Merge branch 'master' into core-updates

2017-01-25 12:42:39 -05:00 · 2017-01-25 12:42:39 -05:00 · d123f2f991
parent a282d7ff17 864042c5c5
commit d123f2f991
46 changed files with 844 additions and 368 deletions
--- a/gnu/local.mk
+++ b/gnu/local.mk
@ -595,7 +595,6 @@ dist_patch_DATA =						\
  %D%/packages/patches/gmp-faulty-test.patch			\
  %D%/packages/patches/gnome-tweak-tool-search-paths.patch	\
  %D%/packages/patches/gnucash-price-quotes-perl.patch		\
  %D%/packages/patches/gnupg-test-segfault-on-32bit-arch.patch	\
  %D%/packages/patches/gobject-introspection-absolute-shlib-path.patch \
  %D%/packages/patches/gobject-introspection-cc.patch		\
  %D%/packages/patches/gobject-introspection-girepository.patch	\
@ -647,7 +646,6 @@ dist_patch_DATA =						\
  %D%/packages/patches/jbig2dec-ignore-testtest.patch		\
  %D%/packages/patches/jq-CVE-2015-8863.patch			\
  %D%/packages/patches/kdbusaddons-kinit-file-name.patch	\
  %D%/packages/patches/khal-disable-failing-tests.patch		\
  %D%/packages/patches/khmer-use-libraries.patch                \
  %D%/packages/patches/kmod-module-directory.patch		\
  %D%/packages/patches/kobodeluxe-paths.patch			\
@ -701,8 +699,6 @@ dist_patch_DATA =						\
  %D%/packages/patches/libtiff-tiffcp-underflow.patch		\
  %D%/packages/patches/libtool-skip-tests2.patch		\
  %D%/packages/patches/libunwind-CVE-2015-3239.patch		\
  %D%/packages/patches/libupnp-CVE-2016-6255.patch		\
  %D%/packages/patches/libupnp-CVE-2016-8863.patch		\
  %D%/packages/patches/libvpx-CVE-2016-2818.patch		\
  %D%/packages/patches/libwebp-CVE-2016-9085.patch		\
  %D%/packages/patches/libwmf-CAN-2004-0941.patch		\
@ -782,6 +778,7 @@ dist_patch_DATA =						\
  %D%/packages/patches/openjpeg-CVE-2016-5157.patch		\
  %D%/packages/patches/openjpeg-CVE-2016-7163.patch		\
  %D%/packages/patches/openjpeg-CVE-2016-9850-CVE-2016-9851.patch		\
  %D%/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch		\
  %D%/packages/patches/openjpeg-use-after-free-fix.patch	\
  %D%/packages/patches/openocd-nrf52.patch			\
  %D%/packages/patches/openssl-runpath.patch			\
--- a/gnu/packages/calendar.scm
+++ b/gnu/packages/calendar.scm
@ -84,14 +84,13 @@ data units.")
 (define-public khal
  (package
    (name "khal")
-    (version "0.8.4")
+    (version "0.9.0")
    (source (origin
             (method url-fetch)
             (uri (pypi-uri "khal" version))
             (patches (search-patches "khal-disable-failing-tests.patch"))
             (sha256
              (base32
-               "03vy4dp9n43w51mwqjjy08dr5nj7wxqnb085visz3j43vzm42p1f"))))
+               "138gxynw7zavwqqaw5nzmj8sbpkymmb95xzgxqbdi9fiiqm9kamr"))))
    (build-system python-build-system)
    (arguments
     `(#:phases (modify-phases %standard-phases
--- a/gnu/packages/code.scm
+++ b/gnu/packages/code.scm
@ -3,6 +3,7 @@
 ;;; Copyright © 2015 Andreas Enge <andreas@enge.fr>
 ;;; Copyright © 2015 Ricardo Wurmus <rekado@elephly.net>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -190,43 +191,30 @@ COCOMO model or user-provided parameters.")
 (define-public the-silver-searcher
  (package
    (name "the-silver-searcher")
-    (version "0.32.0")
+    (version "1.0.2")
    (source (origin
              (method url-fetch)
              (uri (string-append
-                    "https://github.com/ggreer/the_silver_searcher/archive/"
+                    "http://geoff.greer.fm/ag/releases/the_silver_searcher-"
                    version ".tar.gz"))
              (sha256
               (base32
-                "1k543cjpignwvy8avhchz8pkqrqcgcryps36ycy8mz2w5rbhicn5"))
+                "0v54himv65w294l0k4lhdyc6kvpgijn8b9g5356479fzy7hphjkg"))))
              (file-name (string-append name "-" version ".tar.gz"))))
    (build-system gnu-build-system)
    (native-inputs
-     `(("autoconf" ,autoconf)
+     `(("pkg-config" ,pkg-config)))
       ("automake" ,automake)
       ("libtool" ,libtool)
       ("pkg-config" ,pkg-config)))
    (inputs
     `(("pcre" ,pcre)
       ("xz" ,xz)
       ("zlib" ,zlib)))
    (arguments
     `(#:phases
       ;; There is no configure yet, so let's create it, but let configure and
       ;; make do the work in later phases.
       (alist-cons-before 'configure 'autoconf
                          (lambda _
                            (substitute* "build.sh"
                              (("./configure") "true")
                              (("make -j4") "true"))
                            (zero? (system* "sh" "build.sh")))
                          %standard-phases)))
    (home-page "http://geoff.greer.fm/ag/")
    (synopsis "Fast code searching tool")
    (description
-     "The silver searcher, or 'ag', is tool for quickly searching through
+     "The Silver Searcher (@command{ag}) is a tool for quickly searching large
-files, but compared to grep is much faster and respects files like .gitignore,
+numbers of files.  It's intended primarily for source code repositories, and
-.hgignore, etc.")
+respects files like @file{.gitignore} and @file{.hgignore}.  It's also an order
 of magnitude faster than its inspiration, @command{ack}, and less specialised
 tools such as @command{grep}.")
    (license license:asl2.0)))
 (define-public trio
--- a/gnu/packages/databases.scm
+++ b/gnu/packages/databases.scm
@ -14,6 +14,7 @@
 ;;; Copyright © 2016 Jan Nieuwenhuizen <janneke@gnu.org>
 ;;; Copyright © 2016 Andy Patterson <ajpatter@uwaterloo.ca>
 ;;; Copyright © 2017 Marius Bakke <mbakke@fastmail.com>
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -425,6 +426,33 @@ TIMESTAMP.  It also supports storage of binary large objects, including
 pictures, sounds, or video.")
    (license (x11-style "file://COPYRIGHT"))))
 (define-public qdbm
  (package
    (name "qdbm")
    (version "1.8.78")
    (source
      (origin
       (method url-fetch)
       (uri (string-append "http://fallabs.com/" name "/"
                           name "-" version ".tar.gz"))
       (sha256
        (base32
         "0gmpvhn02pkq280ffmn4da1g4mdr1xxz7l80b7y4n7km1mrzwrml"))))
    (build-system gnu-build-system)
    (arguments
     `( #:configure-flags (list (string-append "LDFLAGS=-Wl,-rpath="
                                               (assoc-ref %outputs "out")
                                               "/lib"))))
    (home-page "http://fallabs.com/qdbm")
    (synopsis "Key-value database")
    (description "QDBM is a library of routines for managing a
 database.  The database is a simple data file containing key-value
 pairs.  Every key and value is serial bytes with variable length.
 Binary data as well as character strings can be used as a key or a
 value.  There is no concept of data tables or data types.  Records are
 organized in a hash table or B+ tree.")
    (license license:lgpl2.1+)))
 (define-public recutils
  (package
    (name "recutils")
@ -1050,7 +1078,7 @@ database and supports many programming languages.  It is a NoSQL database.")
 (define-public wiredtiger
  (package
    (name "wiredtiger")
-    (version "2.8.0")
+    (version "2.9.1")
    (source (origin
              (method url-fetch)
              (uri (string-append
@ -1058,7 +1086,7 @@ database and supports many programming languages.  It is a NoSQL database.")
                    version ".tar.bz2"))
              (sha256
               (base32
-                "1qh7y5paisdxq19jgg81ld7i32lz920n5k30hdpxnr8ll9c4hgjr"))))
+                "0krwnb2zfbhvjaskwl875qzd3y626s84zcciq2mxr5c5riw3yh6s"))))
    (build-system gnu-build-system)
    (arguments
     '(#:configure-flags '("--enable-lz4" "--enable-zlib")
--- a/gnu/packages/emacs.scm
+++ b/gnu/packages/emacs.scm
@ -1130,7 +1130,7 @@ as a library for other Emacs packages.")
 (define-public emacs-auctex
  (package
    (name "emacs-auctex")
-    (version "11.88.6")
+    (version "11.90.0")
    (source
     (origin
       (method url-fetch)
@ -1140,7 +1140,7 @@ as a library for other Emacs packages.")
             ".tar"))
       (sha256
        (base32
-         "1pmki8hdjjikxlvip3pzi350bln3gcimr27yjf0xfwjvnp5hh9nc"))))
+         "04nsndwcf0dimgc2p1yzzrymc36amzdnjg0158nxplmjkzdp28gy"))))
    (build-system emacs-build-system)
    ;; We use 'emacs' because AUCTeX requires dbus at compile time
    ;; ('emacs-minimal' does not provide dbus).
@ -2807,14 +2807,14 @@ be removed from the front.  This type of data structure is sometimes called an
 (define-public emacs-spinner
  (package
    (name "emacs-spinner")
-    (version "1.7.1")
+    (version "1.7.3")
    (source (origin
              (method url-fetch)
              (uri (string-append "https://elpa.gnu.org/packages/spinner-"
                                  version ".el"))
              (sha256
               (base32
-                "1fmwzdih0kbyvs8bn38mpm4sbs2mikqy2vdykfy9g20wpa8vb681"))))
+                "19kp1mmndbmw11sgvv2ggfjl4pyf5zrsbh3871f0965pw9z8vahd"))))
    (build-system emacs-build-system)
    (home-page "https://github.com/Malabarba/spinner.el")
    (synopsis "Emacs mode-line spinner for operations in progress")
@ -2826,14 +2826,14 @@ ongoing operations.")
 (define-public emacs-seq
  (package
    (name "emacs-seq")
-    (version "2.15")
+    (version "2.19")
    (source (origin
              (method url-fetch)
              (uri (string-append "https://elpa.gnu.org/packages/seq-"
                                  version ".tar"))
              (sha256
               (base32
-                "09wi1765bmn7i8fg6ajjfaxgs4ipc42d58zx2fdqpidrdg9c7q73"))))
+                "11hb7is6a4h1lscjcfrzh576j0g3m5yjydn16s6x5bxp5gsr6zha"))))
    (build-system emacs-build-system)
    (home-page "https://elpa.gnu.org/packages/seq.html")
    (synopsis "Sequence manipulation functions for Emacs")
--- a/gnu/packages/finance.scm
+++ b/gnu/packages/finance.scm
@ -3,6 +3,7 @@
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2016 Hartmut Goebel <h.goebel@crazy-compilers.com>
 ;;; Copyright © 2017 Carlo Zancanaro <carlo@zancanaro.id.au>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -26,6 +27,7 @@
 #:use-module (guix build utils)
 #:use-module (guix build-system gnu)
 #:use-module (guix build-system cmake)
 #:use-module (guix build-system python)
 #:use-module (gnu packages base)
 #:use-module (gnu packages boost)
 #:use-module (gnu packages databases)
@ -240,3 +242,52 @@ allow to do that off the ERiC library (which is proprietary however).
 It's not clear at the moment whether one day it will be possible to
 do so.")
    (license license:agpl3+)))
 (define-public electrum
  (package
    (name "electrum")
    (version "2.7.12")
    (source
     (origin
       (method url-fetch)
       (uri (string-append "https://download.electrum.org/"
                           version "/Electrum-"
                           version ".tar.gz"))
       (sha256
        (base32
         "0vxdfl208if7mdsnva1jg37bnay2dsz3ww157aqwcv1j6512fi1n"))
       (modules '((guix build utils)))
       (snippet
        '(begin
           ;; Delete the bundled dependencies.
           (delete-file-recursively "packages")
           #t))))
    (build-system python-build-system)
    (inputs
     `(("python-slowaes" ,python2-slowaes)
       ("python-sip" ,python2-sip)
       ("python-pyqt" ,python2-pyqt-4)
       ("python-ecdsa" ,python2-ecdsa)
       ("python-pbkdf2" ,python2-pbkdf2)
       ("python-requests" ,python2-requests)
       ("python-qrcode" ,python2-qrcode)
       ("python-protobuf" ,python2-protobuf)
       ("python-dnspython" ,python2-dnspython)
       ("python-jsonrpclib" ,python2-jsonrpclib)))
    (arguments
     `(#:python ,python-2
       #:phases
       (modify-phases %standard-phases
         (add-before 'build 'patch-home
           (lambda* (#:key outputs #:allow-other-keys)
             (substitute* "setup.py"
               (("~/.local/share")
                (string-append (assoc-ref outputs "out") "/local/share"))))))))
    (home-page "https://electrum.org/")
    (synopsis "Bitcoin wallet")
    (description
     "Electrum is a lightweight Bitcoin client, based on a client-server
 protocol.  It supports Simple Payment Verification (SPV) and deterministic key
 generation from a seed.  Your secret keys are encrypted and are never sent to
 other machines/servers.  Electrum does not download the Bitcoin blockchain.")
    (license license:expat)))
--- a/gnu/packages/gimp.scm
+++ b/gnu/packages/gimp.scm
@ -101,7 +101,7 @@ provided as well as the framework to add new color models and data types.")
            (("g_object_unref \\(buffer.\\);") ""))
          (substitute* "tests/compositions/Makefile"
-            (("/bin/sh") (which "bash"))))
+            (("/bin/sh") (which "sh"))))
        %standard-phases)))
    (inputs
     `(("babl" ,babl)
--- a/gnu/packages/gnupg.scm
+++ b/gnu/packages/gnupg.scm
@ -217,18 +217,14 @@ compatible to GNU Pth.")
 (define-public gnupg
  (package
    (name "gnupg")
-    (version "2.1.17")
+    (version "2.1.18")
    (source (origin
              (method url-fetch)
              (uri (string-append "mirror://gnupg/gnupg/gnupg-" version
                                  ".tar.bz2"))
              (sha256
               (base32
-                "1js308b46ifx1gim0c9nivr5yxhans7iq1yvkf7zl2928gdm9p65"))
+                "157rrv3ly9j2k0acz43nhiba5hfl6h7048jvj55wwqjmgsmnyk6h"))))
              (patches
               ;; This fixes a test failure on 32bit. Remove for next version.
               ;; https://lists.gnu.org/archive/html/guix-devel/2016-12/msg00869.html
               (search-patches "gnupg-test-segfault-on-32bit-arch.patch"))))
    (build-system gnu-build-system)
    (native-inputs
     `(("pkg-config" ,pkg-config)))
@ -310,7 +306,7 @@ libskba (working with X.509 certificates and CMS data).")
        (add-before 'configure 'patch-config-files
          (lambda _
            (substitute* "tests/openpgp/Makefile.in"
-              (("/bin/sh") (which "bash")))
+              (("/bin/sh") (which "sh")))
            #t))
        (add-after 'install 'rename-v2-commands
          (lambda* (#:key outputs #:allow-other-keys)
@ -349,7 +345,7 @@ libskba (working with X.509 certificates and CMS data).")
         (add-after 'unpack 'patch-check-sh
           (lambda _
             (substitute* "checks/Makefile.in"
-               (("/bin/sh") (which "bash"))))))))))
+               (("/bin/sh") (which "sh"))))))))))
 (define-public gpgme
  (package
@ -573,7 +569,7 @@ PGP keysigning parties.")
              (substitute* "keyanalyze/Makefile"
                (("./configure") (string-append "./configure --prefix=" out)))
              (substitute* "keyanalyze/pgpring/configure"
-                (("/bin/sh") (which "bash")))
+                (("/bin/sh") (which "sh")))
              (substitute* "gpgwrap/Makefile"
                (("\\} clean")
                 (string-append "} clean\ninstall:\n\tinstall -D bin/gpgwrap "
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@ -342,28 +342,38 @@ standards.")
        (mozilla-patch "icecat-CVE-2016-9893-pt7.patch"  "9b78ab1e6d07" "19ib6bp96xk000ll40b8qxvizkncyzclz2rsb9w5fa42qs9978ff")
        (mozilla-patch "icecat-CVE-2016-9893-pt8.patch"  "78ebf9c9dfb0" "1shgr4rk6r2zxr1qqk1j3qnnqzqxnbi093qhlrfh8q5q1ivqf6k1")
        (mozilla-patch "icecat-CVE-2016-9893-pt9.patch"  "a46a9f16823c" "0dwkyz3kcqnfcbhbfh2lss7s0yh87rgzb871qxx3x4ynyqph9mnz")
-        (mozilla-patch "icecat-bug-1311687.patch"        "6bc7cc7a33a6" "1wggcqv84n8mp7xps7hy4rwy61fkh45imfqzc0b46s3w5hyhypn2")
+        (mozilla-patch "icecat-CVE-2017-5376.patch"      "6bc7cc7a33a6" "1wggcqv84n8mp7xps7hy4rwy61fkh45imfqzc0b46s3w5hyhypn2")
        (mozilla-patch "icecat-CVE-2016-9893-pt10.patch" "778f65148b40" "0j2a153sk0654vv2lnxjib4lwml3mlqn6vs46c2pp82iba8nyfrm")
        (mozilla-patch "icecat-CVE-2016-9895.patch"      "94bd2b43c766" "10h0qpr6m9cqyqxxnkbb6mzb3cagavzlynkxgd7a4izyq1bv28rk")
        (mozilla-patch "icecat-CVE-2016-9893-pt11.patch" "893de7431d51" "11gyik8mwipl6ipypkvdq519pw7ccbg0g0bnvxb7271n44cqqcq5")
-        (mozilla-patch "icecat-bug-1323338.patch"        "b21dee058b2c" "005khpimffqzas7slajid4dd2c15nyk7rjk6fsps87bgnx0gx0s4")
+        (mozilla-patch "icecat-CVE-2017-5383-pt1.patch"  "b21dee058b2c" "005khpimffqzas7slajid4dd2c15nyk7rjk6fsps87bgnx0gx0s4")
        (mozilla-patch "icecat-bug-1258410-pt1.patch"    "cd23c5d74be8" "1myzkpzg6pmjacjz8az06m9kz84in1mwsiaw5sgx47pm02598wm5")
        (mozilla-patch "icecat-bug-1258410-pt2.patch"    "b83594617d15" "171cqflc9jh47az96im1whwhyq4ayicspqsczsmn2x5ll9lqw5fq")
-        (mozilla-patch "icecat-bug-1322107.patch"        "d6c6f5e4e641" "10x9f46ylm2q3i669hj1csd6agdm8w7xa0iln691z8ayg2hcrxdz")
+        (mozilla-patch "icecat-CVE-2017-5380.patch"      "d6c6f5e4e641" "10x9f46ylm2q3i669hj1csd6agdm8w7xa0iln691z8ayg2hcrxdz")
-        (mozilla-patch "icecat-bug-1285833.patch"        "122f5fbfc563" "05pp2f4pg4j8a8pdgjhfrc8g2chhkhsarn9n8sbyag0fy3ig1cvd")
+        (mozilla-patch "icecat-CVE-2017-5373-pt1.patch"  "122f5fbfc563" "05pp2f4pg4j8a8pdgjhfrc8g2chhkhsarn9n8sbyag0fy3ig1cvd")
-        (mozilla-patch "icecat-bug-1297361.patch"        "297c675ddadc" "1jc1b5i69vq1fvz3qfnnv52c9cj17bjbmfyzmqlw5ywna0wfvabz")
+        (mozilla-patch "icecat-CVE-2017-5390.patch"      "297c675ddadc" "1jc1b5i69vq1fvz3qfnnv52c9cj17bjbmfyzmqlw5ywna0wfvabz")
-        (mozilla-patch "icecat-bug-1325877.patch"        "3cff736e3bb6" "1nxqwnl9zksvkfkmis7zica4xrhwfndjyy2sxc1dvrh9rshk1swq")
+        (mozilla-patch "icecat-CVE-2017-5373-pt2.patch"  "3cff736e3bb6" "1nxqwnl9zksvkfkmis7zica4xrhwfndjyy2sxc1dvrh9rshk1swq")
-        (mozilla-patch "icecat-bug-1285960.patch"        "2732280adabc" "0zrpq3aybaw2yy38vs6883a4nw01x4kxn3lfqn9yhcgjvngmmyia")
+        (mozilla-patch "icecat-CVE-2017-5373-pt3.patch"  "2732280adabc" "0zrpq3aybaw2yy38vs6883a4nw01x4kxn3lfqn9yhcgjvngmmyia")
-        (mozilla-patch "icecat-bug-1325938.patch"        "81c9fdbd96e8" "0scv1zyi4vbsjdsyj4w70n5jd50baq0dzw3qpxqf1n69nfb9k214")
+        (mozilla-patch "icecat-CVE-2017-5373-pt4.patch"  "81c9fdbd96e8" "0scv1zyi4vbsjdsyj4w70n5jd50baq0dzw3qpxqf1n69nfb9k214")
-        (mozilla-patch "icecat-bug-1322420.patch"        "a386ca6a3013" "1m1scz2pxzmg9wya8is5dcr3mgvkx3g1xlykgigmw2mqs5zcdg9s")
+        (mozilla-patch "icecat-CVE-2017-5373-pt5.patch"  "a386ca6a3013" "1m1scz2pxzmg9wya8is5dcr3mgvkx3g1xlykgigmw2mqs5zcdg9s")
-        (mozilla-patch "icecat-bug-1328834.patch"        "0521b0e4707c" "1mv057p4hcvapibpbd9apryag19aiqdzafc6df2angl97m4mcbjx")
+        (mozilla-patch "icecat-CVE-2017-5373-pt6.patch"  "0521b0e4707c" "1mv057p4hcvapibpbd9apryag19aiqdzafc6df2angl97m4mcbjx")
        (mozilla-patch "icecat-bug-1290037.patch"        "bf0dd9ae6807" "02iw5ngsvvij95arnn69a744d6si27g1x41ixg16l51dbn900b3r")
        (mozilla-patch "icecat-bug-1322666.patch"        "576f03e362c5" "0m88xs0jwhzx2lg12cvimxjknp7rpsvvhxxblhiqqjwnqip0pyc0")
        (mozilla-patch "icecat-bug-1304266.patch"        "4d82e7314a72" "1rrrw4rw0xv7c2myiypcqh1fk47rk3fvic79zh6m04bl3knclr1r")
-        (mozilla-patch "icecat-bug-1322315.patch"        "0617dd4b444d" "1ipags2cl2p521pm0qx110h5di2mgif6h1r3g8l9b0rc5m9b1y2j")
+        (mozilla-patch "icecat-CVE-2017-5373-pt7.patch"  "0617dd4b444d" "1ipags2cl2p521pm0qx110h5di2mgif6h1r3g8l9b0rc5m9b1y2j")
-        (mozilla-patch "icecat-bug-1325200.patch"        "ead08c2a6c57" "1nnnwdr7411xpz6n9j869g6sz447cq6xsmds9cw6d24iprcinp5m")
+        (mozilla-patch "icecat-CVE-2017-5375.patch"      "ead08c2a6c57" "1nnnwdr7411xpz6n9j869g6sz447cq6xsmds9cw6d24iprcinp5m")
-        (mozilla-patch "icecat-bug-1312001.patch"        "c5e67d41bdd0" "05kwn5zv381lsiw9vbzm8fh6s1lddx47l8f4pwg487h9dj7vbdfq")
+        (mozilla-patch "icecat-CVE-2017-5378-pt1.patch"  "c5e67d41bdd0" "05kwn5zv381lsiw9vbzm8fh6s1lddx47l8f4pwg487h9dj7vbdfq")
-        (mozilla-patch "icecat-bug-1331058.patch"        "2ce94f2ea797" "1yrnjqpafjns68z99s1m6jins3agid7c1z3v9qgk5xzfcddl31pn")))
+        (mozilla-patch "icecat-CVE-2017-5373-pt8.patch"  "2ce94f2ea797" "1yrnjqpafjns68z99s1m6jins3agid7c1z3v9qgk5xzfcddl31pn")
        (mozilla-patch "icecat-CVE-2017-5373-pt9.patch"  "e4ac8a66d3db" "1ggbh6nk005plm7kvp7qznbnlpidqkipxc5hlaqbjc3m0z9mypzl")
        (mozilla-patch "icecat-CVE-2017-5386.patch"      "8c171b75a0c6" "1cplkgwkhqvb62q7s8cya2drjdswnlicv5d9a60fxvnp6m7a3z02")
        (mozilla-patch "icecat-CVE-2017-5383-pt2.patch"  "79a31d8153bf" "0dzwk2hc741c0jr8xya4y8q59lk8mcgnvfdrdk0vzq1gby16b9zi")
        (mozilla-patch "icecat-CVE-2017-5378-pt2.patch"  "747085a1cd93" "0rpc8hl0jka4akdjnlwya4x9v4pqa1r5vc4pkmxsgvqpp2vkq4m2")
        (mozilla-patch "icecat-bug-1331606.patch"        "f0329536734b" "1br5shyfwp009y623wgjq60vhcp5k5zpzkgy4r3s5yrm5xyfcprf")
        (mozilla-patch "icecat-bug-1328642.patch"        "237c1ca6e035" "0808g5j17var6wv6ivj08i43fwkga9abmmgmz5w3hb8mhajkjw58")
        (mozilla-patch "icecat-CVE-2017-5396.patch"      "910ad552cbf5" "1qss3gc6n4myzwvwanc09xvyiq3hwhixn2xvpbk9xkfz2apdlfa6")
        (mozilla-patch "icecat-bug-1312827.patch"        "5c894801eb1e" "03xyjwx9rfx5w7q6wq9if83fcfgrlvvbyxpsawzxxgybnizyy7g8")
        (mozilla-patch "icecat-bug-1191841.patch"        "83ee87b301bd" "1kd9z4py372a2f1jg7jwvwri43vipf0k7lcvsg7b0cqr5p70zwcg")
        (mozilla-patch "icecat-bug-1234317.patch"        "eb6f18dbfe8d" "1dh3263fvg3dxav09g6fn41ax4q1jmwp5fk6pl6shn16mrfha1qq")))
      (modules '((guix build utils)))
      (snippet
       '(begin
--- a/gnu/packages/guile.scm
+++ b/gnu/packages/guile.scm
@ -925,14 +925,14 @@ Guile's foreign function interface.")
 (define-public haunt
  (package
    (name "haunt")
-    (version "0.2")
+    (version "0.2.1")
    (source (origin
              (method url-fetch)
              (uri (string-append "https://files.dthompson.us/haunt/haunt-"
                                  version ".tar.gz"))
              (sha256
               (base32
-                "1id83n8fs7jxys1d8jy70vylg8gzcvlw1y7hb41y3qxv5zi4671m"))))
+                "1fpaf1vm6s7j13fs35barjh5yajcc2rc3pi8r7278wpgp4i2vs3w"))))
    (build-system gnu-build-system)
    (arguments
     `(#:modules ((ice-9 match) (ice-9 ftw)
@ -962,7 +962,8 @@ Guile's foreign function interface.")
    (inputs
     `(("guile" ,guile-2.0)))
    (propagated-inputs
-     `(("guile-reader" ,guile-reader)))
+     `(("guile-reader" ,guile-reader)
       ("guile-commonmark" ,guile-commonmark)))
    (synopsis "Functional static site generator")
    (description "Haunt is a static site generator written in Guile
 Scheme.  Haunt features a functional build system and an extensible
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@ -498,7 +498,8 @@ error-resilience, a Java-viewer for j2k-images, ...")
         (base32
          "19yz4g0c45sm8y1z01j9djsrl1mkz3pmw7fykc6hkvrqymp7prsc"))
        (patches
-          (search-patches "openjpeg-CVE-2016-9850-CVE-2016-9851.patch"))))))
+          (search-patches "openjpeg-CVE-2016-9850-CVE-2016-9851.patch"
                          "openjpeg-CVE-2016-9572-CVE-2016-9573.patch"))))))
 (define-public openjpeg-1
  (package (inherit openjpeg)
--- a/gnu/packages/java.scm
+++ b/gnu/packages/java.scm
@ -337,7 +337,7 @@ build process and its dependencies, whereas Make uses Makefile format.")
 (define-public icedtea-6
  (package
    (name "icedtea")
-    (version "1.13.12")
+    (version "1.13.13")
    (source (origin
              (method url-fetch)
              (uri (string-append
@ -345,7 +345,7 @@ build process and its dependencies, whereas Make uses Makefile format.")
                    version ".tar.xz"))
              (sha256
               (base32
-                "1q5iqm3dzqj8w3dwj6qqhczkkrslrfhmn3110klfwq9kyi2nimj8"))
+                "0bg9sb4f7qbq77c0zf9m17p47ga0kf0r9622g9p12ysg26jd1ksg"))
              (modules '((guix build utils)))
              (snippet
               '(substitute* "Makefile.in"
@ -764,10 +764,10 @@ build process and its dependencies, whereas Make uses Makefile format.")
       ("openjdk6-src"
        ,(origin
           (method url-fetch)
-           (uri "https://java.net/downloads/openjdk6/openjdk-6-src-b40-22_aug_2016.tar.gz")
+           (uri "https://java.net/downloads/openjdk6/openjdk-6-src-b41-04_jan_2017.tar.xz")
           (sha256
            (base32
-             "01v4q7g9pa6w7m6yxply5yrin08jgv12fck665xnmp09bpxy8sa5"))))
+             "058szix0j280g14jzajvsixx1j2dxmc10r848f5swpy6rr8x8d4f"))))
       ("lcms" ,lcms)
       ("zlib" ,zlib)
       ("gtk" ,gtk+-2)
--- a/gnu/packages/libupnp.scm
+++ b/gnu/packages/libupnp.scm
@ -26,17 +26,15 @@
 (define-public libupnp
  (package
    (name "libupnp")
-    (version "1.6.20")
+    (version "1.6.21")
    (source
     (origin
      (method url-fetch)
      (uri (string-append "mirror://sourceforge/pupnp/pupnp/libUPnP%20"
                          version "/" name "-" version ".tar.bz2"))
      (patches (search-patches "libupnp-CVE-2016-6255.patch"
                               "libupnp-CVE-2016-8863.patch"))
      (sha256
       (base32
-        "0qrsdsb1qm85hc4jy04qph895613d148f0x1mmk6z99y3q43fdgf"))))
+        "16x3z6jg1krwyydmbd0z59z5c9x4pniaajmfmnp5pmx18q43qgxg"))))
    (build-system gnu-build-system)
    (arguments
     ;; The tests require a network device capable of multicasting which is
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@ -90,7 +90,7 @@
                #:select (gpl2 gpl2+ gpl3 gpl3+ lgpl2.1 lgpl2.1+ lgpl3+
                           non-copyleft (expat . license:expat) bsd-3
                           public-domain bsd-4 isc (openssl . license:openssl)
-                           bsd-2))
+                           bsd-2 x11-style))
  #:use-module (guix packages)
  #:use-module (guix download)
  #:use-module (guix git-download)
@ -733,6 +733,27 @@ provides an API for C language.  It's the low-level API used by MailCore and
 MailCore 2.")
    (license (non-copyleft "file://COPYING"))))
 (define-public compface
  (package
    (name "compface")
    (version "1.5.2")
    (source (origin
              (method url-fetch)
              (uri (string-append "https://ftp.heanet.ie/mirrors/"
                                  "ftp.xemacs.org/aux/"
                                  name "-" version ".tar.gz"))
              (sha256
               (base32
                "09b89wg63hg502hsz592cd2h87wdprb1dq1k1y07n89hym2q56d6"))))
    (build-system gnu-build-system)
    (arguments
     `(#:tests? #f))
    (synopsis "Portrait image compressor")
    (description "This packages takes your 48x48x1 portrait image and
 compresses it.")
    (home-page "http://www.cs.indiana.edu/pub/faces/")
    (license (x11-style "file://README"))))
 (define-public claws-mail
  (package
    (name "claws-mail")
@ -1536,10 +1557,10 @@ powerful user customization features.")
                        "contrib/mmuegel" "devtools/bin/configure.sh")
                  (find-files "." ".*\\.m4")
                  (find-files "." ".*\\.cf"))
-               (("/bin/sh") (which "bash")))
+               (("/bin/sh") (which "sh")))
             (substitute* "devtools/bin/Build"
-               (("SHELL=/bin/sh") (string-append "SHELL=" (which "bash"))))
+               (("SHELL=/bin/sh") (string-append "SHELL=" (which "sh"))))
             #t))
         (replace 'configure
           (lambda _
--- a/gnu/packages/messaging.scm
+++ b/gnu/packages/messaging.scm
@ -825,7 +825,7 @@ connect with friends and family without anyone else listening in.")
               (("mkdir -p \\$\\{DESTDIR\\}/usr") "")
               (("/usr/local") "")
               (("/usr") "")
-               (("#!/bin/sh") (string-append "#!" (which "bash")))
+               (("#!/bin/sh") (string-append "#!" (which "sh")))
               (("python2") (which "python"))
               (("/opt/openssl-compat-bitcoin/lib/")
                (string-append (assoc-ref inputs "openssl") "/lib/")))
--- a/gnu/packages/node.scm
+++ b/gnu/packages/node.scm
@ -64,7 +64,7 @@
                            "lib/internal/v8_prof_polyfill.js"
                            "test/parallel/test-stdio-closed.js")
               (("'/bin/sh'")
-                (string-append "'" (which "bash") "'")))
+                (string-append "'" (which "sh") "'")))
             ;; Fix hardcoded /usr/bin/env references.
             (substitute* '("test/parallel/test-child-process-default-options.js"
--- a/gnu/packages/orpheus.scm
+++ b/gnu/packages/orpheus.scm
@ -90,7 +90,7 @@
             (substitute* '("src/mp3track.cc"
                            "src/streamtrack.cc"
                            "src/oggtrack.cc")
-               (("/bin/sh") (which "bash")))
+               (("/bin/sh") (which "sh")))
             #t)))))
    (home-page "http://thekonst.net/en/orpheus")
    (synopsis "Text-mode audio player")
--- a/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch
+++ b/gnu/packages/patches/gnupg-test-segfault-on-32bit-arch.patch
@ -1,40 +0,0 @@
 This fixes a segfault on 32-bit architectures. Upstream discussion:
 https://lists.gnupg.org/pipermail/gnupg-devel/2016-December/032364.html
 Guix thread: https://lists.gnu.org/archive/html/guix-devel/2016-12/msg00631.html
 Patch copied from upstream source repository:
 https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=6e96cdd41a0e55b672309431062f37c4a4a9f485
 From 6e96cdd41a0e55b672309431062f37c4a4a9f485 Mon Sep 17 00:00:00 2001
 From: Justus Winter <justus@g10code.com>
 Date: Wed, 21 Dec 2016 16:14:45 +0100
 Subject: [PATCH] gpgscm: Guard use of union member.
 * tests/gpgscm/scheme.c (opexe_5): Check that we have a file port
 before accessing filename.  Fixes a crash on 32-bit architectures.
 Fixes-commit: e7429b1ced0c69fa7901f888f8dc25f00fc346a4
 Signed-off-by: Justus Winter <justus@g10code.com>
 ---
 tests/gpgscm/scheme.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/tests/gpgscm/scheme.c b/tests/gpgscm/scheme.c
 index a5b7691..2844545 100644
 --- a/tests/gpgscm/scheme.c
 +++ b/tests/gpgscm/scheme.c
@@ -4838,7 +4838,7 @@ static pointer opexe_5(scheme *sc, enum scheme_opcodes op) {
                } else {
                     sc->nesting_stack[sc->file_i]++;
 #if USE_TAGS && SHOW_ERROR_LINE
 -		    {
 +		    if (sc->load_stack[sc->file_i].kind & port_file) {
 		      const char *filename =
 			sc->load_stack[sc->file_i].rep.stdio.filename;
 		      int lineno =
 -- 
 2.8.0.rc3
--- a/gnu/packages/patches/khal-disable-failing-tests.patch
+++ b/gnu/packages/patches/khal-disable-failing-tests.patch
@ -1,33 +0,0 @@
 Disable some tests that are known to fail:
 https://github.com/pimutils/khal/issues/546
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=844081
 diff --git a/tests/khalendar_test.py b/tests/khalendar_test.py
 index fd8dcc6..17732bf 100644
 --- a/tests/khalendar_test.py
 +++ b/tests/khalendar_test.py
@@ -65,6 +65,7 @@ class TestCalendar(object):
                 else:
                     mtimes[cal] = mtime
 +    @pytest.mark.xfail
     def test_db_needs_update(self, coll_vdirs):
         coll, vdirs = coll_vdirs
@@ -321,6 +322,7 @@ class TestDbCreation(object):
             CalendarCollection(calendars, dbpath=dbpath, locale=aux.locale)
 +@pytest.mark.xfail
 def test_default_calendar(coll_vdirs):
     """test if an update to the vdir is detected by the CalendarCollection"""
     coll, vdirs = coll_vdirs
@@ -341,6 +343,7 @@ def test_default_calendar(coll_vdirs):
     assert len(list(coll.get_events_on(today))) == 0
 +@pytest.mark.xfail
 def test_only_update_old_event(coll_vdirs, monkeypatch):
     coll, vdirs = coll_vdirs
--- a/gnu/packages/patches/libupnp-CVE-2016-6255.patch
+++ b/gnu/packages/patches/libupnp-CVE-2016-6255.patch
@ -1,50 +0,0 @@
 Fix CVE-2016-6255:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6255
 http://www.openwall.com/lists/oss-security/2016/07/18/13
 Patch adapted from upstream commit:
 https://github.com/mrjimenez/pupnp/commit/d64d6a44906b5aa5306bdf1708531d698654dda5
 The upstream change is simplified to unconditionally disable the HTTP
 POST feature.
 From d64d6a44906b5aa5306bdf1708531d698654dda5 Mon Sep 17 00:00:00 2001
 From: Matthew Garrett <mjg59@srcf.ucam.org>
 Date: Tue, 23 Feb 2016 13:53:20 -0800
 Subject: [PATCH] Don't allow unhandled POSTs to write to the filesystem by
 default
 If there's no registered handler for a POST request, the default behaviour
 is to write it to the filesystem. Several million deployed devices appear
 to have this behaviour, making it possible to (at least) store arbitrary
 data on them. Add a configure option that enables this behaviour, and change
 the default to just drop POSTs that aren't directly handled.
 Signed-off-by: Marcelo Roberto Jimenez <mroberto@users.sourceforge.net>
 (cherry picked from commit c91a8a3903367e1163765b73eb4d43be7d7927fa)
 ---
 configure.ac                         | 9 +++++++++
 upnp/inc/upnpconfig.h.in             | 9 +++++++++
 upnp/src/genlib/net/http/webserver.c | 4 ++++
 3 files changed, 22 insertions(+)
 diff --git a/upnp/src/genlib/net/http/webserver.c b/upnp/src/genlib/net/http/webserver.c
 index 26bf0f7..7ae8c1e 100644
 --- a/upnp/src/genlib/net/http/webserver.c
 +++ b/upnp/src/genlib/net/http/webserver.c
@@ -1367,9 +1367,13 @@ static int http_RecvPostMessage(
 		if (Fp == NULL)
 			return HTTP_INTERNAL_SERVER_ERROR;
 	} else {
 +#if 0
 		Fp = fopen(filename, "wb");
 		if (Fp == NULL)
 			return HTTP_UNAUTHORIZED;
 +#else
 +		return HTTP_NOT_FOUND;
 +#endif
 	}
 	parser->position = POS_ENTITY;
 	do {
--- a/gnu/packages/patches/libupnp-CVE-2016-8863.patch
+++ b/gnu/packages/patches/libupnp-CVE-2016-8863.patch
@ -1,72 +0,0 @@
 Fix CVE-2016-8863:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863
 https://sourceforge.net/p/pupnp/bugs/133/
 Patch copied from upstream source repository:
 https://sourceforge.net/p/pupnp/code/ci/9c099c2923ab4d98530ab5204af1738be5bddba7/
 From 9c099c2923ab4d98530ab5204af1738be5bddba7 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Uwe=20Kleine-K=C3=B6nig?= <ukleinek@debian.org>
 Date: Thu, 8 Dec 2016 17:11:53 +0100
 Subject: [PATCH] Fix out-of-bound access in create_url_list() (CVE-2016-8863)
 If there is an invalid URL in URLS->buf after a valid one, uri_parse is
 called with out pointing after the allocated memory. As uri_parse writes
 to *out before returning an error the loop in create_url_list must be
 stopped early to prevent an out-of-bound access
 Bug: https://sourceforge.net/p/pupnp/bugs/133/
 Bug-CVE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8863
 Bug-Debian: https://bugs.debian.org/842093
 Bug-Redhat: https://bugzilla.redhat.com/show_bug.cgi?id=1388771
 (cherry picked from commit a0f6e719bc03c4d2fe6a4a42ef6b8761446f520b)
 ---
 upnp/src/gena/gena_device.c | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)
 diff --git a/upnp/src/gena/gena_device.c b/upnp/src/gena/gena_device.c
 index fb04a29..245c56b 100644
 --- a/upnp/src/gena/gena_device.c
 +++ b/upnp/src/gena/gena_device.c
@@ -1113,7 +1113,7 @@ static int create_url_list(
 	/*! [out] . */
 	URL_list *out)
 {
 -    size_t URLcount = 0;
 +    size_t URLcount = 0, URLcount2 = 0;
     size_t i;
     int return_code = 0;
     uri_type temp;
@@ -1155,16 +1155,23 @@ static int create_url_list(
         }
         memcpy( out->URLs, URLS->buff, URLS->size );
         out->URLs[URLS->size] = 0;
 -        URLcount = 0;
         for( i = 0; i < URLS->size; i++ ) {
             if( ( URLS->buff[i] == '<' ) && ( i + 1 < URLS->size ) ) {
                 if( ( ( return_code =
                         parse_uri( &out->URLs[i + 1], URLS->size - i + 1,
 -                                   &out->parsedURLs[URLcount] ) ) ==
 +                                   &out->parsedURLs[URLcount2] ) ) ==
                       HTTP_SUCCESS )
 -                    && ( out->parsedURLs[URLcount].hostport.text.size !=
 +                    && ( out->parsedURLs[URLcount2].hostport.text.size !=
                          0 ) ) {
 -                    URLcount++;
 +                    URLcount2++;
 +                    if (URLcount2 >= URLcount)
 +                        /*
 +                         * break early here in case there is a bogus URL that
 +                         * was skipped above. This prevents to access
 +                         * out->parsedURLs[URLcount] which is beyond the
 +                         * allocation.
 +                         */
 +                        break;
                 } else {
                     if( return_code == UPNP_E_OUTOF_MEMORY ) {
                         free( out->URLs );
 -- 
 2.11.0
--- a/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch
+++ b/gnu/packages/patches/openjpeg-CVE-2016-9572-CVE-2016-9573.patch
@ -0,0 +1,233 @@
 Fix CVE-2016-9572 and CVE-2016-9573:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9572
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9573
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9572
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9573
 Patch copied from 3rd-party repository:
 https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d
 From 7b28bd2b723df6be09fe7791eba33147c1c47d0d Mon Sep 17 00:00:00 2001
 From: szukw000 <szukw000@arcor.de>
 Date: Mon, 28 Nov 2016 21:57:20 +0100
 Subject: [PATCH] Changes for issues #863 and #862
 ---
 src/bin/jp2/convert.c        | 59 +++++++++++++++++++++++++++++++++++++++-----
 src/bin/jp2/convertbmp.c     | 29 +++++++++++++++++++++-
 src/bin/jp2/opj_decompress.c |  2 +-
 src/lib/openjp2/j2k.c        | 11 ++++++---
 4 files changed, 90 insertions(+), 11 deletions(-)
 diff --git a/src/bin/jp2/convert.c b/src/bin/jp2/convert.c
 index deee4f6..6a3f65b 100644
 --- a/src/bin/jp2/convert.c
 +++ b/src/bin/jp2/convert.c
@@ -906,7 +906,8 @@ int imagetotga(opj_image_t * image, const char *outfile) {
     for (i = 0; i < image->numcomps-1; i++)	{
         if ((image->comps[0].dx != image->comps[i+1].dx)
                 ||(image->comps[0].dy != image->comps[i+1].dy)
 -                ||(image->comps[0].prec != image->comps[i+1].prec))	{
 +                ||(image->comps[0].prec != image->comps[i+1].prec)
 +				||(image->comps[0].sgnd != image->comps[i+1].sgnd))	{
             fclose(fdest);
             fprintf(stderr, "Unable to create a tga file with such J2K image charateristics.");
             return 1;
@@ -1743,7 +1744,7 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split)
     int *red, *green, *blue, *alpha;
     int wr, hr, max;
     int i;
 -    unsigned int compno, ncomp;
 +    unsigned int compno, ncomp, ui;
     int adjustR, adjustG, adjustB, adjustA;
     int fails, two, want_gray, has_alpha, triple;
     int prec, v;
@@ -1768,6 +1769,27 @@ int imagetopnm(opj_image_t * image, const char *outfile, int force_split)
     if(want_gray) ncomp = 1;
 +    for (ui = 1; ui < ncomp; ++ui) {
 +        if (image->comps[0].dx != image->comps[ui].dx) {
 +            break;
 +        }
 +        if (image->comps[0].dy != image->comps[ui].dy) {
 +            break;
 +        }
 +        if (image->comps[0].prec != image->comps[ui].prec) {
 +            break;
 +        }
 +        if (image->comps[0].sgnd != image->comps[ui].sgnd) {
 +            break;
 +        }
 +    }
 +    if (ui != ncomp) {
 +        fprintf(stderr,"imagetopnm: All components\n    shall have "
 +         "the same subsampling, same bit depth, same sign.\n"
 +         "    Aborting\n");
 +        return 1;
 +    }
 +
     if ((force_split == 0) &&
 				(ncomp == 2 /* GRAYA */
             || (ncomp > 2 /* RGB, RGBA */
@@ -2126,7 +2148,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
 {
     FILE *rawFile = NULL;
     size_t res;
 -    unsigned int compno;
 +    unsigned int compno, numcomps;
     int w, h, fails;
     int line, row, curr, mask;
     int *ptr;
@@ -2139,6 +2161,31 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
         return 1;
     }
 +    numcomps = image->numcomps;
 +
 +    if (numcomps > 4) {
 +        numcomps = 4;
 +    }
 +    for (compno = 1; compno < numcomps; ++compno) {
 +        if (image->comps[0].dx != image->comps[compno].dx) {
 +            break;
 +        }
 +        if (image->comps[0].dy != image->comps[compno].dy) {
 +            break;
 +        }
 +        if (image->comps[0].prec != image->comps[compno].prec) {
 +            break;
 +        }
 +        if (image->comps[0].sgnd != image->comps[compno].sgnd) {
 +            break;
 +        }
 +    }
 +    if (compno != numcomps) {
 +        fprintf(stderr,"imagetoraw_common: All components shall have the same subsampling, same bit depth, same sign.\n");
 +        fprintf(stderr,"\tAborting\n");
 +        return 1;
 +    }
 +
     rawFile = fopen(outfile, "wb");
     if (!rawFile) {
         fprintf(stderr, "Failed to open %s for writing !!\n", outfile);
@@ -2146,9 +2193,9 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
     }
     fails = 1;
 -    fprintf(stdout,"Raw image characteristics: %d components\n", image->numcomps);
 +    fprintf(stdout,"Raw image characteristics: %d components\n", numcomps);
 -    for(compno = 0; compno < image->numcomps; compno++)
 +    for(compno = 0; compno < numcomps; compno++)
     {
         fprintf(stdout,"Component %u characteristics: %dx%dx%d %s\n", compno, image->comps[compno].w,
                 image->comps[compno].h, image->comps[compno].prec, image->comps[compno].sgnd==1 ? "signed": "unsigned");
@@ -2238,7 +2285,7 @@ static int imagetoraw_common(opj_image_t * image, const char *outfile, OPJ_BOOL
         }
         else if (image->comps[compno].prec <= 32)
         {
 -            fprintf(stderr,"More than 16 bits per component no handled yet\n");
 +            fprintf(stderr,"More than 16 bits per component not handled yet\n");
             goto fin;
         }
         else
 diff --git a/src/bin/jp2/convertbmp.c b/src/bin/jp2/convertbmp.c
 index ae83077..8017ba8 100644
 --- a/src/bin/jp2/convertbmp.c
 +++ b/src/bin/jp2/convertbmp.c
@@ -806,8 +806,35 @@ int imagetobmp(opj_image_t * image, const char *outfile) {
     FILE *fdest = NULL;
     int adjustR, adjustG, adjustB;
 +   {
 +    unsigned int ui, ncomp = image->numcomps;
 +
 +    if (ncomp > 4) { /* RGBA in bmpmask32toimage */
 +        ncomp = 4;
 +    }
 +    for (ui = 1; ui < ncomp; ++ui) {
 +        if (image->comps[0].dx != image->comps[ui].dx) {
 +            break;
 +        }
 +        if (image->comps[0].dy != image->comps[ui].dy) {
 +            break;
 +        }
 +        if (image->comps[0].prec != image->comps[ui].prec) {
 +            break;
 +        }
 +        if (image->comps[0].sgnd != image->comps[ui].sgnd) {
 +            break;
 +        }
 +    }
 +    if (ui != ncomp) {
 +        fprintf(stderr,"imagetobmp: All components shall have the same subsampling, same bit depth, same sign.\n");
 +        fprintf(stderr,"\tAborting\n");
 +        return 1;
 +    }
 +
 +   }
     if (image->comps[0].prec < 8) {
 -        fprintf(stderr, "Unsupported number of components: %d\n", image->comps[0].prec);
 +        fprintf(stderr, "imagetobmp: Unsupported precision: %d\n", image->comps[0].prec);
         return 1;
     }
     if (image->numcomps >= 3 && image->comps[0].dx == image->comps[1].dx
 diff --git a/src/bin/jp2/opj_decompress.c b/src/bin/jp2/opj_decompress.c
 index 83160c3..c30079b 100644
 --- a/src/bin/jp2/opj_decompress.c
 +++ b/src/bin/jp2/opj_decompress.c
@@ -1607,7 +1607,7 @@ int main(int argc, char **argv)
 		if(dirptr->filename_buf) free(dirptr->filename_buf);
 		free(dirptr);
 	}
 -	if (numDecompressedImages) {
 +	if (numDecompressedImages && !failed) {
 		fprintf(stdout, "decode time: %d ms\n", (int)( (tCumulative * 1000.0) / (OPJ_FLOAT64)numDecompressedImages));
 	}
 	return failed ? EXIT_FAILURE : EXIT_SUCCESS;
 diff --git a/src/lib/openjp2/j2k.c b/src/lib/openjp2/j2k.c
 index 66802bb..b6daa32 100644
 --- a/src/lib/openjp2/j2k.c
 +++ b/src/lib/openjp2/j2k.c
@@ -2158,7 +2158,7 @@ static OPJ_BOOL opj_j2k_read_siz(opj_j2k_t *p_j2k,
                                   i, l_img_comp->dx, l_img_comp->dy);
                     return OPJ_FALSE;
                 }
 -                if( l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */
 +                if( l_img_comp->prec < 1 || l_img_comp->prec > 38) { /* TODO openjpeg won't handle more than ? */
                     opj_event_msg(p_manager, EVT_ERROR,
                                   "Invalid values for comp = %d : prec=%u (should be between 1 and 38 according to the JPEG2000 norm)\n",
                                   i, l_img_comp->prec);
@@ -10029,7 +10029,11 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k,
         /* Move data and copy one information from codec to output image*/
         for (compno = 0; compno < p_image->numcomps; compno++) {
                 p_image->comps[compno].resno_decoded = p_j2k->m_output_image->comps[compno].resno_decoded;
 -                p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data;
 +		p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data;
 +
 +		if(p_image->comps[compno].data == NULL) return OPJ_FALSE;
 +
 +                p_j2k->m_output_image->comps[compno].data = NULL;
 #if 0
                 char fn[256];
                 sprintf( fn, "/tmp/%d.raw", compno );
@@ -10037,7 +10041,6 @@ OPJ_BOOL opj_j2k_decode(opj_j2k_t * p_j2k,
                 fwrite( p_image->comps[compno].data, sizeof(OPJ_INT32), p_image->comps[compno].w * p_image->comps[compno].h, debug );
                 fclose( debug );
 #endif
 -                p_j2k->m_output_image->comps[compno].data = NULL;
         }
         return OPJ_TRUE;
@@ -10131,6 +10134,8 @@ OPJ_BOOL opj_j2k_get_tile(      opj_j2k_t *p_j2k,
                 p_image->comps[compno].data = p_j2k->m_output_image->comps[compno].data;
 +				if (p_image->comps[compno].data == NULL) return OPJ_FALSE;
 +
                 p_j2k->m_output_image->comps[compno].data = NULL;
         }
--- a/gnu/packages/python.scm
+++ b/gnu/packages/python.scm
@ -1194,14 +1194,14 @@ under several distributions that's hard or impossible to figure out.")
 (define-public python2-pysqlite
  (package
    (name "python2-pysqlite")
-    (version "2.8.1")
+    (version "2.8.3")
    (source
     (origin
      (method url-fetch)
      (uri (pypi-uri "pysqlite" version))
      (sha256
       (base32
-        "0rm0zqyb363y6wljhfmbxs16jjv7p8nk1d8zgq9sdwj6js7y3jkm"))))
+        "1424gwq9sil2ffmnizk60q36vydkv8rxs6m7xs987kz8cdc37lqp"))))
    (build-system python-build-system)
    (inputs
     `(("sqlite" ,sqlite)))
@ -2242,10 +2242,11 @@ executed.")
    (propagated-inputs
     `(("python-coverage" ,python-coverage)))
    (home-page "https://github.com/schlamar/cov-core")
-    (synopsis "plugin core for use by pytest-cov, nose-cov and nose2-cov")
+    (synopsis "Coverage plugin core for pytest-cov, nose-cov and nose2-cov")
    (description
-     "This is a library package for use by pytest-cov, nose-cov and nose2-cov.
+     "This is a library package for use by @code{pytest-cov}, @code{nose-cov}
-It is useful for developing coverage plugins for these testing frameworks.")
+and @code{nose2-cov}.  It is useful for developing coverage plugins for these
 testing frameworks.")
    (license license:expat)))
 (define-public python2-cov-core
@ -2568,13 +2569,13 @@ cutting and pasting that code over and over.")
 (define-public python-unidecode
  (package
    (name "python-unidecode")
-    (version "0.04.18")
+    (version "0.04.20")
    (source (origin
             (method url-fetch)
             (uri (pypi-uri "Unidecode" version))
             (sha256
              (base32
-               "12hhblqy1ajvidm38im4171x4arg83pfmziyn53nizp29p3m14gi"))))
+               "1q00i8gpsq3d9r0q8wk4b290fxl0kqlsdk7iadvli45in6s1hi7d"))))
    (build-system python-build-system)
    (home-page "https://pypi.python.org/pypi/Unidecode")
    (synopsis "ASCII transliterations of Unicode text")
@ -4004,14 +4005,14 @@ Python code against some of the style conventions in
 (define-public python-orderedmultidict
  (package
    (name "python-orderedmultidict")
-    (version "0.7.10")
+    (version "0.7.11")
    (source
      (origin
        (method url-fetch)
        (uri (pypi-uri "orderedmultidict" version))
        (sha256
          (base32
-            "1gvqk0jd432wsn88kq4svad68xz3r012jfpnhh9in7bqrkyxidky"))))
+            "0dls862ibm7qbq4fnvwx0xn1v9hwyzywbff8xjjdr42dd75208yw"))))
    (build-system python-build-system)
    (arguments
     `(#:phases
@ -4132,14 +4133,14 @@ You might also want to install the following optional dependencies:
 (define-public python-alembic
  (package
    (name "python-alembic")
-    (version "0.8.7")
+    (version "0.8.10")
    (source
     (origin
       (method url-fetch)
       (uri (pypi-uri "alembic" version))
       (sha256
        (base32
-         "0ias6fdzwr2s220fnjspkdgm9510bd0cnap0hx5y4zy4srba9f3z"))))
+         "06br9sfqypnjlal6fsbnky3zb0askwcn3diz8k3kwa0qcblm0fqf"))))
    (build-system python-build-system)
    (native-inputs
     `(("python-mock" ,python-mock)
@ -5535,13 +5536,13 @@ Python style, together with a fast and comfortable execution environment.")
 (define-public python-seaborn
  (package
    (name "python-seaborn")
-    (version "0.7.0")
+    (version "0.7.1")
    (source
     (origin
       (method url-fetch)
       (uri (pypi-uri "seaborn" version))
       (sha256
-        (base32 "0ibi3xsfm2kysph61mnfy0pf8d5rkgxgrdb0z9nbizgcgdsb5a0m"))))
+        (base32 "0pawrqc3mxpwd5g9pvi9gba02637bh5c8ldpp8izfwpfn52469zs"))))
    (build-system python-build-system)
    (propagated-inputs
     `(("python-pandas" ,python-pandas)
@ -5998,7 +5999,7 @@ complexity of Python source code.")
 (define-public python-mistune
  (package
    (name "python-mistune")
-    (version "0.7")
+    (version "0.7.3")
    (source
     (origin
       (method url-fetch)
@ -6008,7 +6009,7 @@ complexity of Python source code.")
             ".tar.gz"))
       (sha256
        (base32
-         "17zqjp9m4d1w3jf2rbbq5xshcw24q1vlcv24gkgfqqyyymajxahx"))))
+         "04xpk1zvslhq3xpnf01g3ag0dy9wfv4z28p093r8k49vvxlyil11"))))
    (build-system python-build-system)
    (native-inputs
     `(("python-nose" ,python-nose)
@ -7022,16 +7023,14 @@ serve the same purpose: provide Python bindings for libmagic.")))
 (define-public python-debian
  (package
    (name "python-debian")
-    (version "0.1.23")
+    (version "0.1.28")
    (source
     (origin
       (method url-fetch)
-       (uri (string-append
+       (uri (pypi-uri name version))
             "https://pypi.python.org/packages/source/p/python-debian/python-debian-"
             version ".tar.gz"))
       (sha256
        (base32
-         "193faznwnjc3n5991wyzim6h9gyq1zxifmfrnpm3avgkh7ahyynh"))))
+         "0i15f0xzx679sd0ldq2sls9pnnps9fv6vhqvnv9dzf4qhma42i0y"))))
    (build-system python-build-system)
    (propagated-inputs
     `(("python-six" ,python-six)))
@ -8612,16 +8611,16 @@ supports url redirection and retries, and also gzip and deflate decoding.")
 (define-public python-colorama
  (package
   (name "python-colorama")
-   (version "0.3.3")
+   (version "0.3.7")
   (source
    (origin
     (method url-fetch)
     (uri (pypi-uri "colorama" version))
     (sha256
      (base32
-       "1716z9pq1r5ys3nkg7wdrb3h2f9rmd0zdxpxzmx3bgwgf6xg48gb"))))
+       "0avqkn6362v7k2kg3afb35g4sfdvixjgy890clip4q174p9whhz0"))))
   (build-system python-build-system)
-   (synopsis "colored terminal text rendering for Python")
+   (synopsis "Colored terminal text rendering for Python")
   (description "Colorama is a Python library for rendering colored terminal
 text.")
   (home-page "https://pypi.python.org/pypi/colorama")
@ -9027,14 +9026,14 @@ file.")
 (define-public python-paste
  (package
    (name "python-paste")
-    (version "2.0.2")
+    (version "2.0.3")
    (source
     (origin
       (method url-fetch)
       (uri (pypi-uri "Paste" version))
       (sha256
        (base32
-         "16dsv9qi0r4qsrsb6dilpq2rx0fnglvh36flzywcdnm2jg43mb5d"))
+         "062jk0nlxf6lb2wwj6zc20rlvrwsnikpkh90y0dn8cjch93s6ii3"))
       (patches (search-patches "python-paste-remove-website-test.patch"
                                "python-paste-remove-timing-test.patch"))))
    (build-system python-build-system)
@ -9042,12 +9041,6 @@ file.")
     `(("python-nose" ,python-nose)))
    (propagated-inputs
     `(("python-six" ,python-six)))
    (arguments
     '(;; Tests don't pass on Python 3, but work fine on Python 2.
       ;; (As of 2.0.2, Python 3 support in Paste is presently a bit broken,
       ;; but is usable enough for the minimal amount it's used in MediaGoblin
       ;; still... things should be better by the next Paste release.)
       #:tests? #f))
    (home-page "http://pythonpaste.org")
    (synopsis
     "Python web development tools, focusing on WSGI")
@ -9055,18 +9048,10 @@ file.")
     "Paste provides a variety of web development tools and middleware which
 can be nested together to build web applications.  Paste's design closely
 follows ideas flowing from WSGI (Web Standard Gateway Interface).")
-    (license license:expat)
+    (license license:expat)))
    (properties `((python2-variant . ,(delay python2-paste))))))
 (define-public python2-paste
-  (let ((paste (package-with-python2
+  (package-with-python2 python-paste))
                (strip-python2-variant python-paste))))
    (package
      (inherit paste)
      (arguments
       ;; Tests are back for Python 2!
       `(#:tests? #t
         ,@(package-arguments paste))))))
 (define-public python-pastescript
  (package
@ -10414,13 +10399,13 @@ It uses LR parsing and does extensive error checking.")
 (define-public python-tabulate
  (package
    (name "python-tabulate")
-    (version "0.7.5")
+    (version "0.7.7")
    (source (origin
             (method url-fetch)
             (uri (pypi-uri "tabulate" version))
             (sha256
              (base32
-               "03l1r7ddd1a0j2snv1yd0hlnghjad3fg1an1jr8936ksv75slwch"))
+               "1inqhspd4frxnp08c32yndr0lc4px1xfkqah184i5w09gkhvi843"))
             ;; Fix tests
             (modules '((guix build utils)))
             (snippet '(substitute* '("test/test_cli.py"
@ -10720,13 +10705,13 @@ It supports TSIG authenticated messages and EDNS0.")
 (define-public python-email-validator
  (package
    (name "python-email-validator")
-    (version "1.0.1")
+    (version "1.0.2")
    (source
     (origin (method url-fetch)
             (uri (pypi-uri "email_validator" version))
             (sha256
              (base32
-               "0mn8jg5h8ifl8w6a6m0hq8kbk0mzw9vm054qfamkn89b3npz52qw"))))
+               "1ja9149l9ck5n45a72h3is7v476hjny5ybxbcamx1nw6iplsm7k6"))))
    (build-system python-build-system)
    (arguments
     '(#:phases
--- a/gnu/packages/search.scm
+++ b/gnu/packages/search.scm
@ -1,6 +1,7 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2014 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2015, 2016 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -19,7 +20,7 @@
 (define-module (gnu packages search)
  #:use-module ((guix licenses)
-                #:select (gpl2 gpl2+ gpl3+ bsd-3 x11))
+                #:select (gpl2 gpl2+ gpl3+ lgpl2.1+ bsd-3 x11))
  #:use-module (guix packages)
  #:use-module (guix download)
  #:use-module (guix build-system gnu)
@ -160,6 +161,33 @@ accounting for new lines and paragraph changes.  It also has robust support
 for parsing HTML files.")
    (license gpl3+)))
 (define-public hyperestraier
  (package
    (name "hyperestraier")
    (version "1.4.13")
    (source
      (origin
        (method url-fetch)
        (uri (string-append "http://fallabs.com/" name "/"
                            name "-" version ".tar.gz"))
        (sha256
         (base32
          "1qk3pxgzyrpcz5qfyd5xs2hw9q1cbb7j5zd4kp1diq501wcj2vs9"))))
    (inputs
     `(("qdbm" ,qdbm)
       ("zlib" ,zlib)))
    (build-system gnu-build-system)
    (arguments
     `(#:configure-flags (list (string-append "LDFLAGS=-Wl,-rpath="
                                              (assoc-ref %outputs "out")
                                              "/lib"))))
    (home-page "http://fallabs.com/hyperestraier")
    (synopsis "Full-text search system")
    (description "Hyper Estraier can be used to integrate full-text
 search into applications, using either the provided command line and CGI
 interfaces, or a C API.")
    (license lgpl2.1+)))
 (define-public mlocate
  (package
    (name "mlocate")
--- a/gnu/packages/shellutils.scm
+++ b/gnu/packages/shellutils.scm
@ -58,14 +58,14 @@ between various shells or commands.")
 (define-public trash-cli
  (package
    (name "trash-cli")
-    (version "0.17.1.1")
+    (version "0.17.1.14")
    (source
     (origin
       (method url-fetch)
       (uri (pypi-uri "trash-cli" version))
       (sha256
        (base32
-         "019sjab29jkps8zkf8icihhf3ng4lx9y4p1lxjd3wbnnynphc4is"))))
+         "01q0cl04ljf214z6s3g256gsxx3pqsgaf6ac1zh0vrq5bnhnr85h"))))
    (build-system python-build-system)
    (arguments
     `(#:python ,python-2
--- a/gnu/packages/sync.scm
+++ b/gnu/packages/sync.scm
@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015, 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -25,6 +26,7 @@
  #:use-module (gnu packages compression)
  #:use-module (gnu packages databases)
  #:use-module (gnu packages linux)
  #:use-module (gnu packages lua)
  #:use-module (gnu packages perl)
  #:use-module (gnu packages pkg-config)
  #:use-module (gnu packages qt)
@ -158,3 +160,49 @@ their folder.
@item Toggle for monochrome icon.
@end enumerate\n")
    (license license:lgpl3+)))
 (define-public lsyncd
  (package
    (name "lsyncd")
    (version "2.2.1")
    (source
     (origin
       (method url-fetch)
       (uri (string-append "https://github.com/axkibe/lsyncd/archive/release-"
                           version ".tar.gz"))
       (file-name (string-append name "-" version ".tar.gz"))
       (sha256
        (base32
         "0da7mrq2c578v2dd5x9v75l1fqrm28jvn28qkcd49y8p992nj6gl"))))
    (build-system cmake-build-system)
    (arguments
     `(;; The "tests" target is broken and assumes that tests are run in the
       ;; root directory.
       #:tests? #f
       #:test-target "tests"
       #:phases
       (modify-phases %standard-phases
         ;; No install target.
         (replace 'install
           (lambda* (#:key outputs #:allow-other-keys)
             (let* ((out (assoc-ref outputs "out"))
                    (bin (string-append out "/bin"))
                    (man (string-append out "/share/man/man1")))
               (install-file "lsyncd" bin)
               (install-file (string-append "../lsyncd-release-"
                                            ,version
                                            "/doc/manpage/lsyncd.1")
                             man)
               #t))))))
    (native-inputs
     `(("lua" ,lua-5.2)))
    (home-page "https://github.com/axkibe/lsyncd")
    (synopsis "Synchronize local directories with remote targets")
    (description "Lsyncd watches a local directory trees event monitor
 interface (inotify or fsevents).  It aggregates and combines events for a few
 seconds and then spawns one (or more) process(es) to synchronize the changes.
 By default this is rsync, which must be installed on all source and target
 machines.  Lsyncd is thus a light-weight live mirror solution that is
 comparatively easy to install not requiring new filesystems or block devices
 and does not hamper local filesystem performance.")
    (license license:gpl2+)))
--- a/gnu/packages/terminals.scm
+++ b/gnu/packages/terminals.scm
@ -6,6 +6,7 @@
 ;;; Copyright © 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016, 2017 José Miguel Sánchez García <jmi2k@openmailbox.org>
 ;;; Copyright © 2017 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2017 Ricardo Wurmus <rekado@elephly.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -362,3 +363,70 @@ scripts, notifying the user when something interesting occurs.  Of course, it
 has no notion of what's interesing, but it's very good at that notifying part.")
    (home-page "http://www.johnath.com/beep")
    (license license:gpl2+)))
 (define-public unibilium
  (package
    (name "unibilium")
    (version "1.2.0")
    (source
     (origin
       (method url-fetch)
       (uri (string-append "https://github.com/mauke/unibilium/"
                           "archive/v" version ".tar.gz"))
       (file-name (string-append name "-" version ".tar.gz"))
       (sha256
        (base32
         "1n7a0jrlwhn9nnkna76sbnjrr808m0pmzbiwznmp7rhmjl4z2fk2"))))
    (build-system gnu-build-system)
    (arguments
     `(#:make-flags
       (list "CC=gcc"
             (string-append "PREFIX=" (assoc-ref %outputs "out")))
       #:test-target "test"
       ;; FIXME: tests require "prove"
       #:tests? #f
       #:phases
       (modify-phases %standard-phases
         (delete 'configure))))
    (native-inputs
     `(("libtool" ,libtool)))
    (home-page "https://github.com/mauke/unibilium")
    (synopsis "Terminfo parsing library")
    (description "Unibilium is a basic C terminfo library.  It doesn't depend
 on curses or any other library.  It also doesn't use global variables, so it
 should be thread-safe.")
    (license license:lgpl3+)))
 (define-public libvterm
  (package
    (name "libvterm")
    (version "0+bzr681")
    (source
     (origin
       (method url-fetch)
       (uri (string-append "http://www.leonerd.org.uk/code/libvterm/"
                           "libvterm-" version ".tar.gz"))
       (sha256
        (base32
         "1s56c8p1qz6frkcri0hg4qyydv2wcccj6n2xmz1dwcdqn38ldsmb"))))
    (build-system gnu-build-system)
    (arguments
     `(#:make-flags
       (list "CC=gcc"
             (string-append "PREFIX=" (assoc-ref %outputs "out")))
       #:test-target "test"
       #:phases
       (modify-phases %standard-phases
         (delete 'configure))))
    (native-inputs
     `(("libtool" ,libtool)
       ("perl" ,perl)))
    (home-page "http://www.leonerd.org.uk/code/libvterm/")
    (synopsis "VT220/xterm/ECMA-48 terminal emulator library")
    (description "Libvterm is an abstract C99 library which implements a VT220
 or xterm-like terminal emulator.  It doesn't use any particular graphics
 toolkit or output system, instead it invokes callback function pointers that
 its embedding program should provide it to draw on its behalf.  It avoids
 calling @code{malloc} during normal running state, allowing it to be used in
 embedded kernel situations.")
    (license license:expat)))
--- a/gnu/packages/tor.scm
+++ b/gnu/packages/tor.scm
@ -2,7 +2,7 @@
 ;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2014, 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
-;;; Copyright © 2016 ng0 <ng0@we.make.ritual.n0.is>
+;;; Copyright © 2016, 2017 ng0 <contact.ng0@cryptolab.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -39,14 +39,14 @@
 (define-public tor
  (package
    (name "tor")
-    (version "0.2.9.8")
+    (version "0.2.9.9")
    (source (origin
             (method url-fetch)
             (uri (string-append "https://dist.torproject.org/tor-"
                                 version ".tar.gz"))
             (sha256
              (base32
-               "0sklgmx4nikcfhqd606kvpwy1l8840w24ikli1xjjx25739k7pgv"))))
+               "0hqdk5p6dw4bpn7c8gmhyi8jjkhc37112pfw5nx4gl0g4lmmscik"))))
    (build-system gnu-build-system)
    (native-inputs
     `(("python" ,python-2)))  ; for tests
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@ -580,7 +580,7 @@ standards (MPEG-2, MPEG-4 ASP/H.263, MPEG-4 AVC/H.264, and VC-1/VMW3).")
          (lambda* (#:key outputs configure-flags #:allow-other-keys)
            (let ((out (assoc-ref outputs "out")))
              (substitute* "configure"
-                (("#! /bin/sh") (string-append "#!" (which "bash"))))
+                (("#! /bin/sh") (string-append "#!" (which "sh"))))
              (setenv "SHELL" (which "bash"))
              (setenv "CONFIG_SHELL" (which "bash"))
              (zero? (apply system*
@ -796,7 +796,7 @@ treaming protocols.")
            (let ((out (assoc-ref outputs "out"))
                  (libx11 (assoc-ref inputs "libx11")))
              (substitute* "configure"
-                (("#! /bin/sh") (string-append "#!" (which "bash"))))
+                (("#! /bin/sh") (string-append "#!" (which "sh"))))
              (setenv "SHELL" (which "bash"))
              (setenv "CONFIG_SHELL" (which "bash"))
              (zero? (system*
@ -970,7 +970,7 @@ access to mpv's powerful playback capabilities.")
 (define-public youtube-dl
  (package
    (name "youtube-dl")
-    (version "2017.01.14")
+    (version "2017.01.24")
    (source (origin
              (method url-fetch)
              (uri (string-append "https://yt-dl.org/downloads/"
@ -978,7 +978,7 @@ access to mpv's powerful playback capabilities.")
                                  version ".tar.gz"))
              (sha256
               (base32
-                "1jlwz6p7ryj9ygmwqm4r3pykd9qw21rsiqpifbx0p0kcvdvvvj3n"))))
+                "1n74s6kfs4v1lfg7xls9ymk6yrq09hxwd18sz3lziv5qd1pj14b6"))))
    (build-system python-build-system)
    (arguments
     ;; The problem here is that the directory for the man page and completion
@ -1228,7 +1228,7 @@ for use with HTML5 video.")
         (lambda _
           (with-directory-excursion "avidemux_core/ffmpeg_package"
             (substitute* "ffmpeg-2.7.6/configure"
-               (("#! /bin/sh") (string-append "#!" (which "bash"))))
+               (("#! /bin/sh") (string-append "#!" (which "sh"))))
             (system* "tar" "cjf" "ffmpeg-2.7.6.tar.bz2" "ffmpeg-2.7.6"
                      ;; avoid non-determinism in the archive
                      "--sort=name" "--mtime=@0"
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@ -17,6 +17,7 @@
 ;;; Copyright © 2016 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2016 Tobias Geerinckx-Rice <me@tobias.gr>
 ;;; Copyright © 2016 Bake Timmons <b3timmons@speedymail.org>
 ;;; Copyright © 2017 Thomas Danckaert <post@thomasdanckaert.be>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -3968,3 +3969,29 @@ useful for users behind restrictive firewalls.  As long as Web traffic is
 allowed, even through a HTTP-only proxy, httptunnel can be combined with other
 tools like SSH (Secure Shell) to reach the outside world.")
    (license l:gpl2+)))
 (define-public stunnel
  (package
  (name "stunnel")
  (version "5.39")
  (source
    (origin
      (method url-fetch)
      (uri (string-append "https://www.stunnel.org/downloads/stunnel-"
                          version ".tar.gz"))
      (sha256
       (base32
        "1vjdn32iw11zqsygwxbjmqgs4644dk3ql1h8ap890ls6a1x0i318"))))
  (build-system gnu-build-system)
  (inputs `(("openssl" ,openssl)))
  (arguments
   `(#:configure-flags
     (list (string-append "--with-ssl=" (assoc-ref %build-inputs "openssl")))))
  (home-page "https://www.stunnel.org")
  (synopsis "TLS proxy for clients or servers")
  (description "Stunnel is a proxy designed to add TLS encryption
 functionality to existing clients and servers without any changes in the
 programs' code.  Its architecture is optimized for security, portability, and
 scalability (including load-balancing), making it suitable for large
 deployments.")
  (license l:gpl2+)))
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@ -3,7 +3,7 @@
 ;;; Copyright © 2014, 2015, 2016 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2014 Eric Bavier <bavier@member.fsf.org>
 ;;; Copyright © 2014, 2015, 2016 Alex Kost <alezost@gmail.com>
-;;; Copyright © 2013, 2015 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2013, 2015, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2015, 2016 Mathieu Lirzin <mthl@gnu.org>
 ;;; Copyright © 2015 Alexander I.Grafov <grafov@gmail.com>
 ;;; Copyright © 2015 Andy Wingo <wingo@igalia.com>
@ -75,7 +75,14 @@
                                  "/files/" name "-" version ".tar.gz"))
              (sha256
               (base32
-                "1i3f1agixxbfy4kxikb2b241p7c2lg73cl9wqfvlwz3q6zf5faxv"))))
+                "1i3f1agixxbfy4kxikb2b241p7c2lg73cl9wqfvlwz3q6zf5faxv"))
              (modules '((guix build utils)))
              (snippet
               ;; Do not record a timestamp and file name in gzipped man
               ;; pages (this is equivalent to 'gzip --no-name'.)
               '(substitute* "setup.py"
                  (("gzip\\.open\\(gzfile, 'w', 9\\)")
                   "gzip.GzipFile('', 'wb', 9, open(gzfile, 'wb'), 0.)")))))
    (build-system python-build-system)
    (arguments
     `(#:python ,python-2     ;incompatible with python 3
--- a/gnu/packages/xiph.scm
+++ b/gnu/packages/xiph.scm
@ -300,7 +300,7 @@ ogginfo, to obtain information (tags, bitrate, length, etc.) about
 (define opus
  (package
    (name "opus")
-    (version "1.1.3")
+    (version "1.1.4")
    (source (origin
              (method url-fetch)
              (uri (string-append
@ -308,7 +308,7 @@ ogginfo, to obtain information (tags, bitrate, length, etc.) about
                    ".tar.gz"))
              (sha256
               (base32
-                "0cxnd7pjxbgh6l3cbzsw29phpr5cq28fikfhjlp1hc3y5s0gxdjq"))))
+                "14l6kpapmcnvl7p9hrmbqcnzj13zfzyppyc9a5kd4788h2rvc8li"))))
    (build-system gnu-build-system)
    (synopsis "Versatile audio codec")
    (description
--- a/gnu/services.scm
+++ b/gnu/services.scm
@ -345,6 +345,10 @@ ACTIVATION-SCRIPT-TYPE."
                      ;; thus there is no accounting at all.
                      (close-port (open-file "/var/run/utmpx" "a0"))
                      ;; Same for 'wtmp', which is populated by mingetty et
                      ;; al.
                      (close-port (open-file "/var/log/wtmp" "a0"))
                      ;; Set up /run/current-system.  Among other things this
                      ;; sets up locales, which the activation snippets
                      ;; executed below may expect.
--- a/gnu/services/cups.scm
+++ b/gnu/services/cups.scm
@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 Andy Wingo <wingo@pobox.com>
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -811,6 +812,7 @@ IPP specifications.")
  ;; Activation gexp.
  (with-imported-modules '((guix build utils))
    #~(begin
        (use-modules (guix build utils))
        (define (mkdir-p/perms directory owner perms)
          (mkdir-p directory)
          (chown "/var/run/cups" (passwd:uid owner) (passwd:gid owner))
--- a/gnu/services/mail.scm
+++ b/gnu/services/mail.scm
@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 Andy Wingo <wingo@igalia.com>
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -1601,6 +1602,7 @@ accept from local for any relay
    (($ <opensmtpd-configuration> package config-file)
     (let ((smtpd (file-append package "/sbin/smtpd")))
       #~(begin
           (use-modules (guix build utils))
           ;; Create mbox and spool directories.
           (mkdir-p "/var/mail")
           (mkdir-p "/var/spool/smtpd")
--- a/gnu/services/networking.scm
+++ b/gnu/services/networking.scm
@ -3,6 +3,7 @@
 ;;; Copyright © 2015 Mark H Weaver <mhw@netris.org>
 ;;; Copyright © 2016 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2016 John Darrington <jmd@gnu.org>
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -332,6 +333,7 @@ restrict -6 ::1\n"))
  "Return the activation gexp for CONFIG."
  (with-imported-modules '((guix build utils))
    #~(begin
        (use-modules (guix build utils))
        (define %user
          (getpw "ntpd"))
--- a/gnu/services/spice.scm
+++ b/gnu/services/spice.scm
@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2016 David Craven <david@craven.ch>
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -35,7 +36,9 @@
 (define (spice-vdagent-activation config)
  "Return the activation gexp for CONFIG."
-  #~(mkdir-p "/var/run/spice-vdagentd"))
+  #~(begin
      (use-modules (guix build utils))
      (mkdir-p "/var/run/spice-vdagentd")))
 (define (spice-vdagent-shepherd-service config)
  "Return a <shepherd-service> for spice-vdagentd with CONFIG."
--- a/gnu/services/ssh.scm
+++ b/gnu/services/ssh.scm
@ -2,6 +2,7 @@
 ;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2016 David Craven <david@craven.ch>
 ;;; Copyright © 2016 Julien Lepiller <julien@lepiller.eu>
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -292,6 +293,7 @@ The other options should be self-descriptive."
 (define (openssh-activation config)
  "Return the activation GEXP for CONFIG."
  #~(begin
      (use-modules (guix build utils))
      (mkdir-p "/etc/ssh")
      (mkdir-p (dirname #$(openssh-configuration-pid-file config)))
@ -388,6 +390,7 @@ The other options should be self-descriptive."
 (define (dropbear-activation config)
  "Return the activation gexp for CONFIG."
  #~(begin
      (use-modules (guix build utils))
      (mkdir-p "/etc/dropbear")))
 (define (dropbear-shepherd-service config)
--- a/gnu/services/vpn.scm
+++ b/gnu/services/vpn.scm
@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2017 Julien Lepiller <julien@lepiller.eu>
 ;;; Copyright © 2017 Clément Lassieur <clement@lassieur.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -444,7 +445,9 @@ is trunkated and rewritten every minute.")
         (shell (file-append shadow "/sbin/nologin")))))
 (define %openvpn-activation
-  #~(mkdir-p "/var/run/openvpn"))
+  #~(begin
      (use-modules (guix build utils))
      (mkdir-p "/var/run/openvpn")))
 (define openvpn-server-service-type
  (service-type (name 'openvpn-server)
--- a/gnu/system/mapped-devices.scm
+++ b/gnu/system/mapped-devices.scm
@ -54,7 +54,7 @@
 (define-record-type* <mapped-device> mapped-device
  make-mapped-device
  mapped-device?
-  (source    mapped-device-source)                ;string
+  (source    mapped-device-source)                ;string | list of strings
  (target    mapped-device-target)                ;string
  (type      mapped-device-type))                 ;<mapped-device-kind>
--- a/gnu/tests/base.scm
+++ b/gnu/tests/base.scm
@ -194,6 +194,29 @@ info --version")
                            (utmpx-entries)))
             marionette))
          ;; Likewise for /var/log/wtmp (used by 'last').
          (test-assert "wtmp entry"
            (match (marionette-eval
                    '(begin
                       (use-modules (guix build syscalls)
                                    (srfi srfi-1))
                       (define (entry->list entry)
                         (list (utmpx-user entry) (utmpx-line entry)
                               (utmpx-host entry) (utmpx-login-type entry)))
                       (call-with-input-file "/var/log/wtmp"
                         (lambda (port)
                           (let loop ((result '()))
                             (if (eof-object? (peek-char port))
                                 (map entry->list (reverse result))
                                 (loop (cons (read-utmpx port) result)))))))
                    marionette)
              (((users lines hosts types) ..1)
               (every (lambda (type)
                        (eqv? type (login-type LOGIN_PROCESS)))
                      types))))
          (test-assert "host name resolution"
            (match (marionette-eval
                    '(begin
--- a/guix/build/syscalls.scm
+++ b/guix/build/syscalls.scm
@ -21,6 +21,7 @@
 (define-module (guix build syscalls)
  #:use-module (system foreign)
  #:use-module (rnrs bytevectors)
  #:autoload   (ice-9 binary-ports) (get-bytevector-n)
  #:use-module (srfi srfi-1)
  #:use-module (srfi srfi-9)
  #:use-module (srfi srfi-9 gnu)
@ -142,7 +143,8 @@
            utmpx-time
            utmpx-address
            login-type
-            utmpx-entries))
+            utmpx-entries
            (read-utmpx-from-port . read-utmpx)))
 ;;; Commentary:
 ;;;
@ -1598,4 +1600,13 @@ always a positive integer."
      ((? utmpx? entry)
       (loop (cons entry entries))))))
 (define (read-utmpx-from-port port)
  "Read a utmpx entry from PORT.  Return either the EOF object or a utmpx
 entry."
  (match (get-bytevector-n port sizeof-utmpx)
    ((? eof-object? eof)
     eof)
    ((? bytevector? bv)
     (read-utmpx bv))))
 ;;; syscalls.scm ends here
--- a/guix/grafts.scm
+++ b/guix/grafts.scm
@ -78,11 +78,12 @@
 (define* (graft-derivation/shallow store drv grafts
                                   #:key
                                   (name (derivation-name drv))
                                   (outputs (derivation-output-names drv))
                                   (guile (%guile-for-build))
                                   (system (%current-system)))
-  "Return a derivation called NAME, based on DRV but with all the GRAFTS
+  "Return a derivation called NAME, which applies GRAFTS to the specified
-applied.  This procedure performs \"shallow\" grafting in that GRAFTS are not
+OUTPUTS of DRV.  This procedure performs \"shallow\" grafting in that GRAFTS
-recursively applied to dependencies of DRV."
+are not recursively applied to dependencies of DRV."
  ;; XXX: Someday rewrite using gexps.
  (define mapping
    ;; List of store item pairs.
@ -96,14 +97,12 @@ recursively applied to dependencies of DRV."
                     target))))
         grafts))
-  (define outputs
+  (define output-pairs
-    (map (match-lambda
+    (map (lambda (output)
-           ((name . output)
+           (cons output
-            (cons name (derivation-output-path output))))
+                 (derivation-output-path
-         (derivation-outputs drv)))
+                  (assoc-ref (derivation-outputs drv) output))))
-
+         outputs))
  (define output-names
    (derivation-output-names drv))
  (define build
    `(begin
@ -111,7 +110,7 @@ recursively applied to dependencies of DRV."
                    (guix build utils)
                    (ice-9 match))
-       (let* ((old-outputs ',outputs)
+       (let* ((old-outputs ',output-pairs)
              (mapping (append ',mapping
                               (map (match-lambda
                                      ((name . file)
@ -143,10 +142,10 @@ recursively applied to dependencies of DRV."
                                                 (guix build utils))
                                     #:inputs `(,@(map (lambda (out)
                                                         `("x" ,drv ,out))
-                                                       output-names)
+                                                       outputs)
                                                ,@(append (map add-label sources)
                                                          (map add-label targets)))
-                                     #:outputs output-names
+                                     #:outputs outputs
                                     #:local-build? #t)))))
 (define (item->deriver store item)
  "Return two values: the derivation that led to ITEM (a store item), and the
@ -217,14 +216,14 @@ available."
 (define-syntax-rule (with-cache key exp ...)
  "Cache the value of monadic expression EXP under KEY."
  (mlet %state-monad ((cache (current-state)))
-    (match (vhash-assq key cache)
+    (match (vhash-assoc key cache)
      ((_ . result)                               ;cache hit
       (return result))
      (#f                                         ;cache miss
       (mlet %state-monad ((result (begin exp ...))
                           (cache  (current-state)))
         (mbegin %state-monad
-           (set-current-state (vhash-consq key result cache))
+           (set-current-state (vhash-cons key result cache))
           (return result)))))))
 (define* (cumulative-grafts store drv grafts
@ -265,7 +264,7 @@ derivations to the corresponding set of grafts."
                                 #:system system))
          (state-return grafts))))
-  (with-cache drv
+  (with-cache (cons (derivation-file-name drv) outputs)
    (match (non-self-references references drv outputs)
      (()                                         ;no dependencies
       (return grafts))
@ -282,29 +281,27 @@ derivations to the corresponding set of grafts."
              ;; applicable to DRV, to avoid creating several identical
              ;; grafted variants of DRV.
              (let* ((new    (graft-derivation/shallow store drv applicable
                                                       #:outputs outputs
                                                       #:guile guile
                                                       #:system system))
                     ;; Replace references to any of the outputs of DRV,
                     ;; even if that's more than needed.  This is so that
                     ;; the result refers only to the outputs of NEW and
                     ;; not to those of DRV.
                     (grafts (append (map (lambda (output)
                                            (graft
                                              (origin drv)
                                              (origin-output output)
                                              (replacement new)
                                              (replacement-output output)))
-                                          (derivation-output-names drv))
+                                          outputs)
                                     grafts)))
                (return grafts))))))))))
 (define* (graft-derivation store drv grafts
-                           #:key (guile (%guile-for-build))
+                           #:key
                           (guile (%guile-for-build))
                           (outputs (derivation-output-names drv))
                           (system (%current-system)))
-  "Applied GRAFTS to DRV and all its dependencies, recursively.  That is, if
+  "Apply GRAFTS to the OUTPUTS of DRV and all their dependencies, recursively.
-GRAFTS apply only indirectly to DRV, graft the dependencies of DRV, and graft
+That is, if GRAFTS apply only indirectly to DRV, graft the dependencies of
-DRV itself to refer to those grafted dependencies."
+DRV, and graft DRV itself to refer to those grafted dependencies."
  ;; First, pre-compute the dependency tree of the outputs of DRV.  Do this
  ;; upfront to have as much parallelism as possible when querying substitute
@ -314,6 +311,7 @@ DRV itself to refer to those grafted dependencies."
  (match (run-with-state
             (cumulative-grafts store drv grafts references
                                #:outputs outputs
                                #:guile guile #:system system)
           vlist-null)                            ;the initial cache
    ((first . rest)
--- a/guix/scripts/container/exec.scm
+++ b/guix/scripts/container/exec.scm
@ -74,7 +74,14 @@ and the other containing arguments for the command to be executed."
      (let* ((opts (parse-command-line args %options '(())
                                       #:argument-handler
                                       handle-argument))
-             (pid  (assoc-ref opts 'pid)))
+             (pid  (assoc-ref opts 'pid))
             (environment (filter-map (lambda (name)
                                        (let ((value (getenv name)))
                                          (and value (cons name value))))
                                      ;; Pass through the TERM environment
                                      ;; variable to inform processes about
                                      ;; the capabilities of the terminal.
                                      '("TERM"))))
        (unless pid
          (leave (_ "no pid specified~%")))
@ -89,6 +96,10 @@ and the other containing arguments for the command to be executed."
                        (lambda ()
                          (match command
                            ((program . program-args)
                             (for-each (match-lambda
                                         ((name . value)
                                          (setenv name value)))
                                       environment)
                             (apply execlp program program program-args)))))))
          (unless (zero? result)
            (leave (_ "exec failed with status ~d~%") result)))))))
--- a/tests/grafts.scm
+++ b/tests/grafts.scm
@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@ -43,6 +43,9 @@
 (define %mkdir
  (bootstrap-binary "mkdir"))
 (define make-derivation-input
  (@@ (guix derivations) make-derivation-input))
 (test-begin "grafts")
@ -241,7 +244,18 @@
                (replacement p1r)
                (replacement-output "ONE")))
         (p3d (graft-derivation %store p3 (list p1g))))
-    (and (build-derivations %store (list p3d))
+
    (and (not (find (lambda (input)
                      ;; INPUT should not be P2:zzz since the result of P3
                      ;; does not depend on it.  See
                      ;; <http://bugs.gnu.org/24886>.
                      (and (string=? (derivation-input-path input)
                                     (derivation-file-name p2))
                           (member "zzz"
                                   (derivation-input-sub-derivations input))))
                    (derivation-inputs p3d)))
         (build-derivations %store (list p3d))
         (let ((out (derivation->output-path (pk 'p2d p3d))))
           (and (not (string=? (readlink out)
                               (derivation->output-path p2 "aaa")))
@ -249,6 +263,106 @@
                          (readlink (string-append out "/two")))
                (file-exists? (string-append out "/one/replacement")))))))
 (test-assert "graft-derivation with #:outputs"
  ;; Call 'graft-derivation' with a narrowed set of outputs passed as
  ;; #:outputs.
  (let* ((p1  (build-expression->derivation
               %store "p1"
               `(let ((one (assoc-ref %outputs "one"))
                      (two (assoc-ref %outputs "two")))
                  (mkdir one)
                  (mkdir two))
               #:outputs '("one" "two")))
         (p1r (build-expression->derivation
               %store "P1"
               `(let ((other (assoc-ref %outputs "ONE")))
                  (mkdir other)
                  (call-with-output-file (string-append other "/replacement")
                    (const #t)))
               #:outputs '("ONE")))
         (p2  (build-expression->derivation
               %store "p2"
               `(let ((aaa (assoc-ref %outputs "aaa"))
                      (zzz (assoc-ref %outputs "zzz")))
                  (mkdir zzz) (chdir zzz)
                  (mkdir aaa) (chdir aaa)
                  (symlink (assoc-ref %build-inputs "p1:two") "two"))
               #:outputs '("aaa" "zzz")
               #:inputs `(("p1:one" ,p1 "one")
                          ("p1:two" ,p1 "two"))))
         (p1g (graft
                (origin p1)
                (origin-output "one")
                (replacement p1r)
                (replacement-output "ONE")))
         (p2g (graft-derivation %store p2 (list p1g)
                                #:outputs '("aaa"))))
    ;; P2:aaa depends on P1:two, but not on P1:one, so nothing to graft.
    (eq? p2g p2)))
 (test-equal "graft-derivation, unused outputs not depended on"
  '("aaa")
  ;; Make sure that the result of 'graft-derivation' does not pull outputs
  ;; that are irrelevant to the grafting process.  See
  ;; <http://bugs.gnu.org/24886>.
  (let* ((p1  (build-expression->derivation
               %store "p1"
               `(let ((one (assoc-ref %outputs "one"))
                      (two (assoc-ref %outputs "two")))
                  (mkdir one)
                  (mkdir two))
               #:outputs '("one" "two")))
         (p1r (build-expression->derivation
               %store "P1"
               `(let ((other (assoc-ref %outputs "ONE")))
                  (mkdir other)
                  (call-with-output-file (string-append other "/replacement")
                    (const #t)))
               #:outputs '("ONE")))
         (p2  (build-expression->derivation
               %store "p2"
               `(let ((aaa (assoc-ref %outputs "aaa"))
                      (zzz (assoc-ref %outputs "zzz")))
                  (mkdir zzz) (chdir zzz)
                  (symlink (assoc-ref %build-inputs "p1:two") "two")
                  (mkdir aaa) (chdir aaa)
                  (symlink (assoc-ref %build-inputs "p1:one") "one"))
               #:outputs '("aaa" "zzz")
               #:inputs `(("p1:one" ,p1 "one")
                          ("p1:two" ,p1 "two"))))
         (p1g (graft
                (origin p1)
                (origin-output "one")
                (replacement p1r)
                (replacement-output "ONE")))
         (p2g (graft-derivation %store p2 (list p1g)
                                #:outputs '("aaa"))))
    ;; Here P2G should only depend on P1:one and P1R:one; it must not depend
    ;; on P1:two or P1R:two since these are unused in the grafting process.
    (and (not (eq? p2g p2))
         (let* ((inputs      (derivation-inputs p2g))
                (match-input (lambda (drv)
                               (lambda (input)
                                 (string=? (derivation-input-path input)
                                           (derivation-file-name drv)))))
                (p1-inputs   (filter (match-input p1) inputs))
                (p1r-inputs  (filter (match-input p1r) inputs))
                (p2-inputs   (filter (match-input p2) inputs)))
           (and (equal? p1-inputs
                        (list (make-derivation-input (derivation-file-name p1)
                                                     '("one"))))
                (equal? p1r-inputs
                        (list
                         (make-derivation-input (derivation-file-name p1r)
                                                '("ONE"))))
                (equal? p2-inputs
                        (list
                         (make-derivation-input (derivation-file-name p2)
                                                '("aaa"))))
                (derivation-output-names p2g))))))
 (test-assert "graft-derivation, renaming"         ;<http://bugs.gnu.org/23132>
  (let* ((build `(begin
                   (use-modules (guix build utils))
--- a/tests/syscalls.scm
+++ b/tests/syscalls.scm
@ -452,6 +452,15 @@
                 #t)))
            entries))))
 (test-assert "read-utmpx, EOF"
  (eof-object? (read-utmpx (%make-void-port "r"))))
 (unless (access? "/var/run/utmpx" O_RDONLY)
  (tes-skip 1))
 (test-assert "read-utmpx"
  (let ((result (call-with-input-file "/var/run/utmpx" read-utmpx)))
    (or (utmpx? result) (eof-object? result))))
 (test-end)
 (false-if-exception (delete-file temp-file))