Merge branch 'master' into staging

.mailmap

@@ -33,7 +33,7 @@ Joshua Grant <tadni@riseup.net> <gzg@riseup.net>
 Joshua Grant <tadni@riseup.net> <jgrant@parenthetical.io>
 Joshua Grant <tadni@riseup.net> <tadnimi@gmail.com>
 Joshua Grant <tadni@riseup.net> <youlysses@riseup.net>
-Kei Kebreau <kei@openmailbox.org>
+Kei Kebreau <kei@openmailbox.org> <kkebreau@posteo.net>
 Leo Famulari <leo@famulari.name> <lfamular@gmail.com>
 Ludovic Courtès <ludo@gnu.org> <ludovic.courtes@inria.fr>
 Marek Benc <dusxmt@gmx.com> <merkur32@gmail.com>

doc/guix.texi

@@ -15844,9 +15844,6 @@ The directory to scan for music files.
 @item @code{playlist-dir} (default: @code{"~/.mpd/playlists"})
 The directory to store playlists.
 
-@item @code{pid-file} (default: @code{"/var/run/mpd.pid"})
-The file mpd wil store its PID.  This must be an absolute path.
-
 @item @code{port} (default: @code{"6600"})
 The port to run mpd on.
 

gnu/bootloader.scm

@@ -132,9 +132,9 @@
   (or (%bootloader-configuration-target config)
       (let ((device (bootloader-configuration-device config)))
         (when device
-          (issue-deprecation-warning
+          (warning
-           "The 'device' field of bootloader configurations is deprecated."
+           (G_ "The 'device' field of bootloader configurations is deprecated.~%"))
-           "Use 'target' instead."))
+          (warning (G_ "Use 'target' instead.~%")))
         device)))
 
 

gnu/build/marionette.scm

@@ -168,16 +168,20 @@ QEMU monitor and to the guest's backdoor REPL."
 (define* (wait-for-file file marionette #:key (timeout 10))
   "Wait until FILE exists in MARIONETTE; 'read' its content and return it.  If
 FILE has not shown up after TIMEOUT seconds, raise an error."
-  (marionette-eval
+  (match (marionette-eval
-   `(let loop ((i ,timeout))
+          `(let loop ((i ,timeout))
-      (cond ((file-exists? ,file)
+             (cond ((file-exists? ,file)
-             (call-with-input-file ,file read))
+                    (cons 'success (call-with-input-file ,file read)))
-            ((> i 0)
+                   ((> i 0)
-             (sleep 1)
+                    (sleep 1)
-             (loop (- i 1)))
+                    (loop (- i 1)))
-            (else
+                   (else
-             (error "file didn't show up" ,file))))
+                    'failure)))
-   marionette))
+          marionette)
+    (('success . result)
+     result)
+    ('failure
+     (error "file didn't show up" file))))
 
 (define (marionette-control command marionette)
   "Run COMMAND in the QEMU monitor of MARIONETTE.  COMMAND is a string such as
@@ -257,9 +261,20 @@ PREDICATE, whichever comes first.  Raise an error when TIMEOUT is exceeded."
     (#\. . "dot")
     (#\, . "comma")
     (#\; . "semicolon")
+    (#\' . "apostrophe")
+    (#\" . "shift-apostrophe")
+    (#\` . "grave_accent")
     (#\bs . "backspace")
     (#\tab . "tab")))
 
+(define (character->keystroke chr keystrokes)
+  "Return the keystroke for CHR according to the keyboard layout defined by
+KEYSTROKES."
+  (if (char-set-contains? char-set:upper-case chr)
+      (string-append "shift-" (string (char-downcase chr)))
+      (or (assoc-ref keystrokes chr)
+          (string chr))))
+
 (define* (string->keystroke-commands str
                                      #:optional
                                      (keystrokes
@@ -268,9 +283,9 @@ PREDICATE, whichever comes first.  Raise an error when TIMEOUT is exceeded."
 to STR.  KEYSTROKES is an alist specifying a mapping from characters to
 keystrokes."
   (string-fold-right (lambda (chr result)
-                       (cons (string-append "sendkey "
+                       (cons (string-append
-                                            (or (assoc-ref keystrokes chr)
+                              "sendkey "
-                                                (string chr)))
+                              (character->keystroke chr keystrokes))
                              result))
                      '()
                      str))

gnu/local.mk

@@ -4,7 +4,7 @@
 # Copyright © 2016 Mathieu Lirzin <mthl@gnu.org>
 # Copyright © 2013, 2014, 2015, 2016, 2017 Mark H Weaver <mhw@netris.org>
 # Copyright © 2016 Chris Marusich <cmmarusich@gmail.com>
-# Copyright © 2016, 2017 Kei Kebreau <kei@openmailbox.org>
+# Copyright © 2016, 2017 Kei Kebreau <kkebreau@posteo.net>
 # Copyright © 2016, 2017 Rene Saavedra <rennes@openmailbox.org>
 # Copyright © 2016 Adonay "adfeno" Felipe Nogueira <https://libreplanet.org/wiki/User:Adfeno> <adfeno@openmailbox.org>
 # Copyright © 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
@@ -631,7 +631,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/gcr-disable-failing-tests.patch		\
   %D%/packages/patches/gcr-fix-collection-tests-to-work-with-gpg-21.patch	\
   %D%/packages/patches/gdk-pixbuf-list-dir.patch		\
-  %D%/packages/patches/gd-CVE-2017-7890.patch		\
   %D%/packages/patches/gd-fix-gd2-read-test.patch		\
   %D%/packages/patches/gd-fix-tests-on-i686.patch		\
   %D%/packages/patches/gd-freetype-test-failure.patch		\
@@ -677,6 +676,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/graphicsmagick-CVE-2017-12935.patch	\
   %D%/packages/patches/graphicsmagick-CVE-2017-12936.patch	\
   %D%/packages/patches/graphicsmagick-CVE-2017-12937.patch	\
+  %D%/packages/patches/graphicsmagick-CVE-2017-13775.patch	\
+  %D%/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch	\
   %D%/packages/patches/graphite2-ffloat-store.patch		\
   %D%/packages/patches/grep-gnulib-lock.patch                   \
   %D%/packages/patches/grep-timing-sensitive-test.patch		\
@@ -804,9 +805,15 @@ dist_patch_DATA =						\
   %D%/packages/patches/libxcb-python-3.5-compat.patch		\
   %D%/packages/patches/libxml2-CVE-2016-4658.patch		\
   %D%/packages/patches/libxml2-CVE-2016-5131.patch		\
+  %D%/packages/patches/libxml2-CVE-2017-0663.patch		\
+  %D%/packages/patches/libxml2-CVE-2017-7375.patch		\
+  %D%/packages/patches/libxml2-CVE-2017-7376.patch		\
+  %D%/packages/patches/libxml2-CVE-2017-9047+CVE-2017-9048.patch	\
+  %D%/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch	\
   %D%/packages/patches/libxslt-generated-ids.patch		\
   %D%/packages/patches/libxslt-CVE-2016-4738.patch		\
   %D%/packages/patches/libxt-guix-search-paths.patch		\
+  %D%/packages/patches/libzip-CVE-2017-12858.patch		\
   %D%/packages/patches/lierolibre-check-unaligned-access.patch	\
   %D%/packages/patches/lierolibre-is-free-software.patch	\
   %D%/packages/patches/lierolibre-newer-libconfig.patch		\
@@ -839,9 +846,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/mcrypt-CVE-2012-4527.patch			\
   %D%/packages/patches/mesa-skip-disk-cache-test.patch		\
   %D%/packages/patches/mesa-wayland-egl-symbols-check-mips.patch	\
-  %D%/packages/patches/metabat-remove-compilation-date.patch	\
   %D%/packages/patches/metabat-fix-compilation.patch		\
-  %D%/packages/patches/metabat-fix-boost-issue.patch		\
   %D%/packages/patches/mhash-keygen-test-segfault.patch		\
   %D%/packages/patches/mingw-w64-5.0rc2-gcc-4.9.3.patch		\
   %D%/packages/patches/mpc123-initialize-ao.patch		\
@@ -852,7 +857,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/mozjs38-shell-version.patch		\
   %D%/packages/patches/mozjs38-tracelogger.patch		\
   %D%/packages/patches/mozjs38-version-detection.patch		\
-  %D%/packages/patches/multiqc-fix-git-subprocess-error.patch	\
   %D%/packages/patches/mumps-build-parallelism.patch		\
   %D%/packages/patches/mupdf-build-with-openjpeg-2.1.patch	\
   %D%/packages/patches/mupen64plus-ui-console-notice.patch	\
@@ -957,6 +961,7 @@ dist_patch_DATA =						\
   %D%/packages/patches/python-genshi-fix-tests-on-python-3.5.patch	\
   %D%/packages/patches/python-genshi-isstring-helper.patch	\
   %D%/packages/patches/python-genshi-stripping-of-unsafe-script-tags.patch	\
+  %D%/packages/patches/python2-larch-coverage-4.0a6-compatibility.patch \
   %D%/packages/patches/python-parse-too-many-fields.patch	\
   %D%/packages/patches/python2-rdflib-drop-sparqlwrapper.patch	\
   %D%/packages/patches/python-statsmodels-fix-tests.patch	\
@@ -971,18 +976,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/python2-pygobject-2-gi-info-type-error-domain.patch \
   %D%/packages/patches/python-pygpgme-fix-pinentry-tests.patch	\
   %D%/packages/patches/python2-subprocess32-disable-input-test.patch	\
-  %D%/packages/patches/qemu-CVE-2017-7493.patch			\
-  %D%/packages/patches/qemu-CVE-2017-8112.patch			\
-  %D%/packages/patches/qemu-CVE-2017-8309.patch			\
-  %D%/packages/patches/qemu-CVE-2017-8379.patch			\
-  %D%/packages/patches/qemu-CVE-2017-8380.patch			\
-  %D%/packages/patches/qemu-CVE-2017-9524.patch			\
-  %D%/packages/patches/qemu-CVE-2017-10664.patch		\
-  %D%/packages/patches/qemu-CVE-2017-10806.patch		\
-  %D%/packages/patches/qemu-CVE-2017-10911.patch		\
-  %D%/packages/patches/qemu-CVE-2017-11334.patch		\
-  %D%/packages/patches/qemu-CVE-2017-11434.patch		\
-  %D%/packages/patches/qemu-CVE-2017-12809.patch		\
   %D%/packages/patches/qt4-ldflags.patch			\
   %D%/packages/patches/qtscript-disable-tests.patch		\
   %D%/packages/patches/quagga-reproducible-build.patch          \
@@ -1001,6 +994,10 @@ dist_patch_DATA =						\
   %D%/packages/patches/rsem-makefile.patch			\
   %D%/packages/patches/ruby-concurrent-ignore-broken-test.patch	\
   %D%/packages/patches/ruby-concurrent-test-arm.patch		\
+  %D%/packages/patches/ruby-rubygems-2612-ruby24.patch		\
+  %D%/packages/patches/ruby-rubygems-2613-ruby24.patch		\
+  %D%/packages/patches/ruby-2.2.7-rubygems-2613-ruby22.patch	\
+  %D%/packages/patches/ruby-2.3.4-rubygems-2613-ruby23.patch	\
   %D%/packages/patches/ruby-rack-ignore-failing-test.patch      \
   %D%/packages/patches/ruby-tzinfo-data-ignore-broken-test.patch\
   %D%/packages/patches/rxvt-unicode-escape-sequences.patch	\
@@ -1093,7 +1090,6 @@ dist_patch_DATA =						\
   %D%/packages/patches/wordnet-CVE-2008-3908-pt2.patch			\
   %D%/packages/patches/xcb-proto-python3-print.patch		\
   %D%/packages/patches/xcb-proto-python3-whitespace.patch	\
-  %D%/packages/patches/wxwidgets-fix-windowGTK.patch		\
   %D%/packages/patches/xdotool-fix-makefile.patch               \
   %D%/packages/patches/xf86-video-ark-remove-mibstore.patch	\
   %D%/packages/patches/xf86-video-ast-remove-mibstore.patch	\

gnu/packages.scm

@@ -140,17 +140,19 @@ for system '~a'")
               directory))
         %load-path)))
 
-(define (fold-packages proc init)
+(define* (fold-packages proc init
-  "Call (PROC PACKAGE RESULT) for each available package, using INIT as
+                        #:optional
-the initial value of RESULT.  It is guaranteed to never traverse the
+                        (modules (all-modules (%package-module-path))))
-same package twice."
+  "Call (PROC PACKAGE RESULT) for each available package defined in one of
+MODULES, using INIT as the initial value of RESULT.  It is guaranteed to never
+traverse the same package twice."
   (fold-module-public-variables (lambda (object result)
                                   (if (and (package? object)
                                            (not (hidden-package? object)))
                                       (proc object result)
                                       result))
                                 init
-                                (all-modules (%package-module-path))))
+                                modules))
 
 (define find-packages-by-name
   (let ((packages (delay

gnu/packages/admin.scm

@@ -1832,7 +1832,7 @@ the status of your battery in the system tray.")
       (source (origin
                 (method git-fetch)
                 (uri (git-reference
-                      (url "git://github.com/TrilbyWhite/interrobang")
+                      (url "https://github.com/TrilbyWhite/interrobang")
                       (commit commit)))
                 (file-name (string-append name "-" version))
                 (sha256

gnu/packages/aidc.scm

@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 John Darringon <jmd@gnu.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -69,3 +70,26 @@ a mobile phone with CCD.  The capacity of QR Code is up to 7000 digits or 4000
 characters, and is highly robust.")
     (license license:lgpl2.1+)
     (home-page "https://fukuchi.org/works/qrencode")))
+
+(define-public libdmtx
+  (package
+    (name "libdmtx")
+    (version "0.7.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "mirror://sourceforge/libdmtx/" name "/" version "/"
+             name "-" version ".tar.bz2"))
+       (sha256
+        (base32 "0xnxx075ycy58n92yfda2z9zgd41h3d4ik5d9l197lzsqim5hb5n"))))
+    (build-system gnu-build-system)
+    (native-inputs
+     `(("pkg-config" ,pkg-config)))
+    (home-page "http://libdmtx.sourceforge.net/")
+    (synopsis "Library for reading and writing Data Matrix 2D barcodes")
+    (description "libdmtx is open source software for reading and writing Data
+Matrix 2D barcodes on Linux and Unix.  At its core libdmtx is a shared
+library, allowing C/C++ programs to use its capabilities without restrictions
+or overhead.")
+    (license license:bsd-3)))

gnu/packages/audio.scm

@@ -190,7 +190,7 @@ streams from live audio.")
     (source (origin
               (method git-fetch)
               (uri (git-reference
-                    (url "git://git.ardour.org/ardour/ardour.git")
+                    (url "https://git.ardour.org/ardour/ardour.git")
                     (commit version)))
               (snippet
                ;; Ardour expects this file to exist at build time.  The revision
@@ -2906,3 +2906,29 @@ code, used in @code{libtoxcore}.")
 06.10 RPE-LTP lossy speech compression algorithm.")
     (home-page "http://quut.com/gsm/")
     (license (license:non-copyleft "file://COPYRIGHT"))))
+
+(define-public python-pyalsaaudio
+  (package
+    (name "python-pyalsaaudio")
+    (version "0.8.4")
+    (source (origin
+              (method url-fetch)
+              (uri (pypi-uri "pyalsaaudio" version))
+              (sha256
+               (base32
+                "1180ypn9596rq4b7y7dyv627j1q0fqilmkkrckclnzsdakdgis44"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:tests? #f))                   ; tests require access to ALSA devices.
+    (inputs
+     `(("alsa-lib" ,alsa-lib)))
+    (home-page "http://larsimmisch.github.io/pyalsaaudio/")
+    (synopsis "ALSA wrappers for Python")
+    (description
+     "This package contains wrappers for accessing the ALSA API from Python.
+It is currently fairly complete for PCM devices, and has some support for
+mixers.")
+    (license license:psfl)))
+
+(define-public python2-pyalsaaudio
+  (package-with-python2 python-pyalsaaudio))

gnu/packages/backup.scm

@@ -5,7 +5,7 @@
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
-;;; Copyright © 2017 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2017 Kei Kebreau <kkebreau@posteo.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;

gnu/packages/bioinformatics.scm

@@ -3475,7 +3475,7 @@ form of assemblies or reads.")
 (define-public metabat
   (package
     (name "metabat")
-    (version "2.11.2")
+    (version "2.12.1")
     (source
      (origin
        (method url-fetch)
@@ -3484,10 +3484,8 @@ form of assemblies or reads.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "0rws9r1ziv6way8cf49jg8bzj7x2131kfqkhj8byf0z5hnrq3bwv"))
+         "1hmvdalz3zj5sqqklg0l4npjdv37cv2hsdi1al9iby2ndxjs1b73"))
-       (patches (search-patches "metabat-remove-compilation-date.patch"
+       (patches (search-patches "metabat-fix-compilation.patch"))))
-                                "metabat-fix-compilation.patch"
-                                "metabat-fix-boost-issue.patch"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -4751,6 +4749,13 @@ simultaneously.")
        #:tests? #f ; no "check" target
        #:phases
        (modify-phases %standard-phases
+         (add-before 'configure 'set-perl-search-path
+           (lambda _
+             ;; Work around "dotless @INC" build failure.
+             (setenv "PERL5LIB"
+                     (string-append (getcwd) "/setup:"
+                                    (getenv "PERL5LIB")))
+             #t))
          (replace 'configure
            (lambda* (#:key inputs outputs #:allow-other-keys)
              (let ((out (assoc-ref outputs "out")))
@@ -5056,6 +5061,13 @@ sequence itself can be retrieved from these databases.")
                                  "/lib32")))
        #:phases
        (modify-phases %standard-phases
+         (add-before 'configure 'set-perl-search-path
+           (lambda _
+             ;; Work around "dotless @INC" build failure.
+             (setenv "PERL5LIB"
+                     (string-append (getcwd) "/setup:"
+                                    (getenv "PERL5LIB")))
+             #t))
          (replace 'configure
            (lambda* (#:key inputs outputs #:allow-other-keys)
              ;; The build system expects a directory containing the sources and
@@ -5654,18 +5666,17 @@ information as possible.")
 (define-public r-vegan
   (package
     (name "r-vegan")
-    (version "2.4-3")
+    (version "2.4-4")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "vegan" version))
        (sha256
         (base32
-         "15zcxfix2d854897k1lr0sfmj2n00339nlsppcr3zrb238lb2mi5"))))
+         "1n57dzv2aid6iqd9fkqik401sidqanhzsawyak94qbiyh6dbd1x9"))))
     (build-system r-build-system)
     (native-inputs
-     `(("gfortran" ,gfortran)
+     `(("gfortran" ,gfortran)))
-       ("r-knitr" ,r-knitr)))
     (propagated-inputs
      `(("r-cluster" ,r-cluster)
        ("r-lattice" ,r-lattice)
@@ -6129,7 +6140,7 @@ track.  The database is exposed as a @code{TxDb} object.")
 (define-public vsearch
   (package
     (name "vsearch")
-    (version "2.4.3")
+    (version "2.4.4")
     (source
      (origin
        (method url-fetch)
@@ -6139,7 +6150,7 @@ track.  The database is exposed as a @code{TxDb} object.")
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "0hc110ycqpa54nr6x173qg7190hk08qp7yz7zzqxlsypqnpc5zzp"))
+         "1d8a4gjwaqdv57krlr80x18mg5py1bbdiqs5m0jdn38filc9z40k"))
        (patches (search-patches "vsearch-unbundle-cityhash.patch"))
        (snippet
         '(begin
@@ -6433,13 +6444,13 @@ also known as views, in a controlled vocabulary.")
 (define-public r-bookdown
   (package
   (name "r-bookdown")
-  (version "0.4")
+  (version "0.5")
   (source (origin
             (method url-fetch)
             (uri (cran-uri "bookdown" version))
             (sha256
              (base32
-              "1fp1k7hivrb7s2dwgrsqy9s7xg6pk9hczhrc149y1dwh901j6qvv"))))
+              "0zm63kr4f4kja4qpwkzl119zzyciqj7ihajfqgfjpgb4dzaiycxp"))))
   (build-system r-build-system)
   (propagated-inputs
    `(("r-htmltools" ,r-htmltools)
@@ -7109,13 +7120,13 @@ samples.")
 (define-public r-genomicalignments
   (package
     (name "r-genomicalignments")
-    (version "1.12.1")
+    (version "1.12.2")
     (source (origin
               (method url-fetch)
               (uri (bioconductor-uri "GenomicAlignments" version))
               (sha256
                (base32
-                "127690sys4i5q3l4vxnjg4xg8q19qlw2258vgs5d1156w9ypp04h"))))
+                "03ysxi9fdd3bcfj05iaysya9knn2aa2irwpypb5srg0xwv92bdb9"))))
     (properties
      `((upstream-name . "GenomicAlignments")))
     (build-system r-build-system)
@@ -7990,7 +8001,7 @@ paired-end data.")
 (define-public r-rcas
   (package
     (name "r-rcas")
-    (version "1.1.1")
+    (version "1.3.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/BIMSBbioinfo/RCAS/archive/v"
@@ -7998,7 +8009,7 @@ paired-end data.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1hd0r66556bxbdd82ksjklq7nfli36l4k6y88ic7kkg9873wa1nw"))))
+                "19mk7vkbngmch54kzcxb52161ljfchhjsaanza8iwv5h98sjj66d"))))
     (build-system r-build-system)
     (native-inputs
      `(("r-knitr" ,r-knitr)
@@ -8032,7 +8043,7 @@ paired-end data.")
 intuitive reports and publication-ready graphics.  This package provides the R
 library implementing most of the pipeline's features.")
     (home-page "https://github.com/BIMSBbioinfo/RCAS")
-    (license license:expat)))
+    (license license:artistic2.0)))
 
 (define-public rcas-web
   (package
@@ -8575,25 +8586,24 @@ replacement for strverscmp.")
 (define-public multiqc
   (package
     (name "multiqc")
-    (version "0.9")
+    (version "1.2")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "multiqc" version))
        (sha256
         (base32
-         "12gs1jw2jrxrij529rnl5kaqxfcqn15yzcsggxkfhdx634ml0cny"))
+         "032svgym67k2ds7wp0cxzv79gi30yrdl45zbqn74lni3dk04qm33"))))
-       (patches (search-patches "multiqc-fix-git-subprocess-error.patch"))))
     (build-system python-build-system)
-    (arguments
-     ;; Tests are to be introduced in the next version, see
-     ;; https://github.com/ewels/MultiQC/issues/376
-     `(#:tests? #f))
     (propagated-inputs
      `(("python-jinja2" ,python-jinja2)
        ("python-simplejson" ,python-simplejson)
        ("python-pyyaml" ,python-pyyaml)
        ("python-click" ,python-click)
+       ("python-spectra" ,python-spectra)
+       ("python-requests" ,python-requests)
+       ("python-markdown" ,python-markdown)
+       ("python-lzstring" ,python-lzstring)
        ("python-matplotlib" ,python-matplotlib)
        ("python-numpy" ,python-numpy)
        ;; MultQC checks for the presence of nose at runtime.
@@ -8830,14 +8840,14 @@ trait.")
 (define-public r-maldiquant
   (package
     (name "r-maldiquant")
-    (version "1.16.2")
+    (version "1.16.4")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "MALDIquant" version))
        (sha256
         (base32
-         "0z5srzsfgsgi4bssr4chls4ry6d18y2g9143znqmraylppwrrqzr"))))
+         "1pmhsfvd45a44xdiml4zx3zd5fhygqyziqvygahkk9yibnyhv4cv"))))
     (properties `((upstream-name . "MALDIquant")))
     (build-system r-build-system)
     (home-page "http://cran.r-project.org/web/packages/MALDIquant")

gnu/packages/calendar.scm

@@ -1,7 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
 ;;; Copyright © 2015, 2016, 2017 Leo Famulari <leo@famulari.name>
-;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Troy Sankey <sankeytms@gmail.com>
 ;;; Copyright © 2016 Stefan Reichoer <stefan@xsteve.at>

gnu/packages/check.scm

@@ -7,6 +7,7 @@
 ;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
 ;;; Copyright © 2016 Lukas Gradl <lgradl@openmailbox.org>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
+;;; Copyright © 2017 Kei Kebreau <kkebreau@posteo.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -34,6 +35,7 @@
   #:use-module (guix git-download)
   #:use-module (guix build-system cmake)
   #:use-module (guix build-system gnu)
+  #:use-module (guix build-system python)
   #:use-module (guix build-system trivial))
 
 (define-public check
@@ -153,6 +155,51 @@ supervised tests.")
 multi-paradigm automated test framework for C++ and Objective-C.")
     (license boost1.0)))
 
+(define-public cmdtest
+  (package
+    (name "cmdtest")
+    (version "0.29")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "http://git.liw.fi/cmdtest/snapshot/"
+                                  name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1i6gi4yp4qqx1liax098c7nwdb24pghh11xqlrcs7lnhh079rqhb"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:python ,python-2
+       #:phases
+       (modify-phases %standard-phases
+         ;; check phase needs to be run before the build phase. If not, the
+         ;; coverage test runner looks for tests for the built source files,
+         ;; and fails.
+         (delete 'check)
+         (add-before 'build 'check
+           (lambda _
+             (substitute* "yarn"
+               (("/bin/sh") (which "sh")))
+             ;; yarn uses python2-ttystatus to print messages.
+             ;; python2-ttystatus requires /dev/tty which is not present in
+             ;; the build environment. Hence assuming-failure test fails.
+             (delete-file "yarn.tests/assuming-failure.script")
+             (delete-file "yarn.tests/assuming-failure.stdout")
+             (zero? (system* "python" "setup.py" "check")))))))
+    (native-inputs
+     `(("python2-coverage-test-runner" ,python2-coverage-test-runner)))
+    (propagated-inputs
+     `(("python2-cliapp" ,python2-cliapp)
+       ("python2-markdown" ,python2-markdown)
+       ("python2-ttystatus" ,python2-ttystatus)))
+    (home-page "https://liw.fi/cmdtest/")
+    (synopsis "Black box Unix program tester")
+    (description
+     "@code{cmdtest} black box tests Unix command line tools.  Roughly, it is
+given a command line and input files, and the expected output, and it verifies
+that the command line produces the expected output.  If not, it reports a
+problem, and shows the differences.")
+    (license gpl3+)))
+
 (define-public cmocka
   (package
     (name "cmocka")

gnu/packages/compression.scm

@@ -4,7 +4,7 @@
 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015 Taylan Ulrich Bayırlı/Kammer <taylanbayirli@gmail.com>
 ;;; Copyright © 2015, 2016 Eric Bavier <bavier@member.fsf.org>
-;;; Copyright © 2015, 2016 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2015 Jeff Mickey <j@codemac.net>
 ;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
@@ -12,7 +12,7 @@
 ;;; Copyright © 2016 Danny Milosavljevic <dannym@scratchpost.org>
 ;;; Copyright © 2016, 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 David Craven <david@craven.ch>
-;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2016 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
 ;;; Copyright © 2017 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
@@ -758,6 +758,28 @@ the LZ4 frame format.")
 (define-public python2-lz4
   (package-with-python2 python-lz4))
 
+(define-public python-lzstring
+  (package
+    (name "python-lzstring")
+    (version "1.0.3")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "lzstring" version))
+       (sha256
+        (base32
+         "1d3ck454y41mii0gcjabpmp2skb7n0f9zk232gycqdv8z2jxakfm"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("python-future" ,python-future)))
+    (home-page "https://github.com/gkovacs/lz-string-python")
+    (synopsis "String compression")
+    (description "Lz-string is a string compressor library for Python.")
+    (license license:expat)))
+
+(define-public python2-lzstring
+  (package-with-python2 python-lzstring))
+
 (define-public squashfs-tools
   (package
     (name "squashfs-tools")
@@ -1525,6 +1547,7 @@ manipulate, read, and write Zip archive files.")
               (method url-fetch)
               (uri (string-append
                     "https://nih.at/libzip/libzip-" version ".tar.gz"))
+              (patches (search-patches "libzip-CVE-2017-12858.patch"))
               (sha256
                (base32
                 "17vxj2ffsxwh8lkc6801ppmwj15jp8q58rin76znxfbx88789ybc"))))

gnu/packages/cran.scm

@@ -202,14 +202,14 @@ on (non-orthogonal) variable vectors in scatterplots and biplots.")
 (define-public r-shape
   (package
     (name "r-shape")
-    (version "1.4.2")
+    (version "1.4.3")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "shape" version))
        (sha256
         (base32
-         "0yk3cmsa57svcvbnm21pyr0s0qbhnllka8nmsg4yb41frjlqph66"))))
+         "1v9xp60p813rnx41vchkh32qmcb4z2zp9l7r1a8a6f8aqylnq3vj"))))
     (build-system r-build-system)
     (home-page "http://cran.r-project.org/web/packages/shape")
     (synopsis "Functions for plotting graphical shapes")
@@ -241,14 +241,14 @@ validation and filtering on the values, making options invisible or private.")
 (define-public r-circlize
   (package
     (name "r-circlize")
-    (version "0.4.0")
+    (version "0.4.1")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "circlize" version))
        (sha256
         (base32
-         "0p1zx1aawkblz48kzzfn5w1k3lbwv9wrk1k5gcfjrr2b4sz1pp5b"))))
+         "1w7i3jgxgq510axglzmw54ma9kq7k4c86i9ccndz10mrwc51fji0"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-colorspace" ,r-colorspace)
@@ -271,14 +271,14 @@ patterns behind multiple dimensional data.")
 (define-public r-powerlaw
   (package
     (name "r-powerlaw")
-    (version "0.70.0")
+    (version "0.70.1")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "poweRlaw" version))
        (sha256
         (base32
-         "1p2la3hslxq2xa8jkwvci6zcpn47cvyr9xqd5agp1riwwp2xw5gh"))))
+         "04sr0nhdd1v915m0zf5gasznzgi08ykcy20kkwdw0l5mvvdbic8m"))))
     (properties `((upstream-name . "poweRlaw")))
     (build-system r-build-system)
     (propagated-inputs
@@ -459,14 +459,14 @@ quantities.")
 (define-public r-reshape
   (package
     (name "r-reshape")
-    (version "0.8.6")
+    (version "0.8.7")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "reshape" version))
        (sha256
         (base32
-         "1f1ngalc22knhdm9djv1m6abnjqpv1frdzxfkpakhph2l67bk7fq"))))
+         "14ir3w4bb3bsz8jsak27nj7kpn227pdgr9653gjq5wc93rywi9ig"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-plyr" ,r-plyr)
@@ -505,14 +505,14 @@ package also provides a C++ API, that works with or without Rcpp.")
 (define-public r-ggally
   (package
     (name "r-ggally")
-    (version "1.3.0")
+    (version "1.3.2")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "GGally" version))
        (sha256
         (base32
-         "12ddab0nd0f9c7bb6cx3c22mliyvc8xsxv26aqz3cvfbla8crp3b"))))
+         "02px7j28wzbhcgcwm2m0pxb6g7s5zvphl64ix55pkvag4m2ky57l"))))
     (properties `((upstream-name . "GGally")))
     (build-system r-build-system)
     (propagated-inputs
@@ -556,14 +556,14 @@ most popular ones.")
 (define-public r-sp
   (package
     (name "r-sp")
-    (version "1.2-4")
+    (version "1.2-5")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "sp" version))
        (sha256
         (base32
-         "0crba3j00mb2xv2yk60rpa57gn97xq4ql3a6p9cjzqjxzv2cknk2"))))
+         "09yydnacp33yx0kn537k96fjlbf75fjafqfknpa5gvci4l888bqd"))))
     (build-system r-build-system)
     (propagated-inputs
      `(("r-lattice" ,r-lattice)))
@@ -623,14 +623,14 @@ quantile mixture from L-moments and trimmed L-moments.")
 (define-public r-distillery
   (package
     (name "r-distillery")
-    (version "1.0-2")
+    (version "1.0-4")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "distillery" version))
        (sha256
         (base32
-         "12m4cacvc18fd3aayc8iih5q6bwsmvf29b55fwp7vs8wp1h8nd8c"))))
+         "1m0pgmlvk7bsb6q3kxagnq422babk61sf73naavac68v8x2q8fix"))))
     (build-system r-build-system)
     (home-page "http://www.ral.ucar.edu/staff/ericg")
     (synopsis "Functions for confidence intervals and object information")
@@ -904,14 +904,14 @@ George Marsaglia are included.")
 (define-public r-ksamples
   (package
     (name "r-ksamples")
-    (version "1.2-6")
+    (version "1.2-7")
     (source
      (origin
        (method url-fetch)
        (uri (cran-uri "kSamples" version))
        (sha256
         (base32
-         "1pbam0zqq44slpxdgl2s2fsfdgl7i0pgm8bzlvnm0fy0na24bgdj"))))
+         "0f19rjngk0lg6s8c6h5l55qpxp8sl4vxj3kpi05cizzncny9b9bj"))))
     (properties `((upstream-name . "kSamples")))
     (build-system r-build-system)
     (propagated-inputs

gnu/packages/databases.scm

@@ -371,12 +371,7 @@ applications.")
                        (for-each delete-file
                                  (find-files (string-append out "/bin")
                                              "_embedded$"))
-                       #t))))
+                       #t))))))
-       ;; On aarch64 the test suite runs out of memory and fails.
-       ,@(if (string-prefix? "aarch64-linux"
-                             (or (%current-target-system) (%current-system)))
-           '(#:tests? #f)
-           '())))
     (native-inputs
      `(("bison" ,bison)
        ("perl" ,perl)))
@@ -474,14 +469,14 @@ as a drop-in replacement of MySQL.")
 (define-public postgresql
   (package
     (name "postgresql")
-    (version "9.6.4")
+    (version "9.6.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://ftp.postgresql.org/pub/source/v"
                                   version "/postgresql-" version ".tar.bz2"))
               (sha256
                (base32
-                "04yffrrmn85k25n3nq389aa9c1j8mkimrf889kayl772h9nv2fib"))))
+                "0k3ls2x182jz6djjiqj9kycddabdl2gk1y1ajq1vipnxwfki5nh6"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags '("--with-uuid=e2fs")
@@ -793,14 +788,14 @@ is in the public domain.")
 (define-public tdb
   (package
     (name "tdb")
-    (version "1.3.14")
+    (version "1.3.15")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.samba.org/ftp/tdb/tdb-"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "1sfbia8xyaywgx9zy7x618vrvyx9gc3cgqf763shsii9javlnz9s"))))
+                "0a37jhpij8wr4f4pjqdlwnffy2l6a2vkqdpz1bqxj6v06cwbz8dl"))))
     (build-system gnu-build-system)
     (arguments
      '(#:phases

gnu/packages/dav.scm

@@ -55,13 +55,13 @@ clients.")
 (define-public vdirsyncer
   (package
     (name "vdirsyncer")
-    (version "0.16.1")
+    (version "0.16.2")
     (source (origin
              (method url-fetch)
              (uri (pypi-uri name version))
              (sha256
               (base32
-               "0pnsb9h4r0hhmqhzx9nbrd7jawir9ysrh3wrrkhzi0ssarmxyp67"))))
+               "19xqzxcgmpm2z56l2d4a1n4sqmhrnzfwx3d9avfzgldwyhlrz0da"))))
     (build-system python-build-system)
     (arguments
       `(#:phases (modify-phases %standard-phases

gnu/packages/disk.scm

@@ -344,7 +344,7 @@ and can dramatically shorten the lifespan of the drive if left unchecked.")
     (native-inputs
      `(("intltool" ,intltool)
        ("pkg-config" ,pkg-config)))
-    (home-page "https://sourceforge.net/projects/gparted/")
+    (home-page "https://gparted.org/")
     (synopsis "Partition editor to graphically manage disk partitions")
     (description "GParted is a GNOME partition editor for creating,
 reorganizing, and deleting disk partitions.  It uses libparted from the parted

gnu/packages/display-managers.scm

@@ -132,23 +132,24 @@ Qt-style API for Wayland clients.")
 (define-public sddm
   (package
     (name "sddm")
-    (version "0.14.0")
+    (version "0.15.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
                     "https://github.com/sddm/sddm"
                     "/releases/download/v" version "/"
-                    "sddm-" version ".tar.xz"))
+                    "sddm-" version ".tar.gz"))
               (sha256
                (base32
-                "0y3pn8g2qj7q20zkmbasrfsj925lfzizk63sfrvzf84bc5c84d3y"))))
+                "0x1igkjm3k8q26xbmg0qah1fc2pn2sfc675w0xg42x7ncrdiw8d4"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
        ("pkg-config" ,pkg-config)
        ("qttools" ,qttools)))
     (inputs
-     `(("glib" ,glib)
+     `(("elogind" ,elogind)
+       ("glib" ,glib)
        ("libxcb" ,libxcb)
        ("libxkbcommon" ,libxkbcommon)
        ("linux-pam" ,linux-pam)
@@ -163,6 +164,8 @@ Qt-style API for Wayland clients.")
         ;; Option added by enable wayland greeters PR
         "-DENABLE_WAYLAND=ON"
         "-DENABLE_PAM=ON"
+        ;; Both flags are required for elogind support.
+        "-DNO_SYSTEMD=ON" "-DUSE_ELOGIND=ON"
         "-DCONFIG_FILE=/etc/sddm.conf"
         ;; Set path to /etc/login.defs
         ;; Alternatively use -DUID_MIN and -DUID_MAX
@@ -180,6 +183,11 @@ Qt-style API for Wayland clients.")
                            (guix build qt-utils))
        #:phases
        (modify-phases %standard-phases
+         (add-after 'unpack 'embed-loginctl-reference
+           (lambda _
+             (substitute* "CMakeLists.txt"
+               (("/usr/bin/loginctl") (which "loginctl")))
+             #t))
          (add-after 'install 'wrap-programs
            (lambda* (#:key outputs #:allow-other-keys)
              (let ((out (assoc-ref outputs "out")))

gnu/packages/djvu.scm

@@ -34,6 +34,14 @@
                (base32
                 "0psh3zl9dj4n4r3lx25390nx34xz0bg0ql48zdskhq354ljni5p6"))))
     (build-system gnu-build-system)
+    (arguments
+     `(#:phases (modify-phases %standard-phases
+                  (add-after 'unpack 'reproducible
+                    (lambda _
+                      ;; Ensure there are no timestamps in .svgz files.
+                      (substitute* "desktopfiles/Makefile.in"
+                        (("gzip") "gzip -n"))
+                      #t)))))
     (home-page "http://djvu.sourceforge.net/")
     (synopsis "Implementation of DjVu, the document format")
     (description "DjVuLibre is an implementation of DjVu,

gnu/packages/dns.scm

@@ -483,14 +483,14 @@ Extensions} (DNSSEC).")
 (define-public knot
   (package
     (name "knot")
-    (version "2.5.3")
+    (version "2.5.4")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://secure.nic.cz/files/knot-dns/"
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "13lxxnnw0v7s0q648grz87bwlfwjh5sfbj1qax7jdklalqqy52np"))
+                "1w14m9pmc8vl9mcgikvwbflwcxwz52l77jq98wvxyxab13lpdpiz"))
               (modules '((guix build utils)))
               (snippet
                '(begin

gnu/packages/documentation.scm

@@ -4,7 +4,7 @@
 ;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
 ;;; Copyright © 2016 Thomas Danckaert <post@thomasdanckaert.be>
-;;; Copyright © 2017 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2017 Kei Kebreau <kkebreau@posteo.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;

gnu/packages/emacs.scm

@@ -12,7 +12,7 @@
 ;;; Copyright © 2016 David Thompson <davet@gnu.org>
 ;;; Copyright © 2016 Matthew Jordan <matthewjordandevops@yandex.com>
 ;;; Copyright © 2016, 2017 Roel Janssen <roel@gnu.org>
-;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
+;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2016, 2017 Nicolas Goaziou <mail@nicolasgoaziou.fr>
 ;;; Copyright © 2016 Alex Vong <alexvong1995@gmail.com>
@@ -22,12 +22,13 @@
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;; Copyright © 2017 Vasile Dumitrascu <va511e@yahoo.com>
 ;;; Copyright © 2017 Kyle Meyer <kyle@kyleam.com>
-;;; Copyright © 2017 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2017 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2017 George Clemmer <myglc2@gmail.com>
 ;;; Copyright © 2017 Feng Shu <tumashu@163.com>
 ;;; Copyright © 2017 Jan Nieuwenhuizen <janneke@gnu.org>
 ;;; Copyright © 2017 Oleg Pykhalov <go.wigust@gmail.com>
 ;;; Copyright © 2017 Mekeor Melire <mekeor.melire@gmail.com>
+;;; Copyright © 2017 Peter Mikkelsen <petermikkelsen10@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -2603,6 +2604,27 @@ transparent background.  If you load it from a GUI, it will default to a
 dark background.")
     (license license:gpl3+)))
 
+(define-public emacs-2048-game
+  (package
+    (name "emacs-2048-game")
+    (version "20151026.1233")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://melpa.org/packages/2048-game-"
+                           version ".el"))
+       (sha256
+        (base32
+         "0gy2pvz79whpavp4jmz8h9krzn7brmvv3diixi1d4w51pcdvaldd"))))
+    (build-system emacs-build-system)
+    (home-page "https://bitbucket.org/zck/2048.el")
+    (synopsis "Implementation of the game 2048 in Emacs Lisp")
+    (description
+     "This program is an implementation of 2048 for Emacs.
+The goal of this game is to create a tile with value 2048.  The size of the
+board and goal value can be customized.")
+  (license license:gpl3+)))
+
 (define-public emacs-smartparens
   (package
     (name "emacs-smartparens")
@@ -3528,7 +3550,7 @@ for search-based navigation of buffers.")
 (define-public emacs-cider
   (package
     (name "emacs-cider")
-    (version "0.12.0")
+    (version "0.15.0")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -3537,8 +3559,11 @@ for search-based navigation of buffers.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "00qzbfjy3w6bcnki7gw0clmi0cc5yqjdrcyhgv4ymijjs79h9p5s"))))
+                "0j7qjcslh8mnxrr2m8qrscyq9ry240j5jd9dysbvih126lxisf12"))))
     (build-system emacs-build-system)
+    (arguments
+     '(#:exclude                        ; Don't exclude 'cider-test.el'.
+       '("^\\.dir-locals\\.el$" "^test/")))
     (propagated-inputs
      `(("emacs-clojure-mode" ,emacs-clojure-mode)
        ("emacs-spinner" ,emacs-spinner)
@@ -3561,30 +3586,32 @@ CIDER).")
     (license license:gpl3+)))
 
 (define-public emacs-lua-mode
-  (package
+  (let ((commit "652e299cb967fccca827dda381d61a9c144d97de")
-    (name "emacs-lua-mode")
+        (revision "1"))
-    (version "20151025")
+    (package
-    (source (origin
+      (name "emacs-lua-mode")
-              (method url-fetch)
+      (version (string-append "20151025." revision "-" (string-take commit 9)))
-              (uri (string-append
+      (home-page "https://github.com/immerrr/lua-mode/")
-                    "https://github.com/immerrr/lua-mode/archive/v"
+      (source (origin
-                    version ".tar.gz"))
+                (method git-fetch)
-              (file-name (string-append name "-" version ".tar.gz"))
+                (uri (git-reference
-              (sha256
+                      (url home-page)
-               (base32
+                      (commit commit)))
-                "0sbhfny5ib65cnx6xcy6h9bbw27mw034s8m9cca00bhxqaqi6p4v"))))
+                (file-name (string-append name "-" version ".checkout"))
-    (build-system emacs-build-system)
+                (sha256
-    (home-page "https://github.com/immerrr/lua-mode/")
+                 (base32
-    (synopsis "Major mode for lua")
+                  "053025k930wh0lak6rc1973ynfrmm8zsyzfqhhd39x7abkl41hc9"))))
-    (description
+      (build-system emacs-build-system)
-     "This Emacs package provides a mode for @uref{https://www.lua.org/,
+      (synopsis "Major mode for lua")
+      (description
+       "This Emacs package provides a mode for @uref{https://www.lua.org/,
 Lua programing language}.")
-    (license license:gpl2+)))
+      (license license:gpl2+))))
 
 (define-public emacs-ebuild-mode
   (package
     (name "emacs-ebuild-mode")
-    (version "1.30")
+    (version "1.37")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -3593,7 +3620,7 @@ Lua programing language}.")
               (file-name (string-append name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0vp7lq1kvmh1b2bms2x1kf2k76dy9m02d7cirkxpiglwaxa0h9vz"))))
+                "07dzrdjjczkxdfdgi60h4jjkvzi4p0k9rij2wpfp8s03ay3qldpp"))))
     (build-system emacs-build-system)
     (home-page "https://devmanual.gentoo.org")
     (synopsis "Major modes for Gentoo package files")
@@ -3716,14 +3743,14 @@ passive voice.")
 (define-public emacs-org
   (package
     (name "emacs-org")
-    (version "20170622")
+    (version "20170828")
     (source (origin
               (method url-fetch)
               (uri (string-append "http://elpa.gnu.org/packages/org-"
                                   version ".tar"))
               (sha256
                (base32
-                "0922lcbr2r7bkswljqzbm5y3ny1n67qfrmf7h7z9hsw2wy0505dp"))))
+                "0frjwgjyy7rwb7si57h6nd1p35a4gcd1dc0aka19kn8r59hbi08p"))))
     (build-system emacs-build-system)
     (home-page "http://orgmode.org/")
     (synopsis "Outline-based notes management and organizer")
@@ -5258,23 +5285,6 @@ multiplexer.")
 editing RPM spec files.")
     (license license:gpl2+)))
 
-(define-public emacs-nix-mode
-  (package
-    (inherit nix)
-    (name "emacs-nix-mode")
-    (build-system emacs-build-system)
-    (arguments
-     `(#:phases
-       (modify-phases %standard-phases
-         (add-after 'unpack 'chdir-elisp
-           ;; Elisp directory is not in root of the source.
-           (lambda _
-             (chdir "misc/emacs"))))))
-    (synopsis "Emacs major mode for editing Nix expressions")
-    (description "@code{nixos-mode} provides an Emacs major mode for editing
-Nix expressions.  It supports syntax highlighting, indenting and refilling of
-comments.")))
-
 (define-public emacs-git-messenger
   (package
     (name "emacs-git-messenger")
@@ -5380,3 +5390,60 @@ enables you to easily define search engines, bind them to keybindings, and
 query them from the comfort of your editor.")
     (home-page "https://github.com/hrs/engine-mode")
     (license license:gpl3+)))
+
+(define-public emacs-prop-menu
+  (package
+    (name "emacs-prop-menu")
+    (version "0.1.2")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "http://stable.melpa.org/packages/prop-menu-"
+             version ".el"))
+       (sha256
+        (base32
+         "01bk4sjafzz7gqrkv9jg0pa85qr34vbk3q8ga2b0m61bndywzgpr"))))
+    (build-system emacs-build-system)
+    (home-page
+     "https://github.com/david-christiansen/prop-menu-el")
+    (synopsis
+     "Create and display a context menu based on text and overlay properties")
+    (description
+     "This is a library for computing context menus based on text
+properties and overlays.  The intended use is to have tools that
+annotate source code and others that use these annotations, without
+requiring a direct coupling between them, but maintaining
+discoverability.
+
+Major modes that wish to use this library should first define an
+appropriate value for @code{prop-menu-item-functions}.  Then, they should
+bind @code{prop-menu-by-completing-read} to an appropriate
+key.  Optionally, a mouse pop-up can be added by binding
+@code{prop-menu-show-menu} to a mouse event.")
+    (license license:gpl3+)))
+
+(define-public emacs-idris-mode
+  (package
+    (name "emacs-idris-mode")
+    (version "0.9.19")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append
+             "http://stable.melpa.org/packages/idris-mode-"
+             version ".tar"))
+       (sha256
+        (base32
+         "0ld4kfwnyyhlsnj5f6cbn4is4mpxdqalk2aifkw02r00mbr9n294"))))
+    (build-system emacs-build-system)
+    (propagated-inputs
+     `(("emacs-prop-menu" ,emacs-prop-menu)))
+    (home-page
+     "https://github.com/idris-hackers/idris-mode")
+    (synopsis "Major mode for editing Idris code")
+    (description
+     "This is an Emacs mode for editing Idris code.  It requires the latest
+version of Idris, and some features may rely on the latest Git version of
+Idris.")
+    (license license:gpl3+)))

gnu/packages/embedded.scm

@@ -299,7 +299,7 @@ languages are C and C++.")
       (source (origin
                 (method git-fetch)
                 (uri (git-reference
-                      (url "git://git.zapb.de/libjaylink.git")
+                      (url "https://git.zapb.de/libjaylink.git")
                       (commit commit)))
                 (file-name (string-append name "-" version "-checkout"))
                 (sha256
@@ -365,7 +365,7 @@ language.")
       (source (origin
                 (method git-fetch)
                 (uri (git-reference
-                      (url "git://git.code.sf.net/p/openocd/code.git")
+                      (url "https://git.code.sf.net/p/openocd/code.git")
                       (commit commit)))
                 (sha256
                  (base32

gnu/packages/engineering.scm

@@ -23,7 +23,6 @@
 ;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
 
 (define-module (gnu packages engineering)
-  #:use-module (srfi srfi-1)
   #:use-module (guix packages)
   #:use-module (guix download)
   #:use-module (guix gexp)

gnu/packages/enlightenment.scm

@@ -59,7 +59,7 @@
 (define-public efl
   (package
     (name "efl")
-    (version "1.20.2")
+    (version "1.20.3")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -67,7 +67,7 @@
                     version ".tar.xz"))
               (sha256
                (base32
-                "0zll6k4xbbdsxqg53g8jddgv889g5m1xh20i03iz5a52y2bcnh55"))))
+                "148i8awjdrqzd0xqfc6q4qvhhs46jl15nx7n2nii7lrwzx502wqj"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -245,7 +245,7 @@ Libraries with some extra bells and whistles.")
 (define-public enlightenment
   (package
     (name "enlightenment")
-    (version "0.21.8")
+    (version "0.21.9")
     (source (origin
               (method url-fetch)
               (uri
@@ -253,7 +253,7 @@ Libraries with some extra bells and whistles.")
                               name "/" name "-" version ".tar.xz"))
               (sha256
                (base32
-                "0cjjiip12hd8bfjl9ccl3vzl81pxh1wpymxk2yvrzf6ap5girhps"))))
+                "0w5f3707hyfc20i6xqh4jlr5p2yhy1z794061mjsz2rp4w00qmpb"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags '("--enable-mount-eeze")

gnu/packages/finance.scm

@@ -246,7 +246,7 @@ do so.")
 (define-public electrum
   (package
     (name "electrum")
-    (version "2.7.12")
+    (version "2.9.3")
     (source
      (origin
        (method url-fetch)
@@ -255,7 +255,7 @@ do so.")
                            version ".tar.gz"))
        (sha256
         (base32
-         "0vxdfl208if7mdsnva1jg37bnay2dsz3ww157aqwcv1j6512fi1n"))
+         "0d0fzb653g7b8ka3x90nl21md4g3n1fv11czdxpdq3s9yr6js6f2"))
        (modules '((guix build utils)))
        (snippet
         '(begin
@@ -264,7 +264,8 @@ do so.")
            #t))))
     (build-system python-build-system)
     (inputs
-     `(("python-slowaes" ,python2-slowaes)
+     `(("python-pyaes" ,python2-pyaes)
+       ("python-pysocks" ,python2-pysocks)
        ("python-sip" ,python2-sip)
        ("python-pyqt" ,python2-pyqt-4)
        ("python-ecdsa" ,python2-ecdsa)

gnu/packages/fltk.scm

@@ -2,7 +2,7 @@
 ;;; Copyright © 2014 John Darrington <jmd@gnu.org>
 ;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
-;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;

gnu/packages/fonts.scm

@@ -560,7 +560,7 @@ languages, plus Greek and Cyrillic.")
 (define-public font-gnu-unifont
   (package
     (name "font-gnu-unifont")
-    (version "10.0.05")
+    (version "10.0.06")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -568,7 +568,7 @@ languages, plus Greek and Cyrillic.")
                     version ".tar.gz"))
               (sha256
                (base32
-                "07sajc32l2knnz6gmd81zxjhcxq8xr6r2kf42wig56vj05s3d1cb"))))
+                "0z8lglzwbkmya0gmhxd9m1x3nsd7flfsbsh0qy34dzqqdwjpyy2p"))))
     (build-system gnu-build-system)
     (outputs '("out" ; TrueType version
                "pcf" ; PCF (bitmap) version

gnu/packages/freedesktop.scm

@@ -6,7 +6,7 @@
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2015 David Hashe <david.hashe@dhashe.com>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2017 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;

gnu/packages/ftp.scm

@@ -173,7 +173,7 @@ as required.")
 (define-public libfilezilla
   (package
     (name "libfilezilla")
-    (version "0.9.0")
+    (version "0.10.1")
     (source
      (origin
        (method url-fetch)
@@ -181,10 +181,11 @@ as required.")
                            name "/" name "-" version ".tar.bz2"))
        (sha256
         (base32
-         "0340v5xs48f28q2d16ldb9359dkzlhl4l449mgyv3qabnlz2pl21"))))
+         "1yi9db0hpxh3giyjhkbz7ajmf95qw27xdvh3xvw208zri5k575x0"))))
     (build-system gnu-build-system)
     (native-inputs
-     `(("cppunit" ,cppunit)))
+     `(("cppunit" ,cppunit)
+       ("pkg-config" ,pkg-config)))
     (home-page "https://lib.filezilla-project.org")
     (synopsis "Cross-platform C++ library used by Filezilla client")
     (description
@@ -195,7 +196,7 @@ platform-independent programs.")
 (define-public filezilla
   (package
     (name "filezilla")
-    (version "3.24.1")
+    (version "3.27.1")
     (source
      (origin
        (method url-fetch)
@@ -204,7 +205,7 @@ platform-independent programs.")
                            "/FileZilla_" version "_src" ".tar.bz2"))
        (sha256
         (base32
-         "0ahcld3g6jj92nakm5i58wgmcv6f4l9yisw3aqbc2ry0gs679pg6"))))
+         "14lsplbp9fy7lk6cpwi3aj6jskz4j82h67x0fik82z1bns0zm2a3"))))
     (build-system gnu-build-system)
     (arguments
       ;; Don't let filezilla phone home to check for updates.

gnu/packages/game-development.scm

@@ -5,7 +5,7 @@
 ;;; Copyright © 2015 Alex Kost <alezost@gmail.com>
 ;;; Copyright © 2015, 2016, 2017 David Thompson <davet@gnu.org>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016, 2017 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016, 2017 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2016 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016, 2017 Julian Graham <joolean@gmail.com>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
@@ -248,14 +248,14 @@ files) into @file{.grf} and/or @file{.nfo} files.")
 (define-public python-sge-pygame
   (package
     (name "python-sge-pygame")
-    (version "1.5")
+    (version "1.5.1")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "sge-pygame" version))
        (sha256
         (base32
-         "0g0n722md6nfayiqzadwf0dh821hzqv0alp4by0vjfwr1xzv49mc"))))
+         "1rl3xjzh78sl0sq3xl8rl7cgp9v9v3h7s2pfwn7nj1vrmffzkcpd"))))
     (build-system python-build-system)
     (propagated-inputs
      `(("python-pygame" ,python-pygame)
@@ -276,7 +276,7 @@ possible, and it also makes the SGE easy to learn.")
 (define-public python-tmx
   (package
     (name "python-tmx")
-    (version "1.9.1")
+    (version "1.10")
     (source
      (origin
        (method url-fetch)
@@ -285,7 +285,7 @@ possible, and it also makes the SGE easy to learn.")
                            version ".tar.gz"))
        (sha256
         (base32
-         "1is107sx3lr09dqjiyn10xqhyv5x54c2ryhys9mb9j3mxjbm227l"))))
+         "073q0prg1nzlkga2b45vhscz374206qh4x68ccg00mxxwagn64z0"))))
     (build-system python-build-system)
     (propagated-inputs
      `(("python-six" ,python-six)))
@@ -353,7 +353,7 @@ support.")
 (define-public tiled
   (package
     (name "tiled")
-    (version "1.0.2")
+    (version "1.0.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/bjorn/tiled/archive/v"
@@ -361,7 +361,7 @@ support.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "134xi74xajh38rj1qhmc4x1zmncfdmqb01axnkxh6zs3qz0rxp93"))))
+                "1qj7l34y5zv2iazmwbix8wdpp88zv7fswbc4arqpp1wak2yna1ix"))))
     (build-system gnu-build-system)
     (inputs
      `(("qtbase" ,qtbase)

gnu/packages/games.scm

@@ -19,7 +19,7 @@
 ;;; Copyright © 2016 Manolis Fragkiskos Ragkousis <manolis837@gmail.com>
 ;;; Copyright © 2016, 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2016 Albin Söderqvist <albin@fripost.org>
-;;; Copyright © 2016, 2017 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016, 2017 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
@@ -522,7 +522,7 @@ watch your CPU playing while enjoying a cup of tea!")
 (define-public retux
   (package
     (name "retux")
-    (version "1.3.4")
+    (version "1.3.5")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://savannah/retux/"
@@ -530,7 +530,7 @@ watch your CPU playing while enjoying a cup of tea!")
                                   version "-src.tar.gz"))
               (sha256
                (base32
-                "1wgvh3q96kfgymb2jpd58xsms9hmckhhc4fq7v2k61gh2l11cvdj"))))
+                "1pcrh3z16fl412r3k7xccrgika19ahb1xh90jihgl8yy7zza2i6p"))))
     (build-system python-build-system)
     (arguments
      `(#:tests? #f ; no check target
@@ -3632,7 +3632,7 @@ throwing people around in pseudo-randomly generated buildings.")
 (define-public hyperrogue
   (package
     (name "hyperrogue")
-    (version "10.0e")
+    (version "10.0g")
     ;; When updating this package, be sure to update the "hyperrogue-data"
     ;; origin in native-inputs.
     (source (origin
@@ -3643,7 +3643,7 @@ throwing people around in pseudo-randomly generated buildings.")
                     "-src.tgz"))
               (sha256
                (base32
-                "1p6fam73khhys54098qsgmp52d0rnqc3k5hknjig0znvfb2kwi38"))))
+                "0f68pcnsgl406dhm91ckn3f364bar9m9i5njp9vrmvhvv9p2icy0"))))
     (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; no check target
@@ -3718,7 +3718,7 @@ throwing people around in pseudo-randomly generated buildings.")
              "-win.zip"))
            (sha256
             (base32
-             "1z9w3nd57ybnf4w7ckhhp5vfws2hwd8x26fx6h496f6160fgcj6m"))))
+             "0bnp077qvlmxjlz1jjd6kpghlv9flxc19ac1xq3m3wyq1w9p3pab"))))
        ("unzip" ,unzip)))
     (inputs
      `(("font-dejavu" ,font-dejavu)

gnu/packages/gd.scm

@@ -4,6 +4,7 @@
 ;;; Copyright © 2015 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2016, 2017 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
+;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -37,12 +38,11 @@
 (define-public gd
   (package
     (name "gd")
-
+    (replacement gd-2.2.5)
     ;; Note: With libgd.org now pointing to github.com, genuine old
     ;; tarballs are no longer available.  Notably, versions 2.0.x are
     ;; missing.
     (version "2.2.4")
-
     (source (origin
              (method url-fetch)
              (uri (string-append
@@ -93,6 +93,22 @@ most common applications of GD involve website development.")
                            "See COPYING file in the distribution."))
     (properties '((cpe-name . "libgd")))))
 
+;; For CVE-2017-6362 and CVE-2017-7890.
+(define-public gd-2.2.5
+  (package
+    (inherit gd)
+    (version "2.2.5")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "https://github.com/libgd/libgd/releases/download/gd-"
+                    version "/libgd-" version ".tar.xz"))
+              (patches (search-patches "gd-fix-tests-on-i686.patch"
+                                       "gd-freetype-test-failure.patch"))
+              (sha256
+               (base32
+                "0lfy5f241sbv8s3splm2zqiaxv7lxrcshh875xryryk7yk5jqc4c"))))))
+
 (define-public perl-gd
   (package
     (name "perl-gd")

gnu/packages/gimp.scm

@@ -43,7 +43,7 @@
 (define-public babl
   (package
     (name "babl")
-    (version "0.1.28")
+    (version "0.1.30")
     (source (origin
               (method url-fetch)
               (uri (list (string-append "https://download.gimp.org/pub/babl/"
@@ -54,7 +54,7 @@
                                         version ".tar.bz2")))
               (sha256
                (base32
-                "00w6xfcv960c98qvxv81gcbj8l1jiab9sggmdl77m19awwiyvwv3"))))
+                "1k2k3phh9ybma2snw6hm8inx2dw1jq6cf7w2aqvi4rfr0rxjrha5"))))
     (build-system gnu-build-system)
     (home-page "http://gegl.org/babl/")
     (synopsis "Image pixel format conversion library")

gnu/packages/gnome.scm

@@ -14,7 +14,7 @@
 ;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016, 2017 Rene Saavedra <rennes@openmailbox.org>
 ;;; Copyright © 2016 Jochem Raat <jchmrt@riseup.net>
-;;; Copyright © 2016, 2017 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016, 2017 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
 ;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
@@ -3646,7 +3646,9 @@ for application developers.")
                   (grl-plugin-path (getenv "GRL_PLUGIN_PATH")))
               (wrap-program (string-append out "/bin/totem")
                 `("GST_PLUGIN_SYSTEM_PATH" ":" prefix (,gst-plugin-path))
-                `("GRL_PLUGIN_PATH"        ":" prefix (,grl-plugin-path))))
+                `("GRL_PLUGIN_PATH"        ":" prefix (,grl-plugin-path)))
+              (wrap-program (string-append out "/bin/totem-video-thumbnailer")
+                `("GST_PLUGIN_SYSTEM_PATH" ":" prefix (,gst-plugin-path))))
             #t)))))
     (home-page "https://wiki.gnome.org/Apps/Videos")
     (synopsis "Simple media player for GNOME based on GStreamer")
@@ -5848,6 +5850,8 @@ associations for GNOME.")
        ("gnome-system-monitor"      ,gnome-system-monitor)
        ("gnome-terminal"            ,gnome-terminal)
        ("gnome-themes-standard"     ,gnome-themes-standard)
+       ("gst-plugins-base"          ,gst-plugins-base)
+       ("gst-plugins-good"          ,gst-plugins-good)
        ("gucharmap"                 ,gucharmap)
        ("gvfs"                      ,gvfs)
        ("hicolor-icon-theme"        ,hicolor-icon-theme)
@@ -5878,7 +5882,7 @@ documents and diagrams, playing media, scanning, and much more.")
       (source (origin
                 (method git-fetch)
                 (uri (git-reference
-                      (url "git://git.gnome.org/byzanz")
+                      (url "https://git.gnome.org/browse/byzanz")
                       (commit commit)))
                 (file-name (string-append name "-" version "-checkout"))
                 (sha256

gnu/packages/gnunet.scm

@@ -336,7 +336,7 @@ kinds of basic applications for the foundation of a GNU internet.")
       (source (origin
                 (method git-fetch)
                 (uri (git-reference
-                      (url "git://git.sv.gnu.org/guix/gnunet.git")
+                      (url "https://git.savannah.gnu.org/git/guix/gnunet.git/")
                       (commit commit)))
                 (file-name (string-append name "-" version "-checkout"))
                 (sha256

gnu/packages/gnupg.scm

@@ -81,6 +81,7 @@ Daemon and possibly more in the future.")
 
 (define-public libgcrypt
   (package
+    (replacement libgcrypt/fixed)
     (name "libgcrypt")
     (version "1.7.8")
     (source (origin
@@ -115,6 +116,18 @@ generation.")
     (properties '((ftp-server . "ftp.gnupg.org")
                   (ftp-directory . "/gcrypt/libgcrypt")))))
 
+(define libgcrypt/fixed
+  (package
+    (inherit libgcrypt)
+    (version "1.8.1")
+    (source (origin
+             (method url-fetch)
+             (uri (string-append "mirror://gnupg/libgcrypt/libgcrypt-"
+                                 version ".tar.bz2"))
+             (sha256
+              (base32
+               "1cvqd9jk5qshbh48yh3ixw4zyr4n5k50r3475rrh20xfn7w7aa3s"))))))
+
 (define-public libassuan
   (package
     (name "libassuan")
@@ -203,14 +216,14 @@ compatible to GNU Pth.")
 (define-public gnupg
   (package
     (name "gnupg")
-    (version "2.1.23")
+    (version "2.2.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
                                   ".tar.bz2"))
               (sha256
                (base32
-                "0xqd5nm4j3w9lwk35vg57gl2i8bfkmx7d24i44gkbscm2lwpci59"))))
+                "1rj538kp3wsdq7rhl8sy1wpwhlsbxcch0cwk64kgz8gpw05lllfl"))))
     (build-system gnu-build-system)
     (native-inputs
      `(("pkg-config" ,pkg-config)))
@@ -232,7 +245,8 @@ compatible to GNU Pth.")
     `(#:configure-flags '(;; Otherwise, the test suite looks for the `gpg`
                           ;; executable in its installation directory in
                           ;; /gnu/store before it has been installed.
-                          "--enable-gnupg-builddir-envvar")
+                          "--enable-gnupg-builddir-envvar"
+                          "--enable-all-tests")
       #:phases
       (modify-phases %standard-phases
         (add-before 'configure 'patch-paths
@@ -249,26 +263,18 @@ compatible to GNU Pth.")
                (string-append (getcwd) "/tests/gpgscm/gpgscm")))
             #t))
         (add-before 'build 'patch-test-paths
-          (lambda* (#:key inputs #:allow-other-keys)
+          (lambda _
-            (let* ((coreutils (assoc-ref inputs "coreutils"))
+            (substitute* '("tests/inittests"
-                   (cat (string-append coreutils "/bin/cat"))
+                           "tests/pkits/inittests"
-                   (pwd (string-append coreutils "/bin/pwd"))
+                           "tests/Makefile"
-                   (true (string-append coreutils "/bin/true"))
+                           "tests/pkits/common.sh"
-                   (false (string-append coreutils "/bin/false")))
+                           "tests/pkits/Makefile")
-              (substitute* '("tests/inittests"
+             (("/bin/pwd") (which "pwd")))
-                             "tests/pkits/inittests"
+            (substitute* "common/t-exectool.c"
-                             "tests/Makefile"
+              (("/bin/cat") (which "cat"))
-                             "tests/pkits/common.sh"
+              (("/bin/true") (which "true"))
-                             "tests/pkits/Makefile"
+              (("/bin/false") (which "false")))
-                            )
+            #t)))))
-               (("/bin/pwd") pwd))
-              (substitute* "common/t-exectool.c"
-                (("/bin/cat") cat))
-              (substitute* "common/t-exectool.c"
-                (("/bin/true") true))
-              (substitute* "common/t-exectool.c"
-                (("/bin/false") false))
-              #t))))))
     (home-page "https://gnupg.org/")
     (synopsis "GNU Privacy Guard")
     (description

gnu/packages/gnustep.scm

@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 Ludovic Courtès <ludo@gnu.org>
-;;; Copyright © 2016, 2017 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016, 2017 Kei Kebreau <kkebreau@posteo.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;

gnu/packages/gtk.scm

@@ -11,7 +11,7 @@
 ;;; Coypright © 2015, 2016, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Fabian Harfert <fhmgufs@web.de>
-;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2016 Patrick Hetu <patrick.hetu@auf.org>
 ;;; Coypright © 2016 ng0 <ng0@we.make.ritual.n0.is>
 ;;; Coypright © 2017 Roel Janssen <roel@gnu.org>

gnu/packages/guile.scm

@@ -293,6 +293,7 @@ without requiring the source code to be rewritten.")
               (uri (git-reference
                     (url "git://git.hcoop.net/git/bpt/guile.git")
                     (commit "d8d9a8da05ec876acba81a559798eb5eeceb5a17")))
+              (file-name (string-append name "-" version "-checkout"))
               (sha256
                (base32
                 "00sprsshy16y8pxjy126hr2adqcvvzzz96hjyjwgg8swva1qh6b0"))))
@@ -1912,6 +1913,7 @@ manipulate repositories of the Git version control system.")
                 (uri (git-reference
                       (url "git://dthompson.us/guile-syntax-highlight.git")
                       (commit commit)))
+                (file-name (string-append name "-" version "-checkout"))
                 (sha256
                  (base32
                   "1zjr6sg3n7xbdsliy45i39dqanxvcms58ayx36wxrz72zpq58vq3"))))

gnu/packages/hexedit.scm

@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2017 Gábor Boskovits <boskovits@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.

gnu/packages/image.scm

@@ -13,7 +13,7 @@
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2016 Arun Isaac <arunisaac@systemreboot.net>
-;;; Copyright © 2016, 2017 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016, 2017 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2017 ng0 <ng0@infotropique.org>
 ;;; Copyright © 2017 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
@@ -868,7 +868,7 @@ channels.")
                                        version ".tar.gz")))
              (sha256
               (base32
-               "1hsdzlzgkipprqh93yj81mrckl2l7c2mn2i84691pallnjz5qqhc"))))
+               "1yza317qxd8yshvqnay164imm0ks7cvij8y8j86p1gqi1153qpn7"))))
     (build-system gnu-build-system)
     (arguments '(#:tests? #f))                    ; no `check' target
     (propagated-inputs

gnu/packages/imagemagick.scm

@@ -4,6 +4,7 @@
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 Mark H Weaver <mhw@netris.org>
+;;; Copyright © 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -179,7 +180,9 @@ script.")
               (patches
                (search-patches "graphicsmagick-CVE-2017-12935.patch"
                                "graphicsmagick-CVE-2017-12936.patch"
-                               "graphicsmagick-CVE-2017-12937.patch"))))
+                               "graphicsmagick-CVE-2017-12937.patch"
+                               "graphicsmagick-CVE-2017-13775.patch"
+                               "graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch"))))
     (build-system gnu-build-system)
     (arguments
      `(#:configure-flags

gnu/packages/java.scm

@@ -651,8 +651,9 @@ the standard javac executable.  The tool runs on JamVM instead of SableVM.")))
       (source (origin
                 (method git-fetch)
                 (uri (git-reference
-                      (url "git://git.savannah.gnu.org/classpath.git")
+                      (url "https://git.savannah.gnu.org/git/classpath.git")
                       (commit commit)))
+                (file-name (string-append "classpath-" version "-checkout"))
                 (sha256
                  (base32
                   "1v2rww76ww322mpg3s12a1kkc6gkp31bm9gcxs532h0wq285fiw4"))))
@@ -4170,12 +4171,26 @@ more efficient storage-wise than an uncompressed bitmap (as implemented in the
                   #t))))
     (build-system ant-build-system)
     (arguments
-     ;; FIXME: org.slf4j.NoBindingTest fails with the ominous "This code
+     `(#:jar-name "slf4j-api.jar"
-     ;; should have never made it into slf4j-api.jar".
-     `(#:tests? #f
-       #:jar-name "slf4j-api.jar"
        #:source-dir "slf4j-api/src/main"
-       #:test-dir "slf4j-api/src/test"))
+       #:test-dir "slf4j-api/src/test"
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'build 'regenerate-jar
+           (lambda _
+             ;; pom.xml ignores these files in the jar creation process. If we don't,
+             ;; we get the error "This code should have never made it into slf4j-api.jar"
+             (delete-file-recursively "build/classes/org/slf4j/impl")
+             (zero? (system* "jar" "-cf" "build/jar/slf4j-api.jar" "-C"
+                             "build/classes" "."))))
+         (add-before 'check 'dont-test-abstract-classes
+           (lambda _
+             ;; abstract classes are not meant to be run with junit
+             (substitute* "build.xml"
+               (("<include name=\"\\*\\*/\\*Test.java\" />")
+                (string-append "<include name=\"**/*Test.java\" />"
+                               "<exclude name=\"**/MultithreadedInitializationTest"
+                               ".java\" />"))))))))
     (inputs
      `(("java-junit" ,java-junit)
        ("java-hamcrest-core" ,java-hamcrest-core)))

gnu/packages/javascript.scm

@@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -32,7 +33,7 @@
 (define-public font-mathjax
   (package
     (name "font-mathjax")
-    (version "2.7.1")
+    (version "2.7.2")
     (source
      (origin
        (method url-fetch)
@@ -42,7 +43,7 @@
        (file-name (string-append name "-" version ".tar.gz"))
        (sha256
         (base32
-         "0sbib5lk0jrvbq6s72ag6ss3wjlz5wnk07ddxij1kp96yg3c1d1b"))))
+         "1r72di4pg4i6pfhcskkxqmf1158m81ki6a7lbw6nz4zh7xw23hy4"))))
     (build-system trivial-build-system)
     (arguments
      `(#:modules ((guix build utils))
@@ -59,7 +60,8 @@
            (mkdir-p install-directory)
            (zero? (system* "tar" "-C" install-directory "-xvf"
                            (assoc-ref %build-inputs "source")
-                           "MathJax-2.7.1/fonts" "--strip" "2"))))))
+                           ,(string-append "MathJax-" version "/fonts")
+                           "--strip" "2"))))))
     (native-inputs
      `(("gzip" ,gzip)
        ("tar" ,tar)))
@@ -91,7 +93,9 @@
          (setenv "LANG" "en_US.UTF-8")
          (let ((install-directory (string-append %output "/share/javascript/mathjax")))
            (system* "tar" "xvf" (assoc-ref %build-inputs "source")
-                    "MathJax-2.7.1/unpacked" "--strip" "2")
+                    ,(string-append "MathJax-" (package-version font-mathjax)
+                                    "/unpacked")
+                    "--strip" "2")
            (mkdir-p install-directory)
            (symlink (string-append (assoc-ref %build-inputs "font-mathjax")
                                    "/share/fonts/mathjax")

gnu/packages/jemalloc.scm

@@ -23,14 +23,13 @@
   #:use-module ((guix licenses) #:select (bsd-2))
   #:use-module (guix packages)
   #:use-module (guix download)
-  #:use-module (gnu packages base)
+  #:use-module (gnu packages perl)
-  #:use-module (gnu packages gcc)
   #:use-module (guix build-system gnu))
 
 (define-public jemalloc
   (package
     (name "jemalloc")
-    (version "4.5.0")
+    (version "5.0.1")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -38,7 +37,7 @@
                     version "/jemalloc-" version ".tar.bz2"))
               (sha256
                (base32
-                "10373xhpc10pgmai9fkc1z0rs029qlcb3c0qfnvkbwdlcibdh2cl"))))
+                "1sf3lzgb0y8nnyzmp4zrca3sngdxw3kfh20sna9z03jv74fph528"))))
     (build-system gnu-build-system)
     (arguments
      `(#:phases
@@ -56,6 +55,7 @@
            ;; Transparent huge pages are only enabled by default on Intel processors
            '()
            '(#:configure-flags (list "--disable-thp")))))
+    (inputs `(("perl" ,perl)))
     (home-page "http://jemalloc.net/")
     (synopsis "General-purpose scalable concurrent malloc implementation")
     (description

gnu/packages/kde-frameworks.scm

@@ -29,6 +29,7 @@
   #:use-module (gnu packages)
   #:use-module (gnu packages acl)
   #:use-module (gnu packages admin)
+  #:use-module (gnu packages aidc)
   #:use-module (gnu packages attr)
   #:use-module (gnu packages base)
   #:use-module (gnu packages boost)
@@ -1209,6 +1210,31 @@ querying and interacting with hardware independently of the underlying operating
 system.")
     (license license:lgpl2.1+)))
 
+(define-public prison
+  (package
+    (name "prison")
+    (version "5.34.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "mirror://kde/stable/frameworks/"
+                           (version-major+minor version) "/"
+                           name "-" version ".tar.xz"))
+       (sha256
+        (base32 "00wj4yyfhhcq9b54civ5hy1grz70mmi676x50y12crcbbgkxm1lx"))))
+    (build-system cmake-build-system)
+    (native-inputs
+     `(("extra-cmake-modules" ,extra-cmake-modules)))
+    (inputs
+     `(("libdmtx", libdmtx)
+       ("qrencode" ,qrencode)
+       ("qtbase" ,qtbase))) ;; TODO: rethink: nix propagates this
+    (home-page "https://api.kde.org/frameworks/prison/html/index.html")
+    (synopsis "Barcode generation abstraction layer")
+    (description "Prison is a Qt-based barcode abstraction layer/library and
+provides uniform access to generation of barcodes with data.")
+    (license license:lgpl2.1+)))
+
 (define-public sonnet
   (package
     (name "sonnet")

gnu/packages/kde.scm

@@ -39,7 +39,7 @@
 (define-public kdevelop
   (package
     (name "kdevelop")
-    (version "5.1.1")
+    (version "5.1.2")
     (source
       (origin
         (method url-fetch)
@@ -48,7 +48,7 @@
                             version ".tar.xz"))
         (sha256
          (base32
-          "0m6pnmylp1gij5cr75waz8hjry5894qillj5977h467hnbzs808a"))))
+          "1iqaq0ilijjigqb34v5wq9in6bnjs0p9cmgbygjmy53xhh3yhm5g"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)
@@ -151,7 +151,7 @@ for some KDevelop language plugins (Ruby, PHP, CSS...).")
 (define-public kdevplatform
   (package
     (name "kdevplatform")
-    (version "5.1.1")
+    (version "5.1.2")
     (source (origin
               (method url-fetch)
               (uri (string-append "mirror://kde/stable/kdevelop"
@@ -159,7 +159,7 @@ for some KDevelop language plugins (Ruby, PHP, CSS...).")
                                   version ".tar.xz"))
               (sha256
                (base32
-                "09p7lvniw55g6x8v8wl3azlps8c13yx03x1m9cd3qdxi282l8n9i"))))
+                "0jk6g1kiqpyjy8pca0236b9944gxqnymqv8ny6m8nrraannxs8p6"))))
     (build-system cmake-build-system)
     (native-inputs
      `(("extra-cmake-modules" ,extra-cmake-modules)

gnu/packages/ldc.scm

@@ -279,7 +279,7 @@ latest DMD frontend and uses LLVM as backend.")
 (define-public dub
   (package
     (name "dub")
-    (version "1.4.1")
+    (version "1.5.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/dlang/dub/archive/"
@@ -287,7 +287,7 @@ latest DMD frontend and uses LLVM as backend.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "0hpl5srbrzwzv8abc96j4cgbmvm1zhr109ljbl7hrphzzc39zyan"))))
+                "1p9pmzjsmd7v3jpilv0z0c8ar1ykvri6nn5fv95f8d2vriczj29m"))))
    (build-system gnu-build-system)
     (arguments
      `(#:tests? #f ; it would have tested itself by installing some packages (vibe etc)

gnu/packages/linux.scm

@@ -367,8 +367,8 @@ It has been modified to remove all non-free binary blobs.")
 
 (define %intel-compatible-systems '("x86_64-linux" "i686-linux"))
 
-(define %linux-libre-version "4.12.9")
+(define %linux-libre-version "4.12.10")
-(define %linux-libre-hash "1wpsqhaab91l1wdbsxq8pdwrdx3a603zr5zjxbzdsx99pr6iypra")
+(define %linux-libre-hash "06rnmz7jrj4asmarq3f77lzmyk8w6k71qr2rhcvm087g1mxlaahj")
 
 (define-public linux-libre
   (make-linux-libre %linux-libre-version
@@ -377,14 +377,14 @@ It has been modified to remove all non-free binary blobs.")
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.9
-  (make-linux-libre "4.9.45"
+  (make-linux-libre "4.9.46"
-                    "0qdwn2m3iynbjyszkq4hlx891s1b83p9nr1v7vdb20fs4n2cbl9s"
+                    "1wx7lrd3xlcdwdfy23gflklqqq0qlps36r5fm2z5d656xgwb149k"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 
 (define-public linux-libre-4.4
-  (make-linux-libre "4.4.84"
+  (make-linux-libre "4.4.85"
-                    "00lp3471mvwpq5062cynaakjn7bjpylmg1d1wwmhh6fdknd2h1kz"
+                    "1ahcgz2531c0zmyyw54w5z2fzwlqqn68hl7dyy4hxdns4yx3irmz"
                     %intel-compatible-systems
                     #:configuration-file kernel-config))
 

gnu/packages/mail.scm

@@ -896,7 +896,7 @@ compresses it.")
 (define-public claws-mail
   (package
     (name "claws-mail")
-    (version "3.15.0")
+    (version "3.15.1")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -904,7 +904,7 @@ compresses it.")
                     ".tar.xz"))
               (sha256
                (base32
-                "0bnwd3l04y6j1nw3h861rdy6k6lyjzsi51j04d33vbpq8c6jskaf"))))
+                "0hlm2jipyr4z6izlrpvabpz4ivh49i13avnm848kr1nv68pkq2cd"))))
     (build-system gnu-build-system)
     (native-inputs `(("pkg-config" ,pkg-config)))
     (inputs `(("bogofilter" ,bogofilter)

gnu/packages/maths.scm

@@ -11,7 +11,7 @@
 ;;; Copyright © 2015, 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2015 Fabian Harfert <fhmgufs@web.de>
 ;;; Copyright © 2016 Roel Janssen <roel@gnu.org>
-;;; Copyright © 2016 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
 ;;; Copyright © 2016 Thomas Danckaert <post@thomasdanckaert.be>
@@ -149,14 +149,14 @@ interactive dialogs to guide them.")
 (define-public coda
   (package
     (name "coda")
-    (version "2.18")
+    (version "2.18.2")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://github.com/stcorp/coda/releases/download/"
                            version "/coda-" version ".tar.gz"))
        (sha256
-        (base32 "11asla1ap8vd73farqjlpb179sfiy0biydcwxjfcakrp9sf8v9bs"))
+        (base32 "01fnqcby9jijvf3jxr1fk4bny059lvvq5wbqm7ns60ilykfdnm6a"))
        (patches (search-patches "coda-use-system-libs.patch"))
        (modules '((guix build utils)))
        (snippet
@@ -605,7 +605,18 @@ computations.")
                (("@HDF_BUILD_SHARED_TRUE@AM_LDFLAGS = \
 -R\\$\\(abs_top_builddir\\)/mfhdf/libsrc/\\.libs \
 -R\\$\\(abs_top_builddir\\)/hdf/src/\\.libs \\$\\(XDR_ADD\\)") ""))
-             #t)))))
+             #t))
+         (add-after 'configure 'patch-settings
+           (lambda _
+             ;; libhdf4.settings contains the full path of the
+             ;; compilers used, and its contents are included in
+             ;; .so-files.  We truncate the hashes to avoid
+             ;; unnecessary store references to those compilers:
+             (substitute* "libhdf4.settings"
+               (("(/gnu/store/)([a-Z0-9]*)" all prefix hash)
+                (string-append prefix (string-take hash 10) "...")))
+             #t))
+         )))
     (home-page "https://www.hdfgroup.org/products/hdf4/")
     (synopsis
      "Library and multi-object file format for storing and managing data")
@@ -648,16 +659,40 @@ incompatible with HDF5.")
     (build-system gnu-build-system)
     (inputs
      `(("zlib" ,zlib)))
+    (native-inputs
+     `(("gfortran" ,gfortran)))
+    (outputs '("out"       ; core library
+               "fortran")) ; fortran interface
     (arguments
      `(;; Some of the users, notably Flann, need the C++ interface.
-       #:configure-flags '("--enable-cxx")
+       #:configure-flags '("--enable-cxx"
+                           "--enable-fortran"
+                           "--enable-fortran2003")
 
        #:phases
        (modify-phases %standard-phases
          (add-before 'configure 'patch-configure
-           (lambda _
+           (lambda* (#:key outputs #:allow-other-keys)
              (substitute* "configure"
                (("/bin/mv") "mv"))
+             (substitute* "fortran/src/Makefile.in"
+               (("libhdf5_fortran_la_LDFLAGS =")
+                (string-append "libhdf5_fortran_la_LDFLAGS = -Wl-rpath="
+                               (assoc-ref outputs "fortran") "/lib")))
+             (substitute* "hl/fortran/src/Makefile.in"
+               (("libhdf5hl_fortran_la_LDFLAGS =")
+                (string-append "libhdf5hl_fortran_la_LDFLAGS = -Wl,-rpath="
+                               (assoc-ref outputs "fortran") "/lib")))
+             #t))
+         (add-after 'configure 'patch-settings
+           (lambda _
+             ;; libhdf5.settings contains the full path of the
+             ;; compilers used, and its contents are included in
+             ;; libhdf5.so.  We truncate the hashes to avoid
+             ;; unnecessary store references to those compilers:
+             (substitute* "src/libhdf5.settings"
+              (("(/gnu/store/)([a-Z0-9]*)" all prefix hash)
+               (string-append prefix (string-take hash 10) "...")))
              #t))
          (add-after 'install 'patch-references
            (lambda* (#:key inputs outputs #:allow-other-keys)
@@ -666,7 +701,40 @@ incompatible with HDF5.")
                (substitute* (find-files bin "h5p?cc")
                  (("-lz" lib)
                   (string-append "-L" zlib "/lib " lib)))
-               #t))))))
+               #t)))
+         (add-after 'install 'split
+            (lambda* (#:key inputs outputs #:allow-other-keys)
+              ;; Move all fortran-related files
+              (let* ((out (assoc-ref outputs "out"))
+                     (bin (string-append out "/bin"))
+                     (lib (string-append out "/lib"))
+                     (inc (string-append out "/include"))
+                     (ex (string-append out "/share/hdf5_examples/fortran"))
+                     (fort (assoc-ref outputs "fortran"))
+                     (fbin (string-append fort "/bin"))
+                     (flib (string-append fort "/lib"))
+                     (finc (string-append fort "/include"))
+                     (fex (string-append fort "/share/hdf5_examples/fortran")))
+                (mkdir-p fbin)
+                (mkdir-p flib)
+                (mkdir-p finc)
+                (mkdir-p fex)
+                (rename-file (string-append bin "/h5fc")
+                             (string-append fbin "/h5fc"))
+                (for-each (lambda (file)
+                            (rename-file file
+                                         (string-append flib "/" (basename file))))
+                          (find-files lib ".*fortran.*"))
+                (for-each (lambda (file)
+                            (rename-file file
+                                         (string-append finc "/" (basename file))))
+                          (find-files inc ".*mod"))
+                (for-each (lambda (file)
+                            (rename-file file
+                                         (string-append fex "/" (basename file))))
+                          (find-files ex ".*"))
+                (delete-file-recursively ex))
+              #t)))))
     (home-page "http://www.hdfgroup.org")
     (synopsis "Management suite for extremely large and complex data")
     (description "HDF5 is a suite that makes possible the management of
@@ -850,6 +918,29 @@ similar to MATLAB, GNU Octave or SciPy.")
        ("libjpeg" ,libjpeg)))
     (arguments
      `(#:configure-flags '("--enable-doxygen" "--enable-dot" "--enable-hdf4")
+
+       #:phases (modify-phases %standard-phases
+         (add-before 'configure 'fix-source-date
+           (lambda _
+             ;; As we ${SOURCE_DATE_EPOCH} evaluates to "1" in the build
+             ;; environment, `date -u -d ${SOURCE_DATE_EPOCH}` will evaluate
+             ;; to '1st hour of the current day', and therefore makes the
+             ;; package not reproducible.
+             (substitute* "./configure"
+               (("date -u -d \"\\$\\{SOURCE_DATE_EPOCH\\}\"")
+                "date --date='@0'"))
+             #t))
+         (add-after 'configure 'patch-settings
+           (lambda _
+             ;; libnetcdf.settings contains the full filename of the compilers
+             ;; used to build the library.  We truncate the hashes of those
+             ;; filenames to avoid unnecessary references to the corresponding
+             ;; store items.
+             (substitute* "libnetcdf.settings"
+               (("(/gnu/store/)([a-Z0-9]*)" all prefix hash)
+                (string-append prefix (string-take hash 10) "...")))
+             #t)))
+
        #:parallel-tests? #f))           ;various race conditions
     (home-page "http://www.unidata.ucar.edu/software/netcdf/")
     (synopsis "Library for scientific data")
@@ -1946,6 +2037,55 @@ bio-chemistry.")
     ;; See LICENSE_en.txt
     (license license:cecill-c)))
 
+(define-public scotch32
+  ;; This is the 'INTSIZE32' variant, which uses 32-bit integers, as needed by
+  ;; some applications.
+  (package (inherit scotch)
+    (name "scotch32")
+    (arguments
+     (substitute-keyword-arguments (package-arguments scotch)
+       ((#:phases scotch-phases)
+        `(modify-phases ,scotch-phases
+          (replace
+           'configure
+           (lambda _
+             (call-with-output-file "Makefile.inc"
+               (lambda (port)
+                 (format port "
+EXE =
+LIB = .a
+OBJ = .o
+MAKE = make
+AR = ar
+ARFLAGS = -ruv
+CAT = cat
+CCS = gcc
+CCP = mpicc
+CCD = gcc
+CPPFLAGS =~{ -D~a~}
+CFLAGS = -O2 -g -fPIC $(CPPFLAGS)
+LDFLAGS = -lz -lm -lrt -lpthread
+CP = cp
+LEX = flex -Pscotchyy -olex.yy.c
+LN = ln
+MKDIR = mkdir
+MV = mv
+RANLIB = ranlib
+YACC = bison -pscotchyy -y -b y
+"
+                        '("COMMON_FILE_COMPRESS_GZ"
+                          "COMMON_PTHREAD"
+                          "COMMON_RANDOM_FIXED_SEED"
+                          "INTSIZE32"   ;use 32-bit integers.  See INSTALL.txt
+                          ;; Prevents symbolc clashes with libesmumps
+                          "SCOTCH_RENAME"
+                          ;; XXX: Causes invalid frees in superlu-dist tests
+                          ;; "SCOTCH_PTHREAD"
+                          ;; "SCOTCH_PTHREAD_NUMBER=2"
+                          "restrict=__restrict"))))))))))
+    (synopsis
+     "Programs and libraries for graph algorithms (32-bit integers)")))
+
 (define-public pt-scotch
   (package (inherit scotch)
     (name "pt-scotch")
@@ -1969,6 +2109,29 @@ bio-chemistry.")
             (lambda _ (zero? (system* "make" "ptcheck"))))))))
     (synopsis "Programs and libraries for graph algorithms (with MPI)")))
 
+(define-public pt-scotch32
+  (package (inherit scotch32)
+    (name "pt-scotch32")
+    (propagated-inputs
+     `(("openmpi" ,openmpi)))                     ;headers include MPI headers
+    (arguments
+     (substitute-keyword-arguments (package-arguments scotch)
+       ((#:phases scotch-phases)
+        `(modify-phases ,scotch-phases
+           (replace 'build
+             (lambda _
+               (and
+                (zero? (system* "make"
+                                (format #f "-j~a" (parallel-job-count))
+                                "ptscotch" "ptesmumps"))
+                ;; Install the serial metis compatibility library
+                (zero? (system* "make" "-C" "libscotchmetis" "install")))))
+           (replace 'check
+             (lambda _
+               (zero? (system* "make" "ptcheck"))))))))
+    (synopsis
+     "Programs and libraries for graph algorithms (with MPI and 32-bit integers)")))
+
 (define-public metis
   (package
     (name "metis")

gnu/packages/messaging.scm

@@ -747,14 +747,14 @@ instant messenger with audio and video chat capabilities.")
 (define-public qtox
   (package
     (name "qtox")
-    (version "1.10.1")
+    (version "1.11.0")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/qTox/qTox/archive/v"
                                   version ".tar.gz"))
               (sha256
                (base32
-                "0b37an611i2jdri59vsspyl3yf6cn4h0bn9d2jdrkw8d2rfqc8qy"))
+                "1m1ca1ybgj4yfm6a61yyj21f5jpip8dsbliwkfypswhmv5y52f5y"))
               (file-name (string-append name "-" version ".tar.gz"))))
     (build-system cmake-build-system)
     (arguments

gnu/packages/microcom.scm

@@ -32,7 +32,7 @@
     (source (origin
               (method git-fetch)
               (uri (git-reference
-                    (url "git://git.pengutronix.de/git/tools/microcom.git")
+                    (url "https://git.pengutronix.de/git/tools/microcom.git")
                     (commit "v2016.01.0")))
               (file-name (string-append name "-" version "-checkout"))
               (sha256

gnu/packages/music.scm

@@ -5,7 +5,7 @@
 ;;; Copyright © 2016 Al McElrath <hello@yrns.org>
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Leo Famulari <leo@famulari.name>
-;;; Copyright © 2016, 2017 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2016, 2017 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2016 John J. Foerch <jjfoerch@earthlink.net>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2017 ng0 <contact.ng0@cryptolab.net>
@@ -3198,3 +3198,97 @@ specification and header.")
     ;; The DSSI interface is LGPL2.1+, some tests and examples are GPL2+.
     ;; The vast majority of examples are in the public domain.
     (license (list license:lgpl2.1+ license:gpl2+))))
+
+(define-public rosegarden
+  (package
+    (name "rosegarden")
+    (version "17.04")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append
+                    "mirror://sourceforge/rosegarden/rosegarden/"
+                    version "/rosegarden-" version ".tar.bz2"))
+              (sha256
+               (base32
+                "1khfcj22asdhjh0jvhkqsz200wgmigkhsrcz09ffia5hqm0n32lq"))))
+    (build-system cmake-build-system)
+    (arguments
+     `(#:configure-flags '("-DUSE_QT5=1") ; "-DCMAKE_BUILD_TYPE=Release"
+       #:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'patch-tests
+           (lambda _
+             (substitute* "CMakeLists.txt"
+               (("BUILD_TESTING OFF") "BUILD_TESTING ON")
+               ;; Make tests work.
+               ((" -fvisibility=hidden") ""))
+             #t))
+         (add-after 'unpack 'fix-references
+           (lambda* (#:key inputs #:allow-other-keys)
+             (substitute* "src/gui/general/ProjectPackager.cpp"
+               (("\"flac\\>")
+                (string-append "\"" (assoc-ref inputs "flac") "/bin/flac"))
+               (("\"wavpack\\>")
+                (string-append "\"" (assoc-ref inputs "wavpack") "/bin/wavpack"))
+               (("\"wvunpack\\>")
+                (string-append "\"" (assoc-ref inputs "wavpack") "/bin/wvunpack"))
+               (("\"bash\\>")
+                (string-append "\"" (assoc-ref inputs "bash") "/bin/bash"))
+               (("\"tar\\>")
+                (string-append "\"" (assoc-ref inputs "tar") "/bin/tar")))
+             (substitute* "src/gui/general/LilyPondProcessor.cpp"
+               (("\"convert-ly\\>")
+                (string-append "\"" (assoc-ref inputs "lilypond") "/bin/convert-ly"))
+               (("\"lilypond\\>")
+                (string-append "\"" (assoc-ref inputs "lilypond") "/bin/lilypond")))
+             #t))
+         (add-after 'unpack 'make-reproducible
+           (lambda _
+             ;; Prevent Last-Modified from being written.
+             ;; The "*.qm" files that are used in locale.qrc would have a new
+             ;; mtime otherwise that is written into qrc_locale.cpp in the
+             ;; end - except when we disable it.
+             (substitute* "src/CMakeLists.txt"
+               (("COMMAND [$][{]QT_RCC_EXECUTABLE[}]")
+                "COMMAND ${QT_RCC_EXECUTABLE} --format-version 1")
+               ;; Extraneous.
+               ;(("qt5_add_resources[(]rg_SOURCES ../data/data.qrc[)]")
+               ; "qt5_add_resources(rg_SOURCES ../data/data.qrc OPTIONS --format-version 1)")
+                )
+             ;; Make hashtable traversal order predicable.
+             (setenv "QT_RCC_TEST" "1") ; important
+             #t))
+         (add-before 'check 'prepare-check
+           (lambda _
+             (setenv "QT_QPA_PLATFORM" "offscreen")
+             ;; Tests create files in $HOME/.local/share/rosegarden .
+             (mkdir-p "/tmp/foo")
+             (setenv "HOME" "/tmp/foo")
+             #t)))))
+    (inputs
+     `(("alsa-lib" ,alsa-lib)
+       ("bash" ,bash)
+       ("dssi" ,dssi)
+       ("flac" ,flac)
+       ("fftwf" ,fftwf)
+       ("jack-2" ,jack-2)
+       ("ladspa" ,ladspa)
+       ("liblo" ,liblo)
+       ("libsamplerate" ,libsamplerate)
+       ("lilypond" ,lilypond)
+       ("lrdf" ,lrdf)
+       ("qtbase" ,qtbase)
+       ("tar" ,tar)
+       ("lirc" ,lirc)
+       ("wavpack" ,wavpack)
+       ("zlib" ,zlib)))
+    (native-inputs
+     `(("pkg-config" ,pkg-config)
+       ("qtlinguist" ,qttools)))
+    (synopsis "Music composition and editing environment based around a MIDI
+sequencer")
+    (description "Rosegarden is a music composition and editing environment
+based around a MIDI sequencer that features a rich understanding of music
+notation and includes basic support for digital audio.")
+    (home-page "http://www.rosegardenmusic.com/")
+    (license license:gpl2)))

gnu/packages/nano.scm

@@ -29,7 +29,7 @@
 (define-public nano
   (package
     (name "nano")
-    (version "2.8.6")
+    (version "2.8.7")
     (source
      (origin
       (method url-fetch)
@@ -37,7 +37,7 @@
                           version ".tar.xz"))
       (sha256
        (base32
-        "0xjpm2ka56x5ycrgjh06v110na13xlbm42bs8qibk7g578m9cils"))))
+        "0nhns59smd43mad2w6lnaxqnj4h6ifnlivi6cwydg646jm31gqzv"))))
     (build-system gnu-build-system)
     (inputs
      `(("gettext" ,gettext-minimal)

gnu/packages/networking.scm

@@ -417,7 +417,7 @@ and min/max network usage.")
            (lambda* (#:key inputs #:allow-other-keys)
              (substitute* "src/tun.c"
                (("PATH=[^ ]* ")
-                (string-append (assoc-ref inputs "net-tools") "/sbin/")))))
+                (string-append (assoc-ref inputs "net-tools") "/bin/")))))
          (add-before 'check 'delete-failing-tests
            ;; Avoid https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802105.
            (lambda _

gnu/packages/ocaml.scm

@@ -575,6 +575,46 @@ assistant to write formal mathematical proofs using a variety of theorem
 provers.")
     (license license:gpl2+)))
 
+(define-public emacs-tuareg
+  (package
+    (name "emacs-tuareg")
+    (version "2.0.10")
+    (source (origin
+              (method url-fetch)
+              (uri (string-append "https://github.com/ocaml/tuareg/archive/"
+                                  version ".tar.gz"))
+              (file-name (string-append name "-" version ".tar.gz"))
+              (sha256
+               (base32
+                "1r2smclcs63n74lcyckbp90j09wyjdngn816cqzfkw54iwh3hd7q"))))
+    (build-system gnu-build-system)
+    (native-inputs `(("emacs" ,emacs-minimal)
+                     ("opam" ,opam)))
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (delete 'configure)
+         (add-before 'install 'fix-install-path
+           (lambda* (#:key outputs #:allow-other-keys)
+             (substitute* "Makefile"
+               (("/emacs/site-lisp")
+                (string-append (assoc-ref %outputs "out")
+                               "/share/emacs/site-lisp/")))
+             #t))
+         (add-after 'install 'post-install
+           (lambda* (#:key outputs #:allow-other-keys)
+             (symlink "tuareg.el"
+                      (string-append (assoc-ref outputs "out")
+                                     "/share/emacs/site-lisp/"
+                                     "tuareg-autoloads.el"))
+             #t)))))
+    (home-page "https://github.com/ocaml/tuareg")
+    (synopsis "OCaml programming mode, REPL, debugger for Emacs")
+    (description "Tuareg helps editing OCaml code, to highlight important
+parts of the code, to run an OCaml REPL, and to run the OCaml debugger within
+Emacs.")
+    (license license:gpl2+)))
+
 (define-public ocaml-menhir
   (package
     (name "ocaml-menhir")

gnu/packages/package-management.scm

@@ -2,6 +2,7 @@
 ;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015, 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2017 Muriithi Frederick Muriuki <fredmanglis@gmail.com>
+;;; Copyright © 2017 Oleg Pykhalov <go.wigust@gmail.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -26,6 +27,7 @@
   #:use-module (guix utils)
   #:use-module (guix build-system gnu)
   #:use-module (guix build-system python)
+  #:use-module (guix build-system emacs)
   #:use-module ((guix licenses) #:select (gpl2+ gpl3+ lgpl2.1+ asl2.0 bsd-3))
   #:use-module (gnu packages)
   #:use-module (gnu packages guile)
@@ -310,10 +312,11 @@ generated file."
      #t)))
 
 (define-public current-guix
-  (let ((select? (delay (or (git-predicate
+  (let* ((repository-root (canonicalize-path
-                             (string-append (current-source-directory)
+                           (string-append (current-source-directory)
-                                            "/../.."))
+                                          "/../..")))
-                            source-file?))))
+         (select? (delay (or (git-predicate repository-root)
+                             source-file?))))
     (lambda ()
       "Return a package representing Guix built from the current source tree.
 This works by adding the current source tree to the store (after filtering it
@@ -321,7 +324,7 @@ out) and returning a package that uses that as its 'source'."
       (package
         (inherit guix)
         (version (string-append (package-version guix) "+"))
-        (source (local-file "../.." "guix-current"
+        (source (local-file repository-root "guix-current"
                             #:recursive? #t
                             #:select? (force select?)))))))
 
@@ -379,6 +382,23 @@ store, usually the directory /nix/store, where each package has its own unique
 sub-directory.")
     (license lgpl2.1+)))
 
+(define-public emacs-nix-mode
+  (package
+    (inherit nix)
+    (name "emacs-nix-mode")
+    (build-system emacs-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-after 'unpack 'chdir-elisp
+           ;; Elisp directory is not in root of the source.
+           (lambda _
+             (chdir "misc/emacs"))))))
+    (synopsis "Emacs major mode for editing Nix expressions")
+    (description "@code{nixos-mode} provides an Emacs major mode for editing
+Nix expressions.  It supports syntax highlighting, indenting and refilling of
+comments.")))
+
 (define-public stow
   (package
     (name "stow")

gnu/packages/patches/gd-CVE-2017-7890.patch

@@ -1,30 +0,0 @@
-From 99ba5c353373ed198f54af66fe4e355ebb96e363 Mon Sep 17 00:00:00 2001
-From: LEPILLER Julien <julien@lepiller.eu>
-Date: Thu, 3 Aug 2017 17:04:17 +0200
-Subject: [PATCH] Fix #399: Buffer over-read into uninitialized memory.
-
-The stack allocated color map buffers were not zeroed before usage, and
-so undefined palette indexes could cause information leakage.
-
-This is CVE-2017-7890.
----
- src/gd_gif_in.c | 3 +++
- 1 file changed, 3 insertions(+)
-
-diff --git a/src/gd_gif_in.c b/src/gd_gif_in.c
-index 008d1ec..c195448 100644
---- a/src/gd_gif_in.c
-+++ b/src/gd_gif_in.c
-@@ -216,6 +216,9 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromGifCtx(gdIOCtxPtr fd)
- 
- 	gdImagePtr im = 0;
- 
-+	memset(ColorMap, 0, 3 * MAXCOLORMAPSIZE);
-+	memset(localColorMap, 0, 3 * MAXCOLORMAPSIZE);
-+
- 	if(!ReadOK(fd, buf, 6)) {
- 		return 0;
- 	}
--- 
-2.13.3
-

gnu/packages/patches/graphicsmagick-CVE-2017-13775.patch

@@ -0,0 +1,195 @@
+http://openwall.com/lists/oss-security/2017/08/31/3
+http://hg.code.sf.net/p/graphicsmagick/code/raw-rev/b037d79b6ccd
+
+some changes were made to make the patch apply
+
+# HG changeset patch
+# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
+# Date 1503774853 18000
+# Node ID b037d79b6ccd0cfba7ba9ce09b454ed46d688036
+# Parent  198ea602ea7cc767dc3022bbcf887bcd4534158d
+JNX: Fix DOS issues
+
+diff -r 198ea602ea7c -r b037d79b6ccd coders/jnx.c
+--- a/coders/jnx.c	Tue Aug 22 08:08:30 2017 -0500
++++ b/coders/jnx.c	Sat Aug 26 14:14:13 2017 -0500
+@@ -1,5 +1,5 @@
+ /*
+-% Copyright (C) 2012-2015 GraphicsMagick Group
++% Copyright (C) 2012-2017 GraphicsMagick Group
+ %
+ % This program is covered by multiple licenses, which are described in
+ % Copyright.txt. You should have received a copy of Copyright.txt with this
+@@ -100,6 +100,7 @@
+ 
+   char img_label_str[MaxTextExtent];
+ 
++
+   alloc_size = TileInfo->PicSize + 2;
+ 
+   if (image->logging)
+@@ -242,6 +243,9 @@
+     total_tiles,
+     current_tile;
+ 
++  magick_off_t
++    file_size;
++
+   /* Open image file. */
+   assert(image_info != (const ImageInfo *) NULL);
+   assert(image_info->signature == MagickSignature);
+@@ -254,9 +258,8 @@
+   if (status == False)
+     ThrowReaderException(FileOpenError, UnableToOpenFile, image);
+ 
+-  memset(JNXLevelInfo, 0, sizeof(JNXLevelInfo));
+-
+   /* Read JNX image header. */
++  (void) memset(&JNXHeader, 0, sizeof(JNXHeader));
+   JNXHeader.Version = ReadBlobLSBLong(image);
+   if (JNXHeader.Version > 4)
+     ThrowReaderException(CorruptImageError, ImproperImageHeader, image);
+@@ -266,8 +269,6 @@
+   JNXHeader.MapBounds.SouthWest.lat = ReadBlobLSBLong(image);
+   JNXHeader.MapBounds.SouthWest.lon = ReadBlobLSBLong(image);
+   JNXHeader.Levels = ReadBlobLSBLong(image);
+-  if (JNXHeader.Levels > 20)
+-    ThrowReaderException(CorruptImageError, ImproperImageHeader, image);
+   JNXHeader.Expiration = ReadBlobLSBLong(image);
+   JNXHeader.ProductID = ReadBlobLSBLong(image);
+   JNXHeader.CRC = ReadBlobLSBLong(image);
+@@ -279,7 +280,41 @@
+   if (EOFBlob(image))
+     ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
+ 
++  file_size = GetBlobSize(image);
++
++  (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                        "JNX Header:\n"
++                        "    Version:    %u\n"
++                        "    DeviceSN:   %u\n"
++                        "    MapBounds:\n"
++                        "      NorthEast: lat = %u, lon = %u\n"
++                        "      SouthWest: lat = %u, lon = %u\n"
++                        "    Levels:     %u\n"
++                        "    Expiration: %u\n"
++                        "    ProductID:  %u\n"
++                        "    CRC:        %u\n"
++                        "    SigVersion: %u\n"
++                        "    SigOffset:  %u\n"
++                        "    ZOrder:     %u",
++                        JNXHeader.Version,
++                        JNXHeader.DeviceSN,
++                        JNXHeader.MapBounds.NorthEast.lat,
++                        JNXHeader.MapBounds.NorthEast.lon,
++                        JNXHeader.MapBounds.SouthWest.lat,
++                        JNXHeader.MapBounds.SouthWest.lon,
++                        JNXHeader.Levels,
++                        JNXHeader.Expiration,
++                        JNXHeader.ProductID,
++                        JNXHeader.CRC,
++                        JNXHeader.SigVersion,
++                        JNXHeader.SigOffset,
++                        JNXHeader.ZOrder);
++
++  if (JNXHeader.Levels > 20)
++    ThrowReaderException(CorruptImageError, ImproperImageHeader, image);
++
+   /* Read JNX image level info. */
++  memset(JNXLevelInfo, 0, sizeof(JNXLevelInfo));
+   total_tiles = 0;
+   current_tile = 0;
+   for (i = 0; i < JNXHeader.Levels; i++)
+@@ -302,11 +337,23 @@
+         {
+           JNXLevelInfo[i].Copyright = NULL;
+         }
++
++      if (EOFBlob(image))
++        ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
++
++      if (image->logging)
++        (void) LogMagickEvent(CoderEvent,GetMagickModule(),
++                              "Level[%u] Info:"
++                              "  TileCount: %4u"
++                              "  TilesOffset: %6u"
++                              "  Scale: %04u",
++                              i,
++                              JNXLevelInfo[i].TileCount,
++                              JNXLevelInfo[i].TilesOffset,
++                              JNXLevelInfo[i].Scale
++                              );
+     }
+ 
+-  if (EOFBlob(image))
+-    ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
+-
+   /* Get the current limit */
+   SaveLimit = GetMagickResourceLimit(MapResource);
+ 
+@@ -316,11 +363,32 @@
+   /* Read JNX image data. */
+   for (i = 0; i < JNXHeader.Levels; i++)
+     {
++      /*
++        Validate TileCount against remaining file data
++      */
++      const magick_off_t current_offset = TellBlob(image);
++      const size_t pos_list_entry_size =
++        sizeof(magick_uint32_t) + sizeof(magick_uint32_t) + sizeof(magick_uint32_t) +
++        sizeof(magick_uint32_t) + sizeof(magick_uint16_t) + sizeof(magick_uint16_t) +
++        sizeof(magick_uint32_t) + sizeof(magick_uint32_t);
++      const magick_off_t remaining = file_size-current_offset;
++      const size_t needed = MagickArraySize(pos_list_entry_size,JNXLevelInfo[i].TileCount);
++
++      if ((needed == 0U) || (remaining <= 0) || (remaining < (magick_off_t) needed))
++        {
++          (void) SetMagickResourceLimit(MapResource, SaveLimit);
++          ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
++        }
++
+       PositionList = MagickAllocateArray(TJNXTileInfo *,
+                                          JNXLevelInfo[i].TileCount,
+                                          sizeof(TJNXTileInfo));
+       if (PositionList == NULL)
+-        continue;
++        {
++          (void) SetMagickResourceLimit(MapResource, SaveLimit);
++          ThrowReaderException(ResourceLimitError,MemoryAllocationFailed,
++                               image);
++        }
+ 
+       (void) SeekBlob(image, JNXLevelInfo[i].TilesOffset, SEEK_SET);
+       for (j = 0; j < JNXLevelInfo[i].TileCount; j++)
+@@ -333,12 +401,15 @@
+           PositionList[j].PicHeight = ReadBlobLSBShort(image);
+           PositionList[j].PicSize = ReadBlobLSBLong(image);
+           PositionList[j].PicOffset = ReadBlobLSBLong(image);
+-        }
+ 
+-      if (EOFBlob(image))
+-        {
+-          MagickFreeMemory(PositionList);
+-          ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
++          if (EOFBlob(image) ||
++              ((magick_off_t) PositionList[j].PicOffset +
++               PositionList[j].PicSize > file_size))
++            {
++              (void) SetMagickResourceLimit(MapResource, SaveLimit);
++              MagickFreeMemory(PositionList);
++              ThrowReaderException(CorruptImageError,UnexpectedEndOfFile,image);
++            }
+         }
+ 
+       for (j = 0; j < JNXLevelInfo[i].TileCount; j++)
+@@ -351,6 +422,9 @@
+           image = ExtractTileJPG(image, image_info, PositionList+j, exception);
+           (void) SetMonitorHandler(previous_handler);
+ 
++          if (exception->severity >= ErrorException)
++            break;
++
+           current_tile++;
+           if (QuantumTick(current_tile,total_tiles))
+             if (!MagickMonitorFormatted(current_tile,total_tiles,exception,
+

gnu/packages/patches/graphicsmagick-CVE-2017-13776+CVE-2017-13777.patch

@@ -0,0 +1,179 @@
+http://openwall.com/lists/oss-security/2017/08/31/1
+http://openwall.com/lists/oss-security/2017/08/31/2
+http://hg.code.sf.net/p/graphicsmagick/code/raw-rev/233a720bfd5e
+
+some changes were made to make the patch apply
+
+# HG changeset patch
+# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
+# Date 1503779175 18000
+# Node ID 233a720bfd5efd378f133a776507ed41230da617
+# Parent  b037d79b6ccd0cfba7ba9ce09b454ed46d688036
+XBM: Fix DOS issues.
+
+diff -r b037d79b6ccd -r 233a720bfd5e coders/xbm.c
+--- a/coders/xbm.c	Sat Aug 26 14:14:13 2017 -0500
++++ b/coders/xbm.c	Sat Aug 26 15:26:15 2017 -0500
+@@ -1,5 +1,5 @@
+ /*
+-% Copyright (C) 2003 -2012 GraphicsMagick Group
++% Copyright (C) 2003-2017 GraphicsMagick Group
+ % Copyright (C) 2002 ImageMagick Studio
+ % Copyright 1991-1999 E. I. du Pont de Nemours and Company
+ %
+@@ -121,13 +121,15 @@
+ 
+ static int XBMInteger(Image *image,short int *hex_digits)
+ {
++  unsigned int
++    flag;
++
+   int
+     c,
+-    flag,
+     value;
+ 
+   value=0;
+-  flag=0;
++  flag=0U;
+   for ( ; ; )
+   {
+     c=ReadBlobByte(image);
+@@ -158,18 +160,14 @@
+   Image
+     *image;
+ 
+-  int
+-    bit;
+-
+-  long
+-    y;
+-
+   register IndexPacket
+     *indexes;
+ 
+-  register long
++  register size_t
++    bytes_per_line,
+     i,
+-    x;
++    x,
++    y;
+ 
+   register PixelPacket
+     *q;
+@@ -177,22 +175,24 @@
+   register unsigned char
+     *p;
+ 
+-  short int
+-    hex_digits[256];
+-
+   unsigned char
+     *data;
+ 
+   unsigned int
++    bit,
++    byte,
++    padding,
++    version;
++
++  int
++    value;
++
++  short int
++    hex_digits[256];
++
++  MagickPassFail
+     status;
+ 
+-  unsigned long
+-    byte,
+-    bytes_per_line,
+-    padding,
+-    value,
+-    version;
+-
+   /*
+     Open image file.
+   */
+@@ -207,6 +207,8 @@
+   /*
+     Read X bitmap header.
+   */
++  (void) memset(buffer,0,sizeof(buffer));
++  name[0]='\0';
+   while (ReadBlobString(image,buffer) != (char *) NULL)
+     if (sscanf(buffer,"#define %s %lu",name,&image->columns) == 2)
+       if ((strlen(name) >= 6) &&
+@@ -278,6 +280,8 @@
+   /*
+     Initialize hex values.
+   */
++  for (i = 0; i < sizeof(hex_digits)/sizeof(hex_digits[0]); i++)
++    hex_digits[i]=(-1);
+   hex_digits['0']=0;
+   hex_digits['1']=1;
+   hex_digits['2']=2;
+@@ -311,40 +315,50 @@
+   */
+   p=data;
+   if (version == 10)
+-    for (i=0; i < (long) (bytes_per_line*image->rows); (i+=2))
++    for (i=0; i < (bytes_per_line*image->rows); (i+=2))
+     {
+       value=XBMInteger(image,hex_digits);
++      if (value < 0)
++        {
++          MagickFreeMemory(data);
++          ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
++        }
+       *p++=(unsigned char) value;
+       if (!padding || ((i+2) % bytes_per_line))
+         *p++=(unsigned char) (value >> 8);
+     }
+   else
+-    for (i=0; i < (long) (bytes_per_line*image->rows); i++)
++    for (i=0; i < (bytes_per_line*image->rows); i++)
+     {
+       value=XBMInteger(image,hex_digits);
++      if (value < 0)
++        {
++          MagickFreeMemory(data);
++          ThrowReaderException(CorruptImageError,ImproperImageHeader,image);
++        }
+       *p++=(unsigned char) value;
+     }
+   /*
+     Convert X bitmap image to pixel packets.
+   */
+   p=data;
+-  for (y=0; y < (long) image->rows; y++)
++  for (y=0; y < image->rows; y++)
+   {
+     q=SetImagePixels(image,0,y,image->columns,1);
+     if (q == (PixelPacket *) NULL)
+       break;
+     indexes=AccessMutableIndexes(image);
+-    bit=0;
+-    byte=0;
+-    for (x=0; x < (long) image->columns; x++)
++    bit=0U;
++    byte=0U;
++    for (x=0; x < image->columns; x++)
+     {
+-      if (bit == 0)
++      if (bit == 0U)
+         byte=(*p++);
+       indexes[x]=byte & 0x01 ? 0x01 : 0x00;
+       bit++;
+-      byte>>=1;
+-      if (bit == 8)
+-        bit=0;
++      byte>>=1U;
++      if (bit == 8U)
++        bit=0U;
+     }
+     if (!SyncImagePixels(image))
+       break;
+

gnu/packages/patches/libxml2-CVE-2017-0663.patch

@@ -0,0 +1,53 @@
+Fix CVE-2017-0663:
+
+https://bugzilla.gnome.org/show_bug.cgi?id=780228 (not yet public)
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0663
+https://security-tracker.debian.org/tracker/CVE-2017-0663
+
+Patch copied from upstream source repository:
+
+https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66
+
+From 92b9e8c8b3787068565a1820ba575d042f9eec66 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Tue, 6 Jun 2017 12:56:28 +0200
+Subject: [PATCH] Fix type confusion in xmlValidateOneNamespace
+
+Comment out code that casts xmlNsPtr to xmlAttrPtr. ID types on
+namespace declarations make no practical sense anyway.
+
+Fixes bug 780228.
+
+Found with libFuzzer and ASan.
+---
+ valid.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/valid.c b/valid.c
+index 8075d3a0..c51ea290 100644
+--- a/valid.c
++++ b/valid.c
+@@ -4627,6 +4627,12 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
+ 	}
+     }
+ 
++    /*
++     * Casting ns to xmlAttrPtr is wrong. We'd need separate functions
++     * xmlAddID and xmlAddRef for namespace declarations, but it makes
++     * no practical sense to use ID types anyway.
++     */
++#if 0
+     /* Validity Constraint: ID uniqueness */
+     if (attrDecl->atype == XML_ATTRIBUTE_ID) {
+         if (xmlAddID(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
+@@ -4638,6 +4644,7 @@ xmlNodePtr elem, const xmlChar *prefix, xmlNsPtr ns, const xmlChar *value) {
+         if (xmlAddRef(ctxt, doc, value, (xmlAttrPtr) ns) == NULL)
+ 	    ret = 0;
+     }
++#endif
+ 
+     /* Validity Constraint: Notation Attributes */
+     if (attrDecl->atype == XML_ATTRIBUTE_NOTATION) {
+-- 
+2.14.1
+

gnu/packages/patches/libxml2-CVE-2017-7375.patch

@@ -0,0 +1,45 @@
+Fix CVE-2017-7375:
+
+https://bugzilla.gnome.org/show_bug.cgi?id=780691 (not yet public)
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7375
+https://security-tracker.debian.org/tracker/CVE-2017-7375
+
+Patch copied from upstream source repository:
+
+https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e
+
+From 90ccb58242866b0ba3edbef8fe44214a101c2b3e Mon Sep 17 00:00:00 2001
+From: Neel Mehta <nmehta@google.com>
+Date: Fri, 7 Apr 2017 17:43:02 +0200
+Subject: [PATCH] Prevent unwanted external entity reference
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=780691
+
+* parser.c: add a specific check to avoid PE reference
+---
+ parser.c | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/parser.c b/parser.c
+index 609a2703..c2c812de 100644
+--- a/parser.c
++++ b/parser.c
+@@ -8123,6 +8123,15 @@ xmlParsePEReference(xmlParserCtxtPtr ctxt)
+ 	    if (xmlPushInput(ctxt, input) < 0)
+ 		return;
+ 	} else {
++	    if ((entity->etype == XML_EXTERNAL_PARAMETER_ENTITY) &&
++	        ((ctxt->options & XML_PARSE_NOENT) == 0) &&
++		((ctxt->options & XML_PARSE_DTDVALID) == 0) &&
++		((ctxt->options & XML_PARSE_DTDLOAD) == 0) &&
++		((ctxt->options & XML_PARSE_DTDATTR) == 0) &&
++		(ctxt->replaceEntities == 0) &&
++		(ctxt->validate == 0))
++		return;
++
+ 	    /*
+ 	     * TODO !!!
+ 	     * handle the extra spaces added before and after
+-- 
+2.14.1
+

gnu/packages/patches/libxml2-CVE-2017-7376.patch

@@ -0,0 +1,41 @@
+Fix CVE-2017-7376:
+
+https://bugzilla.gnome.org/show_bug.cgi?id=780690 (not yet public)
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7376
+https://security-tracker.debian.org/tracker/CVE-2017-7376
+
+Patch copied from upstream source repository:
+
+https://git.gnome.org/browse/libxml2/commit/?id=5dca9eea1bd4263bfa4d037ab2443de1cd730f7e
+
+From 5dca9eea1bd4263bfa4d037ab2443de1cd730f7e Mon Sep 17 00:00:00 2001
+From: Daniel Veillard <veillard@redhat.com>
+Date: Fri, 7 Apr 2017 17:13:28 +0200
+Subject: [PATCH] Increase buffer space for port in HTTP redirect support
+
+For https://bugzilla.gnome.org/show_bug.cgi?id=780690
+
+nanohttp.c: the code wrongly assumed a short int port value.
+---
+ nanohttp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/nanohttp.c b/nanohttp.c
+index e109ad75..373425de 100644
+--- a/nanohttp.c
++++ b/nanohttp.c
+@@ -1423,9 +1423,9 @@ retry:
+     if (ctxt->port != 80) {
+ 	/* reserve space for ':xxxxx', incl. potential proxy */
+ 	if (proxy)
+-	    blen += 12;
++	    blen += 17;
+ 	else
+-	    blen += 6;
++	    blen += 11;
+     }
+     bp = (char*)xmlMallocAtomic(blen);
+     if ( bp == NULL ) {
+-- 
+2.14.1
+

gnu/packages/patches/libxml2-CVE-2017-9049+CVE-2017-9050.patch

@@ -0,0 +1,319 @@
+Fix CVE-2017-{9049,9050}:
+
+https://bugzilla.gnome.org/show_bug.cgi?id=781205 (not yet public)
+https://bugzilla.gnome.org/show_bug.cgi?id=781361 (not yet public)
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9050
+http://www.openwall.com/lists/oss-security/2017/05/15/1
+https://security-tracker.debian.org/tracker/CVE-2017-9049
+https://security-tracker.debian.org/tracker/CVE-2017-9050
+
+Patch copied from upstream source repository:
+
+https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3
+
+Changes to 'runtest.c' are removed since they introduce test failure
+when applying to libxml2 2.9.4 release tarball.
+
+From e26630548e7d138d2c560844c43820b6767251e3 Mon Sep 17 00:00:00 2001
+From: Nick Wellnhofer <wellnhofer@aevum.de>
+Date: Mon, 5 Jun 2017 15:37:17 +0200
+Subject: [PATCH] Fix handling of parameter-entity references
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+There were two bugs where parameter-entity references could lead to an
+unexpected change of the input buffer in xmlParseNameComplex and
+xmlDictLookup being called with an invalid pointer.
+
+Percent sign in DTD Names
+=========================
+
+The NEXTL macro used to call xmlParserHandlePEReference. When parsing
+"complex" names inside the DTD, this could result in entity expansion
+which created a new input buffer. The fix is to simply remove the call
+to xmlParserHandlePEReference from the NEXTL macro. This is safe because
+no users of the macro require expansion of parameter entities.
+
+- xmlParseNameComplex
+- xmlParseNCNameComplex
+- xmlParseNmtoken
+
+The percent sign is not allowed in names, which are grammatical tokens.
+
+- xmlParseEntityValue
+
+Parameter-entity references in entity values are expanded but this
+happens in a separate step in this function.
+
+- xmlParseSystemLiteral
+
+Parameter-entity references are ignored in the system literal.
+
+- xmlParseAttValueComplex
+- xmlParseCharDataComplex
+- xmlParseCommentComplex
+- xmlParsePI
+- xmlParseCDSect
+
+Parameter-entity references are ignored outside the DTD.
+
+- xmlLoadEntityContent
+
+This function is only called from xmlStringLenDecodeEntities and
+entities are replaced in a separate step immediately after the function
+call.
+
+This bug could also be triggered with an internal subset and double
+entity expansion.
+
+This fixes bug 766956 initially reported by Wei Lei and independently by
+Chromium's ClusterFuzz, Hanno Böck, and Marco Grassi. Thanks to everyone
+involved.
+
+xmlParseNameComplex with XML_PARSE_OLD10
+========================================
+
+When parsing Names inside an expanded parameter entity with the
+XML_PARSE_OLD10 option, xmlParseNameComplex would call xmlGROW via the
+GROW macro if the input buffer was exhausted. At the end of the
+parameter entity's replacement text, this function would then call
+xmlPopInput which invalidated the input buffer.
+
+There should be no need to invoke GROW in this situation because the
+buffer is grown periodically every XML_PARSER_CHUNK_SIZE characters and,
+at least for UTF-8, in xmlCurrentChar. This also matches the code path
+executed when XML_PARSE_OLD10 is not set.
+
+This fixes bugs 781205 (CVE-2017-9049) and 781361 (CVE-2017-9050).
+Thanks to Marcel Böhme and Thuan Pham for the report.
+
+Additional hardening
+====================
+
+A separate check was added in xmlParseNameComplex to validate the
+buffer size.
+---
+ Makefile.am                     | 18 ++++++++++++++++++
+ parser.c                        | 18 ++++++++++--------
+ result/errors10/781205.xml      |  0
+ result/errors10/781205.xml.err  | 21 +++++++++++++++++++++
+ result/errors10/781361.xml      |  0
+ result/errors10/781361.xml.err  | 13 +++++++++++++
+ result/valid/766956.xml         |  0
+ result/valid/766956.xml.err     |  9 +++++++++
+ result/valid/766956.xml.err.rdr | 10 ++++++++++
+ runtest.c                       |  3 +++
+ test/errors10/781205.xml        |  3 +++
+ test/errors10/781361.xml        |  3 +++
+ test/valid/766956.xml           |  2 ++
+ test/valid/dtds/766956.dtd      |  2 ++
+ 14 files changed, 94 insertions(+), 8 deletions(-)
+ create mode 100644 result/errors10/781205.xml
+ create mode 100644 result/errors10/781205.xml.err
+ create mode 100644 result/errors10/781361.xml
+ create mode 100644 result/errors10/781361.xml.err
+ create mode 100644 result/valid/766956.xml
+ create mode 100644 result/valid/766956.xml.err
+ create mode 100644 result/valid/766956.xml.err.rdr
+ create mode 100644 test/errors10/781205.xml
+ create mode 100644 test/errors10/781361.xml
+ create mode 100644 test/valid/766956.xml
+ create mode 100644 test/valid/dtds/766956.dtd
+
+diff --git a/Makefile.am b/Makefile.am
+index 6fc8ffa9..10e716a5 100644
+--- a/Makefile.am
++++ b/Makefile.am
+@@ -427,6 +427,24 @@ Errtests : xmllint$(EXEEXT)
+ 	      if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \
+ 	      rm result.$$name error.$$name ; \
+ 	  fi ; fi ; done)
++	@echo "## Error cases regression tests (old 1.0)"
++	-@(for i in $(srcdir)/test/errors10/*.xml ; do \
++	  name=`basename $$i`; \
++	  if [ ! -d $$i ] ; then \
++	  if [ ! -f $(srcdir)/result/errors10/$$name ] ; then \
++	      echo New test file $$name ; \
++	      $(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i \
++	         2> $(srcdir)/result/errors10/$$name.err \
++		 > $(srcdir)/result/errors10/$$name ; \
++	      grep "MORY ALLO" .memdump  | grep -v "MEMORY ALLOCATED : 0"; \
++	  else \
++	      log=`$(CHECKER) $(top_builddir)/xmllint --oldxml10 $$i 2> error.$$name > result.$$name ; \
++	      grep "MORY ALLO" .memdump  | grep -v "MEMORY ALLOCATED : 0"; \
++	      diff $(srcdir)/result/errors10/$$name result.$$name ; \
++	      diff $(srcdir)/result/errors10/$$name.err error.$$name` ; \
++	      if [ -n "$$log" ] ; then echo $$name result ; echo "$$log" ; fi ; \
++	      rm result.$$name error.$$name ; \
++	  fi ; fi ; done)
+ 	@echo "## Error cases stream regression tests"
+ 	-@(for i in $(srcdir)/test/errors/*.xml ; do \
+ 	  name=`basename $$i`; \
+diff --git a/parser.c b/parser.c
+index df2efa55..a175ac4e 100644
+--- a/parser.c
++++ b/parser.c
+@@ -2121,7 +2121,6 @@ static void xmlGROW (xmlParserCtxtPtr ctxt) {
+ 	ctxt->input->line++; ctxt->input->col = 1;			\
+     } else ctxt->input->col++;						\
+     ctxt->input->cur += l;				\
+-    if (*ctxt->input->cur == '%') xmlParserHandlePEReference(ctxt);	\
+   } while (0)
+ 
+ #define CUR_CHAR(l) xmlCurrentChar(ctxt, &l)
+@@ -3412,13 +3411,6 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
+ 	    len += l;
+ 	    NEXTL(l);
+ 	    c = CUR_CHAR(l);
+-	    if (c == 0) {
+-		count = 0;
+-		GROW;
+-                if (ctxt->instate == XML_PARSER_EOF)
+-                    return(NULL);
+-		c = CUR_CHAR(l);
+-	    }
+ 	}
+     }
+     if ((len > XML_MAX_NAME_LENGTH) &&
+@@ -3426,6 +3418,16 @@ xmlParseNameComplex(xmlParserCtxtPtr ctxt) {
+         xmlFatalErr(ctxt, XML_ERR_NAME_TOO_LONG, "Name");
+         return(NULL);
+     }
++    if (ctxt->input->cur - ctxt->input->base < len) {
++        /*
++         * There were a couple of bugs where PERefs lead to to a change
++         * of the buffer. Check the buffer size to avoid passing an invalid
++         * pointer to xmlDictLookup.
++         */
++        xmlFatalErr(ctxt, XML_ERR_INTERNAL_ERROR,
++                    "unexpected change of input buffer");
++        return (NULL);
++    }
+     if ((*ctxt->input->cur == '\n') && (ctxt->input->cur[-1] == '\r'))
+         return(xmlDictLookup(ctxt->dict, ctxt->input->cur - (len + 1), len));
+     return(xmlDictLookup(ctxt->dict, ctxt->input->cur - len, len));
+diff --git a/result/errors10/781205.xml b/result/errors10/781205.xml
+new file mode 100644
+index 00000000..e69de29b
+diff --git a/result/errors10/781205.xml.err b/result/errors10/781205.xml.err
+new file mode 100644
+index 00000000..da15c3f7
+--- /dev/null
++++ b/result/errors10/781205.xml.err
+@@ -0,0 +1,21 @@
++Entity: line 1: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
++
++ %a; 
++    ^
++Entity: line 1: 
++<:0000
++^
++Entity: line 1: parser error : DOCTYPE improperly terminated
++ %a; 
++    ^
++Entity: line 1: 
++<:0000
++^
++namespace error : Failed to parse QName ':0000'
++ %a; 
++    ^
++<:0000
++      ^
++./test/errors10/781205.xml:4: parser error : Couldn't find end of Start Tag :0000 line 1
++
++^
+diff --git a/result/errors10/781361.xml b/result/errors10/781361.xml
+new file mode 100644
+index 00000000..e69de29b
+diff --git a/result/errors10/781361.xml.err b/result/errors10/781361.xml.err
+new file mode 100644
+index 00000000..655f41a2
+--- /dev/null
++++ b/result/errors10/781361.xml.err
+@@ -0,0 +1,13 @@
++./test/errors10/781361.xml:4: parser error : xmlParseElementDecl: 'EMPTY', 'ANY' or '(' expected
++
++^
++./test/errors10/781361.xml:4: parser error : internal error: xmlParseInternalSubset: error detected in Markup declaration
++
++
++^
++./test/errors10/781361.xml:4: parser error : DOCTYPE improperly terminated
++
++^
++./test/errors10/781361.xml:4: parser error : Start tag expected, '<' not found
++
++^
+diff --git a/result/valid/766956.xml b/result/valid/766956.xml
+new file mode 100644
+index 00000000..e69de29b
+diff --git a/result/valid/766956.xml.err b/result/valid/766956.xml.err
+new file mode 100644
+index 00000000..34b1dae6
+--- /dev/null
++++ b/result/valid/766956.xml.err
+@@ -0,0 +1,9 @@
++test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
++%ä%ent;
++   ^
++Entity: line 1: parser error : Content error in the external subset
++ %ent; 
++      ^
++Entity: line 1: 
++value
++^
+diff --git a/result/valid/766956.xml.err.rdr b/result/valid/766956.xml.err.rdr
+new file mode 100644
+index 00000000..77603462
+--- /dev/null
++++ b/result/valid/766956.xml.err.rdr
+@@ -0,0 +1,10 @@
++test/valid/dtds/766956.dtd:2: parser error : PEReference: expecting ';'
++%ä%ent;
++   ^
++Entity: line 1: parser error : Content error in the external subset
++ %ent; 
++      ^
++Entity: line 1: 
++value
++^
++./test/valid/766956.xml : failed to parse
+diff --git a/test/errors10/781205.xml b/test/errors10/781205.xml
+new file mode 100644
+index 00000000..d9e9e839
+--- /dev/null
++++ b/test/errors10/781205.xml
+@@ -0,0 +1,3 @@
++<!DOCTYPE D [
++  <!ENTITY % a "<:0000">
++  %a;
+diff --git a/test/errors10/781361.xml b/test/errors10/781361.xml
+new file mode 100644
+index 00000000..67476bcb
+--- /dev/null
++++ b/test/errors10/781361.xml
+@@ -0,0 +1,3 @@
++<!DOCTYPE doc [
++  <!ENTITY % elem "<!ELEMENT e0000000000">
++  %elem;
+diff --git a/test/valid/766956.xml b/test/valid/766956.xml
+new file mode 100644
+index 00000000..19a95a0e
+--- /dev/null
++++ b/test/valid/766956.xml
+@@ -0,0 +1,2 @@
++<!DOCTYPE test SYSTEM "dtds/766956.dtd">
++<test/>
+diff --git a/test/valid/dtds/766956.dtd b/test/valid/dtds/766956.dtd
+new file mode 100644
+index 00000000..dddde68b
+--- /dev/null
++++ b/test/valid/dtds/766956.dtd
+@@ -0,0 +1,2 @@
++<!ENTITY % ent "value">
++%ä%ent;
+-- 
+2.14.1
+

gnu/packages/patches/libzip-CVE-2017-12858.patch

@@ -0,0 +1,45 @@
+Fix CVE-2017-12858:
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12858
+
+Patch copied from upstream source repository:
+
+https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796
+
+From 2217022b7d1142738656d891e00b3d2d9179b796 Mon Sep 17 00:00:00 2001
+From: Thomas Klausner <tk@giga.or.at>
+Date: Mon, 14 Aug 2017 10:55:44 +0200
+Subject: [PATCH] Fix double free().
+
+Found by Brian 'geeknik' Carpenter using AFL.
+---
+ THANKS           | 1 +
+ lib/zip_dirent.c | 3 ---
+ 2 files changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/THANKS b/THANKS
+index be0cca9..a80ee1d 100644
+--- a/THANKS
++++ b/THANKS
+@@ -12,6 +12,7 @@ BALATON Zoltan <balaton@eik.bme.hu>
+ Benjamin Gilbert <bgilbert@backtick.net>
+ Boaz Stolk <bstolk@aweta.nl>
+ Bogdan <bogiebog@gmail.com>
++Brian 'geeknik' Carpenter <geeknik@protonmail.ch>
+ Chris Nehren <cnehren+libzip@pobox.com>
+ Coverity <info@coverity.com>
+ Dane Springmeyer <dane.springmeyer@gmail.com>
+diff --git a/lib/zip_dirent.c b/lib/zip_dirent.c
+index a369900..e5a7cc9 100644
+--- a/lib/zip_dirent.c
++++ b/lib/zip_dirent.c
+@@ -579,9 +579,6 @@ _zip_dirent_read(zip_dirent_t *zde, zip_source_t *src, zip_buffer_t *buffer, boo
+     }
+ 
+     if (!_zip_dirent_process_winzip_aes(zde, error)) {
+-	if (!from_buffer) {
+-	    _zip_buffer_free(buffer);
+-	}
+ 	return -1;
+     }
+ 

gnu/packages/patches/metabat-fix-boost-issue.patch

@@ -1,27 +0,0 @@
-This patch fixes the issue described at
-https://bitbucket.org/berkeleylab/metabat/issues/28/compilation-fail-with-boost-164
-
-diff --git a/src/metabat.h b/src/metabat.h
-index 32ae94c..2292c04 100644
---- a/src/metabat.h
-+++ b/src/metabat.h
-@@ -35,6 +35,7 @@ KSEQ_INIT(gzFile, gzread)
- 
- #include <boost/program_options.hpp>
- #include <boost/algorithm/string.hpp>
-+#include <boost/serialization/array_wrapper.hpp>
- #include <boost/numeric/ublas/matrix.hpp>
- #include <boost/math/distributions.hpp>
- #include <boost/serialization/serialization.hpp>
-diff --git a/src/metabat2.h b/src/metabat2.h
-index 60a9998..19fa815 100644
---- a/src/metabat2.h
-+++ b/src/metabat2.h
-@@ -41,6 +41,7 @@ KSEQ_INIT(gzFile, gzread)
- 
- #include <boost/program_options.hpp>
- #include <boost/algorithm/string.hpp>
-+#include <boost/serialization/array_wrapper.hpp>
- #include <boost/numeric/ublas/matrix.hpp>
- #include <boost/numeric/ublas/matrix_sparse.hpp>
- #include <boost/numeric/ublas/matrix_proxy.hpp>

gnu/packages/patches/metabat-remove-compilation-date.patch

@@ -1,16 +0,0 @@
-Remove the reference to the compilation date so that the build is
-reproducible.
-
-diff --git a/src/metabat.cpp b/src/metabat.cpp
-index 88e06de..c95cb1a 100644
---- a/src/metabat.cpp
-+++ b/src/metabat.cpp
-@@ -49,7 +49,7 @@ int main(int ac, char* av[]) {
- 	po::notify(vm);
- 
- 	if (vm.count("help") || inFile.length() == 0 || outFile.length() == 0) {
--		cerr << "\nMetaBAT: Metagenome Binning based on Abundance and Tetranucleotide frequency (version " << version << "; " << __DATE__ << " " << __TIME__ << ")" << endl;
-+		cerr << "\nMetaBAT: Metagenome Binning based on Abundance and Tetranucleotide frequency (version " << version << "; unknown compilation date)" << endl;
- 		cerr << "by Don Kang (ddkang@lbl.gov), Jeff Froula, Rob Egan, and Zhong Wang (zhongwang@lbl.gov) \n" << endl;
- 		cerr << desc << endl << endl;
- 

gnu/packages/patches/multiqc-fix-git-subprocess-error.patch

@@ -1,16 +0,0 @@
-Without this patch, the incorrect exception is caught when 'git' is not in
-PATH.  See https://github.com/ewels/MultiQC/pull/377.
-
-diff --git a/multiqc/utils/config.py b/multiqc/utils/config.py
-index 01fa554..4a11793 100755
---- a/multiqc/utils/config.py
-+++ b/multiqc/utils/config.py
-@@ -28,7 +28,7 @@ try:
-     git_hash = subprocess.check_output(['git', 'rev-parse', 'HEAD'], stderr=subprocess.STDOUT)
-     git_hash_short = git_hash[:7]
-     version = '{} ({})'.format(version, git_hash_short)
--except subprocess.CalledProcessError:
-+except (subprocess.CalledProcessError, FileNotFoundError):
-     pass
- os.chdir(cwd)
- 

gnu/packages/patches/python2-larch-coverage-4.0a6-compatibility.patch

@@ -0,0 +1,29 @@
+From ca548da9ba78ddee90779051210e3e89185e4f7d Mon Sep 17 00:00:00 2001
+From: Michel Alexandre Salim <michel@michel-slm.name>
+Date: Mon, 15 Feb 2016 23:03:42 +0700
+Subject: coverage-4.0a6 compatibility
+
+coverage 4.0a6 no longer generates .coverage file, so use -f when
+deleting .coverage to ensure deletion does not fail.
+---
+ Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+(limited to 'Makefile')
+
+diff --git a/Makefile b/Makefile
+index 7818f57..362c07f 100644
+--- a/Makefile
++++ b/Makefile
+@@ -23,7 +23,7 @@ fsck-larch.1: fsck-larch.1.in fsck-larch
+ 
+ check:
+ 	python -m CoverageTestRunner --ignore-missing-from=without-tests
+-	rm .coverage
++	rm -f .coverage
+ 	./insert-remove-test tempdir 100
+ 	rm -r tempdir larch.log
+ 	cmdtest tests
+-- 
+cgit v1.1
+

gnu/packages/patches/qemu-CVE-2017-10664.patch

@@ -1,27 +0,0 @@
-Fix CVE-2017-10664:
-
-https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02693.html
-https://bugzilla.redhat.com/show_bug.cgi?id=1466190
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10664
-https://security-tracker.debian.org/tracker/CVE-2017-10664
-
-Patch copied from upstream source repository:
-
-https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commitdiff;h=041e32b8d9d076980b4e35317c0339e57ab888f1
-
-diff --git a/qemu-nbd.c b/qemu-nbd.c
-index 9464a0461c..4dd3fd4732 100644
---- a/qemu-nbd.c
-+++ b/qemu-nbd.c
-@@ -581,6 +581,10 @@ int main(int argc, char **argv)
-     sa_sigterm.sa_handler = termsig_handler;
-     sigaction(SIGTERM, &sa_sigterm, NULL);
- 
-+#ifdef CONFIG_POSIX
-+    signal(SIGPIPE, SIG_IGN);
-+#endif
-+
-     module_call_init(MODULE_INIT_TRACE);
-     qcrypto_init(&error_fatal);
- 
-

gnu/packages/patches/qemu-CVE-2017-10806.patch

@@ -1,38 +0,0 @@
-Fix CVE-2017-10806:
-
-https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg03087.html
-https://bugzilla.redhat.com/show_bug.cgi?id=1468496
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10806
-https://security-tracker.debian.org/tracker/CVE-2017-10806
-
-Patch copied from upstream source repository:
-
-https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=bd4a683505b27adc1ac809f71e918e58573d851d
-
-diff --git a/hw/usb/redirect.c b/hw/usb/redirect.c
-index b001a27f05..ad5ef783a6 100644
---- a/hw/usb/redirect.c
-+++ b/hw/usb/redirect.c
-@@ -229,21 +229,10 @@ static void usbredir_log(void *priv, int level, const char *msg)
- static void usbredir_log_data(USBRedirDevice *dev, const char *desc,
-     const uint8_t *data, int len)
- {
--    int i, j, n;
--
-     if (dev->debug < usbredirparser_debug_data) {
-         return;
-     }
--
--    for (i = 0; i < len; i += j) {
--        char buf[128];
--
--        n = sprintf(buf, "%s", desc);
--        for (j = 0; j < 8 && i + j < len; j++) {
--            n += sprintf(buf + n, " %02X", data[i + j]);
--        }
--        error_report("%s", buf);
--    }
-+    qemu_hexdump((char *)data, stderr, desc, len);
- }
- 
- /*

gnu/packages/patches/qemu-CVE-2017-10911.patch

@@ -1,106 +0,0 @@
-Fix CVE-2017-10911:
-
-https://xenbits.xen.org/xsa/advisory-216.html
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10911
-https://security-tracker.debian.org/tracker/CVE-2017-10911
-
-Patch copied from Xen Security Advisory:
-
-https://xenbits.xen.org/xsa/xsa216-qemuu.patch
-
---- a/hw/block/xen_blkif.h
-+++ b/hw/block/xen_blkif.h
-@@ -14,9 +14,6 @@
- struct blkif_common_request {
-     char dummy;
- };
--struct blkif_common_response {
--    char dummy;
--};
- 
- /* i386 protocol version */
- #pragma pack(push, 4)
-@@ -36,13 +33,7 @@ struct blkif_x86_32_request_discard {
-     blkif_sector_t sector_number;    /* start sector idx on disk (r/w only)  */
-     uint64_t       nr_sectors;       /* # of contiguous sectors to discard   */
- };
--struct blkif_x86_32_response {
--    uint64_t        id;              /* copied from request */
--    uint8_t         operation;       /* copied from request */
--    int16_t         status;          /* BLKIF_RSP_???       */
--};
- typedef struct blkif_x86_32_request blkif_x86_32_request_t;
--typedef struct blkif_x86_32_response blkif_x86_32_response_t;
- #pragma pack(pop)
- 
- /* x86_64 protocol version */
-@@ -62,20 +53,14 @@ struct blkif_x86_64_request_discard {
-     blkif_sector_t sector_number;    /* start sector idx on disk (r/w only)  */
-     uint64_t       nr_sectors;       /* # of contiguous sectors to discard   */
- };
--struct blkif_x86_64_response {
--    uint64_t       __attribute__((__aligned__(8))) id;
--    uint8_t         operation;       /* copied from request */
--    int16_t         status;          /* BLKIF_RSP_???       */
--};
- typedef struct blkif_x86_64_request blkif_x86_64_request_t;
--typedef struct blkif_x86_64_response blkif_x86_64_response_t;
- 
- DEFINE_RING_TYPES(blkif_common, struct blkif_common_request,
--                  struct blkif_common_response);
-+                  struct blkif_response);
- DEFINE_RING_TYPES(blkif_x86_32, struct blkif_x86_32_request,
--                  struct blkif_x86_32_response);
-+                  struct blkif_response QEMU_PACKED);
- DEFINE_RING_TYPES(blkif_x86_64, struct blkif_x86_64_request,
--                  struct blkif_x86_64_response);
-+                  struct blkif_response);
- 
- union blkif_back_rings {
-     blkif_back_ring_t        native;
---- a/hw/block/xen_disk.c
-+++ b/hw/block/xen_disk.c
-@@ -769,31 +769,30 @@ static int blk_send_response_one(struct
-     struct XenBlkDev  *blkdev = ioreq->blkdev;
-     int               send_notify   = 0;
-     int               have_requests = 0;
--    blkif_response_t  resp;
--    void              *dst;
--
--    resp.id        = ioreq->req.id;
--    resp.operation = ioreq->req.operation;
--    resp.status    = ioreq->status;
-+    blkif_response_t  *resp;
- 
-     /* Place on the response ring for the relevant domain. */
-     switch (blkdev->protocol) {
-     case BLKIF_PROTOCOL_NATIVE:
--        dst = RING_GET_RESPONSE(&blkdev->rings.native, blkdev->rings.native.rsp_prod_pvt);
-+        resp = RING_GET_RESPONSE(&blkdev->rings.native,
-+                                 blkdev->rings.native.rsp_prod_pvt);
-         break;
-     case BLKIF_PROTOCOL_X86_32:
--        dst = RING_GET_RESPONSE(&blkdev->rings.x86_32_part,
--                                blkdev->rings.x86_32_part.rsp_prod_pvt);
-+        resp = RING_GET_RESPONSE(&blkdev->rings.x86_32_part,
-+                                 blkdev->rings.x86_32_part.rsp_prod_pvt);
-         break;
-     case BLKIF_PROTOCOL_X86_64:
--        dst = RING_GET_RESPONSE(&blkdev->rings.x86_64_part,
--                                blkdev->rings.x86_64_part.rsp_prod_pvt);
-+        resp = RING_GET_RESPONSE(&blkdev->rings.x86_64_part,
-+                                 blkdev->rings.x86_64_part.rsp_prod_pvt);
-         break;
-     default:
--        dst = NULL;
-         return 0;
-     }
--    memcpy(dst, &resp, sizeof(resp));
-+
-+    resp->id        = ioreq->req.id;
-+    resp->operation = ioreq->req.operation;
-+    resp->status    = ioreq->status;
-+
-     blkdev->rings.common.rsp_prod_pvt++;
- 
-     RING_PUSH_RESPONSES_AND_CHECK_NOTIFY(&blkdev->rings.common, send_notify);

gnu/packages/patches/qemu-CVE-2017-11334.patch

@@ -1,52 +0,0 @@
-Fix CVE-2017-11334:
-
-https://bugzilla.redhat.com/show_bug.cgi?id=1471638
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11334
-
-Patch copied from upstream source repository:
-
-http://git.qemu.org/?p=qemu.git;a=commitdiff;h=04bf2526ce87f21b32c9acba1c5518708c243ad0
-
-From 04bf2526ce87f21b32c9acba1c5518708c243ad0 Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Wed, 12 Jul 2017 18:08:40 +0530
-Subject: [PATCH] exec: use qemu_ram_ptr_length to access guest ram
-
-When accessing guest's ram block during DMA operation, use
-'qemu_ram_ptr_length' to get ram block pointer. It ensures
-that DMA operation of given length is possible; And avoids
-any OOB memory access situations.
-
-Reported-by: Alex <broscutamaker@gmail.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Message-Id: <20170712123840.29328-1-ppandit@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- exec.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/exec.c b/exec.c
-index a083ff89ad..ad103ce483 100644
---- a/exec.c
-+++ b/exec.c
-@@ -2929,7 +2929,7 @@ static MemTxResult address_space_write_continue(AddressSpace *as, hwaddr addr,
-             }
-         } else {
-             /* RAM case */
--            ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
-+            ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
-             memcpy(ptr, buf, l);
-             invalidate_and_set_dirty(mr, addr1, l);
-         }
-@@ -3020,7 +3020,7 @@ MemTxResult address_space_read_continue(AddressSpace *as, hwaddr addr,
-             }
-         } else {
-             /* RAM case */
--            ptr = qemu_map_ram_ptr(mr->ram_block, addr1);
-+            ptr = qemu_ram_ptr_length(mr->ram_block, addr1, &l);
-             memcpy(buf, ptr, l);
-         }
- 
--- 
-2.13.3
-

gnu/packages/patches/qemu-CVE-2017-11434.patch

@@ -1,25 +0,0 @@
-Fix CVE-2017-11434:
-
-https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05001.html
-https://bugzilla.redhat.com/show_bug.cgi?id=1472611
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11434
-https://security-tracker.debian.org/tracker/CVE-2017-11434
-
-Patch copied from upstream source repository:
-
-https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=413d463f43fbc4dd3a601e80a5724aa384a265a0
-
-diff --git a/slirp/bootp.c b/slirp/bootp.c
-index 5a4646c182..5dd1a415b5 100644
---- a/slirp/bootp.c
-+++ b/slirp/bootp.c
-@@ -123,6 +123,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type,
-             if (p >= p_end)
-                 break;
-             len = *p++;
-+            if (p + len > p_end) {
-+                break;
-+            }
-             DPRINTF("dhcp: tag=%d len=%d\n", tag, len);
- 
-             switch(tag) {

gnu/packages/patches/qemu-CVE-2017-12809.patch

@@ -1,38 +0,0 @@
-http://openwall.com/lists/oss-security/2017/08/21/2
-https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01850.html
-
-The block backend changed in a way that flushing empty CDROM drives now
-crashes.  Amend IDE to avoid doing so until the root problem can be
-addressed for 2.11.
-
-Original patch by John Snow <address@hidden>.
-
-Reported-by: Kieron Shorrock <address@hidden>
-Signed-off-by: Stefan Hajnoczi <address@hidden>
----
- hw/ide/core.c | 10 +++++++++-
- 1 file changed, 9 insertions(+), 1 deletion(-)
-
-diff --git a/hw/ide/core.c b/hw/ide/core.c
-index 0b48b64d3a..bea39536b0 100644
---- a/hw/ide/core.c
-+++ b/hw/ide/core.c
-@@ -1063,7 +1063,15 @@ static void ide_flush_cache(IDEState *s)
-     s->status |= BUSY_STAT;
-     ide_set_retry(s);
-     block_acct_start(blk_get_stats(s->blk), &s->acct, 0, BLOCK_ACCT_FLUSH);
--    s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s);
-+
-+    if (blk_bs(s->blk)) {
-+        s->pio_aiocb = blk_aio_flush(s->blk, ide_flush_cb, s);
-+    } else {
-+        /* XXX blk_aio_flush() crashes when blk_bs(blk) is NULL, remove this
-+         * temporary workaround when blk_aio_*() functions handle NULL blk_bs.
-+         */
-+        ide_flush_cb(s, 0);
-+    }
- }
-      
- static void ide_cfata_metadata_inquiry(IDEState *s)
--- 
-2.13.3

gnu/packages/patches/qemu-CVE-2017-7493.patch

@@ -1,182 +0,0 @@
-Fix CVE-2017-7493:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7493
-
-Patch copied from upstream source repository:
-
-http://git.qemu.org/?p=qemu.git;a=commit;h=7a95434e0ca8a037fd8aa1a2e2461f92585eb77b
-
-From 7a95434e0ca8a037fd8aa1a2e2461f92585eb77b Mon Sep 17 00:00:00 2001
-From: Greg Kurz <groug@kaod.org>
-Date: Fri, 5 May 2017 14:48:08 +0200
-Subject: [PATCH] 9pfs: local: forbid client access to metadata (CVE-2017-7493)
-
-When using the mapped-file security mode, we shouldn't let the client mess
-with the metadata. The current code already tries to hide the metadata dir
-from the client by skipping it in local_readdir(). But the client can still
-access or modify it through several other operations. This can be used to
-escalate privileges in the guest.
-
-Affected backend operations are:
-- local_mknod()
-- local_mkdir()
-- local_open2()
-- local_symlink()
-- local_link()
-- local_unlinkat()
-- local_renameat()
-- local_rename()
-- local_name_to_path()
-
-Other operations are safe because they are only passed a fid path, which
-is computed internally in local_name_to_path().
-
-This patch converts all the functions listed above to fail and return
-EINVAL when being passed the name of the metadata dir. This may look
-like a poor choice for errno, but there's no such thing as an illegal
-path name on Linux and I could not think of anything better.
-
-This fixes CVE-2017-7493.
-
-Reported-by: Leo Gaspard <leo@gaspard.io>
-Signed-off-by: Greg Kurz <groug@kaod.org>
-Reviewed-by: Eric Blake <eblake@redhat.com>
----
- hw/9pfs/9p-local.c | 58 ++++++++++++++++++++++++++++++++++++++++++++++++++++--
- 1 file changed, 56 insertions(+), 2 deletions(-)
-
-diff --git a/hw/9pfs/9p-local.c b/hw/9pfs/9p-local.c
-index f3ebca4f7a..a2486566af 100644
---- a/hw/9pfs/9p-local.c
-+++ b/hw/9pfs/9p-local.c
-@@ -452,6 +452,11 @@ static off_t local_telldir(FsContext *ctx, V9fsFidOpenState *fs)
-     return telldir(fs->dir.stream);
- }
- 
-+static bool local_is_mapped_file_metadata(FsContext *fs_ctx, const char *name)
-+{
-+    return !strcmp(name, VIRTFS_META_DIR);
-+}
-+
- static struct dirent *local_readdir(FsContext *ctx, V9fsFidOpenState *fs)
- {
-     struct dirent *entry;
-@@ -465,8 +470,8 @@ again:
-     if (ctx->export_flags & V9FS_SM_MAPPED) {
-         entry->d_type = DT_UNKNOWN;
-     } else if (ctx->export_flags & V9FS_SM_MAPPED_FILE) {
--        if (!strcmp(entry->d_name, VIRTFS_META_DIR)) {
--            /* skp the meta data directory */
-+        if (local_is_mapped_file_metadata(ctx, entry->d_name)) {
-+            /* skip the meta data directory */
-             goto again;
-         }
-         entry->d_type = DT_UNKNOWN;
-@@ -559,6 +564,12 @@ static int local_mknod(FsContext *fs_ctx, V9fsPath *dir_path,
-     int err = -1;
-     int dirfd;
- 
-+    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(fs_ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
-     if (dirfd == -1) {
-         return -1;
-@@ -605,6 +616,12 @@ static int local_mkdir(FsContext *fs_ctx, V9fsPath *dir_path,
-     int err = -1;
-     int dirfd;
- 
-+    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(fs_ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
-     if (dirfd == -1) {
-         return -1;
-@@ -694,6 +711,12 @@ static int local_open2(FsContext *fs_ctx, V9fsPath *dir_path, const char *name,
-     int err = -1;
-     int dirfd;
- 
-+    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(fs_ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     /*
-      * Mark all the open to not follow symlinks
-      */
-@@ -752,6 +775,12 @@ static int local_symlink(FsContext *fs_ctx, const char *oldpath,
-     int err = -1;
-     int dirfd;
- 
-+    if (fs_ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(fs_ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     dirfd = local_opendir_nofollow(fs_ctx, dir_path->data);
-     if (dirfd == -1) {
-         return -1;
-@@ -826,6 +855,12 @@ static int local_link(FsContext *ctx, V9fsPath *oldpath,
-     int ret = -1;
-     int odirfd, ndirfd;
- 
-+    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     odirfd = local_opendir_nofollow(ctx, odirpath);
-     if (odirfd == -1) {
-         goto out;
-@@ -1096,6 +1131,12 @@ static int local_lremovexattr(FsContext *ctx, V9fsPath *fs_path,
- static int local_name_to_path(FsContext *ctx, V9fsPath *dir_path,
-                               const char *name, V9fsPath *target)
- {
-+    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     if (dir_path) {
-         v9fs_path_sprintf(target, "%s/%s", dir_path->data, name);
-     } else if (strcmp(name, "/")) {
-@@ -1116,6 +1157,13 @@ static int local_renameat(FsContext *ctx, V9fsPath *olddir,
-     int ret;
-     int odirfd, ndirfd;
- 
-+    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        (local_is_mapped_file_metadata(ctx, old_name) ||
-+         local_is_mapped_file_metadata(ctx, new_name))) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     odirfd = local_opendir_nofollow(ctx, olddir->data);
-     if (odirfd == -1) {
-         return -1;
-@@ -1206,6 +1254,12 @@ static int local_unlinkat(FsContext *ctx, V9fsPath *dir,
-     int ret;
-     int dirfd;
- 
-+    if (ctx->export_flags & V9FS_SM_MAPPED_FILE &&
-+        local_is_mapped_file_metadata(ctx, name)) {
-+        errno = EINVAL;
-+        return -1;
-+    }
-+
-     dirfd = local_opendir_nofollow(ctx, dir->data);
-     if (dirfd == -1) {
-         return -1;
--- 
-2.13.0
-

gnu/packages/patches/qemu-CVE-2017-8112.patch

@@ -1,41 +0,0 @@
-Fix CVE-2017-8112:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8112
-
-Patch copied from upstream source repository:
-
-http://git.qemu.org/?p=qemu.git;a=commitdiff;h=f68826989cd4d1217797251339579c57b3c0934e
-
-From f68826989cd4d1217797251339579c57b3c0934e Mon Sep 17 00:00:00 2001
-From: P J P <ppandit@redhat.com>
-Date: Tue, 25 Apr 2017 18:36:23 +0530
-Subject: [PATCH] vmw_pvscsi: check message ring page count at initialisation
-
-A guest could set the message ring page count to zero, resulting in
-infinite loop. Add check to avoid it.
-
-Reported-by: YY Z <bigbird475958471@gmail.com>
-Signed-off-by: P J P <ppandit@redhat.com>
-Message-Id: <20170425130623.3649-1-ppandit@redhat.com>
-Reviewed-by: Dmitry Fleytman <dmitry@daynix.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/scsi/vmw_pvscsi.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/hw/scsi/vmw_pvscsi.c b/hw/scsi/vmw_pvscsi.c
-index 75575461e2..4a106da856 100644
---- a/hw/scsi/vmw_pvscsi.c
-+++ b/hw/scsi/vmw_pvscsi.c
-@@ -202,7 +202,7 @@ pvscsi_ring_init_msg(PVSCSIRingInfo *m, PVSCSICmdDescSetupMsgRing *ri)
-     uint32_t len_log2;
-     uint32_t ring_size;
- 
--    if (ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
-+    if (!ri->numPages || ri->numPages > PVSCSI_SETUP_MSG_RING_MAX_NUM_PAGES) {
-         return -1;
-     }
-     ring_size = ri->numPages * PVSCSI_MAX_NUM_MSG_ENTRIES_PER_PAGE;
--- 
-2.13.0
-

gnu/packages/patches/qemu-CVE-2017-8309.patch

@@ -1,46 +0,0 @@
-Fix CVE-2017-8309:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8309
-
-Patch copied from upstream source repository:
-
-http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3268a845f41253fb55852a8429c32b50f36f349a
-
-From 3268a845f41253fb55852a8429c32b50f36f349a Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Fri, 28 Apr 2017 09:56:12 +0200
-Subject: [PATCH] audio: release capture buffers
-
-AUD_add_capture() allocates two buffers which are never released.
-Add the missing calls to AUD_del_capture().
-
-Impact: Allows vnc clients to exhaust host memory by repeatedly
-starting and stopping audio capture.
-
-Fixes: CVE-2017-8309
-Cc: P J P <ppandit@redhat.com>
-Cc: Huawei PSIRT <PSIRT@huawei.com>
-Reported-by: "Jiangxin (hunter, SCC)" <jiangxin1@huawei.com>
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
-Message-id: 20170428075612.9997-1-kraxel@redhat.com
----
- audio/audio.c | 2 ++
- 1 file changed, 2 insertions(+)
-
-diff --git a/audio/audio.c b/audio/audio.c
-index c8898d8422..beafed209b 100644
---- a/audio/audio.c
-+++ b/audio/audio.c
-@@ -2028,6 +2028,8 @@ void AUD_del_capture (CaptureVoiceOut *cap, void *cb_opaque)
-                     sw = sw1;
-                 }
-                 QLIST_REMOVE (cap, entries);
-+                g_free (cap->hw.mix_buf);
-+                g_free (cap->buf);
-                 g_free (cap);
-             }
-             return;
--- 
-2.13.0
-

gnu/packages/patches/qemu-CVE-2017-8379.patch

@@ -1,98 +0,0 @@
-Fix CVE-2017-8379:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8379
-
-Patch copied from upstream source repository:
-
-http://git.qemu.org/?p=qemu.git;a=commitdiff;h=fa18f36a461984eae50ab957e47ec78dae3c14fc
-
-From fa18f36a461984eae50ab957e47ec78dae3c14fc Mon Sep 17 00:00:00 2001
-From: Gerd Hoffmann <kraxel@redhat.com>
-Date: Fri, 28 Apr 2017 10:42:37 +0200
-Subject: [PATCH] input: limit kbd queue depth
-
-Apply a limit to the number of items we accept into the keyboard queue.
-
-Impact: Without this limit vnc clients can exhaust host memory by
-sending keyboard events faster than qemu feeds them to the guest.
-
-Fixes: CVE-2017-8379
-Cc: P J P <ppandit@redhat.com>
-Cc: Huawei PSIRT <PSIRT@huawei.com>
-Reported-by: jiangxin1@huawei.com
-Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
-Message-id: 20170428084237.23960-1-kraxel@redhat.com
----
- ui/input.c | 14 +++++++++++---
- 1 file changed, 11 insertions(+), 3 deletions(-)
-
-diff --git a/ui/input.c b/ui/input.c
-index ed88cda6d6..fb1f404095 100644
---- a/ui/input.c
-+++ b/ui/input.c
-@@ -41,6 +41,8 @@ static QTAILQ_HEAD(QemuInputEventQueueHead, QemuInputEventQueue) kbd_queue =
-     QTAILQ_HEAD_INITIALIZER(kbd_queue);
- static QEMUTimer *kbd_timer;
- static uint32_t kbd_default_delay_ms = 10;
-+static uint32_t queue_count;
-+static uint32_t queue_limit = 1024;
- 
- QemuInputHandlerState *qemu_input_handler_register(DeviceState *dev,
-                                                    QemuInputHandler *handler)
-@@ -268,6 +270,7 @@ static void qemu_input_queue_process(void *opaque)
-             break;
-         }
-         QTAILQ_REMOVE(queue, item, node);
-+        queue_count--;
-         g_free(item);
-     }
- }
-@@ -282,6 +285,7 @@ static void qemu_input_queue_delay(struct QemuInputEventQueueHead *queue,
-     item->delay_ms = delay_ms;
-     item->timer = timer;
-     QTAILQ_INSERT_TAIL(queue, item, node);
-+    queue_count++;
- 
-     if (start_timer) {
-         timer_mod(item->timer, qemu_clock_get_ms(QEMU_CLOCK_VIRTUAL)
-@@ -298,6 +302,7 @@ static void qemu_input_queue_event(struct QemuInputEventQueueHead *queue,
-     item->src = src;
-     item->evt = evt;
-     QTAILQ_INSERT_TAIL(queue, item, node);
-+    queue_count++;
- }
- 
- static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue)
-@@ -306,6 +311,7 @@ static void qemu_input_queue_sync(struct QemuInputEventQueueHead *queue)
- 
-     item->type = QEMU_INPUT_QUEUE_SYNC;
-     QTAILQ_INSERT_TAIL(queue, item, node);
-+    queue_count++;
- }
- 
- void qemu_input_event_send_impl(QemuConsole *src, InputEvent *evt)
-@@ -381,7 +387,7 @@ void qemu_input_event_send_key(QemuConsole *src, KeyValue *key, bool down)
-         qemu_input_event_send(src, evt);
-         qemu_input_event_sync();
-         qapi_free_InputEvent(evt);
--    } else {
-+    } else if (queue_count < queue_limit) {
-         qemu_input_queue_event(&kbd_queue, src, evt);
-         qemu_input_queue_sync(&kbd_queue);
-     }
-@@ -409,8 +415,10 @@ void qemu_input_event_send_key_delay(uint32_t delay_ms)
-         kbd_timer = timer_new_ms(QEMU_CLOCK_VIRTUAL, qemu_input_queue_process,
-                                  &kbd_queue);
-     }
--    qemu_input_queue_delay(&kbd_queue, kbd_timer,
--                           delay_ms ? delay_ms : kbd_default_delay_ms);
-+    if (queue_count < queue_limit) {
-+        qemu_input_queue_delay(&kbd_queue, kbd_timer,
-+                               delay_ms ? delay_ms : kbd_default_delay_ms);
-+    }
- }
- 
- InputEvent *qemu_input_event_new_btn(InputButton btn, bool down)
--- 
-2.13.0
-

gnu/packages/patches/qemu-CVE-2017-8380.patch

@@ -1,53 +0,0 @@
-Fix CVE-2017-8380:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8380
-
-Patch copied from upstream source repository:
-
-http://git.qemu.org/?p=qemu.git;a=commitdiff;h=24dfa9fa2f90a95ac33c7372de4f4f2c8a2c141f
-
-From 24dfa9fa2f90a95ac33c7372de4f4f2c8a2c141f Mon Sep 17 00:00:00 2001
-From: Prasad J Pandit <pjp@fedoraproject.org>
-Date: Mon, 24 Apr 2017 17:36:34 +0530
-Subject: [PATCH] scsi: avoid an off-by-one error in megasas_mmio_write
-
-While reading magic sequence(MFI_SEQ) in megasas_mmio_write,
-an off-by-one error could occur as 's->adp_reset' index is not
-reset after reading the last sequence.
-
-Reported-by: YY Z <bigbird475958471@gmail.com>
-Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org>
-Message-Id: <20170424120634.12268-1-ppandit@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- hw/scsi/megasas.c | 10 +++++-----
- 1 file changed, 5 insertions(+), 5 deletions(-)
-
-diff --git a/hw/scsi/megasas.c b/hw/scsi/megasas.c
-index 84b8caf901..804122ab05 100644
---- a/hw/scsi/megasas.c
-+++ b/hw/scsi/megasas.c
-@@ -2138,15 +2138,15 @@ static void megasas_mmio_write(void *opaque, hwaddr addr,
-     case MFI_SEQ:
-         trace_megasas_mmio_writel("MFI_SEQ", val);
-         /* Magic sequence to start ADP reset */
--        if (adp_reset_seq[s->adp_reset] == val) {
--            s->adp_reset++;
-+        if (adp_reset_seq[s->adp_reset++] == val) {
-+            if (s->adp_reset == 6) {
-+                s->adp_reset = 0;
-+                s->diag = MFI_DIAG_WRITE_ENABLE;
-+            }
-         } else {
-             s->adp_reset = 0;
-             s->diag = 0;
-         }
--        if (s->adp_reset == 6) {
--            s->diag = MFI_DIAG_WRITE_ENABLE;
--        }
-         break;
-     case MFI_DIAG:
-         trace_megasas_mmio_writel("MFI_DIAG", val);
--- 
-2.13.0
-

gnu/packages/patches/qemu-CVE-2017-9524.patch

@@ -1,287 +0,0 @@
-Fix CVE-2017-9524:
-
-https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9524
-http://seclists.org/oss-sec/2017/q2/454
-
-Patches copied from upstream source repository:
-
-http://git.qemu.org/?p=qemu.git;a=commitdiff;h=df8ad9f128c15aa0a0ebc7b24e9a22c9775b67af
-http://git.qemu.org/?p=qemu.git;a=commitdiff;h=0c9390d978cbf61e8f16c9f580fa96b305c43568
-
-From df8ad9f128c15aa0a0ebc7b24e9a22c9775b67af Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Fri, 26 May 2017 22:04:21 -0500
-Subject: [PATCH] nbd: Fully initialize client in case of failed negotiation
-
-If a non-NBD client connects to qemu-nbd, we would end up with
-a SIGSEGV in nbd_client_put() because we were trying to
-unregister the client's association to the export, even though
-we skipped inserting the client into that list.  Easy trigger
-in two terminals:
-
-$ qemu-nbd -p 30001 --format=raw file
-$ nmap 127.0.0.1 -p 30001
-
-nmap claims that it thinks it connected to a pago-services1
-server (which probably means nmap could be updated to learn the
-NBD protocol and give a more accurate diagnosis of the open
-port - but that's not our problem), then terminates immediately,
-so our call to nbd_negotiate() fails.  The fix is to reorder
-nbd_co_client_start() to ensure that all initialization occurs
-before we ever try talking to a client in nbd_negotiate(), so
-that the teardown sequence on negotiation failure doesn't fault
-while dereferencing a half-initialized object.
-
-While debugging this, I also noticed that nbd_update_server_watch()
-called by nbd_client_closed() was still adding a channel to accept
-the next client, even when the state was no longer RUNNING.  That
-is fixed by making nbd_can_accept() pay attention to the current
-state.
-
-Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
-
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Message-Id: <20170527030421.28366-1-eblake@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- nbd/server.c | 8 +++-----
- qemu-nbd.c   | 2 +-
- 2 files changed, 4 insertions(+), 6 deletions(-)
-
-diff --git a/nbd/server.c b/nbd/server.c
-index ee59e5d234..49b55f6ede 100644
---- a/nbd/server.c
-+++ b/nbd/server.c
-@@ -1358,16 +1358,14 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
- 
-     if (exp) {
-         nbd_export_get(exp);
-+        QTAILQ_INSERT_TAIL(&exp->clients, client, next);
-     }
-+    qemu_co_mutex_init(&client->send_lock);
-+
-     if (nbd_negotiate(data)) {
-         client_close(client);
-         goto out;
-     }
--    qemu_co_mutex_init(&client->send_lock);
--
--    if (exp) {
--        QTAILQ_INSERT_TAIL(&exp->clients, client, next);
--    }
- 
-     nbd_client_receive_next_request(client);
- 
-diff --git a/qemu-nbd.c b/qemu-nbd.c
-index f60842fd86..651f85ecc1 100644
---- a/qemu-nbd.c
-+++ b/qemu-nbd.c
-@@ -325,7 +325,7 @@ out:
- 
- static int nbd_can_accept(void)
- {
--    return nb_fds < shared;
-+    return state == RUNNING && nb_fds < shared;
- }
- 
- static void nbd_export_closed(NBDExport *exp)
--- 
-2.13.1
-
-From 0c9390d978cbf61e8f16c9f580fa96b305c43568 Mon Sep 17 00:00:00 2001
-From: Eric Blake <eblake@redhat.com>
-Date: Thu, 8 Jun 2017 17:26:17 -0500
-Subject: [PATCH] nbd: Fix regression on resiliency to port scan
-
-Back in qemu 2.5, qemu-nbd was immune to port probes (a transient
-server would not quit, regardless of how many probe connections
-came and went, until a connection actually negotiated).  But we
-broke that in commit ee7d7aa when removing the return value to
-nbd_client_new(), although that patch also introduced a bug causing
-an assertion failure on a client that fails negotiation.  We then
-made it worse during refactoring in commit 1a6245a (a segfault
-before we could even assert); the (masked) assertion was cleaned
-up in d3780c2 (still in 2.6), and just recently we finally fixed
-the segfault ("nbd: Fully intialize client in case of failed
-negotiation").  But that still means that ever since we added
-TLS support to qemu-nbd, we have been vulnerable to an ill-timed
-port-scan being able to cause a denial of service by taking down
-qemu-nbd before a real client has a chance to connect.
-
-Since negotiation is now handled asynchronously via coroutines,
-we no longer have a synchronous point of return by re-adding a
-return value to nbd_client_new().  So this patch instead wires
-things up to pass the negotiation status through the close_fn
-callback function.
-
-Simple test across two terminals:
-$ qemu-nbd -f raw -p 30001 file
-$ nmap 127.0.0.1 -p 30001 && \
-  qemu-io -c 'r 0 512' -f raw nbd://localhost:30001
-
-Note that this patch does not change what constitutes successful
-negotiation (thus, a client must enter transmission phase before
-that client can be considered as a reason to terminate the server
-when the connection ends).  Perhaps we may want to tweak things
-in a later patch to also treat a client that uses NBD_OPT_ABORT
-as being a 'successful' negotiation (the client correctly talked
-the NBD protocol, and informed us it was not going to use our
-export after all), but that's a discussion for another day.
-
-Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1451614
-
-Signed-off-by: Eric Blake <eblake@redhat.com>
-Message-Id: <20170608222617.20376-1-eblake@redhat.com>
-Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
----
- blockdev-nbd.c      |  6 +++++-
- include/block/nbd.h |  2 +-
- nbd/server.c        | 24 +++++++++++++++---------
- qemu-nbd.c          |  4 ++--
- 4 files changed, 23 insertions(+), 13 deletions(-)
-
-diff --git a/blockdev-nbd.c b/blockdev-nbd.c
-index dd0860f4a6..28f551a7b0 100644
---- a/blockdev-nbd.c
-+++ b/blockdev-nbd.c
-@@ -27,6 +27,10 @@ typedef struct NBDServerData {
- 
- static NBDServerData *nbd_server;
- 
-+static void nbd_blockdev_client_closed(NBDClient *client, bool ignored)
-+{
-+    nbd_client_put(client);
-+}
- 
- static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,
-                            gpointer opaque)
-@@ -46,7 +50,7 @@ static gboolean nbd_accept(QIOChannel *ioc, GIOCondition condition,
-     qio_channel_set_name(QIO_CHANNEL(cioc), "nbd-server");
-     nbd_client_new(NULL, cioc,
-                    nbd_server->tlscreds, NULL,
--                   nbd_client_put);
-+                   nbd_blockdev_client_closed);
-     object_unref(OBJECT(cioc));
-     return TRUE;
- }
-diff --git a/include/block/nbd.h b/include/block/nbd.h
-index 416257abca..8fa5ce51f3 100644
---- a/include/block/nbd.h
-+++ b/include/block/nbd.h
-@@ -162,7 +162,7 @@ void nbd_client_new(NBDExport *exp,
-                     QIOChannelSocket *sioc,
-                     QCryptoTLSCreds *tlscreds,
-                     const char *tlsaclname,
--                    void (*close)(NBDClient *));
-+                    void (*close_fn)(NBDClient *, bool));
- void nbd_client_get(NBDClient *client);
- void nbd_client_put(NBDClient *client);
- 
-diff --git a/nbd/server.c b/nbd/server.c
-index 49b55f6ede..f2b1aa47ce 100644
---- a/nbd/server.c
-+++ b/nbd/server.c
-@@ -81,7 +81,7 @@ static QTAILQ_HEAD(, NBDExport) exports = QTAILQ_HEAD_INITIALIZER(exports);
- 
- struct NBDClient {
-     int refcount;
--    void (*close)(NBDClient *client);
-+    void (*close_fn)(NBDClient *client, bool negotiated);
- 
-     bool no_zeroes;
-     NBDExport *exp;
-@@ -778,7 +778,7 @@ void nbd_client_put(NBDClient *client)
-     }
- }
- 
--static void client_close(NBDClient *client)
-+static void client_close(NBDClient *client, bool negotiated)
- {
-     if (client->closing) {
-         return;
-@@ -793,8 +793,8 @@ static void client_close(NBDClient *client)
-                          NULL);
- 
-     /* Also tell the client, so that they release their reference.  */
--    if (client->close) {
--        client->close(client);
-+    if (client->close_fn) {
-+        client->close_fn(client, negotiated);
-     }
- }
- 
-@@ -975,7 +975,7 @@ void nbd_export_close(NBDExport *exp)
- 
-     nbd_export_get(exp);
-     QTAILQ_FOREACH_SAFE(client, &exp->clients, next, next) {
--        client_close(client);
-+        client_close(client, true);
-     }
-     nbd_export_set_name(exp, NULL);
-     nbd_export_set_description(exp, NULL);
-@@ -1337,7 +1337,7 @@ done:
- 
- out:
-     nbd_request_put(req);
--    client_close(client);
-+    client_close(client, true);
-     nbd_client_put(client);
- }
- 
-@@ -1363,7 +1363,7 @@ static coroutine_fn void nbd_co_client_start(void *opaque)
-     qemu_co_mutex_init(&client->send_lock);
- 
-     if (nbd_negotiate(data)) {
--        client_close(client);
-+        client_close(client, false);
-         goto out;
-     }
- 
-@@ -1373,11 +1373,17 @@ out:
-     g_free(data);
- }
- 
-+/*
-+ * Create a new client listener on the given export @exp, using the
-+ * given channel @sioc.  Begin servicing it in a coroutine.  When the
-+ * connection closes, call @close_fn with an indication of whether the
-+ * client completed negotiation.
-+ */
- void nbd_client_new(NBDExport *exp,
-                     QIOChannelSocket *sioc,
-                     QCryptoTLSCreds *tlscreds,
-                     const char *tlsaclname,
--                    void (*close_fn)(NBDClient *))
-+                    void (*close_fn)(NBDClient *, bool))
- {
-     NBDClient *client;
-     NBDClientNewData *data = g_new(NBDClientNewData, 1);
-@@ -1394,7 +1400,7 @@ void nbd_client_new(NBDExport *exp,
-     object_ref(OBJECT(client->sioc));
-     client->ioc = QIO_CHANNEL(sioc);
-     object_ref(OBJECT(client->ioc));
--    client->close = close_fn;
-+    client->close_fn = close_fn;
- 
-     data->client = client;
-     data->co = qemu_coroutine_create(nbd_co_client_start, data);
-diff --git a/qemu-nbd.c b/qemu-nbd.c
-index 651f85ecc1..9464a0461c 100644
---- a/qemu-nbd.c
-+++ b/qemu-nbd.c
-@@ -336,10 +336,10 @@ static void nbd_export_closed(NBDExport *exp)
- 
- static void nbd_update_server_watch(void);
- 
--static void nbd_client_closed(NBDClient *client)
-+static void nbd_client_closed(NBDClient *client, bool negotiated)
- {
-     nb_fds--;
--    if (nb_fds == 0 && !persistent && state == RUNNING) {
-+    if (negotiated && nb_fds == 0 && !persistent && state == RUNNING) {
-         state = TERMINATE;
-     }
-     nbd_update_server_watch();
--- 
-2.13.1
-

gnu/packages/patches/ruby-2.2.7-rubygems-2613-ruby22.patch

@@ -0,0 +1,355 @@
+diff --git lib/rubygems.rb lib/rubygems.rb
+index f48496aa31..0e1855b148 100644
+--- ruby-2.2.7/lib/rubygems.rb
++++ ruby-2.2.7/lib/rubygems.rb
+@@ -9,7 +9,7 @@ require 'rbconfig'
+ require 'thread'
+ 
+ module Gem
+-  VERSION = '2.4.5.2'
++  VERSION = '2.4.5.3'
+ end
+ 
+ # Must be first since it unloads the prelude from 1.9.2
+diff --git lib/rubygems/commands/query_command.rb lib/rubygems/commands/query_command.rb
+index 432250e033..44364cfab2 100644
+--- ruby-2.2.7/lib/rubygems/commands/query_command.rb
++++ ruby-2.2.7/lib/rubygems/commands/query_command.rb
+@@ -218,7 +218,7 @@ is too hard to use.
+         end
+       end
+ 
+-      output << make_entry(matching_tuples, platforms)
++      output << clean_text(make_entry(matching_tuples, platforms))
+     end
+   end
+ 
+@@ -336,7 +336,8 @@ is too hard to use.
+   end
+ 
+   def spec_summary entry, spec
+-    entry << "\n\n" << format_text(spec.summary, 68, 4)
++    summary = truncate_text(spec.summary, "the summary for #{spec.full_name}")
++    entry << "\n\n" << format_text(summary, 68, 4)
+   end
+ 
+ end
+diff --git lib/rubygems/installer.rb lib/rubygems/installer.rb
+index 10fc1a34a5..a27569fe2e 100644
+--- ruby-2.2.7/lib/rubygems/installer.rb
++++ ruby-2.2.7/lib/rubygems/installer.rb
+@@ -646,6 +646,11 @@ class Gem::Installer
+       unpack or File.writable?(gem_home)
+   end
+ 
++  def verify_spec_name
++    return if spec.name =~ Gem::Specification::VALID_NAME_PATTERN
++    raise Gem::InstallError, "#{spec} has an invalid name"
++  end
++
+   ##
+   # Return the text for an application file.
+ 
+@@ -771,6 +776,8 @@ TEXT
+ 
+     ensure_loadable_spec
+ 
++    verify_spec_name
++
+     if options[:install_as_default]
+       Gem.ensure_default_gem_subdirectories gem_home
+     else
+diff --git lib/rubygems/remote_fetcher.rb lib/rubygems/remote_fetcher.rb
+index b1f6dd17fc..2b9d61c0a1 100644
+--- ruby-2.2.7/lib/rubygems/remote_fetcher.rb
++++ ruby-2.2.7/lib/rubygems/remote_fetcher.rb
+@@ -96,7 +96,7 @@ class Gem::RemoteFetcher
+     else
+       target = res.target.to_s.strip
+ 
+-      if /\.#{Regexp.quote(host)}\z/ =~ target
++      if URI("http://" + target).host.end_with?(".#{host}")
+         return URI.parse "#{uri.scheme}://#{target}#{uri.path}"
+       end
+ 
+diff --git lib/rubygems/specification.rb lib/rubygems/specification.rb
+index ab1cd92270..faca837128 100644
+--- ruby-2.2.7/lib/rubygems/specification.rb
++++ ruby-2.2.7/lib/rubygems/specification.rb
+@@ -106,6 +106,8 @@ class Gem::Specification < Gem::BasicSpecification
+ 
+   private_constant :LOAD_CACHE if defined? private_constant
+ 
++  VALID_NAME_PATTERN = /\A[a-zA-Z0-9\.\-\_]+\z/ # :nodoc:
++
+   # :startdoc:
+ 
+   ##
+@@ -2477,9 +2479,15 @@ class Gem::Specification < Gem::BasicSpecification
+       end
+     end
+ 
+-    unless String === name then
++    if !name.is_a?(String) then
+       raise Gem::InvalidSpecificationException,
+-            "invalid value for attribute name: \"#{name.inspect}\""
++            "invalid value for attribute name: \"#{name.inspect}\" must be a string"
++    elsif name !~ /[a-zA-Z]/ then
++      raise Gem::InvalidSpecificationException,
++            "invalid value for attribute name: #{name.dump} must include at least one letter"
++    elsif name !~ VALID_NAME_PATTERN then
++      raise Gem::InvalidSpecificationException,
++            "invalid value for attribute name: #{name.dump} can only include letters, numbers, dashes, and underscores"
+     end
+ 
+     if raw_require_paths.empty? then
+diff --git lib/rubygems/text.rb lib/rubygems/text.rb
+index 5c9287ad2e..86a722ffc0 100644
+--- ruby-2.2.7/lib/rubygems/text.rb
++++ ruby-2.2.7/lib/rubygems/text.rb
+@@ -5,13 +5,26 @@ require 'rubygems'
+ 
+ module Gem::Text
+ 
++  ##
++  # Remove any non-printable characters and make the text suitable for
++  # printing.
++  def clean_text(text)
++    text.gsub(/[\000-\b\v-\f\016-\037\177]/, ".".freeze)
++  end
++
++  def truncate_text(text, description, max_length = 100_000)
++    raise ArgumentError, "max_length must be positive" unless max_length > 0
++    return text if text.size <= max_length
++    "Truncating #{description} to #{max_length.to_s.reverse.gsub(/...(?=.)/,'\&,').reverse} characters:\n" + text[0, max_length]
++  end
++
+   ##
+   # Wraps +text+ to +wrap+ characters and optionally indents by +indent+
+   # characters
+ 
+   def format_text(text, wrap, indent=0)
+     result = []
+-    work = text.dup
++    work = clean_text(text)
+ 
+     while work.length > wrap do
+       if work =~ /^(.{0,#{wrap}})[ \n]/ then
+diff --git test/rubygems/test_gem_commands_query_command.rb test/rubygems/test_gem_commands_query_command.rb
+index 43fa82571d..ccd2621874 100644
+--- ruby-2.2.7/test/rubygems/test_gem_commands_query_command.rb
++++ ruby-2.2.7/test/rubygems/test_gem_commands_query_command.rb
+@@ -147,6 +147,86 @@ a (2)
+     This is a lot of text. This is a lot of text. This is a lot of text.
+     This is a lot of text.
+ 
++pl (1)
++    Platform: i386-linux
++    Author: A User
++    Homepage: http://example.com
++
++    this is a summary
++    EOF
++
++    assert_equal expected, @ui.output
++    assert_equal '', @ui.error
++  end
++
++  def test_execute_details_cleans_text
++    spec_fetcher do |fetcher|
++      fetcher.spec 'a', 2 do |s|
++        s.summary = 'This is a lot of text. ' * 4
++        s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"]
++        s.homepage = "http://a.example.com/\x03"
++      end
++
++      fetcher.legacy_platform
++    end
++
++    @cmd.handle_options %w[-r -d]
++
++    use_ui @ui do
++      @cmd.execute
++    end
++
++    expected = <<-EOF
++
++*** REMOTE GEMS ***
++
++a (2)
++    Authors: Abraham Lincoln ., . Hirohito
++    Homepage: http://a.example.com/.
++
++    This is a lot of text. This is a lot of text. This is a lot of text.
++    This is a lot of text.
++
++pl (1)
++    Platform: i386-linux
++    Author: A User
++    Homepage: http://example.com
++
++    this is a summary
++    EOF
++
++    assert_equal expected, @ui.output
++    assert_equal '', @ui.error
++  end
++
++  def test_execute_details_truncates_summary
++    spec_fetcher do |fetcher|
++      fetcher.spec 'a', 2 do |s|
++        s.summary = 'This is a lot of text. ' * 10_000
++        s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"]
++        s.homepage = "http://a.example.com/\x03"
++      end
++
++      fetcher.legacy_platform
++    end
++
++    @cmd.handle_options %w[-r -d]
++
++    use_ui @ui do
++      @cmd.execute
++    end
++
++    expected = <<-EOF
++
++*** REMOTE GEMS ***
++
++a (2)
++    Authors: Abraham Lincoln ., . Hirohito
++    Homepage: http://a.example.com/.
++
++    Truncating the summary for a-2 to 100,000 characters:
++#{"    This is a lot of text. This is a lot of text. This is a lot of text.\n" * 1449}    This is a lot of te
++
+ pl (1)
+     Platform: i386-linux
+     Author: A User
+diff --git test/rubygems/test_gem_installer.rb test/rubygems/test_gem_installer.rb
+index 6f8012feb8..aba73af181 100644
+--- ruby-2.2.7/test/rubygems/test_gem_installer.rb
++++ ruby-2.2.7/test/rubygems/test_gem_installer.rb
+@@ -1214,6 +1214,26 @@ gem 'other', version
+     end
+   end
+ 
++  def test_pre_install_checks_malicious_name
++    spec = util_spec '../malicious', '1'
++    def spec.full_name # so the spec is buildable
++      "malicious-1"
++    end
++    def spec.validate; end
++
++    util_build_gem spec
++
++    gem = File.join(@gemhome, 'cache', spec.file_name)
++
++    use_ui @ui do
++      @installer = Gem::Installer.at gem
++      e = assert_raises Gem::InstallError do
++        @installer.pre_install_checks
++      end
++      assert_equal '#<Gem::Specification name=../malicious version=1> has an invalid name', e.message
++    end
++  end
++
+   def test_shebang
+     util_make_exec @spec, "#!/usr/bin/ruby"
+ 
+diff --git test/rubygems/test_gem_remote_fetcher.rb test/rubygems/test_gem_remote_fetcher.rb
+index 63dd8feb38..ca4627810b 100644
+--- ruby-2.2.7/test/rubygems/test_gem_remote_fetcher.rb
++++ ruby-2.2.7/test/rubygems/test_gem_remote_fetcher.rb
+@@ -181,6 +181,21 @@ gems:
+     dns.verify
+   end
+ 
++  def test_api_endpoint_ignores_trans_domain_values_that_end_with_original_in_path
++    uri = URI.parse "http://example.com/foo"
++    target = MiniTest::Mock.new
++    target.expect :target, "evil.com/a.example.com"
++
++    dns = MiniTest::Mock.new
++    dns.expect :getresource, target, [String, Object]
++
++    fetch = Gem::RemoteFetcher.new nil, dns
++    assert_equal URI.parse("http://example.com/foo"), fetch.api_endpoint(uri)
++
++    target.verify
++    dns.verify
++  end
++
+   def test_api_endpoint_ignores_trans_domain_values
+     uri = URI.parse "http://gems.example.com/foo"
+     target = MiniTest::Mock.new
+diff --git test/rubygems/test_gem_specification.rb test/rubygems/test_gem_specification.rb
+index 3cadc55d5d..4f7076a03a 100644
+--- ruby-2.2.7/test/rubygems/test_gem_specification.rb
++++ ruby-2.2.7/test/rubygems/test_gem_specification.rb
+@@ -2610,7 +2610,37 @@ http://opensource.org/licenses/alphabetical
+       @a1.validate
+     end
+ 
+-    assert_equal 'invalid value for attribute name: ":json"', e.message
++    assert_equal 'invalid value for attribute name: ":json" must be a string', e.message
++
++    @a1.name = []
++    e = assert_raises Gem::InvalidSpecificationException do
++      @a1.validate
++    end
++    assert_equal "invalid value for attribute name: \"[]\" must be a string", e.message
++
++    @a1.name = ""
++    e = assert_raises Gem::InvalidSpecificationException do
++      @a1.validate
++    end
++    assert_equal "invalid value for attribute name: \"\" must include at least one letter", e.message
++
++    @a1.name = "12345"
++    e = assert_raises Gem::InvalidSpecificationException do
++      @a1.validate
++    end
++    assert_equal "invalid value for attribute name: \"12345\" must include at least one letter", e.message
++
++    @a1.name = "../malicious"
++    e = assert_raises Gem::InvalidSpecificationException do
++      @a1.validate
++    end
++    assert_equal "invalid value for attribute name: \"../malicious\" can only include letters, numbers, dashes, and underscores", e.message
++
++    @a1.name = "\ba\t"
++    e = assert_raises Gem::InvalidSpecificationException do
++      @a1.validate
++    end
++    assert_equal "invalid value for attribute name: \"\\ba\\t\" can only include letters, numbers, dashes, and underscores", e.message
+   end
+ 
+   def test_validate_non_nil
+diff --git test/rubygems/test_gem_text.rb test/rubygems/test_gem_text.rb
+index e5cfc41e61..9b270b481b 100644
+--- ruby-2.2.7/test/rubygems/test_gem_text.rb
++++ ruby-2.2.7/test/rubygems/test_gem_text.rb
+@@ -35,6 +35,10 @@ Without the wrapping, the text might not look good in the RSS feed.
+     assert_equal expected, format_text(text, 78)
+   end
+ 
++  def test_format_removes_nonprintable_characters
++    assert_equal "text with weird .. stuff .", format_text("text with weird \x1b\x02 stuff \x7f", 40)
++  end
++
+   def test_min3
+     assert_equal 1, min3(1, 1, 1)
+     assert_equal 1, min3(1, 1, 2)
+@@ -71,4 +75,11 @@ Without the wrapping, the text might not look good in the RSS feed.
+     assert_equal 7, levenshtein_distance("xxxxxxx", "ZenTest")
+     assert_equal 7, levenshtein_distance("zentest", "xxxxxxx")
+   end
++
++  def test_truncate_text
++    assert_equal "abc", truncate_text("abc", "desc")
++    assert_equal "Truncating desc to 2 characters:\nab", truncate_text("abc", "desc", 2)
++    s = "ab" * 500_001
++    assert_equal "Truncating desc to 1,000,000 characters:\n#{s[0, 1_000_000]}", truncate_text(s, "desc", 1_000_000)
++  end
+ end

gnu/packages/patches/ruby-2.3.4-rubygems-2613-ruby23.patch

@@ -0,0 +1,355 @@
+diff --git lib/rubygems.rb lib/rubygems.rb
+index 04031c765c..9c0219ce06 100644
+--- ruby-2.3.4/lib/rubygems.rb
++++ ruby-2.3.4/lib/rubygems.rb
+@@ -10,7 +10,7 @@
+ require 'thread'
+ 
+ module Gem
+-  VERSION = '2.5.2'
++  VERSION = '2.5.2.1'
+ end
+ 
+ # Must be first since it unloads the prelude from 1.9.2
+diff --git lib/rubygems/commands/query_command.rb lib/rubygems/commands/query_command.rb
+index d6196b44ed..61e9808860 100644
+--- ruby-2.3.4/lib/rubygems/commands/query_command.rb
++++ ruby-2.3.4/lib/rubygems/commands/query_command.rb
+@@ -226,7 +226,7 @@ def output_versions output, versions
+         end
+       end
+ 
+-      output << make_entry(matching_tuples, platforms)
++      output << clean_text(make_entry(matching_tuples, platforms))
+     end
+   end
+ 
+@@ -344,7 +344,8 @@ def spec_platforms entry, platforms
+   end
+ 
+   def spec_summary entry, spec
+-    entry << "\n\n" << format_text(spec.summary, 68, 4)
++    summary = truncate_text(spec.summary, "the summary for #{spec.full_name}")
++    entry << "\n\n" << format_text(summary, 68, 4)
+   end
+ 
+ end
+diff --git lib/rubygems/installer.rb lib/rubygems/installer.rb
+index 85358e0d1a..709b77d126 100644
+--- ruby-2.3.4/lib/rubygems/installer.rb
++++ ruby-2.3.4/lib/rubygems/installer.rb
+@@ -693,6 +693,11 @@ def verify_gem_home(unpack = false) # :nodoc:
+       unpack or File.writable?(gem_home)
+   end
+ 
++  def verify_spec_name
++    return if spec.name =~ Gem::Specification::VALID_NAME_PATTERN
++    raise Gem::InstallError, "#{spec} has an invalid name"
++  end
++
+   ##
+   # Return the text for an application file.
+ 
+@@ -812,6 +817,8 @@ def pre_install_checks
+ 
+     ensure_loadable_spec
+ 
++    verify_spec_name
++
+     if options[:install_as_default]
+       Gem.ensure_default_gem_subdirectories gem_home
+     else
+diff --git lib/rubygems/remote_fetcher.rb lib/rubygems/remote_fetcher.rb
+index fda1e067ef..254bebfadf 100644
+--- ruby-2.3.4/lib/rubygems/remote_fetcher.rb
++++ ruby-2.3.4/lib/rubygems/remote_fetcher.rb
+@@ -104,7 +104,7 @@ def api_endpoint(uri)
+     else
+       target = res.target.to_s.strip
+ 
+-      if /\.#{Regexp.quote(host)}\z/ =~ target
++      if URI("http://" + target).host.end_with?(".#{host}")
+         return URI.parse "#{uri.scheme}://#{target}#{uri.path}"
+       end
+ 
+diff --git lib/rubygems/specification.rb lib/rubygems/specification.rb
+index 8e2557cdb2..dd4fde1776 100644
+--- ruby-2.3.4/lib/rubygems/specification.rb
++++ ruby-2.3.4/lib/rubygems/specification.rb
+@@ -108,6 +108,8 @@ class Gem::Specification < Gem::BasicSpecification
+ 
+   private_constant :LOAD_CACHE if defined? private_constant
+ 
++  VALID_NAME_PATTERN = /\A[a-zA-Z0-9\.\-\_]+\z/ # :nodoc:
++
+   # :startdoc:
+ 
+   ##
+@@ -2665,9 +2667,15 @@ def validate packaging = true
+       end
+     end
+ 
+-    unless String === name then
++    if !name.is_a?(String) then
+       raise Gem::InvalidSpecificationException,
+-            "invalid value for attribute name: \"#{name.inspect}\""
++            "invalid value for attribute name: \"#{name.inspect}\" must be a string"
++    elsif name !~ /[a-zA-Z]/ then
++      raise Gem::InvalidSpecificationException,
++            "invalid value for attribute name: #{name.dump} must include at least one letter"
++    elsif name !~ VALID_NAME_PATTERN then
++      raise Gem::InvalidSpecificationException,
++            "invalid value for attribute name: #{name.dump} can only include letters, numbers, dashes, and underscores"
+     end
+ 
+     if raw_require_paths.empty? then
+diff --git lib/rubygems/text.rb lib/rubygems/text.rb
+index 732f1b99f2..b944b62c27 100644
+--- ruby-2.3.4/lib/rubygems/text.rb
++++ ruby-2.3.4/lib/rubygems/text.rb
+@@ -6,13 +6,26 @@
+ 
+ module Gem::Text
+ 
++  ##
++  # Remove any non-printable characters and make the text suitable for
++  # printing.
++  def clean_text(text)
++    text.gsub(/[\000-\b\v-\f\016-\037\177]/, ".".freeze)
++  end
++
++  def truncate_text(text, description, max_length = 100_000)
++    raise ArgumentError, "max_length must be positive" unless max_length > 0
++    return text if text.size <= max_length
++    "Truncating #{description} to #{max_length.to_s.reverse.gsub(/...(?=.)/,'\&,').reverse} characters:\n" + text[0, max_length]
++  end
++
+   ##
+   # Wraps +text+ to +wrap+ characters and optionally indents by +indent+
+   # characters
+ 
+   def format_text(text, wrap, indent=0)
+     result = []
+-    work = text.dup
++    work = clean_text(text)
+ 
+     while work.length > wrap do
+       if work =~ /^(.{0,#{wrap}})[ \n]/ then
+diff --git test/rubygems/test_gem_commands_query_command.rb test/rubygems/test_gem_commands_query_command.rb
+index 78c15a1770..9ec715492f 100644
+--- ruby-2.3.4/test/rubygems/test_gem_commands_query_command.rb
++++ ruby-2.3.4/test/rubygems/test_gem_commands_query_command.rb
+@@ -116,6 +116,86 @@ def test_execute_details
+     This is a lot of text. This is a lot of text. This is a lot of text.
+     This is a lot of text.
+ 
++pl (1)
++    Platform: i386-linux
++    Author: A User
++    Homepage: http://example.com
++
++    this is a summary
++    EOF
++
++    assert_equal expected, @ui.output
++    assert_equal '', @ui.error
++  end
++
++  def test_execute_details_cleans_text
++    spec_fetcher do |fetcher|
++      fetcher.spec 'a', 2 do |s|
++        s.summary = 'This is a lot of text. ' * 4
++        s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"]
++        s.homepage = "http://a.example.com/\x03"
++      end
++
++      fetcher.legacy_platform
++    end
++
++    @cmd.handle_options %w[-r -d]
++
++    use_ui @ui do
++      @cmd.execute
++    end
++
++    expected = <<-EOF
++
++*** REMOTE GEMS ***
++
++a (2)
++    Authors: Abraham Lincoln ., . Hirohito
++    Homepage: http://a.example.com/.
++
++    This is a lot of text. This is a lot of text. This is a lot of text.
++    This is a lot of text.
++
++pl (1)
++    Platform: i386-linux
++    Author: A User
++    Homepage: http://example.com
++
++    this is a summary
++    EOF
++
++    assert_equal expected, @ui.output
++    assert_equal '', @ui.error
++  end
++
++  def test_execute_details_truncates_summary
++    spec_fetcher do |fetcher|
++      fetcher.spec 'a', 2 do |s|
++        s.summary = 'This is a lot of text. ' * 10_000
++        s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"]
++        s.homepage = "http://a.example.com/\x03"
++      end
++
++      fetcher.legacy_platform
++    end
++
++    @cmd.handle_options %w[-r -d]
++
++    use_ui @ui do
++      @cmd.execute
++    end
++
++    expected = <<-EOF
++
++*** REMOTE GEMS ***
++
++a (2)
++    Authors: Abraham Lincoln ., . Hirohito
++    Homepage: http://a.example.com/.
++
++    Truncating the summary for a-2 to 100,000 characters:
++#{"    This is a lot of text. This is a lot of text. This is a lot of text.\n" * 1449}    This is a lot of te
++
+ pl (1)
+     Platform: i386-linux
+     Author: A User
+diff --git test/rubygems/test_gem_installer.rb test/rubygems/test_gem_installer.rb
+index 5ec71d0a01..1092a0c68f 100644
+--- ruby-2.3.4/test/rubygems/test_gem_installer.rb
++++ ruby-2.3.4/test/rubygems/test_gem_installer.rb
+@@ -1227,6 +1227,26 @@ def test_pre_install_checks_wrong_rubygems_version
+     end
+   end
+ 
++  def test_pre_install_checks_malicious_name
++    spec = util_spec '../malicious', '1'
++    def spec.full_name # so the spec is buildable
++      "malicious-1"
++    end
++    def spec.validate; end
++
++    util_build_gem spec
++
++    gem = File.join(@gemhome, 'cache', spec.file_name)
++
++    use_ui @ui do
++      @installer = Gem::Installer.at gem
++      e = assert_raises Gem::InstallError do
++        @installer.pre_install_checks
++      end
++      assert_equal '#<Gem::Specification name=../malicious version=1> has an invalid name', e.message
++    end
++  end
++
+   def test_shebang
+     util_make_exec @spec, "#!/usr/bin/ruby"
+ 
+diff --git test/rubygems/test_gem_remote_fetcher.rb test/rubygems/test_gem_remote_fetcher.rb
+index 49b6b6656c..a3919c8ef2 100644
+--- ruby-2.3.4/test/rubygems/test_gem_remote_fetcher.rb
++++ ruby-2.3.4/test/rubygems/test_gem_remote_fetcher.rb
+@@ -253,6 +253,21 @@ def test_api_endpoint_ignores_trans_domain_values_that_end_with_original
+     dns.verify
+   end
+ 
++  def test_api_endpoint_ignores_trans_domain_values_that_end_with_original_in_path
++    uri = URI.parse "http://example.com/foo"
++    target = MiniTest::Mock.new
++    target.expect :target, "evil.com/a.example.com"
++
++    dns = MiniTest::Mock.new
++    dns.expect :getresource, target, [String, Object]
++
++    fetch = Gem::RemoteFetcher.new nil, dns
++    assert_equal URI.parse("http://example.com/foo"), fetch.api_endpoint(uri)
++
++    target.verify
++    dns.verify
++  end
++
+   def test_api_endpoint_timeout_warning
+     uri = URI.parse "http://gems.example.com/foo"
+ 
+diff --git test/rubygems/test_gem_specification.rb test/rubygems/test_gem_specification.rb
+index bc1c8d2ca7..9a49bbbf59 100644
+--- ruby-2.3.4/test/rubygems/test_gem_specification.rb
++++ ruby-2.3.4/test/rubygems/test_gem_specification.rb
+@@ -2974,7 +2974,37 @@ def test_validate_name
+       @a1.validate
+     end
+ 
+-    assert_equal 'invalid value for attribute name: ":json"', e.message
++    assert_equal 'invalid value for attribute name: ":json" must be a string', e.message
++
++    @a1.name = []
++    e = assert_raises Gem::InvalidSpecificationException do
++      @a1.validate
++    end
++    assert_equal "invalid value for attribute name: \"[]\" must be a string", e.message
++
++    @a1.name = ""
++    e = assert_raises Gem::InvalidSpecificationException do
++      @a1.validate
++    end
++    assert_equal "invalid value for attribute name: \"\" must include at least one letter", e.message
++
++    @a1.name = "12345"
++    e = assert_raises Gem::InvalidSpecificationException do
++      @a1.validate
++    end
++    assert_equal "invalid value for attribute name: \"12345\" must include at least one letter", e.message
++
++    @a1.name = "../malicious"
++    e = assert_raises Gem::InvalidSpecificationException do
++      @a1.validate
++    end
++    assert_equal "invalid value for attribute name: \"../malicious\" can only include letters, numbers, dashes, and underscores", e.message
++
++    @a1.name = "\ba\t"
++    e = assert_raises Gem::InvalidSpecificationException do
++      @a1.validate
++    end
++    assert_equal "invalid value for attribute name: \"\\ba\\t\" can only include letters, numbers, dashes, and underscores", e.message
+   end
+ 
+   def test_validate_non_nil
+diff --git test/rubygems/test_gem_text.rb test/rubygems/test_gem_text.rb
+index a6e22e04da..04f3f605e8 100644
+--- ruby-2.3.4/test/rubygems/test_gem_text.rb
++++ ruby-2.3.4/test/rubygems/test_gem_text.rb
+@@ -36,6 +36,10 @@ def test_format_text_trailing # for two spaces after .
+     assert_equal expected, format_text(text, 78)
+   end
+ 
++  def test_format_removes_nonprintable_characters
++    assert_equal "text with weird .. stuff .", format_text("text with weird \x1b\x02 stuff \x7f", 40)
++  end
++
+   def test_min3
+     assert_equal 1, min3(1, 1, 1)
+     assert_equal 1, min3(1, 1, 2)
+@@ -74,4 +78,11 @@ def test_levenshtein_distance_replace
+     assert_equal 7, levenshtein_distance("xxxxxxx", "ZenTest")
+     assert_equal 7, levenshtein_distance("zentest", "xxxxxxx")
+   end
++
++  def test_truncate_text
++    assert_equal "abc", truncate_text("abc", "desc")
++    assert_equal "Truncating desc to 2 characters:\nab", truncate_text("abc", "desc", 2)
++    s = "ab" * 500_001
++    assert_equal "Truncating desc to 1,000,000 characters:\n#{s[0, 1_000_000]}", truncate_text(s, "desc", 1_000_000)
++  end
+ end

gnu/packages/patches/ruby-rubygems-2612-ruby24.patch

@@ -0,0 +1,437 @@
+diff --git lib/rubygems.rb lib/rubygems.rb
+index 5cd1a4c47a..bc5bf9b4c2 100644
+--- ruby-2.4.1/lib/rubygems.rb
++++ ruby-2.4.1/lib/rubygems.rb
+@@ -10,7 +10,7 @@
+ require 'thread'
+ 
+ module Gem
+-  VERSION = "2.6.11"
++  VERSION = "2.6.12"
+ end
+ 
+ # Must be first since it unloads the prelude from 1.9.2
+@@ -234,6 +234,7 @@ def self.needs
+ 
+   def self.finish_resolve(request_set=Gem::RequestSet.new)
+     request_set.import Gem::Specification.unresolved_deps.values
++    request_set.import Gem.loaded_specs.values.map {|s| Gem::Dependency.new(s.name, s.version) }
+ 
+     request_set.resolve_current.each do |s|
+       s.full_spec.activate
+diff --git lib/rubygems/commands/open_command.rb lib/rubygems/commands/open_command.rb
+index a89b7421e3..059635e835 100644
+--- ruby-2.4.1/lib/rubygems/commands/open_command.rb
++++ ruby-2.4.1/lib/rubygems/commands/open_command.rb
+@@ -72,7 +72,7 @@ def open_editor path
+   end
+ 
+   def spec_for name
+-    spec = Gem::Specification.find_all_by_name(name, @version).last
++    spec = Gem::Specification.find_all_by_name(name, @version).first
+ 
+     return spec if spec
+ 
+diff --git lib/rubygems/commands/query_command.rb lib/rubygems/commands/query_command.rb
+index f25d120b88..70f8127292 100644
+--- ruby-2.4.1/lib/rubygems/commands/query_command.rb
++++ ruby-2.4.1/lib/rubygems/commands/query_command.rb
+@@ -86,7 +86,7 @@ def execute
+       name = Array(options[:name])
+     else
+       args = options[:args].to_a
+-      name = options[:exact] ? args : args.map{|arg| /#{arg}/i }
++      name = options[:exact] ? args.map{|arg| /\A#{Regexp.escape(arg)}\Z/ } : args.map{|arg| /#{arg}/i }
+     end
+ 
+     prerelease = options[:prerelease]
+diff --git lib/rubygems/commands/sources_command.rb lib/rubygems/commands/sources_command.rb
+index 9832afd214..7e46963a4c 100644
+--- ruby-2.4.1/lib/rubygems/commands/sources_command.rb
++++ ruby-2.4.1/lib/rubygems/commands/sources_command.rb
+@@ -44,7 +44,7 @@ def add_source source_uri # :nodoc:
+     source = Gem::Source.new source_uri
+ 
+     begin
+-      if Gem.sources.include? source_uri then
++      if Gem.sources.include? source then
+         say "source #{source_uri} already present in the cache"
+       else
+         source.load_specs :released
+diff --git lib/rubygems/dependency_list.rb lib/rubygems/dependency_list.rb
+index 35fe7c4c1a..d8314eaf60 100644
+--- ruby-2.4.1/lib/rubygems/dependency_list.rb
++++ ruby-2.4.1/lib/rubygems/dependency_list.rb
+@@ -104,7 +104,7 @@ def find_name(full_name)
+   end
+ 
+   def inspect # :nodoc:
+-    "#<%s:0x%x %p>" % [self.class, object_id, map { |s| s.full_name }]
++    "%s %p>" % [super[0..-2], map { |s| s.full_name }]
+   end
+ 
+   ##
+diff --git lib/rubygems/installer.rb lib/rubygems/installer.rb
+index f4d3e728de..967543c2d1 100644
+--- ruby-2.4.1/lib/rubygems/installer.rb
++++ ruby-2.4.1/lib/rubygems/installer.rb
+@@ -214,7 +214,7 @@ def check_executable_overwrite filename # :nodoc:
+ 
+       ruby_executable = true
+       existing = io.read.slice(%r{
+-          ^(
++          ^\s*(
+             gem \s |
+             load \s Gem\.bin_path\( |
+             load \s Gem\.activate_bin_path\(
+@@ -701,6 +701,8 @@ def verify_gem_home(unpack = false) # :nodoc:
+   # Return the text for an application file.
+ 
+   def app_script_text(bin_file_name)
++    # note that the `load` lines cannot be indented, as old RG versions match
++    # against the beginning of the line
+     return <<-TEXT
+ #{shebang bin_file_name}
+ #
+@@ -723,7 +725,12 @@ def app_script_text(bin_file_name)
+   end
+ end
+ 
++if Gem.respond_to?(:activate_bin_path)
+ load Gem.activate_bin_path('#{spec.name}', '#{bin_file_name}', version)
++else
++gem #{spec.name.dump}, version
++load Gem.bin_path(#{spec.name.dump}, #{bin_file_name.dump}, version)
++end
+ TEXT
+   end
+ 
+diff --git lib/rubygems/platform.rb lib/rubygems/platform.rb
+index d22d91ae54..2dd9ed5782 100644
+--- ruby-2.4.1/lib/rubygems/platform.rb
++++ ruby-2.4.1/lib/rubygems/platform.rb
+@@ -112,7 +112,7 @@ def initialize(arch)
+   end
+ 
+   def inspect
+-    "#<%s:0x%x @cpu=%p, @os=%p, @version=%p>" % [self.class, object_id, *to_a]
++    "%s @cpu=%p, @os=%p, @version=%p>" % [super[0..-2], *to_a]
+   end
+ 
+   def to_a
+diff --git lib/rubygems/security.rb lib/rubygems/security.rb
+index 119d6d56f7..6963ca156f 100644
+--- ruby-2.4.1/lib/rubygems/security.rb
++++ ruby-2.4.1/lib/rubygems/security.rb
+@@ -455,7 +455,7 @@ def self.create_cert_self_signed subject, key, age = ONE_YEAR,
+ 
+   ##
+   # Creates a new key pair of the specified +length+ and +algorithm+.  The
+-  # default is a 2048 bit RSA key.
++  # default is a 3072 bit RSA key.
+ 
+   def self.create_key length = KEY_LENGTH, algorithm = KEY_ALGORITHM
+     algorithm.new length
+diff --git lib/rubygems/server.rb lib/rubygems/server.rb
+index 81df0e608e..df4eb566d3 100644
+--- ruby-2.4.1/lib/rubygems/server.rb
++++ ruby-2.4.1/lib/rubygems/server.rb
+@@ -657,7 +657,7 @@ def root(req, res)
+       "only_one_executable" => true,
+       "full_name" => "rubygems-#{Gem::VERSION}",
+       "has_deps" => false,
+-      "homepage" => "http://docs.rubygems.org/",
++      "homepage" => "http://guides.rubygems.org/",
+       "name" => 'rubygems',
+       "ri_installed" => true,
+       "summary" => "RubyGems itself",
+diff --git lib/rubygems/specification.rb lib/rubygems/specification.rb
+index a2f289d162..500f0af768 100644
+--- ruby-2.4.1/lib/rubygems/specification.rb
++++ ruby-2.4.1/lib/rubygems/specification.rb
+@@ -2105,7 +2105,7 @@ def inspect # :nodoc:
+     if $DEBUG
+       super
+     else
+-      "#<#{self.class}:0x#{__id__.to_s(16)} #{full_name}>"
++      "#{super[0..-2]} #{full_name}>"
+     end
+   end
+ 
+diff --git lib/rubygems/test_case.rb lib/rubygems/test_case.rb
+index 86b68e1efb..4e48f1eb4c 100644
+--- ruby-2.4.1/lib/rubygems/test_case.rb
++++ ruby-2.4.1/lib/rubygems/test_case.rb
+@@ -484,7 +484,7 @@ def git_gem name = 'a', version = 1
+ 
+       system @git, 'add', gemspec
+       system @git, 'commit', '-a', '-m', 'a non-empty commit message', '--quiet'
+-      head = Gem::Util.popen('git', 'rev-parse', 'master').strip
++      head = Gem::Util.popen(@git, 'rev-parse', 'master').strip
+     end
+ 
+     return name, git_spec.version, directory, head
+@@ -1498,6 +1498,8 @@ def self.key_path key_name
+ begin
+   gem 'rdoc'
+   require 'rdoc'
++
++  require 'rubygems/rdoc'
+ rescue LoadError, Gem::LoadError
+ end
+ 
+@@ -1514,3 +1516,4 @@ def self.key_path key_name
+ pid = $$
+ END {tmpdirs.each {|dir| Dir.rmdir(dir)} if $$ == pid}
+ Gem.clear_paths
++Gem.loaded_specs.clear
+diff --git test/rubygems/test_gem.rb test/rubygems/test_gem.rb
+index a605f9cdfe..62b36dfd41 100644
+--- ruby-2.4.1/test/rubygems/test_gem.rb
++++ ruby-2.4.1/test/rubygems/test_gem.rb
+@@ -75,6 +75,29 @@ def test_self_finish_resolve_wtf
+     end
+   end
+ 
++  def test_self_finish_resolve_respects_loaded_specs
++    save_loaded_features do
++      a1 = new_spec "a", "1", "b" => "> 0"
++      b1 = new_spec "b", "1", "c" => ">= 1"
++      b2 = new_spec "b", "2", "c" => ">= 2"
++      c1 = new_spec "c", "1"
++      c2 = new_spec "c", "2"
++
++      install_specs c1, c2, b1, b2, a1
++
++      a1.activate
++      c1.activate
++
++      assert_equal %w(a-1 c-1), loaded_spec_names
++      assert_equal ["b (> 0)"], unresolved_names
++
++      Gem.finish_resolve
++
++      assert_equal %w(a-1 b-1 c-1), loaded_spec_names
++      assert_equal [], unresolved_names
++    end
++  end
++
+   def test_self_install
+     spec_fetcher do |f|
+       f.gem  'a', 1
+@@ -492,7 +515,7 @@ def test_self_find_files_with_gemfile
+     skip if RUBY_VERSION <= "1.8.7"
+ 
+     cwd = File.expand_path("test/rubygems", @@project_dir)
+-    $LOAD_PATH.unshift cwd
++    actual_load_path = $LOAD_PATH.unshift(cwd).dup
+ 
+     discover_path = File.join 'lib', 'sff', 'discover.rb'
+ 
+@@ -518,12 +541,12 @@ def test_self_find_files_with_gemfile
+     expected = [
+       File.expand_path('test/rubygems/sff/discover.rb', @@project_dir),
+       File.join(foo1.full_gem_path, discover_path)
+-    ]
++    ].sort
+ 
+-    assert_equal expected, Gem.find_files('sff/discover')
+-    assert_equal expected, Gem.find_files('sff/**.rb'), '[ruby-core:31730]'
++    assert_equal expected, Gem.find_files('sff/discover').sort
++    assert_equal expected, Gem.find_files('sff/**.rb').sort, '[ruby-core:31730]'
+   ensure
+-    assert_equal cwd, $LOAD_PATH.shift unless RUBY_VERSION <= "1.8.7"
++    assert_equal cwd, actual_load_path.shift unless RUBY_VERSION <= "1.8.7"
+   end
+ 
+   def test_self_find_latest_files
+diff --git test/rubygems/test_gem_commands_open_command.rb test/rubygems/test_gem_commands_open_command.rb
+index 3ec38972e6..a96fa6ea23 100644
+--- ruby-2.4.1/test/rubygems/test_gem_commands_open_command.rb
++++ ruby-2.4.1/test/rubygems/test_gem_commands_open_command.rb
+@@ -24,7 +24,8 @@ def test_execute
+     @cmd.options[:args] = %w[foo]
+     @cmd.options[:editor] = "#{Gem.ruby} -e0 --"
+ 
+-    spec = gem 'foo'
++    gem 'foo', '1.0.0'
++    spec = gem 'foo', '1.0.1'
+     mock = MiniTest::Mock.new
+     mock.expect(:call, true, [spec.full_gem_path])
+ 
+diff --git test/rubygems/test_gem_commands_query_command.rb test/rubygems/test_gem_commands_query_command.rb
+index 223f205b2d..d8d682b136 100644
+--- ruby-2.4.1/test/rubygems/test_gem_commands_query_command.rb
++++ ruby-2.4.1/test/rubygems/test_gem_commands_query_command.rb
+@@ -642,7 +642,7 @@ def test_execute_local_details
+     assert_equal expected, @ui.output
+   end
+ 
+-  def test_execute_exact
++  def test_execute_exact_remote
+     spec_fetcher do |fetcher|
+       fetcher.spec 'coolgem-omg', 3
+       fetcher.spec 'coolgem', '4.2.1'
+@@ -665,6 +665,60 @@ def test_execute_exact
+     assert_equal expected, @ui.output
+   end
+ 
++  def test_execute_exact_local
++    spec_fetcher do |fetcher|
++      fetcher.spec 'coolgem-omg', 3
++      fetcher.spec 'coolgem', '4.2.1'
++      fetcher.spec 'wow_coolgem', 1
++    end
++
++    @cmd.handle_options %w[--exact coolgem]
++
++    use_ui @ui do
++      @cmd.execute
++    end
++
++    expected = <<-EOF
++
++*** LOCAL GEMS ***
++
++coolgem (4.2.1)
++    EOF
++
++    assert_equal expected, @ui.output
++  end
++
++  def test_execute_exact_multiple
++    spec_fetcher do |fetcher|
++      fetcher.spec 'coolgem-omg', 3
++      fetcher.spec 'coolgem', '4.2.1'
++      fetcher.spec 'wow_coolgem', 1
++
++      fetcher.spec 'othergem-omg', 3
++      fetcher.spec 'othergem', '1.2.3'
++      fetcher.spec 'wow_othergem', 1
++    end
++
++    @cmd.handle_options %w[--exact coolgem othergem]
++
++    use_ui @ui do
++      @cmd.execute
++    end
++
++    expected = <<-EOF
++
++*** LOCAL GEMS ***
++
++coolgem (4.2.1)
++
++*** LOCAL GEMS ***
++
++othergem (1.2.3)
++    EOF
++
++    assert_equal expected, @ui.output
++  end
++
+   private
+ 
+   def add_gems_to_fetcher
+diff --git test/rubygems/test_gem_commands_sources_command.rb test/rubygems/test_gem_commands_sources_command.rb
+index 014b4b4c12..d5b6d99419 100644
+--- ruby-2.4.1/test/rubygems/test_gem_commands_sources_command.rb
++++ ruby-2.4.1/test/rubygems/test_gem_commands_sources_command.rb
+@@ -108,6 +108,58 @@ def test_execute_add_redundant_source
+     assert_equal '', @ui.error
+   end
+ 
++  def test_execute_add_redundant_source_trailing_slash
++    # Remove pre-existing gem source (w/ slash)
++    repo_with_slash = "http://gems.example.com/"
++    @cmd.handle_options %W[--remove #{repo_with_slash}]
++    use_ui @ui do
++      @cmd.execute
++    end
++    source = Gem::Source.new repo_with_slash
++    assert_equal false, Gem.sources.include?(source)
++
++    expected = <<-EOF
++#{repo_with_slash} removed from sources
++    EOF
++
++    assert_equal expected, @ui.output
++    assert_equal '', @ui.error
++
++    # Re-add pre-existing gem source (w/o slash)
++    repo_without_slash = "http://gems.example.com"
++    @cmd.handle_options %W[--add #{repo_without_slash}]
++    use_ui @ui do
++      @cmd.execute
++    end
++    source = Gem::Source.new repo_without_slash
++    assert_equal true, Gem.sources.include?(source)
++
++    expected = <<-EOF
++http://gems.example.com/ removed from sources
++http://gems.example.com added to sources
++    EOF
++
++    assert_equal expected, @ui.output
++    assert_equal '', @ui.error
++
++    # Re-add original gem source (w/ slash)
++    @cmd.handle_options %W[--add #{repo_with_slash}]
++    use_ui @ui do
++      @cmd.execute
++    end
++    source = Gem::Source.new repo_with_slash
++    assert_equal true, Gem.sources.include?(source)
++
++    expected = <<-EOF
++http://gems.example.com/ removed from sources
++http://gems.example.com added to sources
++source http://gems.example.com/ already present in the cache
++    EOF
++
++    assert_equal expected, @ui.output
++    assert_equal '', @ui.error 
++  end
++
+   def test_execute_add_http_rubygems_org
+     http_rubygems_org = 'http://rubygems.org'
+ 
+diff --git test/rubygems/test_gem_installer.rb test/rubygems/test_gem_installer.rb
+index 6ceb2c6dfc..882981d344 100644
+--- ruby-2.4.1/test/rubygems/test_gem_installer.rb
++++ ruby-2.4.1/test/rubygems/test_gem_installer.rb
+@@ -62,7 +62,12 @@ def test_app_script_text
+   end
+ end
+ 
++if Gem.respond_to?(:activate_bin_path)
+ load Gem.activate_bin_path('a', 'executable', version)
++else
++gem "a", version
++load Gem.bin_path("a", "executable", version)
++end
+     EOF
+ 
+     wrapper = @installer.app_script_text 'executable'
+diff --git test/rubygems/test_require.rb test/rubygems/test_require.rb
+index dd606e44d4..936f78fb2a 100644
+--- ruby-2.4.1/test/rubygems/test_require.rb
++++ ruby-2.4.1/test/rubygems/test_require.rb
+@@ -301,6 +301,17 @@ def test_default_gem_only
+     assert_equal %w(default-2.0.0.0), loaded_spec_names
+   end
+ 
++  def test_realworld_default_gem
++    skip "no default gems on ruby < 2.0" unless RUBY_VERSION >= "2"
++    cmd = <<-RUBY
++      $stderr = $stdout
++      require "json"
++      puts Gem.loaded_specs["json"].default_gem?
++    RUBY
++    output = Gem::Util.popen(Gem.ruby, "-e", cmd).strip
++    assert_equal "true", output
++  end
++
+   def test_default_gem_and_normal_gem
+     default_gem_spec = new_default_spec("default", "2.0.0.0",
+                                         nil, "default/gem.rb")

gnu/packages/patches/ruby-rubygems-2613-ruby24.patch

@@ -0,0 +1,355 @@
+diff --git lib/rubygems.rb lib/rubygems.rb
+index bc5bf9b4c2..55aa85b8b2 100644
+--- ruby-2.4.1/lib/rubygems.rb
++++ ruby-2.4.1/lib/rubygems.rb
+@@ -10,7 +10,7 @@
+ require 'thread'
+ 
+ module Gem
+-  VERSION = "2.6.12"
++  VERSION = "2.6.13"
+ end
+ 
+ # Must be first since it unloads the prelude from 1.9.2
+diff --git lib/rubygems/commands/query_command.rb lib/rubygems/commands/query_command.rb
+index 70f8127292..44144203e0 100644
+--- ruby-2.4.1/lib/rubygems/commands/query_command.rb
++++ ruby-2.4.1/lib/rubygems/commands/query_command.rb
+@@ -226,7 +226,7 @@ def output_versions output, versions
+         end
+       end
+ 
+-      output << make_entry(matching_tuples, platforms)
++      output << clean_text(make_entry(matching_tuples, platforms))
+     end
+   end
+ 
+@@ -353,7 +353,8 @@ def spec_platforms entry, platforms
+   end
+ 
+   def spec_summary entry, spec
+-    entry << "\n\n" << format_text(spec.summary, 68, 4)
++    summary = truncate_text(spec.summary, "the summary for #{spec.full_name}")
++    entry << "\n\n" << format_text(summary, 68, 4)
+   end
+ 
+ end
+diff --git lib/rubygems/installer.rb lib/rubygems/installer.rb
+index 967543c2d1..6fd3399dd4 100644
+--- ruby-2.4.1/lib/rubygems/installer.rb
++++ ruby-2.4.1/lib/rubygems/installer.rb
+@@ -697,6 +697,11 @@ def verify_gem_home(unpack = false) # :nodoc:
+       unpack or File.writable?(gem_home)
+   end
+ 
++  def verify_spec_name
++    return if spec.name =~ Gem::Specification::VALID_NAME_PATTERN
++    raise Gem::InstallError, "#{spec} has an invalid name"
++  end
++
+   ##
+   # Return the text for an application file.
+ 
+@@ -823,6 +828,8 @@ def pre_install_checks
+ 
+     ensure_loadable_spec
+ 
++    verify_spec_name
++
+     if options[:install_as_default]
+       Gem.ensure_default_gem_subdirectories gem_home
+     else
+diff --git lib/rubygems/remote_fetcher.rb lib/rubygems/remote_fetcher.rb
+index e6a13d4b8c..8f0cf0b402 100644
+--- ruby-2.4.1/lib/rubygems/remote_fetcher.rb
++++ ruby-2.4.1/lib/rubygems/remote_fetcher.rb
+@@ -110,7 +110,7 @@ def api_endpoint(uri)
+     else
+       target = res.target.to_s.strip
+ 
+-      if /\.#{Regexp.quote(host)}\z/ =~ target
++      if URI("http://" + target).host.end_with?(".#{host}")
+         return URI.parse "#{uri.scheme}://#{target}#{uri.path}"
+       end
+ 
+diff --git lib/rubygems/specification.rb lib/rubygems/specification.rb
+index 500f0af768..88e320c05a 100644
+--- ruby-2.4.1/lib/rubygems/specification.rb
++++ ruby-2.4.1/lib/rubygems/specification.rb
+@@ -108,6 +108,8 @@ class Gem::Specification < Gem::BasicSpecification
+ 
+   private_constant :LOAD_CACHE if defined? private_constant
+ 
++  VALID_NAME_PATTERN = /\A[a-zA-Z0-9\.\-\_]+\z/ # :nodoc:
++
+   # :startdoc:
+ 
+   ##
+@@ -2671,9 +2673,15 @@ def validate packaging = true
+       end
+     end
+ 
+-    unless String === name then
++    if !name.is_a?(String) then
+       raise Gem::InvalidSpecificationException,
+-            "invalid value for attribute name: \"#{name.inspect}\""
++            "invalid value for attribute name: \"#{name.inspect}\" must be a string"
++    elsif name !~ /[a-zA-Z]/ then
++      raise Gem::InvalidSpecificationException,
++            "invalid value for attribute name: #{name.dump} must include at least one letter"
++    elsif name !~ VALID_NAME_PATTERN then
++      raise Gem::InvalidSpecificationException,
++            "invalid value for attribute name: #{name.dump} can only include letters, numbers, dashes, and underscores"
+     end
+ 
+     if raw_require_paths.empty? then
+diff --git lib/rubygems/text.rb lib/rubygems/text.rb
+index 732f1b99f2..b944b62c27 100644
+--- ruby-2.4.1/lib/rubygems/text.rb
++++ ruby-2.4.1/lib/rubygems/text.rb
+@@ -6,13 +6,26 @@
+ 
+ module Gem::Text
+ 
++  ##
++  # Remove any non-printable characters and make the text suitable for
++  # printing.
++  def clean_text(text)
++    text.gsub(/[\000-\b\v-\f\016-\037\177]/, ".".freeze)
++  end
++
++  def truncate_text(text, description, max_length = 100_000)
++    raise ArgumentError, "max_length must be positive" unless max_length > 0
++    return text if text.size <= max_length
++    "Truncating #{description} to #{max_length.to_s.reverse.gsub(/...(?=.)/,'\&,').reverse} characters:\n" + text[0, max_length]
++  end
++
+   ##
+   # Wraps +text+ to +wrap+ characters and optionally indents by +indent+
+   # characters
+ 
+   def format_text(text, wrap, indent=0)
+     result = []
+-    work = text.dup
++    work = clean_text(text)
+ 
+     while work.length > wrap do
+       if work =~ /^(.{0,#{wrap}})[ \n]/ then
+diff --git test/rubygems/test_gem_commands_query_command.rb test/rubygems/test_gem_commands_query_command.rb
+index d8d682b136..469223c6c0 100644
+--- ruby-2.4.1/test/rubygems/test_gem_commands_query_command.rb
++++ ruby-2.4.1/test/rubygems/test_gem_commands_query_command.rb
+@@ -116,6 +116,86 @@ def test_execute_details
+     This is a lot of text. This is a lot of text. This is a lot of text.
+     This is a lot of text.
+ 
++pl (1)
++    Platform: i386-linux
++    Author: A User
++    Homepage: http://example.com
++
++    this is a summary
++    EOF
++
++    assert_equal expected, @ui.output
++    assert_equal '', @ui.error
++  end
++
++  def test_execute_details_cleans_text
++    spec_fetcher do |fetcher|
++      fetcher.spec 'a', 2 do |s|
++        s.summary = 'This is a lot of text. ' * 4
++        s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"]
++        s.homepage = "http://a.example.com/\x03"
++      end
++
++      fetcher.legacy_platform
++    end
++
++    @cmd.handle_options %w[-r -d]
++
++    use_ui @ui do
++      @cmd.execute
++    end
++
++    expected = <<-EOF
++
++*** REMOTE GEMS ***
++
++a (2)
++    Authors: Abraham Lincoln ., . Hirohito
++    Homepage: http://a.example.com/.
++
++    This is a lot of text. This is a lot of text. This is a lot of text.
++    This is a lot of text.
++
++pl (1)
++    Platform: i386-linux
++    Author: A User
++    Homepage: http://example.com
++
++    this is a summary
++    EOF
++
++    assert_equal expected, @ui.output
++    assert_equal '', @ui.error
++  end
++
++  def test_execute_details_truncates_summary
++    spec_fetcher do |fetcher|
++      fetcher.spec 'a', 2 do |s|
++        s.summary = 'This is a lot of text. ' * 10_000
++        s.authors = ["Abraham Lincoln \x01", "\x02 Hirohito"]
++        s.homepage = "http://a.example.com/\x03"
++      end
++
++      fetcher.legacy_platform
++    end
++
++    @cmd.handle_options %w[-r -d]
++
++    use_ui @ui do
++      @cmd.execute
++    end
++
++    expected = <<-EOF
++
++*** REMOTE GEMS ***
++
++a (2)
++    Authors: Abraham Lincoln ., . Hirohito
++    Homepage: http://a.example.com/.
++
++    Truncating the summary for a-2 to 100,000 characters:
++#{"    This is a lot of text. This is a lot of text. This is a lot of text.\n" * 1449}    This is a lot of te
++
+ pl (1)
+     Platform: i386-linux
+     Author: A User
+diff --git test/rubygems/test_gem_installer.rb test/rubygems/test_gem_installer.rb
+index 882981d344..dd049214fb 100644
+--- ruby-2.4.1/test/rubygems/test_gem_installer.rb
++++ ruby-2.4.1/test/rubygems/test_gem_installer.rb
+@@ -1448,6 +1448,26 @@ def test_pre_install_checks_wrong_rubygems_version
+     end
+   end
+ 
++  def test_pre_install_checks_malicious_name
++    spec = util_spec '../malicious', '1'
++    def spec.full_name # so the spec is buildable
++      "malicious-1"
++    end
++    def spec.validate; end
++
++    util_build_gem spec
++
++    gem = File.join(@gemhome, 'cache', spec.file_name)
++
++    use_ui @ui do
++      @installer = Gem::Installer.at gem
++      e = assert_raises Gem::InstallError do
++        @installer.pre_install_checks
++      end
++      assert_equal '#<Gem::Specification name=../malicious version=1> has an invalid name', e.message
++    end
++  end
++
+   def test_shebang
+     util_make_exec @spec, "#!/usr/bin/ruby"
+ 
+diff --git test/rubygems/test_gem_remote_fetcher.rb test/rubygems/test_gem_remote_fetcher.rb
+index cb994462cd..fbb7d89019 100644
+--- ruby-2.4.1/test/rubygems/test_gem_remote_fetcher.rb
++++ ruby-2.4.1/test/rubygems/test_gem_remote_fetcher.rb
+@@ -241,6 +241,21 @@ def test_api_endpoint_ignores_trans_domain_values_that_end_with_original
+     dns.verify
+   end
+ 
++  def test_api_endpoint_ignores_trans_domain_values_that_end_with_original_in_path
++    uri = URI.parse "http://example.com/foo"
++    target = MiniTest::Mock.new
++    target.expect :target, "evil.com/a.example.com"
++
++    dns = MiniTest::Mock.new
++    dns.expect :getresource, target, [String, Object]
++
++    fetch = Gem::RemoteFetcher.new nil, dns
++    assert_equal URI.parse("http://example.com/foo"), fetch.api_endpoint(uri)
++
++    target.verify
++    dns.verify
++  end
++
+   def test_api_endpoint_timeout_warning
+     uri = URI.parse "http://gems.example.com/foo"
+ 
+diff --git test/rubygems/test_gem_specification.rb test/rubygems/test_gem_specification.rb
+index d43289d745..0fcc11e78f 100644
+--- ruby-2.4.1/test/rubygems/test_gem_specification.rb
++++ ruby-2.4.1/test/rubygems/test_gem_specification.rb
+@@ -2985,7 +2985,37 @@ def test_validate_name
+       @a1.validate
+     end
+ 
+-    assert_equal 'invalid value for attribute name: ":json"', e.message
++    assert_equal 'invalid value for attribute name: ":json" must be a string', e.message
++
++    @a1.name = []
++    e = assert_raises Gem::InvalidSpecificationException do
++      @a1.validate
++    end
++    assert_equal "invalid value for attribute name: \"[]\" must be a string", e.message
++
++    @a1.name = ""
++    e = assert_raises Gem::InvalidSpecificationException do
++      @a1.validate
++    end
++    assert_equal "invalid value for attribute name: \"\" must include at least one letter", e.message
++
++    @a1.name = "12345"
++    e = assert_raises Gem::InvalidSpecificationException do
++      @a1.validate
++    end
++    assert_equal "invalid value for attribute name: \"12345\" must include at least one letter", e.message
++
++    @a1.name = "../malicious"
++    e = assert_raises Gem::InvalidSpecificationException do
++      @a1.validate
++    end
++    assert_equal "invalid value for attribute name: \"../malicious\" can only include letters, numbers, dashes, and underscores", e.message
++
++    @a1.name = "\ba\t"
++    e = assert_raises Gem::InvalidSpecificationException do
++      @a1.validate
++    end
++    assert_equal "invalid value for attribute name: \"\\ba\\t\" can only include letters, numbers, dashes, and underscores", e.message
+   end
+ 
+   def test_validate_non_nil
+diff --git test/rubygems/test_gem_text.rb test/rubygems/test_gem_text.rb
+index a6e22e04da..04f3f605e8 100644
+--- ruby-2.4.1/test/rubygems/test_gem_text.rb
++++ ruby-2.4.1/test/rubygems/test_gem_text.rb
+@@ -36,6 +36,10 @@ def test_format_text_trailing # for two spaces after .
+     assert_equal expected, format_text(text, 78)
+   end
+ 
++  def test_format_removes_nonprintable_characters
++    assert_equal "text with weird .. stuff .", format_text("text with weird \x1b\x02 stuff \x7f", 40)
++  end
++
+   def test_min3
+     assert_equal 1, min3(1, 1, 1)
+     assert_equal 1, min3(1, 1, 2)
+@@ -74,4 +78,11 @@ def test_levenshtein_distance_replace
+     assert_equal 7, levenshtein_distance("xxxxxxx", "ZenTest")
+     assert_equal 7, levenshtein_distance("zentest", "xxxxxxx")
+   end
++
++  def test_truncate_text
++    assert_equal "abc", truncate_text("abc", "desc")
++    assert_equal "Truncating desc to 2 characters:\nab", truncate_text("abc", "desc", 2)
++    s = "ab" * 500_001
++    assert_equal "Truncating desc to 1,000,000 characters:\n#{s[0, 1_000_000]}", truncate_text(s, "desc", 1_000_000)
++  end
+ end

gnu/packages/patches/wmfire-update-for-new-gdk-versions.patch

@@ -1,4 +1,4 @@
-This patch comes from Debian and was modified by Kei Kebreau <kei@openmailbox.org>.
+This patch comes from Debian and was modified by Kei Kebreau <kkebreau@posteo.net>.
 Link: https://anonscm.debian.org/cgit/pkg-wmaker/wmfire.git/plain/debian/patches/gdk_updates.patch?h=debian/1.2.4-2&id=a272234fc5eecdbfc469adb12133196bc62f3059
 
 Description: Update for newer versions of GDK.

gnu/packages/patches/wxwidgets-fix-windowGTK.patch

@@ -1,18 +0,0 @@
-This patch allow Filezilla client to resize window.
-The patch was adapted from upstream source repository:
-'<http://trac.wxwidgets.org/changeset/4793e5b0a4e189e492287305859b278fed780080/git-wxWidgets>'
-
---- a/src/gtk/toplevel.cpp	2014-10-06 16:33:44.000000000 -0500
-+++ b/src/gtk/toplevel.cpp	2017-02-16 21:33:27.779907810 -0600
-@@ -1216,8 +1216,9 @@
-     int hints_mask = GDK_HINT_MIN_SIZE | GDK_HINT_MAX_SIZE;
-     hints.min_width = 1;
-     hints.min_height = 1;
--    hints.max_width = INT_MAX;
--    hints.max_height = INT_MAX;
-+    // using INT_MAX for size will lead to integer overflow with HiDPI scaling
-+    hints.max_width = INT_MAX / 16;
-+    hints.max_height = INT_MAX / 16;    
-     const int decorSize_x = m_decorSize.left + m_decorSize.right;
-     const int decorSize_y = m_decorSize.top + m_decorSize.bottom;
-     if (minSize.x > decorSize_x)

gnu/packages/perl.scm

@@ -1295,7 +1295,7 @@ and writing of @code{.ini}-style configuration files.")
     (source
      (origin
        (method url-fetch)
-       (uri (string-append "mirror://cpan/authors/id/J/JR/JROCKWAY/"
+       (uri (string-append "mirror://cpan/authors/id/E/ET/ETHER/"
                            "Context-Preserve-" version ".tar.gz"))
        (sha256
         (base32
@@ -3514,7 +3514,7 @@ that may contain multiple values per key, inspired by MultiDict of WebOb.")
 consume exports.  It is feature-compatible with Exporter, plus some much needed
 extras.  You can use this to import symbols from any exporter that follows
 Exporters specification.  The exporter modules themselves do not need to use or
-inherit from the Exporter module, they just need to set @EXPORT and/or other
+inherit from the Exporter module, they just need to set @@EXPORT and/or other
 variables.")
     (license (package-license perl))))
 
@@ -8165,6 +8165,16 @@ common serialisation formats such as JSON or CBOR.")
         (base32
          "1lq4p3mqqljhhy8wyiyahris33j4m5qfzpi6iacmcqjzw5g4afbm"))))
     (build-system perl-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-before 'configure 'set-perl-search-path
+           (lambda _
+             ;; Work around "dotless @INC" build failure.
+             (setenv "PERL5LIB"
+                     (string-append (getcwd) ":"
+                                    (getenv "PERL5LIB")))
+             #t)))))
     (propagated-inputs
      `(("perl-unicode-normalize" ,perl-unicode-normalize)))
     (home-page "http://search.cpan.org/dist/Unicode-Collate")

gnu/packages/php.scm

@@ -49,21 +49,10 @@
   #:use-module (guix build-system gnu)
   #:use-module ((guix licenses) #:prefix license:))
 
-(define gd-for-php
-  (package
-    (inherit gd)
-    (source (origin
-             (inherit (package-source gd))
-             (patches 
-               (append
-                 (origin-patches (package-source gd))
-                 (search-patches "gd-CVE-2017-7890.patch")))))))
-
-
 (define-public php
   (package
     (name "php")
-    (version "7.1.8")
+    (version "7.1.9")
     (home-page "https://secure.php.net/")
     (source (origin
               (method url-fetch)
@@ -71,7 +60,7 @@
                                   name "-" version ".tar.xz"))
               (sha256
                (base32
-                "1aramb6dm57pr2iz61id9vzfy7h5qkb6bf7dxhrwnjk0723qahw9"))
+                "130y50nawipd12nbs10661vzk8gvy7zsqcsxvj29mwaivm4a777c"))
               (modules '((guix build utils)))
               (snippet
                '(with-directory-excursion "ext"
@@ -293,7 +282,7 @@
        ("curl" ,curl)
        ("cyrus-sasl" ,cyrus-sasl)
        ("freetype" ,freetype)
-       ("gd" ,gd-for-php)
+       ("gd" ,gd-2.2.5)
        ("gdbm" ,gdbm)
        ("glibc" ,glibc)
        ("gmp" ,gmp)

gnu/packages/python.scm

@@ -41,7 +41,7 @@
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
 ;;; Copyright © 2017 José Miguel Sánchez García <jmi2k@openmailbox.org>
 ;;; Copyright © 2017 Roel Janssen <roel@gnu.org>
-;;; Copyright © 2017 Kei Kebreau <kei@openmailbox.org>
+;;; Copyright © 2017 Kei Kebreau <kkebreau@posteo.net>
 ;;; Copyright © 2017 Rutger Helling <rhelling@mykolab.com>
 ;;; Copyright © 2017 Muriithi Frederick Muriuki <fredmanglis@gmail.com>
 ;;;
@@ -68,6 +68,7 @@
   #:use-module (gnu packages attr)
   #:use-module (gnu packages backup)
   #:use-module (gnu packages bash)
+  #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
   #:use-module (gnu packages crypto)
   #:use-module (gnu packages databases)
@@ -2835,17 +2836,23 @@ somewhat intelligeble.")
 (define-public python-pyjwt
   (package
     (name "python-pyjwt")
-    (version "1.4.0")
+    (version "1.5.2")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "PyJWT" version))
        (sha256
         (base32
-         "1556v2jppd8mjkkj66pxb5rcazm35jq81r233mdl8hfmz9n3icp1"))))
+         "0pvr3iymab7v2qz74ann760z7qahqgqszxz5iqqbaqv4z2zz0y8i"))
+       (modules '((guix build utils)))
+       (snippet
+        '(begin
+           (for-each delete-file-recursively
+                     (find-files "." "\\.pyc$"))
+           #t))))
     (build-system python-build-system)
     (native-inputs
-     `(("python-pytest" ,python-pytest)
+     `(("python-pytest" ,python-pytest-3.0)
        ("python-pytest-cov" ,python-pytest-cov)
        ("python-pytest-runner" ,python-pytest-runner)))
     (home-page "https://github.com/progrium/pyjwt")
@@ -3030,15 +3037,27 @@ for Python.")
 (define-public python-jinja2
   (package
     (name "python-jinja2")
-    (version "2.8")
+    (version "2.9.6")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "Jinja2" version))
        (sha256
         (base32
-         "1x0v41lp5m1pjix3l46zx02b7lqp2hflgpnxwkywxynvi3zz47xw"))))
+         "1zzrkywhziqffrzks14kzixz7nd4yh2vc0fb04a68vfd2ai03anx"))))
     (build-system python-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         ;; These files cannot be built with Python < 3.6.  See
+         ;; https://github.com/pallets/jinja/issues/655
+         ;; FIXME: Remove this when the "python" package is upgraded.
+         (add-after 'unpack 'delete-incompatible-files
+           (lambda _
+             (for-each delete-file
+                       '("jinja2/asyncsupport.py"
+                         "jinja2/asyncfilters.py"))
+             #t)))))
     (propagated-inputs
      `(("python-markupsafe" ,python-markupsafe)))
     (home-page "http://jinja.pocoo.org/")
@@ -3762,6 +3781,71 @@ objects.")
 (define-public python2-munch
   (package-with-python2 python-munch))
 
+(define-public python-colormath
+  (package
+    (name "python-colormath")
+    (version "2.1.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "colormath" version))
+       (sha256
+        (base32
+         "01wp5xwm0a89wdm1dc9rr1ij90idzdiiipxdj1yslhqzkhnjnfh0"))))
+    (build-system python-build-system)
+    (propagated-inputs
+     `(("python-networkx" ,python-networkx)
+       ("python-numpy" ,python-numpy)))
+    (home-page "https://github.com/gtaylor/python-colormath")
+    (synopsis "Color math and conversion library")
+    (description
+     "This is a Python library for color math and conversions.")
+    (license license:bsd-3)))
+
+(define-public python2-colormath
+  (package-with-python2 python-colormath))
+
+(define-public python-spectra
+  (package
+    (name "python-spectra")
+    (version "0.0.8")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "spectra" version))
+       (sha256
+        (base32
+         "0n87kzhpkml2s2q91rdkl8wz2kkv5b0bkrgww45lxa5vq34qh6w5"))))
+    (build-system python-build-system)
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (replace 'check
+           (lambda _
+             (zero? (system* "nosetests" "-v")))))))
+    (propagated-inputs
+     `(("python-colormath" ,python-colormath)))
+    (native-inputs
+     `(("python-nose" ,python-nose)))
+    (home-page "http://github.com/jsvine/spectra")
+    (synopsis "Color scales and color conversion")
+    (description
+     "This package provides a Python library intended to make color math,
+color scales, and color space conversion easy.  It has support for:
+
+@enumerate
+@item Color scales
+@item Color ranges
+@item Color blending
+@item Brightening/darkening colors
+@item Saturating/desaturating colors
+@item Conversion to/from multiple color spaces.
+@end enumerate\n")
+    (license license:expat)))
+
+(define-public python2-spectra
+  (package-with-python2 python-spectra))
+
 (define-public python2-fastlmm
   (package
     (name "python2-fastlmm")
@@ -4313,33 +4397,56 @@ operators such as union, intersection, and difference.")
 (define-public python-rpy2
   (package
     (name "python-rpy2")
-    (version "2.7.6")
+    (version "2.9.0")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "rpy2" version))
        (sha256
         (base32
-         "0nhan2qvrw7b7gg5zddwa22kybdv3x1g26vkd7q8lvnkgzrs4dga"))))
+         "0bqihjrdqwj5r1h86shvfb1p5hfr4a6klv1v54bzfr9r144w3rni"))))
     (build-system python-build-system)
     (arguments
-     '(#:phases
+     '(#:modules ((ice-9 ftw)
+                  (srfi srfi-1)
+                  (srfi srfi-26)
+                  (guix build utils)
+                  (guix build python-build-system))
+       #:phases
        (modify-phases %standard-phases
-         (delete 'check)
+         ;; Without this phase the test loader cannot find the directories, in
-         (add-after 'install 'check
+         ;; which it is supposed to look for test files.
+         (add-after 'unpack 'fix-tests
+           (lambda* (#:key outputs #:allow-other-keys)
+             (substitute* "rpy/tests.py"
+               (("loader.discover\\(")
+                "loader.discover(rpy_root + '/' +"))
+             #t))
+         (replace 'check
            (lambda* (#:key outputs inputs #:allow-other-keys)
-             ;; It's easier to run tests after install.
+             (let ((cwd (getcwd)))
-             ;; Make installed package available for running the tests
+               (setenv "PYTHONPATH"
-             (add-installed-pythonpath inputs outputs)
+                       (string-append cwd "/build/"
+                                      (find (cut string-prefix? "lib" <>)
+                                            (scandir (string-append cwd "/build")))
+                                      ":"
+                                      (getenv "PYTHONPATH"))))
              (zero? (system* "python" "-m" "rpy2.tests" "-v")))))))
     (propagated-inputs
-     `(("python-six" ,python-six)))
+     `(("python-six" ,python-six)
+       ("python-jinja2" ,python-jinja2)
+       ("python-pytz" ,python-pytz)))
     (inputs
      `(("readline" ,readline)
        ("icu4c" ,icu4c)
        ("pcre" ,pcre)
        ("r-minimal" ,r-minimal)
-       ("r-survival" ,r-survival)))
+       ("r-survival" ,r-survival)
+       ("r-ggplot2" ,r-ggplot2)
+       ("r-rsqlite" ,r-rsqlite)
+       ("r-dplyr" ,r-dplyr)
+       ("r-dbplyr" ,r-dbplyr)
+       ("python-numpy" ,python-numpy)))
     (native-inputs
      `(("zlib" ,zlib)))
     (home-page "http://rpy.sourceforge.net/")
@@ -4348,14 +4455,10 @@ operators such as union, intersection, and difference.")
 low-level interface to R from Python, a proposed high-level interface,
 including wrappers to graphical libraries, as well as R-like structures and
 functions.")
-    (license license:gpl3+)))
+    ;; Any of these licenses can be picked for the R interface.  The whole
-
+    ;; project is released under GPLv2+ according to the license declaration
-(define-public python2-rpy2
+    ;; in "setup.py".
-  (let ((rpy2 (package-with-python2 python-rpy2)))
+    (license (list license:mpl2.0 license:gpl2+ license:lgpl2.1+))))
-    (package (inherit rpy2)
-      (propagated-inputs
-       `(("python2-singledispatch" ,python2-singledispatch)
-         ,@(package-propagated-inputs rpy2))))))
 
 (define-public python-scipy
   (package
@@ -9095,16 +9198,13 @@ with python-requests.")
 (define-public python-click-threading
   (package
     (name "python-click-threading")
-    (version "0.2.0")
+    (version "0.4.3")
     (source (origin
              (method url-fetch)
-             (uri (string-append
+             (uri (pypi-uri "click-threading" version))
-                    "https://pypi.python.org/packages/"
-                    "fe/b7/e7f609d18a2a351cb71616adcf54df1acd82f83cb9b5936935a4d20e2c23/"
-                    "click-threading-" version ".tar.gz"))
              (sha256
               (base32
-               "18bcqikxwb3drb8rf60cclxkxw52521b38ax3byah6j8cn8y9p4j"))))
+               "0xs4bg2ws0zgyiplk312l049hi23c2zqf1g771rjhh5vr2msk4cg"))))
     (build-system python-build-system)
     (propagated-inputs
      `(("python-click" ,python-click)))
@@ -9117,13 +9217,13 @@ applications.")
 (define-public python-click-log
   (package
     (name "python-click-log")
-    (version "0.1.8")
+    (version "0.2.0")
     (source (origin
              (method url-fetch)
              (uri (pypi-uri "click-log" version))
              (sha256
               (base32
-               "14ikfjfgnzf21mjniq9lfk2igzykgzfvwwrk85nw2b9fq44109sp"))))
+               "1bjrfxji1yv4fj0g78ri2yfgn2wbivn8g69fxfinxvxpmighhshp"))))
     (build-system python-build-system)
     (propagated-inputs
      `(("python-click" ,python-click)))
@@ -9328,13 +9428,13 @@ processes across test runs.")
 (define-public python-icalendar
   (package
     (name "python-icalendar")
-    (version "3.11.6")
+    (version "3.11.7")
     (source (origin
              (method url-fetch)
              (uri (pypi-uri "icalendar" version))
              (sha256
               (base32
-               "1ny9mbm9zgghl612b8wc4ap52bz3kgl486d7f307gxjmlqgz3i64"))))
+               "0ahf1i98wjizhld2qd7v2vmvzsmdw08mmins82bf3fpbnp2sxbgc"))))
     (build-system python-build-system)
     (propagated-inputs
      `(("python-dateutil" ,python-dateutil)
@@ -13376,7 +13476,7 @@ PNG, JPEG, JPEG2000 and GIF files in pure Python.")
      (origin
        (method git-fetch)
        (uri (git-reference
-             (url "git://github.com/tgalal/python-axolotl-curve25519")
+             (url "https://github.com/tgalal/python-axolotl-curve25519")
              (commit "e4a9c4de0eae27223200579c58d1f8f6d20637e2")))
        (file-name (string-append name "-" version "-checkout"))
        (sha256
@@ -13991,7 +14091,22 @@ parse many formal languages.")
          "1i9gik0xrj6jmi95s5w988jl1y265baz5xm5pbqdyvsh8h9ln6yq"))))
     (build-system python-build-system)
     (arguments
-     `(#:python ,python-2))
+     `(#:python ,python-2
+       #:phases
+       (modify-phases %standard-phases
+         ;; check phase needs to be run before the build phase. If not,
+         ;; coverage-test-runner looks for tests for the built source files,
+         ;; and fails.
+         (delete 'check)
+         (add-before 'build 'check
+           (lambda _
+             ;; Disable python3 tests
+             (substitute* "check"
+               (("python3") "# python3"))
+             (zero? (system* "./check")))))))
+    (native-inputs
+     `(("python2-coverage-test-runner" ,python2-coverage-test-runner)
+       ("python2-pep8" ,python2-pep8)))
     (propagated-inputs
      `(("python2-pyaml" ,python2-pyaml)))
     (home-page "https://liw.fi/cliapp/")
@@ -14016,8 +14131,20 @@ iterating over input files.")
         (base32
          "0vivqbw7ddhsq1zj3g9cvvv4f0phl0pis2smsnwcr2szz2fk3hl6"))))
     (build-system python-build-system)
+    (native-inputs
+     `(("python2-coverage-test-runner" ,python2-coverage-test-runner)
+       ("python2-pep8" ,python2-pep8)))
     (arguments
-     `(#:python ,python-2))
+     `(#:python ,python-2
+       #:phases
+       (modify-phases %standard-phases
+         ;; check phase needs to be run before the build phase. If not,
+         ;; coverage-test-runner looks for tests for the built source files,
+         ;; and fails.
+         (delete 'check)
+         (add-before 'build 'check
+           (lambda _
+             (zero? (system* "make" "check")))))))
     (home-page "https://liw.fi/ttystatus/")
     (synopsis "Python library for showing progress reporting and
 status updates on terminals")
@@ -14064,12 +14191,26 @@ happens using the @code{logging} library.")
        (uri (string-append
              "http://git.liw.fi/cgi-bin/cgit/cgit.cgi/larch/snapshot/larch-"
              version ".tar.gz"))
+       (patches (search-patches
+                 "python2-larch-coverage-4.0a6-compatibility.patch"))
        (sha256
         (base32
          "1p4knkkavlqymgciz2wbcnfrdgdbafhg14maplnk4vbw0q8xs663"))))
     (build-system python-build-system)
     (arguments
-     `(#:python ,python-2))
+     `(#:python ,python-2
+       #:phases
+       (modify-phases %standard-phases
+         ;; check phase needs to be run before the build phase. If not,
+         ;; coverage-test-runner looks for tests for the built source files,
+         ;; and fails.
+         (delete 'check)
+         (add-before 'build 'check
+           (lambda _
+             (zero? (system* "make" "check")))))))
+    (native-inputs
+     `(("cmdtest" ,cmdtest)
+       ("python2-coverage-test-runner" ,python2-coverage-test-runner)))
     (propagated-inputs
      `(("python2-tracing" ,python2-tracing)))
     (home-page "https://liw.fi/larch/")
@@ -15916,6 +16057,51 @@ pure Python module.")
 (define-public python2-rencode
   (package-with-python2 python-rencode))
 
+(define-public python-xenon
+  (package
+    (name "python-xenon")
+    (version "0.5.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "xenon" version))
+       (sha256
+        (base32
+         "14kby2y48vp3sgwxqlm5d5789yibqwb1qli5fwcmdqg3iayrbklc"))))
+    (build-system python-build-system)
+    (native-inputs
+     `(("python-pyyaml" ,python-pyyaml)
+       ("python-radon" ,python-radon)
+       ("python-requests" ,python-requests)
+       ("python-flake8" ,python-flake8)
+       ("python-tox" ,python-tox)))
+    (arguments
+     `(#:phases
+       (modify-phases %standard-phases
+         (add-before 'build 'patch-test-requirements
+           (lambda* (#:key inputs #:allow-other-keys)
+             ;; Update requirements from dependency==version to
+             ;; dependency>=version.
+             (substitute* "requirements.txt"
+               (("==") ">=")
+               ((",<1.5.0") ""))
+             ;; Remove httpretty dependency for tests.
+             (substitute* "setup.py"
+               (("httpretty") ""))
+             #t)))))
+    (home-page "https://xenon.readthedocs.org/")
+    (synopsis "Monitor code metrics for Python on your CI server")
+    (description
+     "Xenon is a monitoring tool based on Radon.  It monitors code complexity.
+Ideally, @code{xenon} is run every time code is committed.  Through command
+line options, various thresholds can be set for the complexity of code.  It
+will fail (i.e.  it will exit with a non-zero exit code) when any of these
+requirements is not met.")
+    (license license:expat)))
+
+(define-public python2-xenon
+  (package-with-python2 python-xenon))
+
 (define-public python-flask-principal
   (package
     (name "python-flask-principal")
@@ -15965,3 +16151,47 @@ authentication for Flask routes.")
 
 (define-public python2-flask-httpauth
   (package-with-python2 python-flask-httpauth))
+
+(define-public python-pysocks
+  (package
+    (name "python-pysocks")
+    (version "1.6.7")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "PySocks" version))
+       (sha256
+        (base32
+         "1krkiss578zqwcg4c8iqz1hwscwhsvy2djp3xyvps5gsgvr2j0yh"))))
+    (build-system python-build-system)
+    (arguments `(#:tests? #f))
+    (home-page "https://github.com/Anorov/PySocks")
+    (synopsis "SOCKS client module")
+    (description "@code{pysocks} is an updated and semi-actively maintained
+version of @code{SocksiPy} with bug fixes and extra features.")
+    (license license:bsd-3)))
+
+(define-public python2-pysocks
+  (package-with-python2 python-pysocks))
+
+(define-public python-pyaes
+  (package
+    (name "python-pyaes")
+    (version "1.6.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (pypi-uri "pyaes" version))
+       (sha256
+        (base32
+         "0bp9bjqy1n6ij1zb86wz9lqa1dhla8qr1d7w2kxyn7jbj56sbmcw"))))
+    (build-system python-build-system)
+    (home-page "https://github.com/ricmoo/pyaes")
+    (synopsis "Implementation of AES in Python")
+    (description "This package contains a pure-Python implementation of the
+AES block cipher algorithm and the common modes of operation (CBC, CFB, CTR,
+ECB and OFB).")
+    (license license:expat)))
+
+(define-public python2-pyaes
+  (package-with-python2 python-pyaes))

gnu/packages/ruby.scm

@@ -121,7 +121,10 @@ a focus on simplicity and productivity.")
        (snippet `(begin
                    ;; Remove bundled libffi
                    (delete-file-recursively "ext/fiddle/libffi-3.2.1")
-                   #t))))))
+                   #t))
+       (patches
+        (search-patches "ruby-rubygems-2612-ruby24.patch"
+                        "ruby-rubygems-2613-ruby24.patch"))))))
 
 (define-public ruby-2.3
   (package
@@ -137,6 +140,7 @@ a focus on simplicity and productivity.")
         (base32
          "132p5kc1sx97svbx04g40pz5pr7p8f6jlmnq5r2prlcz5q1xj71l"))
        (modules '((guix build utils)))
+       (patches (search-patches "ruby-2.3.4-rubygems-2613-ruby23.patch"))
        (snippet `(begin
                    ;; Remove bundled libffi
                    (delete-file-recursively "ext/fiddle/libffi-3.2.1")
@@ -151,6 +155,7 @@ a focus on simplicity and productivity.")
        (uri (string-append "http://cache.ruby-lang.org/pub/ruby/"
                            (version-major+minor version)
                            "/ruby-" version ".tar.xz"))
+       (patches (search-patches "ruby-2.2.7-rubygems-2613-ruby22.patch"))
        (sha256
         (base32
          "0lyb7gnbbhs3a3v9grsjgbaixm20wxz6x3h0czyrxnj3cpp8lk13"))))))

gnu/packages/screen.scm

@@ -5,6 +5,7 @@
 ;;; Copyright © 2016, 2017 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@gmail.com>
+;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -85,7 +86,8 @@ view to show two terminals at once.")
          (replace 'install
            (lambda* (#:key outputs #:allow-other-keys)
              (let ((out (assoc-ref outputs "out")))
-               (install-file "dtach" (string-append out "/bin"))))))
+               (install-file "dtach" (string-append out "/bin"))
+               (install-file "dtach.1" (string-append out "/share/man/man1"))))))
        ;; No check target.
        #:tests? #f))
     (home-page "http://dtach.sourceforge.net/")

gnu/packages/search.scm

@@ -264,15 +264,17 @@ conflict with slocate compatibility.")
     ;; building: xpdf, catdoc, MP3::Tag, Spreadsheet::ParseExcel,
     ;; HTML::Entities.
     (inputs
-     `(("libxml" ,libxml2)
+     `(("perl" ,perl)
-       ("zlib" ,zlib)
-       ("perl" ,perl)
        ("perl-uri" ,perl-uri)
        ("perl-html-parser" ,perl-html-parser)
        ("perl-html-tagset" ,perl-html-tagset)
        ("perl-mime-types" ,perl-mime-types)))
     (arguments
-     `(#:phases (modify-phases %standard-phases
+     `(;; XXX: This fails to build with zlib (API mismatch) and tests fail
+       ;; with libxml2, so disable both.
+       #:configure-flags (list (string-append "--without-zlib")
+                               (string-append "--without-libxml2"))
+       #:phases (modify-phases %standard-phases
                   (add-after 'install 'wrap-programs
                     (lambda* (#:key inputs outputs #:allow-other-keys)
                       (let* ((out (assoc-ref outputs "out")))

gnu/packages/serialization.scm

@@ -263,7 +263,7 @@ that implements both the msgpack and msgpack-rpc specifications.")
 (define-public jsoncpp
   (package
     (name "jsoncpp")
-    (version "1.8.0")
+    (version "1.8.2")
     (source (origin
               (method url-fetch)
               (uri (string-append
@@ -272,7 +272,7 @@ that implements both the msgpack and msgpack-rpc specifications.")
               (file-name (string-append name "-" version ".tar.gz"))
               (sha256
                (base32
-                "1g35ci93s03wph4kabi46iz42wgyfbn2763cklf15h7hrdi29ssx"))))
+                "1vwf0yrv5540ygfnxikirbs63awsdzn7dabkia3g0bnz43p5l7w1"))))
     (build-system cmake-build-system)
     (home-page "https://github.com/open-source-parsers/jsoncpp")
     (arguments
@@ -359,14 +359,14 @@ However, “Memory efficiency” and “Speed” have not been primary goals.")
 (define-public python-ruamel.yaml
   (package
     (name "python-ruamel.yaml")
-    (version "0.15.19")
+    (version "0.15.33")
     (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "ruamel.yaml" version))
        (sha256
         (base32
-         "0qx779avw8d1vsjqyi7z21h1g5ykp8paqavgj0lzbp8h7bw9vpgv"))))
+         "1s4b0zwn9pkk4xxjhx77giyfddc738drd6vgraw6n2syvj03s31d"))))
     (build-system python-build-system)
     (native-inputs
      `(("python-pytest" ,python-pytest)))

gnu/packages/shells.scm

@@ -174,7 +174,7 @@ highlighting.")
     (source (origin
               (method git-fetch)
               (uri (git-reference
-                    (url "git://github.com/rakitzis/rc.git")
+                    (url "https://github.com/rakitzis/rc.git")
                     ;; commit name 'release: rc-1.7.4'
                     (commit "c884da53a7c885d46ace2b92de78946855b18e92")))
               (sha256

gnu/packages/shellutils.scm

@@ -2,6 +2,7 @@
 ;;; Copyright © 2016 Matthew Jordan <matthewjordandevops@yandex.com>
 ;;; Copyright © 2016, 2017 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2016 Christopher Baines <mail@cbaines.net>
+;;; Copyright © 2017 Stefan Reichör <stefan@xsteve.at>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -122,3 +123,37 @@ Before each prompt, direnv checks for the existence of a .envrc file in the
 current and parent directories.  This file is then used to alter the
 environmental variables of the current shell.")
     (license expat)))
+
+(define-public fzy
+  (package
+    (name "fzy")
+    (version "0.9")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (string-append "https://github.com/jhawthorn/fzy/archive/"
+                           version ".tar.gz"))
+       (file-name (string-append name "-" version ".tar.gz"))
+       (sha256
+        (base32
+         "1xfgxqbkcpi2n4381kj3fq4026qs6by7xhl5gn0fgp3dh232c63j"))))
+    (build-system gnu-build-system)
+    (arguments
+     '(#:make-flags (list "CC=gcc"
+                          (string-append "PREFIX=" (assoc-ref %outputs "out")))
+       #:phases
+       (modify-phases %standard-phases
+         (delete 'configure))))
+    (home-page "https://github.com/jhawthorn/fzy")
+    (synopsis "Fast fuzzy text selector for the terminal with an advanced
+scoring algorithm")
+    (description
+     "Most other fuzzy matchers sort based on the length of a match.  fzy tries
+to find the result the user intended.  It does this by favouring matches on
+consecutive letters and starts of words.  This allows matching using acronyms
+or different parts of the path.
+
+fzy is designed to be used both as an editor plugin and on the command
+line.  Rather than clearing the screen, fzy displays its interface directly
+below the current cursor position, scrolling the screen if necessary.")
+    (license expat)))