
+            configuration-field-default-value-thunk
+            configuration-field-documentation
             serialize-configuration
             define-configuration
             validate-configuration
diff --git a/gnu/services/cuirass.scm b/gnu/services/cuirass.scm
index c15a846bad..1194133f63 100644
--- a/gnu/services/cuirass.scm
+++ b/gnu/services/cuirass.scm
@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
 ;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -56,6 +57,8 @@
                     (default 60))
   (database         cuirass-configuration-database ;string (file-name)
                     (default "/var/run/cuirass/cuirass.db"))
+  (port             cuirass-configuration-port ;integer (port)
+                    (default 8080))
   (specifications   cuirass-configuration-specifications)
                                   ;gexp that evaluates to specification-alist
   (use-substitutes? cuirass-configuration-use-substitutes? ;boolean
@@ -74,6 +77,7 @@
          (group            (cuirass-configuration-group config))
          (interval         (cuirass-configuration-interval config))
          (database         (cuirass-configuration-database config))
+         (port             (cuirass-configuration-port config))
          (specs            (cuirass-configuration-specifications config))
          (use-substitutes? (cuirass-configuration-use-substitutes? config))
          (one-shot?        (cuirass-configuration-one-shot? config)))
@@ -87,6 +91,7 @@
                             "--specifications"
                             #$(scheme-file "cuirass-specs.scm" specs)
                             "--database" #$database
+                            "--port" #$(number->string port)
                             "--interval" #$(number->string interval)
                             #$@(if use-substitutes? '("--use-substitutes") '())
                             #$@(if one-shot? '("--one-shot") '()))
diff --git a/gnu/services/databases.scm b/gnu/services/databases.scm
index d88c839f7d..3ecc8aff78 100644
--- a/gnu/services/databases.scm
+++ b/gnu/services/databases.scm
@@ -2,6 +2,7 @@
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
 ;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
+;;; Copyright © 2017 Christopher Baines <mail@cbaines.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -35,7 +36,11 @@
             mysql-service
             mysql-service-type
             mysql-configuration
-            mysql-configuration?))
+            mysql-configuration?
+
+            redis-configuration
+            redis-configuration?
+            redis-service-type))
 
 ;;; Commentary:
 ;;;
@@ -287,3 +292,77 @@ database server.
 The optional @var{config} argument specifies the configuration for
 @command{mysqld}, which should be a @code{<mysql-configuration>} object."
   (service mysql-service-type config))
+
+
+;;;
+;;; Redis
+;;;
+
+(define-record-type* <redis-configuration>
+  redis-configuration make-redis-configuration
+  redis-configuration?
+  (redis             redis-configuration-redis ;<package>
+                     (default redis))
+  (bind              redis-configuration-bind
+                     (default "127.0.0.1"))
+  (port              redis-configuration-port
+                     (default 6379))
+  (working-directory redis-configuration-working-directory
+                     (default "/var/lib/redis"))
+  (config-file       redis-configuration-config-file
+                     (default #f)))
+
+(define (default-redis.conf bind port working-directory)
+  (mixed-text-file "redis.conf"
+                   "bind " bind "\n"
+                   "port " (number->string port) "\n"
+                   "dir " working-directory "\n"
+                   "daemonize no\n"))
+
+(define %redis-accounts
+  (list (user-group (name "redis") (system? #t))
+        (user-account
+         (name "redis")
+         (group "redis")
+         (system? #t)
+         (comment "Redis server user")
+         (home-directory "/var/empty")
+         (shell (file-append shadow "/sbin/nologin")))))
+
+(define redis-activation
+  (match-lambda
+    (($ <redis-configuration> redis bind port working-directory config-file)
+     #~(begin
+         (use-modules (guix build utils)
+                      (ice-9 match))
+
+         (let ((user (getpwnam "redis")))
+           (mkdir-p #$working-directory)
+           (chown #$working-directory (passwd:uid user) (passwd:gid user)))))))
+
+(define redis-shepherd-service
+  (match-lambda
+    (($ <redis-configuration> redis bind port working-directory config-file)
+     (let ((config-file
+            (or config-file
+                (default-redis.conf bind port working-directory))))
+       (list (shepherd-service
+              (provision '(redis))
+              (documentation "Run the Redis daemon.")
+              (requirement '(user-processes syslogd))
+              (start #~(make-forkexec-constructor
+                        '(#$(file-append redis "/bin/redis-server")
+                          #$config-file)
+                        #:user "redis"
+                        #:group "redis"))
+              (stop #~(make-kill-destructor))))))))
+
+(define redis-service-type
+  (service-type (name 'redis)
+                (extensions
+                 (list (service-extension shepherd-root-service-type
+                                          redis-shepherd-service)
+                       (service-extension activation-service-type
+                                          redis-activation)
+                       (service-extension account-service-type
+                                          (const %redis-accounts))))))
diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm
new file mode 100644
index 0000000000..aa398970b6
--- /dev/null
+++ b/gnu/services/messaging.scm
@@ -0,0 +1,727 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services messaging)
+  #:use-module (gnu packages messaging)
+  #:use-module (gnu packages admin)
+  #:use-module (gnu services)
+  #:use-module (gnu services shepherd)
+  #:use-module (gnu services configuration)
+  #:use-module (gnu system shadow)
+  #:use-module (guix gexp)
+  #:use-module (guix records)
+  #:use-module (guix packages)
+  #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-35)
+  #:use-module (ice-9 match)
+  #:export (prosody-service-type
+            prosody-configuration
+            opaque-prosody-configuration
+
+            virtualhost-configuration
+            int-component-configuration
+            ext-component-configuration
+
+            mod-muc-configuration
+            ssl-configuration
+
+            %default-modules-enabled))
+
+;;; Commentary:
+;;;
+;;; Messaging services.
+;;;
+;;; Code:
+
+(define (id ctx . parts)
+  (datum->syntax ctx (apply symbol-append (map syntax->datum parts))))
+
+(define-syntax define-maybe
+  (lambda (x)
+    (syntax-case x ()
+      ((_ stem)
+       (with-syntax
+           ((stem?                (id #'stem #'stem #'?))
+            (maybe-stem?          (id #'stem #'maybe- #'stem #'?))
+            (serialize-stem       (id #'stem #'serialize- #'stem))
+            (serialize-maybe-stem (id #'stem #'serialize-maybe- #'stem)))
+         #'(begin
+             (define (maybe-stem? val)
+               (or (eq? val 'disabled) (stem? val)))
+             (define (serialize-maybe-stem field-name val)
+               (when (stem? val) (serialize-stem field-name val)))))))))
+
+(define-syntax define-all-configurations
+  (lambda (stx)
+    (define (make-pred arg)
+      (lambda (field target)
+        (and (memq (syntax->datum target) `(common ,arg)) field)))
+    (syntax-case stx ()
+      ((_ stem (field (field-type def) doc target) ...)
+       (with-syntax (((new-field-type ...)
+                      (map (lambda (field-type target)
+                             (if (and (eq? 'common (syntax->datum target))
+                                      (not (string-prefix?
+                                            "maybe-"
+                                            (symbol->string
+                                             (syntax->datum field-type)))))
+                                 (id #'stem #'maybe- field-type) field-type))
+                           #'(field-type ...) #'(target ...)))
+                     ((new-def ...)
+                      (map (lambda (def target)
+                             (if (eq? 'common (syntax->datum target))
+                                 #''disabled def))
+                           #'(def ...) #'(target ...)))
+                     ((new-doc ...)
+                      (map (lambda (doc target)
+                             (if (eq? 'common (syntax->datum target))
+                                 "" doc))
+                           #'(doc ...) #'(target ...))))
+         #`(begin
+             (define common-fields
+               '(#,@(filter-map (make-pred #f) #'(field ...) #'(target ...))))
+             (define-configuration prosody-configuration
+               #,@(filter-map (make-pred 'global)
+                              #'((field (field-type def) doc) ...)
+                              #'(target ...)))
+             (define-configuration virtualhost-configuration
+               #,@(filter-map (make-pred 'virtualhost)
+                              #'((field (new-field-type new-def) new-doc) ...)
+                              #'(target ...)))
+             (define-configuration int-component-configuration
+               #,@(filter-map (make-pred 'int-component)
+                              #'((field (new-field-type new-def) new-doc) ...)
+                              #'(target ...)))
+             (define-configuration ext-component-configuration
+               #,@(filter-map (make-pred 'ext-component)
+                              #'((field (new-field-type new-def) new-doc) ...)
+                              #'(target ...)))))))))
+
+(define (uglify-field-name field-name)
+  (let ((str (symbol->string field-name)))
+    (string-join (string-split (if (string-suffix? "?" str)
+                                   (substring str 0 (1- (string-length str)))
+                                   str)
+                               #\-)
+                 "_")))
+
+(define (serialize-field field-name val)
+  (format #t "~a = ~a;\n" (uglify-field-name field-name) val))
+(define (serialize-field-list field-name val)
+  (serialize-field field-name
+                   (with-output-to-string
+                     (lambda ()
+                       (format #t "{\n")
+                       (for-each (lambda (x)
+                                   (format #t "~a;\n" x))
+                                 val)
+                       (format #t "}")))))
+
+(define (serialize-boolean field-name val)
+  (serialize-field field-name (if val "true" "false")))
+(define-maybe boolean)
+
+(define (string-or-boolean? val)
+  (or (string? val) (boolean? val)))
+(define (serialize-string-or-boolean field-name val)
+  (if (string? val)
+      (serialize-string field-name val)
+      (serialize-boolean field-name val)))
+
+(define (non-negative-integer? val)
+  (and (exact-integer? val) (not (negative? val))))
+(define (serialize-non-negative-integer field-name val)
+  (serialize-field field-name val))
+(define-maybe non-negative-integer)
+
+(define (non-negative-integer-list? val)
+  (and (list? val) (and-map non-negative-integer? val)))
+(define (serialize-non-negative-integer-list field-name val)
+  (serialize-field-list field-name val))
+(define-maybe non-negative-integer-list)
+
+(define (enclose-quotes s)
+  (format #f "\"~a\"" s))
+(define (serialize-string field-name val)
+  (serialize-field field-name (enclose-quotes val)))
+(define-maybe string)
+
+(define (string-list? val)
+  (and (list? val)
+       (and-map (lambda (x)
+                  (and (string? x) (not (string-index x #\,))))
+                val)))
+(define (serialize-string-list field-name val)
+  (serialize-field-list field-name (map enclose-quotes val)))
+(define-maybe string-list)
+
+(define (module-list? val)
+  (string-list? val))
+(define (serialize-module-list field-name val)
+  (serialize-string-list field-name (cons "posix" val)))
+(define-maybe module-list)
+
+(define (file-name? val)
+  (and (string? val)
+       (string-prefix? "/" val)))
+(define (serialize-file-name field-name val)
+  (serialize-string field-name val))
+(define-maybe file-name)
+
+(define (file-name-list? val)
+  (and (list? val) (and-map file-name? val)))
+(define (serialize-file-name-list field-name val)
+  (serialize-string-list field-name val))
+(define-maybe file-name)
+
+(define-configuration mod-muc-configuration
+  (name
+   (string "Prosody Chatrooms")
+   "The name to return in service discovery responses.")
+
+  (restrict-room-creation
+   (string-or-boolean #f)
+   "If @samp{#t}, this will only allow admins to create new chatrooms.
+Otherwise anyone can create a room.  The value @samp{\"local\"} restricts room
+creation to users on the service's parent domain.  E.g. @samp{user@@example.com}
+can create rooms on @samp{rooms.example.com}.  The value @samp{\"admin\"}
+restricts to service administrators only.")
+
+  (max-history-messages
+   (non-negative-integer 20)
+   "Maximum number of history messages that will be sent to the member that has
+just joined the room."))
+(define (serialize-mod-muc-configuration field-name val)
+  (serialize-configuration val mod-muc-configuration-fields))
+(define-maybe mod-muc-configuration)
+
+(define-configuration ssl-configuration
+  (protocol
+   (maybe-string 'disabled)
+   "This determines what handshake to use.")
+
+  (key
+   (file-name "/etc/prosody/certs/key.pem")
+   "Path to your private key file, relative to @code{/etc/prosody}.")
+
+  (certificate
+   (file-name "/etc/prosody/certs/cert.pem")
+   "Path to your certificate file, relative to @code{/etc/prosody}.")
+
+  (capath
+   (file-name "/etc/ssl/certs")
+   "Path to directory containing root certificates that you wish Prosody to
+trust when verifying the certificates of remote servers.")
+
+  (cafile
+   (maybe-file-name 'disabled)
+   "Path to a file containing root certificates that you wish Prosody to trust.
+Similar to @code{capath} but with all certificates concatenated together.")
+
+  (verify
+   (maybe-string-list 'disabled)
+   "A list of verification options (these mostly map to OpenSSL's
+@code{set_verify()} flags).")
+
+  (options
+   (maybe-string-list 'disabled)
+   "A list of general options relating to SSL/TLS.  These map to OpenSSL's
+@code{set_options()}.  For a full list of options available in LuaSec, see the
+LuaSec source.")
+
+  (depth
+   (maybe-non-negative-integer 'disabled)
+   "How long a chain of certificate authorities to check when looking for a
+trusted root certificate.")
+
+  (ciphers
+   (maybe-string 'disabled)
+   "An OpenSSL cipher string.  This selects what ciphers Prosody will offer to
+clients, and in what order.")
+
+  (dhparam
+   (maybe-file-name 'disabled)
+   "A path to a file containing parameters for Diffie-Hellman key exchange.  You
+can create such a file with:
+@code{openssl dhparam -out /etc/prosody/certs/dh-2048.pem 2048}")
+
+  (curve
+   (maybe-string 'disabled)
+   "Curve for Elliptic curve Diffie-Hellman. Prosody's default is
+@samp{\"secp384r1\"}.")
+
+  (verifyext
+   (maybe-string-list 'disabled)
+   "A list of \"extra\" verification options.")
+
+  (password
+   (maybe-string 'disabled)
+   "Password for encrypted private keys."))
+(define (serialize-ssl-configuration field-name val)
+  (format #t "ssl = {\n")
+  (serialize-configuration val ssl-configuration-fields)
+  (format #t "};\n"))
+(define-maybe ssl-configuration)
+
+(define %default-modules-enabled
+  '("roster"
+    "saslauth"
+    "tls"
+    "dialback"
+    "disco"
+    "private"
+    "vcard"
+    "version"
+    "uptime"
+    "time"
+    "ping"
+    "pep"
+    "register"
+    "admin_adhoc"))
+
+;; Guile bug.  Use begin wrapper, because otherwise virtualhost-configuration
+;; is assumed to be a function.  See
+;; https://www.gnu.org/software/guile/manual/html_node/R6RS-Incompatibilities.html
+(begin
+  (define (virtualhost-configuration-list? val)
+    (and (list? val) (and-map virtualhost-configuration? val)))
+  (define (serialize-virtualhost-configuration-list l)
+    (for-each
+     (lambda (val) (serialize-virtualhost-configuration val)) l))
+
+  (define (int-component-configuration-list? val)
+    (and (list? val) (and-map int-component-configuration? val)))
+  (define (serialize-int-component-configuration-list l)
+    (for-each
+     (lambda (val) (serialize-int-component-configuration val)) l))
+
+  (define (ext-component-configuration-list? val)
+    (and (list? val) (and-map ext-component-configuration? val)))
+  (define (serialize-ext-component-configuration-list l)
+    (for-each
+     (lambda (val) (serialize-ext-component-configuration val)) l))
+
+  (define-all-configurations prosody-configuration
+    (prosody
+     (package prosody)
+     "The Prosody package."
+     global)
+
+    (data-path
+     (file-name "/var/lib/prosody")
+     "Location of the Prosody data storage directory.  See
+@url{http://prosody.im/doc/configure}."
+     global)
+
+    (plugin-paths
+     (file-name-list '())
+     "Additional plugin directories.  They are searched in all the specified
+paths in order.  See @url{http://prosody.im/doc/plugins_directory}."
+     global)
+
+    (admins
+     (string-list '())
+     "This is a list of accounts that are admins for the server.  Note that you
+must create the accounts separately.  See @url{http://prosody.im/doc/admins} and
+@url{http://prosody.im/doc/creating_accounts}.
+Example: @code{(admins '(\"user1@@example.com\" \"user2@@example.net\"))}"
+     common)
+
+    (use-libevent?
+     (boolean #f)
+     "Enable use of libevent for better performance under high load.  See
+@url{http://prosody.im/doc/libevent}."
+     common)
+
+    (modules-enabled
+     (module-list %default-modules-enabled)
+     "This is the list of modules Prosody will load on startup.  It looks for
+@code{mod_modulename.lua} in the plugins folder, so make sure that exists too.
+Documentation on modules can be found at: @url{http://prosody.im/doc/modules}.
+Defaults to @samp{%default-modules-enabled}."
+     common)
+
+    (modules-disabled
+     (string-list '())
+     "@samp{\"offline\"}, @samp{\"c2s\"} and @samp{\"s2s\"} are auto-loaded, but
+should you want to disable them then add them to this list."
+     common)
+
+    (groups-file
+     (file-name "/var/lib/prosody/sharedgroups.txt")
+     "Path to a text file where the shared groups are defined.  If this path is
+empty then @samp{mod_groups} does nothing.  See
+@url{http://prosody.im/doc/modules/mod_groups}."
+     common)
+
+    (allow-registration?
+     (boolean #f)
+     "Disable account creation by default, for security.  See
+@url{http://prosody.im/doc/creating_accounts}."
+     common)
+
+    (ssl
+     (maybe-ssl-configuration (ssl-configuration))
+     "These are the SSL/TLS-related settings.  Most of them are disabled so to
+use Prosody's defaults.  If you do not completely understand these options, do
+not add them to your config, it is easy to lower the security of your server
+using them.  See @url{http://prosody.im/doc/advanced_ssl_config}."
+     common)
+
+    (c2s-require-encryption?
+     (boolean #f)
+     "Whether to force all client-to-server connections to be encrypted or not.
+See @url{http://prosody.im/doc/modules/mod_tls}."
+     common)
+
+    (s2s-require-encryption?
+     (boolean #f)
+     "Whether to force all server-to-server connections to be encrypted or not.
+See @url{http://prosody.im/doc/modules/mod_tls}."
+     common)
+
+    (s2s-secure-auth?
+     (boolean #f)
+     "Whether to require encryption and certificate authentication.  This
+provides ideal security, but requires servers you communicate with to support
+encryption AND present valid, trusted certificates.  See
+@url{http://prosody.im/doc/s2s#security}."
+     common)
+
+    (s2s-insecure-domains
+     (string-list '())
+     "Many servers don't support encryption or have invalid or self-signed
+certificates.  You can list domains here that will not be required to
+authenticate using certificates.  They will be authenticated using DNS.  See
+@url{http://prosody.im/doc/s2s#security}."
+     common)
+
+    (s2s-secure-domains
+     (string-list '())
+     "Even if you leave @code{s2s-secure-auth?} disabled, you can still require
+valid certificates for some domains by specifying a list here.  See
+@url{http://prosody.im/doc/s2s#security}."
+     common)
+
+    (authentication
+     (string "internal_plain")
+     "Select the authentication backend to use.  The default provider stores
+passwords in plaintext and uses Prosody's configured data storage to store the
+authentication data.  If you do not trust your server please see
+@url{http://prosody.im/doc/modules/mod_auth_internal_hashed} for information
+about using the hashed backend.  See also
+@url{http://prosody.im/doc/authentication}"
+     common)
+
+    ;; TODO: Handle more complicated log structures.
+    (log
+     (maybe-string "*syslog")
+     "Set logging options.  Advanced logging configuration is not yet supported
+by the GuixSD Prosody Service.  See @url{http://prosody.im/doc/logging}."
+     common)
+
+    (pidfile
+     (file-name "/var/run/prosody/prosody.pid")
+     "File to write pid in.  See @url{http://prosody.im/doc/modules/mod_posix}."
+     global)
+
+    (virtualhosts
+     (virtualhost-configuration-list
+      (list (virtualhost-configuration
+             (domain "localhost"))))
+     "A host in Prosody is a domain on which user accounts can be created.  For
+example if you want your users to have addresses like
+@samp{\"john.smith@@example.com\"} then you need to add a host
+@samp{\"example.com\"}.  All options in this list will apply only to this host.
+
+Note: the name \"virtual\" host is used in configuration to avoid confusion with
+the actual physical host that Prosody is installed on.  A single Prosody
+instance can serve many domains, each one defined as a VirtualHost entry in
+Prosody's configuration.  Conversely a server that hosts a single domain would
+have just one VirtualHost entry.
+
+See @url{http://prosody.im/doc/configure#virtual_host_settings}."
+     global)
+
+    (int-components
+     (int-component-configuration-list '())
+     "Components are extra services on a server which are available to clients,
+usually on a subdomain of the main server (such as
+@samp{\"mycomponent.example.com\"}).  Example components might be chatroom
+servers, user directories, or gateways to other protocols.
+
+Internal components are implemented with Prosody-specific plugins.  To add an
+internal component, you simply fill the hostname field, and the plugin you wish
+to use for the component.
+
+See @url{http://prosody.im/doc/components}."
+     global)
+
+    (ext-components
+     (ext-component-configuration-list '())
+     "External components use XEP-0114, which most standalone components
+support.  To add an external component, you simply fill the hostname field.  See
+@url{http://prosody.im/doc/components}."
+     global)
+
+    (component-secret
+     (string (configuration-missing-field 'ext-component 'component-secret))
+     "Password which the component will use to log in."
+     ext-component)
+
+    (component-ports
+     (non-negative-integer-list '(5347))
+     "Port(s) Prosody listens on for component connections."
+     global)
+
+    (component-interface
+     (string "127.0.0.1")
+     "Interface Prosody listens on for component connections."
+     global)
+
+    (domain
+     (string (configuration-missing-field 'virtualhost 'domain))
+     "Domain you wish Prosody to serve."
+     virtualhost)
+
+    (hostname
+     (string (configuration-missing-field 'int-component 'hostname))
+     "Hostname of the component."
+     int-component)
+
+    (plugin
+     (string (configuration-missing-field 'int-component 'plugin))
+     "Plugin you wish to use for the component."
+     int-component)
+
+    (mod-muc
+     (maybe-mod-muc-configuration 'disabled)
+     "Multi-user chat (MUC) is Prosody's module for allowing you to create
+hosted chatrooms/conferences for XMPP users.
+
+General information on setting up and using multi-user chatrooms can be found
+in the \"Chatrooms\" documentation (@url{http://prosody.im/doc/chatrooms}),
+which you should read if you are new to XMPP chatrooms.
+
+See also @url{http://prosody.im/doc/modules/mod_muc}."
+     int-component)
+
+    (hostname
+     (string (configuration-missing-field 'ext-component 'hostname))
+     "Hostname of the component."
+     ext-component)))
+
+;; Serialize Virtualhost line first.
+(define (serialize-virtualhost-configuration config)
+  (define (rest? field)
+    (not (memq (configuration-field-name field)
+               '(domain))))
+  (let ((domain (virtualhost-configuration-domain config))
+        (rest (filter rest? virtualhost-configuration-fields)))
+    (format #t "VirtualHost \"~a\"\n" domain)
+    (serialize-configuration config rest)))
+
+;; Serialize Component line first.
+(define (serialize-int-component-configuration config)
+  (define (rest? field)
+    (not (memq (configuration-field-name field)
+               '(hostname plugin))))
+  (let ((hostname (int-component-configuration-hostname config))
+        (plugin (int-component-configuration-plugin config))
+        (rest (filter rest? int-component-configuration-fields)))
+    (format #t "Component \"~a\" \"~a\"\n" hostname plugin)
+    (serialize-configuration config rest)))
+
+;; Serialize Component line first.
+(define (serialize-ext-component-configuration config)
+  (define (rest? field)
+    (not (memq (configuration-field-name field)
+               '(hostname))))
+  (let ((hostname (ext-component-configuration-hostname config))
+        (rest (filter rest? ext-component-configuration-fields)))
+    (format #t "Component \"~a\"\n" hostname)
+    (serialize-configuration config rest)))
+
+;; Serialize virtualhosts and components last.
+(define (serialize-prosody-configuration config)
+  (define (rest? field)
+    (not (memq (configuration-field-name field)
+               '(virtualhosts int-components ext-components))))
+  (let ((rest (filter rest? prosody-configuration-fields)))
+    (serialize-configuration config rest))
+  (serialize-virtualhost-configuration-list
+   (prosody-configuration-virtualhosts config))
+  (serialize-int-component-configuration-list
+   (prosody-configuration-int-components config))
+  (serialize-ext-component-configuration-list
+   (prosody-configuration-ext-components config)))
+
+(define-configuration opaque-prosody-configuration
+  (prosody
+   (package prosody)
+   "The prosody package.")
+
+  (prosody.cfg.lua
+   (string (configuration-missing-field 'opaque-prosody-configuration
+                                        'prosody.cfg.lua))
+   "The contents of the @code{prosody.cfg.lua} to use."))
+
+(define (prosody-shepherd-service config)
+  "Return a <shepherd-service> for Prosody with CONFIG."
+  (let* ((prosody (if (opaque-prosody-configuration? config)
+                      (opaque-prosody-configuration-prosody config)
+                      (prosody-configuration-prosody config)))
+         (prosodyctl-bin (file-append prosody "/bin/prosodyctl"))
+         (prosodyctl-action (lambda args
+                              #~(lambda _
+                                  (zero? (system* #$prosodyctl-bin #$@args))))))
+    (list (shepherd-service
+           (documentation "Run the Prosody XMPP server")
+           (provision '(prosody))
+           (requirement '(networking syslogd user-processes))
+           (start (prosodyctl-action "start"))
+           (stop (prosodyctl-action "stop"))))))
+
+(define %prosody-accounts
+  (list (user-group (name "prosody") (system? #t))
+        (user-account
+         (name "prosody")
+         (group "prosody")
+         (system? #t)
+         (comment "Prosody daemon user")
+         (home-directory "/var/empty")
+         (shell (file-append shadow "/sbin/nologin")))))
+
+(define (prosody-activation config)
+  "Return the activation gexp for CONFIG."
+  (let* ((config-dir "/etc/prosody")
+         (default-certs-dir "/etc/prosody/certs")
+         (data-path (prosody-configuration-data-path config))
+         (pidfile-dir (dirname (prosody-configuration-pidfile config)))
+         (config-str
+          (if (opaque-prosody-configuration? config)
+              (opaque-prosody-configuration-prosody.cfg.lua config)
+              (with-output-to-string
+                (lambda ()
+                  (serialize-prosody-configuration config)))))
+         (config-file (plain-file "prosody.cfg.lua" config-str)))
+    #~(begin
+        (use-modules (guix build utils))
+        (define %user (getpw "prosody"))
+
+        (mkdir-p #$config-dir)
+        (chown #$config-dir (passwd:uid %user) (passwd:gid %user))
+        (copy-file #$config-file (string-append #$config-dir
+                                                "/prosody.cfg.lua"))
+
+        (mkdir-p #$default-certs-dir)
+        (chown #$default-certs-dir (passwd:uid %user) (passwd:gid %user))
+        (chmod #$default-certs-dir #o750)
+
+        (mkdir-p #$data-path)
+        (chown #$data-path (passwd:uid %user) (passwd:gid %user))
+        (chmod #$data-path #o750)
+
+        (mkdir-p #$pidfile-dir)
+        (chown #$pidfile-dir (passwd:uid %user) (passwd:gid %user)))))
+
+(define prosody-service-type
+  (service-type (name 'prosody)
+                (extensions
+                 (list (service-extension shepherd-root-service-type
+                                          prosody-shepherd-service)
+                       (service-extension account-service-type
+                                          (const %prosody-accounts))
+                       (service-extension activation-service-type
+                                          prosody-activation)))))
+
+;; A little helper to make it easier to document all those fields.
+(define (generate-documentation)
+  (define documentation
+    `((prosody-configuration
+       ,prosody-configuration-fields
+       (ssl ssl-configuration)
+       (virtualhosts virtualhost-configuration)
+       (int-components int-component-configuration)
+       (ext-components ext-component-configuration))
+      (ssl-configuration ,ssl-configuration-fields)
+      (int-component-configuration ,int-component-configuration-fields
+                                   (mod-muc mod-muc-configuration))
+      (ext-component-configuration ,ext-component-configuration-fields)
+      (mod-muc-configuration ,mod-muc-configuration-fields)
+      (virtualhost-configuration ,virtualhost-configuration-fields)
+      (opaque-prosody-configuration ,opaque-prosody-configuration-fields)))
+  (define (generate configuration-name)
+    (match (assq-ref documentation configuration-name)
+      ((fields . sub-documentation)
+       (format #t "\nAvailable @code{~a} fields are:\n\n" configuration-name)
+       (when (memq configuration-name
+                   '(virtualhost-configuration
+                     int-component-configuration
+                     ext-component-configuration))
+         (format #t "all these @code{prosody-configuration} fields: ~a, plus:\n"
+                 (string-join (map (lambda (s)
+                                     (format #f "@code{~a}" s)) common-fields)
+                              ", ")))
+       (for-each
+        (lambda (f)
+          (let ((field-name (configuration-field-name f))
+                (field-type (configuration-field-type f))
+                (field-docs (string-trim-both
+                             (configuration-field-documentation f)))
+                (default (catch #t
+                           (configuration-field-default-value-thunk f)
+                           (lambda _ 'nope))))
+            (define (escape-chars str chars escape)
+              (with-output-to-string
+                (lambda ()
+                  (string-for-each (lambda (c)
+                                     (when (char-set-contains? chars c)
+                                       (display escape))
+                                     (display c))
+                                   str))))
+            (define (show-default? val)
+              (or (string? default) (number? default) (boolean? default)
+                  (and (list? val) (and-map show-default? val))))
+            (format #t "@deftypevr {@code{~a} parameter} ~a ~a\n~a\n"
+                    configuration-name field-type field-name field-docs)
+            (when (show-default? default)
+              (format #t "Defaults to @samp{~a}.\n"
+                      (escape-chars (format #f "~s" default)
+                                    (char-set #\@ #\{ #\})
+                                    #\@)))
+            (for-each generate (or (assq-ref sub-documentation field-name) '()))
+            (format #t "@end deftypevr\n\n")))
+        (filter (lambda (f)
+                  (not (string=? "" (configuration-field-documentation f))))
+                fields)))))
+  (generate 'prosody-configuration)
+  (format #t "It could be that you just want to get a @code{prosody.cfg.lua}
+up and running.  In that case, you can pass an
+@code{opaque-prosody-configuration} record as the value of
+@code{prosody-service-type}.  As its name indicates, an opaque configuration
+does not have easy reflective capabilities.")
+  (generate 'opaque-prosody-configuration)
+  (format #t "For example, if your @code{prosody.cfg.lua} is just the empty
+string, you could instantiate a prosody service like this:
+
+@example
+(service prosody-service-type
+         (opaque-prosody-configuration
+          (prosody.cfg.lua \"\")))
+@end example"))
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm
index d672ecf687..8f136f0dc1 100644
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
@@ -64,7 +64,12 @@
 
             wicd-service-type
             wicd-service
-            network-manager-service
+
+            network-manager-configuration
+            network-manager-configuration?
+            network-manager-configuration-dns
+            network-manager-service-type
+
             connman-service
             wpa-supplicant-service-type))
 
@@ -633,7 +638,12 @@ configuration file."
       (let ((file-name "/etc/wicd/dhclient.conf.template.default"))
         (unless (file-exists? file-name)
           (copy-file (string-append #$wicd file-name)
-                     file-name)))))
+                     file-name)))
+
+      ;; Wicd invokes 'wpa_supplicant', which needs this directory for its
+      ;; named socket files.
+      (mkdir-p "/var/run/wpa_supplicant")
+      (chmod "/var/run/wpa_supplicant" #o750)))
 
 (define (wicd-shepherd-service wicd)
   "Return a shepherd service for WICD."
@@ -674,40 +684,58 @@ and @command{wicd-curses} user interfaces."
 ;;; NetworkManager
 ;;;
 
+(define-record-type* <network-manager-configuration>
+  network-manager-configuration make-network-manager-configuration
+  network-manager-configuration?
+  (network-manager network-manager-configuration-network-manager
+                   (default network-manager))
+  (dns network-manager-configuration-dns
+       (default "default")))
+
 (define %network-manager-activation
   ;; Activation gexp for NetworkManager.
   #~(begin
       (use-modules (guix build utils))
       (mkdir-p "/etc/NetworkManager/system-connections")))
 
-(define (network-manager-shepherd-service network-manager)
-  "Return a shepherd service for NETWORK-MANAGER."
-  (list (shepherd-service
-         (documentation "Run the NetworkManager.")
-         (provision '(networking))
-         (requirement '(user-processes dbus-system wpa-supplicant loopback))
-         (start #~(make-forkexec-constructor
-                   (list (string-append #$network-manager
-                                        "/sbin/NetworkManager")
-                         "--no-daemon")))
-         (stop #~(make-kill-destructor)))))
+(define network-manager-shepherd-service
+  (match-lambda
+    (($ <network-manager-configuration> network-manager dns)
+     (let
+         ((conf (plain-file "NetworkManager.conf"
+                            (string-append "
+[main]
+dns=" dns "
+"))))
+     (list (shepherd-service
+            (documentation "Run the NetworkManager.")
+            (provision '(networking))
+            (requirement '(user-processes dbus-system wpa-supplicant loopback))
+            (start #~(make-forkexec-constructor
+                      (list (string-append #$network-manager
+                                           "/sbin/NetworkManager")
+                            (string-append "--config=" #$conf)
+                            "--no-daemon")))
+            (stop #~(make-kill-destructor))))))))
 
 (define network-manager-service-type
-  (service-type (name 'network-manager)
-                (extensions
-                 (list (service-extension shepherd-root-service-type
-                                          network-manager-shepherd-service)
-                       (service-extension dbus-root-service-type list)
-                       (service-extension polkit-service-type list)
-                       (service-extension activation-service-type
-                                          (const %network-manager-activation))
-                       ;; Add network-manager to the system profile.
-                       (service-extension profile-service-type list)))))
-
-(define* (network-manager-service #:key (network-manager network-manager))
-  "Return a service that runs NetworkManager, a network connection manager
-that attempting to keep active network connectivity when available."
-  (service network-manager-service-type network-manager))
+  (let
+      ((config->package
+        (match-lambda
+         (($ <network-manager-configuration> network-manager)
+          (list network-manager)))))
+
+    (service-type
+     (name 'network-manager)
+     (extensions
+      (list (service-extension shepherd-root-service-type
+                               network-manager-shepherd-service)
+            (service-extension dbus-root-service-type config->package)
+            (service-extension polkit-service-type config->package)
+            (service-extension activation-service-type
+                               (const %network-manager-activation))
+            ;; Add network-manager to the system profile.
+            (service-extension profile-service-type config->package))))))
 
 
 ;;;
diff --git a/gnu/services/vpn.scm b/gnu/services/vpn.scm
new file mode 100644
index 0000000000..f577e0851e
--- /dev/null
+++ b/gnu/services/vpn.scm
@@ -0,0 +1,491 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services vpn)
+  #:use-module (gnu services)
+  #:use-module (gnu services configuration)
+  #:use-module (gnu services shepherd)
+  #:use-module (gnu system shadow)
+  #:use-module (gnu packages admin)
+  #:use-module (gnu packages vpn)
+  #:use-module (guix packages)
+  #:use-module (guix records)
+  #:use-module (guix gexp)
+  #:use-module (srfi srfi-1)
+  #:use-module (ice-9 match)
+  #:use-module (ice-9 regex)
+  #:export (openvpn-client-service
+            openvpn-server-service
+            openvpn-client-service-type
+            openvpn-server-service-type
+            openvpn-client-configuration
+            openvpn-server-configuration
+            openvpn-remote-configuration
+            openvpn-ccd-configuration
+            generate-openvpn-client-documentation
+            generate-openvpn-server-documentation))
+
+;;;
+;;; OpenVPN.
+;;;
+
+(define (uglify-field-name name)
+  (match name
+    ('verbosity "verb")
+    (_ (let ((str (symbol->string name)))
+         (if (string-suffix? "?" str)
+             (substring str 0 (1- (string-length str)))
+             str)))))
+
+(define (serialize-field field-name val)
+  (if (eq? field-name 'pid-file)
+      (format #t "")
+      (format #t "~a ~a\n" (uglify-field-name field-name) val)))
+(define serialize-string serialize-field)
+(define (serialize-boolean field-name val)
+  (if val
+      (serialize-field field-name val)
+      (format #t "")))
+
+(define (ip-mask? val)
+  (and (string? val)
+       (if (string-match "^([0-9]+\\.){3}[0-9]+ ([0-9]+\\.){3}[0-9]+$" val)
+           (let ((numbers (string-tokenize val char-set:digit)))
+             (all-lte numbers (list 255 255 255 255 255 255 255 255)))
+           #f)))
+(define serialize-ip-mask serialize-string)
+
+(define-syntax define-enumerated-field-type
+  (lambda (x)
+    (define (id-append ctx . parts)
+      (datum->syntax ctx (apply symbol-append (map syntax->datum parts))))
+    (syntax-case x ()
+      ((_ name (option ...))
+       #`(begin
+           (define (#,(id-append #'name #'name #'?) x)
+             (memq x '(option ...)))
+           (define (#,(id-append #'name #'serialize- #'name) field-name val)
+             (serialize-field field-name val)))))))
+
+(define-enumerated-field-type proto
+  (udp tcp udp6 tcp6))
+(define-enumerated-field-type dev
+  (tun tap))
+
+(define key-usage? boolean?)
+(define (serialize-key-usage field-name value)
+  (if value
+      (format #t "remote-cert-tls server\n")
+      #f))
+
+(define bind? boolean?)
+(define (serialize-bind field-name value)
+  (if value
+      #f
+      (format #t "nobind\n")))
+
+(define resolv-retry? boolean?)
+(define (serialize-resolv-retry field-name value)
+  (if value
+      (format #t "resolv-retry infinite\n")
+      #f))
+
+(define (serialize-tls-auth role location)
+  (serialize-field 'tls-auth
+                   (string-append location " " (match role
+                                                 ('server "0")
+                                                 ('client "1")))))
+(define (tls-auth? val)
+  (or (eq? val #f)
+      (string? val)))
+(define (serialize-tls-auth-server field-name val)
+  (serialize-tls-auth 'server val))
+(define (serialize-tls-auth-client field-name val)
+  (serialize-tls-auth 'client val))
+(define tls-auth-server? tls-auth?)
+(define tls-auth-client? tls-auth?)
+
+(define (serialize-number field-name val)
+  (serialize-field field-name (number->string val)))
+
+(define (all-lte left right)
+  (if (eq? left '())
+      (eq? right '())
+      (and (<= (string->number (car left)) (car right))
+           (all-lte (cdr left) (cdr right)))))
+
+(define (cidr4? val)
+  (if (string? val)
+      (if (string-match "^([0-9]+\\.){3}[0-9]+/[0-9]+$" val)
+          (let ((numbers (string-tokenize val char-set:digit)))
+            (all-lte numbers (list 255 255 255 255 32)))
+          #f)
+      (eq? val #f)))
+
+(define (cidr6? val)
+  (if (string? val)
+      (string-match "^([0-9a-f]{0,4}:){0,8}/[0-9]{1,3}$" val)
+      (eq? val #f)))
+
+(define (serialize-cidr4 field-name val)
+  (if (eq? val #f) #f (serialize-field field-name val)))
+
+(define (serialize-cidr6 field-name val)
+  (if (eq? val #f) #f (serialize-field field-name val)))
+
+(define (ip? val)
+  (if (string? val)
+      (if (string-match "^([0-9]+\\.){3}[0-9]+$" val)
+          (let ((numbers (string-tokenize val char-set:digit)))
+            (all-lte numbers (list 255 255 255 255)))
+          #f)
+      (eq? val #f)))
+(define (serialize-ip field-name val)
+  (if (eq? val #f) #f (serialize-field field-name val)))
+
+(define (keepalive? val)
+  (and (list? val)
+       (and (number? (car val))
+            (number? (car (cdr val))))))
+(define (serialize-keepalive field-name val)
+  (format #t "~a ~a ~a\n" (uglify-field-name field-name)
+          (number->string (car val)) (number->string (car (cdr val)))))
+
+(define gateway? boolean?)
+(define (serialize-gateway field-name val)
+  (and val
+       (format #t "push \"redirect-gateway\"\n")))
+
+
+(define-configuration openvpn-remote-configuration
+  (name
+   (string "my-server")
+   "Server name.")
+  (port
+   (number 1194)
+   "Port number the server listens to."))
+
+(define-configuration openvpn-ccd-configuration
+  (name
+   (string "client")
+   "Client name.")
+  (iroute
+   (ip-mask #f)
+   "Client own network")
+  (ifconfig-push
+   (ip-mask #f)
+   "Client VPN IP."))
+
+(define (openvpn-remote-list? val)
+  (and (list? val)
+       (or (eq? val '())
+           (and (openvpn-remote-configuration? (car val))
+                (openvpn-remote-list? (cdr val))))))
+(define (serialize-openvpn-remote-list field-name val)
+  (for-each (lambda (remote)
+              (format #t "remote ~a ~a\n" (openvpn-remote-configuration-name remote)
+                      (number->string (openvpn-remote-configuration-port remote))))
+            val))
+
+(define (openvpn-ccd-list? val)
+  (and (list? val)
+       (or (eq? val '())
+           (and (openvpn-ccd-configuration? (car val))
+                (openvpn-ccd-list? (cdr val))))))
+(define (serialize-openvpn-ccd-list field-name val)
+  #f)
+
+(define (create-ccd-directory val)
+  "Create a ccd directory containing files for the ccd configuration option
+of OpenVPN.  Each file in this directory represents particular settings for a
+client.  Each file is named after the name of the client."
+  (let ((files (map (lambda (ccd)
+                      (list (openvpn-ccd-configuration-name ccd)
+                            (with-output-to-string
+                              (lambda ()
+                                (serialize-configuration
+                                 ccd openvpn-ccd-configuration-fields)))))
+                    val)))
+    (computed-file "ccd"
+                   (with-imported-modules '((guix build utils))
+                     #~(begin
+                         (use-modules (guix build utils))
+                         (use-modules (ice-9 match))
+                         (mkdir-p #$output)
+                         (for-each
+                          (lambda (ccd)
+                            (match ccd
+                              ((name config-string)
+                               (call-with-output-file
+                                   (string-append #$output "/" name)
+                                 (lambda (port) (display config-string port))))))
+                          '#$files))))))
+
+(define-syntax define-split-configuration
+  (lambda (x)
+    (syntax-case x ()
+      ((_ name1 name2 (common-option ...) (first-option ...) (second-option ...))
+       #`(begin
+           (define-configuration #,#'name1
+             common-option ...
+             first-option ...)
+           (define-configuration #,#'name2
+             common-option ...
+             second-option ...))))))
+
+(define-split-configuration openvpn-client-configuration
+  openvpn-server-configuration
+  ((openvpn
+    (package openvpn)
+    "The OpenVPN package.")
+
+   (pid-file
+    (string "/var/run/openvpn/openvpn.pid")
+    "The OpenVPN pid file.")
+
+   (proto
+    (proto 'udp)
+    "The protocol (UDP or TCP) used to open a channel between clients and
+servers.")
+
+   (dev
+    (dev 'tun)
+    "The device type used to represent the VPN connection.")
+
+   (ca
+    (string "/etc/openvpn/ca.crt")
+    "The certificate authority to check connections against.")
+
+   (cert
+    (string "/etc/openvpn/client.crt")
+    "The certificate of the machine the daemon is running on. It should be signed
+by the authority given in @code{ca}.")
+
+   (key
+    (string "/etc/openvpn/client.key")
+    "The key of the machine the daemon is running on. It must be the whose
+certificate is @code{cert}.")
+
+   (comp-lzo?
+    (boolean #t)
+    "Whether to use the lzo compression algorithm.")
+
+   (persist-key?
+    (boolean #t)
+    "Don't re-read key files across SIGUSR1 or --ping-restart.")
+
+   (persist-tun?
+    (boolean #t)
+    "Don't close and reopen TUN/TAP device or run up/down scripts across
+SIGUSR1 or --ping-restart restarts.")
+
+   (verbosity
+    (number 3)
+    "Verbosity level."))
+  ;; client-specific configuration
+  ((tls-auth
+    (tls-auth-client #f)
+    "Add an additional layer of HMAC authentication on top of the TLS control
+channel to protect against DoS attacks.")
+
+   (verify-key-usage?
+    (key-usage #t)
+    "Whether to check the server certificate has server usage extension.")
+
+   (bind?
+    (bind #f)
+    "Bind to a specific local port number.")
+
+   (resolv-retry?
+    (resolv-retry #t)
+    "Retry resolving server address.")
+
+   (remote
+    (openvpn-remote-list '())
+    "A list of remote servers to connect to."))
+  ;; server-specific configuration
+  ((tls-auth
+    (tls-auth-server #f)
+    "Add an additional layer of HMAC authentication on top of the TLS control
+channel to protect against DoS attacks.")
+
+   (port
+    (number 1194)
+    "Specifies the port number on which the server listens.")
+
+   (server
+    (ip-mask "10.8.0.0 255.255.255.0")
+    "An ip and mask specifying the subnet inside the virtual network.")
+
+   (server-ipv6
+    (cidr6 #f)
+    "A CIDR notation specifying the IPv6 subnet inside the virtual network.")
+
+   (dh
+    (string "/etc/openvpn/dh2048.pem")
+    "The Diffie-Hellman parameters file.")
+
+   (ifconfig-pool-persist
+    (string "/etc/openvpn/ipp.txt")
+    "The file that records client IPs.")
+
+   (redirect-gateway?
+    (gateway #f)
+    "When true, the server will act as a gateway for its clients.")
+
+   (client-to-client?
+    (boolean #f)
+    "When true, clients are alowed to talk to each other inside the VPN.")
+
+   (keepalive
+    (keepalive '(10 120))
+    "Causes ping-like messages to be sent back and forth over the link so that
+each side knows when the other side has gone down. @code{keepalive} requires
+a pair. The first element is the period of the ping sending, and the second
+element is the timeout before considering the other side down.")
+
+   (max-clients
+    (number 100)
+    "The maximum number of clients.")
+
+   (status
+    (string "/var/run/openvpn/status")
+    "The status file. This file shows a small report on current connection. It
+is trunkated and rewritten every minute.")
+
+   (client-config-dir
+    (openvpn-ccd-list '())
+    "The list of configuration for some clients.")))
+
+(define (openvpn-config-file role config)
+  (let ((config-str
+         (with-output-to-string
+           (lambda ()
+             (serialize-configuration config
+                                      (match role
+                                        ('server
+                                         openvpn-server-configuration-fields)
+                                        ('client
+                                         openvpn-client-configuration-fields))))))
+        (ccd-dir (match role
+                   ('server (create-ccd-directory
+                             (openvpn-server-configuration-client-config-dir
+                              config)))
+                   ('client #f))))
+    (computed-file "openvpn.conf"
+                   #~(begin
+                       (use-modules (ice-9 match))
+                       (call-with-output-file #$output
+                         (lambda (port)
+                           (match '#$role
+                             ('server (display "" port))
+                             ('client (display "client\n" port)))
+                           (display #$config-str port)
+                           (match '#$role
+                             ('server (display
+                                       (string-append "client-config-dir "
+                                                      #$ccd-dir "\n") port))
+                             ('client (display "" port)))))))))
+
+(define (openvpn-shepherd-service role)
+  (lambda (config)
+    (let* ((config-file (openvpn-config-file role config))
+           (pid-file ((match role
+                        ('server openvpn-server-configuration-pid-file)
+                        ('client openvpn-client-configuration-pid-file))
+                      config))
+           (openvpn ((match role
+                       ('server openvpn-server-configuration-openvpn)
+                       ('client openvpn-client-configuration-openvpn))
+                     config))
+           (log-file (match role
+                       ('server "/var/log/openvpn-server.log")
+                       ('client "/var/log/openvpn-client.log"))))
+      (list (shepherd-service
+             (documentation (string-append "Run the OpenVPN "
+                                           (match role
+                                             ('server "server")
+                                             ('client "client"))
+                                           " daemon."))
+             (provision (match role
+                          ('server '(vpn-server))
+                          ('client '(vpn-client))))
+             (requirement '(networking))
+             (start #~(make-forkexec-constructor
+                       (list (string-append #$openvpn "/sbin/openvpn")
+                             "--writepid" #$pid-file "--config" #$config-file
+                             "--daemon")
+                       #:pid-file #$pid-file))
+             (stop #~(make-kill-destructor)))))))
+
+(define %openvpn-accounts
+  (list (user-group (name "openvpn") (system? #t))
+        (user-account
+         (name "openvpn")
+         (group "openvpn")
+         (system? #t)
+         (comment "Openvpn daemon user")
+         (home-directory "/var/empty")
+         (shell (file-append shadow "/sbin/nologin")))))
+
+(define %openvpn-activation
+  #~(mkdir-p "/var/run/openvpn"))
+
+(define openvpn-server-service-type
+  (service-type (name 'openvpn-server)
+                (extensions
+                 (list (service-extension shepherd-root-service-type
+                                          (openvpn-shepherd-service 'server))
+                       (service-extension account-service-type
+                                          (const %openvpn-accounts))
+                       (service-extension activation-service-type
+                                          (const %openvpn-activation))))))
+
+(define openvpn-client-service-type
+  (service-type (name 'openvpn-client)
+                (extensions
+                 (list (service-extension shepherd-root-service-type
+                                          (openvpn-shepherd-service 'client))
+                       (service-extension account-service-type
+                                          (const %openvpn-accounts))
+                       (service-extension activation-service-type
+                                          (const %openvpn-activation))))))
+
+(define* (openvpn-client-service #:key (config (openvpn-client-configuration)))
+  (validate-configuration config openvpn-client-configuration-fields)
+  (service openvpn-client-service-type config))
+
+(define* (openvpn-server-service #:key (config (openvpn-server-configuration)))
+  (validate-configuration config openvpn-server-configuration-fields)
+  (service openvpn-server-service-type config))
+
+(define (generate-openvpn-server-documentation)
+  (generate-documentation
+   `((openvpn-server-configuration
+      ,openvpn-server-configuration-fields
+      (ccd openvpn-ccd-configuration))
+     (openvpn-ccd-configuration ,openvpn-ccd-configuration-fields))
+   'openvpn-server-configuration))
+
+(define (generate-openvpn-client-documentation)
+  (generate-documentation
+   `((openvpn-client-configuration
+      ,openvpn-client-configuration-fields
+      (remote openvpn-remote-configuration))
+     (openvpn-remote-configuration ,openvpn-remote-configuration-fields))
+   'openvpn-client-configuration))
diff --git a/gnu/services/web.scm b/gnu/services/web.scm
index db895405a2..11408d7b0e 100644
--- a/gnu/services/web.scm
+++ b/gnu/services/web.scm
@@ -1,8 +1,9 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
-;;; Copyright © 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
 ;;; Copyright © 2016 Julien Lepiller <julien@lepiller.eu>
+;;; Copyright © 2017 Christopher Baines <mail@cbaines.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -33,6 +34,12 @@
             nginx-configuration?
             nginx-server-configuration
             nginx-server-configuration?
+            nginx-upstream-configuration
+            nginx-upstream-configuration?
+            nginx-location-configuration
+            nginx-location-configuration?
+            nginx-named-location-configuration
+            nginx-named-location-configuration?
             nginx-service
             nginx-service-type))
 
@@ -53,6 +60,8 @@
                        (default (list 'default)))
   (root                nginx-server-configuration-root
                        (default "/srv/http"))
+  (locations           nginx-server-configuration-locations
+                       (default '()))
   (index               nginx-server-configuration-index
                        (default (list "index.html")))
   (ssl-certificate     nginx-server-configuration-ssl-certificate
@@ -62,14 +71,41 @@
   (server-tokens?      nginx-server-configuration-server-tokens?
                        (default #f)))
 
+(define-record-type* <nginx-upstream-configuration>
+  nginx-upstream-configuration make-nginx-upstream-configuration
+  nginx-upstream-configuration?
+  (name                nginx-upstream-configuration-name)
+  (servers             nginx-upstream-configuration-servers))
+
+(define-record-type* <nginx-location-configuration>
+  nginx-location-configuration make-nginx-location-configuration
+  nginx-location-configuration?
+  (uri                 nginx-location-configuration-uri
+                       (default #f))
+  (body                nginx-location-configuration-body))
+
+(define-record-type* <nginx-named-location-configuration>
+  nginx-named-location-configuration make-nginx-named-location-configuration
+  nginx-named-location-configuration?
+  (name                nginx-named-location-configuration-name
+                       (default #f))
+  (body                nginx-named-location-configuration-body))
+
 (define-record-type* <nginx-configuration>
   nginx-configuration make-nginx-configuration
   nginx-configuration?
-  (nginx         nginx-configuration-nginx)         ;<package>
-  (log-directory nginx-configuration-log-directory) ;string
-  (run-directory nginx-configuration-run-directory) ;string
-  (server-blocks nginx-configuration-server-blocks) ;list
-  (file          nginx-configuration-file))         ;string | file-like
+  (nginx         nginx-configuration-nginx          ;<package>
+                 (default nginx))
+  (log-directory nginx-configuration-log-directory  ;string
+                 (default "/var/log/nginx"))
+  (run-directory nginx-configuration-run-directory  ;string
+                 (default "/var/run/nginx"))
+  (server-blocks nginx-configuration-server-blocks
+                 (default '()))          ;list of <nginx-server-configuration>
+  (upstream-blocks nginx-configuration-upstream-blocks
+                   (default '()))      ;list of <nginx-upstream-configuration>
+  (file          nginx-configuration-file         ;#f | string | file-like
+                 (default #f)))
 
 (define (config-domain-strings names)
  "Return a string denoting the nginx config representation of NAMES, a list
@@ -88,6 +124,19 @@ of index files."
         ((? string? str) (string-append str " ")))
        names)))
 
+(define nginx-location-config
+  (match-lambda
+    (($ <nginx-location-configuration> uri body)
+     (string-append
+      "      location " uri " {\n"
+      "        " (string-join body "\n    ") "\n"
+      "      }\n"))
+    (($ <nginx-named-location-configuration> name body)
+     (string-append
+      "      location @" name " {\n"
+      "        " (string-join body "\n    ") "\n"
+      "      }\n"))))
+
 (define (default-nginx-server-config server)
   (string-append
    "    server {\n"
@@ -116,11 +165,23 @@ of index files."
    "      index " (config-index-strings (nginx-server-configuration-index server)) ";\n"
    "      server_tokens " (if (nginx-server-configuration-server-tokens? server)
                               "on" "off") ";\n"
+   "\n"
+   (string-join
+    (map nginx-location-config (nginx-server-configuration-locations server))
+    "\n")
+   "    }\n"))
+
+(define (nginx-upstream-config upstream)
+  (string-append
+   "    upstream " (nginx-upstream-configuration-name upstream) " {\n"
+   (string-concatenate
+    (map (lambda (server)
+           (simple-format #f "      server ~A;\n" server))
+         (nginx-upstream-configuration-servers upstream)))
    "    }\n"))
 
-(define (default-nginx-config log-directory run-directory server-list)
-  (plain-file "nginx.conf"
-              (string-append
+(define (default-nginx-config log-directory run-directory server-list upstream-list)
+  (mixed-text-file "nginx.conf"
                "user nginx nginx;\n"
                "pid " run-directory "/pid;\n"
                "error_log " log-directory "/error.log info;\n"
@@ -131,12 +192,18 @@ of index files."
                "    uwsgi_temp_path " run-directory "/uwsgi_temp;\n"
                "    scgi_temp_path " run-directory "/scgi_temp;\n"
                "    access_log " log-directory "/access.log;\n"
+               "\n"
+               (string-join
+                (filter (lambda (section) (not (null? section)))
+                        (map nginx-upstream-config upstream-list))
+                "\n")
+               "\n"
                (let ((http (map default-nginx-server-config server-list)))
                  (do ((http http (cdr http))
                       (block "" (string-append (car http) "\n" block )))
                      ((null? http) block)))
                "}\n"
-               "events {}\n")))
+               "events {}\n"))
 
 (define %nginx-accounts
   (list (user-group (name "nginx") (system? #t))
@@ -151,7 +218,7 @@ of index files."
 (define nginx-activation
   (match-lambda
     (($ <nginx-configuration> nginx log-directory run-directory server-blocks
-                              config-file)
+                              upstream-blocks config-file)
      #~(begin
          (use-modules (guix build utils))
 
@@ -169,13 +236,13 @@ of index files."
          (system* (string-append #$nginx "/sbin/nginx")
                   "-c" #$(or config-file
                              (default-nginx-config log-directory
-                               run-directory server-blocks))
+                               run-directory server-blocks upstream-blocks))
                   "-t")))))
 
 (define nginx-shepherd-service
   (match-lambda
     (($ <nginx-configuration> nginx log-directory run-directory server-blocks
-                              config-file)
+                              upstream-blocks config-file)
      (let* ((nginx-binary (file-append nginx "/sbin/nginx"))
             (nginx-action
              (lambda args
@@ -184,7 +251,7 @@ of index files."
                     (system* #$nginx-binary "-c"
                              #$(or config-file
                                    (default-nginx-config log-directory
-                                     run-directory server-blocks))
+                                     run-directory server-blocks upstream-blocks))
                              #$@args))))))
 
        ;; TODO: Add 'reload' action.
@@ -216,6 +283,7 @@ of index files."
                         (log-directory "/var/log/nginx")
                         (run-directory "/var/run/nginx")
                         (server-list '())
+                        (upstream-list '())
                         (config-file #f))
   "Return a service that runs NGINX, the nginx web server.
 
@@ -227,4 +295,5 @@ files in LOG-DIRECTORY, and stores temporary runtime files in RUN-DIRECTORY."
             (log-directory log-directory)
             (run-directory run-directory)
             (server-blocks server-list)
+            (upstream-blocks upstream-list)
             (file config-file))))
diff --git a/gnu/system/file-systems.scm b/gnu/system/file-systems.scm
index 4cc1221eb8..fa56853fd1 100644
--- a/gnu/system/file-systems.scm
+++ b/gnu/system/file-systems.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -95,11 +95,39 @@
   (dependencies     file-system-dependencies      ; list of <file-system>
                     (default '())))               ; or <mapped-device>
 
-(define-inlinable (file-system-needed-for-boot? fs)
-  "Return true if FS has the 'needed-for-boot?' flag set, or if it's the root
-file system."
+(define %not-slash
+  (char-set-complement (char-set #\/)))
+
+(define (file-prefix? file1 file2)
+  "Return #t if FILE1 denotes the name of a file that is a parent of FILE2,
+where both FILE1 and FILE2 are absolute file name.  For example:
+
+  (file-prefix? \"/gnu\" \"/gnu/store\")
+  => #t
+
+  (file-prefix? \"/gn\" \"/gnu/store\")
+  => #f
+"
+  (and (string-prefix? "/" file1)
+       (string-prefix? "/" file2)
+       (let loop ((file1 (string-tokenize file1 %not-slash))
+                  (file2 (string-tokenize file2 %not-slash)))
+         (match file1
+           (()
+            #t)
+           ((head1 tail1 ...)
+            (match file2
+              ((head2 tail2 ...)
+               (and (string=? head1 head2) (loop tail1 tail2)))
+              (()
+               #f)))))))
+
+(define (file-system-needed-for-boot? fs)
+  "Return true if FS has the 'needed-for-boot?' flag set, or if it holds the
+store--e.g., if FS is the root file system."
   (or (%file-system-needed-for-boot? fs)
-      (string=? "/" (file-system-mount-point fs))))
+      (and (file-prefix? (file-system-mount-point fs) (%store-prefix))
+           (not (memq 'bind-mount (file-system-flags fs))))))
 
 (define (file-system->spec fs)
   "Return a list corresponding to file-system FS that can be passed to the
diff --git a/gnu/system/linux-initrd.scm b/gnu/system/linux-initrd.scm
index a787072ba7..4a753cdadb 100644
--- a/gnu/system/linux-initrd.scm
+++ b/gnu/system/linux-initrd.scm
@@ -197,6 +197,9 @@ loaded at boot time in the order in which they appear."
       ,@(if (find (file-system-type-predicate "vfat") file-systems)
             '("nls_iso8859-1")
             '())
+      ,@(if (find (file-system-type-predicate "btrfs") file-systems)
+            '("btrfs")
+            '())
       ,@(if volatile-root?
             '("fuse")
             '())
@@ -214,6 +217,9 @@ loaded at boot time in the order in which they appear."
                   file-systems)
             (list fatfsck/static)
             '())
+      ,@(if (find (file-system-type-predicate "btrfs") file-systems)
+            (list btrfs-progs/static)
+            '())
       ,@(if volatile-root?
             (list unionfs-fuse/static)
             '())))
diff --git a/gnu/tests/base.scm b/gnu/tests/base.scm
index 6370d6951b..2687a6cdb8 100644
--- a/gnu/tests/base.scm
+++ b/gnu/tests/base.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -78,9 +78,11 @@ passed a gexp denoting the marionette, and it must return gexp that is
 inserted before the first test.  This is used to introduce an extra
 initialization step, such as entering a LUKS passphrase."
   (define test
-    (with-imported-modules '((gnu build marionette))
+    (with-imported-modules '((gnu build marionette)
+                             (guix build syscalls))
       #~(begin
           (use-modules (gnu build marionette)
+                       (guix build syscalls)
                        (srfi srfi-1)
                        (srfi srfi-26)
                        (srfi srfi-64)
@@ -176,6 +178,22 @@ info --version")
                           (apply throw args)))))
                marionette)))
 
+          ;; There should be one utmpx entry for the user logged in on tty1.
+          (test-equal "utmpx entry"
+            '(("root" "tty1" #f))
+            (marionette-eval
+             '(begin
+                (use-modules (guix build syscalls)
+                             (srfi srfi-1))
+
+                (filter-map (lambda (entry)
+                              (and (equal? (login-type USER_PROCESS)
+                                           (utmpx-login-type entry))
+                                   (list (utmpx-user entry) (utmpx-line entry)
+                                         (utmpx-host entry))))
+                            (utmpx-entries)))
+             marionette))
+
           (test-assert "host name resolution"
             (match (marionette-eval
                     '(begin
diff --git a/gnu/tests/install.scm b/gnu/tests/install.scm
index 4779b80e94..4e8d594054 100644
--- a/gnu/tests/install.scm
+++ b/gnu/tests/install.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -36,7 +36,8 @@
   #:export (%test-installed-os
             %test-separate-store-os
             %test-raid-root-os
-            %test-encrypted-os))
+            %test-encrypted-os
+            %test-btrfs-root-os))
 
 ;;; Commentary:
 ;;;
@@ -256,8 +257,7 @@ build (current-guix) and then store a couple of full system images.")
                            (device "store-fs")
                            (title 'label)
                            (mount-point "/gnu")
-                           (type "ext4")
-                           (needed-for-boot? #t)) ;definitely!
+                           (type "ext4"))
                          %base-file-systems))
     (users %base-user-accounts)
     (services (cons (service marionette-service-type
@@ -518,4 +518,78 @@ build (current-guix) and then store a couple of full system images.")
       (run-basic-test %encrypted-root-os command "encrypted-root-os"
                       #:initialization enter-luks-passphrase)))))
 
+
+;;;
+;;; Btrfs root file system.
+;;;
+
+(define-os-with-source (%btrfs-root-os %btrfs-root-os-source)
+  ;; The OS we want to install.
+  (use-modules (gnu) (gnu tests) (srfi srfi-1))
+
+  (operating-system
+    (host-name "liberigilo")
+    (timezone "Europe/Paris")
+    (locale "en_US.UTF-8")
+
+    (bootloader (grub-configuration (device "/dev/vdb")))
+    (kernel-arguments '("console=ttyS0"))
+    (file-systems (cons (file-system
+                          (device "my-root")
+                          (title 'label)
+                          (mount-point "/")
+                          (type "btrfs"))
+                        %base-file-systems))
+    (users (cons (user-account
+                  (name "charlie")
+                  (group "users")
+                  (home-directory "/home/charlie")
+                  (supplementary-groups '("wheel" "audio" "video")))
+                 %base-user-accounts))
+    (services (cons (service marionette-service-type
+                             (marionette-configuration
+                              (imported-modules '((gnu services herd)
+                                                  (guix combinators)))))
+                    %base-services))))
+
+(define %btrfs-root-installation-script
+  ;; Shell script of a simple installation.
+  "\
+. /etc/profile
+set -e -x
+guix --version
+
+export GUIX_BUILD_OPTIONS=--no-grafts
+ls -l /run/current-system/gc-roots
+parted --script /dev/vdb mklabel gpt \\
+  mkpart primary ext2 1M 3M \\
+  mkpart primary ext2 3M 1G \\
+  set 1 boot on \\
+  set 1 bios_grub on
+mkfs.btrfs -L my-root /dev/vdb2
+mount /dev/vdb2 /mnt
+btrfs subvolume create /mnt/home
+herd start cow-store /mnt
+mkdir /mnt/etc
+cp /etc/target-config.scm /mnt/etc/config.scm
+guix system build /mnt/etc/config.scm
+guix system init /mnt/etc/config.scm /mnt --no-substitutes
+sync
+reboot\n")
+
+(define %test-btrfs-root-os
+  (system-test
+   (name "btrfs-root-os")
+   (description
+    "Test basic functionality of an OS installed like one would do by hand.
+This test is expensive in terms of CPU and storage usage since we need to
+build (current-guix) and then store a couple of full system images.")
+   (value
+    (mlet* %store-monad ((image   (run-install %btrfs-root-os
+                                               %btrfs-root-os-source
+                                               #:script
+                                               %btrfs-root-installation-script))
+                         (command (qemu-command/writable-image image)))
+      (run-basic-test %btrfs-root-os command "btrfs-root-os")))))
+
 ;;; install.scm ends here
diff --git a/gnu/tests/web.scm b/gnu/tests/web.scm
new file mode 100644
index 0000000000..bae0e8fad7
--- /dev/null
+++ b/gnu/tests/web.scm
@@ -0,0 +1,146 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Ludovic Courtès <ludo@gnu.org>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu tests web)
+  #:use-module (gnu tests)
+  #:use-module (gnu system)
+  #:use-module (gnu system grub)
+  #:use-module (gnu system file-systems)
+  #:use-module (gnu system shadow)
+  #:use-module (gnu system vm)
+  #:use-module (gnu services)
+  #:use-module (gnu services base)
+  #:use-module (gnu services web)
+  #:use-module (gnu services networking)
+  #:use-module (guix gexp)
+  #:use-module (guix store)
+  #:use-module (guix monads)
+  #:export (%test-nginx))
+
+(define %index.html-contents
+  ;; Contents of the /index.html file served by nginx.
+  "Hello, nginx!")
+
+(define %make-http-root
+  ;; Create our server root in /srv.
+  #~(begin
+      (mkdir "/srv")
+      (call-with-output-file "/srv/index.html"
+        (lambda (port)
+          (display #$%index.html-contents port)))))
+
+(define %nginx-servers
+  ;; Server blocks.
+  (list (nginx-server-configuration
+         (root "/srv")
+         (http-port 8042)
+         (https-port #f)
+         (ssl-certificate #f)
+         (ssl-certificate-key #f))))
+
+(define %nginx-os
+  ;; Operating system under test.
+  (operating-system
+    (host-name "komputilo")
+    (timezone "Europe/Berlin")
+    (locale "en_US.utf8")
+
+    (bootloader (grub-configuration (device "/dev/sdX")))
+    (file-systems %base-file-systems)
+    (firmware '())
+    (users %base-user-accounts)
+    (services (cons* (dhcp-client-service)
+                     (service nginx-service-type
+                              (nginx-configuration
+                               (log-directory "/var/log/nginx")
+                               (server-blocks %nginx-servers)))
+                     (simple-service 'make-http-root activation-service-type
+                                     %make-http-root)
+                     %base-services))))
+
+(define* (run-nginx-test #:optional (http-port 8042))
+  "Run tests in %NGINX-OS, which has nginx running and listening on
+HTTP-PORT."
+  (mlet* %store-monad ((os ->   (marionette-operating-system
+                                 %nginx-os
+                                 #:imported-modules '((gnu services herd)
+                                                      (guix combinators))))
+                       (command (system-qemu-image/shared-store-script
+                                 os #:graphic? #f)))
+    (define test
+      (with-imported-modules '((gnu build marionette))
+        #~(begin
+            (use-modules (srfi srfi-11) (srfi srfi-64)
+                         (gnu build marionette)
+                         (web uri)
+                         (web client)
+                         (web response))
+
+            (define marionette
+              ;; Forward the guest's HTTP-PORT, where nginx is listening, to
+              ;; port 8080 in the host.
+              (make-marionette (list #$command "-net"
+                                     (string-append
+                                      "user,hostfwd=tcp::8080-:"
+                                      #$(number->string http-port)))))
+
+            (mkdir #$output)
+            (chdir #$output)
+
+            (test-begin "nginx")
+
+            ;; Wait for nginx to be up and running.
+            (test-eq "service running"
+              'running!
+              (marionette-eval
+               '(begin
+                  (use-modules (gnu services herd))
+                  (start-service 'nginx)
+                  'running!)
+               marionette))
+
+            ;; Make sure the PID file is created.
+            (test-assert "PID file"
+              (marionette-eval
+               '(file-exists? "/var/run/nginx/pid")
+               marionette))
+
+            ;; Retrieve the index.html file we put in /srv.
+            (test-equal "http-get"
+              '(200 #$%index.html-contents)
+              (let-values (((response text)
+                            (http-get "http://localhost:8080/index.html"
+                                      #:decode-body? #t)))
+                (list (response-code response) text)))
+
+            ;; There should be a log file in here.
+            (test-assert "log file"
+              (marionette-eval
+               '(file-exists? "/var/log/nginx/access.log")
+               marionette))
+
+            (test-end)
+            (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+
+    (gexp->derivation "nginx-test" test)))
+
+(define %test-nginx
+  (system-test
+   (name "nginx")
+   (description "Connect to a running NGINX server.")
+   (value (run-nginx-test))))