summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
Diffstat (limited to 'gnu')
-rw-r--r--gnu/local.mk10
-rw-r--r--gnu/packages/bioinformatics.scm106
-rw-r--r--gnu/packages/code.scm55
-rw-r--r--gnu/packages/crypto.scm128
-rw-r--r--gnu/packages/curl.scm1
-rw-r--r--gnu/packages/emacs.scm17
-rw-r--r--gnu/packages/enlightenment.scm6
-rw-r--r--gnu/packages/games.scm31
-rw-r--r--gnu/packages/gcc.scm6
-rw-r--r--gnu/packages/image-viewers.scm4
-rw-r--r--gnu/packages/imagemagick.scm4
-rw-r--r--gnu/packages/ldc.scm4
-rw-r--r--gnu/packages/libreoffice.scm51
-rw-r--r--gnu/packages/linux.scm17
-rw-r--r--gnu/packages/maths.scm53
-rw-r--r--gnu/packages/moreutils.scm10
-rw-r--r--gnu/packages/music.scm7
-rw-r--r--gnu/packages/patches/catdoc-CVE-2017-11110.patch45
-rw-r--r--gnu/packages/patches/curl-bounds-check.patch19
-rw-r--r--gnu/packages/patches/cvs-2017-12836.patch45
-rw-r--r--gnu/packages/patches/e2fsprogs-32bit-quota-warnings.patch46
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-10664.patch27
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-10806.patch38
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-10911.patch106
-rw-r--r--gnu/packages/patches/qemu-CVE-2017-11434.patch25
-rw-r--r--gnu/packages/perl.scm130
-rw-r--r--gnu/packages/python.scm4
-rw-r--r--gnu/packages/shells.scm69
-rw-r--r--gnu/packages/textutils.scm2
-rw-r--r--gnu/packages/version-control.scm22
-rw-r--r--gnu/packages/video.scm4
-rw-r--r--gnu/packages/virtualization.scm7
-rw-r--r--gnu/packages/xdisorg.scm8
-rw-r--r--gnu/services/audio.scm86
-rw-r--r--gnu/tests/audio.scm78
35 files changed, 1155 insertions, 116 deletions
diff --git a/gnu/local.mk b/gnu/local.mk
index a76f01aa66..961c1d3274 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -426,6 +426,7 @@ GNU_SYSTEM_MODULES =				\
 						\
   %D%/services.scm				\
   %D%/services/admin.scm			\
+  %D%/services/audio.scm                        \
   %D%/services/avahi.scm			\
   %D%/services/base.scm				\
   %D%/services/configuration.scm		\
@@ -481,6 +482,7 @@ GNU_SYSTEM_MODULES =				\
 						\
   %D%/tests.scm					\
   %D%/tests/admin.scm				\
+  %D%/tests/audio.scm				\
   %D%/tests/base.scm				\
   %D%/tests/databases.scm			\
   %D%/tests/dict.scm				\
@@ -533,6 +535,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/calibre-drop-unrar.patch			\
   %D%/packages/patches/calibre-no-updates-dialog.patch		\
   %D%/packages/patches/calibre-use-packaged-feedparser.patch	\
+  %D%/packages/patches/catdoc-CVE-2017-11110.patch		\
   %D%/packages/patches/cdparanoia-fpic.patch			\
   %D%/packages/patches/cdrtools-3.01-mkisofs-isoinfo.patch 	\
   %D%/packages/patches/ceph-disable-cpu-optimizations.patch	\
@@ -562,7 +565,9 @@ dist_patch_DATA =						\
   %D%/packages/patches/crossmap-allow-system-pysam.patch	\
   %D%/packages/patches/csound-header-ordering.patch		\
   %D%/packages/patches/clucene-contribs-lib.patch               \
+  %D%/packages/patches/curl-bounds-check.patch			\
   %D%/packages/patches/cursynth-wave-rand.patch			\
+  %D%/packages/patches/cvs-2017-12836.patch			\
   %D%/packages/patches/cyrus-sasl-CVE-2013-4122.patch		\
   %D%/packages/patches/dblatex-remove-multirow.patch		\
   %D%/packages/patches/dbus-helper-search-path.patch		\
@@ -573,6 +578,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/doc++-segfault-fix.patch			\
   %D%/packages/patches/doxygen-test.patch			\
   %D%/packages/patches/dvd+rw-tools-add-include.patch 		\
+  %D%/packages/patches/e2fsprogs-32bit-quota-warnings.patch	\
   %D%/packages/patches/elfutils-tests-ptrace.patch		\
   %D%/packages/patches/elixir-disable-failing-tests.patch	\
   %D%/packages/patches/einstein-build.patch			\
@@ -964,7 +970,11 @@ dist_patch_DATA =						\
   %D%/packages/patches/qemu-CVE-2017-8379.patch			\
   %D%/packages/patches/qemu-CVE-2017-8380.patch			\
   %D%/packages/patches/qemu-CVE-2017-9524.patch			\
+  %D%/packages/patches/qemu-CVE-2017-10664.patch		\
+  %D%/packages/patches/qemu-CVE-2017-10806.patch		\
+  %D%/packages/patches/qemu-CVE-2017-10911.patch		\
   %D%/packages/patches/qemu-CVE-2017-11334.patch		\
+  %D%/packages/patches/qemu-CVE-2017-11434.patch		\
   %D%/packages/patches/qt4-ldflags.patch			\
   %D%/packages/patches/qtscript-disable-tests.patch		\
   %D%/packages/patches/quagga-reproducible-build.patch          \
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index f0c4e7748a..87cf164c1a 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -5796,6 +5796,49 @@ differential expression based on a model using the negative binomial
 distribution.")
     (license license:lgpl3+)))
 
+(define-public r-dexseq
+  (package
+    (name "r-dexseq")
+    (version "1.22.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (bioconductor-uri "DEXSeq" version))
+       (sha256
+        (base32
+         "085aqk1wlzzqcqcqhvz74y099kr2ln5dwdxd3rl6zan806mgwahg"))))
+    (properties `((upstream-name . "DEXSeq")))
+    (build-system r-build-system)
+    (propagated-inputs
+     `(("r-annotationdbi" ,r-annotationdbi)
+       ("r-biobase" ,r-biobase)
+       ("r-biocgenerics" ,r-biocgenerics)
+       ("r-biocparallel" ,r-biocparallel)
+       ("r-biomart" ,r-biomart)
+       ("r-deseq2" ,r-deseq2)
+       ("r-genefilter" ,r-genefilter)
+       ("r-geneplotter" ,r-geneplotter)
+       ("r-genomicranges" ,r-genomicranges)
+       ("r-hwriter" ,r-hwriter)
+       ("r-iranges" ,r-iranges)
+       ("r-rcolorbrewer" ,r-rcolorbrewer)
+       ("r-rsamtools" ,r-rsamtools)
+       ("r-s4vectors" ,r-s4vectors)
+       ("r-statmod" ,r-statmod)
+       ("r-stringr" ,r-stringr)
+       ("r-summarizedexperiment" ,r-summarizedexperiment)))
+    (home-page "http://bioconductor.org/packages/DEXSeq")
+    (synopsis "Inference of differential exon usage in RNA-Seq")
+    (description
+     "This package is focused on finding differential exon usage using RNA-seq
+exon counts between samples with different experimental designs.  It provides
+functions that allows the user to make the necessary statistical tests based
+on a model that uses the negative binomial distribution to estimate the
+variance between biological replicates and generalized linear models for
+testing.  The package also provides functions for the visualization and
+exploration of the results.")
+    (license license:gpl3+)))
+
 (define-public r-annotationforge
   (package
     (name "r-annotationforge")
@@ -9759,3 +9802,66 @@ such as transcription factor binding sites (ChIP-seq) or regions of open
 chromatin (DNase-seq).  Output can be displayed directly in the UCSC Genome
 Browser.")
       (license license:gpl3+))))
+
+(define-public bismark
+  (package
+    (name "bismark")
+    (version "0.16.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/FelixKrueger/Bismark/"
+                           "archive/" version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1204i0pa02ll2jn5pnxypkclnskvv7a2nwh5nxhagmhxk9wfv9sq"))))
+    (build-system perl-build-system)
+    (arguments
+     `(#:tests? #f ; there are no tests
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (delete 'build)
+         (replace 'install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (let ((bin (string-append (assoc-ref outputs "out")
+                                       "/bin"))
+                   (docdir  (string-append (assoc-ref outputs "out")
+                                           "/share/doc/bismark"))
+                   (docs    '("Bismark_User_Guide.pdf"
+                              "RELEASE_NOTES.txt"))
+                   (scripts '("bismark"
+                              "bismark_genome_preparation"
+                              "bismark_methylation_extractor"
+                              "bismark2bedGraph"
+                              "bismark2report"
+                              "coverage2cytosine"
+                              "deduplicate_bismark"
+                              "bismark_sitrep.tpl"
+                              "bam2nuc"
+                              "bismark2summary")))
+               (mkdir-p docdir)
+               (mkdir-p bin)
+               (for-each (lambda (file) (install-file file bin))
+                         scripts)
+               (for-each (lambda (file) (install-file file docdir))
+                         docs)
+               #t))))))
+    (home-page "http://www.bioinformatics.babraham.ac.uk/projects/bismark/")
+    (synopsis "Map bisulfite treated sequence reads and analyze methylation")
+    (description "Bismark is a program to map bisulfite treated sequencing
+reads to a genome of interest and perform methylation calls in a single step.
+The output can be easily imported into a genome viewer, such as SeqMonk, and
+enables a researcher to analyse the methylation levels of their samples
+straight away.  Its main features are:
+
+@itemize
+@item Bisulfite mapping and methylation calling in one single step
+@item Supports single-end and paired-end read alignments
+@item Supports ungapped and gapped alignments
+@item Alignment seed length, number of mismatches etc are adjustable
+@item Output discriminates between cytosine methylation in CpG, CHG
+  and CHH context
+@end itemize\n")
+    (license license:gpl3+)))
diff --git a/gnu/packages/code.scm b/gnu/packages/code.scm
index 6f25b7cd82..fa9e19db7d 100644
--- a/gnu/packages/code.scm
+++ b/gnu/packages/code.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
+;;; Copyright © 2017 Andy Wingo <wingo@igalia.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -189,6 +190,60 @@ effort, time, and money it would take to develop the software, using the
 COCOMO model or user-provided parameters.")
     (license license:gpl2+)))
 
+(define-public cloc
+  (package
+    (name "cloc")
+    (version "1.72")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "https://github.com/AlDanial/cloc/releases/download/v" version
+             "/cloc-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1gl7bxb4bi6pms0zzl133pzpfypvz57hk2cw7yf6rvs8b48kilnz"))))
+    (build-system gnu-build-system)
+    (inputs
+     `(("coreutils" ,coreutils)
+       ("perl" ,perl)
+       ("perl-algorithm-diff" ,perl-algorithm-diff)
+       ("perl-regexp-common" ,perl-regexp-common)
+       ("perl-digest-md5" ,perl-digest-md5)))
+    (arguments
+     `(#:phases (modify-phases %standard-phases
+                  (delete 'configure)
+                  (delete 'build)
+                  (replace 'install
+                    (lambda* (#:key inputs outputs #:allow-other-keys)
+                      (let* ((out (assoc-ref outputs "out")))
+                        (zero?
+                         (system* "make" "-C" "Unix"
+                                  (string-append "prefix=" out)
+                                  (string-append "INSTALL="
+                                                 (assoc-ref inputs "coreutils")
+                                                 "/bin/install")
+                                  "install")))))
+                  (add-after 'install 'wrap-program
+                    (lambda* (#:key inputs outputs #:allow-other-keys)
+                      (let ((out (assoc-ref outputs "out")))
+                        (wrap-program (string-append out "/bin/cloc")
+                          `("PERL5LIB" ":" =
+                            ,(string-split (getenv "PERL5LIB") #\:)))
+                        #t))))
+       #:out-of-source? #t
+       ;; Tests require some other packages.
+       #:tests? #f))
+    (home-page "https://github.com/AlDanial/cloc")
+    (synopsis "Count source lines of code (SLOC) and other source code metrics")
+    (description "cloc counts blank lines, comment lines, and physical lines
+of source code in many programming languages.  Given two versions of a code
+base, cloc can compute differences in blank, comment, and source lines.
+
+cloc contains code from David Wheeler's SLOCCount.  Compared to SLOCCount,
+cloc can handle a greater variety of programming langauges.")
+    (license license:gpl2+)))
+
 (define-public the-silver-searcher
   (package
     (name "the-silver-searcher")
diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm
index d02bc20f20..62fe5fe081 100644
--- a/gnu/packages/crypto.scm
+++ b/gnu/packages/crypto.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 David Thompson <davet@gnu.org>
-;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2015, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox>
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
@@ -52,6 +52,7 @@
   #:use-module (guix git-download)
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system gnu)
+  #:use-module (guix build-system perl)
   #:use-module (guix build-system python))
 
 (define-public libsodium
@@ -437,3 +438,128 @@ PKCS#8, PKCS#12, PKCS#5, X.509 and TSP.")
 
 (define-public python2-asn1crypto
   (package-with-python2 python-asn1crypto))
+
+(define-public perl-math-random-isaac-xs
+  (package
+    (name "perl-math-random-isaac-xs")
+    (version "1.004")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/J/JA/JAWNSY/"
+                           "Math-Random-ISAAC-XS-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0yxqqcqvj51fn7b7j5xqhz65v74arzgainn66c6k7inijbmr1xws"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-build" ,perl-module-build)
+       ("perl-test-nowarnings" ,perl-test-nowarnings)))
+    (home-page "http://search.cpan.org/dist/Math-Random-ISAAC-XS")
+    (synopsis "C implementation of the ISAAC PRNG algorithm")
+    (description "ISAAC (Indirection, Shift, Accumulate, Add, and Count) is a
+fast pseudo-random number generator.  It is suitable for applications where a
+significant amount of random data needs to be produced quickly, such as
+solving using the Monte Carlo method or for games.  The results are uniformly
+distributed, unbiased, and unpredictable unless you know the seed.
+
+This package implements the same interface as @code{Math::Random::ISAAC}.")
+    (license license:public-domain)))
+
+(define-public perl-math-random-isaac
+  (package
+    (name "perl-math-random-isaac")
+    (version "1.004")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/J/JA/JAWNSY/"
+                           "Math-Random-ISAAC-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0z1b3xbb3xz71h25fg6jgsccra7migq7s0vawx2rfzi0pwpz0wr7"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-test-nowarnings" ,perl-test-nowarnings)))
+    (propagated-inputs
+     `(("perl-math-random-isaac-xs" ,perl-math-random-isaac-xs)))
+    (home-page "http://search.cpan.org/dist/Math-Random-ISAAC")
+    (synopsis "Perl interface to the ISAAC PRNG algorithm")
+    (description "ISAAC (Indirection, Shift, Accumulate, Add, and Count) is a
+fast pseudo-random number generator.  It is suitable for applications where a
+significant amount of random data needs to be produced quickly, such as
+solving using the Monte Carlo method or for games.  The results are uniformly
+distributed, unbiased, and unpredictable unless you know the seed.
+
+This package provides a Perl interface to the ISAAC pseudo random number
+generator.")
+    (license license:public-domain)))
+
+(define-public perl-crypt-random-source
+  (package
+    (name "perl-crypt-random-source")
+    (version "0.12")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/E/ET/ETHER/"
+                           "Crypt-Random-Source-" version ".tar.gz"))
+       (sha256
+        (base32
+         "00mw5m52sbz9nqp3f6axyrgcrihqxn7k8gv0vi1kvm1j1nc9g29h"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-build-tiny" ,perl-module-build-tiny)
+       ("perl-test-exception" ,perl-test-exception)))
+    (propagated-inputs
+     `(("perl-capture-tiny" ,perl-capture-tiny)
+       ("perl-module-find" ,perl-module-find)
+       ("perl-module-runtime" ,perl-module-runtime)
+       ("perl-moo" ,perl-moo)
+       ("perl-namespace-clean" ,perl-namespace-clean)
+       ("perl-sub-exporter" ,perl-sub-exporter)
+       ("perl-type-tiny" ,perl-type-tiny)))
+    (home-page "http://search.cpan.org/dist/Crypt-Random-Source")
+    (synopsis "Get weak or strong random data from pluggable sources")
+    (description "This module provides implementations for a number of
+byte-oriented sources of random data.")
+    (license (package-license perl))))
+
+(define-public perl-math-random-secure
+  (package
+    (name "perl-math-random-secure")
+    (version "0.080001")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/F/FR/FREW/"
+                           "Math-Random-Secure-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0dgbf4ncll4kmgkyb9fsaxn0vf2smc9dmwqzgh3259zc2zla995z"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-list-moreutils" ,perl-list-moreutils)
+       ("perl-test-leaktrace" ,perl-test-leaktrace)
+       ("perl-test-sharedfork" ,perl-test-sharedfork)
+       ("perl-test-warn" ,perl-test-warn)))
+    (inputs
+     `(("perl-crypt-random-source" ,perl-crypt-random-source)
+       ("perl-math-random-isaac" ,perl-math-random-isaac)
+       ("perl-math-random-isaac-xs" ,perl-math-random-isaac-xs)
+       ("perl-moo" ,perl-moo)))
+    (home-page "http://search.cpan.org/dist/Math-Random-Secure")
+    (synopsis "Cryptographically secure replacement for rand()")
+    (description "This module is intended to provide a
+cryptographically-secure replacement for Perl's built-in @code{rand} function.
+\"Crytographically secure\", in this case, means:
+
+@enumerate
+@item No matter how many numbers you see generated by the random number
+generator, you cannot guess the future numbers, and you cannot guess the seed.
+@item There are so many possible seeds that it would take decades, centuries,
+or millenia for an attacker to try them all.
+@item The seed comes from a source that generates relatively strong random
+data on your platform, so the seed itself will be as random as possible.
+@end enumerate\n")
+    (license license:artistic2.0)))
diff --git a/gnu/packages/curl.scm b/gnu/packages/curl.scm
index 492a049a05..23606b4810 100644
--- a/gnu/packages/curl.scm
+++ b/gnu/packages/curl.scm
@@ -132,6 +132,7 @@ tunneling, and so on.")
         (method url-fetch)
         (uri (string-append "https://curl.haxx.se/download/curl-"
                             version ".tar.xz"))
+        (patches (search-patches "curl-bounds-check.patch"))
         (sha256
          (base32
           "1785vxi0jamiv9d1wr1l45g0fm9ircxdfyfzf7ld8zv0z0i8bmfd"))))
diff --git a/gnu/packages/emacs.scm b/gnu/packages/emacs.scm
index bb5d2349fd..5a69990c67 100644
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@@ -5226,6 +5226,23 @@ multiplexer.")
 editing RPM spec files.")
     (license license:gpl2+)))
 
+(define-public emacs-nix-mode
+  (package
+    (inherit nix)
+    (name "emacs-nix-mode")
+    (build-system emacs-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'chdir-elisp
+           ;; Elisp directory is not in root of the source.
+           (lambda _
+             (chdir "misc/emacs"))))))
+    (synopsis "Emacs major mode for editing Nix expressions")
+    (description "@code{nixos-mode} provides an Emacs major mode for editing
+Nix expressions.  It supports syntax highlighting, indenting and refilling of
+comments.")))
+
 (define-public emacs-git-messenger
   (package
     (name "emacs-git-messenger")
diff --git a/gnu/packages/enlightenment.scm b/gnu/packages/enlightenment.scm
index b42e631b98..da1a1cf43d 100644
--- a/gnu/packages/enlightenment.scm
+++ b/gnu/packages/enlightenment.scm
@@ -59,7 +59,7 @@
 (define-public efl
   (package
     (name "efl")
-    (version "1.20.1")
+    (version "1.20.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -67,7 +67,7 @@
                     version ".tar.xz"))
               (sha256
                (base32
-                "1d1wmmwgc8pf6lk9g6lflpdxvg85wxxq650d6m30zgr85cb6d27q"))))
+                "0zll6k4xbbdsxqg53g8jddgv889g5m1xh20i03iz5a52y2bcnh55"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -123,7 +123,7 @@
        ("glib" ,glib) ; ecore.pc, ecore-cxx.pc
        ("harfbuzz" ,harfbuzz) ; evas.pc, evas-cxx.pc
        ("luajit" ,luajit) ; elua.pc, evas.pc, evas-cxx.pc
-       ("libinput" ,libinput) ; elput.pc
+       ("libinput" ,libinput-minimal) ; elput.pc
        ("libpng" ,libpng) ; evas.pc, evas-cxx.pc
        ("libsndfile" ,libsndfile) ; ecore-audio.pc, ecore-audio-cxx.pc
        ("libxkbcommon" ,libxkbcommon) ; ecore-wl2.pc, elementary.pc, elput.pc
diff --git a/gnu/packages/games.scm b/gnu/packages/games.scm
index 9f32e9f8e5..436a885d6e 100644
--- a/gnu/packages/games.scm
+++ b/gnu/packages/games.scm
@@ -17,7 +17,7 @@
 ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
 ;;; Copyright © 2016, 2017 Rodger Fox <thylakoid@openmailbox.org>
 ;;; Copyright © 2016 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
-;;; Copyright © 2016, 2017 ng0 <ng0@no-reply.pragmatique.xyz>
+;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2016 Albin Söderqvist <albin@fripost.org>
 ;;; Copyright © 2016, 2017 Kei Kebreau <kei@openmailbox.org>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
@@ -99,6 +99,7 @@
   #:use-module (gnu packages xorg)
   #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages databases)
+  #:use-module (gnu packages shells)
   #:use-module (gnu packages sdl)
   #:use-module (gnu packages swig)
   #:use-module (gnu packages texinfo)
@@ -4564,8 +4565,8 @@ at their peak of economic growth and military prowess.
 
 ;; There have been no official releases.
 (define-public open-adventure
-  (let* ((commit "2483a23690d205f01ecb66165cf4522b541cd991")
-         (revision "1"))
+  (let* ((commit "d43854f0f6bb8e9eea7fbce80348150e7e7fc34d")
+         (revision "2"))
     (package
       (name "open-adventure")
       (version (string-append "2.5-" revision "." (string-take commit 7)))
@@ -4577,14 +4578,23 @@ at their peak of economic growth and military prowess.
                 (file-name (string-append name "-" version "-checkout"))
                 (sha256
                  (base32
-                  "1gkvkwbq5cl3llfc7nl41van8awn4myx782pg33bxpbx5l9scwb4"))))
+                  "08bwrvf4axb1rsfd6ia1fddsky9pc1p350vjskhaakg2czc6dsk0"))))
       (build-system gnu-build-system)
       (arguments
        `(#:make-flags (list "CC=gcc")
          #:parallel-build? #f ; not supported
          #:phases
          (modify-phases %standard-phases
-           (delete 'configure)
+           (replace 'configure
+             (lambda* (#:key inputs outputs #:allow-other-keys)
+               ;; At this point linenoise is meant to be included,
+               ;; so we have to really copy it into the working directory
+               ;; of s.
+               (let* ((linenoise (assoc-ref inputs "linenoise"))
+                      (noisepath (string-append linenoise "/include/linenoise"))
+                      (out (assoc-ref outputs "out")))
+                 (copy-recursively noisepath "linenoise"))
+               #t))
            (add-before 'build 'use-echo
              (lambda _
                (substitute* "tests/Makefile"
@@ -4594,9 +4604,9 @@ at their peak of economic growth and military prowess.
              (lambda _
                ;; This target is missing a dependency
                (substitute* "Makefile"
-                 ((".asc.6:" line)
-                  (string-append line " advent.txt")))
-               (zero? (system* "make" ".asc.6"))))
+                 ((".adoc.6:" line)
+                  (string-append line " advent.adoc")))
+               (zero? (system* "make" ".adoc.6"))))
            ;; There is no install target
            (replace 'install
              (lambda* (#:key outputs #:allow-other-keys)
@@ -4607,7 +4617,10 @@ at their peak of economic growth and military prowess.
                  (install-file "advent.6" man))
                #t)))))
       (native-inputs
-       `(("asciidoc" ,asciidoc)))
+       `(("asciidoc" ,asciidoc)
+         ("linenoise" ,linenoise)
+         ("python" ,python)
+         ("python-pyyaml" ,python-pyyaml)))
       (home-page "https://gitlab.com/esr/open-adventure")
       (synopsis "Colossal Cave Adventure")
       (description "The original Colossal Cave Adventure from 1976 was the
diff --git a/gnu/packages/gcc.scm b/gnu/packages/gcc.scm
index eee91c32bf..da4d66ce36 100644
--- a/gnu/packages/gcc.scm
+++ b/gnu/packages/gcc.scm
@@ -406,14 +406,14 @@ Go.  It also includes runtime support libraries for these languages.")
 (define-public gcc-7
   (package
     (inherit gcc-6)
-    (version "7.1.0")
+    (version "7.2.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnu/gcc/gcc-"
-                                  version "/gcc-" version ".tar.bz2"))
+                                  version "/gcc-" version ".tar.xz"))
               (sha256
                (base32
-                "05xwps0ci7wgxh50askpa2r9p8518qxdgh6ad7pnyk7n6p13d0ca"))
+                "16j7i0888j2f1yp9l0nhji6cq65dy6y4nwy8868a8njbzzwavxqw"))
               (patches (search-patches "gcc-strmov-store-file-names.patch"
                                        "gcc-5.0-libvtv-runpath.patch"))))))
 
diff --git a/gnu/packages/image-viewers.scm b/gnu/packages/image-viewers.scm
index 07a62715de..c2f0a24344 100644
--- a/gnu/packages/image-viewers.scm
+++ b/gnu/packages/image-viewers.scm
@@ -54,7 +54,7 @@
 (define-public feh
   (package
     (name "feh")
-    (version "2.19.1")
+    (version "2.19.2")
     (home-page "https://feh.finalrewind.org/")
     (source (origin
               (method url-fetch)
@@ -62,7 +62,7 @@
                                   name "-" version ".tar.bz2"))
               (sha256
                (base32
-                "1d4ycmai3dpajl0bdr9i56646g4h5j1lb95jjn0nckwcddcj927c"))))
+                "0v2nwc6sk4vs855a1ncz9vxpzxvs1d5wcjz87rfbypxx7nap2al2"))))
     (build-system gnu-build-system)
     (arguments
       '(#:phases (alist-delete 'configure %standard-phases)
diff --git a/gnu/packages/imagemagick.scm b/gnu/packages/imagemagick.scm
index 6e44175d97..8e17307543 100644
--- a/gnu/packages/imagemagick.scm
+++ b/gnu/packages/imagemagick.scm
@@ -45,14 +45,14 @@
     ;; The 7 release series has an incompatible API, while the 6 series is still
     ;; maintained. Don't update to 7 until we've made sure that the ImageMagick
     ;; users are ready for the 7-series API.
-    (version "6.9.9-5")
+    (version "6.9.9-7")
     (source (origin
              (method url-fetch)
              (uri (string-append "mirror://imagemagick/ImageMagick-"
                                  version ".tar.xz"))
              (sha256
               (base32
-               "0mnhwzgap2q2qs899skc41s8gd2g1g6rgs959zxqg6yjx3n48r5a"))))
+               "1lwsz9b8clygdppgawv2hsry4aykgmawjlwhg3fj70rndv4a8rw4"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags '("--with-frozenpaths" "--without-gcc-arch")
diff --git a/gnu/packages/ldc.scm b/gnu/packages/ldc.scm
index 03cd033376..25fcb514d0 100644
--- a/gnu/packages/ldc.scm
+++ b/gnu/packages/ldc.scm
@@ -279,7 +279,7 @@ latest DMD frontend and uses LLVM as backend.")
 (define-public dub
   (package
     (name "dub")
-    (version "1.4.0")
+    (version "1.4.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/dlang/dub/archive/"
@@ -287,7 +287,7 @@ latest DMD frontend and uses LLVM as backend.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1w3pznyjnmsmasrvv93f82l0sr31fpwg2zcj8hh1b2gvc5761qhi"))))
+                "0hpl5srbrzwzv8abc96j4cgbmvm1zhr109ljbl7hrphzzc39zyan"))))
    (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; it would have tested itself by installing some packages (vibe etc)
diff --git a/gnu/packages/libreoffice.scm b/gnu/packages/libreoffice.scm
index 5faa8db7e5..c27ddf042a 100644
--- a/gnu/packages/libreoffice.scm
+++ b/gnu/packages/libreoffice.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2017 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
+;;; Copyright © 2017 Andy Wingo <wingo@igalia.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -898,17 +899,51 @@ and to return information on pronunciations, meanings and synonyms.")
                  (substitute* "external/libxmlsec/ExternalProject_xmlsec.mk"
                    (("./configure") "$(CONFIG_SHELL) ./configure" ))
                  #t)))
-           (add-after 'install 'bin-install
+           (add-after 'install 'bin-and-desktop-install
              ;; Create 'soffice' and 'libreoffice' symlinks to the executable
              ;; script.
              (lambda* (#:key outputs #:allow-other-keys)
-               (let* ((out (assoc-ref outputs "out"))
-                      (bin (string-append out "/bin"))
-                      (soffice (string-append
-                                out "/lib/libreoffice/program/soffice")))
-                 (mkdir bin)
-                 (symlink soffice (string-append bin "/soffice"))
-                 (symlink soffice (string-append bin "/libreoffice")))
+               (let ((out (assoc-ref outputs "out")))
+                 (define (symlink-output src dst)
+                   (mkdir-p (dirname (string-append out dst)))
+                   (symlink (string-append out src) (string-append out dst)))
+                 (define (install src dst)
+                   (let ((dst (string-append out dst)))
+                     (mkdir-p (dirname dst))
+                     (copy-file src dst)))
+                 (define (install-desktop-file app)
+                   (let ((src (string-append "/lib/libreoffice/share/xdg/"
+                                             app ".desktop"))
+                         (dst (string-append "/share/applications/libreoffice-"
+                                             app ".desktop")))
+                     (substitute* (string-append out src)
+                       (("Exec=libreoffice[0-9]+\\.[0-9]+ ")
+                        (string-append "Exec=" out "/bin/libreoffice "))
+                       (("Icon=libreoffice[0-9]+\\.[0-9]+")
+                        "Icon=libreoffice")
+                       (("LibreOffice [0-9]+\\.[0-9]+")
+                        "LibreOffice"))
+                     (symlink-output src dst)
+                     (install-file (string-append
+                                    "sysui/desktop/appstream-appdata/"
+                                    "libreoffice-" app ".appdata.xml")
+                                   (string-append out "/share/appdata"))))
+                 (symlink-output "/lib/libreoffice/program/soffice"
+                                 "/bin/soffice")
+                 (symlink-output "/lib/libreoffice/program/soffice"
+                                 "/bin/libreoffice")
+                 (install "workdir/CustomTarget/sysui/share/libreoffice/openoffice.keys"
+                          "/share/mime-info/libreoffice.keys")
+                 (install "workdir/CustomTarget/sysui/share/libreoffice/openoffice.mime"
+                          "/share/mime-info/libreoffice.mime")
+                 (install
+                  "workdir/CustomTarget/sysui/share/libreoffice/openoffice.org.xml"
+                  "/share/mime/packages/libreoffice.xml")
+                 (for-each install-desktop-file
+                           '("base" "calc" "draw" "impress" "writer"))
+                 (mkdir-p (string-append out "/share/icons"))
+                 (copy-recursively "sysui/desktop/icons/hicolor"
+                                   (string-append out "/share/icons/")))
                #t)))
        #:configure-flags
         (list
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 31572bd7dd..8ae74cbcb7 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -366,8 +366,8 @@ It has been modified to remove all non-free binary blobs.")
 
 (define %intel-compatible-systems '("x86_64-linux" "i686-linux"))
 
-(define %linux-libre-version "4.12.5")
-(define %linux-libre-hash "0kybil1h07fwl9rb0rvmp0w356hi2v1azw603r18vh9x93i8b8xi")
+(define %linux-libre-version "4.12.7")
+(define %linux-libre-hash "1sjkxkcikdgl2w5h7c5pfyqwi29g69dxp4s2z2yavw7aicc91xfq")
 
 (define-public linux-libre
   (make-linux-libre %linux-libre-version
@@ -376,14 +376,14 @@ It has been modified to remove all non-free binary blobs.")
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.9
-  (make-linux-libre "4.9.41"
-                    "1mkx7rvcny8b0yjkzd8zc53d15h1w8y75m0x6jx0dz3r9y3k0nql"
+  (make-linux-libre "4.9.43"
+                    "0fxid4xmnrcq966vz2wsb6spw3i02pvqp2hv8xfrx7dr3hfs9nrr"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.4
-  (make-linux-libre "4.4.80"
-                    "1s0d7lsapghgk6jh6igx2fhzj1f6nwmvhqrl2hdwf3dx14z93mp2"
+  (make-linux-libre "4.4.82"
+                    "01bn0vn6i22hhwiqfh29m1cir1jrvz643lz13war8k9l6h0dmmwy"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
@@ -682,16 +682,17 @@ slabtop, and skill.")
 (define-public e2fsprogs
   (package
     (name "e2fsprogs")
-    (version "1.43.4")
+    (version "1.43.5")
     (source (origin
              (method url-fetch)
              (uri (string-append
                    "mirror://kernel.org/linux/kernel/people/tytso/"
                    name "/v" version "/"
                    name "-" version ".tar.xz"))
+             (patches (search-patches "e2fsprogs-32bit-quota-warnings.patch"))
              (sha256
               (base32
-               "092absr4vrlqrkdf9nwh4ykj40ab6hhwrkdr6sjsccd54c8z5csl"))))
+               "05ssjpmy0fpv2ik6ibm1f47wr6794nf0q50r581vygrqvsd3s7r6"))))
     (build-system gnu-build-system)
     (inputs `(("util-linux" ,util-linux)))
     (native-inputs `(("pkg-config" ,pkg-config)
diff --git a/gnu/packages/maths.scm b/gnu/packages/maths.scm
index 9096838d6f..a81f6156ab 100644
--- a/gnu/packages/maths.scm
+++ b/gnu/packages/maths.scm
@@ -2159,7 +2159,7 @@ point numbers.")
 (define-public wxmaxima
   (package
     (name "wxmaxima")
-    (version "17.05.0")
+    (version "17.05.1")
     (source
      (origin
        (method url-fetch)
@@ -2168,7 +2168,7 @@ point numbers.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "1bsyd7r12xm2crpizb9iyyki3j0mbazzzwbsh871m06dv2wk97gq"))))
+         "0dv0cy0cf46v0cbw32izscpkdmpxg1qhwq1f4cz46kkqd8k4yfbj"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("autoconf" ,autoconf)
@@ -2182,31 +2182,30 @@ point numbers.")
        ("gtk+" ,gtk+)
        ("shared-mime-info" ,shared-mime-info)))
     (arguments
-     `(#:phases (modify-phases %standard-phases
-                  (add-before
-                   'configure 'autoconf
-                   (lambda _
-                     (zero? (system* "./bootstrap"))))
-                  (add-after
-                   'install 'wrap-program
-                   (lambda* (#:key inputs outputs #:allow-other-keys)
-                     (wrap-program (string-append (assoc-ref outputs "out")
-                                                  "/bin/wxmaxima")
-                       `("PATH" ":" prefix
-                         (,(string-append (assoc-ref inputs "maxima")
-                                          "/bin")))
-                       ;; For GtkFileChooserDialog.
-                       `("GSETTINGS_SCHEMA_DIR" =
-                         (,(string-append (assoc-ref inputs "gtk+")
-                                          "/share/glib-2.0/schemas")))
-                       `("XDG_DATA_DIRS" ":" prefix
-                         (;; Needed by gdk-pixbuf to know supported icon formats.
-                          ,(string-append
-                            (assoc-ref inputs "shared-mime-info") "/share")
-                          ;; The default icon theme of GTK+.
-                          ,(string-append
-                            (assoc-ref inputs "adwaita-icon-theme") "/share"))))
-                     #t)))))
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'autoconf
+           (lambda _
+             (zero? (system* "sh" "bootstrap"))))
+         (add-after 'install 'wrap-program
+           (lambda* (#:key inputs outputs #:allow-other-keys)
+             (wrap-program (string-append (assoc-ref outputs "out")
+                                          "/bin/wxmaxima")
+               `("PATH" ":" prefix
+                 (,(string-append (assoc-ref inputs "maxima")
+                                  "/bin")))
+               ;; For GtkFileChooserDialog.
+               `("GSETTINGS_SCHEMA_DIR" =
+                 (,(string-append (assoc-ref inputs "gtk+")
+                                  "/share/glib-2.0/schemas")))
+               `("XDG_DATA_DIRS" ":" prefix
+                 (;; Needed by gdk-pixbuf to know supported icon formats.
+                  ,(string-append
+                    (assoc-ref inputs "shared-mime-info") "/share")
+                  ;; The default icon theme of GTK+.
+                  ,(string-append
+                    (assoc-ref inputs "adwaita-icon-theme") "/share"))))
+             #t)))))
     (home-page "https://andrejv.github.io/wxmaxima/")
     (synopsis "Graphical user interface for the Maxima computer algebra system")
     (description
diff --git a/gnu/packages/moreutils.scm b/gnu/packages/moreutils.scm
index 03ffa8f992..bb6228af7f 100644
--- a/gnu/packages/moreutils.scm
+++ b/gnu/packages/moreutils.scm
@@ -52,10 +52,18 @@
        ("libxml2" ,libxml2)
        ("libxslt" ,libxslt)))
     (inputs
-     `(("perl" ,perl)))
+     `(("perl" ,perl)
+       ("perl-timedate" ,perl-timedate)
+       ("perl-time-duration" ,perl-time-duration)))
     (arguments
      `(#:phases
        (modify-phases %standard-phases
+         (add-after 'install 'wrap-program
+                    (lambda* (#:key outputs #:allow-other-keys)
+                      (let* ((out (assoc-ref outputs "out")))
+                        (wrap-program
+                            (string-append out "/bin/ts")
+                          `("PERL5LIB" ":" prefix (,(getenv "PERL5LIB")))))))
          (delete 'configure))           ; no configure script
        #:make-flags
        (list (string-append "PREFIX=" (assoc-ref %outputs "out"))
diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index 40996b11be..dcb48fb200 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -2264,15 +2264,16 @@ of tools for manipulating and accessing your music.")
 (define-public milkytracker
   (package
     (name "milkytracker")
-    (version "1.0.0")
+    (version "1.01.00")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/milkytracker/"
-                                  "MilkyTracker/archive/v" version ".tar.gz"))
+                                  "MilkyTracker/archive/v"
+                                  version ".tar.gz"))
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1p1jd4h274jvcvl05l01v9bj19zhq4sjag92v1zawyi93ib85abz"))
+                "1dvnddsnn9c83lz4dlm0cfjpc0m524amfkbalxbswdy0qc8cj1wv"))
               (modules '((guix build utils)))
               ;; Remove non-FSDG compliant sample songs.
               (snippet
diff --git a/gnu/packages/patches/catdoc-CVE-2017-11110.patch b/gnu/packages/patches/catdoc-CVE-2017-11110.patch
new file mode 100644
index 0000000000..71c44f60fb
--- /dev/null
+++ b/gnu/packages/patches/catdoc-CVE-2017-11110.patch
@@ -0,0 +1,45 @@
+Fix CVE-2017-11110:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11110
+https://bugzilla.redhat.com/show_bug.cgi?id=1468471
+https://security-tracker.debian.org/tracker/CVE-2017-11110
+
+Patch copied from openSUSE:
+
+https://build.opensuse.org/package/view_file/openSUSE:Maintenance:6985/catdoc.openSUSE_Leap_42.2_Update/CVE-2017-11110.patch?expand=1
+
+From: Andreas Stieger <astieger@suse.com>
+Date: Mon, 10 Jul 2017 15:37:58 +0000
+References: CVE-2017-11110 http://bugzilla.suse.com/show_bug.cgi?id=1047877
+
+All .doc I found had sectorSize 0x09 at offset 0x1e. Guarding it against <4.
+
+---
+ src/ole.c |    5 +++++
+ 1 file changed, 5 insertions(+)
+
+Index: catdoc-0.95/src/ole.c
+===================================================================
+--- catdoc-0.95.orig/src/ole.c	2016-05-25 06:37:12.000000000 +0200
++++ catdoc-0.95/src/ole.c	2017-07-10 17:42:33.578308107 +0200
+@@ -106,6 +106,11 @@ FILE* ole_init(FILE *f, void *buffer, si
+ 		return NULL;
+ 	}
+  	sectorSize = 1<<getshort(oleBuf,0x1e);
++	/* CVE-2017-11110) */
++ 	if (sectorSize < 4) {
++		fprintf(stderr,"sectorSize < 4 not supported\n");
++		return NULL;
++	}
+ 	shortSectorSize=1<<getshort(oleBuf,0x20);
+ 
+ /* Read BBD into memory */
+@@ -147,7 +152,7 @@ FILE* ole_init(FILE *f, void *buffer, si
+ 		}
+ 
+ 		fseek(newfile, 512+mblock*sectorSize, SEEK_SET);
+-		if(fread(tmpBuf+MSAT_ORIG_SIZE+(sectorSize-4)*i,
++		if(fread(tmpBuf+MSAT_ORIG_SIZE+(sectorSize-4)*i, /* >= 4 for CVE-2017-11110 */
+ 						 1, sectorSize, newfile) != sectorSize) {
+ 			fprintf(stderr, "Error read MSAT!\n");
+ 			ole_finish();
diff --git a/gnu/packages/patches/curl-bounds-check.patch b/gnu/packages/patches/curl-bounds-check.patch
new file mode 100644
index 0000000000..4b8ff65304
--- /dev/null
+++ b/gnu/packages/patches/curl-bounds-check.patch
@@ -0,0 +1,19 @@
+Fix test failure on some 32-bit platforms.
+
+Patch copied from upstream source repository:
+
+https://github.com/curl/curl/commit/45a560390c4356bcb81d933bbbb229c8ea2acb63
+
+diff --git a/src/tool_paramhlp.c b/src/tool_paramhlp.c
+index b9dedc989e..85c5e79a7e 100644
+--- a/src/tool_paramhlp.c
++++ b/src/tool_paramhlp.c
+@@ -218,7 +218,7 @@ static ParameterError str2double(double *val, const char *str, long max)
+     num = strtod(str, &endptr);
+     if(errno == ERANGE)
+       return PARAM_NUMBER_TOO_LARGE;
+-    if((long)num > max) {
++    if(num > max) {
+       /* too large */
+       return PARAM_NUMBER_TOO_LARGE;
+     }
diff --git a/gnu/packages/patches/cvs-2017-12836.patch b/gnu/packages/patches/cvs-2017-12836.patch
new file mode 100644
index 0000000000..507ab0f7d0
--- /dev/null
+++ b/gnu/packages/patches/cvs-2017-12836.patch
@@ -0,0 +1,45 @@
+Fix CVE-2017-12836:
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-12836
+https://security-tracker.debian.org/tracker/CVE-2017-12836
+
+Patch adpated from Debian (comments and changelog annotations removed):
+
+https://anonscm.debian.org/cgit/collab-maint/cvs.git/commit/?h=stretch&id=41e077396e35efb6c879951f44c62dd8a1d0f094
+
+From 41e077396e35efb6c879951f44c62dd8a1d0f094 Mon Sep 17 00:00:00 2001
+From: mirabilos <m@mirbsd.org>
+Date: Sat, 12 Aug 2017 03:17:18 +0200
+Subject: Fix CVE-2017-12836 (Closes: #871810) for stretch
+
+---
+ debian/changelog |  6 ++++++
+ src/rsh-client.c | 10 ++++++++--
+ 2 files changed, 14 insertions(+), 2 deletions(-)
+
+diff --git a/src/rsh-client.c b/src/rsh-client.c
+index fe0cfc4..1fc860d 100644
+--- a/src/rsh-client.c
++++ b/src/rsh-client.c
+@@ -105,6 +106,9 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p,
+ 	rsh_argv[i++] = argvport;
+     }
+ 
++    /* Only non-option arguments from here. (CVE-2017-12836) */
++    rsh_argv[i++] = "--";
++
+     rsh_argv[i++] = root->hostname;
+     rsh_argv[i++] = cvs_server;
+     if (readonlyfs)
+@@ -189,6 +193,8 @@ start_rsh_server (cvsroot_t *root, struct buffer **to_server_p,
+ 		*p++ = argvport;
+ 	}
+ 
++	*p++ = "--";
++
+ 	*p++ = root->hostname;
+ 	*p++ = command;
+ 	*p++ = NULL;
+-- 
+cgit v0.12
+
diff --git a/gnu/packages/patches/e2fsprogs-32bit-quota-warnings.patch b/gnu/packages/patches/e2fsprogs-32bit-quota-warnings.patch
new file mode 100644
index 0000000000..e7a96a2ac0
--- /dev/null
+++ b/gnu/packages/patches/e2fsprogs-32bit-quota-warnings.patch
@@ -0,0 +1,46 @@
+Fix a test failure on 32-bit platforms.
+
+Patch copied from upstream source repository:
+
+https://git.kernel.org/pub/scm/fs/ext2/e2fsprogs.git/commit/?id=9e31a5696c4b699bf000a07b86601c1fb91c0493
+
+diff --git a/lib/support/mkquota.c b/lib/support/mkquota.c
+index 00f3a40..931a839 100644
+--- a/lib/support/mkquota.c
++++ b/lib/support/mkquota.c
+@@ -50,11 +50,13 @@ static void print_dquot(const char *desc, struct dquot *dq)
+ {
+ 	if (desc)
+ 		fprintf(stderr, "%s: ", desc);
+-	fprintf(stderr, "%u %ld:%ld:%ld %ld:%ld:%ld\n",
+-		dq->dq_id, dq->dq_dqb.dqb_curspace,
+-		dq->dq_dqb.dqb_bsoftlimit, dq->dq_dqb.dqb_bhardlimit,
+-		dq->dq_dqb.dqb_curinodes,
+-		dq->dq_dqb.dqb_isoftlimit, dq->dq_dqb.dqb_ihardlimit);
++	fprintf(stderr, "%u %lld:%lld:%lld %lld:%lld:%lld\n",
++		dq->dq_id, (long long) dq->dq_dqb.dqb_curspace,
++		(long long) dq->dq_dqb.dqb_bsoftlimit,
++		(long long) dq->dq_dqb.dqb_bhardlimit,
++		(long long) dq->dq_dqb.dqb_curinodes,
++		(long long) dq->dq_dqb.dqb_isoftlimit,
++		(long long) dq->dq_dqb.dqb_ihardlimit);
+ }
+ #else
+ static void print_dquot(const char *desc EXT2FS_ATTR((unused)),
+@@ -524,11 +526,11 @@ static int scan_dquots_callback(struct dquot *dquot, void *cb_data)
+ 	    dq->dq_dqb.dqb_curinodes != dquot->dq_dqb.dqb_curinodes) {
+ 		scan_data->usage_is_inconsistent = 1;
+ 		fprintf(stderr, "[QUOTA WARNING] Usage inconsistent for ID %u:"
+-			"actual (%ld, %ld) != expected (%ld, %ld)\n",
+-			dq->dq_id, dq->dq_dqb.dqb_curspace,
+-			dq->dq_dqb.dqb_curinodes,
+-			dquot->dq_dqb.dqb_curspace,
+-			dquot->dq_dqb.dqb_curinodes);
++			"actual (%lld, %lld) != expected (%lld, %lld)\n",
++			dq->dq_id, (long long) dq->dq_dqb.dqb_curspace,
++			(long long) dq->dq_dqb.dqb_curinodes,
++			(long long) dquot->dq_dqb.dqb_curspace,
++			(long long) dquot->dq_dqb.dqb_curinodes);
+ 	}
+ 
+ 	if (scan_data->update_limits) {
diff --git a/gnu/packages/patches/qemu-CVE-2017-10664.patch b/gnu/packages/patches/qemu-CVE-2017-10664.patch
new file mode 100644
index 0000000000..2b60de3dca
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-10664.patch
@@ -0,0 +1,27 @@
+Fix CVE-2017-10664:
+
+https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02693.html
+https://bugzilla.redhat.com/show_bug.cgi?id=1466190
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10664
+https://security-tracker.debian.org/tracker/CVE-2017-10664
+
+Patch copied from upstream source repository:
+
+https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commitdiff;h=041e32b8d9d076980b4e35317c0339e57ab888f1
+
+diff --git a/qemu-nbd.c b/qemu-nbd.c
+index 9464a0461c..4dd3fd4732 100644
+--- a/qemu-nbd.c
++++ b/qemu-nbd.c
+@@ -581,6 +581,10 @@ int main(int argc, char **argv)
+     sa_sigterm.sa_handler = termsig_handler;
+     sigaction(SIGTERM, &sa_sigterm, NULL);
+ 
++#ifdef CONFIG_POSIX
++    signal(SIGPIPE, SIG_IGN);
++#endif
++
+     module_call_init(MODULE_INIT_TRACE);
+     qcrypto_init(&error_fatal);
+ 
+
diff --git a/gnu/packages/patches/qemu-CVE-2017-10806.patch b/gnu/packages/patches/qemu-CVE-2017-10806.patch
new file mode 100644
index 0000000000..ebf782fe7b
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-10806.patch
@@ -0,0 +1,38 @@
+Fix CVE-2017-10806:
+
+https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg03087.html
+https://bugzilla.redhat.com/show_bug.cgi?id=1468496
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10806
+https://security-tracker.debian.org/tracker/CVE-2017-10806
+
+Patch copied from upstream source repository:
+
+https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=bd4a683505b27adc1ac809f71e918e58573d851d
+
+diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
+index b001a27f05..ad5ef783a6 100644
+--- a/hw/usb/redirect.c
++++ b/hw/usb/redirect.c
+@@ -229,21 +229,10 @@ static void usbredir_log(void *priv, int level, const char *msg)
+ static void usbredir_log_data(USBRedirDevice *dev, const char *desc,
+     const uint8_t *data, int len)
+ {
+-    int i, j, n;
+-
+     if (dev->debug < usbredirparser_debug_data) {
+         return;
+     }
+-
+-    for (i = 0; i < len; i += j) {
+-        char buf[128];
+-
+-        n = sprintf(buf, "%s", desc);
+-        for (j = 0; j < 8 && i + j < len; j++) {
+-            n += sprintf(buf + n, " %02X", data[i + j]);
+-        }
+-        error_report("%s", buf);
+-    }
++    qemu_hexdump((char *)data, stderr, desc, len);
+ }
+ 
+ /*
diff --git a/gnu/packages/patches/qemu-CVE-2017-10911.patch b/gnu/packages/patches/qemu-CVE-2017-10911.patch
new file mode 100644
index 0000000000..1dcb860a2d
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-10911.patch
@@ -0,0 +1,106 @@
+Fix CVE-2017-10911:
+
+https://xenbits.xen.org/xsa/advisory-216.html
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10911
+https://security-tracker.debian.org/tracker/CVE-2017-10911
+
+Patch copied from Xen Security Advisory:
+
+https://xenbits.xen.org/xsa/xsa216-qemuu.patch
+
+--- a/hw/block/xen_blkif.h
++++ b/hw/block/xen_blkif.h
+@@ -14,9 +14,6 @@
+ struct blkif_common_request {
+     char dummy;
+ };
+-struct blkif_common_response {
+-    char dummy;
+-};
+ 
+ /* i386 protocol version */
+ #pragma pack(push, 4)
+@@ -36,13 +33,7 @@ struct blkif_x86_32_request_discard {
+     blkif_sector_t sector_number;    /* start sector idx on disk (r/w only)  */
+     uint64_t       nr_sectors;       /* # of contiguous sectors to discard   */
+ };
+-struct blkif_x86_32_response {
+-    uint64_t        id;              /* copied from request */
+-    uint8_t         operation;       /* copied from request */
+-    int16_t         status;          /* BLKIF_RSP_???       */
+-};
+ typedef struct blkif_x86_32_request blkif_x86_32_request_t;
+-typedef struct blkif_x86_32_response blkif_x86_32_response_t;
+ #pragma pack(pop)
+ 
+ /* x86_64 protocol version */
+@@ -62,20 +53,14 @@ struct blkif_x86_64_request_discard {
+     blkif_sector_t sector_number;    /* start sector idx on disk (r/w only)  */
+     uint64_t       nr_sectors;       /* # of contiguous sectors to discard   */
+ };
+-struct blkif_x86_64_response {
+-    uint64_t       __attribute__((__aligned__(8))) id;
+-    uint8_t         operation;       /* copied from request */
+-    int16_t         status;          /* BLKIF_RSP_???       */
+-};
+ typedef struct blkif_x86_64_request blkif_x86_64_request_t;
+-typedef struct blkif_x86_64_response blkif_x86_64_response_t;
+ 
+ DEFINE_RING_TYPES(blkif_common, struct blkif_common_request,
+-                  struct blkif_common_response);
++                  struct blkif_response);
+ DEFINE_RING_TYPES(blkif_x86_32, struct blkif_x86_32_request,
+-                  struct blkif_x86_32_response);
++                  struct blkif_response QEMU_PACKED);
+ DEFINE_RING_TYPES(blkif_x86_64, struct blkif_x86_64_request,
+-                  struct blkif_x86_64_response);
++                  struct blkif_response);
+ 
+ union blkif_back_rings {
+     blkif_back_ring_t        native;
+--- a/hw/block/xen_disk.c
++++ b/hw/block/xen_disk.c
+@@ -769,31 +769,30 @@ static int blk_send_response_one(struct
+     struct XenBlkDev  *blkdev = ioreq->blkdev;
+     int               send_notify   = 0;
+     int               have_requests = 0;
+-    blkif_response_t  resp;
+-    void              *dst;
+-
+-    resp.id        = ioreq->req.id;
+-    resp.operation = ioreq->req.operation;
+-    resp.status    = ioreq->status;
++    blkif_response_t  *resp;
+ 
+     /* Place on the response ring for the relevant domain. */
+     switch (blkdev->protocol) {
+     case BLKIF_PROTOCOL_NATIVE:
+-        dst = RING_GET_RESPONSE(&blkdev->rings.native, blkdev->rings.native.rsp_prod_pvt);
++        resp = RING_GET_RESPONSE(&blkdev->rings.native,
++                                 blkdev->rings.native.rsp_prod_pvt);
+         break;
+     case BLKIF_PROTOCOL_X86_32:
+-        dst = RING_GET_RESPONSE(&blkdev->rings.x86_32_part,
+-                                blkdev->rings.x86_32_part.rsp_prod_pvt);
++        resp = RING_GET_RESPONSE(&blkdev->rings.x86_32_part,
++                                 blkdev->rings.x86_32_part.rsp_prod_pvt);
+         break;
+     case BLKIF_PROTOCOL_X86_64:
+-        dst = RING_GET_RESPONSE(&blkdev->rings.x86_64_part,
+-                                blkdev->rings.x86_64_part.rsp_prod_pvt);
++        resp = RING_GET_RESPONSE(&blkdev->rings.x86_64_part,
++                                 blkdev->rings.x86_64_part.rsp_prod_pvt);
+         break;
+     default:
+-        dst = NULL;
+         return 0;
+     }
+-    memcpy(dst, &resp, sizeof(resp));
++
++    resp->id        = ioreq->req.id;
++    resp->operation = ioreq->req.operation;
++    resp->status    = ioreq->status;
++
+     blkdev->rings.common.rsp_prod_pvt++;
+ 
+     RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&blkdev->rings.common, send_notify);
diff --git a/gnu/packages/patches/qemu-CVE-2017-11434.patch b/gnu/packages/patches/qemu-CVE-2017-11434.patch
new file mode 100644
index 0000000000..4da701a73d
--- /dev/null
+++ b/gnu/packages/patches/qemu-CVE-2017-11434.patch
@@ -0,0 +1,25 @@
+Fix CVE-2017-11434:
+
+https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05001.html
+https://bugzilla.redhat.com/show_bug.cgi?id=1472611
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11434
+https://security-tracker.debian.org/tracker/CVE-2017-11434
+
+Patch copied from upstream source repository:
+
+https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=413d463f43fbc4dd3a601e80a5724aa384a265a0
+
+diff --git a/slirp/bootp.c b/slirp/bootp.c
+index 5a4646c182..5dd1a415b5 100644
+--- a/slirp/bootp.c
++++ b/slirp/bootp.c
+@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type,
+             if (p >= p_end)
+                 break;
+             len = *p++;
++            if (p + len > p_end) {
++                break;
++            }
+             DPRINTF("dhcp: tag=%d len=%d\n", tag, len);
+ 
+             switch(tag) {
diff --git a/gnu/packages/perl.scm b/gnu/packages/perl.scm
index 4a87d0ae63..2b2b2ea1fe 100644
--- a/gnu/packages/perl.scm
+++ b/gnu/packages/perl.scm
@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2012, 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2013 Andreas Enge <andreas@enge.fr>
-;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015, 2016 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2015 Eric Dvorsak <eric@dvorsak.fr>
 ;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
@@ -3419,6 +3419,30 @@ objects, which execute a given code block when destroyed, and scoped guards,
 which are tied to the scope exit.")
     (license (package-license perl))))
 
+(define-public perl-hash-fieldhash
+  (package
+    (name "perl-hash-fieldhash")
+    (version "0.15")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/G/GF/GFUJI/"
+                           "Hash-FieldHash-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1wg8nzczfxif55j2nbymbhyd25pjy7dqs4bvd6jrcds3ll3mflaw"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-module-build" ,perl-module-build)
+       ("perl-test-leaktrace" ,perl-test-leaktrace)))
+    (home-page "http://search.cpan.org/dist/Hash-FieldHash")
+    (synopsis "Lightweight field hash for inside-out objects")
+    (description "@code{Hash::FieldHash} provides the field hash mechanism
+which supports the inside-out technique.  It is an alternative to
+@code{Hash::Util::FieldHash} with a simpler interface, higher performance, and
+relic support.")
+    (license (package-license perl))))
+
 (define-public perl-hash-merge
   (package
     (name "perl-hash-merge")
@@ -5742,6 +5766,27 @@ can also be useful as a development and debugging tool for catching updates to
 variables that should not be changed.")
     (license (package-license perl))))
 
+(define-public perl-ref-util-xs
+  (package
+    (name "perl-ref-util-xs")
+    (version "0.116")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/X/XS/XSAWYERX/"
+                           "Ref-Util-XS-" version ".tar.gz"))
+       (sha256
+        (base32
+         "0l5dzbd71iclv8fdjk7685rq6pbfiiydh0n70br6g9l9iy2smr6f"))))
+    (build-system perl-build-system)
+    (home-page "http://search.cpan.org/dist/Ref-Util-XS")
+    (synopsis "XS implementation for Ref::Util")
+    (description "@code{Ref::Util::XS} is the XS implementation of
+@code{Ref::Util}, which provides several functions to help identify references
+in a more convenient way than the usual approach of examining the return value
+of @code{ref}.")
+    (license x11)))
+
 (define-public perl-regexp-common
   (package
     (name "perl-regexp-common")
@@ -5767,6 +5812,27 @@ codes.")
     ;; Quad-licensed: Perl Artistic, Perl Artistic 2.0, X11, and BSD.
     (license (list (package-license perl) x11 bsd-3))))
 
+(define-public perl-regexp-util
+  (package
+    (name "perl-regexp-util")
+    (version "0.003")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/T/TO/TOBYINK/"
+                           "Regexp-Util-" version ".tar.gz"))
+       (sha256
+        (base32
+         "01n1cggiflsnp9f6adkcxzkc0qpgssz60cwnyyd8mzavh2ximr5a"))))
+    (build-system perl-build-system)
+    (home-page "http://search.cpan.org/dist/Regexp-Util")
+    (synopsis "Selection of general-utility regexp subroutines")
+    (description "This package provides a selection of regular expression
+subroutines including @code{is_regexp}, @code{regexp_seen_evals},
+@code{regexp_is_foreign}, @code{regexp_is_anchored}, @code{serialize_regexp},
+and @code{deserialize_regexp}.")
+    (license (package-license perl))))
+
 (define-public perl-role-tiny
   (package
     (name "perl-role-tiny")
@@ -7955,6 +8021,68 @@ that are designed to minimize common mistakes with eval blocks, and nothing
 else.")
     (license x11)))
 
+(define-public perl-type-tie
+  (package
+    (name "perl-type-tie")
+    (version "0.009")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/T/TO/TOBYINK/"
+                           "Type-Tie-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1wv32kd7gx4kfyvzs13y029f49qbbji991wawvarac7rlz09wpan"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-test-fatal" ,perl-test-fatal)
+       ("perl-test-requires" ,perl-test-requires)))
+    (propagated-inputs
+     `(("perl-exporter-tiny" ,perl-exporter-tiny)
+       ("perl-hash-fieldhash" ,perl-hash-fieldhash)))
+    (home-page "http://search.cpan.org/dist/Type-Tie")
+    (synopsis "Tie a variable to a type constraint")
+    (description "This module exports a single function: @code{ttie}.  It ties
+a variable to a type constraint, ensuring that whatever values stored in the
+variable will conform to the type constraint.  If the type constraint has
+coercions, these will be used if necessary to ensure values assigned to the
+variable conform.")
+    (license (package-license perl))))
+
+(define-public perl-type-tiny
+  (package
+    (name "perl-type-tiny")
+    (version "1.002001")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://cpan/authors/id/T/TO/TOBYINK/"
+                           "Type-Tiny-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1p8krim8kvw123nady96fagi8sk2pj1z8jkr4r8n45ihyamfxjck"))))
+    (build-system perl-build-system)
+    (native-inputs
+     `(("perl-test-warnings" ,perl-test-warnings)))
+    (propagated-inputs
+     `(("perl-devel-lexalias" ,perl-devel-lexalias)
+       ("perl-devel-stacktrace" ,perl-devel-stacktrace)
+       ("perl-exporter-tiny" ,perl-exporter-tiny)
+       ("perl-moo" ,perl-moo)
+       ("perl-moose" ,perl-moose)
+       ("perl-mouse" ,perl-mouse)
+       ("perl-ref-util-xs" ,perl-ref-util-xs)
+       ("perl-regexp-util" ,perl-regexp-util)
+       ("perl-type-tie" ,perl-type-tie)))
+    (home-page "http://search.cpan.org/dist/Type-Tiny")
+    (synopsis "Tiny, yet Moo(se)-compatible type constraint")
+    (description "@code{Type::Tiny} is a small class for writing type
+constraints, inspired by Moose's type constraint API.  It has only one
+non-core dependency (and even that is simply a module that was previously
+distributed as part of @code{Type::Tiny} but has since been spun off), and can
+be used with Moose, Mouse and Moo (or none of the above).")
+    (license (package-license perl))))
+
 (define-public perl-types-serialiser
   (package
     (name "perl-types-serialiser")
diff --git a/gnu/packages/python.scm b/gnu/packages/python.scm
index f5f89c9e06..5557b6042b 100644
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@@ -14324,10 +14324,12 @@ Pylint has many rules enabled by default, way too much to silence them
 all on a minimally sized program.  It's highly configurable and handle
 pragmas to control it from within your code.  Additionally, it is
 possible to write plugins to add your own checks.")
+    (properties `((python2-variant . ,(delay python2-pylint))))
     (license license:gpl2+)))
 
 (define-public python2-pylint
-  (let ((pylint (package-with-python2 python-pylint)))
+  (let ((pylint (package-with-python2
+                  (strip-python2-variant python-pylint))))
     (package (inherit pylint)
              (propagated-inputs
               `(("python2-backports-functools-lru-cache"
diff --git a/gnu/packages/shells.scm b/gnu/packages/shells.scm
index 89db28ff06..37307c807b 100644
--- a/gnu/packages/shells.scm
+++ b/gnu/packages/shells.scm
@@ -449,38 +449,41 @@ operating system.")
       (license bsd-3))))
 
 (define-public linenoise
-  (package
-    (name "linenoise")
-    (version "1.0")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (string-append "https://github.com/antirez/linenoise/"
-                           "archive/" version ".tar.gz"))
-       (file-name (string-append name "-" version ".tar.gz"))
-       (sha256
-        (base32
-         "05006hd56xcvxjdpll4x720bpfan7vwqmxbw8a2kvm10w57ll1gm"))))
-    (build-system gnu-build-system)
-    (arguments
-     `(#:tests? #f ;No tests are included
-       #:make-flags (list "CC=gcc")
-       #:phases
-       (modify-phases %standard-phases
-         (delete 'configure)
-         (replace 'install
-           (lambda* (#:key outputs #:allow-other-keys)
-             ;; At the moment there is no 'make install' in upstream.
-             (let* ((out (assoc-ref outputs "out")))
-               (install-file "linenoise.h"
-                             (string-append out "/include/linenoise"))
-               (install-file "linenoise.c"
-                             (string-append out "/include/linenoise"))
-               #t))))))
-    (home-page "https://github.com/antirez/linenoise")
-    (synopsis "Minimal zero-config readline replacement")
-    (description
-     "Linenoise is a minimal, zero-config, readline replacement.
+  (let ((commit "2105ce445821381cf1bca87b6d386d4ea88ee20d")
+        (revision "1"))
+    (package
+      (name "linenoise")
+      (version (string-append "1.0-" revision "." (string-take commit 7)))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/antirez/linenoise")
+               (commit commit)))
+         (file-name (string-append name "-" version "-checkout"))
+         (sha256
+          (base32
+           "1z16qwix8z6a40fskdgxsibkqgdrp4q6ncp4n6hnv4r9iihy2d8r"))))
+      (build-system gnu-build-system)
+      (arguments
+       `(#:tests? #f ;No tests are included
+         #:make-flags (list "CC=gcc")
+         #:phases
+         (modify-phases %standard-phases
+           (delete 'configure)
+           (replace 'install
+             (lambda* (#:key outputs #:allow-other-keys)
+               ;; At the moment there is no 'make install' in upstream.
+               (let* ((out (assoc-ref outputs "out")))
+                 (install-file "linenoise.h"
+                               (string-append out "/include/linenoise"))
+                 (install-file "linenoise.c"
+                               (string-append out "/include/linenoise"))
+                 #t))))))
+      (home-page "https://github.com/antirez/linenoise")
+      (synopsis "Minimal zero-config readline replacement")
+      (description
+       "Linenoise is a minimal, zero-config, readline replacement.
 Its features include:
 
 @enumerate
@@ -490,7 +493,7 @@ Its features include:
 @item Hints (suggestions at the right of the prompt as you type)
 @item A subset of VT100 escapes, ANSI.SYS compatible
 @end enumerate\n")
-    (license bsd-2)))
+      (license bsd-2))))
 
 (define-public s-shell
   (let ((commit "6604341edb3a775ff94415762af3ee9bd86bfb3c")
diff --git a/gnu/packages/textutils.scm b/gnu/packages/textutils.scm
index e8ae30cd6d..537d013345 100644
--- a/gnu/packages/textutils.scm
+++ b/gnu/packages/textutils.scm
@@ -12,6 +12,7 @@
 ;;; Copyright © 2017 Rene Saavedra <rennes@openmailbox.org>
 ;;; Copyright © 2017 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2017 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -409,6 +410,7 @@ runs Word\".")
               (method url-fetch)
               (uri (string-append "http://ftp.wagner.pp.ru/pub/catdoc/"
                                   "catdoc-" version ".tar.gz"))
+              (patches (search-patches "catdoc-CVE-2017-11110.patch"))
               (sha256
                (base32
                 "15h7v3bmwfk4z8r78xs5ih6vd0pskn0rj90xghvbzdjj0cc88jji"))))
diff --git a/gnu/packages/version-control.scm b/gnu/packages/version-control.scm
index bff6471559..7c1f02d5ad 100644
--- a/gnu/packages/version-control.scm
+++ b/gnu/packages/version-control.scm
@@ -350,18 +350,21 @@ everything from small to very large projects with speed and efficiency.")
    (home-page "https://git-scm.com/")))
 
 ;; Some dependent packages directly access internal interfaces which
-;; have changed in 2.12
+;; have changed in 2.12. TODO: Remove this for cgit > 1.1.
 (define-public git@2.10
   (package
     (inherit git)
-    (version "2.10.3")
-   (source (origin
-            (method url-fetch)
-            (uri (string-append "mirror://kernel.org/software/scm/git/git-"
-                                version ".tar.xz"))
-            (sha256
-             (base32
-              "02mb7yi49algsya3hnkcxdslwb6p1bi7c732z1g8kzq4hs838m7z"))))))
+    (version "2.10.4")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "mirror://kernel.org/software/scm/git/git-"
+                                  version ".tar.xz"))
+              (sha256
+               (base32
+                "1pni4mgih5w42813dxljl61s7xmcpdnar34d9m4548hzpljjyd4l"))))
+    (arguments
+     `(#:tests? #f
+       ,@(package-arguments git)))))
 
 (define-public libgit2
   (package
@@ -921,6 +924,7 @@ machine.")
              (uri (string-append
                    "https://ftp.gnu.org/non-gnu/cvs/source/feature/"
                    version "/cvs-" version ".tar.bz2"))
+             (patches (search-patches "cvs-2017-12836.patch"))
              (sha256
               (base32
                "0pjir8cwn0087mxszzbsi1gyfc6373vif96cw4q3m1x6p49kd1bq"))))
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index fdb7d48aec..610b258dfc 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -1121,7 +1121,7 @@ access to mpv's powerful playback capabilities.")
 (define-public youtube-dl
   (package
     (name "youtube-dl")
-    (version "2017.08.06")
+    (version "2017.08.13")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://yt-dl.org/downloads/"
@@ -1129,7 +1129,7 @@ access to mpv's powerful playback capabilities.")
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1vdfda2w1ckhqna8xcpphr5l0rp9zhs368lic4f7144rxvbydiwm"))))
+                "1parn0xda7mp1phcj19axldifgh6mcwia6wdi3m20kidc9m4wb11"))))
     (build-system python-build-system)
     (arguments
      ;; The problem here is that the directory for the man page and completion
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index 49998120d2..ab364cd1fb 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -3,6 +3,7 @@
 ;;; Copyright © 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017 Alex Vong <alexvong1995@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -82,7 +83,11 @@
                                       "qemu-CVE-2017-8379.patch"
                                       "qemu-CVE-2017-8380.patch"
                                       "qemu-CVE-2017-9524.patch"
-                                      "qemu-CVE-2017-11334.patch"))
+                                      "qemu-CVE-2017-10664.patch"
+                                      "qemu-CVE-2017-10806.patch"
+                                      "qemu-CVE-2017-10911.patch"
+                                      "qemu-CVE-2017-11334.patch"
+                                      "qemu-CVE-2017-11434.patch"))
              (sha256
               (base32
                "08mhfs0ndbkyqgw7fjaa9vjxf4dinrly656f6hjzvmaz7hzc677h"))))
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index 7150fb28da..565e6e8927 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -93,6 +93,14 @@
     (build-system python-build-system)
     (arguments
      `(#:python ,python-2     ;incompatible with python 3
+       #:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'configure
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "screenlayout/xrandr.py"
+               (("\"xrandr\"") (string-append "\"" (assoc-ref inputs "xrandr")
+                                              "/bin/xrandr\"")))
+             #t)))
        #:tests? #f)) ;no tests
     (inputs `(("pygtk" ,python2-pygtk)
               ("xrandr" ,xrandr)))
diff --git a/gnu/services/audio.scm b/gnu/services/audio.scm
new file mode 100644
index 0000000000..22814a6c09
--- /dev/null
+++ b/gnu/services/audio.scm
@@ -0,0 +1,86 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Peter Mikkelsen <petermikkelsen10@gmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu services audio)
+  #:use-module (guix gexp)
+  #:use-module (gnu services)
+  #:use-module (gnu services shepherd)
+  #:use-module (gnu packages mpd)
+  #:use-module (guix records)
+  #:use-module (ice-9 match)
+  #:export (mpd-configuration
+            mpd-configuration?
+            mpd-service-type))
+
+;;; Commentary:
+;;;
+;;; Audio related services
+;;;
+;;; Code:
+
+(define-record-type* <mpd-configuration>
+  mpd-configuration make-mpd-configuration
+  mpd-configuration?
+  (user         mpd-configuration-user
+                (default "mpd"))
+  (music-dir    mpd-configuration-music-dir
+                (default "~/Music"))
+  (playlist-dir mpd-configuration-playlist-dir
+                (default "~/.mpd/playlists"))
+  (port         mpd-configuration-port
+                (default "6600"))
+  (address      mpd-configuration-address
+                (default "any"))
+  (pid-file     mpd-configuration-pid-file
+                (default "/var/run/mpd.pid")))
+
+(define (mpd-config->file config)
+  (apply
+   mixed-text-file "mpd.conf"
+   "audio_output {\n"
+   "  type \"pulse\"\n"
+   "  name \"MPD\"\n"
+   "}\n"
+   (map (match-lambda
+          ((config-name config-val)
+           (string-append config-name " \"" (config-val config) "\"\n")))
+        `(("user" ,mpd-configuration-user)
+          ("music_directory" ,mpd-configuration-music-dir)
+          ("playlist_directory" ,mpd-configuration-playlist-dir)
+          ("port" ,mpd-configuration-port)
+          ("bind_to_address" ,mpd-configuration-address)
+          ("pid_file" ,mpd-configuration-pid-file)))))
+
+(define (mpd-service config)
+  (shepherd-service
+   (documentation "Run the MPD (Music Player Daemon)")
+   (provision '(mpd))
+   (start #~(make-forkexec-constructor
+             (list #$(file-append mpd "/bin/mpd")
+                   "--no-daemon"
+                   #$(mpd-config->file config))
+             #:pid-file #$(mpd-configuration-pid-file config)))
+   (stop  #~(make-kill-destructor))))
+
+(define mpd-service-type
+  (service-type
+   (name 'mpd)
+   (extensions
+    (list (service-extension shepherd-root-service-type
+                             (compose list mpd-service))))
+   (default-value (mpd-configuration))))
diff --git a/gnu/tests/audio.scm b/gnu/tests/audio.scm
new file mode 100644
index 0000000000..8eadaf02e1
--- /dev/null
+++ b/gnu/tests/audio.scm
@@ -0,0 +1,78 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2017 Peter Mikkelsen <petermikkelsen10@gmail.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu tests audio)
+  #:use-module (gnu tests)
+  #:use-module (gnu system)
+  #:use-module (gnu system vm)
+  #:use-module (gnu services)
+  #:use-module (gnu services audio)
+  #:use-module (gnu packages mpd)
+  #:use-module (guix gexp)
+  #:export (%test-mpd))
+
+(define %mpd-os
+  (simple-operating-system
+   (service mpd-service-type
+            (mpd-configuration
+             (user "root")))))
+
+(define (run-mpd-test)
+  "Run tests in %mpd-os, which has mpd running."
+  (define os
+    (marionette-operating-system
+     %mpd-os
+     #:imported-modules '((gnu services herd))))
+
+  (define vm
+    (virtual-machine os))
+
+  (define test
+    (with-imported-modules '((gnu build marionette))
+      #~(begin
+          (use-modules (srfi srfi-64)
+                       (gnu build marionette))
+          (define marionette
+            (make-marionette (list #$vm)))
+
+          (mkdir #$output)
+          (chdir #$output)
+
+          (test-begin "mpd")
+
+          (test-assert "service is running"
+            (marionette-eval
+             '(begin
+                (use-modules (gnu services herd))
+                (start-service 'mpd))
+             marionette))
+
+          (test-assert "mpc connect"
+            (marionette-eval
+             '(zero? (system #$(file-append mpd-mpc "/bin/mpc")))
+             marionette))
+
+          (test-end)
+          (exit (= (test-runner-fail-count (test-runner-current)) 0)))))
+  (gexp->derivation "mpd-test" test))
+
+(define %test-mpd
+  (system-test
+   (name "mpd")
+   (description "Test that the mpd can run and be connected to.")
+   (value (run-mpd-test))))