grafts: Preserve the cache across recursive calls.

Before this commit, we'd lose the cache across recursive calls to
'cumulative-grafts', which isn't great performance-wise.

This bug was already present before
d38bc9a9f6feefc465964531520fee5663a12f48.

* guix/grafts.scm (with-cache): In the miss case, call 'current-state'
after EXP has been evaluated.

grafts: Actually cache grafts during the derivation DAG traversal.

This fixes a regression introduced in
d38bc9a9f6feefc465964531520fee5663a12f48 whereby the cache was
effectively disabled.

Reported by Thomas Danckaert <thomas.danckaert@gmail.com>.

* guix/grafts.scm (with-cache): In the cache miss case, wrap body in
'mbegin'.

gnu: linux-libre: Update to 4.9.4.

* gnu/packages/linux.scm (%linux-libre-version, %linux-libre-hash)
(linux-libre): Update to 4.9.4.

gnu: linux-libre@4.4: Update to 4.4.43.

* gnu/packages/linux.scm (linux-libre-4.4): Update to 4.4.43.

gnu: dwm: Add '.desktop' file.

Fixes <https://bugs.gnu.org/25438>.

* gnu/packages/suckless.scm (dwm)[arguments]: Add
'install-xsession' phase.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>

gnu: dwm: Use modify-phases.

* gnu/packages/suckless.scm (dwm): Use modify-phases.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>

profiles: Export 'ca-certificate-bundle'.

* guix/profiles.scm: Export ca-certificate-bundle, such that it can be used in
other G-expressions.  This is useful where these G-expressions run programs
that require a ca-certificate-bundle, e.g. git.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>

services: Export 'service-extension' procedures.

* gnu/services.scm: Export service-extension-target and
service-extension-compute.  This allows for greater extensiblity of services
by enabling service extensions to be wrapped.  For example, the parameters
passed to the compute function can be modified, or the return value of the
compute function can be modified.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>

gnu: zathura-pdf-poppler: Update to 0.2.7.

* gnu/packages/pdf.scm (zathura-pdf-poppler): Update to 0.2.7.

gnu: zathura-djvu: Update to 0.2.6.

* gnu/packages/pdf.scm (zathura-djvu): Update to 0.2.6.

gnu: zathura-ps: Update to 0.2.4.

* gnu/packages/pdf.scm (zathura-ps): Update to 0.2.4.

gnu: zathura-cb: Update to 0.1.6.

* gnu/packages/pdf.scm (zathura-cb): Update to 0.1.6.

gnu: zathura: Update to 0.3.7.

* gnu/packages/pdf.scm (zathura): Update to 0.3.7.

gnu: girara: Update to 0.2.7.

* gnu/packages/gtk.scm (girara): Update to 0.2.7.

gnu: vim: Update to 8.0.0194.

* gnu/packages/vim.scm (vim, vim-full): Update to 8.0.0194.

gnu: ccid: Update to 1.4.26.

* gnu/packages/security-token.scm (ccid): Update to 1.4.26.

gnu: dnscrypt-proxy: Update to 1.9.2.

* gnu/packages/dns.scm (dnscrypt-proxy): Update to 1.9.2.

Merge branch 'gnome-updates'

gnu: cups-filters: Fix CVE-2016-{10132,10133} in statically linked mupdf.

The vulnerabilities are in the MuJS that is bundled with MuPDF.

* gnu/packages/cups.scm (cups-filters)[replacement]: New field.
(mupdf/fixed-instead-of-mupdf), (cups-filters/fixed): New variables.

gnu: mupdf: Fix CVE-2016-{10132,10133} in bundled mujs.

* gnu/packages/patches/mupdf-mujs-CVE-2016-10132.patch,
gnu/packages/patches/mupdf-mujs-CVE-2016-10133.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/pdf.scm (mupdf)[replacement]: New field.
(mupdf/fixed): New variable.

Co-authored-by: Leo Famulari <leo@famulari.name>