summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--doc/contributing/submitting-changes.chapter.md19
-rw-r--r--doc/contributing/vulnerability-roundup.chapter.md45
-rw-r--r--doc/manual.xml1
-rw-r--r--lib/licenses.nix5
-rw-r--r--maintainers/maintainer-list.nix26
-rw-r--r--maintainers/team-list.nix1
-rw-r--r--nixos/modules/config/update-users-groups.pl2
-rw-r--r--nixos/modules/module-list.nix3
-rw-r--r--nixos/modules/programs/partition-manager.nix19
-rw-r--r--nixos/modules/programs/turbovnc.nix54
-rw-r--r--nixos/modules/services/computing/slurm/slurm.nix11
-rw-r--r--nixos/modules/services/system/localtime.nix9
-rw-r--r--nixos/modules/services/web-apps/bookstack.nix365
-rw-r--r--nixos/modules/system/boot/systemd-lib.nix13
-rw-r--r--nixos/tests/all-tests.nix1
-rw-r--r--nixos/tests/systemd-template-override.nix41
-rw-r--r--nixos/tests/turbovnc-headless-server.nix171
-rw-r--r--pkgs/applications/audio/ardour/5.nix1
-rw-r--r--pkgs/applications/audio/cheesecutter/default.nix6
-rw-r--r--pkgs/applications/audio/gnome-podcasts/default.nix2
-rw-r--r--pkgs/applications/audio/samplv1/default.nix4
-rw-r--r--pkgs/applications/audio/sunvox/default.nix2
-rw-r--r--pkgs/applications/audio/surge/default.nix7
-rw-r--r--pkgs/applications/blockchains/monero-gui/default.nix8
-rw-r--r--pkgs/applications/editors/edit/default.nix27
-rw-r--r--pkgs/applications/graphics/freecad/default.nix2
-rw-r--r--pkgs/applications/graphics/gimp/default.nix7
-rw-r--r--pkgs/applications/misc/jrnl/default.nix4
-rw-r--r--pkgs/applications/misc/metadata-cleaner/default.nix61
-rw-r--r--pkgs/applications/misc/qcad/default.nix9
-rw-r--r--pkgs/applications/misc/tickrs/default.nix6
-rw-r--r--pkgs/applications/networking/browsers/chromium/upstream-info.json18
-rw-r--r--pkgs/applications/networking/cluster/fluxctl/default.nix6
-rw-r--r--pkgs/applications/networking/cluster/lens/default.nix6
-rw-r--r--pkgs/applications/networking/cluster/waypoint/default.nix6
-rw-r--r--pkgs/applications/networking/ftp/filezilla/default.nix4
-rw-r--r--pkgs/applications/networking/instant-messengers/deltachat-electron/default.nix4
-rw-r--r--pkgs/applications/networking/instant-messengers/fractal/default.nix5
-rw-r--r--pkgs/applications/networking/instant-messengers/pidgin-plugins/carbons/default.nix4
-rw-r--r--pkgs/applications/networking/instant-messengers/vk-messenger/default.nix87
-rw-r--r--pkgs/applications/networking/instant-messengers/wire-desktop/default.nix8
-rw-r--r--pkgs/applications/networking/irc/convos/default.nix11
-rw-r--r--pkgs/applications/networking/p2p/gnunet/gtk.nix2
-rw-r--r--pkgs/applications/networking/remote/freerdp/default.nix4
-rw-r--r--pkgs/applications/networking/sync/onedrive/default.nix4
-rw-r--r--pkgs/applications/office/portfolio/default.nix4
-rw-r--r--pkgs/applications/science/biology/sambamba/default.nix8
-rw-r--r--pkgs/applications/science/electronics/gtkwave/default.nix4
-rw-r--r--pkgs/applications/science/machine-learning/vowpal-wabbit/default.nix46
-rw-r--r--pkgs/applications/terminal-emulators/tilix/default.nix14
-rw-r--r--pkgs/applications/version-management/git-and-tools/lab/default.nix6
-rw-r--r--pkgs/applications/version-management/gitlab/data.json8
-rw-r--r--pkgs/applications/version-management/gitlab/gitaly/default.nix4
-rw-r--r--pkgs/applications/version-management/monotone-viz/graphviz-2.0.nix2
-rw-r--r--pkgs/applications/video/clipgrab/default.nix4
-rw-r--r--pkgs/applications/video/kodi-packages/addon-update-script/default.nix23
-rw-r--r--pkgs/applications/video/kodi-packages/certifi/default.nix21
-rw-r--r--pkgs/applications/video/kodi-packages/chardet/default.nix21
-rw-r--r--pkgs/applications/video/kodi-packages/controllers/default.nix21
-rw-r--r--pkgs/applications/video/kodi-packages/idna/default.nix21
-rw-r--r--pkgs/applications/video/kodi-packages/inputstream-adaptive/default.nix28
-rw-r--r--pkgs/applications/video/kodi-packages/inputstreamhelper/default.nix21
-rw-r--r--pkgs/applications/video/kodi-packages/joystick/default.nix21
-rw-r--r--pkgs/applications/video/kodi-packages/kodi-platform/default.nix15
-rw-r--r--pkgs/applications/video/kodi-packages/myconnpy/default.nix21
-rw-r--r--pkgs/applications/video/kodi-packages/netflix/default.nix26
-rw-r--r--pkgs/applications/video/kodi-packages/osmc-skin/default.nix21
-rw-r--r--pkgs/applications/video/kodi-packages/pdfreader/default.nix19
-rw-r--r--pkgs/applications/video/kodi-packages/pvr-hdhomerun/default.nix22
-rw-r--r--pkgs/applications/video/kodi-packages/pvr-hts/default.nix21
-rw-r--r--pkgs/applications/video/kodi-packages/pvr-iptvsimple/default.nix22
-rw-r--r--pkgs/applications/video/kodi-packages/requests/default.nix28
-rw-r--r--pkgs/applications/video/kodi-packages/signals/default.nix21
-rw-r--r--pkgs/applications/video/kodi-packages/steam-controller/default.nix22
-rw-r--r--pkgs/applications/video/kodi-packages/steam-launcher/default.nix28
-rw-r--r--pkgs/applications/video/kodi-packages/svtplay/default.nix26
-rw-r--r--pkgs/applications/video/kodi-packages/urllib3/default.nix21
-rw-r--r--pkgs/applications/video/kodi-packages/vfs-libarchive/default.nix22
-rw-r--r--pkgs/applications/video/kodi-packages/vfs-sftp/default.nix22
-rw-r--r--pkgs/applications/video/kodi/build-kodi-addon.nix21
-rw-r--r--pkgs/applications/video/kodi/build-kodi-binary-addon.nix31
-rw-r--r--pkgs/applications/video/kodi/default.nix2
-rw-r--r--pkgs/applications/video/kodi/packages.nix560
-rw-r--r--pkgs/applications/video/kodi/wrapper.nix7
-rw-r--r--pkgs/applications/video/kodi/yatp/dont-monkey.patch29
-rw-r--r--pkgs/applications/video/obs-studio/default.nix2
-rw-r--r--pkgs/applications/virtualization/docker-compose/default.nix8
-rw-r--r--pkgs/data/fonts/cascadia-code/default.nix4
-rw-r--r--pkgs/data/misc/spdx-license-list-data/default.nix17
-rw-r--r--pkgs/development/compilers/crystal/default.nix2
-rw-r--r--pkgs/development/compilers/dmd/default.nix32
-rw-r--r--pkgs/development/compilers/go/binary.nix4
-rw-r--r--pkgs/development/compilers/ldc/default.nix4
-rw-r--r--pkgs/development/compilers/xa/dxa.nix5
-rw-r--r--pkgs/development/compilers/xa/xa.nix9
-rw-r--r--pkgs/development/interpreters/bats/default.nix7
-rw-r--r--pkgs/development/interpreters/elixir/1.11.nix4
-rw-r--r--pkgs/development/interpreters/rakudo/default.nix4
-rw-r--r--pkgs/development/interpreters/rakudo/moarvm.nix4
-rw-r--r--pkgs/development/interpreters/rakudo/nqp.nix4
-rw-r--r--pkgs/development/libraries/cutelyst/default.nix4
-rw-r--r--pkgs/development/libraries/ftgl/default.nix59
-rw-r--r--pkgs/development/libraries/glpng/default.nix38
-rw-r--r--pkgs/development/libraries/gnome-online-accounts/default.nix4
-rw-r--r--pkgs/development/libraries/goffice/default.nix4
-rw-r--r--pkgs/development/libraries/gtkd/default.nix4
-rw-r--r--pkgs/development/libraries/kpmcore/default.nix42
-rw-r--r--pkgs/development/libraries/libressl/default.nix9
-rw-r--r--pkgs/development/libraries/libseat/default.nix37
-rw-r--r--pkgs/development/libraries/md4c/default.nix59
-rw-r--r--pkgs/development/libraries/physics/fastnlo/default.nix51
-rw-r--r--pkgs/development/libraries/science/math/cudnn/generic.nix14
-rw-r--r--pkgs/development/libraries/science/math/cutensor/default.nix37
-rw-r--r--pkgs/development/libraries/science/math/cutensor/generic.nix69
-rw-r--r--pkgs/development/libraries/science/math/primesieve/default.nix4
-rw-r--r--pkgs/development/libraries/skalibs/default.nix4
-rw-r--r--pkgs/development/libraries/speechd/default.nix4
-rw-r--r--pkgs/development/ocaml-modules/bitstring/default.nix4
-rw-r--r--pkgs/development/ocaml-modules/bitstring/ppx.nix4
-rw-r--r--pkgs/development/ocaml-modules/encore/default.nix4
-rw-r--r--pkgs/development/ocaml-modules/labltk/default.nix4
-rw-r--r--pkgs/development/ocaml-modules/lru/default.nix7
-rw-r--r--pkgs/development/ocaml-modules/luv/default.nix35
-rw-r--r--pkgs/development/ocaml-modules/ppx_import/default.nix17
-rw-r--r--pkgs/development/ocaml-modules/tcpip/default.nix11
-rw-r--r--pkgs/development/ocaml-modules/tcpip/no-opam-pkg-config-path.patch21
-rw-r--r--pkgs/development/python-modules/ajsonrpc/default.nix24
-rw-r--r--pkgs/development/python-modules/azure-mgmt-netapp/default.nix4
-rw-r--r--pkgs/development/python-modules/backports_ssl_match_hostname/default.nix3
-rw-r--r--pkgs/development/python-modules/bleak/default.nix15
-rw-r--r--pkgs/development/python-modules/boto3/default.nix4
-rw-r--r--pkgs/development/python-modules/botocore/default.nix4
-rw-r--r--pkgs/development/python-modules/bx-python/default.nix4
-rw-r--r--pkgs/development/python-modules/cupy/default.nix3
-rw-r--r--pkgs/development/python-modules/databricks-cli/default.nix4
-rw-r--r--pkgs/development/python-modules/datashader/default.nix4
-rw-r--r--pkgs/development/python-modules/ftfy/default.nix17
-rw-r--r--pkgs/development/python-modules/geventhttpclient/default.nix4
-rw-r--r--pkgs/development/python-modules/google-cloud-bigquery-datatransfer/default.nix4
-rw-r--r--pkgs/development/python-modules/google-cloud-bigquery/default.nix4
-rw-r--r--pkgs/development/python-modules/gradient-utils/default.nix2
-rw-r--r--pkgs/development/python-modules/gradient/default.nix4
-rw-r--r--pkgs/development/python-modules/jenkins-job-builder/default.nix4
-rw-r--r--pkgs/development/python-modules/mat2/default.nix98
-rw-r--r--pkgs/development/python-modules/mat2/executable-name.patch13
-rw-r--r--pkgs/development/python-modules/mat2/paths.patch111
-rw-r--r--pkgs/development/python-modules/mat2/tests.patch18
-rw-r--r--pkgs/development/python-modules/mergedeep/default.nix4
-rw-r--r--pkgs/development/python-modules/minidump/default.nix4
-rw-r--r--pkgs/development/python-modules/pillow/generic.nix3
-rw-r--r--pkgs/development/python-modules/pyinsteon/default.nix4
-rw-r--r--pkgs/development/python-modules/pymazda/default.nix4
-rw-r--r--pkgs/development/python-modules/pymitv/default.nix4
-rw-r--r--pkgs/development/python-modules/sagemaker/default.nix4
-rw-r--r--pkgs/development/python-modules/soco/default.nix10
-rw-r--r--pkgs/development/python-modules/tatsu/default.nix12
-rw-r--r--pkgs/development/python-modules/yapf/default.nix43
-rw-r--r--pkgs/development/python-modules/ytmusicapi/default.nix33
-rw-r--r--pkgs/development/tools/analysis/flow/default.nix4
-rw-r--r--pkgs/development/tools/analysis/tfsec/default.nix4
-rw-r--r--pkgs/development/tools/build-managers/dub/default.nix89
-rw-r--r--pkgs/development/tools/build-managers/sbt/default.nix3
-rw-r--r--pkgs/development/tools/castxml/default.nix65
-rw-r--r--pkgs/development/tools/dtools/default.nix13
-rw-r--r--pkgs/development/tools/literate-programming/Literate/default.nix10
-rw-r--r--pkgs/development/tools/misc/cproto/default.nix4
-rw-r--r--pkgs/development/tools/misc/cwebbin/default.nix12
-rw-r--r--pkgs/development/tools/rshell/default.nix4
-rw-r--r--pkgs/development/tools/rust/cargo-fuzz/default.nix6
-rw-r--r--pkgs/development/tools/rust/rust-analyzer/default.nix4
-rw-r--r--pkgs/development/tools/rust/rust-analyzer/generic.nix9
-rw-r--r--pkgs/development/web/deno/default.nix63
-rw-r--r--pkgs/development/web/deno/deps.nix12
-rw-r--r--pkgs/development/web/deno/librusty_v8.nix21
-rw-r--r--pkgs/development/web/deno/update/common.ts34
-rw-r--r--pkgs/development/web/deno/update/deps.ts79
-rw-r--r--pkgs/development/web/deno/update/librusty_v8.ts92
-rw-r--r--pkgs/development/web/deno/update/src.ts10
-rwxr-xr-xpkgs/development/web/deno/update/update.ts17
-rw-r--r--pkgs/development/web/nodejs/v15.nix4
-rw-r--r--pkgs/games/cbonsai/default.nix4
-rw-r--r--pkgs/games/chromium-bsu/default.nix68
-rw-r--r--pkgs/games/spring/default.nix2
-rw-r--r--pkgs/misc/screensavers/xlockmore/default.nix4
-rw-r--r--pkgs/misc/vscode-extensions/ms-vsliveshare-vsliveshare/default.nix4
-rw-r--r--pkgs/os-specific/linux/firmware/fwupd/default.nix22
-rw-r--r--pkgs/os-specific/linux/kernel/hardened/patches.json30
-rw-r--r--pkgs/os-specific/linux/kernel/linux-4.14.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-4.19.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-4.4.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-4.9.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-5.10.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-5.11.nix4
-rw-r--r--pkgs/os-specific/linux/kernel/linux-5.4.nix4
-rw-r--r--pkgs/os-specific/linux/pax-utils/default.nix4
-rw-r--r--pkgs/os-specific/linux/s6-linux-init/default.nix4
-rw-r--r--pkgs/servers/mail/rspamd/default.nix4
-rw-r--r--pkgs/servers/matterbridge/default.nix4
-rw-r--r--pkgs/servers/mattermost/default.nix6
-rw-r--r--pkgs/servers/minio/default.nix4
-rw-r--r--pkgs/servers/monitoring/grafana/default.nix8
-rw-r--r--pkgs/servers/web-apps/bookstack/composer-env.nix238
-rw-r--r--pkgs/servers/web-apps/bookstack/composition.nix13
-rw-r--r--pkgs/servers/web-apps/bookstack/default.nix38
-rw-r--r--pkgs/servers/web-apps/bookstack/php-packages.nix897
-rwxr-xr-xpkgs/servers/web-apps/bookstack/update.sh50
-rw-r--r--pkgs/shells/fish/default.nix6
-rw-r--r--pkgs/shells/fish/plugins/build-fish-plugin.nix12
-rw-r--r--pkgs/test/cuda/cuda-library-samples/default.nix7
-rw-r--r--pkgs/test/cuda/cuda-library-samples/generic.nix21
-rw-r--r--pkgs/test/cuda/cuda-samples/generic.nix2
-rw-r--r--pkgs/test/texlive/default.nix45
-rw-r--r--pkgs/tools/X11/alttab/default.nix18
-rw-r--r--pkgs/tools/admin/awscli/default.nix4
-rw-r--r--pkgs/tools/admin/google-cloud-sdk/default.nix9
-rw-r--r--pkgs/tools/admin/turbovnc/default.nix3
-rw-r--r--pkgs/tools/archivers/rpm2targz/default.nix55
-rw-r--r--pkgs/tools/audio/essentia-extractor/default.nix6
-rw-r--r--pkgs/tools/audio/mpd-mpris/default.nix2
-rw-r--r--pkgs/tools/cd-dvd/cdi2iso/default.nix12
-rw-r--r--pkgs/tools/compression/dejsonlz4/default.nix4
-rw-r--r--pkgs/tools/compression/zdelta/builder.sh8
-rw-r--r--pkgs/tools/compression/zdelta/default.nix22
-rw-r--r--pkgs/tools/filesystems/catcli/default.nix2
-rw-r--r--pkgs/tools/filesystems/cpcfs/default.nix2
-rw-r--r--pkgs/tools/filesystems/idsk/default.nix2
-rw-r--r--pkgs/tools/graphics/epstool/default.nix8
-rw-r--r--pkgs/tools/graphics/graphviz/base.nix4
-rw-r--r--pkgs/tools/graphics/imgurbash2/default.nix2
-rw-r--r--pkgs/tools/graphics/spirv-cross/default.nix2
-rw-r--r--pkgs/tools/misc/abduco/default.nix16
-rw-r--r--pkgs/tools/misc/apparix/default.nix2
-rw-r--r--pkgs/tools/misc/bash_unit/default.nix2
-rw-r--r--pkgs/tools/misc/bbe/default.nix2
-rw-r--r--pkgs/tools/misc/bcunit/default.nix2
-rw-r--r--pkgs/tools/misc/execline/default.nix4
-rw-r--r--pkgs/tools/misc/fdtools/default.nix3
-rw-r--r--pkgs/tools/misc/git-fire/default.nix2
-rw-r--r--pkgs/tools/misc/ministat/default.nix2
-rw-r--r--pkgs/tools/misc/nncp/default.nix30
-rw-r--r--pkgs/tools/misc/partition-manager/default.nix60
-rw-r--r--pkgs/tools/misc/sfeed/default.nix2
-rw-r--r--pkgs/tools/misc/tea/default.nix21
-rw-r--r--pkgs/tools/misc/usbview/default.nix36
-rw-r--r--pkgs/tools/misc/vimer/default.nix2
-rw-r--r--pkgs/tools/misc/youtube-dl/default.nix4
-rw-r--r--pkgs/tools/networking/altermime/default.nix15
-rw-r--r--pkgs/tools/networking/assh/default.nix4
-rw-r--r--pkgs/tools/networking/dd-agent/5.nix3
-rw-r--r--pkgs/tools/networking/dhcping/default.nix2
-rw-r--r--pkgs/tools/networking/httperf/default.nix2
-rw-r--r--pkgs/tools/networking/kapp/default.nix11
-rw-r--r--pkgs/tools/networking/openvpn/default.nix11
-rw-r--r--pkgs/tools/networking/s6-networking/default.nix4
-rw-r--r--pkgs/tools/networking/v2ray/default.nix14
-rwxr-xr-xpkgs/tools/networking/v2ray/update.sh2
-rw-r--r--pkgs/tools/networking/wireguard-tools/default.nix25
-rw-r--r--pkgs/tools/package-management/emplace/default.nix6
-rw-r--r--pkgs/tools/security/nuclei/default.nix15
-rw-r--r--pkgs/tools/security/pcsclite/default.nix15
-rw-r--r--pkgs/tools/security/teler/default.nix4
-rw-r--r--pkgs/tools/security/thc-hydra/default.nix4
-rw-r--r--pkgs/tools/system/inxi/default.nix4
-rw-r--r--pkgs/tools/system/s6/default.nix4
-rw-r--r--pkgs/tools/text/dfmt/default.nix27
-rw-r--r--pkgs/tools/text/m2r/default.nix32
-rw-r--r--pkgs/tools/text/xml/xmldiff/default.nix41
-rw-r--r--pkgs/tools/typesetting/tex/texlive/bin.nix7
-rw-r--r--pkgs/tools/virtualization/xva-img/default.nix4
-rw-r--r--pkgs/top-level/all-packages.nix61
-rw-r--r--pkgs/top-level/kodi-packages.nix113
-rw-r--r--pkgs/top-level/ocaml-packages.nix8
-rw-r--r--pkgs/top-level/perl-packages.nix92
-rw-r--r--pkgs/top-level/python-packages.nix7
274 files changed, 4990 insertions, 1504 deletions
diff --git a/doc/contributing/submitting-changes.chapter.md b/doc/contributing/submitting-changes.chapter.md
index 44e981f12a5..13f15b929cf 100644
--- a/doc/contributing/submitting-changes.chapter.md
+++ b/doc/contributing/submitting-changes.chapter.md
@@ -68,15 +68,16 @@
 
 Security fixes are submitted in the same way as other changes and thus the same guidelines apply.
 
-If the security fix comes in the form of a patch and a CVE is available, then the name of the patch should be the CVE identifier, so e.g. `CVE-2019-13636.patch` in the case of a patch that is included in the Nixpkgs tree. If a patch is fetched the name needs to be set as well, e.g.:
-
-```nix
-(fetchpatch {
-  name = "CVE-2019-11068.patch";
-  url = "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch";
-  sha256 = "0pkpb4837km15zgg6h57bncp66d5lwrlvkr73h0lanywq7zrwhj8";
-})
-```
+- If a new version fixing the vulnerability has been released, update the package;
+- If the security fix comes in the form of a patch and a CVE is available, then add the patch to the Nixpkgs tree, and apply it to the package.
+  The name of the patch should be the CVE identifier, so e.g. `CVE-2019-13636.patch`; If a patch is fetched the name needs to be set as well, e.g.:
+  ```nix
+  (fetchpatch {
+    name = "CVE-2019-11068.patch";
+    url = "https://gitlab.gnome.org/GNOME/libxslt/commit/e03553605b45c88f0b4b2980adfbbb8f6fca2fd6.patch";
+    sha256 = "0pkpb4837km15zgg6h57bncp66d5lwrlvkr73h0lanywq7zrwhj8";
+  })
+  ```
 
 If a security fix applies to both master and a stable release then, similar to regular changes, they are preferably delivered via master first and cherry-picked to the release branch.
 
diff --git a/doc/contributing/vulnerability-roundup.chapter.md b/doc/contributing/vulnerability-roundup.chapter.md
new file mode 100644
index 00000000000..d451420f981
--- /dev/null
+++ b/doc/contributing/vulnerability-roundup.chapter.md
@@ -0,0 +1,45 @@
+# Vulnerability Roundup {#chap-vulnerability-roundup}
+
+## Issues {#vulnerability-roundup-issues}
+
+Vulnerable packages in Nixpkgs are managed using issues.
+Currently opened ones can be found using the following:
+
+[github.com/NixOS/nixpkgs/issues?q=is:issue+is:open+"Vulnerability+roundup"](https://github.com/NixOS/nixpkgs/issues?q=is%3Aissue+is%3Aopen+%22Vulnerability+roundup%22)
+
+Each issue correspond to a vulnerable version of a package; As a consequence:
+
+- One issue can contain several CVEs;
+- One CVE can be shared across several issues;
+- A single package can be concerned by several issues.
+
+
+A "Vulnerability roundup" issue usually respects the following format:
+
+```txt
+<link to relevant package search on search.nix.gsc.io>, <link to relevant files in Nixpkgs on GitHub>
+
+<list of related CVEs, their CVSS score, and the impacted NixOS version>
+
+<list of the scanned Nixpkgs versions>
+
+<list of relevant contributors>
+```
+
+Note that there can be an extra comment containing links to previously reported (and still open) issues for the same package.
+
+
+## Triaging and Fixing {#vulnerability-roundup-triaging-and-fixing}
+
+**Note**: An issue can be a "false positive" (i.e. automatically opened, but without the package it refers to being actually vulnerable).
+If you find such a "false positive", comment on the issue an explanation of why it falls into this category, linking as much information as the necessary to help maintainers double check.
+
+If you are investigating a "true positive":
+
+- Find the earliest patched version or a code patch in the CVE details;
+- Is the issue already patched (version up-to-date or patch applied manually) in Nixpkgs's `master` branch?
+  - **No**:
+    - [Submit a security fix](#submitting-changes-submitting-security-fixes);
+    - Once the fix is merged into `master`, [submit the change to the vulnerable release branch(es)](https://nixos.org/manual/nixpkgs/stable/#submitting-changes-stable-release-branches);
+  - **Yes**: [Backport the change to the vulnerable release branch(es)](https://nixos.org/manual/nixpkgs/stable/#submitting-changes-stable-release-branches).
+- When the patch has made it into all the relevant branches (`master`, and the vulnerable releases), close the relevant issue(s).
diff --git a/doc/manual.xml b/doc/manual.xml
index 375e2394ff4..1c5a7bbcaa9 100644
--- a/doc/manual.xml
+++ b/doc/manual.xml
@@ -35,6 +35,7 @@
   <xi:include href="contributing/quick-start.xml" />
   <xi:include href="contributing/coding-conventions.xml" />
   <xi:include href="contributing/submitting-changes.chapter.xml" />
+  <xi:include href="contributing/vulnerability-roundup.chapter.xml" />
   <xi:include href="contributing/reviewing-contributions.xml" />
   <xi:include href="contributing/contributing-to-documentation.xml" />
  </part>
diff --git a/lib/licenses.nix b/lib/licenses.nix
index 993783db3ed..46ac0443a03 100644
--- a/lib/licenses.nix
+++ b/lib/licenses.nix
@@ -603,6 +603,11 @@ lib.mapAttrs (n: v: v // { shortName = n; }) ({
     free = false;
   };
 
+  odbl = spdx {
+    spdxId = "ODbL-1.0";
+    fullName = "Open Data Commons Open Database License v1.0";
+  };
+
   ofl = spdx {
     spdxId = "OFL-1.1";
     fullName = "SIL Open Font License 1.1";
diff --git a/maintainers/maintainer-list.nix b/maintainers/maintainer-list.nix
index 15de7cfd933..8b265d59e6f 100644
--- a/maintainers/maintainer-list.nix
+++ b/maintainers/maintainer-list.nix
@@ -1859,6 +1859,12 @@
       fingerprint = "68B8 0D57 B2E5 4AC3 EC1F  49B0 B37E 0F23 7101 6A4C";
     }];
   };
+  collares = {
+    email = "mauricio@collares.org";
+    github = "collares";
+    githubId = 244239;
+    name = "Mauricio Collares";
+  };
   copumpkin = {
     email = "pumpkingod@gmail.com";
     github = "copumpkin";
@@ -4159,6 +4165,12 @@
     github = "j0hax";
     githubId = 3802620;
   };
+  j4m3s = {
+    name = "James Landrein";
+    email = "github@j4m3s.eu";
+    github = "j4m3s-s";
+    githubId = 9413812;
+  };
   jacg = {
     name = "Jacek Generowicz";
     email = "jacg@my-post-office.net";
@@ -4183,6 +4195,12 @@
     githubId = 175537;
     name = "Johannes Lötzsch";
   };
+  jackgerrits = {
+    email = "jack@jackgerrits.com";
+    github = "jackgerrits";
+    githubId = 7558482;
+    name = "Jack Gerrits";
+  };
   jagajaga = {
     email = "ars.seroka@gmail.com";
     github = "jagajaga";
@@ -5536,6 +5554,12 @@
     githubId = 7622248;
     name = "Sebastian Zivota";
   };
+  locallycompact = {
+    email = "dan.firth@homotopic.tech";
+    github = "locallycompact";
+    githubId = 1267527;
+    name = "Daniel Firth";
+  };
   lopsided98 = {
     email = "benwolsieffer@gmail.com";
     github = "lopsided98";
@@ -6993,7 +7017,7 @@
     githubId = 3359345;
     name = "obadz";
   };
-  obsidian-systems-maintainence = {
+  obsidian-systems-maintenance = {
     name = "Obsidian Systems Maintenance";
     email = "maintainer@obsidian.systems";
     github = "obsidian-systems-maintenance";
diff --git a/maintainers/team-list.nix b/maintainers/team-list.nix
index 7d778a8ae30..0575b87b747 100644
--- a/maintainers/team-list.nix
+++ b/maintainers/team-list.nix
@@ -134,6 +134,7 @@ with lib.maintainers; {
       timokau
       omasanori
       raskin
+      collares
     ];
     scope = "Maintain SageMath and the dependencies that are likely to break it.";
   };
diff --git a/nixos/modules/config/update-users-groups.pl b/nixos/modules/config/update-users-groups.pl
index 44040217b02..bef08dc4020 100644
--- a/nixos/modules/config/update-users-groups.pl
+++ b/nixos/modules/config/update-users-groups.pl
@@ -288,7 +288,7 @@ foreach my $u (values %usersOut) {
     push @shadowNew, join(":", $u->{name}, $hashedPassword, "1::::::") . "\n";
 }
 
-updateFile("/etc/shadow", \@shadowNew, 0600);
+updateFile("/etc/shadow", \@shadowNew, 0640);
 {
     my $uid = getpwnam "root";
     my $gid = getgrnam "shadow";
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 3a1907ee201..07774dd1d29 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -155,6 +155,7 @@
   ./programs/nm-applet.nix
   ./programs/npm.nix
   ./programs/oblogout.nix
+  ./programs/partition-manager.nix
   ./programs/plotinus.nix
   ./programs/proxychains.nix
   ./programs/qt5ct.nix
@@ -177,6 +178,7 @@
   ./programs/tmux.nix
   ./programs/traceroute.nix
   ./programs/tsm-client.nix
+  ./programs/turbovnc.nix
   ./programs/udevil.nix
   ./programs/usbtop.nix
   ./programs/vim.nix
@@ -882,6 +884,7 @@
   ./services/web-apps/atlassian/confluence.nix
   ./services/web-apps/atlassian/crowd.nix
   ./services/web-apps/atlassian/jira.nix
+  ./services/web-apps/bookstack.nix
   ./services/web-apps/convos.nix
   ./services/web-apps/cryptpad.nix
   ./services/web-apps/documize.nix
diff --git a/nixos/modules/programs/partition-manager.nix b/nixos/modules/programs/partition-manager.nix
new file mode 100644
index 00000000000..1be2f0a69a1
--- /dev/null
+++ b/nixos/modules/programs/partition-manager.nix
@@ -0,0 +1,19 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+{
+  meta.maintainers = [ maintainers.oxalica ];
+
+  ###### interface
+  options = {
+    programs.partition-manager.enable = mkEnableOption "KDE Partition Manager";
+  };
+
+  ###### implementation
+  config = mkIf config.programs.partition-manager.enable {
+    services.dbus.packages = [ pkgs.libsForQt5.kpmcore ];
+    # `kpmcore` need to be installed to pull in polkit actions.
+    environment.systemPackages = [ pkgs.libsForQt5.kpmcore pkgs.partition-manager ];
+  };
+}
diff --git a/nixos/modules/programs/turbovnc.nix b/nixos/modules/programs/turbovnc.nix
new file mode 100644
index 00000000000..e6f8836aa36
--- /dev/null
+++ b/nixos/modules/programs/turbovnc.nix
@@ -0,0 +1,54 @@
+# Global configuration for the SSH client.
+
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.programs.turbovnc;
+in
+{
+  options = {
+
+    programs.turbovnc = {
+
+      ensureHeadlessSoftwareOpenGL = mkOption {
+        type = types.bool;
+        default = false;
+        description = ''
+          Whether to set up NixOS such that TurboVNC's built-in software OpenGL
+          implementation works.
+
+          This will enable <option>hardware.opengl.enable</option> so that OpenGL
+          programs can find Mesa's llvmpipe drivers.
+
+          Setting this option to <code>false</code> does not mean that software
+          OpenGL won't work; it may still work depending on your system
+          configuration.
+
+          This option is also intended to generate warnings if you are using some
+          configuration that's incompatible with using headless software OpenGL
+          in TurboVNC.
+        '';
+      };
+
+    };
+
+  };
+
+  config = mkIf cfg.ensureHeadlessSoftwareOpenGL {
+
+    # TurboVNC has builtin support for Mesa llvmpipe's `swrast`
+    # software rendering to implemnt GLX (OpenGL on Xorg).
+    # However, just building TurboVNC with support for that is not enough
+    # (it only takes care of the X server side part of OpenGL);
+    # the indiviudual applications (e.g. `glxgears`) also need to directly load
+    # the OpenGL libs.
+    # Thus, this creates `/run/opengl-driver` populated by Mesa so that the applications
+    # can find the llvmpipe `swrast.so` software rendering DRI lib via `libglvnd`.
+    # This comment exists to explain why `hardware.` is involved,
+    # even though 100% software rendering is used.
+    hardware.opengl.enable = true;
+
+  };
+}
diff --git a/nixos/modules/services/computing/slurm/slurm.nix b/nixos/modules/services/computing/slurm/slurm.nix
index 7363441e538..0b52f8afed8 100644
--- a/nixos/modules/services/computing/slurm/slurm.nix
+++ b/nixos/modules/services/computing/slurm/slurm.nix
@@ -274,6 +274,15 @@ in
         '';
       };
 
+      etcSlurm = mkOption {
+        type = types.path;
+        internal = true;
+        default = etcSlurm;
+        description = ''
+          Path to directory with slurm config files. This option is set by default from the
+          Slurm module and is meant to make the Slurm config file available to other modules.
+        '';
+      };
 
     };
 
@@ -308,7 +317,7 @@ in
           #!/bin/sh
           if [ -z "$SLURM_CONF" ]
           then
-            SLURM_CONF="${etcSlurm}/slurm.conf" "$EXE" "\$@"
+            SLURM_CONF="${cfg.etcSlurm}/slurm.conf" "$EXE" "\$@"
           else
             "$EXE" "\$0"
           fi
diff --git a/nixos/modules/services/system/localtime.nix b/nixos/modules/services/system/localtime.nix
index 8f8e2e2e933..bb99e5e36ff 100644
--- a/nixos/modules/services/system/localtime.nix
+++ b/nixos/modules/services/system/localtime.nix
@@ -29,15 +29,14 @@ in {
       };
     };
 
-    # We use the 'out' output, since localtime has its 'bin' output
-    # first, so that is what we get if we use the derivation bare.
     # Install the polkit rules.
-    environment.systemPackages = [ pkgs.localtime.out ];
+    environment.systemPackages = [ pkgs.localtime ];
     # Install the systemd unit.
-    systemd.packages = [ pkgs.localtime.out ];
+    systemd.packages = [ pkgs.localtime ];
 
     users.users.localtimed = {
-      description = "Taskserver user";
+      description = "localtime daemon";
+      isSystemUser = true;
     };
 
     systemd.services.localtime = {
diff --git a/nixos/modules/services/web-apps/bookstack.nix b/nixos/modules/services/web-apps/bookstack.nix
new file mode 100644
index 00000000000..83d05ffbad9
--- /dev/null
+++ b/nixos/modules/services/web-apps/bookstack.nix
@@ -0,0 +1,365 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+  cfg = config.services.bookstack;
+  bookstack = pkgs.bookstack.override {
+    dataDir = cfg.dataDir;
+  };
+  db = cfg.database;
+  mail = cfg.mail;
+
+  user = cfg.user;
+  group = cfg.group;
+
+  # shell script for local administration
+  artisan = pkgs.writeScriptBin "bookstack" ''
+    #! ${pkgs.runtimeShell}
+    cd ${bookstack}
+    sudo=exec
+    if [[ "$USER" != ${user} ]]; then
+      sudo='exec /run/wrappers/bin/sudo -u ${user}'
+    fi
+    $sudo ${pkgs.php}/bin/php artisan $*
+  '';
+
+
+in {
+  options.services.bookstack = {
+
+    enable = mkEnableOption "BookStack";
+
+    user = mkOption {
+      default = "bookstack";
+      description = "User bookstack runs as.";
+      type = types.str;
+    };
+
+    group = mkOption {
+      default = "bookstack";
+      description = "Group bookstack runs as.";
+      type = types.str;
+    };
+
+    appKeyFile = mkOption {
+      description = ''
+        A file containing the AppKey.
+        Used for encryption where needed. Can be generated with <code>head -c 32 /dev/urandom| base64</code> and must be prefixed with <literal>base64:</literal>.
+      '';
+      example = "/run/keys/bookstack-appkey";
+      type = types.path;
+    };
+
+    appURL = mkOption {
+      description = ''
+        The root URL that you want to host BookStack on. All URLs in BookStack will be generated using this value.
+        If you change this in the future you may need to run a command to update stored URLs in the database. Command example: <code>php artisan bookstack:update-url https://old.example.com https://new.example.com</code>
+      '';
+      example = "https://example.com";
+      type = types.str;
+    };
+
+    cacheDir = mkOption {
+      description = "BookStack cache directory";
+      default = "/var/cache/bookstack";
+      type = types.path;
+    };
+
+    dataDir = mkOption {
+      description = "BookStack data directory";
+      default = "/var/lib/bookstack";
+      type = types.path;
+    };
+
+    database = {
+      host = mkOption {
+        type = types.str;
+        default = "localhost";
+        description = "Database host address.";
+      };
+      port = mkOption {
+        type = types.port;
+        default = 3306;
+        description = "Database host port.";
+      };
+      name = mkOption {
+        type = types.str;
+        default = "bookstack";
+        description = "Database name.";
+      };
+      user = mkOption {
+        type = types.str;
+        default = user;
+        defaultText = "\${user}";
+        description = "Database username.";
+      };
+      passwordFile = mkOption {
+        type = with types; nullOr path;
+        default = null;
+        example = "/run/keys/bookstack-dbpassword";
+        description = ''
+          A file containing the password corresponding to
+          <option>database.user</option>.
+        '';
+      };
+      createLocally = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Create the database and database user locally.";
+      };
+    };
+
+    mail = {
+      driver = mkOption {
+        type = types.enum [ "smtp" "sendmail" ];
+        default = "smtp";
+        description = "Mail driver to use.";
+      };
+      host = mkOption {
+        type = types.str;
+        default = "localhost";
+        description = "Mail host address.";
+      };
+      port = mkOption {
+        type = types.port;
+        default = 1025;
+        description = "Mail host port.";
+      };
+      fromName = mkOption {
+        type = types.str;
+        default = "BookStack";
+        description = "Mail \"from\" name.";
+      };
+      from = mkOption {
+        type = types.str;
+        default = "mail@bookstackapp.com";
+        description = "Mail \"from\" email.";
+      };
+      user = mkOption {
+        type = with types; nullOr str;
+        default = null;
+        example = "bookstack";
+        description = "Mail username.";
+      };
+      passwordFile = mkOption {
+        type = with types; nullOr path;
+        default = null;
+        example = "/run/keys/bookstack-mailpassword";
+        description = ''
+          A file containing the password corresponding to
+          <option>mail.user</option>.
+        '';
+      };
+      encryption = mkOption {
+        type = with types; nullOr (enum [ "tls" ]);
+        default = null;
+        description = "SMTP encryption mechanism to use.";
+      };
+    };
+
+    maxUploadSize = mkOption {
+      type = types.str;
+      default = "18M";
+      example = "1G";
+      description = "The maximum size for uploads (e.g. images).";
+    };
+
+    poolConfig = mkOption {
+      type = with types; attrsOf (oneOf [ str int bool ]);
+      default = {
+        "pm" = "dynamic";
+        "pm.max_children" = 32;
+        "pm.start_servers" = 2;
+        "pm.min_spare_servers" = 2;
+        "pm.max_spare_servers" = 4;
+        "pm.max_requests" = 500;
+      };
+      description = ''
+        Options for the bookstack PHP pool. See the documentation on <literal>php-fpm.conf</literal>
+        for details on configuration directives.
+      '';
+    };
+
+    nginx = mkOption {
+      type = types.submodule (
+        recursiveUpdate
+          (import ../web-servers/nginx/vhost-options.nix { inherit config lib; }) {}
+      );
+      default = {};
+      example = {
+        serverAliases = [
+          "bookstack.\${config.networking.domain}"
+        ];
+        # To enable encryption and let let's encrypt take care of certificate
+        forceSSL = true;
+        enableACME = true;
+      };
+      description = ''
+        With this option, you can customize the nginx virtualHost settings.
+      '';
+    };
+
+    extraConfig = mkOption {
+      type = types.nullOr types.lines;
+      default = null;
+      example = ''
+        ALLOWED_IFRAME_HOSTS="https://example.com"
+        WKHTMLTOPDF=/home/user/bins/wkhtmltopdf
+      '';
+      description = ''
+        Lines to be appended verbatim to the BookStack configuration.
+        Refer to <link xlink:href="https://www.bookstackapp.com/docs/"/> for details on supported values.
+      '';
+    };
+
+  };
+
+  config = mkIf cfg.enable {
+
+    assertions = [
+      { assertion = db.createLocally -> db.user == user;
+        message = "services.bookstack.database.user must be set to ${user} if services.mediawiki.database.createLocally is set true.";
+      }
+      { assertion = db.createLocally -> db.passwordFile == null;
+        message = "services.bookstack.database.passwordFile cannot be specified if services.bookstack.database.createLocally is set to true.";
+      }
+    ];
+
+    environment.systemPackages = [ artisan ];
+
+    services.mysql = mkIf db.createLocally {
+      enable = true;
+      package = mkDefault pkgs.mariadb;
+      ensureDatabases = [ db.name ];
+      ensureUsers = [
+        { name = db.user;
+          ensurePermissions = { "${db.name}.*" = "ALL PRIVILEGES"; };
+        }
+      ];
+    };
+
+    services.phpfpm.pools.bookstack = {
+      inherit user;
+      inherit group;
+      phpOptions = ''
+        log_errors = on
+        post_max_size = ${cfg.maxUploadSize}
+        upload_max_filesize = ${cfg.maxUploadSize}
+      '';
+      settings = {
+        "listen.mode" = "0660";
+        "listen.owner" = user;
+        "listen.group" = group;
+      } // cfg.poolConfig;
+    };
+
+    services.nginx = {
+      enable = mkDefault true;
+      virtualHosts.bookstack = mkMerge [ cfg.nginx {
+        root = mkForce "${bookstack}/public";
+        extraConfig = optionalString (cfg.nginx.addSSL || cfg.nginx.forceSSL || cfg.nginx.onlySSL || cfg.nginx.enableACME) "fastcgi_param HTTPS on;";
+        locations = {
+          "/" = {
+            index = "index.php";
+            extraConfig = ''try_files $uri $uri/ /index.php?$query_string;'';
+          };
+          "~ \.php$" = {
+            extraConfig = ''
+              try_files $uri $uri/ /index.php?$query_string;
+              include ${pkgs.nginx}/conf/fastcgi_params;
+              fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+              fastcgi_param REDIRECT_STATUS 200;
+              fastcgi_pass unix:${config.services.phpfpm.pools."bookstack".socket};
+              ${optionalString (cfg.nginx.addSSL || cfg.nginx.forceSSL || cfg.nginx.onlySSL || cfg.nginx.enableACME) "fastcgi_param HTTPS on;"}
+            '';
+          };
+          "~ \.(js|css|gif|png|ico|jpg|jpeg)$" = {
+            extraConfig = "expires 365d;";
+          };
+        };
+      }];
+    };
+
+    systemd.services.bookstack-setup = {
+      description = "Preperation tasks for BookStack";
+      before = [ "phpfpm-bookstack.service" ];
+      after = optional db.createLocally "mysql.service";
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        Type = "oneshot";
+        User = user;
+        WorkingDirectory = "${bookstack}";
+      };
+      script = ''
+        # create .env file
+        echo "
+        APP_KEY=base64:$(head -n1 ${cfg.appKeyFile})
+        APP_URL=${cfg.appURL}
+        DB_HOST=${db.host}
+        DB_PORT=${toString db.port}
+        DB_DATABASE=${db.name}
+        DB_USERNAME=${db.user}
+        MAIL_DRIVER=${mail.driver}
+        MAIL_FROM_NAME=\"${mail.fromName}\"
+        MAIL_FROM=${mail.from}
+        MAIL_HOST=${mail.host}
+        MAIL_PORT=${toString mail.port}
+        ${optionalString (mail.user != null) "MAIL_USERNAME=${mail.user};"}
+        ${optionalString (mail.encryption != null) "MAIL_ENCRYPTION=${mail.encryption};"}
+        ${optionalString (db.passwordFile != null) "DB_PASSWORD=$(head -n1 ${db.passwordFile})"}
+        ${optionalString (mail.passwordFile != null) "MAIL_PASSWORD=$(head -n1 ${mail.passwordFile})"}
+        APP_SERVICES_CACHE=${cfg.cacheDir}/services.php
+        APP_PACKAGES_CACHE=${cfg.cacheDir}/packages.php
+        APP_CONFIG_CACHE=${cfg.cacheDir}/config.php
+        APP_ROUTES_CACHE=${cfg.cacheDir}/routes-v7.php
+        APP_EVENTS_CACHE=${cfg.cacheDir}/events.php
+        ${optionalString (cfg.nginx.addSSL || cfg.nginx.forceSSL || cfg.nginx.onlySSL || cfg.nginx.enableACME) "SESSION_SECURE_COOKIE=true"}
+        ${toString cfg.extraConfig}
+        " > "${cfg.dataDir}/.env"
+        # set permissions
+        chmod 700 "${cfg.dataDir}/.env"
+
+        # migrate db
+        ${pkgs.php}/bin/php artisan migrate --force
+
+        # create caches
+        ${pkgs.php}/bin/php artisan config:cache
+        ${pkgs.php}/bin/php artisan route:cache
+        ${pkgs.php}/bin/php artisan view:cache
+      '';
+    };
+
+    systemd.tmpfiles.rules = [
+      "d ${cfg.cacheDir}                           0700 ${user} ${group} - -"
+      "d ${cfg.dataDir}                            0710 ${user} ${group} - -"
+      "d ${cfg.dataDir}/public                     0750 ${user} ${group} - -"
+      "d ${cfg.dataDir}/public/uploads             0750 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage                    0700 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage/app                0700 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage/fonts              0700 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage/framework          0700 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage/framework/cache    0700 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage/framework/sessions 0700 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage/framework/views    0700 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage/logs               0700 ${user} ${group} - -"
+      "d ${cfg.dataDir}/storage/uploads            0700 ${user} ${group} - -"
+    ];
+
+    users = {
+      users = mkIf (user == "bookstack") {
+        bookstack = {
+          inherit group;
+          isSystemUser = true;
+        };
+        "${config.services.nginx.user}".extraGroups = [ group ];
+      };
+      groups = mkIf (group == "bookstack") {
+        bookstack = {};
+      };
+    };
+
+  };
+
+  meta.maintainers = with maintainers; [ ymarkus ];
+}
diff --git a/nixos/modules/system/boot/systemd-lib.nix b/nixos/modules/system/boot/systemd-lib.nix
index 6051a428574..2dbf15031a0 100644
--- a/nixos/modules/system/boot/systemd-lib.nix
+++ b/nixos/modules/system/boot/systemd-lib.nix
@@ -182,18 +182,7 @@ in rec {
       # upstream unit.
       for i in ${toString (mapAttrsToList (n: v: v.unit) units)}; do
         fn=$(basename $i/*)
-
-        case $fn in
-          # if file name is a template specialization, use the template's name
-          *@?*.service)
-            # remove @foo.service and replace it with @.service
-            ofn="''${fn%@*.service}@.service"
-            ;;
-          *)
-            ofn="$fn"
-        esac
-
-        if [ -e $out/$ofn ]; then
+        if [ -e $out/$fn ]; then
           if [ "$(readlink -f $i/$fn)" = /dev/null ]; then
             ln -sfn /dev/null $out/$fn
           else
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index 251f24a9a08..3ce71b0abe6 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -408,6 +408,7 @@ in
   trickster = handleTest ./trickster.nix {};
   trilium-server = handleTestOn ["x86_64-linux"] ./trilium-server.nix {};
   tuptime = handleTest ./tuptime.nix {};
+  turbovnc-headless-server = handleTest ./turbovnc-headless-server.nix {};
   ucg = handleTest ./ucg.nix {};
   udisks2 = handleTest ./udisks2.nix {};
   unbound = handleTest ./unbound.nix {};
diff --git a/nixos/tests/systemd-template-override.nix b/nixos/tests/systemd-template-override.nix
deleted file mode 100644
index d8ef4a6c1c9..00000000000
--- a/nixos/tests/systemd-template-override.nix
+++ /dev/null
@@ -1,41 +0,0 @@
-import ./make-test-python.nix {
-  name = "systemd-template-override";
-
-  machine = { pkgs, lib, ... }: let
-    touchTmp = pkgs.writeTextFile {
-      name = "touch-tmp@.service";
-      text = ''
-        [Service]
-        Type=oneshot
-        ExecStart=${pkgs.coreutils}/bin/touch /tmp/%I
-      '';
-      destination = "/etc/systemd/system/touch-tmp@.service";
-    };
-  in {
-    systemd.packages = [ touchTmp ];
-
-    systemd.services."touch-tmp@forbidden" = {
-      serviceConfig.ExecStart = [ "" ''
-        ${pkgs.coreutils}/bin/true
-      ''];
-    };
-
-    systemd.services."touch-tmp@intercept" = {
-      serviceConfig.ExecStart = [ "" ''
-        ${pkgs.coreutils}/bin/touch /tmp/renamed
-      ''];
-    };
-  };
-
-  testScript = ''
-    machine.wait_for_unit("default.target")
-
-    machine.succeed("systemctl start touch-tmp@normal")
-    machine.succeed("systemctl start touch-tmp@forbbidden")
-    machine.succeed("systemctl start touch-tmp@intercept")
-
-    machine.succeed("[ -e /tmp/normal ]")
-    machine.succeed("[ ! -e /tmp/forbidden ]")
-    machine.succeed("[ -e /tmp/renamed ]")
-  '';
-}
diff --git a/nixos/tests/turbovnc-headless-server.nix b/nixos/tests/turbovnc-headless-server.nix
new file mode 100644
index 00000000000..35da9a53d2d
--- /dev/null
+++ b/nixos/tests/turbovnc-headless-server.nix
@@ -0,0 +1,171 @@
+import ./make-test-python.nix ({ pkgs, lib, ... }: {
+  name = "turbovnc-headless-server";
+  meta = {
+    maintainers = with lib.maintainers; [ nh2 ];
+  };
+
+  machine = { pkgs, ... }: {
+
+    environment.systemPackages = with pkgs; [
+      glxinfo
+      procps # for `pkill`, `pidof` in the test
+      scrot # for screenshotting Xorg
+      turbovnc
+    ];
+
+    programs.turbovnc.ensureHeadlessSoftwareOpenGL = true;
+
+    networking.firewall = {
+      # Reject instead of drop, for failures instead of hangs.
+      rejectPackets = true;
+      allowedTCPPorts = [
+        5900 # VNC :0, for seeing what's going on in the server
+      ];
+    };
+
+    # So that we can ssh into the VM, see e.g.
+    # http://blog.patapon.info/nixos-local-vm/#accessing-the-vm-with-ssh
+    services.openssh.enable = true;
+    services.openssh.permitRootLogin = "yes";
+    users.extraUsers.root.password = "";
+    users.mutableUsers = false;
+  };
+
+  testScript = ''
+    def wait_until_terminated_or_succeeds(
+        termination_check_shell_command,
+        success_check_shell_command,
+        get_detail_message_fn,
+        retries=60,
+        retry_sleep=0.5,
+    ):
+        def check_success():
+            command_exit_code, _output = machine.execute(success_check_shell_command)
+            return command_exit_code == 0
+
+        for _ in range(retries):
+            exit_check_exit_code, _output = machine.execute(termination_check_shell_command)
+            is_terminated = exit_check_exit_code != 0
+            if is_terminated:
+                if check_success():
+                    return
+                else:
+                    details = get_detail_message_fn()
+                    raise Exception(
+                        f"termination check ({termination_check_shell_command}) triggered without command succeeding ({success_check_shell_command}); details: {details}"
+                    )
+            else:
+                if check_success():
+                    return
+            time.sleep(retry_sleep)
+
+        if not check_success():
+            details = get_detail_message_fn()
+            raise Exception(
+                f"action timed out ({success_check_shell_command}); details: {details}"
+            )
+
+
+    # Below we use the pattern:
+    #     (cmd | tee stdout.log) 3>&1 1>&2 2>&3 | tee stderr.log
+    # to capture both stderr and stdout while also teeing them, see:
+    # https://unix.stackexchange.com/questions/6430/how-to-redirect-stderr-and-stdout-to-different-files-and-also-display-in-termina/6431#6431
+
+
+    # Starts headless VNC server, backgrounding it.
+    def start_xvnc():
+        xvnc_command = " ".join(
+            [
+                "Xvnc",
+                ":0",
+                "-iglx",
+                "-auth /root/.Xauthority",
+                "-geometry 1240x900",
+                "-depth 24",
+                "-rfbwait 5000",
+                "-deferupdate 1",
+                "-verbose",
+                "-securitytypes none",
+                # We don't enforce localhost listening such that we
+                # can connect from outside the VM using
+                #     env QEMU_NET_OPTS=hostfwd=tcp::5900-:5900 $(nix-build nixos/tests/turbovnc-headless-server.nix -A driver)/bin/nixos-test-driver
+                # for testing purposes, and so that we can in the future
+                # add another test case that connects the TurboVNC client.
+                # "-localhost",
+            ]
+        )
+        machine.execute(
+            # Note trailing & for backgrounding.
+            f"({xvnc_command} | tee /tmp/Xvnc.stdout) 3>&1 1>&2 2>&3 | tee /tmp/Xvnc.stderr &",
+        )
+
+
+    # Waits until the server log message that tells us that GLX is ready
+    # (requires `-verbose` above), avoiding screenshoting racing below.
+    def wait_until_xvnc_glx_ready():
+        machine.wait_until_succeeds("test -f /tmp/Xvnc.stderr")
+        wait_until_terminated_or_succeeds(
+            termination_check_shell_command="pidof Xvnc",
+            success_check_shell_command="grep 'GLX: Initialized DRISWRAST' /tmp/Xvnc.stderr",
+            get_detail_message_fn=lambda: "Contents of /tmp/Xvnc.stderr:\n"
+            + machine.succeed("cat /tmp/Xvnc.stderr"),
+        )
+
+
+    # Checks that we detect glxgears failing when
+    # `LIBGL_DRIVERS_PATH=/nonexistent` is set
+    # (in which case software rendering should not work).
+    def test_glxgears_failing_with_bad_driver_path():
+        machine.execute(
+            # Note trailing & for backgrounding.
+            "(env DISPLAY=:0 LIBGL_DRIVERS_PATH=/nonexistent glxgears -info | tee /tmp/glxgears-should-fail.stdout) 3>&1 1>&2 2>&3 | tee /tmp/glxgears-should-fail.stderr &"
+        )
+        machine.wait_until_succeeds("test -f /tmp/glxgears-should-fail.stderr")
+        wait_until_terminated_or_succeeds(
+            termination_check_shell_command="pidof glxgears",
+            success_check_shell_command="grep 'libGL error: failed to load driver: swrast' /tmp/glxgears-should-fail.stderr",
+            get_detail_message_fn=lambda: "Contents of /tmp/glxgears-should-fail.stderr:\n"
+            + machine.succeed("cat /tmp/glxgears-should-fail.stderr"),
+        )
+        machine.wait_until_fails("pidof glxgears")
+
+
+    # Starts glxgears, backgrounding it. Waits until it prints the `GL_RENDERER`.
+    # Does not quit glxgears.
+    def test_glxgears_prints_renderer():
+        machine.execute(
+            # Note trailing & for backgrounding.
+            "(env DISPLAY=:0 glxgears -info | tee /tmp/glxgears.stdout) 3>&1 1>&2 2>&3 | tee /tmp/glxgears.stderr &"
+        )
+        machine.wait_until_succeeds("test -f /tmp/glxgears.stderr")
+        wait_until_terminated_or_succeeds(
+            termination_check_shell_command="pidof glxgears",
+            success_check_shell_command="grep 'GL_RENDERER' /tmp/glxgears.stdout",
+            get_detail_message_fn=lambda: "Contents of /tmp/glxgears.stderr:\n"
+            + machine.succeed("cat /tmp/glxgears.stderr"),
+        )
+
+
+    with subtest("Start Xvnc"):
+        start_xvnc()
+        wait_until_xvnc_glx_ready()
+
+    with subtest("Ensure bad driver path makes glxgears fail"):
+        test_glxgears_failing_with_bad_driver_path()
+
+    with subtest("Run 3D application (glxgears)"):
+        test_glxgears_prints_renderer()
+
+        # Take screenshot; should display the glxgears.
+        machine.succeed("scrot --display :0 /tmp/glxgears.png")
+
+    # Copy files down.
+    machine.copy_from_vm("/tmp/glxgears.png")
+    machine.copy_from_vm("/tmp/glxgears.stdout")
+    machine.copy_from_vm("/tmp/glxgears-should-fail.stdout")
+    machine.copy_from_vm("/tmp/glxgears-should-fail.stderr")
+    machine.copy_from_vm("/tmp/Xvnc.stdout")
+    machine.copy_from_vm("/tmp/Xvnc.stderr")
+  '';
+
+})
diff --git a/pkgs/applications/audio/ardour/5.nix b/pkgs/applications/audio/ardour/5.nix
index 4a0656ed9ce..9e8c075bfb0 100644
--- a/pkgs/applications/audio/ardour/5.nix
+++ b/pkgs/applications/audio/ardour/5.nix
@@ -8,7 +8,6 @@
 , doxygen
 , fftwSinglePrec
 , flac
-, glibc
 , glibmm
 , graphviz
 , gtkmm2
diff --git a/pkgs/applications/audio/cheesecutter/default.nix b/pkgs/applications/audio/cheesecutter/default.nix
index 84f6b183033..6c14cc67f81 100644
--- a/pkgs/applications/audio/cheesecutter/default.nix
+++ b/pkgs/applications/audio/cheesecutter/default.nix
@@ -8,13 +8,13 @@
 }:
 stdenv.mkDerivation rec {
   pname = "cheesecutter";
-  version = "unstable-2020-04-03";
+  version = "unstable-2021-02-27";
 
   src = fetchFromGitHub {
     owner = "theyamo";
     repo = "CheeseCutter";
-    rev = "68d6518f0e6249a2a5d122fc80201578337c1277";
-    sha256 = "0xspzjhc6cp3m0yd0mwxncg8n1wklizamxvidrnn21jgj3mnaq2q";
+    rev = "84450d3614b8fb2cabda87033baab7bedd5a5c98";
+    sha256 = "sha256:0q4a791nayya6n01l0f4kk497rdq6kiq0n72fqdpwqy138pfwydn";
   };
 
   patches = [
diff --git a/pkgs/applications/audio/gnome-podcasts/default.nix b/pkgs/applications/audio/gnome-podcasts/default.nix
index 6524700ae15..f4099f49ecf 100644
--- a/pkgs/applications/audio/gnome-podcasts/default.nix
+++ b/pkgs/applications/audio/gnome-podcasts/default.nix
@@ -75,5 +75,7 @@ stdenv.mkDerivation rec {
     license = licenses.gpl3Plus;
     maintainers = teams.gnome.members;
     platforms = platforms.unix;
+    # couldn't read /build/source/build/podcasts-gtk/resources/resources.gresource: No such file or directory (os error 2)
+    broken = true;
   };
 }
diff --git a/pkgs/applications/audio/samplv1/default.nix b/pkgs/applications/audio/samplv1/default.nix
index 4b06a99d473..8f0a4808121 100644
--- a/pkgs/applications/audio/samplv1/default.nix
+++ b/pkgs/applications/audio/samplv1/default.nix
@@ -5,11 +5,11 @@
 
 mkDerivation rec {
   pname = "samplv1";
-  version = "0.9.18";
+  version = "0.9.20";
 
   src = fetchurl {
     url = "mirror://sourceforge/samplv1/${pname}-${version}.tar.gz";
-    sha256 = "ePhM9OTLJp1Wa2D9Y1Dqq/69WlEhEp3ih9yNUIJU5Y4=";
+    sha256 = "sha256-9tm72lV9i/155TVweNwO2jpPsCJkh6r82g7Z1wCI1ho=";
   };
 
   nativeBuildInputs = [ qttools pkg-config ];
diff --git a/pkgs/applications/audio/sunvox/default.nix b/pkgs/applications/audio/sunvox/default.nix
index abc31d9f180..542db7c2280 100644
--- a/pkgs/applications/audio/sunvox/default.nix
+++ b/pkgs/applications/audio/sunvox/default.nix
@@ -44,5 +44,7 @@ stdenv.mkDerivation rec {
     homepage = "http://www.warmplace.ru/soft/sunvox/";
     maintainers = with maintainers; [ puffnfresh ];
     platforms = [ "i686-linux" "x86_64-linux" ];
+    # hash mismatch
+    broken = true;
   };
 }
diff --git a/pkgs/applications/audio/surge/default.nix b/pkgs/applications/audio/surge/default.nix
index 83125324694..ed15d49cfe0 100644
--- a/pkgs/applications/audio/surge/default.nix
+++ b/pkgs/applications/audio/surge/default.nix
@@ -4,13 +4,13 @@
 
 stdenv.mkDerivation rec {
   pname = "surge";
-  version = "1.7.1";
+  version = "1.8.1";
 
   src = fetchFromGitHub {
     owner = "surge-synthesizer";
     repo = pname;
     rev = "release_${version}";
-    sha256 = "1b3ccc78vrpzy18w7070zfa250dnd1bww147xxcnj457vd6n065s";
+    sha256 = "0lla860g7zgn9n1zgy14g4j72d5n5y7isyxz2w5xy2fzdpdg24ql";
     leaveDotGit = true; # for SURGE_VERSION
     fetchSubmodules = true;
   };
@@ -20,9 +20,10 @@ stdenv.mkDerivation rec {
 
   postPatch = ''
     substituteInPlace src/common/SurgeStorage.cpp --replace "/usr/share/Surge" "$out/share/surge"
-    substituteInPlace src/common/gui/PopupEditorDialog.cpp --replace '"zenity' '"${zenity}/bin/zenity'
     substituteInPlace src/linux/UserInteractionsLinux.cpp --replace '"zenity' '"${zenity}/bin/zenity'
     substituteInPlace vstgui.surge/vstgui/lib/platform/linux/x11fileselector.cpp --replace /usr/bin/zenity ${zenity}/bin/zenity
+    patchShebangs scripts/linux/emit-vector-piggy
+    patchShebangs scripts/linux/generate-lv2-ttl
   '';
 
   installPhase = ''
diff --git a/pkgs/applications/blockchains/monero-gui/default.nix b/pkgs/applications/blockchains/monero-gui/default.nix
index 9bf1ca586c2..5f430bc8869 100644
--- a/pkgs/applications/blockchains/monero-gui/default.nix
+++ b/pkgs/applications/blockchains/monero-gui/default.nix
@@ -10,15 +10,13 @@
 , randomx, zeromq, libgcrypt, libgpgerror
 , hidapi, rapidjson, quirc
 , trezorSupport ? true
-,   libusb1  ? null
-,   protobuf ? null
-,   python3  ? null
+,   libusb1
+,   protobuf
+,   python3
 }:
 
 with lib;
 
-assert trezorSupport -> all (x: x!=null) [ libusb1 protobuf python3 ];
-
 let
   arch = if stdenv.isx86_64  then "x86-64"
     else if stdenv.isi686    then "i686"
diff --git a/pkgs/applications/editors/edit/default.nix b/pkgs/applications/editors/edit/default.nix
index 25e620c51e4..cc8d184a3a0 100644
--- a/pkgs/applications/editors/edit/default.nix
+++ b/pkgs/applications/editors/edit/default.nix
@@ -2,39 +2,30 @@
 
 stdenv.mkDerivation {
   pname = "edit-nightly";
-  version = "20160425";
+  version = "20180228";
 
   src = fetchgit {
     url = "git://c9x.me/ed.git";
-    rev = "323d49b68c5e804ed3b8cada0e2274f1589b3484";
-    sha256 = "0wv8i3ii7cd9bqhjpahwp2g5fcmyk365nc7ncmvl79cxbz3f7y8v";
+    rev = "77d96145b163d79186c722a7ffccfff57601157c";
+    sha256 = "0rsmp7ydmrq3xx5q19566is9a2v2w5yfsphivfc7j4ljp32jlyyy";
   };
 
-  buildInputs = [
-     unzip
-     pkg-config
-     ncurses
-     libX11
-     libXft
-     cwebbin
-  ];
+  nativeBuildInputs = [ unzip pkg-config cwebbin ];
+  buildInputs = [ ncurses libX11 libXft ];
 
-  buildPhase = ''
+  preBuild = ''
     ctangle *.w
-    make
   '';
 
   installPhase = ''
-    mkdir -p $out/bin/
-    cp obj/edit $out/bin/edit
+    install -Dm755 obj/edit -t $out/bin
   '';
 
   meta = with lib; {
     description = "A relaxing mix of Vi and ACME";
-    homepage = "http://c9x.me/edit";
+    homepage = "https://c9x.me/edit";
     license = licenses.publicDomain;
     maintainers = [ maintainers.vrthra ];
-    platforms = platforms.linux;
+    platforms = platforms.all;
   };
 }
-
diff --git a/pkgs/applications/graphics/freecad/default.nix b/pkgs/applications/graphics/freecad/default.nix
index b74dcccb14e..56994e17211 100644
--- a/pkgs/applications/graphics/freecad/default.nix
+++ b/pkgs/applications/graphics/freecad/default.nix
@@ -131,6 +131,8 @@ mkDerivation rec {
 
   postFixup = ''
     mv $out/share/doc $out
+    ln -s $out/bin/FreeCAD $out/bin/freecad
+    ln -s $out/bin/FreeCADCmd $out/bin/freecadcmd
   '';
 
   meta = with lib; {
diff --git a/pkgs/applications/graphics/gimp/default.nix b/pkgs/applications/graphics/gimp/default.nix
index 62f1a362771..2491d8d3a8a 100644
--- a/pkgs/applications/graphics/gimp/default.nix
+++ b/pkgs/applications/graphics/gimp/default.nix
@@ -1,6 +1,7 @@
 { stdenv
 , lib
 , fetchurl
+, fetchpatch
 , substituteAll
 , autoreconfHook
 , pkg-config
@@ -72,6 +73,12 @@ in stdenv.mkDerivation rec {
     # Use absolute paths instead of relying on PATH
     # to make sure plug-ins are loaded by the correct interpreter.
     ./hardcode-plugin-interpreters.patch
+
+    # Fix crash without dot.
+    (fetchpatch {
+      url = "https://gitlab.gnome.org/GNOME/gimp/-/commit/f83fd22c4b8701ffc4ce14383e5e22756a4bce04.patch";
+      sha256 = "POuvBhOSStO7hBGp4HgNx5F9pElFRoqN3W+i3u4zOnk=";
+    })
   ];
 
   nativeBuildInputs = [
diff --git a/pkgs/applications/misc/jrnl/default.nix b/pkgs/applications/misc/jrnl/default.nix
index 8d2cabb5b8b..7a5615bf40d 100644
--- a/pkgs/applications/misc/jrnl/default.nix
+++ b/pkgs/applications/misc/jrnl/default.nix
@@ -18,14 +18,14 @@
 
 buildPythonApplication rec {
   pname = "jrnl";
-  version = "2.7";
+  version = "2.7.1";
   format = "pyproject";
 
   src = fetchFromGitHub {
     owner = "jrnl-org";
     repo = pname;
     rev = "v${version}";
-    sha256 = "1hyjjw9mxy73n3pkliaaif135h2sd4iy43pw9d5zynid5abnr3yz";
+    sha256 = "1m1shgnvwzzs0g6ph7rprwxd7w8zj0x4sbgiqsv9z41k6li7xj4r";
   };
 
   nativeBuildInputs = [ poetry ];
diff --git a/pkgs/applications/misc/metadata-cleaner/default.nix b/pkgs/applications/misc/metadata-cleaner/default.nix
new file mode 100644
index 00000000000..de715bf315f
--- /dev/null
+++ b/pkgs/applications/misc/metadata-cleaner/default.nix
@@ -0,0 +1,61 @@
+{ lib
+, python3
+, fetchFromGitLab
+, appstream
+, desktop-file-utils
+, glib
+, gobject-introspection
+, gtk3
+, libhandy
+, librsvg
+, meson
+, ninja
+, pkg-config
+, poppler_gi
+, wrapGAppsHook
+}:
+
+python3.pkgs.buildPythonApplication rec {
+  pname = "metadata-cleaner";
+  version = "1.0.3";
+
+  format = "other";
+
+  src = fetchFromGitLab {
+    owner = "rmnvgr";
+    repo = "metadata-cleaner";
+    rev = "v${version}";
+    sha256 = "06dzfcnjb1xd8lk0r7bi4i784gfj8r7habbjbk2c4vn2847v71lf";
+  };
+
+  nativeBuildInputs = [
+    appstream
+    desktop-file-utils
+    glib
+    gtk3
+    meson
+    ninja
+    pkg-config
+    wrapGAppsHook
+  ];
+
+  buildInputs = [
+    gobject-introspection
+    gtk3
+    libhandy
+    librsvg
+    poppler_gi
+  ];
+
+  propagatedBuildInputs = with python3.pkgs; [
+    mat2
+    pygobject3
+  ];
+
+  meta = with lib; {
+    description = "Python GTK application to view and clean metadata in files, using mat2";
+    homepage = "https://gitlab.com/rmnvgr/metadata-cleaner";
+    license = with licenses; [ gpl3Plus cc-by-sa-40 ];
+    maintainers = with maintainers; [ dotlambda ];
+  };
+}
diff --git a/pkgs/applications/misc/qcad/default.nix b/pkgs/applications/misc/qcad/default.nix
index c6b9d82bcf4..6b2418ab57c 100644
--- a/pkgs/applications/misc/qcad/default.nix
+++ b/pkgs/applications/misc/qcad/default.nix
@@ -15,16 +15,17 @@
 
 mkDerivationWith stdenv.mkDerivation rec {
   pname = "qcad";
-  version = "3.25.2.0";
+  version = "3.26.0.1";
 
   src = fetchFromGitHub {
     owner = "qcad";
     repo = "qcad";
     rev = "v${version}";
-    sha256 = "1lz6q9n2p0l7k8rwqsdj6av9p3426423g5avc4y6s7nbk36280mz";
+    sha256 = "sha256-V+QlwM8BWmcarwZtqJfc+MYHOZgIH1W5R8m2EHhNJls=";
   };
 
   patches = [
+    # Patch directory lookup, remove __DATE__ and executable name
     ./application-dir.patch
   ];
 
@@ -90,12 +91,10 @@ mkDerivationWith stdenv.mkDerivation rec {
     qttools
   ];
 
-  enableParallelBuilding = true;
-
   meta = with lib; {
     description = "2D CAD package based on Qt";
     homepage = "https://qcad.org";
-    license = licenses.gpl3;
+    license = licenses.gpl3Only;
     maintainers = with maintainers; [ yvesf ];
     platforms = qtbase.meta.platforms;
   };
diff --git a/pkgs/applications/misc/tickrs/default.nix b/pkgs/applications/misc/tickrs/default.nix
index fb6bfc6efe3..601380fc6cb 100644
--- a/pkgs/applications/misc/tickrs/default.nix
+++ b/pkgs/applications/misc/tickrs/default.nix
@@ -2,16 +2,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "tickrs";
-  version = "0.14.2";
+  version = "0.14.3";
 
   src = fetchFromGitHub {
     owner = "tarkah";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-8m4mIXTqc6rDMIjODbHJL7ipH5Y4WwgsWcSmw/SaiIo=";
+    sha256 = "sha256-mHMBhYI9pJkuK/6tCg1fXPjTfGFe0gkMzplesuFvl5M=";
   };
 
-  cargoSha256 = "sha256-ZcRFQT2CxqpO35UqK79g2Jq5SPOLZ88WiG36issC5kY=";
+  cargoSha256 = "sha256-XmLobbVTYO8dA8YVtI/ntlD1RB9sO3poP6NBdDOPIlE=";
 
   nativeBuildInputs = [ perl ];
 
diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json
index 78d70cc7ab4..da36f2de68e 100644
--- a/pkgs/applications/networking/browsers/chromium/upstream-info.json
+++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json
@@ -18,9 +18,9 @@
     }
   },
   "beta": {
-    "version": "90.0.4430.19",
-    "sha256": "174isyx4g62d8ggn9imp41dfklcbxi3y5nfprm4jbjmn5cb7v8xa",
-    "sha256bin64": "0z665iykdsmjrjbijsrcq80y2anvcfykasznf8w4brg9l9k59wv8",
+    "version": "90.0.4430.30",
+    "sha256": "01b6naziii72pvw35wphfqz3inih75is038yf1mdp1847jbvxpwp",
+    "sha256bin64": "0k48mfzmyjb0w75fkm2j7ll340qgmzvmskz12awc2l19hgnw1s8p",
     "deps": {
       "gn": {
         "version": "2021-02-09",
@@ -31,15 +31,15 @@
     }
   },
   "dev": {
-    "version": "91.0.4442.4",
-    "sha256": "0cmm2pimkghb6s956bkqf2k77lj69dz51nlydgkqbvw0sc8n784k",
-    "sha256bin64": "1hbfx8n51p7dwwz1vbp94jdmlb96vvxrbql2af4kmvx1bmzr2ism",
+    "version": "91.0.4449.6",
+    "sha256": "1y6z7p64fi4dxyrxrnlmg0wwczgw58cinrsywhnrpl2wp2y3v6m3",
+    "sha256bin64": "1baxra0hg981awinyyvm1x46rlskjmhs2m1h0zf72l11y1jyj5vc",
     "deps": {
       "gn": {
-        "version": "2021-02-09",
+        "version": "2021-03-12",
         "url": "https://gn.googlesource.com/gn",
-        "rev": "dfcbc6fed0a8352696f92d67ccad54048ad182b3",
-        "sha256": "1941bzg37c4dpsk3sh6ga3696gpq6vjzpcw9rsnf6kdr9mcgdxvn"
+        "rev": "64b3b9401c1c3ed5f3c43c1cac00b91f83597ab8",
+        "sha256": "14whk4gyx21cqxy1560xm8p1mc1581dh9g7xy120g8vvcylknjlm"
       }
     }
   },
diff --git a/pkgs/applications/networking/cluster/fluxctl/default.nix b/pkgs/applications/networking/cluster/fluxctl/default.nix
index e0ae7636f60..852088ec47a 100644
--- a/pkgs/applications/networking/cluster/fluxctl/default.nix
+++ b/pkgs/applications/networking/cluster/fluxctl/default.nix
@@ -2,16 +2,16 @@
 
 buildGoModule rec {
   pname = "fluxctl";
-  version = "1.21.2";
+  version = "1.22.0";
 
   src = fetchFromGitHub {
     owner = "weaveworks";
     repo = "flux";
     rev = version;
-    sha256 = "sha256-pI/LGAjTWFXiDKSV+dZl0wXK/TZmN9DuWf5Nu8EYNYc=";
+    sha256 = "sha256-7uS8704YZ7lQTSSnbVvc6T5iadl02TeVpwVPf2uS9L4=";
   };
 
-  vendorSha256 = "sha256-Q8gIhJSZqdjBXrIcJfCd25BniDScwVzUwZ9Vc8p/z3c=";
+  vendorSha256 = "sha256-oqfJaQA8ybh0UNWYJ2ukoWkwdgORwvXzRCquGstwA4M=";
 
   nativeBuildInputs = [ installShellFiles ];
 
diff --git a/pkgs/applications/networking/cluster/lens/default.nix b/pkgs/applications/networking/cluster/lens/default.nix
index 656badfe5a0..6b303ce0f40 100644
--- a/pkgs/applications/networking/cluster/lens/default.nix
+++ b/pkgs/applications/networking/cluster/lens/default.nix
@@ -2,12 +2,12 @@
 
 let
   pname = "lens";
-  version = "3.6.7";
+  version = "4.1.4";
   name = "${pname}-${version}";
 
   src = fetchurl {
-    url = "https://github.com/lensapp/lens/releases/download/v${version}/Lens-${version}.AppImage";
-    sha256 = "0var7d31ab6lq2vq6brk2dnhlnhqjp2gdqhygif567cdmcpn4vz8";
+    url = "https://github.com/lensapp/lens/releases/download/v${version}/Lens-${version}.x86_64.AppImage";
+    sha256 = "0g7k3sld6m31qi0zc9z5gydi60waw7ykwz48qnyg77xz1cpm6z5x";
     name="${pname}.AppImage";
   };
 
diff --git a/pkgs/applications/networking/cluster/waypoint/default.nix b/pkgs/applications/networking/cluster/waypoint/default.nix
index f28754005ec..7675dc0de88 100644
--- a/pkgs/applications/networking/cluster/waypoint/default.nix
+++ b/pkgs/applications/networking/cluster/waypoint/default.nix
@@ -2,17 +2,17 @@
 
 buildGoModule rec {
   pname = "waypoint";
-  version = "0.2.3";
+  version = "0.2.4";
 
   src = fetchFromGitHub {
     owner = "hashicorp";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-FTBBDKFUoyC+Xdm3+2QWXK57fLwitYrFP89OvAyHHVY=";
+    sha256 = "sha256-6sV2e/m0qVSRWgdvVZ9VxEL/J57nTcTClxHF5X8/8PQ=";
   };
 
   deleteVendor = true;
-  vendorSha256 = "sha256-ihelAumTRgLALevJdVq3V3SISitiRPCQZUh2h5/eczA=";
+  vendorSha256 = "sha256-NPE3YHulqllWDGrxQgPmy/KKE7xFPOUorLQNIU8cP50=";
 
   nativeBuildInputs = [ go-bindata ];
 
diff --git a/pkgs/applications/networking/ftp/filezilla/default.nix b/pkgs/applications/networking/ftp/filezilla/default.nix
index 877cdec4ca8..b4c1e95087e 100644
--- a/pkgs/applications/networking/ftp/filezilla/default.nix
+++ b/pkgs/applications/networking/ftp/filezilla/default.nix
@@ -17,11 +17,11 @@
 
 stdenv.mkDerivation rec {
   pname = "filezilla";
-  version = "3.51.0";
+  version = "3.52.2";
 
   src = fetchurl {
     url = "https://download.filezilla-project.org/client/FileZilla_${version}_src.tar.bz2";
-    sha256 = "0k3c7gm16snc6dr9a3xgq14ajyqj4hxcrd6hk6jk5fsi9x51rgl2";
+    sha256 = "sha256-wHiIFpKKJuiGPH3CaxWGROcb7ylAbffS7aN9xIENbN8=";
   };
 
   # https://www.linuxquestions.org/questions/slackware-14/trouble-building-filezilla-3-47-2-1-current-4175671182/#post6099769
diff --git a/pkgs/applications/networking/instant-messengers/deltachat-electron/default.nix b/pkgs/applications/networking/instant-messengers/deltachat-electron/default.nix
index c579220cdde..396dec1cd09 100644
--- a/pkgs/applications/networking/instant-messengers/deltachat-electron/default.nix
+++ b/pkgs/applications/networking/instant-messengers/deltachat-electron/default.nix
@@ -2,12 +2,12 @@
 
 let
   pname = "deltachat-electron";
-  version = "1.15.2";
+  version = "1.15.3";
   name = "${pname}-${version}";
 
   src = fetchurl {
     url = "https://download.delta.chat/desktop/v${version}/DeltaChat-${version}.AppImage";
-    sha256 = "sha256-iw2tU8qqXWbtEdLGlW8HNBHx8F2CgnCGCBUWpM407us=";
+    sha256 = "sha256-cYb0uruuWpNr1jF5WZ48quBZRIVXiHr99mLPLKMOX5M=";
   };
 
   appimageContents = appimageTools.extract { inherit name src; };
diff --git a/pkgs/applications/networking/instant-messengers/fractal/default.nix b/pkgs/applications/networking/instant-messengers/fractal/default.nix
index 9f5cd6f69bf..ca6537fdfb5 100644
--- a/pkgs/applications/networking/instant-messengers/fractal/default.nix
+++ b/pkgs/applications/networking/instant-messengers/fractal/default.nix
@@ -87,8 +87,9 @@ stdenv.mkDerivation rec {
   meta = with lib; {
     description = "Matrix group messaging app";
     homepage = "https://gitlab.gnome.org/GNOME/fractal";
-    license = licenses.gpl3Plus;
-    broken = stdenv.isDarwin;
+    license = licenses.gpl3;
+    # couldn't read /build/source/build/podcasts-gtk/resources/resources.gresource: No such file or directory (os error 2)
+    broken = true;
     maintainers = with maintainers; [ dtzWill worldofpeace ];
   };
 }
diff --git a/pkgs/applications/networking/instant-messengers/pidgin-plugins/carbons/default.nix b/pkgs/applications/networking/instant-messengers/pidgin-plugins/carbons/default.nix
index 46f8458f153..f702a667ae1 100644
--- a/pkgs/applications/networking/instant-messengers/pidgin-plugins/carbons/default.nix
+++ b/pkgs/applications/networking/instant-messengers/pidgin-plugins/carbons/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "pidgin-carbons";
-  version = "0.2.2";
+  version = "0.2.3";
 
   src = fetchFromGitHub {
     owner = "gkdr";
     repo  = "carbons";
     rev   = "v${version}";
-    sha256 = "1aq9bwgpmbwrigq6ywf0pjkngqcm0qxncygaj1fi57npjhcjs6ln";
+    sha256 = "sha256-qiyIvmJbRmCrAi/93UxDVtO76nSdtzUVfT/sZGxxAh8=";
   };
 
   makeFlags = [ "PURPLE_PLUGIN_DIR=$(out)/lib/pidgin" ];
diff --git a/pkgs/applications/networking/instant-messengers/vk-messenger/default.nix b/pkgs/applications/networking/instant-messengers/vk-messenger/default.nix
index d7deb7ee052..27312a18ec4 100644
--- a/pkgs/applications/networking/instant-messengers/vk-messenger/default.nix
+++ b/pkgs/applications/networking/instant-messengers/vk-messenger/default.nix
@@ -1,54 +1,73 @@
-{ stdenv, lib, fetchurl, rpmextract, autoPatchelfHook
+{ stdenv, lib, fetchurl, rpmextract, undmg, autoPatchelfHook
 , xorg, gtk3, gnome2, nss, alsaLib, udev, libnotify
 , wrapGAppsHook }:
 
 let
-  version = "5.0.1";
-in stdenv.mkDerivation {
   pname = "vk-messenger";
-  inherit version;
+  version = "5.2.3";
+
   src = {
     i686-linux = fetchurl {
       url = "https://desktop.userapi.com/rpm/master/vk-${version}.i686.rpm";
-      sha256 = "1ji23x13lzbkiqfrrwx1pj6gmms0p58cjmjc0y4g16kqhlxl60v6";
+      sha256 = "09zi2rzsank6lhw1z9yar1rp634y6qskvr2i0rvqg2fij7cy6w19";
     };
     x86_64-linux = fetchurl {
       url = "https://desktop.userapi.com/rpm/master/vk-${version}.x86_64.rpm";
-      sha256 = "01vvmia2qrxvrvavk9hkkyvfg4pg15m01grwb28884vy4nqw400y";
+      sha256 = "1m6saanpv1k5wc5s58jpf0wsgjsj7haabx8nycm1fjyhky1chirb";
+    };
+    x86_64-darwin = fetchurl {
+      url = "https://web.archive.org/web/20210310071550/https://desktop.userapi.com/mac/master/vk.dmg";
+      sha256 = "0j5qsr0fyl55d0x46xm4h2ykwr4y9z1dsllhqx5lnc15nc051s9b";
     };
   }.${stdenv.system} or (throw "Unsupported system: ${stdenv.system}");
 
-  nativeBuildInputs = [ rpmextract autoPatchelfHook wrapGAppsHook ];
-  buildInputs = (with xorg; [
-    libXdamage libXtst libXScrnSaver libxkbfile
-  ]) ++ [
-    gtk3 nss alsaLib
-  ];
-  runtimeDependencies = [ (lib.getLib udev) libnotify ];
-
-  unpackPhase = ''
-    rpmextract $src
-  '';
-
-  buildPhase = ''
-    substituteInPlace usr/share/applications/vk.desktop \
-      --replace /usr/share/pixmaps/vk.png vk
-  '';
-
-  installPhase = ''
-    mkdir $out
-    cd usr
-    cp -r --parents bin $out
-    cp -r --parents share/vk $out
-    cp -r --parents share/applications $out
-    cp -r --parents share/pixmaps $out
-  '';
-
   meta = with lib; {
     description = "Simple and Convenient Messaging App for VK";
     homepage = "https://vk.com/messenger";
     license = licenses.unfree;
     maintainers = [ maintainers.gnidorah ];
-    platforms = ["i686-linux" "x86_64-linux"];
+    platforms = ["i686-linux" "x86_64-linux" "x86_64-darwin"];
+  };
+
+  linux = stdenv.mkDerivation {
+    inherit pname version src meta;
+
+    nativeBuildInputs = [ rpmextract autoPatchelfHook wrapGAppsHook ];
+    buildInputs = (with xorg; [
+      libXdamage libXtst libXScrnSaver libxkbfile
+    ]) ++ [ gtk3 nss alsaLib ];
+
+    runtimeDependencies = [ (lib.getLib udev) libnotify ];
+
+    unpackPhase = ''
+      rpmextract $src
+    '';
+
+    buildPhase = ''
+      substituteInPlace usr/share/applications/vk.desktop \
+        --replace /usr/share/pixmaps/vk.png vk
+    '';
+
+    installPhase = ''
+      mkdir $out
+      cd usr
+      cp -r --parents bin $out
+      cp -r --parents share/vk $out
+      cp -r --parents share/applications $out
+      cp -r --parents share/pixmaps $out
+    '';
+  };
+
+  darwin = stdenv.mkDerivation {
+    inherit pname version src meta;
+
+    nativeBuildInputs = [ undmg ];
+
+    sourceRoot = ".";
+
+    installPhase = ''
+      mkdir -p $out/Applications
+      cp -r *.app $out/Applications
+    '';
   };
-}
+in if stdenv.isDarwin then darwin else linux
diff --git a/pkgs/applications/networking/instant-messengers/wire-desktop/default.nix b/pkgs/applications/networking/instant-messengers/wire-desktop/default.nix
index 09a5d781c44..1abedf58026 100644
--- a/pkgs/applications/networking/instant-messengers/wire-desktop/default.nix
+++ b/pkgs/applications/networking/instant-messengers/wire-desktop/default.nix
@@ -22,13 +22,13 @@ let
   pname = "wire-desktop";
 
   version = {
-    x86_64-darwin = "3.21.3959";
-    x86_64-linux = "3.22.2937";
+    x86_64-darwin = "3.23.4046";
+    x86_64-linux = "3.23.2938";
   }.${system} or throwSystem;
 
   sha256 = {
-    x86_64-darwin = "0fgzzqf1wnkjbcr0j0vjn6sggkz0z1kx6w4gi7gk4c4markdicm1";
-    x86_64-linux = "1pl2dsrgckkd8mm0cpxrz8i8rn4jfx7b9lvdyc8392sbq4chjcb7";
+    x86_64-darwin = "19k8102chh4yphk89kiz83yarawnzdnsq0hbsqpjdhbmarqjcd9s";
+    x86_64-linux = "1cx5azl5dvya1hf0gayafm4rg6ccmmq978xsgm6lf0rlb4kirj65";
   }.${system} or throwSystem;
 
   meta = with lib; {
diff --git a/pkgs/applications/networking/irc/convos/default.nix b/pkgs/applications/networking/irc/convos/default.nix
index 6a7fe4b4757..4bbc1589ed2 100644
--- a/pkgs/applications/networking/irc/convos/default.nix
+++ b/pkgs/applications/networking/irc/convos/default.nix
@@ -6,13 +6,13 @@ with lib;
 
 perlPackages.buildPerlPackage rec {
   pname = "convos";
-  version = "5.11";
+  version = "6.06";
 
   src = fetchFromGitHub {
-    owner = "Nordaaker";
+    owner = "convos-chat";
     repo = pname;
-    rev = version;
-    sha256 = "08k8dqdgz2b3p8g1zfg9i74r5nm1w0sqdm759d1f3jcyp737r47x";
+    rev = "v${version}";
+    sha256 = "0b3c8hj9cjmpzy9k949vdv1y3v7b94nh0mq15rcv3ax0sj3gd0qr";
   };
 
   nativeBuildInputs = [ makeWrapper ]
@@ -54,6 +54,9 @@ perlPackages.buildPerlPackage rec {
     #
     rm t/web-user.t
 
+    # Another web test fails, so we also remove this.
+    rm t/web-login.t
+
     # Module::Install is a runtime dependency not covered by the tests, so we add
     # a test for it.
     #
diff --git a/pkgs/applications/networking/p2p/gnunet/gtk.nix b/pkgs/applications/networking/p2p/gnunet/gtk.nix
index ddeffd8b7e8..2532671bc25 100644
--- a/pkgs/applications/networking/p2p/gnunet/gtk.nix
+++ b/pkgs/applications/networking/p2p/gnunet/gtk.nix
@@ -39,5 +39,7 @@ stdenv.mkDerivation rec {
   meta = gnunet.meta // {
     description = "GNUnet GTK User Interface";
     homepage = "https://git.gnunet.org/gnunet-gtk.git";
+    # configure: error: compiling gnunet-gtk requires GNUnet core headers
+    broken = true;
   };
 }
diff --git a/pkgs/applications/networking/remote/freerdp/default.nix b/pkgs/applications/networking/remote/freerdp/default.nix
index 10b3f2d175a..8e0f4dde816 100644
--- a/pkgs/applications/networking/remote/freerdp/default.nix
+++ b/pkgs/applications/networking/remote/freerdp/default.nix
@@ -18,13 +18,13 @@ let
 
 in stdenv.mkDerivation rec {
   pname = "freerdp";
-  version = "2.3.1";
+  version = "2.3.2";
 
   src = fetchFromGitHub {
     owner = "FreeRDP";
     repo = "FreeRDP";
     rev = version;
-    sha256 = "sha256-qKvzxIFUiRoX/fCTDoGOGFMfzMTCRq+A5b9K2J2Wnwk=";
+    sha256 = "sha256-qqpdMBDcVfXm/KB54zv23O8raGqBhAKqXo6Kj2VaI8w=";
   };
 
   postPatch = ''
diff --git a/pkgs/applications/networking/sync/onedrive/default.nix b/pkgs/applications/networking/sync/onedrive/default.nix
index ec983276de8..300214e58b7 100644
--- a/pkgs/applications/networking/sync/onedrive/default.nix
+++ b/pkgs/applications/networking/sync/onedrive/default.nix
@@ -4,13 +4,13 @@
 
 stdenv.mkDerivation rec {
   pname = "onedrive";
-  version = "2.4.7";
+  version = "2.4.10";
 
   src = fetchFromGitHub {
     owner = "abraunegg";
     repo = pname;
     rev = "v${version}";
-    sha256 = "12g2z6c4f65y8cc7vyhk9nlg1mpbsmlsj7ghlny452qhr13m7qpn";
+    sha256 = "sha256:0dvxjkni66g82j9wr6yy07sn7d7yr7bbc0py89pxybvsbid88l65";
   };
 
   nativeBuildInputs = [ autoreconfHook ldc installShellFiles pkg-config ];
diff --git a/pkgs/applications/office/portfolio/default.nix b/pkgs/applications/office/portfolio/default.nix
index 95d4ef34afb..73cd5d7cd6c 100644
--- a/pkgs/applications/office/portfolio/default.nix
+++ b/pkgs/applications/office/portfolio/default.nix
@@ -24,11 +24,11 @@ let
 in
 stdenv.mkDerivation rec {
   pname = "PortfolioPerformance";
-  version = "0.51.1";
+  version = "0.51.2";
 
   src = fetchurl {
     url = "https://github.com/buchen/portfolio/releases/download/${version}/PortfolioPerformance-${version}-linux.gtk.x86_64.tar.gz";
-    sha256 = "sha256-sQisFv+MVGod/gmF0/EWNDvYzkpF3qbDuL5eDr7w0Bs=";
+    sha256 = "sha256-5wBzGj4DkTOqtN7X8/EBDoiBtbYB6vGJJ5IkuME7a9A=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/applications/science/biology/sambamba/default.nix b/pkgs/applications/science/biology/sambamba/default.nix
index 8802736efac..7b5141302f7 100644
--- a/pkgs/applications/science/biology/sambamba/default.nix
+++ b/pkgs/applications/science/biology/sambamba/default.nix
@@ -1,18 +1,18 @@
-{ lib, stdenv, fetchFromGitHub, python3, which, dmd, ldc, zlib }:
+{ lib, stdenv, fetchFromGitHub, python3, which, ldc, zlib }:
 
 stdenv.mkDerivation rec {
   pname = "sambamba";
-  version = "0.7.1";
+  version = "0.8.0";
 
   src = fetchFromGitHub {
     owner = "biod";
     repo = "sambamba";
     rev = "v${version}";
-    sha256 = "0k5wy06zrbsc40x6answgz7rz2phadyqwlhi9nqxbfqanbg9kq20";
+    sha256 = "sha256:0kx5a0fmvv9ldz2hnh7qavgf7711kqc73zxf51k4cca4hr58zxr9";
     fetchSubmodules = true;
   };
 
-  nativeBuildInputs = [ which python3 dmd ldc ];
+  nativeBuildInputs = [ which python3 ldc ];
   buildInputs = [ zlib ];
 
   # Upstream's install target is broken; copy manually
diff --git a/pkgs/applications/science/electronics/gtkwave/default.nix b/pkgs/applications/science/electronics/gtkwave/default.nix
index 971891a5b01..3a3994d9ad6 100644
--- a/pkgs/applications/science/electronics/gtkwave/default.nix
+++ b/pkgs/applications/science/electronics/gtkwave/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "gtkwave";
-  version = "3.3.107";
+  version = "3.3.108";
 
   src = fetchurl {
     url    = "mirror://sourceforge/gtkwave/${pname}-gtk3-${version}.tar.gz";
-    sha256 = "0ma30jyc94iid3v3m8aw4i2lyiqfxkpsdvdmmaibynk400cbzivl";
+    sha256 = "sha256-LtlexZKih+Si/pH3oQpWdpzfZ6j+41Otgfx7nLMfFSQ=";
   };
 
   nativeBuildInputs = [ pkg-config wrapGAppsHook ];
diff --git a/pkgs/applications/science/machine-learning/vowpal-wabbit/default.nix b/pkgs/applications/science/machine-learning/vowpal-wabbit/default.nix
new file mode 100644
index 00000000000..771d6227a86
--- /dev/null
+++ b/pkgs/applications/science/machine-learning/vowpal-wabbit/default.nix
@@ -0,0 +1,46 @@
+{ lib, stdenv, fetchFromGitHub, cmake, boost169, rapidjson, zlib }:
+
+stdenv.mkDerivation rec {
+  pname = "vowpal-wabbit";
+  version = "8.9.2";
+
+  src = fetchFromGitHub {
+    owner = "VowpalWabbit";
+    repo = "vowpal_wabbit";
+    rev = version;
+    sha256 = "0ng1kip7sh3br85691xvszxd6lhv8nhfkgqkpwxd89wy85znzhmd";
+  };
+
+  nativeBuildInputs = [ cmake ];
+
+  buildInputs = [
+    boost169
+    rapidjson
+    zlib
+  ];
+
+  # -DBUILD_TESTS=OFF is set as both it saves time in the build and the default
+  # cmake flags appended by the builder include -DBUILD_TESTING=OFF for which
+  # this is the equivalent flag.
+  cmakeFlags = [
+    "-DVW_INSTALL=ON"
+    "-DBUILD_TESTS=OFF"
+    "-DBUILD_JAVA=OFF"
+    "-DBUILD_PYTHON=OFF"
+    "-DUSE_LATEST_STD=ON"
+    "-DRAPIDJSON_SYS_DEP=ON"
+  ];
+
+  meta = with lib; {
+    broken = stdenv.isAarch32 || stdenv.isAarch64;
+    description = "Machine learning system focused on online reinforcement learning";
+    homepage = "https://github.com/VowpalWabbit/vowpal_wabbit/";
+    license = licenses.bsd3;
+    longDescription = ''
+      Machine learning system which pushes the frontier of machine learning with techniques such as online,
+      hashing, allreduce, reductions, learning2search, active, and interactive and reinforcement learning
+    '';
+    maintainers = with maintainers; [ jackgerrits ];
+    platforms = platforms.unix;
+  };
+}
diff --git a/pkgs/applications/terminal-emulators/tilix/default.nix b/pkgs/applications/terminal-emulators/tilix/default.nix
index 80956a51244..c0f4ea32576 100644
--- a/pkgs/applications/terminal-emulators/tilix/default.nix
+++ b/pkgs/applications/terminal-emulators/tilix/default.nix
@@ -5,7 +5,7 @@
 , ninja
 , python3
 , pkg-config
-, dmd
+, ldc
 , dconf
 , dbus
 , gsettings-desktop-schemas
@@ -16,17 +16,18 @@
 , glib
 , wrapGAppsHook
 , libunwind
+, appstream
 }:
 
-stdenv.mkDerivation {
+stdenv.mkDerivation rec {
   pname = "tilix";
-  version = "unstable-2019-10-02";
+  version = "1.9.4";
 
   src = fetchFromGitHub {
     owner = "gnunn1";
     repo = "tilix";
-    rev = "ffcd31e3c0e1a560ce89468152d8726065e8fb1f";
-    sha256 = "1bzv7xiqhyblz1rw8ln4zpspmml49vnshn1zsv9di5q7kfgpqrgq";
+    rev = "${version}";
+    sha256 = "sha256:020gr4q7kmqq8vnsh8rw97gf1p2n1yq4d7ncyjjh9l13zkaxqqv9";
   };
 
   # Default upstream else LDC fails to link
@@ -36,12 +37,13 @@ stdenv.mkDerivation {
 
   nativeBuildInputs = [
     desktop-file-utils
-    dmd
+    ldc
     meson
     ninja
     pkg-config
     python3
     wrapGAppsHook
+    appstream
   ];
 
   buildInputs = [
diff --git a/pkgs/applications/version-management/git-and-tools/lab/default.nix b/pkgs/applications/version-management/git-and-tools/lab/default.nix
index a9138fa0c87..856ee616efb 100644
--- a/pkgs/applications/version-management/git-and-tools/lab/default.nix
+++ b/pkgs/applications/version-management/git-and-tools/lab/default.nix
@@ -2,18 +2,18 @@
 
 buildGoModule rec {
   pname = "lab";
-  version = "0.20.0";
+  version = "0.21.0";
 
   src = fetchFromGitHub {
     owner = "zaquestion";
     repo = "lab";
     rev = "v${version}";
-    sha256 = "sha256-EQqbWM/4CInFNndfD+k7embPUFLXgxRT44e/+Ik2TDs=";
+    sha256 = "sha256-mkhJmrKpIISd0m0m8fQ9vKuEr6h23BBxK6yo5fB+xcA=";
   };
 
   subPackages = [ "." ];
 
-  vendorSha256 = "sha256-T6kGhje3K2HnR8xRuio6AsYbSwIdbWvAk3ZSnbm1NsA=";
+  vendorSha256 = "sha256-cf+DVnGjSNV2eZ8S/Vk+VPlykoSjngrQuPeA9IshBUg=";
 
   doCheck = false;
 
diff --git a/pkgs/applications/version-management/gitlab/data.json b/pkgs/applications/version-management/gitlab/data.json
index 001d0b158b2..b3a5d25c930 100644
--- a/pkgs/applications/version-management/gitlab/data.json
+++ b/pkgs/applications/version-management/gitlab/data.json
@@ -1,11 +1,11 @@
 {
-  "version": "13.8.5",
-  "repo_hash": "0dpyqynd6rscg07s58y0cjn7vfj2h21h51ja0fm6ll76wb02sbm6",
+  "version": "13.8.6",
+  "repo_hash": "0izzvr4bw86nbrqkf44gkcf63ham10cw4vp5yk0ylgm7w0kimv8v",
   "owner": "gitlab-org",
   "repo": "gitlab",
-  "rev": "v13.8.5-ee",
+  "rev": "v13.8.6-ee",
   "passthru": {
-    "GITALY_SERVER_VERSION": "13.8.5",
+    "GITALY_SERVER_VERSION": "13.8.6",
     "GITLAB_PAGES_VERSION": "1.34.0",
     "GITLAB_SHELL_VERSION": "13.15.1",
     "GITLAB_WORKHORSE_VERSION": "8.59.2"
diff --git a/pkgs/applications/version-management/gitlab/gitaly/default.nix b/pkgs/applications/version-management/gitlab/gitaly/default.nix
index a201d79a12a..db2ac513b21 100644
--- a/pkgs/applications/version-management/gitlab/gitaly/default.nix
+++ b/pkgs/applications/version-management/gitlab/gitaly/default.nix
@@ -33,14 +33,14 @@ let
       };
   };
 in buildGoModule rec {
-  version = "13.8.5";
+  version = "13.8.6";
   pname = "gitaly";
 
   src = fetchFromGitLab {
     owner = "gitlab-org";
     repo = "gitaly";
     rev = "v${version}";
-    sha256 = "sha256-hKIjKltPPmz50Ru7elpHdeoyGAqgp+txR3fKleqY7hM=";
+    sha256 = "sha256-6ocP4SMafvLI2jfvcB8jk1AemAI/TiBQ1iaVxK7I54A=";
   };
 
   vendorSha256 = "sha256-oVw6vXI3CyOn4l02PkYx3HVpZfzQPi3yBuf9tRvoWoM=";
diff --git a/pkgs/applications/version-management/monotone-viz/graphviz-2.0.nix b/pkgs/applications/version-management/monotone-viz/graphviz-2.0.nix
index 8ecc5bf9ac8..d7ec4a86463 100644
--- a/pkgs/applications/version-management/monotone-viz/graphviz-2.0.nix
+++ b/pkgs/applications/version-management/monotone-viz/graphviz-2.0.nix
@@ -2,8 +2,6 @@
 , yacc, libtool, fontconfig, pango, gd, libwebp
 }:
 
-assert libpng != null && libjpeg != null && expat != null;
-
 stdenv.mkDerivation rec {
   name = "graphviz-2.0";
 
diff --git a/pkgs/applications/video/clipgrab/default.nix b/pkgs/applications/video/clipgrab/default.nix
index 6db2450d136..b24ff43ac67 100644
--- a/pkgs/applications/video/clipgrab/default.nix
+++ b/pkgs/applications/video/clipgrab/default.nix
@@ -5,10 +5,10 @@
 
 mkDerivation rec {
   pname = "clipgrab";
-  version = "3.9.5";
+  version = "3.9.6";
 
   src = fetchurl {
-    sha256 = "1p8pqa5s70basdm2zpmahc54shsxrr0fr7chvv425n5a9sqba4dh";
+    sha256 = "sha256-1rQu2Gh9PKSbC0tuQxLwFhzy280z4obpa+eXvDBzDW0=";
     # The .tar.bz2 "Download" link is a binary blob, the source is the .tar.gz!
     url = "https://download.clipgrab.org/${pname}-${version}.tar.gz";
   };
diff --git a/pkgs/applications/video/kodi-packages/addon-update-script/default.nix b/pkgs/applications/video/kodi-packages/addon-update-script/default.nix
new file mode 100644
index 00000000000..17c1d45783f
--- /dev/null
+++ b/pkgs/applications/video/kodi-packages/addon-update-script/default.nix
@@ -0,0 +1,23 @@
+{ writeShellScript
+, nix
+, curl
+, gzip
+, xmlstarlet
+, common-updater-scripts
+}:
+
+{ attrPath }:
+
+let
+  url = "http://mirrors.kodi.tv/addons/matrix/addons.xml.gz";
+  updateScript = writeShellScript "update.sh" ''
+    set -ex
+
+    attrPath=$1
+    namespace=$(${nix}/bin/nix-instantiate $systemArg --eval -E "with import ./. {}; $attrPath.namespace" | tr -d '"')
+    version=$(${curl}/bin/curl -s -L ${url} | ${gzip}/bin/gunzip -c | ${xmlstarlet}/bin/xml select -T -t -m "//addons/addon[@id='$namespace']" -v @version)
+
+    ${common-updater-scripts}/bin/update-source-version "$attrPath" "$version"
+  '';
+in
+  [ updateScript attrPath ]
diff --git a/pkgs/applications/video/kodi-packages/certifi/default.nix b/pkgs/applications/video/kodi-packages/certifi/default.nix
new file mode 100644
index 00000000000..bfce47b7b2c
--- /dev/null
+++ b/pkgs/applications/video/kodi-packages/certifi/default.nix
@@ -0,0 +1,21 @@
+{ lib, buildKodiAddon, fetchzip, addonUpdateScript }:
+buildKodiAddon rec {
+  pname = "certifi";
+  namespace = "script.module.certifi";
+  version = "2019.11.28+matrix.1";
+
+  src = fetchzip {
+    url = "https://mirrors.kodi.tv/addons/matrix/${namespace}/${namespace}-${version}.zip";
+    sha256 = "0vsd68izv1ix0hb1gm74qq3zff0sxmhfhjyh7y9005zzp2gpi62v";
+  };
+
+  passthru.updateScript = addonUpdateScript {
+    attrPath = "kodi.packages.certifi";
+  };
+
+  meta = with lib; {
+    homepage = "https://certifi.io";
+    description = "Python package for providing Mozilla's CA Bundle";
+    license = licenses.mpl20;
+  };
+}
diff --git a/pkgs/applications/video/kodi-packages/chardet/default.nix b/pkgs/applications/video/kodi-packages/chardet/default.nix
new file mode 100644
index 00000000000..1e37f6b46e2
--- /dev/null
+++ b/pkgs/applications/video/kodi-packages/chardet/default.nix
@@ -0,0 +1,21 @@
+{ lib, buildKodiAddon, fetchzip, addonUpdateScript }:
+buildKodiAddon rec {
+  pname = "chardet";
+  namespace = "script.module.chardet";
+  version = "3.0.4+matrix.3";
+
+  src = fetchzip {
+    url = "https://mirrors.kodi.tv/addons/matrix/${namespace}/${namespace}-${version}.zip";
+    sha256 = "05928dj4fsj2zg8ajdial3sdf8izddq64sr0al3zy1gqw91jp80f";
+  };
+
+  passthru.updateScript = addonUpdateScript {
+    attrPath = "kodi.packages.chardet";
+  };
+
+  meta = with lib; {
+    homepage = "https://github.com/Freso/script.module.chardet";
+    description = "Universal encoding detector";
+    license = licenses.lgpl2Only;
+  };
+}
diff --git a/pkgs/applications/video/kodi-packages/controllers/default.nix b/pkgs/applications/video/kodi-packages/controllers/default.nix
new file mode 100644
index 00000000000..bd29b7c0f7c
--- /dev/null
+++ b/pkgs/applications/video/kodi-packages/controllers/default.nix
@@ -0,0 +1,21 @@
+{ lib, buildKodiAddon, fetchFromGitHub, controller }:
+buildKodiAddon rec {
+  pname = "game-controller-${controller}";
+  namespace = "game.controller.${controller}";
+  version = "1.0.3";
+
+  sourceDir = "addons/" + namespace;
+
+  src = fetchFromGitHub {
+    owner = "kodi-game";
+    repo = "kodi-game-controllers";
+    rev = "01acb5b6e8b85392b3cb298b034aadb1b24ccf18";
+    sha256 = "0sbc0w0fwbp7rbmbgb6a1kglhnn5g85hijcbbvf5x6jdq9v3f1qb";
+  };
+
+  meta = with lib; {
+    description = "Add support for different gaming controllers.";
+    platforms = platforms.all;
+    maintainers = with maintainers; [ edwtjo ];
+  };
+}
diff --git a/pkgs/applications/video/kodi-packages/idna/default.nix b/pkgs/applications/video/kodi-packages/idna/default.nix
new file mode 100644
index 00000000000..abe5635e828
--- /dev/null
+++ b/pkgs/applications/video/kodi-packages/idna/default.nix
@@ -0,0 +1,21 @@
+{ lib, buildKodiAddon, fetchzip, addonUpdateScript }:
+buildKodiAddon rec {
+  pname = "idna";
+  namespace = "script.module.idna";
+  version = "2.8.1+matrix.1";
+
+  src = fetchzip {
+    url = "https://mirrors.kodi.tv/addons/matrix/${namespace}/${namespace}-${version}.zip";
+    sha256 = "02s75fhfmbs3a38wvxba51aj3lv5bidshjdkl6yjfji6waxpr9xh";
+  };
+
+  passthru.updateScript = addonUpdateScript {
+    attrPath = "kodi.packages.idna";
+  };
+
+  meta = with lib; {
+    homepage = "https://github.com/Freso/script.module.idna";
+    description = "Internationalized Domain Names for Python";
+    license = licenses.bsd3;
+  };
+}
diff --git a/pkgs/applications/video/kodi-packages/inputstream-adaptive/default.nix b/pkgs/applications/video/kodi-packages/inputstream-adaptive/default.nix
new file mode 100644
index 00000000000..cd4c5aca117
--- /dev/null
+++ b/pkgs/applications/video/kodi-packages/inputstream-adaptive/default.nix
@@ -0,0 +1,28 @@
+{ stdenv, lib, rel, addonDir, buildKodiBinaryAddon, fetchFromGitHub, expat, glib, nspr, nss }:
+buildKodiBinaryAddon rec {
+  pname = "inputstream-adaptive";
+  namespace = "inputstream.adaptive";
+  version = "2.6.7";
+
+  src = fetchFromGitHub {
+    owner = "peak3d";
+    repo = "inputstream.adaptive";
+    rev = "${version}-${rel}";
+    sha256 = "1pwqmbr78wp12jn6rwv63npdfc456adwz0amlxf6gvgg43li6p7s";
+  };
+
+  extraBuildInputs = [ expat ];
+
+  extraRuntimeDependencies = [ glib nspr nss stdenv.cc.cc.lib ];
+
+  extraInstallPhase = let n = namespace; in ''
+    ln -s $out/lib/addons/${n}/libssd_wv.so $out/${addonDir}/${n}/libssd_wv.so
+  '';
+
+  meta = with lib; {
+    homepage = "https://github.com/peak3d/inputstream.adaptive";
+    description = "Kodi inputstream addon for several manifest types";
+    platforms = platforms.all;
+    maintainers = with maintainers; [ sephalon ];
+  };
+}
diff --git a/pkgs/applications/video/kodi-packages/inputstreamhelper/default.nix b/pkgs/applications/video/kodi-packages/inputstreamhelper/default.nix
new file mode 100644
index 00000000000..2bbcc6d9d2c
--- /dev/null
+++ b/pkgs/applications/video/kodi-packages/inputstreamhelper/default.nix
@@ -0,0 +1,21 @@
+{ lib, buildKodiAddon, fetchzip, addonUpdateScript }:
+buildKodiAddon rec {
+  pname = "inputstreamhelper";
+  namespace = "script.module.inputstreamhelper";
+  version = "0.5.2+matrix.1";
+
+  src = fetchzip {
+    url = "https://mirrors.kodi.tv/addons/matrix/${namespace}/${namespace}-${version}.zip";
+    sha256 = "18lkksljfa57w69yklbldf7dgyykrm84pd10mdjdqdm88fdiiijk";
+  };
+
+  passthru.updateScript = addonUpdateScript {
+    attrPath = "kodi.packages.inputstreamhelper";
+  };
+
+  meta = with lib; {
+    homepage = "https://github.com/emilsvennesson/script.module.inputstreamhelper";
+    description = "A simple Kodi module that makes life easier for add-on developers relying on InputStream based add-ons and DRM playback";
+    license = licenses.mit;
+  };
+}
diff --git a/pkgs/applications/video/kodi-packages/joystick/default.nix b/pkgs/applications/video/kodi-packages/joystick/default.nix
new file mode 100644
index 00000000000..321ddce905f
--- /dev/null
+++ b/pkgs/applications/video/kodi-packages/joystick/default.nix
@@ -0,0 +1,21 @@
+{ lib, rel, buildKodiBinaryAddon, fetchFromGitHub, tinyxml, udev }:
+buildKodiBinaryAddon rec {
+  pname = namespace;
+  namespace = "peripheral.joystick";
+  version = "1.7.1";
+
+  src = fetchFromGitHub {
+    owner = "xbmc";
+    repo = namespace;
+    rev = "${version}-${rel}";
+    sha256 = "1dhj4afr9kj938xx70fq5r409mz6lbw4n581ljvdjj9lq7akc914";
+  };
+
+  meta = with lib; {
+    description = "Binary addon for raw joystick input.";
+    platforms = platforms.all;
+    maintainers = with maintainers; [ edwtjo ];
+  };
+
+  extraBuildInputs = [ tinyxml udev ];
+}
diff --git a/pkgs/applications/video/kodi-packages/kodi-platform/default.nix b/pkgs/applications/video/kodi-packages/kodi-platform/default.nix
new file mode 100644
index 00000000000..6d458f7377d
--- /dev/null
+++ b/pkgs/applications/video/kodi-packages/kodi-platform/default.nix
@@ -0,0 +1,15 @@
+{ stdenv, fetchFromGitHub, cmake, kodi, libcec_platform, tinyxml }:
+stdenv.mkDerivation rec {
+  pname = "kodi-platform";
+  version = "17.1";
+
+  src = fetchFromGitHub {
+    owner = "xbmc";
+    repo = pname;
+    rev = "c8188d82678fec6b784597db69a68e74ff4986b5";
+    sha256 = "1r3gs3c6zczmm66qcxh9mr306clwb3p7ykzb70r3jv5jqggiz199";
+  };
+
+  nativeBuildInputs = [ cmake ];
+  buildInputs = [ kodi libcec_platform tinyxml ];
+}
diff --git a/pkgs/applications/video/kodi-packages/myconnpy/default.nix b/pkgs/applications/video/kodi-packages/myconnpy/default.nix
new file mode 100644
index 00000000000..a1b25576524
--- /dev/null
+++ b/pkgs/applications/video/kodi-packages/myconnpy/default.nix
@@ -0,0 +1,21 @@
+{ lib, buildKodiAddon, fetchzip, addonUpdateScript }:
+buildKodiAddon rec {
+  pname = "myconnpy";
+  namespace = "script.module.myconnpy";
+  version = "8.0.18+matrix.1";
+
+  src = fetchzip {
+    url = "https://mirrors.kodi.tv/addons/matrix/${namespace}/${namespace}-${version}.zip";
+    sha256 = "1cx3qdzw9lkkmbyvyrmc2i193is20fihn2sfl7kmv43f708vam0k";
+  };
+
+  passthru.updateScript = addonUpdateScript {
+    attrPath = "kodi.packages.myconnpy";
+  };
+
+  meta = with lib; {
+    homepage = "http://dev.mysql.com/doc/connector-python/en/index.html";
+    description = "MySQL Connector/Python";
+    license = licenses.gpl2Only;
+  };
+}
diff --git a/pkgs/applications/video/kodi-packages/netflix/default.nix b/pkgs/applications/video/kodi-packages/netflix/default.nix
new file mode 100644
index 00000000000..20440153f76
--- /dev/null
+++ b/pkgs/applications/video/kodi-packages/netflix/default.nix
@@ -0,0 +1,26 @@
+{ lib, buildKodiAddon, fetchFromGitHub, signals, inputstreamhelper, requests, myconnpy }:
+buildKodiAddon rec {
+  pname = "netflix";
+  namespace = "plugin.video.netflix";
+  version = "1.14.1";
+
+  src = fetchFromGitHub {
+    owner = "CastagnaIT";
+    repo = namespace;
+    rev = "v${version}";
+    sha256 = "0vv3234gg4brp0gvrsl4vdskmpfbyk4z7cjmmj31zn4m8j33japn";
+  };
+
+  propagatedBuildInputs = [
+    signals
+    inputstreamhelper
+    requests
+    myconnpy
+  ];
+
+  meta = with lib; {
+    homepage = "https://github.com/CastagnaIT/plugin.video.netflix";
+    description = "Netflix VOD Services Add-on";
+    license = licenses.mit;
+  };
+}
diff --git a/pkgs/applications/video/kodi-packages/osmc-skin/default.nix b/pkgs/applications/video/kodi-packages/osmc-skin/default.nix
new file mode 100644
index 00000000000..c83fd66a433
--- /dev/null
+++ b/pkgs/applications/video/kodi-packages/osmc-skin/default.nix
@@ -0,0 +1,21 @@
+{ lib, buildKodiAddon, fetchFromGitHub }:
+buildKodiAddon rec {
+  pname = "osmc-skin";
+  namespace = "skin.osmc";
+  version = "18.0.0";
+
+  src = fetchFromGitHub {
+    owner = "osmc";
+    repo = namespace;
+    rev = "40a6c318641e2cbeac58fb0e7dde9c2beac737a0";
+    sha256 = "1l7hyfj5zvjxjdm94y325bmy1naak455b9l8952sb0gllzrcwj6s";
+  };
+
+  meta = with lib; {
+    homepage = "https://github.com/osmc/skin.osmc";
+    description = "The default skin for OSMC";
+    platforms = platforms.all;
+    maintainers = with maintainers; [ worldofpeace ];
+    license = licenses.cc-by-nc-sa-30;
+  };
+}
diff --git a/pkgs/applications/video/kodi-packages/pdfreader/default.nix b/pkgs/applications/video/kodi-packages/pdfreader/default.nix
new file mode 100644
index 00000000000..430b9be3fd4
--- /dev/null
+++ b/pkgs/applications/video/kodi-packages/pdfreader/default.nix
@@ -0,0 +1,19 @@
+{ lib, buildKodiAddon, fetchFromGitHub }:
+buildKodiAddon rec {
+  pname = "pdfreader";
+  namespace = "plugin.image.pdf";
+  version = "2.0.2";
+
+  src = fetchFromGitHub {
+    owner = "i96751414";
+    repo = "plugin.image.pdfreader";
+    rev = "v${version}";
+    sha256 = "0nkqhlm1gyagq6xpdgqvd5qxyr2ngpml9smdmzfabc8b972mwjml";
+  };
+
+  meta = with lib; {
+    homepage = "https://forum.kodi.tv/showthread.php?tid=187421";
+    description = "A comic book reader";
+    maintainers = with maintainers; [ edwtjo ];
+  };
+}
diff --git a/pkgs/applications/video/kodi-packages/pvr-hdhomerun/default.nix b/pkgs/applications/video/kodi-packages/pvr-hdhomerun/default.nix
new file mode 100644
index 00000000000..3920120b90a
--- /dev/null
+++ b/pkgs/applications/video/kodi-packages/pvr-hdhomerun/default.nix
@@ -0,0 +1,22 @@
+{ lib, rel, buildKodiBinaryAddon, fetchFromGitHub, jsoncpp, libhdhomerun }:
+buildKodiBinaryAddon rec {
+  pname = "pvr-hdhomerun";
+  namespace = "pvr.hdhomerun";
+  version = "7.1.0";
+
+  src = fetchFromGitHub {
+    owner = "kodi-pvr";
+    repo = "pvr.hdhomerun";
+    rev = "${version}-${rel}";
+    sha256 = "0gbwjssnd319csq2kwlyjj1rskg19m1dxac5dl2dymvx5hn3zrgm";
+  };
+
+  meta = with lib; {
+    homepage = "https://github.com/kodi-pvr/pvr.hdhomerun";
+    description = "Kodi's HDHomeRun PVR client addon";
+    platforms = platforms.all;
+    maintainers = with maintainers; [ titanous ];
+  };
+
+  extraBuildInputs = [ jsoncpp libhdhomerun ];
+}
diff --git a/pkgs/applications/video/kodi-packages/pvr-hts/default.nix b/pkgs/applications/video/kodi-packages/pvr-hts/default.nix
new file mode 100644
index 00000000000..935238758a6
--- /dev/null
+++ b/pkgs/applications/video/kodi-packages/pvr-hts/default.nix
@@ -0,0 +1,21 @@
+{ lib, rel, buildKodiBinaryAddon, fetchFromGitHub }:
+buildKodiBinaryAddon rec {
+  pname = "pvr-hts";
+  namespace = "pvr.hts";
+  version = "8.2.2";
+
+  src = fetchFromGitHub {
+    owner = "kodi-pvr";
+    repo = "pvr.hts";
+    rev = "${version}-${rel}";
+    sha256 = "0jnn9gfjl556acqjf92wzzn371gxymhbbi665nqgg2gjcan0a49q";
+  };
+
+  meta = with lib; {
+    homepage = "https://github.com/kodi-pvr/pvr.hts";
+    description = "Kodi's Tvheadend HTSP client addon";
+    platforms = platforms.all;
+    maintainers = with maintainers; [ cpages ];
+  };
+
+}
diff --git a/pkgs/applications/video/kodi-packages/pvr-iptvsimple/default.nix b/pkgs/applications/video/kodi-packages/pvr-iptvsimple/default.nix
new file mode 100644
index 00000000000..b508eae8c7e
--- /dev/null
+++ b/pkgs/applications/video/kodi-packages/pvr-iptvsimple/default.nix
@@ -0,0 +1,22 @@
+{ lib, rel, buildKodiBinaryAddon, fetchFromGitHub, zlib, pugixml }:
+buildKodiBinaryAddon rec {
+  pname = "pvr-iptvsimple";
+  namespace = "pvr.iptvsimple";
+  version = "7.4.2";
+
+  src = fetchFromGitHub {
+    owner = "kodi-pvr";
+    repo = "pvr.iptvsimple";
+    rev = "${version}-${rel}";
+    sha256 = "062i922qi0izkvn7v47yhyy2cf3fa7xc3k95b1gm9abfdwkk8ywr";
+  };
+
+  meta = with lib; {
+    homepage = "https://github.com/kodi-pvr/pvr.iptvsimple";
+    description = "Kodi's IPTV Simple client addon";
+    platforms = platforms.all;
+    license = licenses.gpl2Plus;
+  };
+
+  extraBuildInputs = [ zlib pugixml ];
+}
diff --git a/pkgs/applications/video/kodi-packages/requests/default.nix b/pkgs/applications/video/kodi-packages/requests/default.nix
new file mode 100644
index 00000000000..05288b74b6c
--- /dev/null
+++ b/pkgs/applications/video/kodi-packages/requests/default.nix
@@ -0,0 +1,28 @@
+{ lib, buildKodiAddon, fetchzip, addonUpdateScript, certifi, chardet, idna, urllib3 }:
+buildKodiAddon rec {
+  pname = "requests";
+  namespace = "script.module.requests";
+  version = "2.22.0+matrix.1";
+
+  src = fetchzip {
+    url = "https://mirrors.kodi.tv/addons/matrix/${namespace}/${namespace}-${version}.zip";
+    sha256 = "09576galkyzhw8fhy2h4aablm5rm2v08g0mdmg9nn55dlxhkkljq";
+  };
+
+  propagatedBuildInputs = [
+    certifi
+    chardet
+    idna
+    urllib3
+  ];
+
+  passthru.updateScript = addonUpdateScript {
+    attrPath = "kodi.packages.requests";
+  };
+
+  meta = with lib; {
+    homepage = "http://python-requests.org";
+    description = "Python HTTP for Humans";
+    license = licenses.asl20;
+  };
+}
diff --git a/pkgs/applications/video/kodi-packages/signals/default.nix b/pkgs/applications/video/kodi-packages/signals/default.nix
new file mode 100644
index 00000000000..9d49e632721
--- /dev/null
+++ b/pkgs/applications/video/kodi-packages/signals/default.nix
@@ -0,0 +1,21 @@
+{ lib, buildKodiAddon, fetchzip, addonUpdateScript }:
+buildKodiAddon rec {
+  pname = "signals";
+  namespace = "script.module.addon.signals";
+  version = "0.0.6+matrix.1";
+
+  src = fetchzip {
+    url = "https://mirrors.kodi.tv/addons/matrix/${namespace}/${namespace}-${version}.zip";
+    sha256 = "1qcjbakch8hvx02wc01zv014nmzgn6ahc4n2bj5mzr114ppd3hjs";
+  };
+
+  passthru.updateScript = addonUpdateScript {
+    attrPath = "kodi.packages.signals";
+  };
+
+  meta = with lib; {
+    homepage = "https://github.com/ruuk/script.module.addon.signals";
+    description = "Provides signal/slot mechanism for inter-addon communication";
+    license = licenses.lgpl21Only;
+  };
+}
diff --git a/pkgs/applications/video/kodi-packages/steam-controller/default.nix b/pkgs/applications/video/kodi-packages/steam-controller/default.nix
new file mode 100644
index 00000000000..5eee0eff941
--- /dev/null
+++ b/pkgs/applications/video/kodi-packages/steam-controller/default.nix
@@ -0,0 +1,22 @@
+{ lib, buildKodiBinaryAddon, fetchFromGitHub, libusb1 }:
+buildKodiBinaryAddon rec {
+  pname = namespace;
+  namespace = "peripheral.steamcontroller";
+  version = "0.11.0";
+
+  src = fetchFromGitHub {
+    owner = "kodi-game";
+    repo = namespace;
+    rev = "f68140ca44f163a03d3a625d1f2005a6edef96cb";
+    sha256 = "09lm8i119xlsxxk0c64rnp8iw0crr90v7m8iwi9r31qdmxrdxpmg";
+  };
+
+  extraBuildInputs = [ libusb1 ];
+
+  meta = with lib; {
+    description = "Binary addon for steam controller.";
+    platforms = platforms.all;
+    maintainers = with maintainers; [ edwtjo ];
+  };
+
+}
diff --git a/pkgs/applications/video/kodi-packages/steam-launcher/default.nix b/pkgs/applications/video/kodi-packages/steam-launcher/default.nix
new file mode 100644
index 00000000000..cb140b4fb4d
--- /dev/null
+++ b/pkgs/applications/video/kodi-packages/steam-launcher/default.nix
@@ -0,0 +1,28 @@
+{ lib, buildKodiAddon, fetchFromGitHub, steam }:
+buildKodiAddon {
+  pname = "steam-launcher";
+  namespace = "script.steam.launcher";
+  version = "3.5.1";
+
+  src = fetchFromGitHub rec {
+    owner = "teeedubb";
+    repo = owner + "-xbmc-repo";
+    rev = "8260bf9b464846a1f1965da495d2f2b7ceb81d55";
+    sha256 = "1fj3ry5s44nf1jzxk4bmnpa4b9p23nrpmpj2a4i6xf94h7jl7p5k";
+  };
+
+  propagatedBuildInputs = [ steam ];
+
+  meta = with lib; {
+    homepage = "https://forum.kodi.tv/showthread.php?tid=157499";
+    description = "Launch Steam in Big Picture Mode from Kodi";
+    longDescription = ''
+      This add-on will close/minimise Kodi, launch Steam in Big
+      Picture Mode and when Steam BPM is exited (either by quitting
+      Steam or returning to the desktop) Kodi will
+      restart/maximise. Running pre/post Steam scripts can be
+      configured via the addon.
+    '';
+    maintainers = with maintainers; [ edwtjo ];
+  };
+}
diff --git a/pkgs/applications/video/kodi-packages/svtplay/default.nix b/pkgs/applications/video/kodi-packages/svtplay/default.nix
new file mode 100644
index 00000000000..cc7d350fa31
--- /dev/null
+++ b/pkgs/applications/video/kodi-packages/svtplay/default.nix
@@ -0,0 +1,26 @@
+{ lib, buildKodiAddon, fetchFromGitHub }:
+buildKodiAddon rec {
+  pname = "svtplay";
+  namespace = "plugin.video.svtplay";
+  version = "5.1.12";
+
+  src = fetchFromGitHub {
+    owner = "nilzen";
+    repo = "xbmc-" + pname;
+    rev = "v${version}";
+    sha256 = "04j1nhm7mh9chs995lz6bv1vsq5xzk7a7c0lmk4bnfv8jrfpj0w6";
+  };
+
+  meta = with lib; {
+    homepage = "https://forum.kodi.tv/showthread.php?tid=67110";
+    description = "Watch content from SVT Play";
+    longDescription = ''
+      With this addon you can stream content from SVT Play
+      (svtplay.se). The plugin fetches the video URL from the SVT
+      Play website and feeds it to the Kodi video player. HLS (m3u8)
+      is the preferred video format by the plugin.
+    '';
+    platforms = platforms.all;
+    maintainers = with maintainers; [ edwtjo ];
+  };
+}
diff --git a/pkgs/applications/video/kodi-packages/urllib3/default.nix b/pkgs/applications/video/kodi-packages/urllib3/default.nix
new file mode 100644
index 00000000000..e8146987913
--- /dev/null
+++ b/pkgs/applications/video/kodi-packages/urllib3/default.nix
@@ -0,0 +1,21 @@
+{ lib, buildKodiAddon, fetchzip, addonUpdateScript }:
+buildKodiAddon rec {
+  pname = "urllib3";
+  namespace = "script.module.urllib3";
+  version = "1.25.8+matrix.1";
+
+  src = fetchzip {
+    url = "https://mirrors.kodi.tv/addons/matrix/${namespace}/${namespace}-${version}.zip";
+    sha256 = "080yq8ns0sag6rmdag1hjwi0whcmp35wzqjp3by92m81cpszs75q";
+  };
+
+  passthru.updateScript = addonUpdateScript {
+    attrPath = "kodi.packages.urllib3";
+  };
+
+  meta = with lib; {
+    homepage = "https://urllib3.readthedocs.io/en/latest/";
+    description = "HTTP library with thread-safe connection pooling, file post, and more";
+    license = licenses.mit;
+  };
+}
diff --git a/pkgs/applications/video/kodi-packages/vfs-libarchive/default.nix b/pkgs/applications/video/kodi-packages/vfs-libarchive/default.nix
new file mode 100644
index 00000000000..13100b0dd35
--- /dev/null
+++ b/pkgs/applications/video/kodi-packages/vfs-libarchive/default.nix
@@ -0,0 +1,22 @@
+{ lib, rel, buildKodiBinaryAddon, fetchFromGitHub, libarchive, lzma, bzip2, zlib, lz4, lzo, openssl }:
+buildKodiBinaryAddon rec {
+  pname = namespace;
+  namespace = "vfs.libarchive";
+  version = "2.0.0";
+
+  src = fetchFromGitHub {
+    owner = "xbmc";
+    repo = namespace;
+    rev = "${version}-${rel}";
+    sha256 = "1q62p1i6rvqk2zv6f1cpffkh95lgclys2xl4dwyhj3acmqdxd9i5";
+  };
+
+  meta = with lib; {
+    description = "LibArchive Virtual Filesystem add-on for Kodi";
+    license = licenses.gpl2Plus;
+    platforms = platforms.all;
+    maintainers = with maintainers; [ minijackson ];
+  };
+
+  extraBuildInputs = [ libarchive lzma bzip2 zlib lz4 lzo openssl ];
+}
diff --git a/pkgs/applications/video/kodi-packages/vfs-sftp/default.nix b/pkgs/applications/video/kodi-packages/vfs-sftp/default.nix
new file mode 100644
index 00000000000..7910ab640e9
--- /dev/null
+++ b/pkgs/applications/video/kodi-packages/vfs-sftp/default.nix
@@ -0,0 +1,22 @@
+{ lib, rel, buildKodiBinaryAddon, fetchFromGitHub, openssl, libssh, zlib }:
+buildKodiBinaryAddon rec {
+  pname = namespace;
+  namespace = "vfs.sftp";
+  version = "2.0.0";
+
+  src = fetchFromGitHub {
+    owner = "xbmc";
+    repo = namespace;
+    rev = "${version}-${rel}";
+    sha256 = "06w74sh8yagrrp7a7rjaz3xrh1j3wdqald9c4b72c33gpk5997dk";
+  };
+
+  meta = with lib; {
+    description = "SFTP Virtual Filesystem add-on for Kodi";
+    license = licenses.gpl2Plus;
+    platforms = platforms.all;
+    maintainers = with maintainers; [ minijackson ];
+  };
+
+  extraBuildInputs = [ openssl libssh zlib ];
+}
diff --git a/pkgs/applications/video/kodi/build-kodi-addon.nix b/pkgs/applications/video/kodi/build-kodi-addon.nix
new file mode 100644
index 00000000000..cd768b6fa99
--- /dev/null
+++ b/pkgs/applications/video/kodi/build-kodi-addon.nix
@@ -0,0 +1,21 @@
+{ stdenv, toKodiAddon, addonDir }:
+{ name ? "${attrs.pname}-${attrs.version}"
+, namespace
+, sourceDir ? ""
+, ... } @ attrs:
+toKodiAddon (stdenv.mkDerivation ({
+  name = "kodi-" + name;
+
+  dontStrip = true;
+
+  extraRuntimeDependencies = [ ];
+
+  installPhase = ''
+    cd $src/$sourceDir
+    d=$out${addonDir}/${namespace}
+    mkdir -p $d
+    sauce="."
+    [ -d ${namespace} ] && sauce=${namespace}
+    cp -R "$sauce/"* $d
+  '';
+} // attrs))
diff --git a/pkgs/applications/video/kodi/build-kodi-binary-addon.nix b/pkgs/applications/video/kodi/build-kodi-binary-addon.nix
new file mode 100644
index 00000000000..74ce508ab6a
--- /dev/null
+++ b/pkgs/applications/video/kodi/build-kodi-binary-addon.nix
@@ -0,0 +1,31 @@
+{ stdenv, toKodiAddon, addonDir, cmake, kodi, kodi-platform, libcec_platform }:
+{ name ? "${attrs.pname}-${attrs.version}"
+, namespace
+, version
+, extraBuildInputs ? []
+, extraRuntimeDependencies ? []
+, extraInstallPhase ? "", ... } @ attrs:
+toKodiAddon (stdenv.mkDerivation ({
+  name = "kodi-" + name;
+
+  dontStrip = true;
+
+  nativeBuildInputs = [ cmake ];
+  buildInputs = [ kodi kodi-platform libcec_platform ] ++ extraBuildInputs;
+
+  inherit extraRuntimeDependencies;
+
+  # disables check ensuring install prefix is that of kodi
+  cmakeFlags = [
+    "-DOVERRIDE_PATHS=1"
+  ];
+
+  # kodi checks for addon .so libs existance in the addon folder (share/...)
+  # and the non-wrapped kodi lib/... folder before even trying to dlopen
+  # them. Symlinking .so, as setting LD_LIBRARY_PATH is of no use
+  installPhase = let n = namespace; in ''
+    make install
+    ln -s $out/lib/addons/${n}/${n}.so.${version} $out${addonDir}/${n}/${n}.so.${version}
+    ${extraInstallPhase}
+  '';
+} // attrs))
diff --git a/pkgs/applications/video/kodi/default.nix b/pkgs/applications/video/kodi/default.nix
index 55ba84cc454..3f382efff11 100644
--- a/pkgs/applications/video/kodi/default.nix
+++ b/pkgs/applications/video/kodi/default.nix
@@ -1,7 +1,7 @@
 { callPackage, ... } @ args:
 let
   unwrapped = callPackage ./unwrapped.nix (removeAttrs args [ "callPackage" ]);
-  kodiPackages = callPackage ./packages.nix { kodi = unwrapped; };
+  kodiPackages = callPackage ../../../top-level/kodi-packages.nix { kodi = unwrapped; };
 in
   unwrapped.overrideAttrs (oldAttrs: {
     passthru = oldAttrs.passthru // {
diff --git a/pkgs/applications/video/kodi/packages.nix b/pkgs/applications/video/kodi/packages.nix
deleted file mode 100644
index 8e0ecbf9b9b..00000000000
--- a/pkgs/applications/video/kodi/packages.nix
+++ /dev/null
@@ -1,560 +0,0 @@
-{ lib, stdenv, callPackage, fetchFromGitHub
-, cmake, kodi, libcec_platform, tinyxml, pugixml
-, steam, udev, libusb1, jsoncpp, libhdhomerun, zlib
-, python3Packages, expat, glib, nspr, nss, openssl
-, libssh, libarchive, lzma, bzip2, lz4, lzo }:
-
-with lib;
-
-let self = rec {
-
-  addonDir = "/share/kodi/addons";
-  rel = "Matrix";
-
-  inherit kodi;
-
-  # Convert derivation to a kodi module. Stolen from ../../../top-level/python-packages.nix
-  toKodiAddon = drv: drv.overrideAttrs(oldAttrs: {
-    # Use passthru in order to prevent rebuilds when possible.
-    passthru = (oldAttrs.passthru or {})// {
-      kodiAddonFor = kodi;
-      requiredKodiAddons = requiredKodiAddons drv.propagatedBuildInputs;
-    };
-  });
-
-  # Check whether a derivation provides a Kodi addon.
-  hasKodiAddon = drv: drv ? kodiAddonFor && drv.kodiAddonFor == kodi;
-
-  # Get list of required Kodi addons given a list of derivations.
-  requiredKodiAddons = drvs: let
-      modules = filter hasKodiAddon drvs;
-    in unique (modules ++ concatLists (catAttrs "requiredKodiAddons" modules));
-
-  kodi-platform = stdenv.mkDerivation rec {
-    project = "kodi-platform";
-    version = "17.1";
-    name = "${project}-${version}";
-
-    src = fetchFromGitHub {
-      owner = "xbmc";
-      repo = project;
-      rev = "c8188d82678fec6b784597db69a68e74ff4986b5";
-      sha256 = "1r3gs3c6zczmm66qcxh9mr306clwb3p7ykzb70r3jv5jqggiz199";
-    };
-
-    nativeBuildInputs = [ cmake ];
-    buildInputs = [ kodi libcec_platform tinyxml ];
-  };
-
-  buildKodiAddon =
-    { name ? "${attrs.pname}-${attrs.version}"
-    , namespace
-    , sourceDir ? ""
-    , ... } @ attrs:
-  toKodiAddon (stdenv.mkDerivation ({
-    name = "kodi-" + name;
-
-    dontStrip = true;
-
-    extraRuntimeDependencies = [ ];
-
-    installPhase = ''
-      cd $src/$sourceDir
-      d=$out${addonDir}/${namespace}
-      mkdir -p $d
-      sauce="."
-      [ -d ${namespace} ] && sauce=${namespace}
-      cp -R "$sauce/"* $d
-    '';
-  } // attrs));
-
-  buildKodiBinaryAddon =
-    { name ? "${attrs.pname}-${attrs.version}"
-    , namespace
-    , version
-    , extraBuildInputs ? []
-    , extraRuntimeDependencies ? []
-    , extraInstallPhase ? "", ... } @ attrs:
-  toKodiAddon (stdenv.mkDerivation ({
-    name = "kodi-" + name;
-
-    dontStrip = true;
-
-    nativeBuildInputs = [ cmake ];
-    buildInputs = [ kodi kodi-platform libcec_platform ] ++ extraBuildInputs;
-
-    inherit extraRuntimeDependencies;
-
-    # disables check ensuring install prefix is that of kodi
-    cmakeFlags = [
-      "-DOVERRIDE_PATHS=1"
-    ];
-
-    # kodi checks for addon .so libs existance in the addon folder (share/...)
-    # and the non-wrapped kodi lib/... folder before even trying to dlopen
-    # them. Symlinking .so, as setting LD_LIBRARY_PATH is of no use
-    installPhase = let n = namespace; in ''
-      make install
-      ln -s $out/lib/addons/${n}/${n}.so.${version} $out${addonDir}/${n}/${n}.so.${version}
-      ${extraInstallPhase}
-    '';
-  } // attrs));
-
-  advanced-launcher = buildKodiAddon rec {
-
-    pname = "advanced-launcher";
-    namespace = "plugin.program.advanced.launcher";
-    version = "2.5.8";
-
-    src = fetchFromGitHub {
-      owner = "edwtjo";
-      repo = pname;
-      rev = version;
-      sha256 = "142vvgs37asq5m54xqhjzqvgmb0xlirvm0kz6lxaqynp0vvgrkx2";
-    };
-
-    meta = {
-      homepage = "https://forum.kodi.tv/showthread.php?tid=85724";
-      description = "A program launcher for Kodi";
-      longDescription = ''
-        Advanced Launcher allows you to start any Linux, Windows and
-        macOS external applications (with command line support or not)
-        directly from the Kodi GUI. Advanced Launcher also give you
-        the possibility to edit, download (from Internet resources)
-        and manage all the meta-data (informations and images) related
-        to these applications.
-      '';
-      platforms = platforms.all;
-      maintainers = with maintainers; [ edwtjo ];
-      broken = true; # requires port to python3
-    };
-
-  };
-
-  advanced-emulator-launcher = buildKodiAddon rec {
-
-    pname = "advanced-emulator-launcher";
-    namespace = "plugin.program.advanced.emulator.launcher";
-    version = "0.9.6";
-
-    src = fetchFromGitHub {
-      owner = "Wintermute0110";
-      repo = namespace;
-      rev = version;
-      sha256 = "1sv9z77jj6bam6llcnd9b3dgkbvhwad2m1v541rv3acrackms2z2";
-    };
-
-    meta = {
-      homepage = "https://forum.kodi.tv/showthread.php?tid=287826";
-      description = "A program launcher for Kodi";
-      longDescription = ''
-        Advanced Emulator Launcher is a multi-emulator front-end for Kodi
-        scalable to collections of thousands of ROMs. Includes offline scrapers
-        for MAME and No-Intro ROM sets and also supports scrapping ROM metadata
-        and artwork online. ROM auditing for No-Intro ROMs using No-Intro XML
-        DATs. Launching of games and standalone applications is also available.
-      '';
-      platforms = platforms.all;
-      maintainers = with maintainers; [ edwtjo ];
-      broken = true; # requires port to python3
-    };
-
-  };
-
-  controllers = let
-    pname = "game-controller";
-    version = "1.0.3";
-
-    src = fetchFromGitHub {
-      owner = "kodi-game";
-      repo = "kodi-game-controllers";
-      rev = "01acb5b6e8b85392b3cb298b034aadb1b24ccf18";
-      sha256 = "0sbc0w0fwbp7rbmbgb6a1kglhnn5g85hijcbbvf5x6jdq9v3f1qb";
-    };
-
-    meta = {
-      description = "Add support for different gaming controllers.";
-      platforms = platforms.all;
-      maintainers = with maintainers; [ edwtjo ];
-    };
-
-    mkController = controller: {
-        ${controller} = buildKodiAddon rec {
-          pname = pname + "-" + controller;
-          namespace = "game.controller." + controller;
-          sourceDir = "addons/" + namespace;
-          inherit version src meta;
-        };
-      };
-    in (mkController "default")
-    // (mkController "dreamcast")
-    // (mkController "gba")
-    // (mkController "genesis")
-    // (mkController "mouse")
-    // (mkController "n64")
-    // (mkController "nes")
-    // (mkController "ps")
-    // (mkController "snes");
-
-  hyper-launcher = let
-    pname = "hyper-launcher";
-    version = "1.5.2";
-    src = fetchFromGitHub rec {
-      name = pname + "-" + version + ".tar.gz";
-      owner = "teeedubb";
-      repo = owner + "-xbmc-repo";
-      rev = "f958ba93fe85b9c9025b1745d89c2db2e7dd9bf6";
-      sha256 = "1dvff24fbas25k5kvca4ssks9l1g5rfa3hl8lqxczkaqi3pp41j5";
-    };
-    meta = {
-      homepage = "https://forum.kodi.tv/showthread.php?tid=258159";
-      description = "A ROM launcher for Kodi that uses HyperSpin assets.";
-      maintainers = with maintainers; [ edwtjo ];
-      broken = true; # requires port to python3
-    };
-  in {
-    service = buildKodiAddon {
-      pname = pname + "-service";
-      version = "1.2.1";
-      namespace = "service.hyper.launcher";
-      inherit src meta;
-    };
-    plugin = buildKodiAddon {
-      namespace = "plugin.hyper.launcher";
-      inherit pname version src meta;
-    };
-  };
-
-  joystick = buildKodiBinaryAddon rec {
-    pname = namespace;
-    namespace = "peripheral.joystick";
-    version = "1.7.1";
-
-    src = fetchFromGitHub {
-      owner = "xbmc";
-      repo = namespace;
-      rev = "${version}-${rel}";
-      sha256 = "1dhj4afr9kj938xx70fq5r409mz6lbw4n581ljvdjj9lq7akc914";
-    };
-
-    meta = {
-      description = "Binary addon for raw joystick input.";
-      platforms = platforms.all;
-      maintainers = with maintainers; [ edwtjo ];
-    };
-
-    extraBuildInputs = [ tinyxml udev ];
-  };
-
-  simpleplugin = buildKodiAddon rec {
-    pname = "simpleplugin";
-    namespace = "script.module.simpleplugin";
-    version = "2.3.2";
-
-    src = fetchFromGitHub {
-      owner = "romanvm";
-      repo = namespace;
-      rev = "v.${version}";
-      sha256 = "0myar8dqjigb75pcc8zx3i5z79p1ifgphgb82s5syqywk0zaxm3j";
-    };
-
-    meta = {
-      homepage = src.meta.homepage;
-      description = "Simpleplugin API";
-      license = licenses.gpl3;
-      broken = true; # requires port to python3
-    };
-  };
-
-  svtplay = buildKodiAddon rec {
-
-    pname = "svtplay";
-    namespace = "plugin.video.svtplay";
-    version = "5.1.12";
-
-    src = fetchFromGitHub {
-      name = pname + "-" + version + ".tar.gz";
-      owner = "nilzen";
-      repo = "xbmc-" + pname;
-      rev = "v${version}";
-      sha256 = "04j1nhm7mh9chs995lz6bv1vsq5xzk7a7c0lmk4bnfv8jrfpj0w6";
-    };
-
-    meta = {
-      homepage = "https://forum.kodi.tv/showthread.php?tid=67110";
-      description = "Watch content from SVT Play";
-      longDescription = ''
-        With this addon you can stream content from SVT Play
-        (svtplay.se). The plugin fetches the video URL from the SVT
-        Play website and feeds it to the Kodi video player. HLS (m3u8)
-        is the preferred video format by the plugin.
-      '';
-      platforms = platforms.all;
-      maintainers = with maintainers; [ edwtjo ];
-    };
-
-  };
-
-  steam-controller = buildKodiBinaryAddon rec {
-    pname = namespace;
-    namespace = "peripheral.steamcontroller";
-    version = "0.11.0";
-
-    src = fetchFromGitHub {
-      owner = "kodi-game";
-      repo = namespace;
-      rev = "f68140ca44f163a03d3a625d1f2005a6edef96cb";
-      sha256 = "09lm8i119xlsxxk0c64rnp8iw0crr90v7m8iwi9r31qdmxrdxpmg";
-    };
-
-    extraBuildInputs = [ libusb1 ];
-
-    meta = {
-      description = "Binary addon for steam controller.";
-      platforms = platforms.all;
-      maintainers = with maintainers; [ edwtjo ];
-    };
-
-  };
-
-  steam-launcher = buildKodiAddon {
-
-    pname = "steam-launcher";
-    namespace = "script.steam.launcher";
-    version = "3.5.1";
-
-    src = fetchFromGitHub rec {
-      owner = "teeedubb";
-      repo = owner + "-xbmc-repo";
-      rev = "8260bf9b464846a1f1965da495d2f2b7ceb81d55";
-      sha256 = "1fj3ry5s44nf1jzxk4bmnpa4b9p23nrpmpj2a4i6xf94h7jl7p5k";
-    };
-
-    propagatedBuildInputs = [ steam ];
-
-    meta = {
-      homepage = "https://forum.kodi.tv/showthread.php?tid=157499";
-      description = "Launch Steam in Big Picture Mode from Kodi";
-      longDescription = ''
-        This add-on will close/minimise Kodi, launch Steam in Big
-        Picture Mode and when Steam BPM is exited (either by quitting
-        Steam or returning to the desktop) Kodi will
-        restart/maximise. Running pre/post Steam scripts can be
-        configured via the addon.
-      '';
-      maintainers = with maintainers; [ edwtjo ];
-    };
-  };
-
-  pdfreader = buildKodiAddon rec {
-    pname = "pdfreader";
-    namespace = "plugin.image.pdf";
-    version = "2.0.2";
-
-    src = fetchFromGitHub {
-      owner = "i96751414";
-      repo = "plugin.image.pdfreader";
-      rev = "v${version}";
-      sha256 = "0nkqhlm1gyagq6xpdgqvd5qxyr2ngpml9smdmzfabc8b972mwjml";
-    };
-
-    meta = {
-      homepage = "https://forum.kodi.tv/showthread.php?tid=187421";
-      description = "A comic book reader";
-      maintainers = with maintainers; [ edwtjo ];
-    };
-  };
-
-  pvr-hts = buildKodiBinaryAddon rec {
-
-    pname = "pvr-hts";
-    namespace = "pvr.hts";
-    version = "8.2.2";
-
-    src = fetchFromGitHub {
-      owner = "kodi-pvr";
-      repo = "pvr.hts";
-      rev = "${version}-${rel}";
-      sha256 = "0jnn9gfjl556acqjf92wzzn371gxymhbbi665nqgg2gjcan0a49q";
-    };
-
-    meta = {
-      homepage = "https://github.com/kodi-pvr/pvr.hts";
-      description = "Kodi's Tvheadend HTSP client addon";
-      platforms = platforms.all;
-      maintainers = with maintainers; [ cpages ];
-    };
-
-  };
-
-  pvr-hdhomerun = buildKodiBinaryAddon rec {
-
-    pname = "pvr-hdhomerun";
-    namespace = "pvr.hdhomerun";
-    version = "7.1.0";
-
-    src = fetchFromGitHub {
-      owner = "kodi-pvr";
-      repo = "pvr.hdhomerun";
-      rev = "${version}-${rel}";
-      sha256 = "0gbwjssnd319csq2kwlyjj1rskg19m1dxac5dl2dymvx5hn3zrgm";
-    };
-
-    meta = {
-      homepage = "https://github.com/kodi-pvr/pvr.hdhomerun";
-      description = "Kodi's HDHomeRun PVR client addon";
-      platforms = platforms.all;
-      maintainers = with maintainers; [ titanous ];
-    };
-
-    extraBuildInputs = [ jsoncpp libhdhomerun ];
-
-  };
-
-  pvr-iptvsimple = buildKodiBinaryAddon rec {
-
-    pname = "pvr-iptvsimple";
-    namespace = "pvr.iptvsimple";
-    version = "7.4.2";
-
-    src = fetchFromGitHub {
-      owner = "kodi-pvr";
-      repo = "pvr.iptvsimple";
-      rev = "${version}-${rel}";
-      sha256 = "062i922qi0izkvn7v47yhyy2cf3fa7xc3k95b1gm9abfdwkk8ywr";
-    };
-
-    meta = {
-      homepage = "https://github.com/kodi-pvr/pvr.iptvsimple";
-      description = "Kodi's IPTV Simple client addon";
-      platforms = platforms.all;
-      maintainers = with maintainers; [ ];
-      license = licenses.gpl2Plus;
-    };
-
-    extraBuildInputs = [ zlib pugixml ];
-  };
-
-  osmc-skin = buildKodiAddon rec {
-
-    pname = "osmc-skin";
-    namespace = "skin.osmc";
-    version = "18.0.0";
-
-    src = fetchFromGitHub {
-      owner = "osmc";
-      repo = namespace;
-      rev = "40a6c318641e2cbeac58fb0e7dde9c2beac737a0";
-      sha256 = "1l7hyfj5zvjxjdm94y325bmy1naak455b9l8952sb0gllzrcwj6s";
-    };
-
-    meta = {
-      homepage = "https://github.com/osmc/skin.osmc";
-      description = "The default skin for OSMC";
-      platforms = platforms.all;
-      maintainers = with maintainers; [ worldofpeace ];
-      license = licenses.cc-by-nc-sa-30;
-    };
-  };
-
-  yatp = python3Packages.toPythonModule (buildKodiAddon rec {
-    pname = "yatp";
-    namespace = "plugin.video.yatp";
-    version = "3.3.2";
-
-    src = fetchFromGitHub {
-      owner = "romanvm";
-      repo = "kodi.yatp";
-      rev = "v.${version}";
-      sha256 = "12g1f57sx7dy6wy7ljl7siz2qs1kxcmijcg7xx2xpvmq61x9qa2d";
-    };
-
-    patches = [ ./yatp/dont-monkey.patch ];
-
-    propagatedBuildInputs = [
-      simpleplugin
-      python3Packages.requests
-      python3Packages.libtorrent-rasterbar
-    ];
-
-    meta = {
-      homepage = src.meta.homepage;
-      description = "Yet Another Torrent Player: libtorrent-based torrent streaming for Kodi";
-      license = licenses.gpl3;
-      broken = true; # requires port to python3
-    };
-  });
-
-  inputstream-adaptive = buildKodiBinaryAddon rec {
-
-    pname = "inputstream-adaptive";
-    namespace = "inputstream.adaptive";
-    version = "2.6.7";
-
-    src = fetchFromGitHub {
-      owner = "peak3d";
-      repo = "inputstream.adaptive";
-      rev = "${version}-${rel}";
-      sha256 = "1pwqmbr78wp12jn6rwv63npdfc456adwz0amlxf6gvgg43li6p7s";
-    };
-
-    extraBuildInputs = [ expat ];
-
-    extraRuntimeDependencies = [ glib nspr nss stdenv.cc.cc.lib ];
-
-    extraInstallPhase = let n = namespace; in ''
-      ln -s $out/lib/addons/${n}/libssd_wv.so $out/${addonDir}/${n}/libssd_wv.so
-    '';
-
-    meta = {
-      homepage = "https://github.com/peak3d/inputstream.adaptive";
-      description = "Kodi inputstream addon for several manifest types";
-      platforms = platforms.all;
-      maintainers = with maintainers; [ sephalon ];
-    };
-  };
-
-  vfs-sftp = buildKodiBinaryAddon rec {
-    pname = namespace;
-    namespace = "vfs.sftp";
-    version = "2.0.0";
-
-    src = fetchFromGitHub {
-      owner = "xbmc";
-      repo = namespace;
-      rev = "${version}-${rel}";
-      sha256 = "06w74sh8yagrrp7a7rjaz3xrh1j3wdqald9c4b72c33gpk5997dk";
-    };
-
-    meta = with lib; {
-      description = "SFTP Virtual Filesystem add-on for Kodi";
-      license = licenses.gpl2Plus;
-      platforms = platforms.all;
-      maintainers = with maintainers; [ minijackson ];
-    };
-
-    extraBuildInputs = [ openssl libssh zlib ];
-  };
-
-  vfs-libarchive = buildKodiBinaryAddon rec {
-    pname = namespace;
-    namespace = "vfs.libarchive";
-    version = "2.0.0";
-
-    src = fetchFromGitHub {
-      owner = "xbmc";
-      repo = namespace;
-      rev = "${version}-${rel}";
-      sha256 = "1q62p1i6rvqk2zv6f1cpffkh95lgclys2xl4dwyhj3acmqdxd9i5";
-    };
-
-    meta = with lib; {
-      description = "LibArchive Virtual Filesystem add-on for Kodi";
-      license = licenses.gpl2Plus;
-      platforms = platforms.all;
-      maintainers = with maintainers; [ minijackson ];
-    };
-
-    extraBuildInputs = [ libarchive lzma bzip2 zlib lz4 lzo openssl ];
-  };
-}; in self
diff --git a/pkgs/applications/video/kodi/wrapper.nix b/pkgs/applications/video/kodi/wrapper.nix
index 2b4abbb500a..86164682138 100644
--- a/pkgs/applications/video/kodi/wrapper.nix
+++ b/pkgs/applications/video/kodi/wrapper.nix
@@ -1,5 +1,10 @@
 { lib, makeWrapper, buildEnv, kodi, addons }:
 
+let
+  # linux distros are supposed to provide pillow and pycryptodome
+  requiredPythonPackages = with kodi.pythonPackages; [ pillow pycryptodome] ++ addons;
+in
+
 buildEnv {
   name = "${kodi.name}-env";
 
@@ -13,7 +18,7 @@ buildEnv {
     for exe in kodi{,-standalone}
     do
       makeWrapper ${kodi}/bin/$exe $out/bin/$exe \
-        --prefix PYTHONPATH : ${kodi.pythonPackages.makePythonPath addons} \
+        --prefix PYTHONPATH : ${kodi.pythonPackages.makePythonPath requiredPythonPackages} \
         --prefix KODI_HOME : $out/share/kodi \
         --prefix LD_LIBRARY_PATH ":" "${lib.makeLibraryPath
           (lib.concatMap
diff --git a/pkgs/applications/video/kodi/yatp/dont-monkey.patch b/pkgs/applications/video/kodi/yatp/dont-monkey.patch
deleted file mode 100644
index 62d5d0c0d4c..00000000000
--- a/pkgs/applications/video/kodi/yatp/dont-monkey.patch
+++ /dev/null
@@ -1,29 +0,0 @@
-diff --git a/plugin.video.yatp/server.py b/plugin.video.yatp/server.py
-index 1adcbb5..488b72c 100644
---- a/plugin.video.yatp/server.py
-+++ b/plugin.video.yatp/server.py
-@@ -20,24 +20,8 @@ addon = Addon()
- _ = addon.initialize_gettext()
- addon.log_notice('Starting Torrent Server...')
- 
--# A monkey-patch to set the necessary librorrent version
--librorrent_addon = Addon('script.module.libtorrent')
--orig_custom_version = librorrent_addon.get_setting('custom_version', False)
--orig_set_version = librorrent_addon.get_setting('set_version', False)
--librorrent_addon.set_setting('custom_version', 'true')
--if addon.libtorrent_version == '1.0.9':
--    librorrent_addon.set_setting('set_version', '4')
--elif addon.libtorrent_version == '1.1.0':
--    librorrent_addon.set_setting('set_version', '5')
--elif addon.libtorrent_version == '1.1.1':
--    librorrent_addon.set_setting('set_version', '6')
--else:
--    librorrent_addon.set_setting('set_version', '0')
--
- from libs.server import wsgi_app
- 
--librorrent_addon.set_setting('custom_version', orig_custom_version)
--librorrent_addon.set_setting('set_version', orig_set_version)
- # ======
- 
- if addon.enable_limits:
diff --git a/pkgs/applications/video/obs-studio/default.nix b/pkgs/applications/video/obs-studio/default.nix
index 9fdb78c7038..caeffa56b17 100644
--- a/pkgs/applications/video/obs-studio/default.nix
+++ b/pkgs/applications/video/obs-studio/default.nix
@@ -17,6 +17,7 @@
 , libv4l
 , x264
 , curl
+, wayland
 , xorg
 , makeWrapper
 , pkg-config
@@ -67,6 +68,7 @@ in mkDerivation rec {
     qtx11extras
     qtsvg
     speex
+    wayland
     x264
     libvlc
     makeWrapper
diff --git a/pkgs/applications/virtualization/docker-compose/default.nix b/pkgs/applications/virtualization/docker-compose/default.nix
index a9e332e2a4c..c050057678d 100644
--- a/pkgs/applications/virtualization/docker-compose/default.nix
+++ b/pkgs/applications/virtualization/docker-compose/default.nix
@@ -21,12 +21,12 @@ buildPythonApplication rec {
   nativeBuildInputs = [ installShellFiles ];
   checkInputs = [ mock pytest nose ];
   propagatedBuildInputs = [
-    pyyaml backports_ssl_match_hostname colorama dockerpty docker
+    pyyaml colorama dockerpty docker
     ipaddress jsonschema requests six texttable websocket_client
     docopt cached-property paramiko distro python-dotenv
-  ] ++
-    lib.optional (pythonOlder "3.4") enum34 ++
-    lib.optional (pythonOlder "3.2") functools32;
+  ] ++ lib.optional (pythonOlder "3.7") backports_ssl_match_hostname
+  ++ lib.optional (pythonOlder "3.4") enum34
+  ++ lib.optional (pythonOlder "3.2") functools32;
 
   postPatch = ''
     # Remove upper bound on requires, see also
diff --git a/pkgs/data/fonts/cascadia-code/default.nix b/pkgs/data/fonts/cascadia-code/default.nix
index a2b67a22e2d..e09ad70f146 100644
--- a/pkgs/data/fonts/cascadia-code/default.nix
+++ b/pkgs/data/fonts/cascadia-code/default.nix
@@ -1,13 +1,13 @@
 { lib, fetchzip }:
 let
-  version = "2102.03";
+  version = "2102.25";
 in
 fetchzip {
   name = "cascadia-code-${version}";
 
   url = "https://github.com/microsoft/cascadia-code/releases/download/v${version}/CascadiaCode-${version}.zip";
 
-  sha256 = "076l44cyyp3cf15qyn2hzx34kzqm73d218fgwf8n69m8a1v34hs2";
+  sha256 = "14qhawcf1jmv68zdfbi2zfqdw4cf8fpk7plxzphmkqsp7hlw9pzx";
 
   postFetch = ''
     mkdir -p $out/share/fonts/
diff --git a/pkgs/data/misc/spdx-license-list-data/default.nix b/pkgs/data/misc/spdx-license-list-data/default.nix
index 19f02a16f47..f4ab4c05851 100644
--- a/pkgs/data/misc/spdx-license-list-data/default.nix
+++ b/pkgs/data/misc/spdx-license-list-data/default.nix
@@ -2,25 +2,28 @@
 
 stdenv.mkDerivation rec {
   pname = "spdx-license-list-data";
-  version = "3.11";
+  version = "3.12";
 
   src = fetchFromGitHub {
     owner = "spdx";
     repo = "license-list-data";
     rev = "v${version}";
-    sha256 = "1iwyqhh6lh51a47mhfy98zvjan8yjsvlym8qz0isx2i1zzxlj47a";
+    sha256 = "09xci8dzblg3d30jf7s43zialbcxlxly03zrkiymcvnzixg8v48f";
   };
 
-  phases = [ "unpackPhase" "installPhase" ];
-
   installPhase = ''
+    runHook preInstall
+
     install -vDt $out/json json/licenses.json
+
+    runHook postInstall
   '';
 
-  meta = {
+  meta = with lib; {
     description = "Various data formats for the SPDX License List";
     homepage = "https://github.com/spdx/license-list-data";
-    license = lib.licenses.cc0;
-    platforms = lib.platforms.all;
+    license = licenses.cc0;
+    maintainers = with maintainers; [ oxzi ];
+    platforms = platforms.all;
   };
 }
diff --git a/pkgs/development/compilers/crystal/default.nix b/pkgs/development/compilers/crystal/default.nix
index b3be2bb220c..f101f596743 100644
--- a/pkgs/development/compilers/crystal/default.nix
+++ b/pkgs/development/compilers/crystal/default.nix
@@ -214,6 +214,8 @@ let
         license = licenses.asl20;
         maintainers = with maintainers; [ david50407 fabianhjr manveru peterhoeg ];
         platforms = builtins.attrNames archs;
+        # Error running at_exit handler: Nil assertion failed
+        broken = lib.versions.minor version == "32" && stdenv.isDarwin;
       };
     })
   );
diff --git a/pkgs/development/compilers/dmd/default.nix b/pkgs/development/compilers/dmd/default.nix
index 074646f5f41..51f30dbabda 100644
--- a/pkgs/development/compilers/dmd/default.nix
+++ b/pkgs/development/compilers/dmd/default.nix
@@ -4,10 +4,10 @@
 , targetPackages, fetchpatch, bash
 , dmdBootstrap ? callPackage ./bootstrap.nix { }
 , HOST_DMD ? "${dmdBootstrap}/bin/dmd"
-, version ? "2.091.1"
-, dmdSha256 ? "0brz0n84jdkhr4sq4k91w48p739psbhbb1jk2pi9q60psmx353yr"
-, druntimeSha256 ? "0smgpmfriffh110ksski1s5j921kmxbc2zjy0dyj9ksyrxbzklbl"
-, phobosSha256 ? "1n00anajgibrfs1xzvrmag28hvbvkc0w1fwlimqbznvhf28rhrxs"
+, version ? "2.095.1"
+, dmdSha256 ? "sha256:0faca1y42a1h16aml4lb7z118mh9k9fjx3xlw3ki5f1h3ln91xhk"
+, druntimeSha256 ? "sha256:0ad4pa5llr9m9wqbvfv4yrcra4zz9qxlh5kx43mrv48f9bcxm2ha"
+, phobosSha256 ? "sha256:04w6jw4izix2vbw62j13wvz6q3pi7vivxnmxqj0g8904j5g0cxjl"
 }:
 
 let
@@ -53,18 +53,6 @@ stdenv.mkDerivation rec {
   })
   ];
 
-  patchFlags = [ "--directory=dmd" "-p1" "-F3" ];
-  patches = [
-    (fetchpatch {
-     url = "https://github.com/dlang/dmd/commit/4157298cf04f7aae9f701432afd1de7b7e05c30f.patch";
-     sha256 = "0v4xgqmrx5r8vbx5a4v88s0xnm23mam9nm99yfga7s2sxr0hi5p2";
-    })
-    (fetchpatch {
-     url = "https://github.com/dlang/dmd/commit/1b8a4c90b040bf2f0b68a2739de4991315580b13.patch";
-     sha256 = "1iih6aalv4fsw9mbrlrybhngkkchzzrzg7q8zl047w36c0x397cs";
-    })
-  ];
-
   sourceRoot = ".";
 
   # https://issues.dlang.org/show_bug.cgi?id=19553
@@ -76,6 +64,16 @@ stdenv.mkDerivation rec {
 
   postPatch = ''
       substituteInPlace dmd/test/dshell/test6952.d --replace "/usr/bin/env bash" "${bash}/bin/bash"
+
+      rm dmd/test/runnable/gdb1.d
+      rm dmd/test/runnable/gdb10311.d
+      rm dmd/test/runnable/gdb14225.d
+      rm dmd/test/runnable/gdb14276.d
+      rm dmd/test/runnable/gdb14313.d
+      rm dmd/test/runnable/gdb14330.d
+      rm dmd/test/runnable/gdb15729.sh
+      rm dmd/test/runnable/gdb4149.d
+      rm dmd/test/runnable/gdb4181.d
   ''
   + lib.optionalString stdenv.hostPlatform.isLinux ''
       substituteInPlace phobos/std/socket.d --replace "assert(ih.addrList[0] == 0x7F_00_00_01);" ""
@@ -171,5 +169,7 @@ stdenv.mkDerivation rec {
     license = licenses.boost;
     maintainers = with maintainers; [ ThomasMader lionello ];
     platforms = [ "x86_64-linux" "i686-linux" "x86_64-darwin" ];
+    # many tests are failing
+    broken = true;
   };
 }
diff --git a/pkgs/development/compilers/go/binary.nix b/pkgs/development/compilers/go/binary.nix
index 9a0dc343546..7eb8f8f7b98 100644
--- a/pkgs/development/compilers/go/binary.nix
+++ b/pkgs/development/compilers/go/binary.nix
@@ -8,8 +8,8 @@ let
     "i686" = "386";
     "x86_64" = "amd64";
     "aarch64" = "arm64";
-    "armv6l" = "arm";
-    "armv7l" = "arm";
+    "armv6l" = "armv6l";
+    "armv7l" = "armv6l";
     "powerpc64le" = "ppc64le";
   }.${platform.parsed.cpu.name} or (throw "Unsupported CPU ${platform.parsed.cpu.name}");
 
diff --git a/pkgs/development/compilers/ldc/default.nix b/pkgs/development/compilers/ldc/default.nix
index e0a689c7fa0..a199747546a 100644
--- a/pkgs/development/compilers/ldc/default.nix
+++ b/pkgs/development/compilers/ldc/default.nix
@@ -1,4 +1,4 @@
 import ./generic.nix {
-  version = "1.24.0";
-  ldcSha256 = "0g5svf55i0kq55q49awmwqj9qi1n907cyrn1vjdjgs8nx6nn35gx";
+  version = "1.25.1";
+  ldcSha256 = "sha256-DjcW/pknvpEmTR/eXEEHECb2xEJic16evaU4CJthLUA=";
 }
diff --git a/pkgs/development/compilers/xa/dxa.nix b/pkgs/development/compilers/xa/dxa.nix
index e0ff060de8d..03f2d054cc8 100644
--- a/pkgs/development/compilers/xa/dxa.nix
+++ b/pkgs/development/compilers/xa/dxa.nix
@@ -18,9 +18,8 @@ stdenv.mkDerivation rec {
   dontConfigure = true;
 
   postPatch = ''
-    substituteInPlace \
-      --replace "CC = gcc" "CC = cc' \
-        Makefile
+    substituteInPlace Makefile \
+      --replace "CC = gcc" "CC = ${stdenv.cc.targetPrefix}cc"
   '';
 
   installPhase = ''
diff --git a/pkgs/development/compilers/xa/xa.nix b/pkgs/development/compilers/xa/xa.nix
index 163b0bba513..c445940f5cd 100644
--- a/pkgs/development/compilers/xa/xa.nix
+++ b/pkgs/development/compilers/xa/xa.nix
@@ -15,13 +15,12 @@ stdenv.mkDerivation rec {
   dontConfigure = true;
 
   postPatch = ''
-    substitueInPlace \
+    substituteInPlace Makefile \
       --replace "DESTDIR" "PREFIX" \
-      --replace "CC = gcc" "CC = cc" \
-      --replace "LDD = gcc" "LDD = ld" \
+      --replace "CC = gcc" "CC = ${stdenv.cc.targetPrefix}cc" \
+      --replace "LDD = gcc" "LDD = ${stdenv.cc.targetPrefix}cc" \
       --replace "CFLAGS = -O2" "CFLAGS ?=" \
-      --replace "LDFLAGS = -lc" "LDFLAGS ?= -lc" \
-      Makefile
+      --replace "LDFLAGS = -lc" "LDFLAGS ?= -lc"
   '';
 
   makeFlags = [ "PREFIX=${placeholder "out"}" ];
diff --git a/pkgs/development/interpreters/bats/default.nix b/pkgs/development/interpreters/bats/default.nix
index aa3abc65534..01d1b61cb80 100644
--- a/pkgs/development/interpreters/bats/default.nix
+++ b/pkgs/development/interpreters/bats/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "bats";
-  version = "1.2.1";
+  version = "1.3.0";
 
   src = fetchzip {
     url = "https://github.com/bats-core/bats-core/archive/v${version}.tar.gz";
-    hash = "sha256-grB/rJaDU0fuw4Hm3/9nI2px8KZnSWqRjTJPd7Mmb7s=";
+    hash = "sha256-+dboExOx2YELxV8Cwk9SVwk9G3p8EoP0LdaJ3o7GT6c=";
   };
 
   nativeBuildInputs = [ makeWrapper ];
@@ -22,6 +22,9 @@ stdenv.mkDerivation rec {
 
   inherit doCheck;
   checkPhase = ''
+    # TODO: cut if https://github.com/bats-core/bats-core/issues/418 allows
+    sed -i '/test works even if PATH is reset/a skip' test/bats.bats
+
     # test generates file with absolute shebang dynamically
     substituteInPlace test/install.bats --replace \
       "/usr/bin/env bash" "${bash}/bin/bash"
diff --git a/pkgs/development/interpreters/elixir/1.11.nix b/pkgs/development/interpreters/elixir/1.11.nix
index 4e50c737e39..6e5a30a9dd7 100644
--- a/pkgs/development/interpreters/elixir/1.11.nix
+++ b/pkgs/development/interpreters/elixir/1.11.nix
@@ -3,7 +3,7 @@
 # How to obtain `sha256`:
 # nix-prefetch-url --unpack https://github.com/elixir-lang/elixir/archive/v${version}.tar.gz
 mkDerivation {
-  version = "1.11.3";
-  sha256 = "sha256-DqmKpMLxrXn23fsX/hrjDsYCmhD5jbVtvOX8EwKBakc=";
+  version = "1.11.4";
+  sha256 = "sha256-qCX6hRWUbW+E5xaUhcYxRAnhnvncASUJck8lESlcDvk=";
   minimumOTPVersion = "21";
 }
diff --git a/pkgs/development/interpreters/rakudo/default.nix b/pkgs/development/interpreters/rakudo/default.nix
index 99a812905d4..358b8663196 100644
--- a/pkgs/development/interpreters/rakudo/default.nix
+++ b/pkgs/development/interpreters/rakudo/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "rakudo";
-  version = "2020.12";
+  version = "2021.02.1";
 
   src = fetchurl {
     url    = "https://www.rakudo.org/dl/rakudo/rakudo-${version}.tar.gz";
-    sha256 = "1g3ciwhlac85d6l2kqslw8pm4bjjd1z79m1c5ll0fxmr6awgpk67";
+    sha256 = "1xwqx4357bw7h5pdmwxm5wxh8wjvrcdk4rvr3wyrhg1wzy5qvsn8";
   };
 
   buildInputs = [ icu zlib gmp perl ];
diff --git a/pkgs/development/interpreters/rakudo/moarvm.nix b/pkgs/development/interpreters/rakudo/moarvm.nix
index f833c153b96..e5baacf5c29 100644
--- a/pkgs/development/interpreters/rakudo/moarvm.nix
+++ b/pkgs/development/interpreters/rakudo/moarvm.nix
@@ -3,11 +3,11 @@
 
 stdenv.mkDerivation rec {
   pname = "moarvm";
-  version = "2020.12";
+  version = "2021.02";
 
   src = fetchurl {
     url = "https://www.moarvm.org/releases/MoarVM-${version}.tar.gz";
-    sha256 = "18iys1bdb92asggrsz7sg1hh76j7kq63c3fgg33fnla18qf4z488";
+    sha256 = "08ri9mvbk97qfxcy6lj4cb7j3a789ck052m2vqfhis3vkrkw780r";
    };
 
   buildInputs = [ perl ] ++ lib.optionals stdenv.isDarwin [ CoreServices ApplicationServices ];
diff --git a/pkgs/development/interpreters/rakudo/nqp.nix b/pkgs/development/interpreters/rakudo/nqp.nix
index b4b41fa8804..cd60bb3b790 100644
--- a/pkgs/development/interpreters/rakudo/nqp.nix
+++ b/pkgs/development/interpreters/rakudo/nqp.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "nqp";
-  version = "2020.12";
+  version = "2021.02";
 
   src = fetchurl {
     url    = "https://github.com/raku/nqp/releases/download/${version}/nqp-${version}.tar.gz";
-    sha256 = "13h64d41fwggc3lg4bpllg4jrp64clm7nmnw4g2jyjl47cy5ni7x";
+    sha256 = "1vyl6x811f8mbdnp34yj6kfmfpxp2yfrr8cqf1w47rzmr741sjyj";
   };
 
   buildInputs = [ perl ];
diff --git a/pkgs/development/libraries/cutelyst/default.nix b/pkgs/development/libraries/cutelyst/default.nix
index 80ec1986f8c..9f7d020feaf 100644
--- a/pkgs/development/libraries/cutelyst/default.nix
+++ b/pkgs/development/libraries/cutelyst/default.nix
@@ -4,13 +4,13 @@
 
 stdenv.mkDerivation rec {
   pname = "cutelyst";
-  version = "2.14.0";
+  version = "2.14.2";
 
   src = fetchFromGitHub {
     owner = "cutelyst";
     repo = "cutelyst";
     rev = "v${version}";
-    sha256 = "sha256-RidUZqDnzRrgW/7LVF+BF01zNcf1cJ/kS7OF/t1Q65c=";
+    sha256 = "sha256-JUffOeUTeaZvEssP5hfSGipeRuQ7FzLF4bOizCFhe5o=";
   };
 
   nativeBuildInputs = [ cmake pkg-config wrapQtAppsHook ];
diff --git a/pkgs/development/libraries/ftgl/default.nix b/pkgs/development/libraries/ftgl/default.nix
index c3fd6ffb940..5588e27356f 100644
--- a/pkgs/development/libraries/ftgl/default.nix
+++ b/pkgs/development/libraries/ftgl/default.nix
@@ -1,40 +1,47 @@
-{ lib, stdenv, fetchurl, freetype, libGL, libGLU, OpenGL }:
-
-let
-  name = "ftgl-2.1.3-rc5";
-in
-stdenv.mkDerivation {
-  inherit name;
+{ lib
+, stdenv
+, fetchurl
+, freetype
+, libGL
+, libGLU
+, OpenGL
+}:
+
+stdenv.mkDerivation rec {
+  pname = "ftgl";
+  version = "2.1.3-rc5";
 
   src = fetchurl {
-    url = "mirror://sourceforge/ftgl/${name}.tar.gz";
-    sha256 = "0nsn4s6vnv5xcgxcw6q031amvh2zfj2smy1r5mbnjj2548hxcn2l";
+    url = "mirror://sourceforge/${pname}-${version}.tar.gz";
+    hash = "sha256-VFjWISJFSGlXLTn4qoV0X8BdVRgAG876Y71su40mVls=";
   };
 
-  buildInputs = [ freetype ]
-    ++ (if stdenv.isDarwin then
-      [ OpenGL ]
-    else
-      [ libGL libGLU ])
-    ;
+  buildInputs = [
+    freetype
+  ] ++ (if stdenv.isDarwin then [
+    OpenGL
+  ] else [
+    libGL
+    libGLU
+  ]);
 
-  configureFlags = [ "--with-ft-prefix=${lib.getDev freetype}" ];
+  configureFlags = [
+    "--with-ft-prefix=${lib.getDev freetype}"
+  ];
 
   enableParallelBuilding = true;
 
-  meta = {
+  meta = with lib; {
     homepage = "https://sourceforge.net/apps/mediawiki/ftgl/";
     description = "Font rendering library for OpenGL applications";
-    license = lib.licenses.gpl3Plus;
-
     longDescription = ''
-      FTGL is a free cross-platform Open Source C++ library that uses
-      Freetype2 to simplify rendering fonts in OpenGL applications. FTGL
-      supports bitmaps, pixmaps, texture maps, outlines, polygon mesh,
-      and extruded polygon rendering modes.
+      FTGL is a free cross-platform Open Source C++ library that uses Freetype2
+      to simplify rendering fonts in OpenGL applications. FTGL supports bitmaps,
+      pixmaps, texture maps, outlines, polygon mesh, and extruded polygon
+      rendering modes.
     '';
-
-    platforms = lib.platforms.unix;
-    maintainers = [];
+    license = licenses.gpl3Plus;
+    maintainers = with maintainers; [ AndersonTorres ];
+    platforms = platforms.unix;
   };
 }
diff --git a/pkgs/development/libraries/glpng/default.nix b/pkgs/development/libraries/glpng/default.nix
new file mode 100644
index 00000000000..1194d988c07
--- /dev/null
+++ b/pkgs/development/libraries/glpng/default.nix
@@ -0,0 +1,38 @@
+{ lib
+, stdenv
+, fetchFromRepoOrCz
+, cmake
+, libGL
+, libpng
+, pkg-config
+, zlib
+}:
+
+stdenv.mkDerivation rec {
+  pname = "glpng";
+  version = "1.46";
+
+  src = fetchFromRepoOrCz {
+    repo = "glpng";
+    rev = "v${version}";
+    hash = "sha256-C7EHaBN0PE/HJB6zcIaYU63+o7/MEz4WU1xr/kIOanM=";
+  };
+
+  nativeBuildInputs = [
+    cmake
+    pkg-config
+  ];
+  buildInputs = [
+    libGL
+    libpng
+    zlib
+  ];
+
+  meta = with lib; {
+    homepage = "https://repo.or.cz/glpng.git/blob_plain/HEAD:/glpng.htm";
+    description = "PNG loader for OpenGL";
+    license = licenses.mit;
+    maintainers = with maintainers; [ AndersonTorres ];
+    platforms = platforms.unix;
+  };
+}
diff --git a/pkgs/development/libraries/gnome-online-accounts/default.nix b/pkgs/development/libraries/gnome-online-accounts/default.nix
index c5846b523cd..824d5c38318 100644
--- a/pkgs/development/libraries/gnome-online-accounts/default.nix
+++ b/pkgs/development/libraries/gnome-online-accounts/default.nix
@@ -30,7 +30,7 @@
 
 stdenv.mkDerivation rec {
   pname = "gnome-online-accounts";
-  version = "3.38.0";
+  version = "3.38.1";
 
   # https://gitlab.gnome.org/GNOME/gnome-online-accounts/issues/87
   src = fetchFromGitLab {
@@ -38,7 +38,7 @@ stdenv.mkDerivation rec {
     owner = "GNOME";
     repo = "gnome-online-accounts";
     rev = version;
-    sha256 = "sha256-NRGab/CMJxe31rr20+5wYZF2rOzoSNdztfNVojBd5ag=";
+    sha256 = "sha256-th7P++MC3GXX+349PJFEwHGGeMhxsGgoEDGnSYpY7E4=";
   };
 
   outputs = [ "out" "man" "dev" "devdoc" ];
diff --git a/pkgs/development/libraries/goffice/default.nix b/pkgs/development/libraries/goffice/default.nix
index d544dd7625d..64b5be2e2d3 100644
--- a/pkgs/development/libraries/goffice/default.nix
+++ b/pkgs/development/libraries/goffice/default.nix
@@ -3,13 +3,13 @@
 
 stdenv.mkDerivation rec {
   pname = "goffice";
-  version = "0.10.48";
+  version = "0.10.49";
 
   outputs = [ "out" "dev" "devdoc" ];
 
   src = fetchurl {
     url = "mirror://gnome/sources/${pname}/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
-    sha256 = "1z6f3q8fxkd1ysqrwdxdi0844zqa00vjpf07gq8mh3kal8picfd4";
+    sha256 = "X/wY27OF7fuFtsYlS55bTLPS/6MEK5Ms286ON/SzB+k=";
   };
 
   nativeBuildInputs = [ pkg-config intltool ];
diff --git a/pkgs/development/libraries/gtkd/default.nix b/pkgs/development/libraries/gtkd/default.nix
index ccaceabd4e9..a3aa18b058a 100644
--- a/pkgs/development/libraries/gtkd/default.nix
+++ b/pkgs/development/libraries/gtkd/default.nix
@@ -1,4 +1,4 @@
-{ lib, stdenv, fetchzip, fetchpatch, atk, cairo, dmd, gdk-pixbuf, gnome3, gst_all_1, librsvg
+{ lib, stdenv, fetchzip, fetchpatch, atk, cairo, ldc, gdk-pixbuf, gnome3, gst_all_1, librsvg
 , glib, gtk3, gtksourceview4, libgda, libpeas, pango, pkg-config, which, vte }:
 
 let
@@ -15,7 +15,7 @@ in stdenv.mkDerivation rec {
     stripRoot = false;
   };
 
-  nativeBuildInputs = [ dmd pkg-config which ];
+  nativeBuildInputs = [ ldc pkg-config which ];
   propagatedBuildInputs = [
     atk cairo gdk-pixbuf glib gstreamer gst-plugins-base gtk3 gtksourceview4
     libgda libpeas librsvg pango vte
diff --git a/pkgs/development/libraries/kpmcore/default.nix b/pkgs/development/libraries/kpmcore/default.nix
index 315a38197a1..c3621d37587 100644
--- a/pkgs/development/libraries/kpmcore/default.nix
+++ b/pkgs/development/libraries/kpmcore/default.nix
@@ -1,25 +1,38 @@
-{ stdenv, lib, fetchurl, extra-cmake-modules
-, qtbase, kio
-, libatasmart, parted
-, util-linux }:
+{ stdenv, lib, fetchurl, fetchpatch, extra-cmake-modules
+, qca-qt5, kauth, kio, polkit-qt, qtbase
+, util-linux
+}:
 
 stdenv.mkDerivation rec {
   pname = "kpmcore";
-  version = "3.3.0";
+  # NOTE: When changing this version, also change the version of `partition-manager`.
+  version = "4.2.0";
 
   src = fetchurl {
     url = "mirror://kde/stable/${pname}/${version}/src/${pname}-${version}.tar.xz";
-    sha256 = "0s6v0jfrhjg31ri5p6h9n4w29jvasf5dj954j3vfpzl91lygmmmq";
+    hash = "sha256-MvW0CqvFZtzcJlya6DIpzorPbKJai6fxt7nKsKpJn54=";
   };
 
-  buildInputs = [
-    qtbase
-    libatasmart
-    parted # we only need the library
+  patches = [
+    # Fix build with `kcoreaddons` >= 5.77.0
+    (fetchpatch {
+      url = "https://github.com/KDE/kpmcore/commit/07e5a3ac2858e6d38cc698e0f740e7a693e9f302.patch";
+      sha256 = "sha256-LYzea888euo2HXM+acWaylSw28iwzOdZBvPBt/gjP1s=";
+    })
+    # Fix crash when `fstab` omits mount options.
+    (fetchpatch {
+      url = "https://github.com/KDE/kpmcore/commit/eea84fb60525803a789e55bb168afb968464c130.patch";
+      sha256 = "sha256-NJ3PvyRC6SKNSOlhJPrDDjepuw7IlAoufPgvml3fap0=";
+    })
+  ];
 
+  buildInputs = [
+    qca-qt5
+    kauth
     kio
+    polkit-qt
 
-    util-linux # needs blkid (note that this is not provided by util-linux-compat)
+    util-linux # Needs blkid in configure script (note that this is not provided by util-linux-compat)
   ];
 
   nativeBuildInputs = [ extra-cmake-modules ];
@@ -27,8 +40,11 @@ stdenv.mkDerivation rec {
   dontWrapQtApps = true;
 
   meta = with lib; {
-    maintainers = with lib.maintainers; [ peterhoeg ];
+    description = "KDE Partition Manager core library";
+    homepage = "https://invent.kde.org/system/kpmcore";
+    license = with licenses; [ cc-by-40 cc0 gpl3Plus mit ];
+    maintainers = with maintainers; [ peterhoeg oxalica ];
     # The build requires at least Qt 5.14:
-    broken = lib.versionOlder qtbase.version "5.14";
+    broken = versionOlder qtbase.version "5.14";
   };
 }
diff --git a/pkgs/development/libraries/libressl/default.nix b/pkgs/development/libraries/libressl/default.nix
index b7724d27a06..3dffccf5f41 100644
--- a/pkgs/development/libraries/libressl/default.nix
+++ b/pkgs/development/libraries/libressl/default.nix
@@ -64,7 +64,12 @@ let
 
 in {
   libressl_3_1 = generic {
-    version = "3.1.4";
-    sha256 = "1dnbbnr43jashxivnafmh9gnn57c7ayva788ba03z633k6f18k21";
+    version = "3.1.5";
+    sha256 = "1504a1sf43frw43j14pij0q1f48rm5q86ggrlxxhw708qp7ds4rc";
+  };
+
+  libressl_3_2 = generic {
+    version = "3.2.5";
+    sha256 = "1zkwrs3b19s1ybz4q9hrb7pqsbsi8vxcs44qanfy11fkc7ynb2kr";
   };
 }
diff --git a/pkgs/development/libraries/libseat/default.nix b/pkgs/development/libraries/libseat/default.nix
new file mode 100644
index 00000000000..bdefb51b50f
--- /dev/null
+++ b/pkgs/development/libraries/libseat/default.nix
@@ -0,0 +1,37 @@
+{ fetchFromSourcehut
+, lib
+, meson
+, ninja
+, pkg-config
+, stdenv
+, systemd
+}:
+
+stdenv.mkDerivation rec {
+  pname = "libseat";
+  version = "0.5.0";
+
+  src = fetchFromSourcehut {
+    owner = "~kennylevinsen";
+    repo = "seatd";
+    rev = version;
+    sha256 = "sha256-JwlJLHkRgSRqfQEhXbzuFTmhxfbwKVdLICPbTDbC9M0=";
+  };
+
+  nativeBuildInputs = [ meson ninja pkg-config ];
+
+  buildInputs = [
+    systemd
+  ];
+
+  mesonFlags = [ "-Dserver=disabled" "-Dseatd=disabled" "-Dlogind=enabled"];
+
+  meta = with lib; {
+    description = "A universal seat management library";
+    changelog   = "https://git.sr.ht/~kennylevinsen/seatd/refs/${version}";
+    homepage    = "https://sr.ht/~kennylevinsen/seatd/";
+    license     = licenses.mit;
+    platforms   = platforms.linux;
+    maintainers = with maintainers; [ emantor ];
+  };
+}
diff --git a/pkgs/development/libraries/md4c/default.nix b/pkgs/development/libraries/md4c/default.nix
new file mode 100644
index 00000000000..a711ecb7c76
--- /dev/null
+++ b/pkgs/development/libraries/md4c/default.nix
@@ -0,0 +1,59 @@
+{ lib
+, stdenv
+, fetchFromGitHub
+, cmake
+, pkg-config
+}:
+
+stdenv.mkDerivation rec {
+  pname = "md4c";
+  version = "0.4.7";
+
+  src = fetchFromGitHub {
+    owner = "mity";
+    repo = pname;
+    rev = "release-${version}";
+    hash = "sha256-nfMXUP1wu3ifn1QVTO/+XcfFRsThG8PlmYRv+b8AYlQ=";
+  };
+
+  nativeBuildInputs = [
+    cmake
+    pkg-config
+  ];
+
+  meta = with lib; {
+    homepage = "https://github.com/mity/md4c";
+    description = "Markdown parser made in C";
+    longDescription = ''
+      MD4C is Markdown parser implementation in C, with the following features:
+
+      - Compliance: Generally, MD4C aims to be compliant to the latest version
+        of CommonMark specification. Currently, we are fully compliant to
+        CommonMark 0.29.
+      - Extensions: MD4C supports some commonly requested and accepted
+        extensions. See below.
+      - Performance: MD4C is very fast.
+      - Compactness: MD4C parser is implemented in one source file and one
+        header file. There are no dependencies other than standard C library.
+      - Embedding: MD4C parser is easy to reuse in other projects, its API is
+        very straightforward: There is actually just one function, md_parse().
+      - Push model: MD4C parses the complete document and calls few callback
+        functions provided by the application to inform it about a start/end of
+        every block, a start/end of every span, and with any textual contents.
+      - Portability: MD4C builds and works on Windows and POSIX-compliant
+        OSes. (It should be simple to make it run also on most other platforms,
+        at least as long as the platform provides C standard library, including
+        a heap memory management.)
+      - Encoding: MD4C by default expects UTF-8 encoding of the input
+        document. But it can be compiled to recognize ASCII-only control
+        characters (i.e. to disable all Unicode-specific code), or (on Windows)
+        to expect UTF-16 (i.e. what is on Windows commonly called just
+        "Unicode"). See more details below.
+      - Permissive license: MD4C is available under the MIT license.
+    '';
+    license = licenses.mit;
+    maintainers = with maintainers; [ AndersonTorres ];
+    platforms = platforms.all;
+  };
+}
+# TODO: enable tests (needs Python)
diff --git a/pkgs/development/libraries/physics/fastnlo/default.nix b/pkgs/development/libraries/physics/fastnlo/default.nix
index 916303f00ce..87e2ae9631c 100644
--- a/pkgs/development/libraries/physics/fastnlo/default.nix
+++ b/pkgs/development/libraries/physics/fastnlo/default.nix
@@ -1,4 +1,15 @@
-{ lib, stdenv, fetchurl, boost, fastjet, gfortran, lhapdf, python2, root, yoda, zlib }:
+{ lib
+, stdenv
+, fetchurl
+, boost
+, fastjet
+, gfortran
+, lhapdf
+, python2
+, root
+, yoda
+, zlib
+}:
 
 stdenv.mkDerivation rec {
   pname = "fastnlo_toolkit";
@@ -9,8 +20,19 @@ stdenv.mkDerivation rec {
     sha256 = "1h41xnqcz401x3zbs8i2dsb4xlhbv8i5ps0561p6y7gcyridgcbl";
   };
 
-  buildInputs = [ boost fastjet gfortran gfortran.cc.lib lhapdf python2 root yoda ];
-  propagatedBuildInputs = [ zlib ];
+  buildInputs = [
+    boost
+    fastjet
+    gfortran
+    gfortran.cc.lib
+    lhapdf
+    python2
+    root
+    yoda
+  ];
+  propagatedBuildInputs = [
+    zlib
+  ];
 
   preConfigure = ''
     substituteInPlace ./fastnlotoolkit/Makefile.in \
@@ -23,11 +45,22 @@ stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
-  meta = {
-    description = "A computer code to create and evaluate fast interpolation tables of pre-computed coefficients in perturbation theory for observables in hadron-induced processes";
-    license      = lib.licenses.gpl3;
-    homepage     = "http://fastnlo.hepforge.org";
-    platforms    = lib.platforms.unix;
-    maintainers = with lib.maintainers; [ veprbl ];
+  meta = with lib; {
+    homepage = "http://fastnlo.hepforge.org";
+    description = "Fast pQCD calculations for hadron-induced processes";
+    longDescription = ''
+      The fastNLO project provides computer code to create and evaluate fast
+      interpolation tables of pre-computed coefficients in perturbation theory
+      for observables in hadron-induced processes.
+
+      This allows fast theory predictions of these observables for arbitrary
+      parton distribution functions (of regular shape), renormalization or
+      factorization scale choices, and/or values of alpha_s(Mz) as e.g. needed
+      in PDF fits or in systematic studies. Very time consuming complete
+      recalculations are thus avoided.
+    '';
+    license = licenses.gpl3Plus;
+    maintainers = with maintainers; [ veprbl ];
+    platforms = platforms.unix;
   };
 }
diff --git a/pkgs/development/libraries/science/math/cudnn/generic.nix b/pkgs/development/libraries/science/math/cudnn/generic.nix
index 566a17c6147..d9c19e6790c 100644
--- a/pkgs/development/libraries/science/math/cudnn/generic.nix
+++ b/pkgs/development/libraries/science/math/cudnn/generic.nix
@@ -8,6 +8,14 @@
 , cudatoolkit
 , fetchurl
 , addOpenGLRunpath
+, # The distributed version of CUDNN includes both dynamically liked .so files,
+  # as well as statically linked .a files.  However, CUDNN is quite large
+  # (multiple gigabytes), so you can save some space in your nix store by
+  # removing the statically linked libraries if you are not using them.
+  #
+  # Setting this to true removes the statically linked .a files.
+  # Setting this to false keeps these statically linked .a files.
+  removeStatic ? false
 }:
 
 stdenv.mkDerivation {
@@ -23,6 +31,8 @@ stdenv.mkDerivation {
   nativeBuildInputs = [ addOpenGLRunpath ];
 
   installPhase = ''
+    runHook preInstall
+
     function fixRunPath {
       p=$(patchelf --print-rpath $1)
       patchelf --set-rpath "''${p:+$p:}${lib.makeLibraryPath [ stdenv.cc.cc ]}:\$ORIGIN/" $1
@@ -35,6 +45,10 @@ stdenv.mkDerivation {
     mkdir -p $out
     cp -a include $out/include
     cp -a lib64 $out/lib64
+  '' + lib.optionalString removeStatic ''
+    rm -f $out/lib64/*.a
+  '' + ''
+    runHook postInstall
   '';
 
   # Set RUNPATH so that libcuda in /run/opengl-driver(-32)/lib can be found.
diff --git a/pkgs/development/libraries/science/math/cutensor/default.nix b/pkgs/development/libraries/science/math/cutensor/default.nix
new file mode 100644
index 00000000000..1b5895b02bb
--- /dev/null
+++ b/pkgs/development/libraries/science/math/cutensor/default.nix
@@ -0,0 +1,37 @@
+{ callPackage
+, cudatoolkit_10_1, cudatoolkit_10_2
+, cudatoolkit_11_0, cudatoolkit_11_1, cudatoolkit_11_2
+}:
+
+rec {
+  cutensor_cudatoolkit_10_1 = callPackage ./generic.nix rec {
+    version = "1.2.2.5";
+    libPath = "lib/10.1";
+    cudatoolkit = cudatoolkit_10_1;
+    # 1.2.2 is compatible with CUDA 11.0, 11.1, and 11.2:
+    # ephemeral doc at https://developer.nvidia.com/cutensor/downloads
+    sha256 = "1dl9bd71frhac9cb8lvnh71zfsnqxbxbfhndvva2zf6nh0my4klm";
+  };
+
+  cutensor_cudatoolkit_10_2 = cutensor_cudatoolkit_10_1.override {
+    libPath = "lib/10.2";
+    cudatoolkit = cudatoolkit_10_2;
+  };
+
+  cutensor_cudatoolkit_10 = cutensor_cudatoolkit_10_2;
+
+  cutensor_cudatoolkit_11_0 = cutensor_cudatoolkit_10_2.override {
+    libPath = "lib/11";
+    cudatoolkit = cudatoolkit_11_0;
+  };
+
+  cutensor_cudatoolkit_11_1 = cutensor_cudatoolkit_11_0.override {
+    cudatoolkit = cudatoolkit_11_1;
+  };
+
+  cutensor_cudatoolkit_11_2 = cutensor_cudatoolkit_11_0.override {
+    cudatoolkit = cudatoolkit_11_2;
+  };
+
+  cutensor_cudatoolkit_11 = cutensor_cudatoolkit_11_2;
+}
diff --git a/pkgs/development/libraries/science/math/cutensor/generic.nix b/pkgs/development/libraries/science/math/cutensor/generic.nix
new file mode 100644
index 00000000000..0b2bd31b2c3
--- /dev/null
+++ b/pkgs/development/libraries/science/math/cutensor/generic.nix
@@ -0,0 +1,69 @@
+{ stdenv
+, lib
+, libPath
+, cudatoolkit
+, fetchurl
+, autoPatchelfHook
+, addOpenGLRunpath
+
+, version
+, sha256
+}:
+
+let
+  mostOfVersion = builtins.concatStringsSep "."
+    (lib.take 3 (lib.versions.splitVersion version));
+in
+
+stdenv.mkDerivation {
+  pname = "cudatoolkit-${cudatoolkit.majorVersion}-cutensor";
+  inherit version;
+
+  src = fetchurl {
+    url = "https://developer.download.nvidia.com/compute/cutensor/${mostOfVersion}/local_installers/libcutensor-${stdenv.hostPlatform.parsed.kernel.name}-${stdenv.hostPlatform.parsed.cpu.name}-${version}.tar.gz";
+    inherit sha256;
+  };
+
+  outputs = [ "out" "dev" ];
+
+  nativeBuildInputs = [
+    autoPatchelfHook
+    addOpenGLRunpath
+  ];
+
+  buildInputs = [
+    stdenv.cc.cc.lib
+  ];
+
+  propagatedBuildInputs = [
+    cudatoolkit
+  ];
+
+  # Set RUNPATH so that libcuda in /run/opengl-driver(-32)/lib can be found.
+  # See the explanation in addOpenGLRunpath.
+  installPhase = ''
+    mkdir -p "$out" "$dev"
+    mv include "$dev"
+    mv ${libPath} "$out/lib"
+
+    function finalRPathFixups {
+      for lib in $out/lib/lib*.so; do
+        addOpenGLRunpath $lib
+      done
+    }
+    postFixupHooks+=(finalRPathFixups)
+  '';
+
+  passthru = {
+    inherit cudatoolkit;
+    majorVersion = lib.versions.major version;
+  };
+
+  meta = with lib; {
+    description = "cuTENSOR: A High-Performance CUDA Library For Tensor Primitives";
+    homepage = "https://developer.nvidia.com/cutensor";
+    license = licenses.unfree;
+    platforms = [ "x86_64-linux" ];
+    maintainers = with maintainers; [ obsidian-systems-maintenance ];
+  };
+}
diff --git a/pkgs/development/libraries/science/math/primesieve/default.nix b/pkgs/development/libraries/science/math/primesieve/default.nix
index d99026bc565..d4f16d230e6 100644
--- a/pkgs/development/libraries/science/math/primesieve/default.nix
+++ b/pkgs/development/libraries/science/math/primesieve/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "primesieve";
-  version = "7.5";
+  version = "7.6";
 
   nativeBuildInputs = [cmake];
 
   src = fetchurl {
     url = "https://github.com/kimwalisch/primesieve/archive/v${version}.tar.gz";
-    sha256 = "0g60br3p8di92jx3pr2bb51xh15gg57l7qvwzwn7xf7l585hgi7v";
+    sha256 = "sha256-SFZp6Pmmx05SiUfSdN9wXxPKrydtRg0PA3uNvAycCpk=";
   };
 
   meta = with lib; {
diff --git a/pkgs/development/libraries/skalibs/default.nix b/pkgs/development/libraries/skalibs/default.nix
index 1efac7fc5e4..3d90a8ebb21 100644
--- a/pkgs/development/libraries/skalibs/default.nix
+++ b/pkgs/development/libraries/skalibs/default.nix
@@ -4,8 +4,8 @@ with skawarePackages;
 
 buildPackage {
   pname = "skalibs";
-  version = "2.10.0.1";
-  sha256 = "1chwjzlh13jbrldk77h3i4qjqv8hjpvvd3papcb8j46mvj7sxysg";
+  version = "2.10.0.2";
+  sha256 = "03qyi77wgcw3nzy7i932wd98d6j7nnzxc8ddl973vf5sa1v3vflb";
 
   description = "A set of general-purpose C programming libraries";
 
diff --git a/pkgs/development/libraries/speechd/default.nix b/pkgs/development/libraries/speechd/default.nix
index e85b6d4cbf4..b6ec4842e07 100644
--- a/pkgs/development/libraries/speechd/default.nix
+++ b/pkgs/development/libraries/speechd/default.nix
@@ -39,11 +39,11 @@ let
       throw "You need to enable at least one output module.";
 in stdenv.mkDerivation rec {
   pname = "speech-dispatcher";
-  version = "0.10.1";
+  version = "0.10.2";
 
   src = fetchurl {
     url = "https://github.com/brailcom/speechd/releases/download/${version}/${pname}-${version}.tar.gz";
-    sha256 = "0j2lfzkmbsxrrgjw6arzvnfd4jn5pxab28xsk2djssr2ydb9x309";
+    sha256 = "sha256-sGMZ8gHhXlbGKWZTr1vPwwDLNI6XLVF9+LBurHfq4tw=";
   };
 
   patches = [
diff --git a/pkgs/development/ocaml-modules/bitstring/default.nix b/pkgs/development/ocaml-modules/bitstring/default.nix
index 583017d9dde..12ed4ae787d 100644
--- a/pkgs/development/ocaml-modules/bitstring/default.nix
+++ b/pkgs/development/ocaml-modules/bitstring/default.nix
@@ -2,7 +2,7 @@
 
 buildDunePackage rec {
   pname = "bitstring";
-  version = "4.0.1";
+  version = "4.1.0";
 
   useDune2 = true;
 
@@ -10,7 +10,7 @@ buildDunePackage rec {
     owner = "xguerin";
     repo = pname;
     rev = "v${version}";
-    sha256 = "1z7jmgljvp52lvn3ml2cp6gssxqp4sikwyjf6ym97cycbcw0fjjm";
+    sha256 = "0mghsl8b2zd2676mh1r9142hymhvzy9cw8kgkjmirxkn56wbf56b";
   };
 
   propagatedBuildInputs = [ stdlib-shims ];
diff --git a/pkgs/development/ocaml-modules/bitstring/ppx.nix b/pkgs/development/ocaml-modules/bitstring/ppx.nix
index ee0a8c51f73..4d391d3458d 100644
--- a/pkgs/development/ocaml-modules/bitstring/ppx.nix
+++ b/pkgs/development/ocaml-modules/bitstring/ppx.nix
@@ -3,6 +3,10 @@
 , ounit
 }:
 
+if !lib.versionAtLeast ppxlib.version "0.18.0"
+then throw "ppx_bitstring is not available with ppxlib-${ppxlib.version}"
+else
+
 buildDunePackage rec {
   pname = "ppx_bitstring";
   inherit (bitstring) version useDune2 src;
diff --git a/pkgs/development/ocaml-modules/encore/default.nix b/pkgs/development/ocaml-modules/encore/default.nix
index 95eb75ee7ca..5924845c4f4 100644
--- a/pkgs/development/ocaml-modules/encore/default.nix
+++ b/pkgs/development/ocaml-modules/encore/default.nix
@@ -3,13 +3,13 @@
 
 buildDunePackage rec {
   pname = "encore";
-  version = "0.7";
+  version = "0.8";
 
   minimumOCamlVersion = "4.07";
 
   src = fetchurl {
     url = "https://github.com/mirage/encore/releases/download/v${version}/encore-v${version}.tbz";
-    sha256 = "0cwmhkj5jmk3z5y0agmkf5ygpgxynjkq2d7d50jgzmnqs7f6g7nh";
+    sha256 = "a406bc9863b04bb424692045939d6c170a2bb65a98521ae5608d25b0559344f6";
   };
 
   useDune2 = true;
diff --git a/pkgs/development/ocaml-modules/labltk/default.nix b/pkgs/development/ocaml-modules/labltk/default.nix
index 65ea4d4b82e..3ee09b2d51c 100644
--- a/pkgs/development/ocaml-modules/labltk/default.nix
+++ b/pkgs/development/ocaml-modules/labltk/default.nix
@@ -56,6 +56,10 @@ let param =
     version = "8.06.9";
     sha256 = "1k42k3bjkf22gk39lwwzqzfhgjyhxnclslldrzpg5qy1829pbnc0";
   };
+  "4.12" = mkNewParam {
+    version = "8.06.10";
+    sha256 = "06cck7wijq4zdshzhxm6jyl8k3j0zglj2axsyfk6q1sq754zyf4a";
+  };
 }.${builtins.substring 0 4 ocaml.version};
 in
 
diff --git a/pkgs/development/ocaml-modules/lru/default.nix b/pkgs/development/ocaml-modules/lru/default.nix
index e5c7937b27a..035d612cfe2 100644
--- a/pkgs/development/ocaml-modules/lru/default.nix
+++ b/pkgs/development/ocaml-modules/lru/default.nix
@@ -1,9 +1,11 @@
-{ lib, fetchurl, buildDunePackage, psq }:
+{ lib, fetchurl, buildDunePackage, ocaml, psq, qcheck-alcotest }:
 
 buildDunePackage rec {
   pname = "lru";
   version = "0.3.0";
 
+  useDune2 = true;
+
   src = fetchurl {
     url = "https://github.com/pqwy/lru/releases/download/v${version}/lru-v${version}.tbz";
     sha256 = "1ab9rd7cq15ml8x0wjl44wy99h5z7x4g9vkkz4i2d7n84ghy7vw4";
@@ -11,6 +13,9 @@ buildDunePackage rec {
 
   propagatedBuildInputs = [ psq ];
 
+  doCheck = lib.versionAtLeast ocaml.version "4.05";
+  checkInputs = [ qcheck-alcotest ];
+
   meta = {
     homepage = "https://github.com/pqwy/lru";
     description = "Scalable LRU caches for OCaml";
diff --git a/pkgs/development/ocaml-modules/luv/default.nix b/pkgs/development/ocaml-modules/luv/default.nix
new file mode 100644
index 00000000000..6ad5ce5d487
--- /dev/null
+++ b/pkgs/development/ocaml-modules/luv/default.nix
@@ -0,0 +1,35 @@
+{ lib, buildDunePackage, fetchurl
+, ctypes, result
+, alcotest
+, file
+}:
+
+buildDunePackage rec {
+  pname = "luv";
+  version = "0.5.7";
+  useDune2 = true;
+
+  src = fetchurl {
+    url = "https://github.com/aantron/luv/releases/download/${version}/luv-${version}.tar.gz";
+    sha256 = "0wjnw5riydnzsk1xdzljlpzdnjwpa0j597y6x6ma4990mqj54260";
+  };
+
+  postConfigure = ''
+    for f in src/c/vendor/configure/{ltmain.sh,configure}; do
+      substituteInPlace "$f" --replace /usr/bin/file file
+    done
+  '';
+
+  nativeBuildInputs = [ file ];
+  propagatedBuildInputs = [ ctypes result ];
+  checkInputs = [ alcotest ];
+  doCheck = true;
+
+  meta = with lib; {
+    homepage = "https://github.com/aantron/luv";
+    description = "Binding to libuv: cross-platform asynchronous I/O";
+    # MIT-licensed, extra licenses apply partially to libuv vendor
+    license = with licenses; [ mit bsd2 bsd3 cc-by-sa-40 ];
+    maintainers = with maintainers; [ locallycompact sternenseemann ];
+  };
+}
diff --git a/pkgs/development/ocaml-modules/ppx_import/default.nix b/pkgs/development/ocaml-modules/ppx_import/default.nix
index b5651a8cec2..4ad26ff0862 100644
--- a/pkgs/development/ocaml-modules/ppx_import/default.nix
+++ b/pkgs/development/ocaml-modules/ppx_import/default.nix
@@ -1,27 +1,28 @@
-{ lib, fetchurl, buildDunePackage, ocaml
-, ounit, ppx_deriving, ppx_tools_versioned
-, ppxlib, ocaml-migrate-parsetree
+{ lib, fetchurl, buildDunePackage
+, ppx_tools_versioned
+, ocaml-migrate-parsetree
+, ounit, ppx_deriving, ppxlib
 }:
 
 buildDunePackage rec {
   pname = "ppx_import";
-  version = "1.7.1";
+  version = "1.8.0";
 
   useDune2 = true;
 
   minimumOCamlVersion = "4.04";
 
   src = fetchurl {
-    url = "https://github.com/ocaml-ppx/ppx_import/releases/download/v${version}/ppx_import-v${version}.tbz";
-    sha256 = "16dyxfb7syz659rqa7yq36ny5vzl7gkqd7f4m6qm2zkjc1gc8j4v";
+    url = "https://github.com/ocaml-ppx/ppx_import/releases/download/v${version}/ppx_import-${version}.tbz";
+    sha256 = "0zqcj70yyp4ik4jc6jz3qs2xhb94vxc6yq9ij0d5cyak28klc3gv";
   };
 
   propagatedBuildInputs = [
-    ppxlib ppx_tools_versioned ocaml-migrate-parsetree
+    ppx_tools_versioned ocaml-migrate-parsetree
   ];
 
   doCheck = true;
-  checkInputs = [ ounit ppx_deriving ];
+  checkInputs = [ ounit ppx_deriving ppxlib ];
 
   meta = {
     description = "A syntax extension that allows to pull in types or signatures from other compiled interface files";
diff --git a/pkgs/development/ocaml-modules/tcpip/default.nix b/pkgs/development/ocaml-modules/tcpip/default.nix
index 80fa01066f1..6e639f984cb 100644
--- a/pkgs/development/ocaml-modules/tcpip/default.nix
+++ b/pkgs/development/ocaml-modules/tcpip/default.nix
@@ -1,5 +1,5 @@
 { lib, buildDunePackage, fetchurl
-, bisect_ppx, ppx_cstruct
+, bisect_ppx, ppx_cstruct, pkg-config
 , rresult, cstruct, cstruct-lwt, mirage-net, mirage-clock
 , mirage-random, mirage-stack, mirage-protocols, mirage-time
 , ipaddr, macaddr, macaddr-cstruct, mirage-profile, fmt
@@ -11,18 +11,23 @@
 
 buildDunePackage rec {
   pname = "tcpip";
-  version = "6.0.0";
+  version = "6.1.0";
 
   useDune2 = true;
 
   src = fetchurl {
     url = "https://github.com/mirage/mirage-${pname}/releases/download/v${version}/${pname}-v${version}.tbz";
-    sha256 = "0wbrs8jz1vw3zdrqmqcwawxh4yhc2gy30rw7gz4w116cblkvnb8s";
+    sha256 = "e81c98a6e80e05f9fa4e5fbee50e6c247f6011254c7b1d9a0e58bae318c1f0c8";
   };
 
+  patches = [
+    ./no-opam-pkg-config-path.patch
+  ];
+
   nativeBuildInputs = [
     bisect_ppx
     ppx_cstruct
+    pkg-config
   ];
 
   propagatedBuildInputs = [
diff --git a/pkgs/development/ocaml-modules/tcpip/no-opam-pkg-config-path.patch b/pkgs/development/ocaml-modules/tcpip/no-opam-pkg-config-path.patch
new file mode 100644
index 00000000000..a7e9155ce5a
--- /dev/null
+++ b/pkgs/development/ocaml-modules/tcpip/no-opam-pkg-config-path.patch
@@ -0,0 +1,21 @@
+diff --git a/freestanding/Makefile b/freestanding/Makefile
+index f22d220d..4bb3ac57 100644
+--- a/freestanding/Makefile
++++ b/freestanding/Makefile
+@@ -1,6 +1,4 @@
+-PKG_CONFIG_PATH := $(shell opam config var prefix)/lib/pkgconfig
+-
+-EXISTS := $(shell PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) pkg-config --exists ocaml-freestanding; echo $$?)
++EXISTS := $(shell pkg-config --exists ocaml-freestanding; echo $$?)
+ 
+ .PHONY: all clean
+ all: libtcpip_freestanding_stubs.a
+@@ -10,7 +8,7 @@ libtcpip_freestanding_stubs.a:
+ 	touch $@
+ else
+ CC ?= cc
+-FREESTANDING_CFLAGS := $(shell PKG_CONFIG_PATH=$(PKG_CONFIG_PATH) pkg-config --cflags ocaml-freestanding)
++FREESTANDING_CFLAGS := $(shell pkg-config --cflags ocaml-freestanding)
+ CFLAGS := $(FREESTANDING_CFLAGS)
+ 
+ OBJS=checksum_stubs.o
diff --git a/pkgs/development/python-modules/ajsonrpc/default.nix b/pkgs/development/python-modules/ajsonrpc/default.nix
new file mode 100644
index 00000000000..e5a81d9cfa6
--- /dev/null
+++ b/pkgs/development/python-modules/ajsonrpc/default.nix
@@ -0,0 +1,24 @@
+{ lib, pythonOlder, buildPythonPackage, fetchPypi, pytestCheckHook }:
+
+buildPythonPackage rec {
+  pname = "ajsonrpc";
+  version = "1.1.0";
+
+  disabled = pythonOlder "3.5";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "1b5r8975wdnk3qnc1qjnn4lkxmqcir3brbwnxml9ii90dnsw408a";
+  };
+
+  checkInputs = [ pytestCheckHook ];
+
+  pythonImportsCheck = [ "ajsonrpc" ];
+
+  meta = with lib; {
+    description = "Async JSON-RPC 2.0 protocol + asyncio server";
+    homepage = "https://github.com/pavlov99/ajsonrpc";
+    license = licenses.mit;
+    maintainers = with maintainers; [ oxzi ];
+  };
+}
diff --git a/pkgs/development/python-modules/azure-mgmt-netapp/default.nix b/pkgs/development/python-modules/azure-mgmt-netapp/default.nix
index ec1caa5c3e4..35dc7ef05ab 100644
--- a/pkgs/development/python-modules/azure-mgmt-netapp/default.nix
+++ b/pkgs/development/python-modules/azure-mgmt-netapp/default.nix
@@ -6,13 +6,13 @@
 }:
 
 buildPythonPackage rec {
-  version = "1.0.0";
+  version = "2.0.0";
   pname = "azure-mgmt-netapp";
   disabled = isPy27;
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "e2c0cecd634c0a106e389f39ad767bfd1d718d90692e4e3c9664b1fe9a792ade";
+    sha256 = "ff3b663e36c961e86fc0cdbd6f9fb9fb863d3e7db9035fe713af7299e809ee5e";
     extension = "zip";
   };
 
diff --git a/pkgs/development/python-modules/backports_ssl_match_hostname/default.nix b/pkgs/development/python-modules/backports_ssl_match_hostname/default.nix
index d6fecfbdfb9..a7403e16123 100644
--- a/pkgs/development/python-modules/backports_ssl_match_hostname/default.nix
+++ b/pkgs/development/python-modules/backports_ssl_match_hostname/default.nix
@@ -1,8 +1,9 @@
-{ lib, buildPythonPackage, fetchPypi }:
+{ lib, buildPythonPackage, fetchPypi, pythonAtLeast }:
 
 buildPythonPackage rec {
   pname = "backports.ssl_match_hostname";
   version = "3.7.0.1";
+  disabled = pythonAtLeast "3.7";
 
   src = fetchPypi {
     inherit pname version;
diff --git a/pkgs/development/python-modules/bleak/default.nix b/pkgs/development/python-modules/bleak/default.nix
index 38390e8377e..f229beb2b04 100644
--- a/pkgs/development/python-modules/bleak/default.nix
+++ b/pkgs/development/python-modules/bleak/default.nix
@@ -1,14 +1,16 @@
-{ lib, buildPythonPackage, isPy3k, fetchPypi, bluez, txdbus, pytest, pytestcov }:
+{ lib, buildPythonPackage, isPy3k, fetchPypi
+, bluez, dbus-next, pytestCheckHook, pytest-cov
+}:
 
 buildPythonPackage rec {
   pname = "bleak";
-  version = "0.10.0";
+  version = "0.11.0";
 
   disabled = !isPy3k;
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "5c3a873965f2910865895e572e7a4f10533d6e150e6ba17936397426bf8d1eee";
+    sha256 = "1zs5lz3r17a2xn19i4na132iccyjsl9navj0d3v7gks7hlcad5kp";
   };
 
   postPatch = ''
@@ -19,10 +21,11 @@ buildPythonPackage rec {
       --replace \"bluetoothctl\" \"${bluez}/bin/bluetoothctl\"
   '';
 
-  propagatedBuildInputs = [ txdbus ];
-  checkInputs = [ pytest pytestcov ];
+  propagatedBuildInputs = [ dbus-next ];
 
-  checkPhase = "AGENT_OS=linux py.test";
+  checkInputs = [ pytestCheckHook pytest-cov ];
+
+  pythonImportsCheck = [ "bleak" ];
 
   meta = with lib; {
     description = "Bluetooth Low Energy platform Agnostic Klient for Python";
diff --git a/pkgs/development/python-modules/boto3/default.nix b/pkgs/development/python-modules/boto3/default.nix
index ac5247921a5..cdd6af447b4 100644
--- a/pkgs/development/python-modules/boto3/default.nix
+++ b/pkgs/development/python-modules/boto3/default.nix
@@ -13,11 +13,11 @@
 
 buildPythonPackage rec {
   pname = "boto3";
-  version = "1.17.29"; # N.B: if you change this, change botocore and awscli to a matching version
+  version = "1.17.30"; # N.B: if you change this, change botocore and awscli to a matching version
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-MTlvyv/fwPRltN524eyuU4lOuGmwAP+lSqFpOpjbOjw=";
+    sha256 = "sha256-05wEtR5gGX9VA/hInwQ7yQSYFWfMhDHTiTZ3Z9w/1a4=";
   };
 
   propagatedBuildInputs = [ botocore jmespath s3transfer ] ++ lib.optionals (!isPy3k) [ futures ];
diff --git a/pkgs/development/python-modules/botocore/default.nix b/pkgs/development/python-modules/botocore/default.nix
index d48b9eded89..ca8ef220c9f 100644
--- a/pkgs/development/python-modules/botocore/default.nix
+++ b/pkgs/development/python-modules/botocore/default.nix
@@ -12,11 +12,11 @@
 
 buildPythonPackage rec {
   pname = "botocore";
-  version = "1.20.29"; # N.B: if you change this, change boto3 and awscli to a matching version
+  version = "1.20.30"; # N.B: if you change this, change boto3 and awscli to a matching version
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-GEt9JrBmn9ZayBk2YjdtEmfYAOAFtpQStXzILF/76TU=";
+    sha256 = "sha256-mP8eshDTlKH/5zazPIp75o8w8KA1ULVZxbtv3wwpMo0=";
   };
 
   propagatedBuildInputs = [
diff --git a/pkgs/development/python-modules/bx-python/default.nix b/pkgs/development/python-modules/bx-python/default.nix
index 395978396a5..aa1e3d1d864 100644
--- a/pkgs/development/python-modules/bx-python/default.nix
+++ b/pkgs/development/python-modules/bx-python/default.nix
@@ -3,14 +3,14 @@
 
 buildPythonPackage rec {
   pname = "bx-python";
-  version = "0.8.10";
+  version = "0.8.11";
   disabled = isPy27;
 
   src = fetchFromGitHub {
     owner = "bxlab";
     repo = "bx-python";
     rev = "v${version}";
-    sha256 = "09q5nrv0w9b1bclc7g80bih87ikffhvia22d6cpdc747wjrzz8il";
+    sha256 = "0cz5vgw19hmkcg689vr540q2gl2lb3xcf1lphm7zbfp8wmypcadm";
   };
 
   nativeBuildInputs = [ cython ];
diff --git a/pkgs/development/python-modules/cupy/default.nix b/pkgs/development/python-modules/cupy/default.nix
index 5c4978a388f..d4b42ac83e8 100644
--- a/pkgs/development/python-modules/cupy/default.nix
+++ b/pkgs/development/python-modules/cupy/default.nix
@@ -1,7 +1,7 @@
 { lib, buildPythonPackage
 , fetchPypi, isPy3k, linuxPackages
 , fastrlock, numpy, six, wheel, pytest, mock, setuptools
-, cudatoolkit, cudnn, nccl
+, cudatoolkit, cudnn, cutensor, nccl
 }:
 
 buildPythonPackage rec {
@@ -26,6 +26,7 @@ buildPythonPackage rec {
   propagatedBuildInputs = [
     cudatoolkit
     cudnn
+    cutensor
     linuxPackages.nvidia_x11
     nccl
     fastrlock
diff --git a/pkgs/development/python-modules/databricks-cli/default.nix b/pkgs/development/python-modules/databricks-cli/default.nix
index 54cec0f98ad..547b9a3af7a 100644
--- a/pkgs/development/python-modules/databricks-cli/default.nix
+++ b/pkgs/development/python-modules/databricks-cli/default.nix
@@ -9,11 +9,11 @@
 
 buildPythonPackage rec {
   pname = "databricks-cli";
-  version = "0.14.2";
+  version = "0.14.3";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "9e956f0efb7aad100d9963f223db986392cf2dc3e9922f2f83e55d372e84ef16";
+    sha256 = "bdf89a3917a3f8f8b99163e38d40e66dc478c7408954747f145cd09816b05e2c";
   };
 
   checkInputs = [
diff --git a/pkgs/development/python-modules/datashader/default.nix b/pkgs/development/python-modules/datashader/default.nix
index ad5cc8bfb03..d656a203b9e 100644
--- a/pkgs/development/python-modules/datashader/default.nix
+++ b/pkgs/development/python-modules/datashader/default.nix
@@ -24,11 +24,11 @@
 
 buildPythonPackage rec {
   pname = "datashader";
-  version = "0.12.0";
+  version = "0.12.1";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-CnV6ne3cbMtoVUBDqXf4n3tlEMzuKp7H8Ju7Qrzn9es=";
+    sha256 = "a135612876dc3e4b16ccb9ddb70de50519825c8c1be251b49aefa550bcf8a39a";
   };
 
   propagatedBuildInputs = [
diff --git a/pkgs/development/python-modules/ftfy/default.nix b/pkgs/development/python-modules/ftfy/default.nix
index dbc36317228..403ca524792 100644
--- a/pkgs/development/python-modules/ftfy/default.nix
+++ b/pkgs/development/python-modules/ftfy/default.nix
@@ -2,36 +2,31 @@
 , buildPythonPackage
 , isPy3k
 , fetchPypi
-, html5lib
 , wcwidth
-, setuptools
-, pytest
+, pytestCheckHook
 }:
 
 buildPythonPackage rec {
   pname = "ftfy";
-  version = "5.8";
+  version = "5.9";
 
   disabled = !isPy3k;
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "081p5z20dirrf1i3nshylc31qd5mbxibjc7gzj8x4isbiizpdisi";
+    sha256 = "8c4fb2863c0b82eae2ab3cf353d9ade268dfbde863d322f78d6a9fd5cefb31e9";
   };
 
   propagatedBuildInputs = [
-    html5lib
     wcwidth
-    setuptools
   ];
 
   checkInputs = [
-    pytest
+    pytestCheckHook
   ];
 
-  # We suffix PATH like this because the tests want the ftfy executable
-  checkPhase = ''
-    PATH=$out/bin:$PATH pytest
+  preCheck = ''
+    export PATH=$out/bin:$PATH
   '';
 
   meta = with lib; {
diff --git a/pkgs/development/python-modules/geventhttpclient/default.nix b/pkgs/development/python-modules/geventhttpclient/default.nix
index c6ccf881156..5563ff94baf 100644
--- a/pkgs/development/python-modules/geventhttpclient/default.nix
+++ b/pkgs/development/python-modules/geventhttpclient/default.nix
@@ -6,6 +6,7 @@
 , certifi
 , six
 , backports_ssl_match_hostname
+, pythonOlder
 }:
 
 buildPythonPackage rec {
@@ -18,7 +19,8 @@ buildPythonPackage rec {
   };
 
   buildInputs = [ pytest ];
-  propagatedBuildInputs = [ gevent certifi six backports_ssl_match_hostname ];
+  propagatedBuildInputs = [ gevent certifi six ]
+    ++ lib.optionals (pythonOlder "3.7") [ backports_ssl_match_hostname ];
 
   # Several tests fail that require network
   doCheck = false;
diff --git a/pkgs/development/python-modules/google-cloud-bigquery-datatransfer/default.nix b/pkgs/development/python-modules/google-cloud-bigquery-datatransfer/default.nix
index 8f67fed79d7..ccc8aa83975 100644
--- a/pkgs/development/python-modules/google-cloud-bigquery-datatransfer/default.nix
+++ b/pkgs/development/python-modules/google-cloud-bigquery-datatransfer/default.nix
@@ -11,11 +11,11 @@
 
 buildPythonPackage rec {
   pname = "google-cloud-bigquery-datatransfer";
-  version = "3.0.0";
+  version = "3.0.1";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "0hmsqvs2srmqcwmli48vd5vw829zax3pwj63fsxig6sdhjlf6j7j";
+    sha256 = "c5669410018eb41cecf6f9c90136d24d0ca9ed141bda8fbb3d52cd3de7162960";
   };
 
   propagatedBuildInputs = [ google-api-core libcst proto-plus ];
diff --git a/pkgs/development/python-modules/google-cloud-bigquery/default.nix b/pkgs/development/python-modules/google-cloud-bigquery/default.nix
index 2aa615a221f..6f2e6c473a3 100644
--- a/pkgs/development/python-modules/google-cloud-bigquery/default.nix
+++ b/pkgs/development/python-modules/google-cloud-bigquery/default.nix
@@ -17,11 +17,11 @@
 
 buildPythonPackage rec {
   pname = "google-cloud-bigquery";
-  version = "2.11.0";
+  version = "2.12.0";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "d8f8464188e3eb03925a4f4acbf4e8fbfbde84a06145bd8a52c6b736113713ae";
+    sha256 = "484bb733e5dd14bb82d28480a5d7f540b8ee59f081fcf32782546b717180d1b8";
   };
 
   propagatedBuildInputs = [
diff --git a/pkgs/development/python-modules/gradient-utils/default.nix b/pkgs/development/python-modules/gradient-utils/default.nix
index 49fff6f6cee..ee8d1bde622 100644
--- a/pkgs/development/python-modules/gradient-utils/default.nix
+++ b/pkgs/development/python-modules/gradient-utils/default.nix
@@ -26,7 +26,7 @@ buildPythonPackage rec {
     substituteInPlace pyproject.toml \
       --replace 'numpy = "1.18.5"' 'numpy = "^1.18.5"' \
       --replace 'hyperopt = "0.1.2"' 'hyperopt = ">=0.1.2"' \
-      --replace 'wheel = "^0.35.1"' 'wheel = "^0.36"'
+      --replace 'wheel = "^0.35.1"' 'wheel = "*"'
   '';
 
   nativeBuildInputs = [ poetry-core ];
diff --git a/pkgs/development/python-modules/gradient/default.nix b/pkgs/development/python-modules/gradient/default.nix
index 05a590e52fe..c74501c621e 100644
--- a/pkgs/development/python-modules/gradient/default.nix
+++ b/pkgs/development/python-modules/gradient/default.nix
@@ -7,11 +7,11 @@
 
 buildPythonPackage rec {
   pname = "gradient";
-  version = "1.4.2";
+  version = "1.4.3";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "2ed10db306d4c8632b7d04d71d44a04331a6e80e5ebab7296a98e67e8a50fb71";
+    sha256 = "a8fa91669c97440049132119019e90d0a9cf09e96352cf43c7c6ca244894bd4e";
   };
 
   postPatch = ''
diff --git a/pkgs/development/python-modules/jenkins-job-builder/default.nix b/pkgs/development/python-modules/jenkins-job-builder/default.nix
index 7d4f6dd9363..3ae6bf84ae4 100644
--- a/pkgs/development/python-modules/jenkins-job-builder/default.nix
+++ b/pkgs/development/python-modules/jenkins-job-builder/default.nix
@@ -10,11 +10,11 @@
 
 buildPythonPackage rec {
   pname = "jenkins-job-builder";
-  version = "3.8.0";
+  version = "3.9.0";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-uRyeRP1y3GS7tXb0kHLBi7+trJRme/Ke3xgOY+LqZ6k=";
+    sha256 = "4a53e146843d567c375c2e61e70a840d75a412402fd78c1dd3da5642a6aaa375";
   };
 
   postPatch = ''
diff --git a/pkgs/development/python-modules/mat2/default.nix b/pkgs/development/python-modules/mat2/default.nix
new file mode 100644
index 00000000000..2e720f8ba7e
--- /dev/null
+++ b/pkgs/development/python-modules/mat2/default.nix
@@ -0,0 +1,98 @@
+{ lib
+, buildPythonPackage
+, python
+, pythonOlder
+, fetchFromGitLab
+, substituteAll
+, bubblewrap
+, exiftool
+, ffmpeg
+, mime-types
+, wrapGAppsHook
+, gdk-pixbuf
+, gobject-introspection
+, librsvg
+, poppler_gi
+, mutagen
+, pygobject3
+, pycairo
+, dolphinIntegration ? false, plasma5Packages
+}:
+
+buildPythonPackage rec {
+  pname = "mat2";
+  version = "0.12.0";
+
+  disabled = pythonOlder "3.5";
+
+  src = fetchFromGitLab {
+    domain = "0xacab.org";
+    owner = "jvoisin";
+    repo = "mat2";
+    rev = version;
+    sha256 = "0amxwwmcf47dakfm6zvsksv6ja7rz7dpmd1z2rsspy8yds6zgxs7";
+  };
+
+  patches = [
+    # hardcode paths to some binaries
+    (substituteAll ({
+      src = ./paths.patch;
+      bwrap = "${bubblewrap}/bin/bwrap";
+      exiftool = "${exiftool}/bin/exiftool";
+      ffmpeg = "${ffmpeg}/bin/ffmpeg";
+      # remove once faf0f8a8a4134edbeec0a73de7f938453444186d is in master
+      mimetypes = "${mime-types}/etc/mime.types";
+    } // lib.optionalAttrs dolphinIntegration {
+      kdialog = "${plasma5Packages.kdialog}/bin/kdialog";
+    }))
+    # the executable shouldn't be called .mat2-wrapped
+    ./executable-name.patch
+    # hardcode path to mat2 executable
+    ./tests.patch
+  ];
+
+  postPatch = ''
+    substituteInPlace dolphin/mat2.desktop \
+      --replace "@mat2@" "$out/bin/mat2" \
+      --replace "@mat2svg@" "$out/share/icons/hicolor/scalable/apps/mat2.svg"
+  '';
+
+  nativeBuildInputs = [
+    wrapGAppsHook
+  ];
+
+  buildInputs = [
+    gdk-pixbuf
+    gobject-introspection
+    librsvg
+    poppler_gi
+  ];
+
+  propagatedBuildInputs = [
+    mutagen
+    pygobject3
+    pycairo
+  ];
+
+  postInstall = ''
+    install -Dm 444 data/mat2.svg -t "$out/share/icons/hicolor/scalable/apps"
+    install -Dm 444 doc/mat2.1 -t "$out/share/man/man1"
+    install -Dm 444 nautilus/mat2.py -t "$out/share/nautilus-python/extensions"
+    buildPythonPath "$out $pythonPath"
+    patchPythonScript "$out/share/nautilus-python/extensions/mat2.py"
+  '' + lib.optionalString dolphinIntegration ''
+    install -Dm 444 dolphin/mat2.desktop -t "$out/share/kservices5/ServiceMenus"
+  '';
+
+  checkPhase = ''
+    ${python.interpreter} -m unittest discover -v
+  '';
+
+  meta = with lib; {
+    description = "A handy tool to trash your metadata";
+    homepage = "https://0xacab.org/jvoisin/mat2";
+    changelog = "https://0xacab.org/jvoisin/mat2/-/blob/${version}/CHANGELOG.md";
+    license = licenses.lgpl3Plus;
+    maintainers = with maintainers; [ dotlambda ];
+  };
+}
diff --git a/pkgs/development/python-modules/mat2/executable-name.patch b/pkgs/development/python-modules/mat2/executable-name.patch
new file mode 100644
index 00000000000..6eee0a94940
--- /dev/null
+++ b/pkgs/development/python-modules/mat2/executable-name.patch
@@ -0,0 +1,13 @@
+diff --git a/mat2 b/mat2
+index 3b77e1e..b99a633 100755
+--- a/mat2
++++ b/mat2
+@@ -46,7 +46,7 @@ def __check_file(filename: str, mode: int = os.R_OK) -> bool:
+ 
+ 
+ def create_arg_parser() -> argparse.ArgumentParser:
+-    parser = argparse.ArgumentParser(description='Metadata anonymisation toolkit 2')
++    parser = argparse.ArgumentParser(description='Metadata anonymisation toolkit 2', prog='mat2')
+ 
+     parser.add_argument('-V', '--verbose', action='store_true',
+                         help='show more verbose status information')
diff --git a/pkgs/development/python-modules/mat2/paths.patch b/pkgs/development/python-modules/mat2/paths.patch
new file mode 100644
index 00000000000..e0144be9fef
--- /dev/null
+++ b/pkgs/development/python-modules/mat2/paths.patch
@@ -0,0 +1,111 @@
+diff --git a/dolphin/mat2.desktop b/dolphin/mat2.desktop
+index e623962..5d69ae2 100644
+--- a/dolphin/mat2.desktop
++++ b/dolphin/mat2.desktop
+@@ -7,5 +7,5 @@ Type=Service
+ [Desktop Action cleanMetadata]
+ Name=Clean metadata
+ Name[es]=Limpiar metadatos
+-Icon=/usr/share/icons/hicolor/scalable/apps/mat2.svg
+-Exec=kdialog --yesno  "$( mat2 -s %U )" --title "Clean Metadata?" && mat2 %U
++Icon=@mat2svg@
++Exec=@kdialog@ --yesno  "$( @mat2@ -s %U )" --title "Clean Metadata?" && @mat2@ %U
+diff --git a/libmat2/bubblewrap.py b/libmat2/bubblewrap.py
+index 970d5dd..5d3c0b7 100644
+--- a/libmat2/bubblewrap.py
++++ b/libmat2/bubblewrap.py
+@@ -22,11 +22,7 @@ CalledProcessError = subprocess.CalledProcessError
+ 
+ 
+ def _get_bwrap_path() -> str:
+-    which_path = shutil.which('bwrap')
+-    if which_path:
+-        return which_path
+-
+-    raise RuntimeError("Unable to find bwrap")  # pragma: no cover
++    return '@bwrap@'
+ 
+ 
+ def _get_bwrap_args(tempdir: str,
+@@ -37,16 +33,11 @@ def _get_bwrap_args(tempdir: str,
+ 
+     # XXX: use --ro-bind-try once all supported platforms
+     # have a bubblewrap recent enough to support it.
+-    ro_bind_dirs = ['/usr', '/lib', '/lib64', '/bin', '/sbin', '/etc/alternatives', cwd]
++    ro_bind_dirs = ['/nix/store', cwd]
+     for bind_dir in ro_bind_dirs:
+         if os.path.isdir(bind_dir):  # pragma: no cover
+             ro_bind_args.extend(['--ro-bind', bind_dir, bind_dir])
+ 
+-    ro_bind_files = ['/etc/ld.so.cache']
+-    for bind_file in ro_bind_files:
+-        if os.path.isfile(bind_file):  # pragma: no cover
+-            ro_bind_args.extend(['--ro-bind', bind_file, bind_file])
+-
+     args = ro_bind_args + \
+         ['--dev', '/dev',
+          '--proc', '/proc',
+diff --git a/libmat2/exiftool.py b/libmat2/exiftool.py
+index eb65b2a..51a0fa1 100644
+--- a/libmat2/exiftool.py
++++ b/libmat2/exiftool.py
+@@ -1,8 +1,6 @@
+-import functools
+ import json
+ import logging
+ import os
+-import shutil
+ import subprocess
+ from typing import Dict, Union, Set
+ 
+@@ -70,14 +68,5 @@ class ExiftoolParser(abstract.AbstractParser):
+             return False
+         return True
+ 
+-@functools.lru_cache()
+ def _get_exiftool_path() -> str:  # pragma: no cover
+-    which_path = shutil.which('exiftool')
+-    if which_path:
+-        return which_path
+-
+-    # Exiftool on Arch Linux has a weird path
+-    if os.access('/usr/bin/vendor_perl/exiftool', os.X_OK):
+-        return '/usr/bin/vendor_perl/exiftool'
+-
+-    raise RuntimeError("Unable to find exiftool")
++    return '@exiftool@'
+diff --git a/libmat2/parser_factory.py b/libmat2/parser_factory.py
+index 9965432..bd45179 100644
+--- a/libmat2/parser_factory.py
++++ b/libmat2/parser_factory.py
+@@ -8,6 +8,7 @@ from . import abstract, UNSUPPORTED_EXTENSIONS
+ 
+ T = TypeVar('T', bound='abstract.AbstractParser')
+ 
++mimetypes.init(['@mimetypes@'])
+ mimetypes.add_type('application/epub+zip', '.epub')
+ mimetypes.add_type('application/x-dtbncx+xml', '.ncx')  # EPUB Navigation Control XML File
+ 
+diff --git a/libmat2/video.py b/libmat2/video.py
+index b4a3232..3dd7ee5 100644
+--- a/libmat2/video.py
++++ b/libmat2/video.py
+@@ -1,6 +1,4 @@
+ import subprocess
+-import functools
+-import shutil
+ import logging
+ 
+ from typing import Dict, Union
+@@ -135,10 +133,5 @@ class MP4Parser(AbstractFFmpegParser):
+     }
+ 
+ 
+-@functools.lru_cache()
+ def _get_ffmpeg_path() -> str:  # pragma: no cover
+-    which_path = shutil.which('ffmpeg')
+-    if which_path:
+-        return which_path
+-
+-    raise RuntimeError("Unable to find ffmpeg")
++    return '@ffmpeg@'
diff --git a/pkgs/development/python-modules/mat2/tests.patch b/pkgs/development/python-modules/mat2/tests.patch
new file mode 100644
index 00000000000..8958d937dd4
--- /dev/null
+++ b/pkgs/development/python-modules/mat2/tests.patch
@@ -0,0 +1,18 @@
+diff --git a/tests/test_climat2.py b/tests/test_climat2.py
+index cede642..2d5ad77 100644
+--- a/tests/test_climat2.py
++++ b/tests/test_climat2.py
+@@ -10,12 +10,7 @@ import glob
+ from libmat2 import images, parser_factory
+ 
+ 
+-mat2_binary = ['./mat2']
+-
+-if 'MAT2_GLOBAL_PATH_TESTSUITE' in os.environ:
+-    # Debian runs tests after installing the package
+-    # https://0xacab.org/jvoisin/mat2/issues/16#note_153878
+-    mat2_binary = ['/usr/bin/env', 'mat2']
++mat2_binary = [os.environ['out'] + '/bin/mat2']
+ 
+ 
+ class TestHelp(unittest.TestCase):
diff --git a/pkgs/development/python-modules/mergedeep/default.nix b/pkgs/development/python-modules/mergedeep/default.nix
index cdd19beb68d..46de3405023 100644
--- a/pkgs/development/python-modules/mergedeep/default.nix
+++ b/pkgs/development/python-modules/mergedeep/default.nix
@@ -2,7 +2,7 @@
 
 buildPythonPackage rec {
   pname = "mergedeep";
-  version = "1.3.1";
+  version = "1.3.4";
   disabled = isPy27;
 
   # PyPI tarball doesn't include tests directory
@@ -10,7 +10,7 @@ buildPythonPackage rec {
     owner = "clarketm";
     repo = "mergedeep";
     rev = "v${version}";
-    sha256 = "1ryccb64hg438y1wsjlfp4ciq05q4c6khwhllwdnndm8cbkbrgph";
+    sha256 = "1msvvdzk33sxzgyvs4fs8dlsrsi7fjj038z83s0yw5h8m8d78469";
   };
 
   checkInputs = [ pytest ];
diff --git a/pkgs/development/python-modules/minidump/default.nix b/pkgs/development/python-modules/minidump/default.nix
index 346430d2392..60440ff4b48 100644
--- a/pkgs/development/python-modules/minidump/default.nix
+++ b/pkgs/development/python-modules/minidump/default.nix
@@ -5,11 +5,11 @@
 
 buildPythonPackage rec {
   pname = "minidump";
-  version = "0.0.13";
+  version = "0.0.15";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "1w93yh2dz7llxjgv0jn7gf9praz7d5952is7idgh0lsyj67ri2ms";
+    sha256 = "sha256-IVlzAsnl1KhErxWPi96hUFlIX4IN3Y9t8OicckdYUv0=";
   };
 
   # Upstream doesn't have tests
diff --git a/pkgs/development/python-modules/pillow/generic.nix b/pkgs/development/python-modules/pillow/generic.nix
index dbf27febeb9..64ae9189559 100644
--- a/pkgs/development/python-modules/pillow/generic.nix
+++ b/pkgs/development/python-modules/pillow/generic.nix
@@ -26,6 +26,9 @@ buildPythonPackage rec {
     # pillow-simd
     "test_roundtrip"
     "test_basic"
+  ] ++ lib.optionals (lib.versions.major version == "6") [
+    # RuntimeError: Error setting from dictionary
+    "test_custom_metadata"
   ];
 
   propagatedBuildInputs = [ olefile ];
diff --git a/pkgs/development/python-modules/pyinsteon/default.nix b/pkgs/development/python-modules/pyinsteon/default.nix
index cd8c566c465..cfe5112ab22 100644
--- a/pkgs/development/python-modules/pyinsteon/default.nix
+++ b/pkgs/development/python-modules/pyinsteon/default.nix
@@ -17,14 +17,14 @@
 
 buildPythonPackage rec {
   pname = "pyinsteon";
-  version = "1.0.9";
+  version = "1.0.10";
   disabled = pythonOlder "3.6";
 
   src = fetchFromGitHub {
     owner = pname;
     repo = pname;
     rev = version;
-    sha256 = "sha256-+3tA+YdpTKDt7uOSl6Z1G8jTjpBJ8S9gjiQTacQSFTc=";
+    sha256 = "sha256-8b/PvMFHvYGVWw6ycLnL8n972cn+1QW/VTMiblMPam4=";
   };
 
   propagatedBuildInputs = [
diff --git a/pkgs/development/python-modules/pymazda/default.nix b/pkgs/development/python-modules/pymazda/default.nix
index 145b405922d..8b390ac12fa 100644
--- a/pkgs/development/python-modules/pymazda/default.nix
+++ b/pkgs/development/python-modules/pymazda/default.nix
@@ -8,12 +8,12 @@
 
 buildPythonPackage rec {
   pname = "pymazda";
-  version = "0.0.9";
+  version = "0.0.10";
   disabled = pythonOlder "3.6";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "15kygabjlxmy3g5kj48ixqdwaz8qrfzxj8ii27cidsp2fq8ph165";
+    sha256 = "sha256-sJj4RkVaELNitcz1H8YitNgIx4f35WeQf7M5miYD5yI=";
   };
 
   propagatedBuildInputs = [ aiohttp pycryptodome ];
diff --git a/pkgs/development/python-modules/pymitv/default.nix b/pkgs/development/python-modules/pymitv/default.nix
index ffaabb04a29..32f90d07dcb 100644
--- a/pkgs/development/python-modules/pymitv/default.nix
+++ b/pkgs/development/python-modules/pymitv/default.nix
@@ -7,12 +7,12 @@
 
 buildPythonPackage rec {
   pname = "pymitv";
-  version = "1.4.3";
+  version = "1.5.0";
   disabled = pythonOlder "3.5";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "0jbs1zhqpnsyad3pd8cqy1byv8m5bq17ydc6crmrfkjbp6xvvg3x";
+    sha256 = "sha256-0n4IS5W3nvYwKdl6FVf4upRrFDGdYHohsaXadFy8d8w=";
   };
 
   propagatedBuildInputs = [ requests ];
diff --git a/pkgs/development/python-modules/sagemaker/default.nix b/pkgs/development/python-modules/sagemaker/default.nix
index 7d9a985e39b..f95696e20b9 100644
--- a/pkgs/development/python-modules/sagemaker/default.nix
+++ b/pkgs/development/python-modules/sagemaker/default.nix
@@ -14,11 +14,11 @@
 
 buildPythonPackage rec {
   pname = "sagemaker";
-  version = "2.29.2";
+  version = "2.30.0";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-e+yrjtDC6d47+zEFv6WY7xGw9kDfKLrNyMh/IkC/bQs=";
+    sha256 = "sha256-3BxRDoaKxaXlKYGYQqhQ2DUO3XONvf6dlofE0pbXIho=";
   };
 
   pythonImportsCheck = [
diff --git a/pkgs/development/python-modules/soco/default.nix b/pkgs/development/python-modules/soco/default.nix
index e86144dff04..a72c413c186 100644
--- a/pkgs/development/python-modules/soco/default.nix
+++ b/pkgs/development/python-modules/soco/default.nix
@@ -30,10 +30,12 @@ buildPythonPackage rec {
     sha256 = "sha256-CCgkzUkt9YqTJt9tPBLmYXW6ZuRoMDd7xahYmNXgfM0=";
   };
 
-  patches = [(fetchpatch {
-    url = "https://patch-diff.githubusercontent.com/raw/SoCo/SoCo/pull/811.patch";
-    sha256 = "sha256-GBd74c8zc25ROO411SZ9TTa+bi8yXJaaOQqY9FM1qj4=";
-  })];
+  patches = [
+    (fetchpatch {
+      url = "https://patch-diff.githubusercontent.com/raw/SoCo/SoCo/pull/811.patch";
+      sha256 = "sha256-GBd74c8zc25ROO411SZ9TTa+bi8yXJaaOQqY9FM1qj4=";
+    })
+  ];
 
   # N.B. These exist because:
   # 1. Upstream's pinning isn't well maintained, leaving dependency versions no
diff --git a/pkgs/development/python-modules/tatsu/default.nix b/pkgs/development/python-modules/tatsu/default.nix
index 540c315c8ff..3a72b5c3102 100644
--- a/pkgs/development/python-modules/tatsu/default.nix
+++ b/pkgs/development/python-modules/tatsu/default.nix
@@ -6,22 +6,16 @@
 
 buildPythonPackage rec {
   pname = "TatSu";
-  version = "5.0.0";
+  version = "5.5.0";
 
   src = fetchFromGitHub {
     owner = "neogeny";
     repo = pname;
     rev = "v${version}";
-    sha256 = "1c16fcxf0xjkh5py9bnj6ljb9krhrj57mkwayl1w1dvzwl5lkgj3";
+    sha256 = "07bmdnwh99p60cgzhlb8s5vwi5v4r5zi8shymxnnarannkc66hzn";
   };
 
-  # Since version 5.0.0 only >=3.8 is officially supported, but ics is not
-  # compatible with Python 3.8 due to aiohttp:
-  disabled = pythonOlder "3.7";
-  postPatch = ''
-    substituteInPlace setup.py \
-      --replace "python_requires='>=3.8'," "python_requires='>=3.7',"
-  '';
+  disabled = pythonOlder "3.8";
 
   nativeBuildInputs = [ pytestrunner ];
   propagatedBuildInputs = [ colorama mypy pyyaml regex ]
diff --git a/pkgs/development/python-modules/yapf/default.nix b/pkgs/development/python-modules/yapf/default.nix
index 9c0e9d35399..9c759f3a2b7 100644
--- a/pkgs/development/python-modules/yapf/default.nix
+++ b/pkgs/development/python-modules/yapf/default.nix
@@ -1,19 +1,46 @@
-{ lib, buildPythonPackage, fetchPypi }:
+{ lib
+, buildPythonPackage
+, fetchPypi
+, nose
+}:
 
 buildPythonPackage rec {
   pname = "yapf";
-  version = "0.30.0";
+  version = "0.31.0";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "3000abee4c28daebad55da6c85f3cd07b8062ce48e2e9943c8da1b9667d48427";
+    hash = "sha256-QI+5orJUwwL0nbg8WfmqC0sP0OwlvjpcURgTJ5Iv9j0=";
   };
 
+  checkInputs = [
+    nose
+  ];
+
   meta = with lib; {
-    description = "A formatter for Python code.";
-    homepage    = "https://github.com/google/yapf";
-    license     = licenses.asl20;
-    maintainers = with maintainers; [ siddharthist ];
-  };
+    homepage = "https://github.com/google/yapf";
+    description = "Yet Another Python Formatter";
+    longDescription = ''
+      Most of the current formatters for Python --- e.g., autopep8, and pep8ify
+      --- are made to remove lint errors from code. This has some obvious
+      limitations. For instance, code that conforms to the PEP 8 guidelines may
+      not be reformatted. But it doesn't mean that the code looks good.
 
+      YAPF takes a different approach. It's based off of 'clang-format',
+      developed by Daniel Jasper. In essence, the algorithm takes the code and
+      reformats it to the best formatting that conforms to the style guide, even
+      if the original code didn't violate the style guide. The idea is also
+      similar to the 'gofmt' tool for the Go programming language: end all holy
+      wars about formatting - if the whole codebase of a project is simply piped
+      through YAPF whenever modifications are made, the style remains consistent
+      throughout the project and there's no point arguing about style in every
+      code review.
+
+      The ultimate goal is that the code YAPF produces is as good as the code
+      that a programmer would write if they were following the style guide. It
+      takes away some of the drudgery of maintaining your code.
+    '';
+    license = licenses.asl20;
+    maintainers = with maintainers; [ AndersonTorres siddharthist ];
+  };
 }
diff --git a/pkgs/development/python-modules/ytmusicapi/default.nix b/pkgs/development/python-modules/ytmusicapi/default.nix
new file mode 100644
index 00000000000..ed4a4165680
--- /dev/null
+++ b/pkgs/development/python-modules/ytmusicapi/default.nix
@@ -0,0 +1,33 @@
+{ lib
+, buildPythonPackage
+, isPy27
+, fetchPypi
+, requests
+}:
+
+buildPythonPackage rec {
+  pname = "ytmusicapi";
+  version = "0.14.3";
+
+  disabled = isPy27;
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "83251a95d5bd74116353d29dfda2d0c5055b88276a0876a313a66f8b9c691344";
+  };
+
+  propagatedBuildInputs = [
+    requests
+  ];
+
+  doCheck = false; # requires network access
+
+  pythonImportsCheck = [ "ytmusicapi" ];
+
+  meta = with lib; {
+    description = "Unofficial API for YouTube Music";
+    homepage = "https://github.com/sigma67/ytmusicapi";
+    license = licenses.mit;
+    maintainers = with maintainers; [ dotlambda ];
+  };
+}
diff --git a/pkgs/development/tools/analysis/flow/default.nix b/pkgs/development/tools/analysis/flow/default.nix
index 5c6fd8e3b90..0c6c9dbad08 100644
--- a/pkgs/development/tools/analysis/flow/default.nix
+++ b/pkgs/development/tools/analysis/flow/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "flow";
-  version = "0.145.0";
+  version = "0.146.0";
 
   src = fetchFromGitHub {
     owner  = "facebook";
     repo   = "flow";
     rev    = "refs/tags/v${version}";
-    sha256 = "sha256-6fRKXKh+hB/d2CcmZYYSlMzP1IGCl7fLdXCQ1M0wuY4=";
+    sha256 = "0kxws51hri0b4z7k05li6vg1arcdc7i5jzfibi0iplsfyy14159q";
   };
 
   installPhase = ''
diff --git a/pkgs/development/tools/analysis/tfsec/default.nix b/pkgs/development/tools/analysis/tfsec/default.nix
index 09a77d0f935..c3c3d2dd2bc 100644
--- a/pkgs/development/tools/analysis/tfsec/default.nix
+++ b/pkgs/development/tools/analysis/tfsec/default.nix
@@ -2,13 +2,13 @@
 
 buildGoPackage rec {
   pname = "tfsec";
-  version = "0.39.6";
+  version = "0.39.8";
 
   src = fetchFromGitHub {
     owner = "tfsec";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-2P+/y3iP/eMGGc0W1lHWWxO+uMy5gvlvjKzZ/8maJ9o=";
+    sha256 = "sha256-7LC7QT92Ecva/uQPwYEfbLQUpIesxa8pXrauMxIwZ98=";
   };
 
   goPackagePath = "github.com/tfsec/tfsec";
diff --git a/pkgs/development/tools/build-managers/dub/default.nix b/pkgs/development/tools/build-managers/dub/default.nix
index 2df829a0229..fb85c1f3326 100644
--- a/pkgs/development/tools/build-managers/dub/default.nix
+++ b/pkgs/development/tools/build-managers/dub/default.nix
@@ -1,4 +1,6 @@
-{ lib, stdenv, fetchFromGitHub, curl, dmd, libevent, rsync }:
+{ lib, stdenv, fetchFromGitHub, curl, libevent, rsync, ldc, dcompiler ? ldc }:
+
+assert dcompiler != null;
 
 stdenv.mkDerivation rec {
   pname = "dub";
@@ -24,12 +26,23 @@ stdenv.mkDerivation rec {
           --replace "dub remove" "\"${dubvar}\" remove"
   '';
 
-  nativeBuildInputs = [ dmd libevent rsync ];
+  nativeBuildInputs = [ dcompiler libevent rsync ];
   buildInputs = [ curl ];
 
   buildPhase = ''
-    export DMD=${dmd.out}/bin/dmd
-    ./build.sh
+    for dc_ in dmd ldmd2 gdmd; do
+      echo "... check for D compiler $dc_ ..."
+      dc=$(type -P $dc_ || echo "")
+      if [ ! "$dc" == "" ]; then
+        break
+      fi
+    done
+    if [ "$dc" == "" ]; then
+      exit "Error: could not find D compiler"
+    fi
+    echo "$dc_ found and used as D compiler to build $pname"
+    $dc ./build.d
+    ./build
   '';
 
   doCheck = !stdenv.isDarwin;
@@ -37,7 +50,8 @@ stdenv.mkDerivation rec {
   checkPhase = ''
     export DUB=$NIX_BUILD_TOP/source/bin/dub
     export PATH=$PATH:$NIX_BUILD_TOP/source/bin/
-    export DC=${dmd.out}/bin/dmd
+    export DC=${dcompiler.out}/bin/${dcompiler.pname}
+    echo "DC out --> $DC"
     export HOME=$TMP
 
     rm -rf test/issue502-root-import
@@ -46,7 +60,6 @@ stdenv.mkDerivation rec {
     rm test/issue990-download-optional-selected.sh
     rm test/issue877-auto-fetch-package-on-run.sh
     rm test/issue1037-better-dependency-messages.sh
-    rm test/issue1040-run-with-ver.sh
     rm test/issue1416-maven-repo-pkg-supplier.sh
     rm test/issue1180-local-cache-broken.sh
     rm test/issue1574-addcommand.sh
@@ -62,13 +75,73 @@ stdenv.mkDerivation rec {
     rm test/version-spec.sh
     rm test/0-init-multi.sh
     rm test/0-init-multi-json.sh
+    rm test/4-describe-data-1-list.sh
+    rm test/4-describe-data-3-zero-delim.sh
+    rm test/4-describe-import-paths.sh
+    rm test/4-describe-string-import-paths.sh
+    rm test/4-describe-json.sh
+    rm test/5-convert-stdout.sh
+    rm test/issue1003-check-empty-ld-flags.sh
+    rm test/issue103-single-file-package.sh
+    rm test/issue1040-run-with-ver.sh
+    rm test/issue1091-bogus-rebuild.sh
+    rm test/issue1194-warn-wrong-subconfig.sh
+    rm test/issue1277.sh
+    rm test/issue1372-ignore-files-in-hidden-dirs.sh
+    rm test/issue1447-build-settings-vars.sh
+    rm test/issue1531-toolchain-requirements.sh
+    rm test/issue346-redundant-flags.sh
+    rm test/issue361-optional-deps.sh
+    rm test/issue564-invalid-upgrade-dependency.sh
+    rm test/issue586-subpack-dep.sh
+    rm test/issue616-describe-vs-generate-commands.sh
+    rm test/issue686-multiple-march.sh
+    rm test/issue813-fixed-dependency.sh
+    rm test/issue813-pure-sub-dependency.sh
+    rm test/issue820-extra-fields-after-convert.sh
+    rm test/issue923-subpackage-deps.sh
+    rm test/single-file-sdl-default-name.sh
+    rm test/subpackage-common-with-sourcefile-globbing.sh
+    rm test/issue934-path-dep.sh
+    rm -r test/1-dynLib-simple
+    rm -r test/1-exec-simple-package-json
+    rm -r test/1-exec-simple
+    rm -r test/1-staticLib-simple
+    rm -r test/2-dynLib-dep
+    rm -r test/2-staticLib-dep
+    rm -r test/2-dynLib-with-staticLib-dep
+    rm -r test/2-sourceLib-dep/
+    rm -r test/3-copyFiles
+    rm -r test/custom-source-main-bug487
+    rm -r test/custom-unittest
+    rm -r test/issue1262-version-inheritance-diamond
+    rm -r test/issue1003-check-empty-ld-flags
+    rm -r test/ignore-hidden-1
+    rm -r test/ignore-hidden-2
+    rm -r test/issue1427-betterC
+    rm -r test/issue130-unicode-*
+    rm -r test/issue1262-version-inheritance
+    rm -r test/issue1372-ignore-files-in-hidden-dirs
+    rm -r test/issue1350-transitive-none-deps
+    rm -r test/issue1775
+    rm -r test/issue1447-build-settings-vars
+    rm -r test/issue1408-inherit-linker-files
+    rm -r test/issue1551-var-escaping
+    rm -r test/issue754-path-selection-fail
+    rm -r test/issue1788-incomplete-string-import-override
+    rm -r test/subpackage-ref
+    rm -r test/issue777-bogus-path-dependency
+    rm -r test/issue959-path-based-subpack-dep
+    rm -r test/issue97-targettype-none-nodeps
+    rm -r test/issue97-targettype-none-onerecipe
+    rm -r test/path-subpackage-ref
+    rm -r test/sdl-package-simple
 
     ./test/run-unittest.sh
   '';
 
   installPhase = ''
-    mkdir $out
-    mkdir $out/bin
+    mkdir -p $out/bin
     cp bin/dub $out/bin
   '';
 
diff --git a/pkgs/development/tools/build-managers/sbt/default.nix b/pkgs/development/tools/build-managers/sbt/default.nix
index 62d704fccd5..5b3ce3ab162 100644
--- a/pkgs/development/tools/build-managers/sbt/default.nix
+++ b/pkgs/development/tools/build-managers/sbt/default.nix
@@ -11,8 +11,7 @@ stdenv.mkDerivation rec {
   version = "1.4.9";
 
   src = fetchurl {
-    url =
-      "https://github.com/sbt/sbt/releases/download/v${version}/sbt-${version}.tgz";
+    url = "https://github.com/sbt/sbt/releases/download/v${version}/sbt-${version}.tgz";
     sha256 = "sha256-lUaBGfdkFJk2czCmCkuKYhHm6n+L3n1kfGexndj9224=";
   };
 
diff --git a/pkgs/development/tools/castxml/default.nix b/pkgs/development/tools/castxml/default.nix
index ff47bd0e9f3..f3d9b74181a 100644
--- a/pkgs/development/tools/castxml/default.nix
+++ b/pkgs/development/tools/castxml/default.nix
@@ -1,52 +1,69 @@
-{ lib, stdenv, fetchFromGitHub
-, python3Packages
+{ lib
+, stdenv
+, fetchFromGitHub
+, clang-unwrapped
 , cmake
-, llvmPackages
-, libffi, libxml2, zlib
-, withMan ? true
+, libclang
+, libffi
+, libxml2
+, llvm
+, sphinx
+, zlib
+, withManual ? true
+, withHTML ? true
 }:
-stdenv.mkDerivation rec {
 
-  pname   = "CastXML";
-  version = "0.3.4";
+stdenv.mkDerivation rec {
+  pname = "CastXML";
+  version = "0.4.3";
 
   src = fetchFromGitHub {
-    owner  = pname;
-    repo   = pname;
-    rev    = "v${version}";
-    sha256 = "0ypj67xrgj228myp7l1gsjw1ja97q68nmj98dsd33srmiayqraj4";
+    owner = pname;
+    repo = pname;
+    rev = "v${version}";
+    hash = "sha256-MschwCEkZrZmNgr8a1ocdukjXzHbXl2gmkPmygJaA6k=";
   };
 
-  nativeBuildInputs = [ cmake ] ++ lib.optionals withMan [ python3Packages.sphinx ];
-
-  clangVersion = lib.getVersion llvmPackages.clang;
+  nativeBuildInputs = [
+    cmake
+    llvm
+  ] ++ lib.optionals (withManual || withHTML) [
+    sphinx
+  ];
 
   cmakeFlags = [
-    "-DCLANG_RESOURCE_DIR=${llvmPackages.clang-unwrapped}/lib/clang/${clangVersion}/"
-    "-DSPHINX_MAN=${if withMan then "ON" else "OFF"}"
+    "-DCLANG_RESOURCE_DIR=${clang-unwrapped}/lib/clang/${lib.getVersion clang-unwrapped}/"
+    "-DSPHINX_HTML=${if withHTML then "ON" else "OFF"}"
+    "-DSPHINX_MAN=${if withManual then "ON" else "OFF"}"
   ];
 
   buildInputs = [
-    llvmPackages.clang-unwrapped
-    llvmPackages.llvm
-    libffi libxml2 zlib
+    clang-unwrapped
+    libffi
+    libxml2
+    zlib
   ];
 
-  propagatedBuildInputs = [ llvmPackages.libclang ];
+  propagatedBuildInputs = [
+    libclang
+  ];
 
   # 97% tests passed, 97 tests failed out of 2881
   # mostly because it checks command line and nix append -isystem and all
   doCheck = false;
+  # -E exclude 4 tests based on names
+  # see https://github.com/CastXML/CastXML/issues/90
   checkPhase = ''
-    # -E exclude 4 tests based on names
-    # see https://github.com/CastXML/CastXML/issues/90
+    runHook preCheck
     ctest -E 'cmd.cc-(gnu|msvc)-((c-src-c)|(src-cxx))-cmd'
+    runHook postCheck
   '';
 
   meta = with lib; {
     homepage = "https://github.com/CastXML/CastXML";
+    description = "C-family Abstract Syntax Tree XML Output";
     license = licenses.asl20;
-    description = "Abstract syntax tree XML output tool";
+    maintainers = with maintainers; [ AndersonTorres ];
     platforms = platforms.unix;
   };
 }
diff --git a/pkgs/development/tools/dtools/default.nix b/pkgs/development/tools/dtools/default.nix
index 1c1604db654..7a994df51b4 100644
--- a/pkgs/development/tools/dtools/default.nix
+++ b/pkgs/development/tools/dtools/default.nix
@@ -1,22 +1,22 @@
-{stdenv, lib, fetchFromGitHub, dmd, curl}:
+{stdenv, lib, fetchFromGitHub, ldc, curl}:
 
 stdenv.mkDerivation rec {
   pname = "dtools";
-  version = "2.085.1";
+  version = "2.095.1";
 
   srcs = [
     (fetchFromGitHub {
       owner = "dlang";
       repo = "dmd";
       rev = "v${version}";
-      sha256 = "0ccidfcawrcwdpfjwjiln5xwr4ffp8i2hwx52p8zn3xmc5yxm660";
+      sha256 = "sha256:0faca1y42a1h16aml4lb7z118mh9k9fjx3xlw3ki5f1h3ln91xhk";
       name = "dmd";
     })
     (fetchFromGitHub {
       owner = "dlang";
       repo = "tools";
       rev = "v${version}";
-      sha256 = "1x85w4k2zqgv2bjbvhschxdc6kq8ygp89h499cy8rfqm6q23g0ws";
+      sha256 = "sha256:0rdfk3mh3fjrb0h8pr8skwlq6ac9hdl1fkrkdl7n1fa2806b740b";
       name = "dtools";
     })
   ];
@@ -27,14 +27,13 @@ stdenv.mkDerivation rec {
       mv dmd dtools
       cd dtools
 
-      substituteInPlace posix.mak --replace "\$(DMD) \$(DFLAGS) -unittest -main -run rdmd.d" ""
   '';
 
-  nativeBuildInputs = [ dmd ];
+  nativeBuildInputs = [ ldc ];
   buildInputs = [ curl ];
 
   makeCmd = ''
-    make -f posix.mak DMD_DIR=dmd DMD=${dmd.out}/bin/dmd CC=${stdenv.cc}/bin/cc
+    make -f posix.mak all DMD_DIR=dmd DMD=${ldc.out}/bin/ldmd2 CC=${stdenv.cc}/bin/cc
   '';
 
   buildPhase = ''
diff --git a/pkgs/development/tools/literate-programming/Literate/default.nix b/pkgs/development/tools/literate-programming/Literate/default.nix
index 87213b911a9..88b2f63fd5a 100644
--- a/pkgs/development/tools/literate-programming/Literate/default.nix
+++ b/pkgs/development/tools/literate-programming/Literate/default.nix
@@ -1,16 +1,16 @@
-{ lib, stdenv, fetchgit, dmd, dub }:
+{ lib, stdenv, fetchgit, ldc, dub }:
 
 stdenv.mkDerivation {
   pname = "Literate";
-  version = "unstable-2020-09-02";
+  version = "unstable-2021-01-22";
 
   src = fetchgit {
     url = "https://github.com/zyedidia/Literate.git";
-    rev = "533991cca6ec7a608a778396d32d51b35182d944";
-    sha256 = "09h1as01z0fw0bj0kf1g9nlhvinya7sqq2x8qb6zmhvqqm6v4n49";
+    rev = "7004dffec0cff3068828514eca72172274fd3f7d";
+    sha256 = "0x4xgrdskybaa7ssv81grmwyc1k167v3nwj320jvp5l59xxlbcvs";
   };
 
-  buildInputs = [ dmd dub ];
+  buildInputs = [ ldc dub ];
 
   installPhase = "install -D bin/lit $out/bin/lit";
 
diff --git a/pkgs/development/tools/misc/cproto/default.nix b/pkgs/development/tools/misc/cproto/default.nix
index 5ee1a64f2c2..84890f16623 100644
--- a/pkgs/development/tools/misc/cproto/default.nix
+++ b/pkgs/development/tools/misc/cproto/default.nix
@@ -2,7 +2,7 @@
 
 stdenv.mkDerivation rec {
   pname = "cproto";
-  version = "4.7q";
+  version = "4.7r";
 
   src = fetchurl {
     urls = [
@@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
       # No version listings and apparently no versioned tarball over http(s).
       "ftp://ftp.invisible-island.net/cproto/cproto-${version}.tgz"
     ];
-    sha256 = "138n5j6lkanbbdcs63irzxny4nfgp0zk66z621xjbnybf920svpk";
+    sha256 = "sha256-bgRg2yVZXHobUz8AUaV4ZKBkp2KjP+2oXbDXmPTUX8U=";
   };
 
   # patch made by Joe Khoobyar copied from gentoo bugs
diff --git a/pkgs/development/tools/misc/cwebbin/default.nix b/pkgs/development/tools/misc/cwebbin/default.nix
index 3ab8800f3c4..055a24f3fe0 100644
--- a/pkgs/development/tools/misc/cwebbin/default.nix
+++ b/pkgs/development/tools/misc/cwebbin/default.nix
@@ -16,7 +16,15 @@ stdenv.mkDerivation rec {
     sha256 = "1hdzxfzaibnjxjzgp6d2zay8nsarnfy9hfq55hz1bxzzl23n35aj";
   };
 
-  buildInputs = [ tie ];
+  # Remove references to __DATE__ and __TIME__
+  postPatch = ''
+    substituteInPlace wmerg-patch.ch --replace ' ("__DATE__", "__TIME__")' ""
+    substituteInPlace ctang-patch.ch --replace ' ("__DATE__", "__TIME__")' ""
+    substituteInPlace ctangle.cxx --replace ' ("__DATE__", "__TIME__")' ""
+    substituteInPlace cweav-patch.ch --replace ' ("__DATE__", "__TIME__")' ""
+  '';
+
+  nativeBuildInputs = [ tie ];
 
   makeFlags = [
     "MACROSDIR=$(out)/share/texmf/tex/generic/cweb"
@@ -27,7 +35,7 @@ stdenv.mkDerivation rec {
     "CP=cp"
     "RM=rm"
     "PDFTEX=echo"
-    "CC=c++"
+    "CC=${stdenv.cc.targetPrefix}c++"
   ];
 
   buildPhase = ''
diff --git a/pkgs/development/tools/rshell/default.nix b/pkgs/development/tools/rshell/default.nix
index 4e3e12a8eeb..bcda3c02dd6 100644
--- a/pkgs/development/tools/rshell/default.nix
+++ b/pkgs/development/tools/rshell/default.nix
@@ -2,11 +2,11 @@
 
 buildPythonApplication rec {
   pname = "rshell";
-  version = "0.0.28";
+  version = "0.0.30";
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "1crnlv0khplpibl9mj3flrgp877pnr1xz6hnnsi6hk3kfbc6p3nj";
+    sha256 = "d2002d40d735204037d6142a6c2d51beecc763c124faaf759cabf7acd945be95";
   };
 
   propagatedBuildInputs = [ pyserial pyudev ];
diff --git a/pkgs/development/tools/rust/cargo-fuzz/default.nix b/pkgs/development/tools/rust/cargo-fuzz/default.nix
index 569c8f88da2..ced5d7cd583 100644
--- a/pkgs/development/tools/rust/cargo-fuzz/default.nix
+++ b/pkgs/development/tools/rust/cargo-fuzz/default.nix
@@ -2,16 +2,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "cargo-fuzz";
-  version = "0.8.0";
+  version = "0.10.0";
 
   src = fetchFromGitHub {
     owner = "rust-fuzz";
     repo = "cargo-fuzz";
     rev = version;
-    sha256 = "1d4bq9140bri8cd9zcxh5hhc51vr0s6jadjhwkp688w7k10rq7w8";
+    sha256 = "sha256-kBbwE4ToUud5BDDlGoey2qpp2imzO6t3FcIbV3NTFa8=";
   };
 
-  cargoSha256 = "0zxhak79f50m8nw95ny733mk4x2f7kyk6q9v4f7jr2rkcldhgrpr";
+  cargoSha256 = "sha256-zqRlB2Kck4icMKzhaeeakEnn6O7zhoKPa5ZWbGooWIg=";
 
   doCheck = false;
 
diff --git a/pkgs/development/tools/rust/rust-analyzer/default.nix b/pkgs/development/tools/rust/rust-analyzer/default.nix
index 642f2e936e1..09e24775a35 100644
--- a/pkgs/development/tools/rust/rust-analyzer/default.nix
+++ b/pkgs/development/tools/rust/rust-analyzer/default.nix
@@ -1,4 +1,4 @@
-{ pkgs, callPackage }:
+{ pkgs, callPackage, CoreServices }:
 
 {
   rust-analyzer-unwrapped = callPackage ./generic.nix rec {
@@ -6,6 +6,8 @@
     version = "unstable-${rev}";
     sha256 = "150gydm0mg72bbhgjjks8qc5ldiqyzhai9z4yfh4f1s2bwdfh3yf";
     cargoSha256 = "10l0lk5p11002q59dqa5yrrz6n6s11i7bmr1wnl141bxqvm873q2";
+
+    inherit CoreServices;
   };
 
   rust-analyzer = callPackage ./wrapper.nix {} {
diff --git a/pkgs/development/tools/rust/rust-analyzer/generic.nix b/pkgs/development/tools/rust/rust-analyzer/generic.nix
index ecca83f89a4..ddb834af6c3 100644
--- a/pkgs/development/tools/rust/rust-analyzer/generic.nix
+++ b/pkgs/development/tools/rust/rust-analyzer/generic.nix
@@ -1,4 +1,5 @@
-{ lib, stdenv, fetchFromGitHub, rustPlatform, darwin, cmake
+{ lib, stdenv, fetchFromGitHub, rustPlatform, CoreServices, cmake
+, libiconv
 , useMimalloc ? false
 , doCheck ? true
 
@@ -22,8 +23,10 @@ rustPlatform.buildRustPackage {
 
   nativeBuildInputs = lib.optional useMimalloc cmake;
 
-  buildInputs = lib.optionals stdenv.hostPlatform.isDarwin
-    [ darwin.apple_sdk.frameworks.CoreServices ];
+  buildInputs = lib.optionals stdenv.isDarwin [
+    CoreServices
+    libiconv
+  ];
 
   RUST_ANALYZER_REV = rev;
 
diff --git a/pkgs/development/web/deno/default.nix b/pkgs/development/web/deno/default.nix
index 013b365bce8..17a3ae58f2a 100644
--- a/pkgs/development/web/deno/default.nix
+++ b/pkgs/development/web/deno/default.nix
@@ -1,52 +1,49 @@
-{ lib, stdenv
-, fetchurl
+{ stdenv
+, lib
+, callPackage
 , fetchFromGitHub
 , rust
 , rustPlatform
 , installShellFiles
+, libobjc
 , Security
 , CoreServices
+, Metal
+, Foundation
+, librusty_v8 ? callPackage ./librusty_v8.nix { }
 }:
-let
-  deps = import ./deps.nix { };
-  arch = rust.toRustTarget stdenv.hostPlatform;
-  rustyV8Lib = with deps.rustyV8Lib; fetchurl {
-    url = "https://github.com/denoland/rusty_v8/releases/download/v${version}/librusty_v8_release_${arch}.a";
-    sha256 = sha256s."${stdenv.hostPlatform.system}";
-    meta = { inherit version; };
-  };
-in
+
 rustPlatform.buildRustPackage rec {
   pname = "deno";
-  version = "1.6.3";
+  version = "1.8.1";
 
   src = fetchFromGitHub {
     owner = "denoland";
     repo = pname;
     rev = "v${version}";
-    sha256 = "1wmkx458fpsfw57ysawxc0ghxag8v051hiyswm7nnb7gckrm6j8z";
-    fetchSubmodules = true;
+    sha256 = "sha256-tyqZ/vjQ9gjLoK+Juj30It3H6+2sT9Fj/s0kEv0HRwI=";
   };
-  cargoSha256 = "08vzsp53019gmxkn8lpa6l84w3fvbrnr11lzrfgf99nmii6l2hq5";
+  cargoSha256 = "sha256-LpBQztMqw7IbgTJkfiD+6Fcy5XXmN58HO/zhVen3oCI=";
 
   # Install completions post-install
   nativeBuildInputs = [ installShellFiles ];
 
-  buildInputs = lib.optionals stdenv.isDarwin [ Security CoreServices ];
+  buildInputs = lib.optionals stdenv.isDarwin [ libobjc Security CoreServices Metal Foundation ];
 
   # The rusty_v8 package will try to download a `librusty_v8.a` release at build time to our read-only filesystem
   # To avoid this we pre-download the file and place it in the locations it will require it in advance
-  preBuild = ''
-    _rusty_v8_setup() {
-      for v in "$@"; do
-        dir="target/$v/gn_out/obj"
-        mkdir -p "$dir" && cp "${rustyV8Lib}" "$dir/librusty_v8.a"
-      done
-    }
+  preBuild =
+    let arch = rust.toRustTarget stdenv.hostPlatform; in
+    ''
+      _librusty_v8_setup() {
+        for v in "$@"; do
+          install -D ${librusty_v8} "target/$v/gn_out/obj/librusty_v8.a"
+        done
+      }
 
-    # Copy over the `librusty_v8.a` file inside target/XYZ/gn_out/obj, symlink not allowed
-    _rusty_v8_setup "debug" "release" "${arch}/release"
-  '';
+      # Copy over the `librusty_v8.a` file inside target/XYZ/gn_out/obj, symlink not allowed
+      _librusty_v8_setup "debug" "release" "${arch}/release"
+    '';
 
   # Tests have some inconsistencies between runs with output integration tests
   # Skipping until resolved
@@ -54,7 +51,7 @@ rustPlatform.buildRustPackage rec {
 
   postInstall = ''
     # remove test plugin and test server
-    rm -rf $out/lib $out/bin/test_server
+    rm -r $out/lib $out/bin/test_server $out/bin/denort
 
     installShellCompletion --cmd deno \
       --bash <($out/bin/deno completions bash) \
@@ -62,11 +59,19 @@ rustPlatform.buildRustPackage rec {
       --zsh <($out/bin/deno completions zsh)
   '';
 
+  doInstallCheck = true;
+  installCheckPhase = ''
+    runHook preInstallCheck
+    $out/bin/deno --help
+    $out/bin/deno --version | grep "deno ${version}"
+    runHook postInstallCheck
+  '';
+
   passthru.updateScript = ./update/update.ts;
 
   meta = with lib; {
     homepage = "https://deno.land/";
-    changelog = "${src.meta.homepage}/releases/tag/v${version}";
+    changelog = "https://github.com/denoland/deno/releases/tag/v${version}";
     description = "A secure runtime for JavaScript and TypeScript";
     longDescription = ''
       Deno aims to be a productive and secure scripting environment for the modern programmer.
@@ -79,6 +84,6 @@ rustPlatform.buildRustPackage rec {
     '';
     license = licenses.mit;
     maintainers = with maintainers; [ jk ];
-    platforms = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" ];
+    platforms = [ "x86_64-linux" "aarch64-linux" "x86_64-darwin" "aarch64-darwin" ];
   };
 }
diff --git a/pkgs/development/web/deno/deps.nix b/pkgs/development/web/deno/deps.nix
deleted file mode 100644
index 4426c600df7..00000000000
--- a/pkgs/development/web/deno/deps.nix
+++ /dev/null
@@ -1,12 +0,0 @@
-# auto-generated file -- DO NOT EDIT!
-{}:
-rec {
-  rustyV8Lib = {
-    version = "0.15.0";
-    sha256s = {
-      x86_64-linux = "1j789pvqh44vsffzl5wg3pp3awrlixjrhbnjx2klsml7jv0lp0mq";
-      aarch64-linux = "13srja4vc275ygm806hcsr8mxjnd9qkzaqs58lxnp0702qs5xls6";
-      x86_64-darwin = "0aij9yb5i1r3pz0pyl51qdbgfspfdngwbk1qgkp4gxzl3cbnysx1";
-    };
-  };
-}
diff --git a/pkgs/development/web/deno/librusty_v8.nix b/pkgs/development/web/deno/librusty_v8.nix
new file mode 100644
index 00000000000..31dbce08922
--- /dev/null
+++ b/pkgs/development/web/deno/librusty_v8.nix
@@ -0,0 +1,21 @@
+# auto-generated file -- DO NOT EDIT!
+{ rust, stdenv, fetchurl }:
+
+let
+  arch = rust.toRustTarget stdenv.hostPlatform;
+  fetch_librusty_v8 = args: fetchurl {
+    name = "librusty_v8-${args.version}";
+    url = "https://github.com/denoland/rusty_v8/releases/download/v${args.version}/librusty_v8_release_${arch}.a";
+    sha256 = args.shas.${stdenv.hostPlatform.system};
+    meta = { inherit (args) version; };
+  };
+in
+fetch_librusty_v8 {
+  version = "0.20.0";
+  shas = {
+    x86_64-linux = "sha256-pTWNYQzChyYJh+afn1AMw/MxUE+Cv4k2FnM3+KDYCvg=";
+    aarch64-linux = "sha256-SPRtQO0tnuEf49GuSsuo403QO0Y6ioRkOp4cjohXRhw=";
+    x86_64-darwin = "sha256-k0kS5NiITqW/WEFWe/Bnt7Z9HZp2YN19L7DvVlptrj4=";
+    aarch64-darwin = "sha256-CDGxSv7fPR+5kF3+5NVTOH8ugLaM07Kv5mjoEW6/g/8=";
+  };
+}
diff --git a/pkgs/development/web/deno/update/common.ts b/pkgs/development/web/deno/update/common.ts
index d8956b21d16..1b4e3509ea7 100644
--- a/pkgs/development/web/deno/update/common.ts
+++ b/pkgs/development/web/deno/update/common.ts
@@ -3,12 +3,15 @@ interface GHRelease {
 }
 
 const decode = (buffer: Uint8Array) => new TextDecoder("utf-8").decode(buffer);
-const run = async (command: string, args: string[]) => {
-  const cmd = Deno.run(
-    { cmd: [command, ...args], stdout: "piped", stderr: "piped" },
-  );
+const decodeTrim = (b: Uint8Array) => decode(b).trimEnd();
+export const run = async (command: string, args: string[]) => {
+  const cmd = Deno.run({
+    cmd: [command, ...args],
+    stdout: "piped",
+    stderr: "piped",
+  });
   if (!(await cmd.status()).success) {
-    const error = await cmd.stderrOutput().then((b) => decode(b).trimEnd());
+    const error = await cmd.stderrOutput().then(decodeTrim);
     // Known error we can ignore
     if (error.includes("'allow-unsafe-native-code-during-evaluation'")) {
       // Extract the target sha256 out of the error
@@ -23,26 +26,16 @@ const run = async (command: string, args: string[]) => {
     }
     throw new Error(error);
   }
-  return cmd.output().then((b) => decode(b).trimEnd());
+  return cmd.output().then(decodeTrim);
 };
 
 // Exports
 export const versionRegExp = /\d+\.\d+\.\d+/;
-export const sha256RegExp = /[a-z0-9]{52}/;
-
-export async function commit(
-  name: string,
-  oldVer: string,
-  newVer: string,
-  files: string[],
-) {
-  await run("git", ["add", ...files]);
-  await run("git", ["commit", "-m", `${name}: ${oldVer} -> ${newVer}`]);
-}
+export const sha256RegExp = /[a-z0-9]{52}|sha256-.{44}/;
 
 export const getExistingVersion = async (filePath: string) =>
-  read(filePath).then((s) =>
-    s.match(genValueRegExp("version", versionRegExp))?.shift() || ""
+  read(filePath).then(
+    (s) => s.match(genValueRegExp("version", versionRegExp))?.shift() || "",
   );
 
 export const getLatestVersion = (owner: string, repo: string) =>
@@ -58,8 +51,5 @@ export const genValueRegExp = (key: string, regex: RegExp) =>
 export const logger = (name: string) =>
   (...a: any) => console.log(`[${name}]`, ...a);
 
-export const nixPrefetch = (args: string[]) => run("nix-prefetch", args);
-export const nixPrefetchURL = (args: string[]) => run("nix-prefetch-url", args);
-
 export const read = Deno.readTextFile;
 export const write = Deno.writeTextFile;
diff --git a/pkgs/development/web/deno/update/deps.ts b/pkgs/development/web/deno/update/deps.ts
deleted file mode 100644
index beedeade3a8..00000000000
--- a/pkgs/development/web/deno/update/deps.ts
+++ /dev/null
@@ -1,79 +0,0 @@
-import {
-  getExistingVersion,
-  genValueRegExp,
-  logger,
-  nixPrefetchURL,
-  versionRegExp,
-  write,
-} from "./common.ts";
-
-const log = logger("deps");
-
-export interface Architecture {
-  nix: string;
-  rust: string;
-}
-interface PrefetchResult {
-  arch: Architecture;
-  sha256: string;
-}
-
-const getRustyV8Version = async (
-  owner: string,
-  repo: string,
-  version: string,
-) =>
-  fetch(
-    `https://github.com/${owner}/${repo}/raw/${version}/core/Cargo.toml`,
-  )
-    .then((res) => res.text())
-    .then((txt) =>
-      txt.match(genValueRegExp("rusty_v8", versionRegExp))?.shift()
-    );
-
-const archShaTasks = (version: string, arches: Architecture[]) =>
-  arches.map(async (arch: Architecture): Promise<PrefetchResult> => {
-    log("Fetching:", arch.nix);
-    const sha256 = await nixPrefetchURL(
-      [`https://github.com/denoland/rusty_v8/releases/download/v${version}/librusty_v8_release_${arch.rust}.a`],
-    );
-    log("Done:    ", arch.nix);
-    return { arch, sha256 };
-  });
-
-const templateDeps = (version: string, deps: PrefetchResult[]) =>
-  `# auto-generated file -- DO NOT EDIT!
-{}:
-rec {
-  rustyV8Lib = {
-    version = "${version}";
-    sha256s = {
-${deps.map((d) => `      ${d.arch.nix} = "${d.sha256}";`).join("\n")}
-    };
-  };
-}
-`;
-
-export async function updateDeps(
-  filePath: string,
-  owner: string,
-  repo: string,
-  denoVersion: string,
-  arches: Architecture[],
-) {
-  log("Starting deps update");
-  // 0.0.0
-  const version = await getRustyV8Version(owner, repo, denoVersion);
-  if (typeof version !== "string") {
-    throw "no rusty_v8 version";
-  }
-  log("rusty_v8 version:", version);
-  const existingVersion = await getExistingVersion(filePath);
-  if (version === existingVersion) {
-    log("Version already matches latest, skipping...");
-    return;
-  }
-  const archShaResults = await Promise.all(archShaTasks(version, arches));
-  await write(filePath, templateDeps(version, archShaResults));
-  log("Finished deps update");
-}
diff --git a/pkgs/development/web/deno/update/librusty_v8.ts b/pkgs/development/web/deno/update/librusty_v8.ts
new file mode 100644
index 00000000000..dee3277c581
--- /dev/null
+++ b/pkgs/development/web/deno/update/librusty_v8.ts
@@ -0,0 +1,92 @@
+import {
+  genValueRegExp,
+  getExistingVersion,
+  logger,
+  run,
+  versionRegExp,
+  write,
+} from "./common.ts";
+
+const log = logger("librusty_v8");
+
+export interface Architecture {
+  nix: string;
+  rust: string;
+}
+interface PrefetchResult {
+  arch: Architecture;
+  sha256: string;
+}
+
+const getLibrustyV8Version = async (
+  owner: string,
+  repo: string,
+  version: string,
+) =>
+  fetch(`https://github.com/${owner}/${repo}/raw/${version}/core/Cargo.toml`)
+    .then((res) => res.text())
+    .then((txt) =>
+      txt.match(genValueRegExp("rusty_v8", versionRegExp))?.shift()
+    );
+
+const fetchArchShaTasks = (version: string, arches: Architecture[]) =>
+  arches.map(
+    async (arch: Architecture): Promise<PrefetchResult> => {
+      log("Fetching:", arch.nix);
+      const sha256 = await run("nix-prefetch", [
+        `
+{ fetchurl }:
+fetchurl {
+  url = "https://github.com/denoland/rusty_v8/releases/download/v${version}/librusty_v8_release_${arch.rust}.a";
+}
+`,
+      ]);
+      log("Done:    ", arch.nix);
+      return { arch, sha256 };
+    },
+  );
+
+const templateDeps = (version: string, deps: PrefetchResult[]) =>
+  `# auto-generated file -- DO NOT EDIT!
+{ rust, stdenv, fetchurl }:
+
+let
+  arch = rust.toRustTarget stdenv.hostPlatform;
+  fetch_librusty_v8 = args: fetchurl {
+    name = "librusty_v8-\${args.version}";
+    url = "https://github.com/denoland/rusty_v8/releases/download/v\${args.version}/librusty_v8_release_\${arch}.a";
+    sha256 = args.shas.\${stdenv.hostPlatform.system};
+    meta = { inherit (args) version; };
+  };
+in
+fetch_librusty_v8 {
+  version = "${version}";
+  shas = {
+${deps.map(({ arch, sha256 }) => `    ${arch.nix} = "${sha256}";`).join("\n")}
+  };
+}
+`;
+
+export async function updateLibrustyV8(
+  filePath: string,
+  owner: string,
+  repo: string,
+  denoVersion: string,
+  arches: Architecture[],
+) {
+  log("Starting librusty_v8 update");
+  // 0.0.0
+  const version = await getLibrustyV8Version(owner, repo, denoVersion);
+  if (typeof version !== "string") {
+    throw "no librusty_v8 version";
+  }
+  log("librusty_v8 version:", version);
+  const existingVersion = await getExistingVersion(filePath);
+  if (version === existingVersion) {
+    log("Version already matches latest, skipping...");
+    return;
+  }
+  const archShaResults = await Promise.all(fetchArchShaTasks(version, arches));
+  await write(filePath, templateDeps(version, archShaResults));
+  log("Finished deps update");
+}
diff --git a/pkgs/development/web/deno/update/src.ts b/pkgs/development/web/deno/update/src.ts
index fae15acd0d2..3bfae27c21c 100644
--- a/pkgs/development/web/deno/update/src.ts
+++ b/pkgs/development/web/deno/update/src.ts
@@ -1,8 +1,8 @@
 import {
   genValueRegExp,
   logger,
-  nixPrefetch,
   read,
+  run,
   sha256RegExp,
   versionRegExp,
   write,
@@ -16,10 +16,11 @@ interface Replacer {
 const log = logger("src");
 
 const prefetchSha256 = (nixpkgs: string, version: string) =>
-  nixPrefetch(["-f", nixpkgs, "deno.src", "--rev", version]);
+  run("nix-prefetch", ["-f", nixpkgs, "deno.src", "--rev", version]);
 const prefetchCargoSha256 = (nixpkgs: string) =>
-  nixPrefetch(
-    [`{ sha256 }: (import ${nixpkgs} {}).deno.cargoDeps.overrideAttrs (_: { outputHash = sha256; })`],
+  run(
+    "nix-prefetch",
+    [`{ sha256 }: (import ${nixpkgs} {}).deno.cargoDeps.overrideAttrs (_: { inherit sha256; })`],
   );
 
 const replace = (str: string, replacers: Replacer[]) =>
@@ -53,7 +54,6 @@ export async function updateSrc(
     [
       genVerReplacer("version", trimVersion),
       genShaReplacer("sha256", sha256),
-      genShaReplacer("cargoSha256", ""), // Empty ready for prefetchCargoSha256
     ],
   );
   log("Fetching cargoSha256 for:", sha256);
diff --git a/pkgs/development/web/deno/update/update.ts b/pkgs/development/web/deno/update/update.ts
index 18d45148013..27e1d86ee86 100755
--- a/pkgs/development/web/deno/update/update.ts
+++ b/pkgs/development/web/deno/update/update.ts
@@ -2,13 +2,8 @@
 /*
 #!nix-shell -i "deno run --allow-net --allow-run --allow-read --allow-write" -p deno git nix-prefetch
 */
-import {
-  commit,
-  getExistingVersion,
-  getLatestVersion,
-  logger,
-} from "./common.ts";
-import { Architecture, updateDeps } from "./deps.ts";
+import { getExistingVersion, getLatestVersion, logger } from "./common.ts";
+import { Architecture, updateLibrustyV8 } from "./librusty_v8.ts";
 import { updateSrc } from "./src.ts";
 
 const log = logger("update");
@@ -19,11 +14,12 @@ const owner = "denoland";
 const repo = "deno";
 const denoDir = `${nixpkgs}/pkgs/development/web/${repo}`;
 const src = `${denoDir}/default.nix`;
-const deps = `${denoDir}/deps.nix`;
+const librusty_v8 = `${denoDir}/librusty_v8.nix`;
 const architectures: Architecture[] = [
   { nix: "x86_64-linux", rust: "x86_64-unknown-linux-gnu" },
   { nix: "aarch64-linux", rust: "aarch64-unknown-linux-gnu" },
   { nix: "x86_64-darwin", rust: "x86_64-apple-darwin" },
+  { nix: "aarch64-darwin", rust: "aarch64-apple-darwin" },
 ];
 
 log("Updating deno");
@@ -41,10 +37,7 @@ if (trimVersion === existingVersion) {
 
 const tasks = [
   updateSrc(src, nixpkgs, version),
-  updateDeps(deps, owner, repo, version, architectures),
+  updateLibrustyV8(librusty_v8, owner, repo, version, architectures),
 ];
 await Promise.all(tasks);
 log("Updating deno complete");
-log("Commiting");
-await commit(repo, existingVersion, trimVersion, [src, deps]);
-log("Done");
diff --git a/pkgs/development/web/nodejs/v15.nix b/pkgs/development/web/nodejs/v15.nix
index f564d5bcccb..194bb25cb02 100644
--- a/pkgs/development/web/nodejs/v15.nix
+++ b/pkgs/development/web/nodejs/v15.nix
@@ -8,6 +8,6 @@ let
 in
   buildNodejs {
     inherit enableNpm;
-    version = "15.11.0";
-    sha256 = "1lfjm0jgzbr0a874c04pddbjnvjcdyx5vyaakdhp0fa222i92w0s";
+    version = "15.12.0";
+    sha256 = "0c8smzc7gbr7yg4y4z68976wk5741bspggag9h9laykq4i8bxfsy";
   }
diff --git a/pkgs/games/cbonsai/default.nix b/pkgs/games/cbonsai/default.nix
index 9e318b92fa9..c817b5d36b5 100644
--- a/pkgs/games/cbonsai/default.nix
+++ b/pkgs/games/cbonsai/default.nix
@@ -1,14 +1,14 @@
 { stdenv, lib, fetchFromGitLab, ncurses, pkg-config, nix-update-script }:
 
 stdenv.mkDerivation rec {
-  version = "1.0.1";
+  version = "1.0.4";
   pname = "cbonsai";
 
   src = fetchFromGitLab {
     owner = "jallbrit";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-UTjbc0kGHOQse4sZF94p4LAwMk9vsZg1QHq8iuDcTDk=";
+    sha256 = "sha256-5yyvisExf4Minyr1ApJQ2SoctfjhdU6kEbgBGgHDtCg=";
   };
 
   nativeBuildInputs = [ pkg-config ];
diff --git a/pkgs/games/chromium-bsu/default.nix b/pkgs/games/chromium-bsu/default.nix
new file mode 100644
index 00000000000..1ab2fb8722b
--- /dev/null
+++ b/pkgs/games/chromium-bsu/default.nix
@@ -0,0 +1,68 @@
+{ lib
+, stdenv
+, fetchurl
+, SDL2
+, SDL2_image
+, SDL2_mixer
+, fontconfig
+, freealut
+, freeglut
+, ftgl
+, gettext
+, glpng
+, libGL
+, libGLU
+, openal
+, pkg-config
+, quesoglc
+}:
+
+stdenv.mkDerivation rec {
+  pname = "chromium-bsu";
+  version = "0.9.16.1";
+
+  src = fetchurl {
+    url = "mirror://sourceforge/project/chromium-bsu/Chromium%20B.S.U.%20source%20code/${pname}-${version}.tar.gz";
+    hash = "sha256-ocFBo00ZpZYHroEWahmGTrjITPhrFVRi/tMabVbhYko=";
+  };
+
+  nativeBuildInputs = [
+    gettext
+    pkg-config
+  ];
+  buildInputs = [
+    SDL2
+    SDL2_image
+    SDL2_mixer
+    fontconfig
+    freealut
+    freeglut
+    ftgl
+    glpng
+    libGL
+    libGLU
+    openal
+    quesoglc
+  ];
+
+  # Autodetection is somewhat buggy; this is to avoid SLD1 to be loaded
+  configureFlags = [
+    "--disable-sdlimage"
+    "--disable-sdlmixer"
+  ];
+
+
+  postInstall = ''
+    install -D misc/chromium-bsu.png $out/share/pixmaps/chromium-bsu.png
+    install -D misc/chromium-bsu.desktop $out/share/applications/chromium-bsu.desktop
+  '';
+
+  meta = with lib; {
+    homepage = "http://chromium-bsu.sourceforge.net/";
+    description = "A fast paced, arcade-style, top-scrolling space shooter";
+    license = licenses.artistic1;
+    maintainers = with maintainers; [ AndersonTorres ];
+    platforms = platforms.unix;
+  };
+}
+# TODO [ AndersonTorres ]: joystick; gothic uralic font
diff --git a/pkgs/games/spring/default.nix b/pkgs/games/spring/default.nix
index fe16a8a0403..fef1a0f0928 100644
--- a/pkgs/games/spring/default.nix
+++ b/pkgs/games/spring/default.nix
@@ -60,5 +60,7 @@ stdenv.mkDerivation rec {
     license = licenses.gpl2;
     maintainers = with maintainers; [ phreedom qknight domenkozar sorki ];
     platforms = platforms.linux;
+    # error: 'snprintf' was not declared in this scope
+    broken = true;
   };
 }
diff --git a/pkgs/misc/screensavers/xlockmore/default.nix b/pkgs/misc/screensavers/xlockmore/default.nix
index b59ed85f6bc..17b22ce0723 100644
--- a/pkgs/misc/screensavers/xlockmore/default.nix
+++ b/pkgs/misc/screensavers/xlockmore/default.nix
@@ -2,11 +2,11 @@
 , libXdmcp, libXt }:
 
 stdenv.mkDerivation rec {
-  name = "xlockmore-5.65";
+  name = "xlockmore-5.66";
 
   src = fetchurl {
     url = "http://sillycycle.com/xlock/${name}.tar.xz";
-    sha256 = "0d4l8ibbvc62whlq8rrbvqr3011a7h21l9na93r579g0dfwdbh6d";
+    sha256 = "sha256-WXalw2YoKNFFIskOBvKN3PyOV3iP3gjri3pw6e87q3E=";
     curlOpts = "--user-agent 'Mozilla/5.0'";
   };
 
diff --git a/pkgs/misc/vscode-extensions/ms-vsliveshare-vsliveshare/default.nix b/pkgs/misc/vscode-extensions/ms-vsliveshare-vsliveshare/default.nix
index e8e8ead9dbd..836b9cc2a2b 100644
--- a/pkgs/misc/vscode-extensions/ms-vsliveshare-vsliveshare/default.nix
+++ b/pkgs/misc/vscode-extensions/ms-vsliveshare-vsliveshare/default.nix
@@ -38,8 +38,8 @@ in ((vscode-utils.override { stdenv = gccStdenv; }).buildVscodeMarketplaceExtens
   mktplcRef = {
     name = "vsliveshare";
     publisher = "ms-vsliveshare";
-    version = "1.0.3912";
-    sha256 = "1k5yy04q85jjr7hzrv0s7x1m2251kglb038wcvvbs568vpscghi8";
+    version = "1.0.3968";
+    sha256 = "1nmhkxrlg9blxcqh7a3hl0wc5mkk2p77mn228lvmcirpbk3acsx5";
   };
 }).overrideAttrs({ nativeBuildInputs ? [], buildInputs ? [], ... }: {
   nativeBuildInputs = nativeBuildInputs ++ [
diff --git a/pkgs/os-specific/linux/firmware/fwupd/default.nix b/pkgs/os-specific/linux/firmware/fwupd/default.nix
index bfa7783b6b8..24e23f2b7e9 100644
--- a/pkgs/os-specific/linux/firmware/fwupd/default.nix
+++ b/pkgs/os-specific/linux/firmware/fwupd/default.nix
@@ -91,13 +91,7 @@ let
 
   self = stdenv.mkDerivation rec {
     pname = "fwupd";
-    # A regression is present in https://github.com/fwupd/fwupd/commit/fde4b1676a2c64e70bebd88f7720307c62635654
-    # released with 1.5.6.
-    # Fix for the regression: https://github.com/fwupd/fwupd/pull/2902
-    # Maintainer says a new release is to be expected in a few days:
-    #   https://twitter.com/hughsient/status/1362476792297185289
-    # In the mean time, please do not release 1.5.6 and go strait to 1.5.7
-    version = "1.5.5";
+    version = "1.5.7";
 
     # libfwupd goes to lib
     # daemon, plug-ins and libfwupdplugin go to out
@@ -106,7 +100,7 @@ let
 
     src = fetchurl {
       url = "https://people.freedesktop.org/~hughsient/releases/fwupd-${version}.tar.xz";
-      sha256 = "0c2m9qz1g7zxqc6w90w9hksf8y9hvlh0vyvx06q01x893j5hzxh6";
+      sha256 = "16isrrv6zhdgccbfnz7km5g1cnvfnip7aiidkfhf5dlnrnyb2sxh";
     };
 
     patches = [
@@ -189,6 +183,11 @@ let
       "-Defi-libdir=${gnu-efi}/lib"
       "-Defi-ldsdir=${gnu-efi}/lib"
       "-Defi-includedir=${gnu-efi}/include/efi"
+      "-Defi_sbat_distro_id=nixos"
+      "-Defi_sbat_distro_summary=NixOS"
+      "-Defi_sbat_distro_pkgname=fwupd"
+      "-Defi_sbat_distro_version=${version}"
+      "-Defi_sbat_distro_url=https://search.nixos.org/packages?channel=unstable&show=fwupd&from=0&size=50&sort=relevance&query=fwupd"
       "--localstatedir=/var"
       "--sysconfdir=/etc"
       "-Dsysconfdir_install=${placeholder "out"}/etc"
@@ -236,6 +235,8 @@ let
         contrib/get-version.py \
         contrib/generate-version-script.py \
         meson_post_install.sh \
+        plugins/uefi-capsule/efi/generate_sbat.py \
+        plugins/uefi-capsule/efi/generate_binary.py \
         po/make-images \
         po/make-images.sh \
         po/test-deps
@@ -250,8 +251,8 @@ let
         testFw = fetchFromGitHub {
           owner = "fwupd";
           repo = "fwupd-test-firmware";
-          rev = "42b62c62dc85ecfb8e38099fe5de0625af87a722";
-          sha256 = "XUpxE003DZSeLJMtyV5UN5CNHH89/nEVKpCbMStm91Q=";
+          rev = "c13bfb26cae5f4f115dd4e08f9f00b3cb9acc25e";
+          sha256 = "US81i7mtLEe85KdWz5r+fQTk61IhqjVkzykBaBPuKL4=";
         };
       in ''
         # These files have weird licenses so they are shipped separately.
@@ -311,6 +312,7 @@ let
       # DisabledPlugins key in fwupd/daemon.conf
       defaultDisabledPlugins = [
         "test"
+        "test_ble"
         "invalid"
       ];
 
diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json
index 9fe7f62ae04..01158d9c4f0 100644
--- a/pkgs/os-specific/linux/kernel/hardened/patches.json
+++ b/pkgs/os-specific/linux/kernel/hardened/patches.json
@@ -1,32 +1,32 @@
 {
     "4.14": {
         "extra": "-hardened1",
-        "name": "linux-hardened-4.14.225-hardened1.patch",
-        "sha256": "1khdxny8jzvvhax10xq5kpbnhwrhfs7cxhi9f3rg4fa6c139pjbl",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.225-hardened1/linux-hardened-4.14.225-hardened1.patch"
+        "name": "linux-hardened-4.14.226-hardened1.patch",
+        "sha256": "12h42fsr1sc2zgr1cb2ais0aivg4hpg9x4gc762r7cd4l40fyyg9",
+        "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.14.226-hardened1/linux-hardened-4.14.226-hardened1.patch"
     },
     "4.19": {
         "extra": "-hardened1",
-        "name": "linux-hardened-4.19.180-hardened1.patch",
-        "sha256": "1wh01fwghgpbwkmndw5kkjbmav5iwmpk7g208jplhz6q6ymxfdbj",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.180-hardened1/linux-hardened-4.19.180-hardened1.patch"
+        "name": "linux-hardened-4.19.181-hardened1.patch",
+        "sha256": "13j15nwmnzl1s17403icrpx9cdpfpzb5y1pnl6zaj5wsnjda7k5d",
+        "url": "https://github.com/anthraxx/linux-hardened/releases/download/4.19.181-hardened1/linux-hardened-4.19.181-hardened1.patch"
     },
     "5.10": {
         "extra": "-hardened1",
-        "name": "linux-hardened-5.10.23-hardened1.patch",
-        "sha256": "16mll5ayg7j0zdxciqa9m17zxv6kdm7vn1kp6bsl89nc301fxssc",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.23-hardened1/linux-hardened-5.10.23-hardened1.patch"
+        "name": "linux-hardened-5.10.24-hardened1.patch",
+        "sha256": "0d2kwz01kgh43li6b76b7dhnx37hchzx99rk4h6jdz364272lh1p",
+        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.24-hardened1/linux-hardened-5.10.24-hardened1.patch"
     },
     "5.11": {
         "extra": "-hardened1",
-        "name": "linux-hardened-5.11.6-hardened1.patch",
-        "sha256": "0gl5irpqindz5d2pdhl0zzxx40xjqk591a20kyfjlnp3kjbg6nfj",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.11.6-hardened1/linux-hardened-5.11.6-hardened1.patch"
+        "name": "linux-hardened-5.11.7-hardened1.patch",
+        "sha256": "1d3rg722k796qh2zj97fyk30qak9i71yqy7mk2dpbmdpv0ksacax",
+        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.11.7-hardened1/linux-hardened-5.11.7-hardened1.patch"
     },
     "5.4": {
         "extra": "-hardened1",
-        "name": "linux-hardened-5.4.105-hardened1.patch",
-        "sha256": "1djp2cpsb6kgbz2xvix1p0hd7001qw5bnqigf4gz205pianbpakc",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.105-hardened1/linux-hardened-5.4.105-hardened1.patch"
+        "name": "linux-hardened-5.4.106-hardened1.patch",
+        "sha256": "1hg18p1n26am6y2i459jrpnkq06rv0f5hds1znnm7jw4f61k395f",
+        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.106-hardened1/linux-hardened-5.4.106-hardened1.patch"
     }
 }
diff --git a/pkgs/os-specific/linux/kernel/linux-4.14.nix b/pkgs/os-specific/linux/kernel/linux-4.14.nix
index 4c5dc968950..5052d3754b3 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.14.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.14.nix
@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "4.14.225";
+  version = "4.14.226";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "09kik0jbfpijb4kylayphr8r2qxx4rlgsnmq300wzcjhxw5yxy3c";
+    sha256 = "09llp8jl5xgxxzj0f2sfx32annwyz82k1zmgd26zy90lz0d09p3s";
   };
 } // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-4.19.nix b/pkgs/os-specific/linux/kernel/linux-4.19.nix
index 701e25c8ed2..53fb707ab2b 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.19.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.19.nix
@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "4.19.180";
+  version = "4.19.181";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "0pxvnyhbcmbbkdrqsrf5hhaz36x9l07s0xmzrmc4ipcdhdy5va0x";
+    sha256 = "1kd967azsq6w41ch8iwpv0i4yjkpijzn5avcipi1141dx4ryw62j";
   };
 } // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-4.4.nix b/pkgs/os-specific/linux/kernel/linux-4.4.nix
index 966db2b84e4..941a1dda9b9 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.4.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.4.nix
@@ -1,11 +1,11 @@
 { buildPackages, fetchurl, perl, buildLinux, ... } @ args:
 
 buildLinux (args // rec {
-  version = "4.4.261";
+  version = "4.4.262";
   extraMeta.branch = "4.4";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "0d9j4j72n8fl3s93qm82cydwk8lvwhvl2357rcsai2vsk5l0k1mc";
+    sha256 = "0yz9qi4i46ndshxmb99kvv7lk6cbb09y7bzagq7sgvqaj4lwaw6j";
   };
 } // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-4.9.nix b/pkgs/os-specific/linux/kernel/linux-4.9.nix
index f2f95ba3987..6d9bb6111dc 100644
--- a/pkgs/os-specific/linux/kernel/linux-4.9.nix
+++ b/pkgs/os-specific/linux/kernel/linux-4.9.nix
@@ -1,11 +1,11 @@
 { buildPackages, fetchurl, perl, buildLinux, ... } @ args:
 
 buildLinux (args // rec {
-  version = "4.9.261";
+  version = "4.9.262";
   extraMeta.branch = "4.9";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz";
-    sha256 = "0r5822mj2gk9s8rbc8bazg34y8bwr7svn3nbgcq57y2qch8nych4";
+    sha256 = "1zq77x9zf1wbk8n17rnblm5lfwlkin1xnxb3sxirwb9njm07cbmj";
   };
 } // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-5.10.nix b/pkgs/os-specific/linux/kernel/linux-5.10.nix
index 6ce16e67cd5..c415fc601c5 100644
--- a/pkgs/os-specific/linux/kernel/linux-5.10.nix
+++ b/pkgs/os-specific/linux/kernel/linux-5.10.nix
@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "5.10.23";
+  version = "5.10.24";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "0snvkrs95wbx611kcnap59whfiz6h6mzsnbwswk5py3gxh1irqpn";
+    sha256 = "0gvnplip90gvlzw9rm0cg66z54cfa82gk23icf5xdickb17d1p66";
   };
 } // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-5.11.nix b/pkgs/os-specific/linux/kernel/linux-5.11.nix
index 00576d8d264..319ef0bfea2 100644
--- a/pkgs/os-specific/linux/kernel/linux-5.11.nix
+++ b/pkgs/os-specific/linux/kernel/linux-5.11.nix
@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "5.11.6";
+  version = "5.11.7";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "02dcq7cqll5c39z8dh9f0xy68hh4a8jsab5k4n9calfldrm7jw79";
+    sha256 = "1cd87v6j8nk89pjqqsaviyzx9lj0d51j46n1in7cjlg18wng3da9";
   };
 } // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix
index 2c2bb15a5e8..8823e580883 100644
--- a/pkgs/os-specific/linux/kernel/linux-5.4.nix
+++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix
@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "5.4.105";
+  version = "5.4.106";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "1dmq1zkr4idbbvh7wln5hn5sl4d0mcfm1af5bvsmsa44c78lqki4";
+    sha256 = "1ny8b69ngydh0iw53jwlmqlgv31wjhkybkgnqi5kv0n174n3p1yc";
   };
 } // (args.argsOverride or {}))
diff --git a/pkgs/os-specific/linux/pax-utils/default.nix b/pkgs/os-specific/linux/pax-utils/default.nix
index f69b2bd7fce..40159cd2acd 100644
--- a/pkgs/os-specific/linux/pax-utils/default.nix
+++ b/pkgs/os-specific/linux/pax-utils/default.nix
@@ -2,11 +2,11 @@
 
 stdenv.mkDerivation rec {
   pname = "pax-utils";
-  version = "1.2.6";
+  version = "1.2.8";
 
   src = fetchurl {
     url = "http://distfiles.gentoo.org/distfiles/${pname}-${version}.tar.xz";
-    sha256 = "08bzvgv1z3371sqf7zlm9i0b1y3wdymj2dqdvzvf192k3nix4hlp";
+    sha256 = "sha256-urTIhG4dLMNmnPqSMdIdszWEHX1Y+eGc0Jn+bOYmsVc=";
   };
 
   makeFlags = [ "PREFIX=$(out)" ];
diff --git a/pkgs/os-specific/linux/s6-linux-init/default.nix b/pkgs/os-specific/linux/s6-linux-init/default.nix
index 87cc098d07d..41790e5eb78 100644
--- a/pkgs/os-specific/linux/s6-linux-init/default.nix
+++ b/pkgs/os-specific/linux/s6-linux-init/default.nix
@@ -4,8 +4,8 @@ with skawarePackages;
 
 buildPackage {
   pname = "s6-linux-init";
-  version = "1.0.6.0";
-  sha256 = "0kzif3dqhm7h4h7c6npzdbcy7w756222g8ysw116fgb8j385dr6w";
+  version = "1.0.6.1";
+  sha256 = "0sq8ya39a1qs61cdjns8ijwrvxnqd4snk2ab4j5wl9a87i7wixhn";
 
   description = "A set of minimalistic tools used to create a s6-based init system, including a /sbin/init binary, on a Linux kernel";
   platforms = lib.platforms.linux;
diff --git a/pkgs/servers/mail/rspamd/default.nix b/pkgs/servers/mail/rspamd/default.nix
index 0740613bad7..7a2eb9fd2cd 100644
--- a/pkgs/servers/mail/rspamd/default.nix
+++ b/pkgs/servers/mail/rspamd/default.nix
@@ -11,13 +11,13 @@ assert withHyperscan -> stdenv.isx86_64;
 
 stdenv.mkDerivation rec {
   pname = "rspamd";
-  version = "2.6";
+  version = "2.7";
 
   src = fetchFromGitHub {
     owner = "rspamd";
     repo = "rspamd";
     rev = version;
-    sha256 = "0vwa7k2s2bkfb8w78z5izkd6ywjbzqysb0grls898y549hm8ii70";
+    sha256 = "sha256-LMLRDnKfGpApVsIvPNY2nxl+H5+qeVvwvwr3wdyyhjs=";
   };
 
   nativeBuildInputs = [ cmake pkg-config perl ];
diff --git a/pkgs/servers/matterbridge/default.nix b/pkgs/servers/matterbridge/default.nix
index 6d12ac84d90..4235c7e26b1 100644
--- a/pkgs/servers/matterbridge/default.nix
+++ b/pkgs/servers/matterbridge/default.nix
@@ -2,7 +2,7 @@
 
 buildGoModule rec {
   pname = "matterbridge";
-  version = "1.21.0";
+  version = "1.22.0";
 
   vendorSha256 = null;
 
@@ -10,7 +10,7 @@ buildGoModule rec {
 
   src = fetchurl {
     url = "https://github.com/42wim/matterbridge/archive/v${version}.tar.gz";
-    sha256 = "sha256-ehn6KdPpDpfdyWCVfLuZLq2dDmZXc6InlnovqNsdG6Y=";
+    sha256 = "sha256-jwatqxQh4t4tgNiOEjS9vxIM+9XtnH8QNch887+xDnI=";
   };
 
   meta = with lib; {
diff --git a/pkgs/servers/mattermost/default.nix b/pkgs/servers/mattermost/default.nix
index f63f76efaba..6a7ba06df88 100644
--- a/pkgs/servers/mattermost/default.nix
+++ b/pkgs/servers/mattermost/default.nix
@@ -1,7 +1,7 @@
 { lib, stdenv, fetchurl, fetchFromGitHub, buildGoPackage, buildEnv }:
 
 let
-  version = "5.25.3";
+  version = "5.32.1";
 
   mattermost-server = buildGoPackage rec {
     pname = "mattermost-server";
@@ -11,7 +11,7 @@ let
       owner = "mattermost";
       repo = "mattermost-server";
       rev = "v${version}";
-      sha256 = "03xcwlbb9ff5whsdn2m3kqskxpwpfciikjjndbhksc8k8963z07j";
+      sha256 = "BssrTfkIxUbXYXIfz9i+5b4rEYSzBim+/riK78m8Bxo=";
     };
 
     goPackagePath = "github.com/mattermost/mattermost-server";
@@ -29,7 +29,7 @@ let
 
     src = fetchurl {
       url = "https://releases.mattermost.com/${version}/mattermost-${version}-linux-amd64.tar.gz";
-      sha256 = "1p1qxzrd6rj1i43vj18ysknrw2v02s7llx94nrdd5lk10ayzmg63";
+      sha256 = "kRerl3fYRTrotj86AIFSor3GpjhABkCmego1ms9HmkQ=";
     };
 
     installPhase = ''
diff --git a/pkgs/servers/minio/default.nix b/pkgs/servers/minio/default.nix
index a2ffe32acd2..ce53f30929d 100644
--- a/pkgs/servers/minio/default.nix
+++ b/pkgs/servers/minio/default.nix
@@ -2,13 +2,13 @@
 
 buildGoModule rec {
   pname = "minio";
-  version = "2021-03-12T00-00-47Z";
+  version = "2021-03-17T02-33-02Z";
 
   src = fetchFromGitHub {
     owner = "minio";
     repo = "minio";
     rev = "RELEASE.${version}";
-    sha256 = "sha256-7KHEmnrTw6SBhsImMjcv+b1wvFEg8AXgsuZTGp5iVis=";
+    sha256 = "sha256-nCCU9hSt8VaLpZmqZFl3GczqDJXEQJ4rFn/9B0gV/5g=";
   };
 
   vendorSha256 = "sha256-tMt6XRj1dd+AHqWA6WGm5GBFGx+IsP1ijYCj8cmUXy0=";
diff --git a/pkgs/servers/monitoring/grafana/default.nix b/pkgs/servers/monitoring/grafana/default.nix
index dc7ca728f2c..9bf10165e00 100644
--- a/pkgs/servers/monitoring/grafana/default.nix
+++ b/pkgs/servers/monitoring/grafana/default.nix
@@ -2,7 +2,7 @@
 
 buildGoModule rec {
   pname = "grafana";
-  version = "7.4.3";
+  version = "7.4.5";
 
   excludedPackages = [ "release_publisher" ];
 
@@ -10,15 +10,15 @@ buildGoModule rec {
     rev = "v${version}";
     owner = "grafana";
     repo = "grafana";
-    sha256 = "sha256-FPQa6q1ks9Lpod5sI29YBnGZvVRU12hTiw6GR85/mEs=";
+    sha256 = "10pnwd4d19ry7w2x46acc3j8gjn73b45fzc579gz1hc8hx2b3s0s";
   };
 
   srcStatic = fetchurl {
     url = "https://dl.grafana.com/oss/release/grafana-${version}.linux-amd64.tar.gz";
-    sha256 = "sha256-idbG+K9NVnNhEB0f7DfP7iaEnHMf59ieQtYnmT6CvVM=";
+    sha256 = "1x9jx3ww37cn6r6cn6gqlavmllxydks23vm8w4934bv8zppj1zwz";
   };
 
-  vendorSha256 = "sha256-LL+EkDZbbaNo/fPMGlPsB8jgBYHoe6SdkBbQoW5y4EU=";
+  vendorSha256 = "0ig0f9pa3l0nj2fs8yz8h42y1j07xi9imk7kzmla6vav6s889grc";
 
   postPatch = ''
     substituteInPlace pkg/cmd/grafana-server/main.go \
diff --git a/pkgs/servers/web-apps/bookstack/composer-env.nix b/pkgs/servers/web-apps/bookstack/composer-env.nix
new file mode 100644
index 00000000000..b91be187f55
--- /dev/null
+++ b/pkgs/servers/web-apps/bookstack/composer-env.nix
@@ -0,0 +1,238 @@
+# This file originates from composer2nix
+
+{ stdenv, lib, writeTextFile, fetchurl, php, unzip, phpPackages }:
+
+let
+  inherit (phpPackages) composer;
+  buildZipPackage = { name, src }:
+    stdenv.mkDerivation {
+      inherit name src;
+      buildInputs = [ unzip ];
+      buildCommand = ''
+        unzip $src
+        baseDir=$(find . -type d -mindepth 1 -maxdepth 1)
+        cd $baseDir
+        mkdir -p $out
+        mv * $out
+      '';
+    };
+
+  buildPackage =
+    { name
+    , src
+    , packages ? {}
+    , devPackages ? {}
+    , buildInputs ? []
+    , symlinkDependencies ? false
+    , executable ? false
+    , removeComposerArtifacts ? false
+    , postInstall ? ""
+    , noDev ? false
+    , unpackPhase ? "true"
+    , buildPhase ? "true"
+    , ...}@args:
+
+    let
+      reconstructInstalled = writeTextFile {
+        name = "reconstructinstalled.php";
+        executable = true;
+        text = ''
+          #! ${php}/bin/php
+          <?php
+          if(file_exists($argv[1]))
+          {
+              $composerLockStr = file_get_contents($argv[1]);
+
+              if($composerLockStr === false)
+              {
+                  fwrite(STDERR, "Cannot open composer.lock contents\n");
+                  exit(1);
+              }
+              else
+              {
+                  $config = json_decode($composerLockStr, true);
+
+                  if(array_key_exists("packages", $config))
+                      $allPackages = $config["packages"];
+                  else
+                      $allPackages = array();
+
+                  ${lib.optionalString (!noDev) ''
+                    if(array_key_exists("packages-dev", $config))
+                        $allPackages = array_merge($allPackages, $config["packages-dev"]);
+                  ''}
+
+                  $packagesStr = json_encode($allPackages, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
+                  print($packagesStr);
+              }
+          }
+          else
+              print("[]");
+          ?>
+        '';
+      };
+
+      constructBin = writeTextFile {
+        name = "constructbin.php";
+        executable = true;
+        text = ''
+          #! ${php}/bin/php
+          <?php
+          $composerJSONStr = file_get_contents($argv[1]);
+
+          if($composerJSONStr === false)
+          {
+              fwrite(STDERR, "Cannot open composer.json contents\n");
+              exit(1);
+          }
+          else
+          {
+              $config = json_decode($composerJSONStr, true);
+
+              if(array_key_exists("bin-dir", $config))
+                  $binDir = $config["bin-dir"];
+              else
+                  $binDir = "bin";
+
+              if(array_key_exists("bin", $config))
+              {
+                  if(!file_exists("vendor/".$binDir))
+                      mkdir("vendor/".$binDir);
+
+                  foreach($config["bin"] as $bin)
+                      symlink("../../".$bin, "vendor/".$binDir."/".basename($bin));
+              }
+          }
+          ?>
+        '';
+      };
+
+      bundleDependencies = dependencies:
+        lib.concatMapStrings (dependencyName:
+          let
+            dependency = dependencies.${dependencyName};
+          in
+          ''
+            ${if dependency.targetDir == "" then ''
+              vendorDir="$(dirname ${dependencyName})"
+              mkdir -p "$vendorDir"
+              ${if symlinkDependencies then
+                ''ln -s "${dependency.src}" "$vendorDir/$(basename "${dependencyName}")"''
+                else
+                ''cp -av "${dependency.src}" "$vendorDir/$(basename "${dependencyName}")"''
+              }
+            '' else ''
+              namespaceDir="${dependencyName}/$(dirname "${dependency.targetDir}")"
+              mkdir -p "$namespaceDir"
+              ${if symlinkDependencies then
+                ''ln -s "${dependency.src}" "$namespaceDir/$(basename "${dependency.targetDir}")"''
+              else
+                ''cp -av "${dependency.src}" "$namespaceDir/$(basename "${dependency.targetDir}")"''
+              }
+            ''}
+          '') (builtins.attrNames dependencies);
+
+      extraArgs = removeAttrs args [ "name" "packages" "devPackages" "buildInputs" ];
+    in
+    stdenv.mkDerivation ({
+      name = "composer-${name}";
+      buildInputs = [ php composer ] ++ buildInputs;
+
+      inherit unpackPhase buildPhase;
+
+      installPhase = ''
+        ${if executable then ''
+          mkdir -p $out/share/php
+          cp -av $src $out/share/php/$name
+          chmod -R u+w $out/share/php/$name
+          cd $out/share/php/$name
+        '' else ''
+          cp -av $src $out
+          chmod -R u+w $out
+          cd $out
+        ''}
+
+        # Remove unwanted files
+        rm -f *.nix
+
+        export HOME=$TMPDIR
+
+        # Remove the provided vendor folder if it exists
+        rm -Rf vendor
+
+        # If there is no composer.lock file, compose a dummy file.
+        # Otherwise, composer attempts to download the package.json file from
+        # the registry which we do not want.
+        if [ ! -f composer.lock ]
+        then
+            cat > composer.lock <<EOF
+        {
+            "packages": []
+        }
+        EOF
+        fi
+
+        # Reconstruct the installed.json file from the lock file
+        mkdir -p vendor/composer
+        ${reconstructInstalled} composer.lock > vendor/composer/installed.json
+
+        # Copy or symlink the provided dependencies
+        cd vendor
+        ${bundleDependencies packages}
+        ${lib.optionalString (!noDev) (bundleDependencies devPackages)}
+        cd ..
+
+        # Reconstruct autoload scripts
+        # We use the optimize feature because Nix packages cannot change after they have been built
+        # Using the dynamic loader for a Nix package is useless since there is nothing to dynamically reload.
+        composer dump-autoload --optimize ${lib.optionalString noDev "--no-dev"}
+
+        # Run the install step as a validation to confirm that everything works out as expected
+        composer install --optimize-autoloader ${lib.optionalString noDev "--no-dev"}
+
+        ${lib.optionalString executable ''
+          # Reconstruct the bin/ folder if we deploy an executable project
+          ${constructBin} composer.json
+          ln -s $(pwd)/vendor/bin $out/bin
+        ''}
+
+        ${lib.optionalString (!symlinkDependencies) ''
+          # Patch the shebangs if possible
+          if [ -d $(pwd)/vendor/bin ]
+          then
+              # Look for all executables in bin/
+              for i in $(pwd)/vendor/bin/*
+              do
+                  # Look for their location
+                  realFile=$(readlink -f "$i")
+
+                  # Restore write permissions
+                  chmod u+wx "$(dirname "$realFile")"
+                  chmod u+w "$realFile"
+
+                  # Patch shebang
+                  sed -e "s|#!/usr/bin/php|#!${php}/bin/php|" \
+                      -e "s|#!/usr/bin/env php|#!${php}/bin/php|" \
+                      "$realFile" > tmp
+                  mv tmp "$realFile"
+                  chmod u+x "$realFile"
+              done
+          fi
+        ''}
+
+        if [ "$removeComposerArtifacts" = "1" ]
+        then
+            # Remove composer stuff
+            rm -f composer.json composer.lock
+        fi
+
+        # Execute post install hook
+        runHook postInstall
+    '';
+  } // extraArgs);
+in
+{
+  composer = lib.makeOverridable composer;
+  buildZipPackage = lib.makeOverridable buildZipPackage;
+  buildPackage = lib.makeOverridable buildPackage;
+}
diff --git a/pkgs/servers/web-apps/bookstack/composition.nix b/pkgs/servers/web-apps/bookstack/composition.nix
new file mode 100644
index 00000000000..0df6cdae4cf
--- /dev/null
+++ b/pkgs/servers/web-apps/bookstack/composition.nix
@@ -0,0 +1,13 @@
+{pkgs ? import <nixpkgs> {
+    inherit system;
+  }, system ? builtins.currentSystem, noDev ? false}:
+
+let
+  composerEnv = import ./composer-env.nix {
+    inherit (pkgs) stdenv lib writeTextFile fetchurl php unzip phpPackages;
+  };
+in
+import ./php-packages.nix {
+  inherit composerEnv noDev;
+  inherit (pkgs) fetchurl fetchgit fetchhg fetchsvn;
+}
diff --git a/pkgs/servers/web-apps/bookstack/default.nix b/pkgs/servers/web-apps/bookstack/default.nix
new file mode 100644
index 00000000000..9ab47ace6ad
--- /dev/null
+++ b/pkgs/servers/web-apps/bookstack/default.nix
@@ -0,0 +1,38 @@
+{ pkgs, system, lib, fetchFromGitHub, dataDir ? "/var/lib/bookstack" }:
+
+let
+  package = (import ./composition.nix {
+    inherit pkgs system;
+    noDev = true; # Disable development dependencies
+  }).overrideAttrs (attrs : {
+    installPhase = attrs.installPhase + ''
+      rm -R $out/storage $out/public/uploads
+      ln -s ${dataDir}/.env $out/.env
+      ln -s ${dataDir}/storage $out/storage
+      ln -s ${dataDir}/public/uploads $out/public/uploads
+    '';
+  });
+
+in package.override rec {
+  name = "bookstack";
+  version = "0.31.7";
+
+  src = fetchFromGitHub {
+    owner = "bookstackapp";
+    repo = name;
+    rev = "v${version}";
+    sha256 = "1jak6g2q4zbr0gxqj0bqhks687whmmw8ylzwm4saws7ikcxkwna4";
+  };
+
+  meta = with lib; {
+    description = "A platform to create documentation/wiki content built with PHP & Laravel";
+    longDescription = ''
+      A platform for storing and organising information and documentation.
+      Details for BookStack can be found on the official website at https://www.bookstackapp.com/.
+    '';
+    homepage = "https://www.bookstackapp.com/";
+    license = licenses.mit;
+    maintainers = with maintainers; [ ymarkus ];
+    platforms = platforms.linux;
+  };
+}
diff --git a/pkgs/servers/web-apps/bookstack/php-packages.nix b/pkgs/servers/web-apps/bookstack/php-packages.nix
new file mode 100644
index 00000000000..5edd0b68e86
--- /dev/null
+++ b/pkgs/servers/web-apps/bookstack/php-packages.nix
@@ -0,0 +1,897 @@
+{composerEnv, fetchurl, fetchgit ? null, fetchhg ? null, fetchsvn ? null, noDev ? false}:
+
+let
+  packages = {
+    "aws/aws-sdk-php" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "aws-aws-sdk-php-3e6143f5c12986d727307d5d19d6aec21575d903";
+        src = fetchurl {
+          url = https://api.github.com/repos/aws/aws-sdk-php/zipball/3e6143f5c12986d727307d5d19d6aec21575d903;
+          sha256 = "16hbw8gqscbc3bcvnfdsll6x1653lq2s4dga3d5jbpczil3ws9yb";
+        };
+      };
+    };
+    "barryvdh/laravel-dompdf" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "barryvdh-laravel-dompdf-30310e0a675462bf2aa9d448c8dcbf57fbcc517d";
+        src = fetchurl {
+          url = https://api.github.com/repos/barryvdh/laravel-dompdf/zipball/30310e0a675462bf2aa9d448c8dcbf57fbcc517d;
+          sha256 = "1fnan9b2g4xhqqvlfsn3alb4nx5jjlrapgiad2kca13b3gizv7zr";
+        };
+      };
+    };
+    "barryvdh/laravel-snappy" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "barryvdh-laravel-snappy-1903ab84171072b6bff8d98eb58d38b2c9aaf645";
+        src = fetchurl {
+          url = https://api.github.com/repos/barryvdh/laravel-snappy/zipball/1903ab84171072b6bff8d98eb58d38b2c9aaf645;
+          sha256 = "1awr5kwj482qsh5wpg0q44fjqi7a9q26ghcc9wp1n9zm97y0rx7a";
+        };
+      };
+    };
+    "doctrine/cache" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "doctrine-cache-13e3381b25847283a91948d04640543941309727";
+        src = fetchurl {
+          url = https://api.github.com/repos/doctrine/cache/zipball/13e3381b25847283a91948d04640543941309727;
+          sha256 = "088fxbpjssp8x95qr3ip2iynxrimimrby03xlsvp2254vcyx94c5";
+        };
+      };
+    };
+    "doctrine/dbal" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "doctrine-dbal-47433196b6390d14409a33885ee42b6208160643";
+        src = fetchurl {
+          url = https://api.github.com/repos/doctrine/dbal/zipball/47433196b6390d14409a33885ee42b6208160643;
+          sha256 = "0bcg9494hr31902zcmq5kk7ji78yxk074d5bd9chxn9q0xz4g2h8";
+        };
+      };
+    };
+    "doctrine/event-manager" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "doctrine-event-manager-41370af6a30faa9dc0368c4a6814d596e81aba7f";
+        src = fetchurl {
+          url = https://api.github.com/repos/doctrine/event-manager/zipball/41370af6a30faa9dc0368c4a6814d596e81aba7f;
+          sha256 = "0pn2aiwl4fvv6fcwar9alng2yrqy8bzc58n4bkp6y2jnpw5gp4m8";
+        };
+      };
+    };
+    "doctrine/inflector" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "doctrine-inflector-9cf661f4eb38f7c881cac67c75ea9b00bf97b210";
+        src = fetchurl {
+          url = https://api.github.com/repos/doctrine/inflector/zipball/9cf661f4eb38f7c881cac67c75ea9b00bf97b210;
+          sha256 = "0gkaw5aqkdppd7cz1n46kdms0bv8kzbnpjh75jnhv98p9fik7f24";
+        };
+      };
+    };
+    "doctrine/lexer" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "doctrine-lexer-e864bbf5904cb8f5bb334f99209b48018522f042";
+        src = fetchurl {
+          url = https://api.github.com/repos/doctrine/lexer/zipball/e864bbf5904cb8f5bb334f99209b48018522f042;
+          sha256 = "11lg9fcy0crb8inklajhx3kyffdbx7xzdj8kwl21xsgq9nm9iwvv";
+        };
+      };
+    };
+    "dompdf/dompdf" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "dompdf-dompdf-db91d81866c69a42dad1d2926f61515a1e3f42c5";
+        src = fetchurl {
+          url = https://api.github.com/repos/dompdf/dompdf/zipball/db91d81866c69a42dad1d2926f61515a1e3f42c5;
+          sha256 = "10nsmaiqfk6wgv0l9wjsh7h8nigdfabygkhjk7wdbxdfvlvniddd";
+        };
+      };
+    };
+    "dragonmantank/cron-expression" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "dragonmantank-cron-expression-65b2d8ee1f10915efb3b55597da3404f096acba2";
+        src = fetchurl {
+          url = https://api.github.com/repos/dragonmantank/cron-expression/zipball/65b2d8ee1f10915efb3b55597da3404f096acba2;
+          sha256 = "07yqbhf6n4d818gvla60mgg23gichwiafd5ypd70w4b4dlbcxcpl";
+        };
+      };
+    };
+    "egulias/email-validator" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "egulias-email-validator-0dbf5d78455d4d6a41d186da50adc1122ec066f4";
+        src = fetchurl {
+          url = https://api.github.com/repos/egulias/EmailValidator/zipball/0dbf5d78455d4d6a41d186da50adc1122ec066f4;
+          sha256 = "00kwb8rhk1fq3a1i152xniipk3y907q1v5r3szqbkq5rz82dwbck";
+        };
+      };
+    };
+    "facade/flare-client-php" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "facade-flare-client-php-ef0f5bce23b30b32d98fd9bb49c6fa37b40eb546";
+        src = fetchurl {
+          url = https://api.github.com/repos/facade/flare-client-php/zipball/ef0f5bce23b30b32d98fd9bb49c6fa37b40eb546;
+          sha256 = "1car7k8zzkgib9wpi9lzw1dj9qgjak8s9dmiimxaigvb7q4bc5vk";
+        };
+      };
+    };
+    "facade/ignition" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "facade-ignition-b6aea4a99303d9d32afd486a285162a89af8a8a3";
+        src = fetchurl {
+          url = https://api.github.com/repos/facade/ignition/zipball/b6aea4a99303d9d32afd486a285162a89af8a8a3;
+          sha256 = "1dx6gf4qz6jf8hds3lyxs09zlr6ndl3d36212w2hr4b15ihmyszw";
+        };
+      };
+    };
+    "facade/ignition-contracts" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "facade-ignition-contracts-aeab1ce8b68b188a43e81758e750151ad7da796b";
+        src = fetchurl {
+          url = https://api.github.com/repos/facade/ignition-contracts/zipball/aeab1ce8b68b188a43e81758e750151ad7da796b;
+          sha256 = "0b5hv56758fh2y6fqbygwn94qgqwjan8d2s1i10m242x80h9jjiw";
+        };
+      };
+    };
+    "fideloper/proxy" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "fideloper-proxy-c073b2bd04d1c90e04dc1b787662b558dd65ade0";
+        src = fetchurl {
+          url = https://api.github.com/repos/fideloper/TrustedProxy/zipball/c073b2bd04d1c90e04dc1b787662b558dd65ade0;
+          sha256 = "05jzgjj4fy5p1smqj41b5qxj42zn0mnczvsaacni4fmq174mz4gy";
+        };
+      };
+    };
+    "filp/whoops" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "filp-whoops-df7933820090489623ce0be5e85c7e693638e536";
+        src = fetchurl {
+          url = https://api.github.com/repos/filp/whoops/zipball/df7933820090489623ce0be5e85c7e693638e536;
+          sha256 = "0azpv2r8hc9s5pbk9wh2qk52qzycsbvpijr8w68l311igpcj4f78";
+        };
+      };
+    };
+    "guzzlehttp/guzzle" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "guzzlehttp-guzzle-0aa74dfb41ae110835923ef10a9d803a22d50e79";
+        src = fetchurl {
+          url = https://api.github.com/repos/guzzle/guzzle/zipball/0aa74dfb41ae110835923ef10a9d803a22d50e79;
+          sha256 = "0gba1711dpi147fzi2ab2pg0k1g6zfanm5w5hf4c7w0b3h4ya5gj";
+        };
+      };
+    };
+    "guzzlehttp/promises" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "guzzlehttp-promises-60d379c243457e073cff02bc323a2a86cb355631";
+        src = fetchurl {
+          url = https://api.github.com/repos/guzzle/promises/zipball/60d379c243457e073cff02bc323a2a86cb355631;
+          sha256 = "0lvcr64bx9sb90qggxk7g7fsplz403gm3i8lnlcaifyjrlmdj5wb";
+        };
+      };
+    };
+    "guzzlehttp/psr7" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "guzzlehttp-psr7-53330f47520498c0ae1f61f7e2c90f55690c06a3";
+        src = fetchurl {
+          url = https://api.github.com/repos/guzzle/psr7/zipball/53330f47520498c0ae1f61f7e2c90f55690c06a3;
+          sha256 = "0948mbbqn1xcz39diajhvlr9a7586vx3091kzx96m0z4ki3lhv7g";
+        };
+      };
+    };
+    "intervention/image" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "intervention-image-abbf18d5ab8367f96b3205ca3c89fb2fa598c69e";
+        src = fetchurl {
+          url = https://api.github.com/repos/Intervention/image/zipball/abbf18d5ab8367f96b3205ca3c89fb2fa598c69e;
+          sha256 = "1msfpr9bip69bmhg23ka2f43phgb6dq5z604j5psjh3xd86r6c5d";
+        };
+      };
+    };
+    "knplabs/knp-snappy" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "knplabs-knp-snappy-7bac60fb729147b7ccd8532c07df3f52a4afa8a4";
+        src = fetchurl {
+          url = https://api.github.com/repos/KnpLabs/snappy/zipball/7bac60fb729147b7ccd8532c07df3f52a4afa8a4;
+          sha256 = "0qbywknz3zwhk91yaqd5p6nf48hzk1zmyqgrc9nb9ys2v6wy6njz";
+        };
+      };
+    };
+    "laravel/framework" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "laravel-framework-d0e4731e92ca88f4a78fe9e0c2c426a3e8c063c8";
+        src = fetchurl {
+          url = https://api.github.com/repos/laravel/framework/zipball/d0e4731e92ca88f4a78fe9e0c2c426a3e8c063c8;
+          sha256 = "15zjpq6lbxs019vd0mm2nbfi91yyw40wsf5fl0jbw3s1ffvaq898";
+        };
+      };
+    };
+    "laravel/socialite" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "laravel-socialite-8d25d574b4f2005411c0b9cb527ef5e745c1b07d";
+        src = fetchurl {
+          url = https://api.github.com/repos/laravel/socialite/zipball/8d25d574b4f2005411c0b9cb527ef5e745c1b07d;
+          sha256 = "0ash56za1flniq9nnk3siyb8l0m2cjwn2n25315qfhmdgbxxjz68";
+        };
+      };
+    };
+    "league/commonmark" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "league-commonmark-11df9b36fd4f1d2b727a73bf14931d81373b9a54";
+        src = fetchurl {
+          url = https://api.github.com/repos/thephpleague/commonmark/zipball/11df9b36fd4f1d2b727a73bf14931d81373b9a54;
+          sha256 = "15chm1sa65b58b47am00ik03s2agnx49i8yww3mhqlijvbrjvxc3";
+        };
+      };
+    };
+    "league/flysystem" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "league-flysystem-9be3b16c877d477357c015cec057548cf9b2a14a";
+        src = fetchurl {
+          url = https://api.github.com/repos/thephpleague/flysystem/zipball/9be3b16c877d477357c015cec057548cf9b2a14a;
+          sha256 = "0mhlr6l75j58xwbadq30x58s67434195zlpdax6ix4nkr7fc907j";
+        };
+      };
+    };
+    "league/flysystem-aws-s3-v3" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "league-flysystem-aws-s3-v3-4e25cc0582a36a786c31115e419c6e40498f6972";
+        src = fetchurl {
+          url = https://api.github.com/repos/thephpleague/flysystem-aws-s3-v3/zipball/4e25cc0582a36a786c31115e419c6e40498f6972;
+          sha256 = "1q2vkgyaz7h6z3q0z3v3l5rsvhv4xc45prgzr214cgm656i2h1ab";
+        };
+      };
+    };
+    "league/mime-type-detection" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "league-mime-type-detection-3b9dff8aaf7323590c1d2e443db701eb1f9aa0d3";
+        src = fetchurl {
+          url = https://api.github.com/repos/thephpleague/mime-type-detection/zipball/3b9dff8aaf7323590c1d2e443db701eb1f9aa0d3;
+          sha256 = "0pmq486v2nf6672y2z53cyb3mfrxcc8n7z2ilpzz9zkkf2yb990j";
+        };
+      };
+    };
+    "league/oauth1-client" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "league-oauth1-client-1e7e6be2dc543bf466236fb171e5b20e1b06aee6";
+        src = fetchurl {
+          url = https://api.github.com/repos/thephpleague/oauth1-client/zipball/1e7e6be2dc543bf466236fb171e5b20e1b06aee6;
+          sha256 = "1vmzvghl4c4k9vxza50k0w28hxm88vcrcdspqp7f3vmfg5c1zav2";
+        };
+      };
+    };
+    "monolog/monolog" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "monolog-monolog-1cb1cde8e8dd0f70cc0fe51354a59acad9302084";
+        src = fetchurl {
+          url = https://api.github.com/repos/Seldaek/monolog/zipball/1cb1cde8e8dd0f70cc0fe51354a59acad9302084;
+          sha256 = "1gymdiymwrjw25fjqapq3jlmf6wnp1h26ms74sckd70d53c4m52k";
+        };
+      };
+    };
+    "mtdowling/jmespath.php" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "mtdowling-jmespath.php-42dae2cbd13154083ca6d70099692fef8ca84bfb";
+        src = fetchurl {
+          url = https://api.github.com/repos/jmespath/jmespath.php/zipball/42dae2cbd13154083ca6d70099692fef8ca84bfb;
+          sha256 = "157pdx45dmkxwxyq8vdjfci24fw7kl3yc2gj1cifp9kaia7mwlkk";
+        };
+      };
+    };
+    "nesbot/carbon" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "nesbot-carbon-528783b188bdb853eb21239b1722831e0f000a8d";
+        src = fetchurl {
+          url = https://api.github.com/repos/briannesbitt/Carbon/zipball/528783b188bdb853eb21239b1722831e0f000a8d;
+          sha256 = "18pvfwjvclfj0mrgqvycgrbyx5jfcp1hks4yljc6mp66yxr787x4";
+        };
+      };
+    };
+    "nunomaduro/collision" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "nunomaduro-collision-f7c45764dfe4ba5f2618d265a6f1f9c72732e01d";
+        src = fetchurl {
+          url = https://api.github.com/repos/nunomaduro/collision/zipball/f7c45764dfe4ba5f2618d265a6f1f9c72732e01d;
+          sha256 = "1cazbjxl5rqw4cl783nrymhcvjhvwwwjswr5w0si1wfhmpvr349q";
+        };
+      };
+    };
+    "onelogin/php-saml" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "onelogin-php-saml-a7328b11887660ad248ea10952dd67a5aa73ba3b";
+        src = fetchurl {
+          url = https://api.github.com/repos/onelogin/php-saml/zipball/a7328b11887660ad248ea10952dd67a5aa73ba3b;
+          sha256 = "0ycj3n22k5i3h8p7gn0xff6a7smjypazl2k5qvyzg86fjr7s3vfv";
+        };
+      };
+    };
+    "opis/closure" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "opis-closure-943b5d70cc5ae7483f6aff6ff43d7e34592ca0f5";
+        src = fetchurl {
+          url = https://api.github.com/repos/opis/closure/zipball/943b5d70cc5ae7483f6aff6ff43d7e34592ca0f5;
+          sha256 = "0y47ldgzzv22c5dnsdzqmbrsicq6acjyba0119d3dc6wa3n7zqi6";
+        };
+      };
+    };
+    "paragonie/random_compat" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "paragonie-random_compat-84b4dfb120c6f9b4ff7b3685f9b8f1aa365a0c95";
+        src = fetchurl {
+          url = https://api.github.com/repos/paragonie/random_compat/zipball/84b4dfb120c6f9b4ff7b3685f9b8f1aa365a0c95;
+          sha256 = "03nsccdvcb79l64b7lsmx0n8ldf5z3v8niqr7bpp6wg401qp9p09";
+        };
+      };
+    };
+    "phenx/php-font-lib" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "phenx-php-font-lib-ca6ad461f032145fff5971b5985e5af9e7fa88d8";
+        src = fetchurl {
+          url = https://api.github.com/repos/PhenX/php-font-lib/zipball/ca6ad461f032145fff5971b5985e5af9e7fa88d8;
+          sha256 = "0grirw04sfg38fd4h0yaks43s49cxr5bisrr4ligjig2q3rjai31";
+        };
+      };
+    };
+    "phenx/php-svg-lib" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "phenx-php-svg-lib-5fa61b65e612ce1ae15f69b3d223cb14ecc60e32";
+        src = fetchurl {
+          url = https://api.github.com/repos/PhenX/php-svg-lib/zipball/5fa61b65e612ce1ae15f69b3d223cb14ecc60e32;
+          sha256 = "1jbkn7wm82y6pbyb7gx989k4yaprsc7xpa49nn4ywscmkz7ckd5y";
+        };
+      };
+    };
+    "php-parallel-lint/php-console-color" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "php-parallel-lint-php-console-color-b6af326b2088f1ad3b264696c9fd590ec395b49e";
+        src = fetchurl {
+          url = https://api.github.com/repos/php-parallel-lint/PHP-Console-Color/zipball/b6af326b2088f1ad3b264696c9fd590ec395b49e;
+          sha256 = "030449mkpxs35y8dk336ls3bfdq3zjnxswnk5khlg45z5147cr3k";
+        };
+      };
+    };
+    "php-parallel-lint/php-console-highlighter" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "php-parallel-lint-php-console-highlighter-21bf002f077b177f056d8cb455c5ed573adfdbb8";
+        src = fetchurl {
+          url = https://api.github.com/repos/php-parallel-lint/PHP-Console-Highlighter/zipball/21bf002f077b177f056d8cb455c5ed573adfdbb8;
+          sha256 = "013phmp5n6hp6mvlpbqbrih0zd8h7xc152dpzxxf49b0jczxh8y4";
+        };
+      };
+    };
+    "phpoption/phpoption" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "phpoption-phpoption-994ecccd8f3283ecf5ac33254543eb0ac946d525";
+        src = fetchurl {
+          url = https://api.github.com/repos/schmittjoh/php-option/zipball/994ecccd8f3283ecf5ac33254543eb0ac946d525;
+          sha256 = "1snrnfvqhnr5z9llf8kbqk9l97gfyp8gghmhi1ng8qx5xzv1anr7";
+        };
+      };
+    };
+    "predis/predis" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "predis-predis-9930e933c67446962997b05201c69c2319bf26de";
+        src = fetchurl {
+          url = https://api.github.com/repos/predis/predis/zipball/9930e933c67446962997b05201c69c2319bf26de;
+          sha256 = "0qnpiyv96gs8yzy3b1ba918yw1pv8bgzw7skcf3k40ffpxsmkxv6";
+        };
+      };
+    };
+    "psr/container" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "psr-container-b7ce3b176482dbbc1245ebf52b181af44c2cf55f";
+        src = fetchurl {
+          url = https://api.github.com/repos/php-fig/container/zipball/b7ce3b176482dbbc1245ebf52b181af44c2cf55f;
+          sha256 = "0rkz64vgwb0gfi09klvgay4qnw993l1dc03vyip7d7m2zxi6cy4j";
+        };
+      };
+    };
+    "psr/http-client" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "psr-http-client-2dfb5f6c5eff0e91e20e913f8c5452ed95b86621";
+        src = fetchurl {
+          url = https://api.github.com/repos/php-fig/http-client/zipball/2dfb5f6c5eff0e91e20e913f8c5452ed95b86621;
+          sha256 = "0cmkifa3ji1r8kn3y1rwg81rh8g2crvnhbv2am6d688dzsbw967v";
+        };
+      };
+    };
+    "psr/http-message" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "psr-http-message-f6561bf28d520154e4b0ec72be95418abe6d9363";
+        src = fetchurl {
+          url = https://api.github.com/repos/php-fig/http-message/zipball/f6561bf28d520154e4b0ec72be95418abe6d9363;
+          sha256 = "195dd67hva9bmr52iadr4kyp2gw2f5l51lplfiay2pv6l9y4cf45";
+        };
+      };
+    };
+    "psr/log" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "psr-log-0f73288fd15629204f9d42b7055f72dacbe811fc";
+        src = fetchurl {
+          url = https://api.github.com/repos/php-fig/log/zipball/0f73288fd15629204f9d42b7055f72dacbe811fc;
+          sha256 = "1npi9ggl4qll4sdxz1xgp8779ia73gwlpjxbb1f1cpl1wn4s42r4";
+        };
+      };
+    };
+    "psr/simple-cache" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "psr-simple-cache-408d5eafb83c57f6365a3ca330ff23aa4a5fa39b";
+        src = fetchurl {
+          url = https://api.github.com/repos/php-fig/simple-cache/zipball/408d5eafb83c57f6365a3ca330ff23aa4a5fa39b;
+          sha256 = "1djgzclkamjxi9jy4m9ggfzgq1vqxaga2ip7l3cj88p7rwkzjxgw";
+        };
+      };
+    };
+    "ralouphie/getallheaders" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "ralouphie-getallheaders-120b605dfeb996808c31b6477290a714d356e822";
+        src = fetchurl {
+          url = https://api.github.com/repos/ralouphie/getallheaders/zipball/120b605dfeb996808c31b6477290a714d356e822;
+          sha256 = "1bv7ndkkankrqlr2b4kw7qp3fl0dxi6bp26bnim6dnlhavd6a0gg";
+        };
+      };
+    };
+    "ramsey/uuid" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "ramsey-uuid-7e1633a6964b48589b142d60542f9ed31bd37a92";
+        src = fetchurl {
+          url = https://api.github.com/repos/ramsey/uuid/zipball/7e1633a6964b48589b142d60542f9ed31bd37a92;
+          sha256 = "0s6z2c8jvwjmxzy2kqmxqpz0val9i5r757mdwf2yc7qrwm6bwd15";
+        };
+      };
+    };
+    "robrichards/xmlseclibs" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "robrichards-xmlseclibs-f8f19e58f26cdb42c54b214ff8a820760292f8df";
+        src = fetchurl {
+          url = https://api.github.com/repos/robrichards/xmlseclibs/zipball/f8f19e58f26cdb42c54b214ff8a820760292f8df;
+          sha256 = "01zlpm36rrdj310cfmiz2fnabszxd3fq80fa8x8j3f9ki7dvhh5y";
+        };
+      };
+    };
+    "sabberworm/php-css-parser" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "sabberworm-php-css-parser-d217848e1396ef962fb1997cf3e2421acba7f796";
+        src = fetchurl {
+          url = https://api.github.com/repos/sabberworm/PHP-CSS-Parser/zipball/d217848e1396ef962fb1997cf3e2421acba7f796;
+          sha256 = "17jkly8k02p54qa004spikakxis8syjw3vhwgrsi9g1cb4wsg3g9";
+        };
+      };
+    };
+    "scrivo/highlight.php" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "scrivo-highlight.php-44a3d4136edb5ad8551590bf90f437db80b2d466";
+        src = fetchurl {
+          url = https://api.github.com/repos/scrivo/highlight.php/zipball/44a3d4136edb5ad8551590bf90f437db80b2d466;
+          sha256 = "0p0bj3yqiaa917lgx4ycwic2qqlg3cxka2adhziqzhlq9jqhzi8r";
+        };
+      };
+    };
+    "socialiteproviders/discord" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "socialiteproviders-discord-c6eddeb07ace7473e82d02d4db852dfacf5ef574";
+        src = fetchurl {
+          url = https://api.github.com/repos/SocialiteProviders/Discord/zipball/c6eddeb07ace7473e82d02d4db852dfacf5ef574;
+          sha256 = "1w8m7jmlsdk94cqckgd75mwblh3jj6j16w3g4hzysyms25g091xc";
+        };
+      };
+    };
+    "socialiteproviders/gitlab" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "socialiteproviders-gitlab-a8f67d3b02c9ee8c70c25c6728417c0eddcbbb9d";
+        src = fetchurl {
+          url = https://api.github.com/repos/SocialiteProviders/GitLab/zipball/a8f67d3b02c9ee8c70c25c6728417c0eddcbbb9d;
+          sha256 = "1blv2h69dmm0r0djz3h0l0cxkxmzd1fzgg13r3npxx7c80xjpw3a";
+        };
+      };
+    };
+    "socialiteproviders/manager" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "socialiteproviders-manager-0f5e82af0404df0080bdc5c105cef936c1711524";
+        src = fetchurl {
+          url = https://api.github.com/repos/SocialiteProviders/Manager/zipball/0f5e82af0404df0080bdc5c105cef936c1711524;
+          sha256 = "0ppmln72khli94ylnsjarnhzkqzpkc32pn3zf3ljahm1yghccczx";
+        };
+      };
+    };
+    "socialiteproviders/microsoft-azure" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "socialiteproviders-microsoft-azure-7808764f777a01df88be9ca6b14d683e50aaf88a";
+        src = fetchurl {
+          url = https://api.github.com/repos/SocialiteProviders/Microsoft-Azure/zipball/7808764f777a01df88be9ca6b14d683e50aaf88a;
+          sha256 = "1lxsvb5pzqrm467a8737v98sgmsxs6mvxc683p19b2y30g4fyrlj";
+        };
+      };
+    };
+    "socialiteproviders/okta" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "socialiteproviders-okta-e3ef9f23c7d2f86b3b16a174b82333cf4e2459e8";
+        src = fetchurl {
+          url = https://api.github.com/repos/SocialiteProviders/Okta/zipball/e3ef9f23c7d2f86b3b16a174b82333cf4e2459e8;
+          sha256 = "1a3anw5di5nqiabvqpmsjv5x0jasmsn4y876qsv77gazxja880ng";
+        };
+      };
+    };
+    "socialiteproviders/slack" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "socialiteproviders-slack-8efb25c71d98bedf4010a829d1e41ff9fe449bcc";
+        src = fetchurl {
+          url = https://api.github.com/repos/SocialiteProviders/Slack/zipball/8efb25c71d98bedf4010a829d1e41ff9fe449bcc;
+          sha256 = "0ax3n4s1djidkhgvrcgv1qipv3k0fhfd0cvs273h6wh66bjniq66";
+        };
+      };
+    };
+    "socialiteproviders/twitch" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "socialiteproviders-twitch-7accf30ae7a3139b757b4ca8f34989c09a3dbee7";
+        src = fetchurl {
+          url = https://api.github.com/repos/SocialiteProviders/Twitch/zipball/7accf30ae7a3139b757b4ca8f34989c09a3dbee7;
+          sha256 = "089i4fwxb32zmbxib0544jfs48wzjyp7bsqss2bf2xx89dsrx4ah";
+        };
+      };
+    };
+    "ssddanbrown/htmldiff" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "ssddanbrown-htmldiff-f60d5cc278b60305ab980a6665f46117c5b589c0";
+        src = fetchurl {
+          url = https://api.github.com/repos/ssddanbrown/HtmlDiff/zipball/f60d5cc278b60305ab980a6665f46117c5b589c0;
+          sha256 = "12h3swr8rjf5w78kfgwzkf0zb59b4a8mjwf65fgcgvjg115wha9x";
+        };
+      };
+    };
+    "swiftmailer/swiftmailer" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "swiftmailer-swiftmailer-698a6a9f54d7eb321274de3ad19863802c879fb7";
+        src = fetchurl {
+          url = https://api.github.com/repos/swiftmailer/swiftmailer/zipball/698a6a9f54d7eb321274de3ad19863802c879fb7;
+          sha256 = "1zmyr6szxvbc77rs4q1cp7f3vzw1wfx9rbbj7x9s65gh37z9fd1w";
+        };
+      };
+    };
+    "symfony/console" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "symfony-console-24026c44fc37099fa145707fecd43672831b837a";
+        src = fetchurl {
+          url = https://api.github.com/repos/symfony/console/zipball/24026c44fc37099fa145707fecd43672831b837a;
+          sha256 = "19c5yczwxk0965pdg7ka8sa8wsr569r6l725rj4y9sabfd6mg6jf";
+        };
+      };
+    };
+    "symfony/css-selector" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "symfony-css-selector-f907d3e53ecb2a5fad8609eb2f30525287a734c8";
+        src = fetchurl {
+          url = https://api.github.com/repos/symfony/css-selector/zipball/f907d3e53ecb2a5fad8609eb2f30525287a734c8;
+          sha256 = "19yqy81psz2wh8gy2j3phywsgrw9sbcw83l8lbnxbk5khg8hw3nm";
+        };
+      };
+    };
+    "symfony/debug" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "symfony-debug-af4987aa4a5630e9615be9d9c3ed1b0f24ca449c";
+        src = fetchurl {
+          url = https://api.github.com/repos/symfony/debug/zipball/af4987aa4a5630e9615be9d9c3ed1b0f24ca449c;
+          sha256 = "15y1bgdrzq3859ql37ymx4fsvd28kyck69ncm6zyg84q3fhd8i19";
+        };
+      };
+    };
+    "symfony/deprecation-contracts" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "symfony-deprecation-contracts-5fa56b4074d1ae755beb55617ddafe6f5d78f665";
+        src = fetchurl {
+          url = https://api.github.com/repos/symfony/deprecation-contracts/zipball/5fa56b4074d1ae755beb55617ddafe6f5d78f665;
+          sha256 = "0ny59x0aaipqaj956wx7ak5f6d5rn90766swp5m18019v9cppg10";
+        };
+      };
+    };
+    "symfony/error-handler" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "symfony-error-handler-d603654eaeb713503bba3e308b9e748e5a6d3f2e";
+        src = fetchurl {
+          url = https://api.github.com/repos/symfony/error-handler/zipball/d603654eaeb713503bba3e308b9e748e5a6d3f2e;
+          sha256 = "15xdk9bbyfdm8yf19jfb3zr1yaj0lprf9pmxgj630vbpbqkgsd8f";
+        };
+      };
+    };
+    "symfony/event-dispatcher" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "symfony-event-dispatcher-c352647244bd376bf7d31efbd5401f13f50dad0c";
+        src = fetchurl {
+          url = https://api.github.com/repos/symfony/event-dispatcher/zipball/c352647244bd376bf7d31efbd5401f13f50dad0c;
+          sha256 = "1cxgn0y83i4qqx757kq96jadwwbc68h11snhvy175xvy8nvsmxkd";
+        };
+      };
+    };
+    "symfony/event-dispatcher-contracts" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "symfony-event-dispatcher-contracts-84e23fdcd2517bf37aecbd16967e83f0caee25a7";
+        src = fetchurl {
+          url = https://api.github.com/repos/symfony/event-dispatcher-contracts/zipball/84e23fdcd2517bf37aecbd16967e83f0caee25a7;
+          sha256 = "1pcfrlc0rg8vdnp23y3y1p5qzng5nxf5i2c36g9x9f480xrnc1fw";
+        };
+      };
+    };
+    "symfony/finder" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "symfony-finder-25d79cfccfc12e84e7a63a248c3f0720fdd92db6";
+        src = fetchurl {
+          url = https://api.github.com/repos/symfony/finder/zipball/25d79cfccfc12e84e7a63a248c3f0720fdd92db6;
+          sha256 = "04fwddn12sj6vzr5xr4xd25m86cn4l15079490h3q3igprzvrqk8";
+        };
+      };
+    };
+    "symfony/http-client-contracts" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "symfony-http-client-contracts-41db680a15018f9c1d4b23516059633ce280ca33";
+        src = fetchurl {
+          url = https://api.github.com/repos/symfony/http-client-contracts/zipball/41db680a15018f9c1d4b23516059633ce280ca33;
+          sha256 = "1iia9rpbri1whp2dw4qfhh90gmkdvxhgjwxi54q7wlnlhijgga81";
+        };
+      };
+    };
+    "symfony/http-foundation" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "symfony-http-foundation-8888741b633f6c3d1e572b7735ad2cae3e03f9c5";
+        src = fetchurl {
+          url = https://api.github.com/repos/symfony/http-foundation/zipball/8888741b633f6c3d1e572b7735ad2cae3e03f9c5;
+          sha256 = "0qs389nxxqc6nwx5x6b9kz8ykdlhdx7k8k6nd2apppxpqalvk6sw";
+        };
+      };
+    };
+    "symfony/http-kernel" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "symfony-http-kernel-07ea794a327d7c8c5d76e3058fde9fec6a711cb4";
+        src = fetchurl {
+          url = https://api.github.com/repos/symfony/http-kernel/zipball/07ea794a327d7c8c5d76e3058fde9fec6a711cb4;
+          sha256 = "0mnay6nn299ljjgaqqbk8kcl431wrzvzsqybvl648pf513mp9vy9";
+        };
+      };
+    };
+    "symfony/mime" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "symfony-mime-7dee6a43493f39b51ff6c5bb2bd576fe40a76c86";
+        src = fetchurl {
+          url = https://api.github.com/repos/symfony/mime/zipball/7dee6a43493f39b51ff6c5bb2bd576fe40a76c86;
+          sha256 = "0931zsmnpx75b9b34a03l0sfp22mailaa2y5az3cgx9v0bkc0vka";
+        };
+      };
+    };
+    "symfony/polyfill-ctype" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "symfony-polyfill-ctype-c6c942b1ac76c82448322025e084cadc56048b4e";
+        src = fetchurl {
+          url = https://api.github.com/repos/symfony/polyfill-ctype/zipball/c6c942b1ac76c82448322025e084cadc56048b4e;
+          sha256 = "0jpk859wx74vm03q5s9z25f4ak2138p2x5q3b587wvy8rq2m4pbd";
+        };
+      };
+    };
+    "symfony/polyfill-iconv" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "symfony-polyfill-iconv-06fb361659649bcfd6a208a0f1fcaf4e827ad342";
+        src = fetchurl {
+          url = https://api.github.com/repos/symfony/polyfill-iconv/zipball/06fb361659649bcfd6a208a0f1fcaf4e827ad342;
+          sha256 = "0glb56w5q4v2j629rkndp2c7v4mcs6xdl14nwaaxy85lr5w4ixnq";
+        };
+      };
+    };
+    "symfony/polyfill-intl-idn" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "symfony-polyfill-intl-idn-2d63434d922daf7da8dd863e7907e67ee3031483";
+        src = fetchurl {
+          url = https://api.github.com/repos/symfony/polyfill-intl-idn/zipball/2d63434d922daf7da8dd863e7907e67ee3031483;
+          sha256 = "0sk592qrdb6dvk6v8msjva8p672qmhmnzkw1lw53gks0xrc20xjy";
+        };
+      };
+    };
+    "symfony/polyfill-intl-normalizer" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "symfony-polyfill-intl-normalizer-43a0283138253ed1d48d352ab6d0bdb3f809f248";
+        src = fetchurl {
+          url = https://api.github.com/repos/symfony/polyfill-intl-normalizer/zipball/43a0283138253ed1d48d352ab6d0bdb3f809f248;
+          sha256 = "04irkl6aks8zyfy17ni164060liihfyraqm1fmpjbs5hq0b14sc9";
+        };
+      };
+    };
+    "symfony/polyfill-mbstring" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "symfony-polyfill-mbstring-5232de97ee3b75b0360528dae24e73db49566ab1";
+        src = fetchurl {
+          url = https://api.github.com/repos/symfony/polyfill-mbstring/zipball/5232de97ee3b75b0360528dae24e73db49566ab1;
+          sha256 = "1mm670fxj2x72a9mbkyzs3yifpp6glravq2ss438bags1xf6psz8";
+        };
+      };
+    };
+    "symfony/polyfill-php72" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "symfony-polyfill-php72-cc6e6f9b39fe8075b3dabfbaf5b5f645ae1340c9";
+        src = fetchurl {
+          url = https://api.github.com/repos/symfony/polyfill-php72/zipball/cc6e6f9b39fe8075b3dabfbaf5b5f645ae1340c9;
+          sha256 = "12dmz2n1b9pqqd758ja0c8h8h5dxdai5ik74iwvaxc5xn86a026b";
+        };
+      };
+    };
+    "symfony/polyfill-php73" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "symfony-polyfill-php73-a678b42e92f86eca04b7fa4c0f6f19d097fb69e2";
+        src = fetchurl {
+          url = https://api.github.com/repos/symfony/polyfill-php73/zipball/a678b42e92f86eca04b7fa4c0f6f19d097fb69e2;
+          sha256 = "10rq2x2q9hsdzskrz0aml5qcji27ypxam324044fi24nl60fyzg0";
+        };
+      };
+    };
+    "symfony/polyfill-php80" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "symfony-polyfill-php80-dc3063ba22c2a1fd2f45ed856374d79114998f91";
+        src = fetchurl {
+          url = https://api.github.com/repos/symfony/polyfill-php80/zipball/dc3063ba22c2a1fd2f45ed856374d79114998f91;
+          sha256 = "1mhfjibk7mqyzlqpz6jjpxpd93fnfw0nik140x3mq1d2blg5cbvd";
+        };
+      };
+    };
+    "symfony/process" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "symfony-process-7e950b6366d4da90292c2e7fa820b3c1842b965a";
+        src = fetchurl {
+          url = https://api.github.com/repos/symfony/process/zipball/7e950b6366d4da90292c2e7fa820b3c1842b965a;
+          sha256 = "07ykgz5bjd45izf5n6jm2n27wcaa7aih2wlsiln1ffj9vqd6l1s4";
+        };
+      };
+    };
+    "symfony/routing" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "symfony-routing-87529f6e305c7acb162840d1ea57922038072425";
+        src = fetchurl {
+          url = https://api.github.com/repos/symfony/routing/zipball/87529f6e305c7acb162840d1ea57922038072425;
+          sha256 = "0qrgacividsp7c61y03qh8lb4vj30g0mvljnm5k60h4zzdmivlgc";
+        };
+      };
+    };
+    "symfony/service-contracts" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "symfony-service-contracts-d15da7ba4957ffb8f1747218be9e1a121fd298a1";
+        src = fetchurl {
+          url = https://api.github.com/repos/symfony/service-contracts/zipball/d15da7ba4957ffb8f1747218be9e1a121fd298a1;
+          sha256 = "168iq1lp2r5qb5h8j0s17da09iaj2h5hrrdc9rw2p73hq8rvm1w2";
+        };
+      };
+    };
+    "symfony/translation" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "symfony-translation-e1d0c67167a553556d9f974b5fa79c2448df317a";
+        src = fetchurl {
+          url = https://api.github.com/repos/symfony/translation/zipball/e1d0c67167a553556d9f974b5fa79c2448df317a;
+          sha256 = "1b6fj278i1wdf4l7py9n86lmhrqmzvjy7kapjpfkz03adn2ps127";
+        };
+      };
+    };
+    "symfony/translation-contracts" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "symfony-translation-contracts-e2eaa60b558f26a4b0354e1bbb25636efaaad105";
+        src = fetchurl {
+          url = https://api.github.com/repos/symfony/translation-contracts/zipball/e2eaa60b558f26a4b0354e1bbb25636efaaad105;
+          sha256 = "1k26yvgk84rz6ja9ml6l6iwbbi68qsqnq2cpky044g9ymvlg8d5g";
+        };
+      };
+    };
+    "symfony/var-dumper" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "symfony-var-dumper-a1eab2f69906dc83c5ddba4632180260d0ab4f7f";
+        src = fetchurl {
+          url = https://api.github.com/repos/symfony/var-dumper/zipball/a1eab2f69906dc83c5ddba4632180260d0ab4f7f;
+          sha256 = "1yw12jbx6gf5mvg7jrr1v57ah3b2s4hflz2p1m98nayi4qhdp20m";
+        };
+      };
+    };
+    "tijsverkoyen/css-to-inline-styles" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "tijsverkoyen-css-to-inline-styles-b43b05cf43c1b6d849478965062b6ef73e223bb5";
+        src = fetchurl {
+          url = https://api.github.com/repos/tijsverkoyen/CssToInlineStyles/zipball/b43b05cf43c1b6d849478965062b6ef73e223bb5;
+          sha256 = "0lc6jviz8faqxxs453dbqvfdmm6l2iczxla22v2r6xhakl58pf3w";
+        };
+      };
+    };
+    "vlucas/phpdotenv" = {
+      targetDir = "";
+      src = composerEnv.buildZipPackage {
+        name = "vlucas-phpdotenv-5e679f7616db829358341e2d5cccbd18773bdab8";
+        src = fetchurl {
+          url = https://api.github.com/repos/vlucas/phpdotenv/zipball/5e679f7616db829358341e2d5cccbd18773bdab8;
+          sha256 = "05j5wj1hry30vaqna4a232gjlibp89ha3ibhy04x5lbm0c98b73q";
+        };
+      };
+    };
+  };
+  devPackages = {};
+in
+composerEnv.buildPackage {
+  inherit packages devPackages noDev;
+  name = "bookstack";
+  src = ./.;
+  executable = false;
+  symlinkDependencies = false;
+  meta = {
+    license = "MIT";
+  };
+}
diff --git a/pkgs/servers/web-apps/bookstack/update.sh b/pkgs/servers/web-apps/bookstack/update.sh
new file mode 100755
index 00000000000..f61a5110590
--- /dev/null
+++ b/pkgs/servers/web-apps/bookstack/update.sh
@@ -0,0 +1,50 @@
+#!/usr/bin/env nix-shell
+#! nix-shell -i bash -p nix curl jq nix-update
+
+# check if composer2nix is installed
+if ! command -v composer2nix &> /dev/null; then
+  echo "Please install composer2nix (https://github.com/svanderburg/composer2nix) to run this script."
+  exit 1
+fi
+
+CURRENT_VERSION=$(nix eval --raw '(with import ../../../.. {}; bookstack.version)')
+TARGET_VERSION_REMOTE=$(curl https://api.github.com/repos/bookstackapp/bookstack/releases/latest | jq -r ".tag_name")
+TARGET_VERSION=${TARGET_VERSION_REMOTE:1}
+BOOKSTACK=https://github.com/bookstackapp/bookstack/raw/$TARGET_VERSION_REMOTE
+SHA256=$(nix-prefetch-url --unpack "https://github.com/bookstackapp/bookstack/archive/v$TARGET_VERSION/bookstack.tar.gz")
+
+if [[ "$CURRENT_VERSION" == "$TARGET_VERSION" ]]; then
+  echo "bookstack is up-to-date: ${CURRENT_VERSION}"
+  exit 0
+fi
+
+curl -LO "$BOOKSTACK/composer.json"
+curl -LO "$BOOKSTACK/composer.lock"
+
+composer2nix --name "bookstack" \
+  --composition=composition.nix \
+  --no-dev
+rm composer.json composer.lock
+
+# change version number
+sed -e "s/version =.*;/version = \"$TARGET_VERSION\";/g" \
+    -e "s/sha256 =.*;/sha256 = \"$SHA256\";/g" \
+    -i ./default.nix
+
+# fix composer-env.nix
+sed -e "s/stdenv\.lib/lib/g" \
+    -e '3s/stdenv, writeTextFile/stdenv, lib, writeTextFile/' \
+    -i ./composer-env.nix
+
+# fix composition.nix
+sed -e '7s/stdenv writeTextFile/stdenv lib writeTextFile/' \
+    -i composition.nix
+
+# fix missing newline
+echo "" >> composition.nix
+echo "" >> php-packages.nix
+
+cd ../../../..
+nix-build -A bookstack
+
+exit $?
diff --git a/pkgs/shells/fish/default.nix b/pkgs/shells/fish/default.nix
index 581785beb7a..c467c04c3ff 100644
--- a/pkgs/shells/fish/default.nix
+++ b/pkgs/shells/fish/default.nix
@@ -131,7 +131,7 @@ let
 
   fish = stdenv.mkDerivation rec {
     pname = "fish";
-    version = "3.2.0";
+    version = "3.2.1";
 
     src = fetchurl {
       # There are differences between the release tarball and the tarball GitHub
@@ -141,7 +141,7 @@ let
       # --version`), as well as the local documentation for all builtins (and
       # maybe other things).
       url = "https://github.com/fish-shell/fish-shell/releases/download/${version}/${pname}-${version}.tar.xz";
-      sha256 = "sha256-TwKT7Z9qa3fkfUHvq+YvMxnobvyL+DzFhzMET7xvkhE=";
+      sha256 = "2OSfQJDTd43xfdgl5KKoAZIBVoJCPNndArZnXWXDr1s=";
     };
 
     # Fix FHS paths in tests
@@ -214,7 +214,7 @@ let
 
     checkInputs = [
       coreutils
-      (python3.withPackages(ps: [ps.pexpect]))
+      (python3.withPackages (ps: [ ps.pexpect ]))
       procps
     ];
 
diff --git a/pkgs/shells/fish/plugins/build-fish-plugin.nix b/pkgs/shells/fish/plugins/build-fish-plugin.nix
index a52c5746492..5bb4ffa243f 100644
--- a/pkgs/shells/fish/plugins/build-fish-plugin.nix
+++ b/pkgs/shells/fish/plugins/build-fish-plugin.nix
@@ -11,8 +11,6 @@ attrs@{
   buildPhase ? ":",
   preInstall ? "",
   postInstall ? "",
-  # name of the subdirectory in which to store the plugin
-  installPath ? lib.getName pname,
 
   checkInputs ? [],
   # plugin packages to add to the vendor paths of the test fish shell
@@ -26,7 +24,15 @@ attrs@{
   ...
 }:
 
-stdenv.mkDerivation (attrs // {
+let
+  # Do not pass attributes that are only relevant to buildFishPlugin to mkDerivation.
+  drvAttrs = builtins.removeAttrs attrs [
+    "checkPlugins"
+    "checkFunctionDirs"
+  ];
+in
+
+stdenv.mkDerivation (drvAttrs // {
   inherit name;
   inherit unpackPhase configurePhase buildPhase;
 
diff --git a/pkgs/test/cuda/cuda-library-samples/default.nix b/pkgs/test/cuda/cuda-library-samples/default.nix
index 501828c9a1f..91095fbd3ac 100644
--- a/pkgs/test/cuda/cuda-library-samples/default.nix
+++ b/pkgs/test/cuda/cuda-library-samples/default.nix
@@ -1,16 +1,20 @@
 { callPackage
 , cudatoolkit_10_1, cudatoolkit_10_2
 , cudatoolkit_11_0, cudatoolkit_11_1, cudatoolkit_11_2
+, cutensor_cudatoolkit_10_1, cutensor_cudatoolkit_10_2
+, cutensor_cudatoolkit_11_0, cutensor_cudatoolkit_11_1, cutensor_cudatoolkit_11_2
 }:
 
 rec {
 
   cuda-library-samples_cudatoolkit_10_1 = callPackage ./generic.nix {
     cudatoolkit = cudatoolkit_10_1;
+    cutensor_cudatoolkit = cutensor_cudatoolkit_10_1;
   };
 
   cuda-library-samples_cudatoolkit_10_2 = callPackage ./generic.nix {
     cudatoolkit = cudatoolkit_10_2;
+    cutensor_cudatoolkit = cutensor_cudatoolkit_10_2;
   };
 
   cuda-library-samples_cudatoolkit_10 =
@@ -20,14 +24,17 @@ rec {
 
   cuda-library-samples_cudatoolkit_11_0 = callPackage ./generic.nix {
     cudatoolkit = cudatoolkit_11_0;
+    cutensor_cudatoolkit = cutensor_cudatoolkit_11_0;
   };
 
   cuda-library-samples_cudatoolkit_11_1 = callPackage ./generic.nix {
     cudatoolkit = cudatoolkit_11_1;
+    cutensor_cudatoolkit = cutensor_cudatoolkit_11_1;
   };
 
   cuda-library-samples_cudatoolkit_11_2 = callPackage ./generic.nix {
     cudatoolkit = cudatoolkit_11_2;
+    cutensor_cudatoolkit = cutensor_cudatoolkit_11_2;
   };
 
   cuda-library-samples_cudatoolkit_11 =
diff --git a/pkgs/test/cuda/cuda-library-samples/generic.nix b/pkgs/test/cuda/cuda-library-samples/generic.nix
index 75d4541d986..f1ce243bfa6 100644
--- a/pkgs/test/cuda/cuda-library-samples/generic.nix
+++ b/pkgs/test/cuda/cuda-library-samples/generic.nix
@@ -1,6 +1,7 @@
 { lib, stdenv, fetchFromGitHub
 , cmake, addOpenGLRunpath
 , cudatoolkit
+, cutensor_cudatoolkit
 }:
 
 let
@@ -29,7 +30,7 @@ let
         cuSPARSE, cuSOLVER, cuFFT, cuRAND, NPP and nvJPEG.
       '';
       license = lib.licenses.bsd3;
-      maintainers = with lib.maintainers; [ obsidian-systems-maintainence ];
+      maintainers = with lib.maintainers; [ obsidian-systems-maintenance ];
     };
   };
 in
@@ -48,4 +49,22 @@ in
 
     sourceRoot = "cuSOLVER/gesv";
   });
+
+  cutensor = stdenv.mkDerivation (commonAttrs // {
+    pname = "cuda-library-samples-cutensor";
+
+    src = "${src}/cuTENSOR";
+
+    cmakeFlags = [
+      "-DCUTENSOR_EXAMPLE_BINARY_INSTALL_DIR=${builtins.placeholder "out"}/bin"
+    ];
+
+    # CUTENSOR_ROOT is double escaped
+    postPatch = ''
+      substituteInPlace CMakeLists.txt \
+        --replace "\''${CUTENSOR_ROOT}/include" "${cutensor_cudatoolkit.dev}/include"
+    '';
+
+    CUTENSOR_ROOT = cutensor_cudatoolkit;
+  });
 }
diff --git a/pkgs/test/cuda/cuda-samples/generic.nix b/pkgs/test/cuda/cuda-samples/generic.nix
index a104f88ad4b..2e3dcc8891f 100644
--- a/pkgs/test/cuda/cuda-samples/generic.nix
+++ b/pkgs/test/cuda/cuda-samples/generic.nix
@@ -46,6 +46,6 @@ stdenv.mkDerivation {
     description = "Samples for CUDA Developers which demonstrates features in CUDA Toolkit";
     # CUDA itself is proprietary, but these sample apps are not.
     license = lib.licenses.bsd3;
-    maintainers = with lib.maintainers; [ obsidian-systems-maintainence ];
+    maintainers = with lib.maintainers; [ obsidian-systems-maintenance ];
   };
 }
diff --git a/pkgs/test/texlive/default.nix b/pkgs/test/texlive/default.nix
index 30d0026c848..7a6affd6cbe 100644
--- a/pkgs/test/texlive/default.nix
+++ b/pkgs/test/texlive/default.nix
@@ -1,4 +1,4 @@
-{ runCommandNoCC, fetchurl, file, texlive }:
+{ runCommandNoCC, fetchurl, file, texlive, writeShellScript }:
 
 {
   chktex = runCommandNoCC "texlive-test-chktex" {
@@ -17,7 +17,7 @@
   '';
 
   # https://github.com/NixOS/nixpkgs/issues/75605
-  dvipng = runCommandNoCC "texlive-test-dvipng" {
+  dvipng.basic = runCommandNoCC "texlive-test-dvipng-basic" {
     nativeBuildInputs = [ file texlive.combined.scheme-medium ];
     input = fetchurl {
       name = "test_dvipng.tex";
@@ -38,6 +38,47 @@
     mv document*.png "$out"/
   '';
 
+  # test dvipng's limited capability to render postscript specials via GS
+  dvipng.ghostscript = runCommandNoCC "texlive-test-ghostscript" {
+    nativeBuildInputs = [ file (with texlive; combine { inherit scheme-small dvipng; }) ];
+    input = builtins.toFile "postscript-sample.tex" ''
+      \documentclass{minimal}
+      \begin{document}
+        Ni
+        \special{ps:
+          newpath
+          0 0 moveto
+          7 7 rlineto
+          0 7 moveto
+          7 -7 rlineto
+          stroke
+          showpage
+        }
+      \end{document}
+    '';
+    gs_trap = writeShellScript "gs_trap.sh" ''
+      exit 1
+    '';
+  } ''
+    cp "$gs_trap" ./gs
+    export PATH=$PWD:$PATH
+    # check that the trap works
+    gs && exit 1
+
+    cp "$input" ./document.tex
+
+    latex document.tex
+    dvipng -T 1in,1in -strict -picky document.dvi
+    for f in document*.png; do
+      file "$f" | tee output
+      grep PNG output
+    done
+
+    mkdir "$out"
+    mv document*.png "$out"/
+  '';
+
+
   # https://github.com/NixOS/nixpkgs/issues/75070
   dvisvgm = runCommandNoCC "texlive-test-dvisvgm" {
     nativeBuildInputs = [ file texlive.combined.scheme-medium ];
diff --git a/pkgs/tools/X11/alttab/default.nix b/pkgs/tools/X11/alttab/default.nix
index 34c17a7b518..591edff2add 100644
--- a/pkgs/tools/X11/alttab/default.nix
+++ b/pkgs/tools/X11/alttab/default.nix
@@ -1,5 +1,5 @@
-{ lib, stdenv, fetchFromGitHub, autoconf, automake, pkg-config, ronn, libpng, uthash
-, xorg }:
+{ lib, stdenv, coreutils, fetchFromGitHub, autoconf, automake, pkg-config, procps, ronn,
+libpng, uthash , which, xnee, xorg, python3Packages }:
 
 stdenv.mkDerivation rec {
   version = "1.6.0";
@@ -35,10 +35,22 @@ stdenv.mkDerivation rec {
 
   enableParallelBuilding = true;
 
+  doCheck = true;
+
+  checkInputs = [
+    coreutils
+    procps
+    python3Packages.xvfbwrapper
+    which
+    xnee
+    xorg.xeyes
+    xorg.xprop
+  ];
+
   meta = with lib; {
     homepage = "https://github.com/sagb/alttab";
     description = "X11 window switcher designed for minimalistic window managers or standalone X11 session";
-    license = licenses.gpl3;
+    license = licenses.gpl3Plus;
     platforms = platforms.all;
     maintainers = [ maintainers.sgraf ];
   };
diff --git a/pkgs/tools/admin/awscli/default.nix b/pkgs/tools/admin/awscli/default.nix
index a110a7cbb57..58d87a033f6 100644
--- a/pkgs/tools/admin/awscli/default.nix
+++ b/pkgs/tools/admin/awscli/default.nix
@@ -28,11 +28,11 @@ let
 in
 with py.pkgs; buildPythonApplication rec {
   pname = "awscli";
-  version = "1.19.29"; # N.B: if you change this, change botocore and boto3 to a matching version too
+  version = "1.19.30"; # N.B: if you change this, change botocore and boto3 to a matching version too
 
   src = fetchPypi {
     inherit pname version;
-    sha256 = "sha256-d4PdFzIJSMJSpQta7JqCRwIkcgfh8XHgBKOEc/95r3w=";
+    sha256 = "sha256-XD0CwBTDUvCTSL7JrcQCAd8zq+Ve0zSDpfz0Vzi8oeM=";
   };
 
   # https://github.com/aws/aws-cli/issues/4837
diff --git a/pkgs/tools/admin/google-cloud-sdk/default.nix b/pkgs/tools/admin/google-cloud-sdk/default.nix
index 1d585514f7e..1d70fa24fb5 100644
--- a/pkgs/tools/admin/google-cloud-sdk/default.nix
+++ b/pkgs/tools/admin/google-cloud-sdk/default.nix
@@ -21,18 +21,18 @@ let
   sources = name: system: {
     x86_64-darwin = {
       url = "${baseUrl}/${name}-darwin-x86_64.tar.gz";
-      sha256 = "sha256-aHFwcynt4xQ0T1J+OTSxgttU9W3VFJAqCwmQSdVg8Fk=";
+      sha256 = "09jhcv0ysq37k06b4rw3f9w33spvkkxx7fydraikm3zzvy28l58x";
     };
 
     x86_64-linux = {
       url = "${baseUrl}/${name}-linux-x86_64.tar.gz";
-      sha256 = "sha256-MfldToK7ZfdWZiZnI1qKI1o/dSiUcysxzUkTYMVZ5u4=";
+      sha256 = "1971fz8cv69y7kvirgw9n0xr7z9b1yyh4y43mg10lvv3glx46xcy";
     };
   }.${system};
 
 in stdenv.mkDerivation rec {
   pname = "google-cloud-sdk";
-  version = "328.0.0";
+  version = "332.0.0";
 
   src = fetchurl (sources "${pname}-${version}" stdenv.hostPlatform.system);
 
@@ -81,7 +81,8 @@ in stdenv.mkDerivation rec {
 
     # setup bash completion
     mkdir -p $out/share/bash-completion/completions
-    mv $out/google-cloud-sdk/completion.bash.inc $out/share/bash-completion/completions/gcloud.inc
+    mv $out/google-cloud-sdk/completion.bash.inc $out/share/bash-completion/completions/gcloud
+    ln -s $out/share/bash-completion/completions/gcloud $out/share/bash-completion/completions/gsutil
 
     # This directory contains compiled mac binaries. We used crcmod from
     # nixpkgs instead.
diff --git a/pkgs/tools/admin/turbovnc/default.nix b/pkgs/tools/admin/turbovnc/default.nix
index 16ae53d25b9..33d248ffde8 100644
--- a/pkgs/tools/admin/turbovnc/default.nix
+++ b/pkgs/tools/admin/turbovnc/default.nix
@@ -1,6 +1,7 @@
 { lib
 , stdenv
 , fetchFromGitHub
+, nixosTests
 
 # Dependencies
 , cmake
@@ -101,6 +102,8 @@ stdenv.mkDerivation rec {
       --prefix PATH : ${lib.makeBinPath [ openssh ]}
   '';
 
+  passthru.tests.turbovnc-headless-server = nixosTests.turbovnc-headless-server;
+
   meta = {
     homepage = "https://turbovnc.org/";
     license = lib.licenses.gpl2Plus;
diff --git a/pkgs/tools/archivers/rpm2targz/default.nix b/pkgs/tools/archivers/rpm2targz/default.nix
new file mode 100644
index 00000000000..ac5b132d7ab
--- /dev/null
+++ b/pkgs/tools/archivers/rpm2targz/default.nix
@@ -0,0 +1,55 @@
+{ bzip2
+, coreutils
+, cpio
+, fetchurl
+, gnutar
+, gzip
+, lib
+, stdenv
+, xz
+, zstd
+}:
+
+let
+  shdeps = [
+    bzip2
+    coreutils
+    cpio
+    gnutar
+    gzip
+    xz
+    zstd
+  ];
+
+in stdenv.mkDerivation rec {
+  pname = "rpm2targz";
+  version = "2021.03.16";
+
+  # git repo: https://gitweb.gentoo.org/proj/rpm2targz.git/
+  src = fetchurl {
+    url = "https://dev.gentoo.org/~vapier/dist/${pname}-${version}.tar.xz";
+    hash = "sha256-rcV+o9V2wWKznqSW2rA8xgnpQ02kpK4te6mYvLRC5vQ=";
+  };
+
+  buildInputs = shdeps;
+
+  postPatch = ''
+    substituteInPlace rpm2targz --replace "=\"rpmoffset\"" "=\"$out/bin/rpmoffset\""
+    # rpm2targz relies on the executable name
+    # to guess what compressor it should use
+    # this is more reliable than wrapProgram
+    sed -i -e '2iexport PATH="${lib.makeBinPath shdeps}"' rpm2targz
+  '';
+
+  preBuild = ''
+    makeFlagsArray+=(prefix=$out)
+  '';
+
+  meta = with lib; {
+    description = "Convert a .rpm file to a .tar.gz archive";
+    homepage = "http://slackware.com/config/packages.php";
+    license = licenses.bsd1;
+    maintainers = with maintainers; [ zseri ];
+    platforms = platforms.all;
+  };
+}
diff --git a/pkgs/tools/audio/essentia-extractor/default.nix b/pkgs/tools/audio/essentia-extractor/default.nix
index a02cca6a3d6..63ebbb0ffc0 100644
--- a/pkgs/tools/audio/essentia-extractor/default.nix
+++ b/pkgs/tools/audio/essentia-extractor/default.nix
@@ -14,13 +14,13 @@ let
 
   arch = arch_table.${stdenv.system};
   sha = sha_table.${stdenv.system};
-in stdenv.mkDerivation rec {
+in
+stdenv.mkDerivation rec {
   pname = "essentia-extractor";
   version = "2.1_beta2";
 
   src = fetchurl {
-    url =
-      "ftp://ftp.acousticbrainz.org/pub/acousticbrainz/essentia-extractor-v${version}-${arch}.tar.gz";
+    url = "ftp://ftp.acousticbrainz.org/pub/acousticbrainz/essentia-extractor-v${version}-${arch}.tar.gz";
     sha256 = sha;
   };
 
diff --git a/pkgs/tools/audio/mpd-mpris/default.nix b/pkgs/tools/audio/mpd-mpris/default.nix
index af4000dfa44..b90ab80befd 100644
--- a/pkgs/tools/audio/mpd-mpris/default.nix
+++ b/pkgs/tools/audio/mpd-mpris/default.nix
@@ -29,6 +29,6 @@ buildGoModule rec {
     homepage = "https://github.com/natsukagami/mpd-mpris";
     license = licenses.mit;
     maintainers = with maintainers; [ doronbehar ];
-    platforms = platforms.linux;
+    platforms = platforms.unix;
   };
 }
diff --git a/pkgs/tools/cd-dvd/cdi2iso/default.nix b/pkgs/tools/cd-dvd/cdi2iso/default.nix
index 9df7ab7657f..26768747a46 100644
--- a/pkgs/tools/cd-dvd/cdi2iso/default.nix
+++ b/pkgs/tools/cd-dvd/cdi2iso/default.nix
@@ -1,4 +1,4 @@
-{lib, stdenv, fetchurl}:
+{ lib, stdenv, fetchurl }:
 
 stdenv.mkDerivation rec {
   pname = "cdi2iso";
@@ -9,9 +9,13 @@ stdenv.mkDerivation rec {
     sha256 = "0fj2fxhpr26z649m0ph71378c41ljflpyk89g87x8r1mc4rbq3kh";
   };
 
+  postPatch = ''
+    substituteInPlace Makefile --replace "gcc" "${stdenv.cc.targetPrefix}cc"
+  '';
+
   installPhase = ''
-    mkdir -p $out/bin/
-    cp cdi2iso $out/bin/
+    mkdir -p $out/bin
+    cp cdi2iso $out/bin
   '';
 
   meta = with lib; {
@@ -19,6 +23,6 @@ stdenv.mkDerivation rec {
     homepage = "https://sourceforge.net/projects/cdi2iso.berlios";
     license = licenses.gpl2;
     maintainers = with maintainers; [ hrdinka ];
-    platforms = platforms.linux;
+    platforms = platforms.all;
   };
 }
diff --git a/pkgs/tools/compression/dejsonlz4/default.nix b/pkgs/tools/compression/dejsonlz4/default.nix
index 9e6f95aecb8..07b6a5979a4 100644
--- a/pkgs/tools/compression/dejsonlz4/default.nix
+++ b/pkgs/tools/compression/dejsonlz4/default.nix
@@ -10,7 +10,7 @@ stdenv.mkDerivation rec {
     };
 
     buildPhase = ''
-      gcc -Wall -o dejsonlz4 src/dejsonlz4.c src/lz4.c
+      ${stdenv.cc.targetPrefix}cc -o dejsonlz4 src/dejsonlz4.c src/lz4.c
     '';
 
     installPhase = ''
@@ -23,6 +23,6 @@ stdenv.mkDerivation rec {
       homepage = "https://github.com/avih/dejsonlz4";
       license = licenses.bsd2;
       maintainers = with maintainers; [ mt-caret ];
-      platforms = platforms.linux;
+      platforms = platforms.all;
     };
   }
diff --git a/pkgs/tools/compression/zdelta/builder.sh b/pkgs/tools/compression/zdelta/builder.sh
deleted file mode 100644
index 03db413181d..00000000000
--- a/pkgs/tools/compression/zdelta/builder.sh
+++ /dev/null
@@ -1,8 +0,0 @@
-source $stdenv/setup
-
-installPhase() {
-    mkdir -p $out/bin
-    cp -p zdc zdu $out/bin
-}
-
-genericBuild
diff --git a/pkgs/tools/compression/zdelta/default.nix b/pkgs/tools/compression/zdelta/default.nix
index 46760c91306..b30a43f33c1 100644
--- a/pkgs/tools/compression/zdelta/default.nix
+++ b/pkgs/tools/compression/zdelta/default.nix
@@ -1,16 +1,24 @@
-{lib, stdenv, fetchurl}:
+{ lib, stdenv, fetchurl }:
 
 stdenv.mkDerivation rec {
-  name = "zdelta-2.1";
-  builder = ./builder.sh;
+  pname = "zdelta";
+  version = "2.1";
+
   src = fetchurl {
-    url = "${meta.homepage}/downloads/${name}.tar.gz";
-    sha256 = "0k6y0r9kv5qiglnr2j4a0yvfynjkvm0pyv8ly28j0pr3w6rbxrh3";
+    url = "https://web.archive.org/web/20160316212948/http://cis.poly.edu/zdelta/downloads/zdelta-2.1.tar.gz";
+    sha256 = "sha256-WiQKWxJkINIwRBcdiuVLMDiupQ8gOsiXOEZvHDa5iFg=";
   };
 
+  makeFlags = [ "CC=${stdenv.cc.targetPrefix}cc" ];
+
+  installPhase = ''
+    mkdir -p $out/bin
+    cp -p zdc zdu $out/bin
+  '';
+
   meta = with lib; {
-    homepage = "http://cis.poly.edu/zdelta";
-    platforms = platforms.linux;
+    homepage = "https://web.archive.org/web/20160316212948/http://cis.poly.edu/zdelta/";
+    platforms = platforms.all;
     license = licenses.zlib;
   };
 }
diff --git a/pkgs/tools/filesystems/catcli/default.nix b/pkgs/tools/filesystems/catcli/default.nix
index 1552505701d..be9349daa27 100644
--- a/pkgs/tools/filesystems/catcli/default.nix
+++ b/pkgs/tools/filesystems/catcli/default.nix
@@ -25,6 +25,6 @@ buildPythonApplication rec {
     homepage = "https://github.com/deadc0de6/catcli";
     license = licenses.gpl3;
     maintainers = with maintainers; [ petersjt014 ];
-    platforms = platforms.linux;
+    platforms = platforms.all;
   };
 }
diff --git a/pkgs/tools/filesystems/cpcfs/default.nix b/pkgs/tools/filesystems/cpcfs/default.nix
index 2aa63208e00..a439e29358f 100644
--- a/pkgs/tools/filesystems/cpcfs/default.nix
+++ b/pkgs/tools/filesystems/cpcfs/default.nix
@@ -36,6 +36,6 @@ stdenv.mkDerivation rec {
     homepage = "https://github.com/derikz/cpcfs/" ;
     license = licenses.bsd2;
     maintainers = [ ];
-    platforms = platforms.linux;
+    platforms = platforms.all;
   };
 }
diff --git a/pkgs/tools/filesystems/idsk/default.nix b/pkgs/tools/filesystems/idsk/default.nix
index 12a0af7ea4d..0b7ae339053 100644
--- a/pkgs/tools/filesystems/idsk/default.nix
+++ b/pkgs/tools/filesystems/idsk/default.nix
@@ -24,6 +24,6 @@ stdenv.mkDerivation rec {
     homepage = "https://github.com/cpcsdk/idsk" ;
     license = licenses.mit;
     maintainers = [ ];
-    platforms = platforms.linux;
+    platforms = platforms.all;
   };
 }
diff --git a/pkgs/tools/graphics/epstool/default.nix b/pkgs/tools/graphics/epstool/default.nix
index 8052434ff0b..6910f458a17 100644
--- a/pkgs/tools/graphics/epstool/default.nix
+++ b/pkgs/tools/graphics/epstool/default.nix
@@ -9,6 +9,12 @@ stdenv.mkDerivation rec {
     sha256 = "1pfgqbipwk36clhma2k365jkpvyy75ahswn8jczzys382jalpwgk";
   };
 
+  makeFlags = [
+    "CC=${stdenv.cc.targetPrefix}cc"
+    "CLINK=${stdenv.cc.targetPrefix}cc"
+    "LINK=${stdenv.cc.targetPrefix}cc"
+  ];
+
   installPhase = ''
     make EPSTOOL_ROOT=$out install
   '';
@@ -20,6 +26,6 @@ stdenv.mkDerivation rec {
     homepage = "http://pages.cs.wisc.edu/~ghost/gsview/epstool.htm";
     license = licenses.gpl2;
     maintainers = [ maintainers.asppsa ];
-    platforms = platforms.linux;
+    platforms = platforms.all;
   };
 }
diff --git a/pkgs/tools/graphics/graphviz/base.nix b/pkgs/tools/graphics/graphviz/base.nix
index 6c9a8471051..977886e90ec 100644
--- a/pkgs/tools/graphics/graphviz/base.nix
+++ b/pkgs/tools/graphics/graphviz/base.nix
@@ -2,9 +2,7 @@
 
 { lib, stdenv, fetchFromGitLab, autoreconfHook, pkg-config, cairo, expat, flex
 , fontconfig, gd, gettext, gts, libdevil, libjpeg, libpng, libtool, pango
-, yacc, fetchpatch, xorg ? null, ApplicationServices ? null }:
-
-assert stdenv.isDarwin -> ApplicationServices != null;
+, yacc, fetchpatch, xorg ? null, ApplicationServices }:
 
 let
   inherit (lib) optional optionals optionalString;
diff --git a/pkgs/tools/graphics/imgurbash2/default.nix b/pkgs/tools/graphics/imgurbash2/default.nix
index 8b79e3373a6..30848d7d0dc 100644
--- a/pkgs/tools/graphics/imgurbash2/default.nix
+++ b/pkgs/tools/graphics/imgurbash2/default.nix
@@ -24,7 +24,7 @@ stdenv.mkDerivation rec {
   meta = with lib; {
     description = "A shell script that uploads images to imgur";
     license = licenses.mit;
-    platforms = platforms.linux;
+    platforms = platforms.all;
     maintainers = with maintainers; [ abbradar ];
     homepage = "https://github.com/ram-on/imgurbash2";
   };
diff --git a/pkgs/tools/graphics/spirv-cross/default.nix b/pkgs/tools/graphics/spirv-cross/default.nix
index cb5a37527bf..19359698f02 100644
--- a/pkgs/tools/graphics/spirv-cross/default.nix
+++ b/pkgs/tools/graphics/spirv-cross/default.nix
@@ -17,7 +17,7 @@ stdenv.mkDerivation rec {
     description = "A tool designed for parsing and converting SPIR-V to other shader languages";
     homepage = "https://github.com/KhronosGroup/SPIRV-Cross";
     changelog = "https://github.com/KhronosGroup/SPIRV-Cross/releases/tag/${version}";
-    platforms = platforms.linux;
+    platforms = platforms.all;
     license = licenses.asl20;
     maintainers = with maintainers; [ Flakebi ];
   };
diff --git a/pkgs/tools/misc/abduco/default.nix b/pkgs/tools/misc/abduco/default.nix
index dbba2193b14..9493df1c66c 100644
--- a/pkgs/tools/misc/abduco/default.nix
+++ b/pkgs/tools/misc/abduco/default.nix
@@ -1,23 +1,23 @@
 { lib, stdenv, fetchFromGitHub, writeText, conf ? null }:
 
-with lib;
-
 stdenv.mkDerivation rec {
-  name = "abduco-2018-05-16";
+  pname = "abduco";
+  version = "2020-04-30";
 
   src = fetchFromGitHub {
     owner = "martanne";
     repo = "abduco";
-    rev = "8f80aa8044d7ecf0e43a0294a09007d056b20e4c";
-    sha256 = "0wqcif633nbgnznn46j0sng9l0wncppw1x1c42f75b4p9hrph203";
+    rev = "8c32909a159aaa9484c82b71f05b7a73321eb491";
+    sha256 = "0a3p8xljhpk7zh203s75248blfir15smgw5jmszwbmdpy4mqzd53";
   };
 
-  configFile = optionalString (conf!=null) (writeText "config.def.h" conf);
-  preBuild = optionalString (conf!=null) "cp ${configFile} config.def.h";
+  preBuild = lib.optionalString (conf != null)
+    "cp ${writeText "config.def.h" conf} config.def.h";
 
+  installFlags = [ "install-completion" ];
   CFLAGS = lib.optionalString stdenv.isDarwin "-D_DARWIN_C_SOURCE";
 
-  meta = {
+  meta = with lib; {
     homepage = "http://brain-dump.org/projects/abduco";
     license = licenses.isc;
     description = "Allows programs to be run independently from its controlling terminal";
diff --git a/pkgs/tools/misc/apparix/default.nix b/pkgs/tools/misc/apparix/default.nix
index 7d8de2c1436..d446a2cf0af 100644
--- a/pkgs/tools/misc/apparix/default.nix
+++ b/pkgs/tools/misc/apparix/default.nix
@@ -15,6 +15,6 @@ stdenv.mkDerivation rec {
     description = "Add directory bookmarks, distant listing, and distant editing to the command line";
     maintainers = with maintainers; [ lethalman ];
     license = licenses.gpl2;
-    platforms = platforms.linux;
+    platforms = platforms.all;
   };
 }
diff --git a/pkgs/tools/misc/bash_unit/default.nix b/pkgs/tools/misc/bash_unit/default.nix
index 2fd93cb33b9..7541281eeb6 100644
--- a/pkgs/tools/misc/bash_unit/default.nix
+++ b/pkgs/tools/misc/bash_unit/default.nix
@@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
   meta = with lib; {
     description = "Bash unit testing enterprise edition framework for professionals";
     maintainers = with maintainers; [ pamplemousse ];
-    platforms = platforms.linux;
+    platforms = platforms.all;
     license = licenses.gpl3Plus;
   };
 }
diff --git a/pkgs/tools/misc/bbe/default.nix b/pkgs/tools/misc/bbe/default.nix
index fb62b8be894..5cd7326d7b1 100644
--- a/pkgs/tools/misc/bbe/default.nix
+++ b/pkgs/tools/misc/bbe/default.nix
@@ -16,7 +16,7 @@ stdenv.mkDerivation rec {
     description = "A sed-like editor for binary files";
     homepage = "http://bbe-.sourceforge.net/";
     license = licenses.gpl2Plus;
-    platforms = platforms.linux;
+    platforms = platforms.all;
     maintainers = [ maintainers.hhm ];
   };
 }
diff --git a/pkgs/tools/misc/bcunit/default.nix b/pkgs/tools/misc/bcunit/default.nix
index bc3bbc8276d..099ae294bec 100644
--- a/pkgs/tools/misc/bcunit/default.nix
+++ b/pkgs/tools/misc/bcunit/default.nix
@@ -25,6 +25,6 @@ stdenv.mkDerivation rec {
     homepage = "https://gitlab.linphone.org/BC/public/bcunit";
     license = licenses.lgpl2Plus;
     maintainers = with maintainers; [ raskin jluttine ];
-    platforms = platforms.linux;
+    platforms = platforms.all;
   };
 }
diff --git a/pkgs/tools/misc/execline/default.nix b/pkgs/tools/misc/execline/default.nix
index 887671b4899..705a8a554c1 100644
--- a/pkgs/tools/misc/execline/default.nix
+++ b/pkgs/tools/misc/execline/default.nix
@@ -4,8 +4,8 @@ with skawarePackages;
 
 buildPackage {
   pname = "execline";
-  version = "2.7.0.0";
-  sha256 = "0kl74yix60msgw8k3shhp9ymm80n91yxxqckixj5qbbhmylpnpqd";
+  version = "2.8.0.0";
+  sha256 = "0vbn4pdazy6x6213vn42k0khcij5bvkbrcfg7nw6inhf8154nx77";
 
   description = "A small scripting language, to be used in place of a shell in non-interactive scripts";
 
diff --git a/pkgs/tools/misc/fdtools/default.nix b/pkgs/tools/misc/fdtools/default.nix
index d096f903bd1..2a2f44d8182 100644
--- a/pkgs/tools/misc/fdtools/default.nix
+++ b/pkgs/tools/misc/fdtools/default.nix
@@ -23,6 +23,9 @@ in stdenv.mkDerivation {
     sed -e 's|gcc|$CC|' \
       conf-compile/defaults/host_link.sh \
       > conf-compile/host_link.sh
+    sed -e 's|gcc|$CC|' \
+      conf-compile/defaults/host_compile.sh \
+      > conf-compile/host_compile.sh
 
     echo "${skawarePackages.skalibs.lib}/lib/skalibs/sysdeps" \
       > conf-compile/depend_skalibs_sysdeps
diff --git a/pkgs/tools/misc/git-fire/default.nix b/pkgs/tools/misc/git-fire/default.nix
index bba1bd65a54..15dc34cd526 100644
--- a/pkgs/tools/misc/git-fire/default.nix
+++ b/pkgs/tools/misc/git-fire/default.nix
@@ -23,7 +23,7 @@ stdenv.mkDerivation {
     '';
     homepage = "https://github.com/qw3rtman/git-fire";
     license = licenses.mit;
-    platforms = platforms.linux;
+    platforms = platforms.all;
     maintainers = [ maintainers.swflint ];
   };
 }
diff --git a/pkgs/tools/misc/ministat/default.nix b/pkgs/tools/misc/ministat/default.nix
index 68670599c1e..0cd3ff3a5c1 100644
--- a/pkgs/tools/misc/ministat/default.nix
+++ b/pkgs/tools/misc/ministat/default.nix
@@ -26,6 +26,6 @@ stdenv.mkDerivation rec {
     homepage = "https://git.decadent.org.uk/gitweb/?p=ministat.git";
     license = licenses.beerware;
     maintainers = [ maintainers.dezgeg ];
-    platforms = platforms.linux;
+    platforms = platforms.all;
   };
 }
diff --git a/pkgs/tools/misc/nncp/default.nix b/pkgs/tools/misc/nncp/default.nix
index 4469f130b58..4c03172d9af 100644
--- a/pkgs/tools/misc/nncp/default.nix
+++ b/pkgs/tools/misc/nncp/default.nix
@@ -1,6 +1,7 @@
 { lib, stdenv
 , go
 , fetchurl
+, redo-apenwarr
 , curl
 , perl
 , genericUpdater
@@ -9,24 +10,33 @@
 
 stdenv.mkDerivation rec {
   pname = "nncp";
-  version = "5.3.3";
+  version = "6.2.0";
 
   src = fetchurl {
     url = "http://www.nncpgo.org/download/${pname}-${version}.tar.xz";
-    sha256 = "1l35ndzrvpfim29jn1p0bwmc8w892z44nsrdnay28k229r9dhz3h";
+    sha256 = "1zj0v82zqigcxhpc50mvafvi1ihs92ck35vjfrwb7wzzd7nysb17";
   };
 
-  nativeBuildInputs = [ go ];
+  nativeBuildInputs = [ go redo-apenwarr ];
 
-  preConfigure = ''
+  buildPhase = ''
+    runHook preBuild
     export GOCACHE=$PWD/.cache
+    export CFGPATH=/etc/nncp.hjson
+    export SENDMAIL=sendmail # default value for generated config file
+    redo ''${enableParallelBuilding:+-j''${NIX_BUILD_CORES}}
+    runHook postBuild
   '';
 
-  makeFlags = [
-    "PREFIX=${placeholder "out"}"
-    "CFGPATH=/etc/nncp.hjson"
-    "SENDMAIL=/run/wrappers/bin/sendmail"
-  ];
+  installPhase = ''
+    runHook preInstall
+    export PREFIX=$out
+    rm -f INSTALL # work around case insensitivity
+    redo install
+    runHook postInstall
+  '';
+
+  enableParallelBuilding = true;
 
   passthru.updateScript = genericUpdater {
     inherit pname version;
@@ -54,7 +64,7 @@ stdenv.mkDerivation rec {
       transmission exists.
     '';
     homepage = "http://www.nncpgo.org/";
-    license = licenses.gpl3;
+    license = licenses.gpl3Only;
     platforms = platforms.all;
     maintainers = [ maintainers.woffs ];
   };
diff --git a/pkgs/tools/misc/partition-manager/default.nix b/pkgs/tools/misc/partition-manager/default.nix
index 845c0fec921..064590ef979 100644
--- a/pkgs/tools/misc/partition-manager/default.nix
+++ b/pkgs/tools/misc/partition-manager/default.nix
@@ -1,30 +1,66 @@
-{ mkDerivation, fetchurl, lib
+{ mkDerivation, fetchurl, lib, makeWrapper
 , extra-cmake-modules, kdoctools, wrapGAppsHook, wrapQtAppsHook
 , kconfig, kcrash, kinit, kpmcore
-, eject, libatasmart , util-linux, qtbase
+, cryptsetup, lvm2, mdadm, smartmontools, systemdMinimal, util-linux
+, btrfs-progs, dosfstools, e2fsprogs, exfat, f2fs-tools, fatresize, hfsprogs
+, jfsutils, nilfs-utils, ntfs3g, reiser4progs, reiserfsprogs, udftools, xfsprogs, zfs
 }:
 
 let
-  pname = "partitionmanager";
+  # External programs are resolved by `partition-manager` and then
+  # invoked by `kpmcore_externalcommand` from `kpmcore` as root.
+  # So these packages should be in PATH of `partition-manager`.
+  # https://github.com/KDE/kpmcore/blob/06f15334ecfbe871730a90dbe2b694ba060ee998/src/util/externalcommand_whitelist.h
+  runtimeDeps = lib.makeBinPath [
+    cryptsetup
+    lvm2
+    mdadm
+    smartmontools
+    systemdMinimal
+    util-linux
+
+    btrfs-progs
+    dosfstools
+    e2fsprogs
+    exfat
+    f2fs-tools
+    fatresize
+    hfsprogs
+    jfsutils
+    nilfs-utils
+    ntfs3g
+    reiser4progs
+    reiserfsprogs
+    udftools
+    xfsprogs
+    zfs
+
+    # FIXME: Missing command: tune.exfat hfsck hformat fsck.nilfs2 {fsck,mkfs,debugfs,tunefs}.ocfs2
+  ];
+
 in mkDerivation rec {
-  name = "${pname}-${version}";
-  version = "3.3.1";
+  pname = "partitionmanager";
+  # NOTE: When changing this version, also change the version of `kpmcore`.
+  version = "4.2.0";
 
   src = fetchurl {
-    url = "mirror://kde/stable/${pname}/${version}/src/${name}.tar.xz";
-    sha256 = "0jhggb4xksb0k0mj752n6pz0xmccnbzlp984xydqbz3hkigra1si";
+    url = "mirror://kde/stable/${pname}/${version}/src/${pname}-${version}.tar.xz";
+    hash = "sha256-6Qlt1c47Eek6TkWWBzTyBZYJ1jfhtwsC9X5q5h6IhPg=";
   };
 
-  nativeBuildInputs = [ extra-cmake-modules kdoctools wrapGAppsHook wrapQtAppsHook ];
+  nativeBuildInputs = [ extra-cmake-modules kdoctools wrapGAppsHook wrapQtAppsHook makeWrapper ];
 
-  # refer to kpmcore for the use of eject
-  buildInputs = [ eject libatasmart util-linux ];
   propagatedBuildInputs = [ kconfig kcrash kinit kpmcore ];
 
+  postFixup = ''
+    wrapProgram $out/bin/partitionmanager \
+      --prefix PATH : "${runtimeDeps}"
+  '';
+
   meta = with lib; {
     description = "KDE Partition Manager";
-    license = licenses.gpl2;
+    license = with licenses; [ cc-by-40 cc0 gpl3Plus lgpl3Plus mit ];
     homepage = "https://www.kde.org/applications/system/kdepartitionmanager/";
-    maintainers = with maintainers; [ peterhoeg ];
+    maintainers = with maintainers; [ peterhoeg oxalica ];
   };
 }
diff --git a/pkgs/tools/misc/sfeed/default.nix b/pkgs/tools/misc/sfeed/default.nix
index 57e49c88745..93ef69ea2ea 100644
--- a/pkgs/tools/misc/sfeed/default.nix
+++ b/pkgs/tools/misc/sfeed/default.nix
@@ -27,6 +27,6 @@ stdenv.mkDerivation rec {
     '';
     license = licenses.isc;
     maintainers = [ maintainers.matthiasbeyer ];
-    platforms = platforms.linux;
+    platforms = platforms.all;
   };
 }
diff --git a/pkgs/tools/misc/tea/default.nix b/pkgs/tools/misc/tea/default.nix
new file mode 100644
index 00000000000..06e54559db9
--- /dev/null
+++ b/pkgs/tools/misc/tea/default.nix
@@ -0,0 +1,21 @@
+{ lib, buildGoModule, fetchgit }:
+
+buildGoModule rec {
+  pname = "tea";
+  version = "0.7.0";
+
+  src = fetchgit {
+    url = "https://gitea.com/gitea/tea";
+    rev = "v${version}";
+    sha256 = "sha256-Kq+A6YELfBJ04t7pPnX8Ulh4NSMFn3AHggplLD9J8MY=";
+  };
+
+  vendorSha256 = null;
+
+  meta = with lib; {
+    description = "Gitea official CLI client";
+    homepage    = "https://gitea.com/gitea/tea";
+    license     = licenses.mit;
+    maintainers = [ maintainers.j4m3s ];
+  };
+}
diff --git a/pkgs/tools/misc/usbview/default.nix b/pkgs/tools/misc/usbview/default.nix
new file mode 100644
index 00000000000..2f417ea86de
--- /dev/null
+++ b/pkgs/tools/misc/usbview/default.nix
@@ -0,0 +1,36 @@
+{ lib
+, stdenv
+, fetchFromGitHub
+, autoreconfHook
+, pkg-config
+, gtk3
+}:
+
+stdenv.mkDerivation rec {
+  pname = "usbview";
+  version = "2.0";
+
+  src = fetchFromGitHub {
+    owner = "gregkh";
+    repo = "usbview";
+    rev = "v${version}";
+    sha256 = "1cw5jjpidjn34rxdjslpdlj99k4dqaq1kz6mplv5hgjdddijvn5p";
+  };
+
+  nativeBuildInputs = [
+    autoreconfHook
+    pkg-config
+  ];
+
+  buildInputs = [
+    gtk3
+  ];
+
+  meta = with lib; {
+    description = "USB viewer for Linux";
+    license = licenses.gpl2Only;
+    homepage = "http://www.kroah.com/linux-usb/";
+    maintainers = with maintainers; [ shamilton ];
+    platforms = platforms.linux;
+  };
+}
diff --git a/pkgs/tools/misc/vimer/default.nix b/pkgs/tools/misc/vimer/default.nix
index 1fbb85f0751..bbab2d64bb0 100644
--- a/pkgs/tools/misc/vimer/default.nix
+++ b/pkgs/tools/misc/vimer/default.nix
@@ -25,7 +25,7 @@ stdenv.mkDerivation rec {
     '';
     license = licenses.mit;
     maintainers = [ maintainers.matthiasbeyer ];
-    platforms = platforms.linux;
+    platforms = platforms.all;
   };
 
 }
diff --git a/pkgs/tools/misc/youtube-dl/default.nix b/pkgs/tools/misc/youtube-dl/default.nix
index 96a4b8e7fee..fc3b52878b5 100644
--- a/pkgs/tools/misc/youtube-dl/default.nix
+++ b/pkgs/tools/misc/youtube-dl/default.nix
@@ -18,11 +18,11 @@ buildPythonPackage rec {
   # The websites youtube-dl deals with are a very moving target. That means that
   # downloads break constantly. Because of that, updates should always be backported
   # to the latest stable release.
-  version = "2021.03.03";
+  version = "2021.03.14";
 
   src = fetchurl {
     url = "https://yt-dl.org/downloads/${version}/${pname}-${version}.tar.gz";
-    sha256 = "11z2v8mdii0bl13850mc6hgz80d0kgzb4hdxyikc3wa4jqfwrq7f";
+    sha256 = "1bh74f9q6dv17ah5x8zcxw03dq6jbh959xd39kw374cf9ifrgnd3";
   };
 
   nativeBuildInputs = [ installShellFiles makeWrapper ];
diff --git a/pkgs/tools/networking/altermime/default.nix b/pkgs/tools/networking/altermime/default.nix
index c28df461459..703af40864a 100644
--- a/pkgs/tools/networking/altermime/default.nix
+++ b/pkgs/tools/networking/altermime/default.nix
@@ -1,12 +1,11 @@
-{ lib, stdenv, fetchurl }:
+{ lib, gccStdenv, fetchurl }:
 
-stdenv.mkDerivation rec {
-  baseName = "altermime";
-  name = "${baseName}-${version}";
+gccStdenv.mkDerivation rec {
+  pname = "altermime";
   version = "0.3.11";
 
   src = fetchurl {
-    url = "https://pldaniels.com/${baseName}/${name}.tar.gz";
+    url = "https://pldaniels.com/${pname}/${pname}-${version}.tar.gz";
     sha256 = "15zxg6spcmd35r6xbidq2fgcg2nzyv1sbbqds08lzll70mqx4pj7";
   };
 
@@ -19,14 +18,14 @@ stdenv.mkDerivation rec {
   ];
 
   postPatch = ''
-    sed -i Makefile -e "s@/usr/local@$out@"
-    mkdir -p "$out/bin"
+    mkdir -p $out/bin
+    substituteInPlace Makefile --replace "/usr/local" "$out"
   '';
 
   meta = with lib; {
     description = "MIME alteration tool";
     maintainers = [ maintainers.raskin ];
-    platforms = platforms.linux;
+    platforms = platforms.all;
     license.fullName = "alterMIME LICENSE";
     downloadPage = "https://pldaniels.com/altermime/";
   };
diff --git a/pkgs/tools/networking/assh/default.nix b/pkgs/tools/networking/assh/default.nix
index 3995fc295d1..7a7bb0ab517 100644
--- a/pkgs/tools/networking/assh/default.nix
+++ b/pkgs/tools/networking/assh/default.nix
@@ -2,13 +2,13 @@
 
 buildGoModule rec {
   pname = "assh";
-  version = "2.11.0";
+  version = "2.11.3";
 
   src = fetchFromGitHub {
     repo = "advanced-ssh-config";
     owner = "moul";
     rev = "v${version}";
-    sha256 = "sha256-/StB5yee9sbkebuJt6JDI+bp52NG0bBhprzmdepL+ek=";
+    sha256 = "sha256-NH7Dmqsu7uRhKWGFHBnh5GGqsNFOijDxsc+ATt28jtY=";
   };
 
   vendorSha256 = "sha256-6OAsO7zWAgPfQWD9k+nYH7hnDDUlKIjTB61ivvoubn0=";
diff --git a/pkgs/tools/networking/dd-agent/5.nix b/pkgs/tools/networking/dd-agent/5.nix
index c220f24046f..55d31f7adf5 100644
--- a/pkgs/tools/networking/dd-agent/5.nix
+++ b/pkgs/tools/networking/dd-agent/5.nix
@@ -19,10 +19,9 @@ let
           requests
           websocket_client
           ipaddress
-          backports_ssl_match_hostname
           docker_pycreds
           uptime
-        ];
+        ] ++ lib.optionals (self.pythonOlder "3.7") [ backports_ssl_match_hostname ];
 
         # due to flake8
         doCheck = false;
diff --git a/pkgs/tools/networking/dhcping/default.nix b/pkgs/tools/networking/dhcping/default.nix
index d4255d46096..f1f8cd8b5e4 100644
--- a/pkgs/tools/networking/dhcping/default.nix
+++ b/pkgs/tools/networking/dhcping/default.nix
@@ -27,6 +27,6 @@ stdenv.mkDerivation rec {
     '';
     homepage = "http://www.mavetju.org/unix/general.php";
     license = licenses.bsd2;
-    platforms = platforms.linux;
+    platforms = platforms.unix;
   };
 }
diff --git a/pkgs/tools/networking/httperf/default.nix b/pkgs/tools/networking/httperf/default.nix
index f5c888dc4bb..ea567f10d48 100644
--- a/pkgs/tools/networking/httperf/default.nix
+++ b/pkgs/tools/networking/httperf/default.nix
@@ -31,7 +31,7 @@ stdenv.mkDerivation rec {
     homepage = "https://github.com/httperf/httperf";
     maintainers = with maintainers; [ nand0p ];
     license = licenses.gpl2;
-    platforms = platforms.linux;
+    platforms = platforms.all;
   };
 
 }
diff --git a/pkgs/tools/networking/kapp/default.nix b/pkgs/tools/networking/kapp/default.nix
index dfb64134871..2ff2fd8daec 100644
--- a/pkgs/tools/networking/kapp/default.nix
+++ b/pkgs/tools/networking/kapp/default.nix
@@ -1,4 +1,4 @@
-{ lib, buildGoModule, fetchFromGitHub }:
+{ lib, buildGoModule, fetchFromGitHub, installShellFiles }:
 buildGoModule rec {
   pname = "kapp";
   version = "0.36.0";
@@ -14,6 +14,15 @@ buildGoModule rec {
 
   subPackages = [ "cmd/kapp" ];
 
+  nativeBuildInputs = [ installShellFiles ];
+
+  postInstall = ''
+    for shell in bash fish zsh; do
+      $out/bin/kapp completion $shell > kapp.$shell
+      installShellCompletion kapp.$shell
+    done
+  '';
+
   meta = with lib; {
     description = "CLI tool that encourages Kubernetes users to manage bulk resources with an application abstraction for grouping";
     homepage = "https://get-kapp.io";
diff --git a/pkgs/tools/networking/openvpn/default.nix b/pkgs/tools/networking/openvpn/default.nix
index 3337a5bbb7d..dd5fa9cbed8 100644
--- a/pkgs/tools/networking/openvpn/default.nix
+++ b/pkgs/tools/networking/openvpn/default.nix
@@ -3,20 +3,17 @@
 , pkg-config
 , makeWrapper
 , runtimeShell
-, iproute ? null
+, iproute
 , lzo
 , openssl
 , pam
 , useSystemd ? stdenv.isLinux
-, systemd ? null
-, util-linux ? null
+, systemd
+, util-linux
 , pkcs11Support ? false
-, pkcs11helper ? null
+, pkcs11helper
 }:
 
-assert useSystemd -> (systemd != null);
-assert pkcs11Support -> (pkcs11helper != null);
-
 with lib;
 let
   # Check if the script needs to have other binaries wrapped when changing this.
diff --git a/pkgs/tools/networking/s6-networking/default.nix b/pkgs/tools/networking/s6-networking/default.nix
index e7dd075df13..6159201bac8 100644
--- a/pkgs/tools/networking/s6-networking/default.nix
+++ b/pkgs/tools/networking/s6-networking/default.nix
@@ -19,8 +19,8 @@ assert sslSupportEnabled -> sslLibs ? ${sslSupport};
 
 buildPackage {
   pname = "s6-networking";
-  version = "2.4.0.0";
-  sha256 = "1yqykwfl5jnkxgr6skfj5kzd896pknij0hi5m7lj0r18jpfs5zgq";
+  version = "2.4.1.0";
+  sha256 = "023wnayv1gddklnsh3qv7i5jfy2fisbp24wa0nzjg0nfq3p807yc";
 
   description = "A suite of small networking utilities for Unix systems";
 
diff --git a/pkgs/tools/networking/v2ray/default.nix b/pkgs/tools/networking/v2ray/default.nix
index 852cd23360c..7515105948f 100644
--- a/pkgs/tools/networking/v2ray/default.nix
+++ b/pkgs/tools/networking/v2ray/default.nix
@@ -3,22 +3,22 @@
 }:
 
 let
-  version = "4.35.1";
+  version = "4.36.2";
 
   src = fetchFromGitHub {
     owner = "v2fly";
     repo = "v2ray-core";
     rev = "v${version}";
-    sha256 = "07fih1hnnv1a4aj6sb63408vqf10bgk74lhqqv63lvm7gaz73srd";
+    sha256 = "1gvzr4kq4klld8m0jv6mizgrx3xj6s2i69kl9vmh5n355bakb7kk";
   };
 
-  vendorSha256 = "sha256-+kI9p0lu4PbLe6jhWqTfRYXHFOOrKmY36LzdcQT9BWw=";
+  vendorSha256 = "sha256-8O0xUNIdu3W//LtwiMZlSs1wkpa6Jt+vFkTavz6TBKU=";
 
   assets = {
     # MIT licensed
     "geoip.dat" = let
-      geoipRev = "202103080146";
-      geoipSha256 = "1qwmz5fxqqxcjw5jm9dvgpmbin2q69j9wdx4xv3pm8fc47wzx8w5";
+      geoipRev = "202103170314";
+      geoipSha256 = "147kajdhby92yxsvcpa6bpk11ilzvc4nj7rc0h84wp2f0y692kq2";
     in fetchurl {
       url = "https://github.com/v2fly/geoip/releases/download/${geoipRev}/geoip.dat";
       sha256 = geoipSha256;
@@ -26,8 +26,8 @@ let
 
     # MIT licensed
     "geosite.dat" = let
-      geositeRev = "20210308021214";
-      geositeSha256 = "1fp787wlzdjn2gxx4zmqrqqzqcq4xd10pqx8q919fag0kkzdm23s";
+      geositeRev = "20210317031429";
+      geositeSha256 = "0nzd0ll0x7hv75cbh1i3kgmffasi002a8n3mjw22zywj71v2jwmz";
     in fetchurl {
       url = "https://github.com/v2fly/domain-list-community/releases/download/${geositeRev}/dlc.dat";
       sha256 = geositeSha256;
diff --git a/pkgs/tools/networking/v2ray/update.sh b/pkgs/tools/networking/v2ray/update.sh
index 3b3a9de7385..f645b8ea093 100755
--- a/pkgs/tools/networking/v2ray/update.sh
+++ b/pkgs/tools/networking/v2ray/update.sh
@@ -65,7 +65,7 @@ vendorSha256=$(
 )
 [[ "$vendorSha256" ]]
 sed --in-place \
-    -e "s/vendorSha256 = \".*\"/vendorSha256 = \"$vendorSha256\"/" \
+    -e "s#vendorSha256 = \".*\"#vendorSha256 = \"$vendorSha256\"#" \
     "$version_nix"
 
 echo "vendorSha256 updated" >&2
diff --git a/pkgs/tools/networking/wireguard-tools/default.nix b/pkgs/tools/networking/wireguard-tools/default.nix
index 687c9d988fb..efb5b5c5b42 100644
--- a/pkgs/tools/networking/wireguard-tools/default.nix
+++ b/pkgs/tools/networking/wireguard-tools/default.nix
@@ -1,16 +1,15 @@
-{ lib, stdenv
+{ lib
+, stdenv
 , fetchzip
 , nixosTests
-, iptables ? null
-, iproute ? null
-, makeWrapper ? null
-, openresolv ? null
-, procps ? null
-, wireguard-go ? null
+, iptables
+, iproute
+, makeWrapper
+, openresolv
+, procps
+, wireguard-go
 }:
 
-with lib;
-
 stdenv.mkDerivation rec {
   pname = "wireguard-tools";
   version = "1.0.20210315";
@@ -37,11 +36,11 @@ stdenv.mkDerivation rec {
   postFixup = ''
     substituteInPlace $out/lib/systemd/system/wg-quick@.service \
       --replace /usr/bin $out/bin
-  '' + optionalString stdenv.isLinux ''
+  '' + lib.optionalString stdenv.isLinux ''
     for f in $out/bin/*; do
-      wrapProgram $f --prefix PATH : ${makeBinPath [procps iproute iptables openresolv]}
+      wrapProgram $f --prefix PATH : ${lib.makeBinPath [ procps iproute iptables openresolv ]}
     done
-  '' + optionalString stdenv.isDarwin ''
+  '' + lib.optionalString stdenv.isDarwin ''
     for f in $out/bin/*; do
       wrapProgram $f --prefix PATH : ${wireguard-go}/bin
     done
@@ -52,7 +51,7 @@ stdenv.mkDerivation rec {
     tests = nixosTests.wireguard;
   };
 
-  meta = {
+  meta = with lib; {
     description = "Tools for the WireGuard secure network tunnel";
     downloadPage = "https://git.zx2c4.com/wireguard-tools/refs/";
     homepage = "https://www.wireguard.com/";
diff --git a/pkgs/tools/package-management/emplace/default.nix b/pkgs/tools/package-management/emplace/default.nix
index 2d901103374..c41ef6836a7 100644
--- a/pkgs/tools/package-management/emplace/default.nix
+++ b/pkgs/tools/package-management/emplace/default.nix
@@ -2,16 +2,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "emplace";
-  version = "1.2.2";
+  version = "1.3.0";
 
   src = fetchFromGitHub {
     owner = "tversteeg";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-68fOJlDuuVFqGHXojN/y0h8kcPwrg7F480UOr5zrjFg=";
+    sha256 = "sha256-02Pn5saPrw1PIFZXVSCgsnvo/78CdT17/rCtS9R9bvU=";
   };
 
-  cargoSha256 = "sha256-KZEtkD/6ygyvkeebdX70vB8n+B7JODWT2h63dUd5CoQ=";
+  cargoSha256 = "sha256-ety50v0jxm45fzzkR9c/rvpJn3mWQUvAOHcHSJTTSd4=";
 
   meta = with lib; {
     description = "Mirror installed software on multiple machines";
diff --git a/pkgs/tools/security/nuclei/default.nix b/pkgs/tools/security/nuclei/default.nix
index 2df24e63d89..dd915a36e47 100644
--- a/pkgs/tools/security/nuclei/default.nix
+++ b/pkgs/tools/security/nuclei/default.nix
@@ -1,25 +1,28 @@
-{ buildGoModule
+{ lib
+, buildGoModule
 , fetchFromGitHub
-, lib
 }:
 
 buildGoModule rec {
   pname = "nuclei";
-  version = "2.2.0";
+  version = "2.3.1";
 
   src = fetchFromGitHub {
     owner = "projectdiscovery";
-    repo = "nuclei";
+    repo = pname;
     rev = "v${version}";
-    sha256 = "0xrvza86aczlnb11x58fiqch5g0q6gvpxwsi5dq3akfi95gk3a3x";
+    sha256 = "sha256-NM/Ggd5MKctQKE0MNawyE+Xciuj9++6DXXkMrrpfkhA=";
   };
 
-  vendorSha256 = "1v3ax8l1lgp2vs50gsa2fhdd6bvyfdlkd118akrqmwxahyyyqycv";
+  vendorSha256 = "sha256-h+MuMfIKXgXzLU6hNMxfPXawic9UZrwzVlzjjRF7X3o=";
 
   preBuild = ''
     mv v2/* .
   '';
 
+  # Test files are not part of the release tarball
+  doCheck = false;
+
   meta = with lib; {
     description = "Tool for configurable targeted scanning";
     longDescription = ''
diff --git a/pkgs/tools/security/pcsclite/default.nix b/pkgs/tools/security/pcsclite/default.nix
index 3d966c575cf..2a75c409305 100644
--- a/pkgs/tools/security/pcsclite/default.nix
+++ b/pkgs/tools/security/pcsclite/default.nix
@@ -1,5 +1,4 @@
-{ lib, stdenv, fetchurl, pkg-config, udev, dbus, perl, python3
-, IOKit ? null }:
+{ lib, stdenv, fetchurl, pkg-config, udev, dbus, perl, python3, IOKit }:
 
 stdenv.mkDerivation rec {
   pname = "pcsclite";
@@ -19,9 +18,9 @@ stdenv.mkDerivation rec {
     "--enable-usbdropdir=/var/lib/pcsc/drivers"
     "--enable-confdir=/etc"
   ] ++ lib.optional stdenv.isLinux
-         "--with-systemdsystemunitdir=\${out}/etc/systemd/system"
-    ++ lib.optional (!stdenv.isLinux)
-         "--disable-libsystemd";
+    "--with-systemdsystemunitdir=\${out}/etc/systemd/system"
+  ++ lib.optional (!stdenv.isLinux)
+    "--disable-libsystemd";
 
   postConfigure = ''
     sed -i -re '/^#define *PCSCLITE_HP_DROPDIR */ {
@@ -35,8 +34,10 @@ stdenv.mkDerivation rec {
   '';
 
   nativeBuildInputs = [ pkg-config perl ];
-  buildInputs = [ python3 ] ++ lib.optionals stdenv.isLinux [ udev dbus ]
-             ++ lib.optionals stdenv.isDarwin [ IOKit ];
+
+  buildInputs = [ python3 ]
+    ++ lib.optionals stdenv.isLinux [ udev dbus ]
+    ++ lib.optionals stdenv.isDarwin [ IOKit ];
 
   meta = with lib; {
     description = "Middleware to access a smart card using SCard API (PC/SC)";
diff --git a/pkgs/tools/security/teler/default.nix b/pkgs/tools/security/teler/default.nix
index f44b7abf523..1c4cba04d56 100644
--- a/pkgs/tools/security/teler/default.nix
+++ b/pkgs/tools/security/teler/default.nix
@@ -5,13 +5,13 @@
 
 buildGoModule rec {
   pname = "teler";
-  version = "1.1.0";
+  version = "1.1.1";
 
   src = fetchFromGitHub {
     owner = "kitabisa";
     repo = "teler";
     rev = "v${version}";
-    sha256 = "sha256-0tx/oyHl6s1mj7NyWMZGCJoSuOeB+BMlBrnGY4IN/i4=";
+    sha256 = "sha256-FZG23j7LUwfJ0dSbU4xW0YyCKJxOjVf1uqkuGlrwnqs=";
   };
 
   vendorSha256 = "sha256-KvUnDInUqFW7FypgsppIBQZKNu6HVsEeHtGwdqYtoys=";
diff --git a/pkgs/tools/security/thc-hydra/default.nix b/pkgs/tools/security/thc-hydra/default.nix
index 88ea30088f5..f60d5374648 100644
--- a/pkgs/tools/security/thc-hydra/default.nix
+++ b/pkgs/tools/security/thc-hydra/default.nix
@@ -3,13 +3,13 @@
 
 stdenv.mkDerivation rec {
   pname = "thc-hydra";
-  version = "9.1";
+  version = "9.2";
 
   src = fetchFromGitHub {
     owner = "vanhauser-thc";
     repo = "thc-hydra";
     rev = "v${version}";
-    sha256 = "1533h9z5jdlazwy0z7ll2753i507wq55by7rm9lh6y59889p0hps";
+    sha256 = "sha256-V9rr5fbJWm0pa+Kp8g95XvLPo/uWcDwyU2goImnIq58=";
   };
 
   postPatch = let
diff --git a/pkgs/tools/system/inxi/default.nix b/pkgs/tools/system/inxi/default.nix
index f1043790ff6..12f2a2ef07c 100644
--- a/pkgs/tools/system/inxi/default.nix
+++ b/pkgs/tools/system/inxi/default.nix
@@ -22,13 +22,13 @@ let
     ++ recommendedDisplayInformationPrograms;
 in stdenv.mkDerivation rec {
   pname = "inxi";
-  version = "3.3.02-1";
+  version = "3.3.03-1";
 
   src = fetchFromGitHub {
     owner = "smxi";
     repo = "inxi";
     rev = version;
-    sha256 = "sha256-hBFOJxmHtlowe/4AnIRnUVHFYPTjnMV6bswayGcoGlA=";
+    sha256 = "sha256-OFjhMlBR1QUYUvpuFATCWZWZp2dop30Iz8qVCIK2UN0=";
   };
 
   nativeBuildInputs = [ makeWrapper ];
diff --git a/pkgs/tools/system/s6/default.nix b/pkgs/tools/system/s6/default.nix
index 75aadbeda8d..16fd1be6339 100644
--- a/pkgs/tools/system/s6/default.nix
+++ b/pkgs/tools/system/s6/default.nix
@@ -4,8 +4,8 @@ with skawarePackages;
 
 buildPackage {
   pname = "s6";
-  version = "2.10.0.0";
-  sha256 = "0xzqrd0m3wjklmw1w3gjw5dcdxnhgvxv2r5wd6m2ismw2jprr9k0";
+  version = "2.10.0.2";
+  sha256 = "08bcrp7ck1l3wmjyzxi3vgk6j0n2jfymxs4rjjw4if40f3lgqfmj";
 
   description = "skarnet.org's small & secure supervision software suite";
 
diff --git a/pkgs/tools/text/dfmt/default.nix b/pkgs/tools/text/dfmt/default.nix
new file mode 100644
index 00000000000..16702bb6966
--- /dev/null
+++ b/pkgs/tools/text/dfmt/default.nix
@@ -0,0 +1,27 @@
+{ lib
+, python3
+}:
+
+let
+  inherit (python3.pkgs)
+    buildPythonApplication
+    fetchPypi
+    pythonOlder;
+in
+buildPythonApplication rec {
+  pname = "dfmt";
+  version = "1.2.0";
+  disabled = pythonOlder "3.7";
+
+  src = fetchPypi {
+    inherit pname version;
+    sha256 = "7af6360ca8d556f1cfe82b97f03b8d1ea5a9d6de1fa3018290c844b6566d9d6e";
+  };
+
+  meta = with lib; {
+    description = "Format paragraphs, comments and doc strings";
+    homepage = "https://github.com/dmerejkowsky/dfmt";
+    license = licenses.bsd3;
+    maintainers = with maintainers; [ cole-h ];
+  };
+}
diff --git a/pkgs/tools/text/m2r/default.nix b/pkgs/tools/text/m2r/default.nix
new file mode 100644
index 00000000000..f6dda712d0b
--- /dev/null
+++ b/pkgs/tools/text/m2r/default.nix
@@ -0,0 +1,32 @@
+{ lib
+, buildPythonApplication
+, fetchFromGitHub
+, docutils
+, mistune
+, pygments
+}:
+
+buildPythonApplication rec {
+  pname = "m2r";
+  version = "0.2.1";
+
+  src = fetchFromGitHub {
+    owner = "miyakogi";
+    repo = pname;
+    rev = "v${version}";
+    hash = "sha256-JNLPEXMoiISh4RnKP+Afj9/PJp9Lrx9UYHsfuGAL7uI=";
+  };
+
+  buildInputs = [
+    docutils
+    mistune
+    pygments
+  ];
+
+  meta = with lib; {
+    homepage = "https://github.com/miyakogi/m2r";
+    description = "Markdown-to-RestructuredText converter";
+    license = licenses.mit;
+    maintainers = with maintainers; [ AndersonTorres ];
+  };
+}
diff --git a/pkgs/tools/text/xml/xmldiff/default.nix b/pkgs/tools/text/xml/xmldiff/default.nix
new file mode 100644
index 00000000000..5814435e111
--- /dev/null
+++ b/pkgs/tools/text/xml/xmldiff/default.nix
@@ -0,0 +1,41 @@
+{ lib
+, buildPythonApplication
+, fetchFromGitHub
+, lxml
+, six
+}:
+
+buildPythonApplication rec {
+  pname = "xmldiff";
+  version = "2.4";
+
+  src = fetchFromGitHub {
+    owner = "Shoobx";
+    repo = pname;
+    rev = version;
+    hash = "sha256-xqudHYfwOce2C0pcFzId0JDIIC6R5bllmVKsH+CvTdE=";
+  };
+
+  buildInputs = [
+    lxml
+    six
+  ];
+
+  meta = with lib; {
+    homepage = "https://xmldiff.readthedocs.io/en/stable/";
+    description = "A library and command line utility for diffing xml";
+    longDescription = ''
+      xmldiff is a library and a command-line utility for making diffs out of
+      XML. This may seem like something that doesn't need a dedicated utility,
+      but change detection in hierarchical data is very different from change
+      detection in flat data. XML type formats are also not only used for
+      computer readable data, it is also often used as a format for hierarchical
+      data that can be rendered into human readable formats. A traditional diff
+      on such a format would tell you line by line the differences, but this
+      would not be be readable by a human. xmldiff provides tools to make human
+      readable diffs in those situations.
+    '';
+    license = licenses.mit;
+    maintainers = with maintainers; [ AndersonTorres ];
+  };
+}
diff --git a/pkgs/tools/typesetting/tex/texlive/bin.nix b/pkgs/tools/typesetting/tex/texlive/bin.nix
index d2858a90885..fb9b748b5d0 100644
--- a/pkgs/tools/typesetting/tex/texlive/bin.nix
+++ b/pkgs/tools/typesetting/tex/texlive/bin.nix
@@ -281,12 +281,9 @@ dvipng = stdenv.mkDerivation {
   configureFlags = common.configureFlags
     ++ [ "--with-system-kpathsea" "--with-gs=yes" "--disable-debug" ];
 
-  enableParallelBuilding = true;
+  GS="${ghostscript}/bin/gs";
 
-  # I didn't manage to hardcode gs location by configureFlags
-  postInstall = ''
-    wrapProgram "$out/bin/dvipng" --prefix PATH : '${ghostscript}/bin'
-  '';
+  enableParallelBuilding = true;
 };
 
 
diff --git a/pkgs/tools/virtualization/xva-img/default.nix b/pkgs/tools/virtualization/xva-img/default.nix
index b4992947657..4fe2e5bbb40 100644
--- a/pkgs/tools/virtualization/xva-img/default.nix
+++ b/pkgs/tools/virtualization/xva-img/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "xva-img";
-  version = "1.4.1";
+  version = "1.4.2";
 
   src = fetchFromGitHub {
     owner = "eriklax";
     repo = "xva-img";
     rev = version;
-    sha256 = "1w3wrbrlgv7h2gdix2rmrmpjyla365kam5621a1aqjzwjqhjkwyq";
+    sha256 = "sha256-QHCKGsHSMT2P64No1IUCjenm1XZMSgEvsJGJOyHFZS8=";
   };
 
   nativeBuildInputs = [ cmake ];
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 83ac8dc302a..14ef0ad7986 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -190,7 +190,10 @@ in
 
   castget = callPackage ../applications/networking/feedreaders/castget { };
 
-  castxml = callPackage ../development/tools/castxml { };
+  castxml = callPackage ../development/tools/castxml {
+    inherit (llvmPackages) clang-unwrapped libclang llvm;
+    inherit (python3Packages) sphinx;
+  };
 
   cen64 = callPackage ../misc/emulators/cen64 { };
 
@@ -1240,6 +1243,8 @@ in
 
   detect-secrets = python3Packages.callPackage ../development/tools/detect-secrets { };
 
+  dfmt = callPackage ../tools/text/dfmt { };
+
   diskonaut = callPackage ../tools/misc/diskonaut { };
 
   diskus = callPackage ../tools/misc/diskus {
@@ -1743,6 +1748,8 @@ in
 
   boringtun = callPackage ../tools/networking/boringtun { };
 
+  bookstack = callPackage ../servers/web-apps/bookstack { };
+
   # Upstream recommends qt5.12 and it doesn't build with qt5.15
   boomerang = libsForQt512.callPackage ../development/tools/boomerang { };
 
@@ -2628,6 +2635,8 @@ in
 
   massren = callPackage ../tools/misc/massren { };
 
+  mat2 = with python3.pkgs; toPythonApplication mat2;
+
   maxcso = callPackage ../tools/archivers/maxcso {};
 
   medusa = callPackage ../tools/security/medusa { };
@@ -3318,6 +3327,8 @@ in
 
   usbsdmux = callPackage ../development/tools/misc/usbsdmux { };
 
+  usbview = callPackage ../tools/misc/usbview { };
+
   anthy = callPackage ../tools/inputmethods/anthy { };
 
   evdevremapkeys = callPackage ../tools/inputmethods/evdevremapkeys { };
@@ -3538,6 +3549,18 @@ in
 
   cudnn = cudnn_cudatoolkit_10;
 
+  cutensorPackages = callPackages ../development/libraries/science/math/cutensor { };
+  inherit (cutensorPackages)
+    cutensor_cudatoolkit_10
+    cutensor_cudatoolkit_10_1
+    cutensor_cudatoolkit_10_2
+    cutensor_cudatoolkit_11
+    cutensor_cudatoolkit_11_0
+    cutensor_cudatoolkit_11_1
+    cutensor_cudatoolkit_11_2;
+
+  cutensor = cutensor_cudatoolkit_10;
+
   curlFull = curl.override {
     idnSupport = true;
     ldapSupport = true;
@@ -3613,7 +3636,8 @@ in
   };
 
   deno = callPackage ../development/web/deno {
-    inherit (darwin.apple_sdk.frameworks) Security CoreServices;
+    inherit (darwin) libobjc;
+    inherit (darwin.apple_sdk.frameworks) Security CoreServices Metal Foundation;
   };
 
   detox = callPackage ../tools/misc/detox { };
@@ -3963,6 +3987,8 @@ in
 
   vorta = libsForQt5.callPackage ../applications/backup/vorta { };
 
+  vowpal-wabbit = callPackage ../applications/science/machine-learning/vowpal-wabbit { };
+
   utahfs = callPackage ../applications/networking/utahfs { };
 
   wakeonlan = callPackage ../tools/networking/wakeonlan { };
@@ -5833,6 +5859,8 @@ in
 
   mcfly = callPackage ../tools/misc/mcfly { };
 
+  m2r = python3Packages.callPackage ../tools/text/m2r { };
+
   mdbook = callPackage ../tools/text/mdbook {
     inherit (darwin.apple_sdk.frameworks) CoreServices;
   };
@@ -7729,6 +7757,8 @@ in
     gperf = gperf_3_0;
   };
 
+  rpm2targz = callPackage ../tools/archivers/rpm2targz { };
+
   rpmextract = callPackage ../tools/archivers/rpmextract { };
 
   rrdtool = callPackage ../tools/misc/rrdtool { };
@@ -8395,6 +8425,8 @@ in
 
   tdns-cli = callPackage ../tools/networking/tdns-cli { };
 
+  tea = callPackage ../tools/misc/tea { };
+
   ted = callPackage ../tools/typesetting/ted { };
 
   teamviewer = libsForQt514.callPackage ../applications/networking/remote/teamviewer { };
@@ -9303,6 +9335,8 @@ in
 
   xml2 = callPackage ../tools/text/xml/xml2 { };
 
+  xmldiff = python3Packages.callPackage ../tools/text/xml/xmldiff { };
+
   xmlformat = callPackage ../tools/text/xml/xmlformat { };
 
   xmlroff = callPackage ../tools/typesetting/xmlroff { };
@@ -9358,6 +9392,8 @@ in
 
   yafaray-core = callPackage ../tools/graphics/yafaray-core { };
 
+  yapf = with python3Packages; toPythonApplication yapf;
+
   yarn = callPackage ../development/tools/yarn  { };
 
   yarn2nix-moretea = callPackage ../development/tools/yarn2nix-moretea/yarn2nix { };
@@ -11052,7 +11088,9 @@ in
   rustracerd = callPackage ../development/tools/rust/racerd {
     inherit (darwin.apple_sdk.frameworks) Security;
   };
-  inherit (callPackage ../development/tools/rust/rust-analyzer { })
+  inherit (callPackage ../development/tools/rust/rust-analyzer {
+    inherit (darwin.apple_sdk.frameworks) CoreServices;
+  })
     rust-analyzer-unwrapped rust-analyzer;
   rust-bindgen = callPackage ../development/tools/rust/bindgen { };
   rust-cbindgen = callPackage ../development/tools/rust/cbindgen {
@@ -12407,7 +12445,7 @@ in
   ffuf = callPackage ../tools/security/ffuf { };
 
   flow = callPackage ../development/tools/analysis/flow {
-    ocamlPackages = ocaml-ng.ocamlPackages_4_07;
+    ocamlPackages = ocaml-ng.ocamlPackages_4_09;
     inherit (darwin.apple_sdk.frameworks) CoreServices;
   };
 
@@ -15678,6 +15716,8 @@ in
 
   libsearpc = callPackage ../development/libraries/libsearpc { };
 
+  libseat = callPackage ../development/libraries/libseat { };
+
   libsigcxx = callPackage ../development/libraries/libsigcxx { };
 
   libsigcxx12 = callPackage ../development/libraries/libsigcxx/1.2.nix { };
@@ -16048,6 +16088,8 @@ in
 
   mdctags = callPackage ../development/tools/misc/mdctags { };
 
+  md4c = callPackage ../development/libraries/md4c { };
+
   mdds = callPackage ../development/libraries/mdds { };
 
   mediastreamer = callPackage ../development/libraries/mediastreamer { };
@@ -16408,11 +16450,12 @@ in
   openvdb = callPackage ../development/libraries/openvdb {};
 
   inherit (callPackages ../development/libraries/libressl { })
-    libressl_3_1;
+    libressl_3_1
+    libressl_3_2;
 
   # Please keep this pointed to the latest version. See also
   # https://discourse.nixos.org/t/nixpkgs-policy-regarding-libraries-available-in-multiple-versions/7026/2
-  libressl = libressl_3_1;
+  libressl = libressl_3_2;
 
   boringssl = callPackage ../development/libraries/boringssl { };
 
@@ -17642,6 +17685,8 @@ in
 
   zziplib = callPackage ../development/libraries/zziplib { };
 
+  glpng = callPackage ../development/libraries/glpng { };
+
   gsignond = callPackage ../development/libraries/gsignond {
     plugins = [];
   };
@@ -23872,6 +23917,8 @@ in
 
   meshlab = libsForQt5.callPackage ../applications/graphics/meshlab { };
 
+  metadata-cleaner = callPackage ../applications/misc/metadata-cleaner { };
+
   metersLv2 = callPackage ../applications/audio/meters_lv2 { };
 
   mhwaveedit = callPackage ../applications/audio/mhwaveedit {
@@ -26851,6 +26898,8 @@ in
 
   chiaki = libsForQt5.callPackage ../games/chiaki { };
 
+  chromium-bsu = callPackage ../games/chromium-bsu { };
+
   chocolateDoom = callPackage ../games/chocolate-doom { };
 
   clonehero-unwrapped = pkgs.callPackage ../games/clonehero { };
diff --git a/pkgs/top-level/kodi-packages.nix b/pkgs/top-level/kodi-packages.nix
new file mode 100644
index 00000000000..f9b20dd2bc7
--- /dev/null
+++ b/pkgs/top-level/kodi-packages.nix
@@ -0,0 +1,113 @@
+{ lib, newScope, kodi }:
+
+with lib;
+
+let self = rec {
+
+  addonDir = "/share/kodi/addons";
+  rel = "Matrix";
+
+  callPackage = newScope self;
+
+  inherit kodi;
+
+  # Convert derivation to a kodi module. Stolen from ../../../top-level/python-packages.nix
+  toKodiAddon = drv: drv.overrideAttrs (oldAttrs: {
+    # Use passthru in order to prevent rebuilds when possible.
+    passthru = (oldAttrs.passthru or {}) // {
+      kodiAddonFor = kodi;
+      requiredKodiAddons = requiredKodiAddons drv.propagatedBuildInputs;
+    };
+  });
+
+  # Check whether a derivation provides a Kodi addon.
+  hasKodiAddon = drv: drv ? kodiAddonFor && drv.kodiAddonFor == kodi;
+
+  # Get list of required Kodi addons given a list of derivations.
+  requiredKodiAddons = drvs:
+    let
+      modules = filter hasKodiAddon drvs;
+    in
+      unique (modules ++ concatLists (catAttrs "requiredKodiAddons" modules));
+
+  # package update scripts
+
+  addonUpdateScript = callPackage ../applications/video/kodi-packages/addon-update-script { };
+
+  # package builders
+
+  buildKodiAddon = callPackage ../applications/video/kodi/build-kodi-addon.nix { };
+
+  buildKodiBinaryAddon = callPackage ../applications/video/kodi/build-kodi-binary-addon.nix { };
+
+  # regular packages
+
+  kodi-platform = callPackage ../applications/video/kodi-packages/kodi-platform { };
+
+  # addon packages
+
+  controllers = {
+    default = callPackage ../applications/video/kodi-packages/controllers { controller = "default"; };
+
+    dreamcast = callPackage ../applications/video/kodi-packages/controllers { controller = "dreamcast"; };
+
+    gba = callPackage ../applications/video/kodi-packages/controllers { controller = "gba"; };
+
+    genesis = callPackage ../applications/video/kodi-packages/controllers { controller = "genesis"; };
+
+    mouse = callPackage ../applications/video/kodi-packages/controllers { controller = "mouse"; };
+
+    n64 = callPackage ../applications/video/kodi-packages/controllers { controller = "n64"; };
+
+    nes = callPackage ../applications/video/kodi-packages/controllers { controller = "nes"; };
+
+    ps = callPackage ../applications/video/kodi-packages/controllers { controller = "ps"; };
+
+    snes = callPackage ../applications/video/kodi-packages/controllers { controller = "snes"; };
+  };
+
+  joystick = callPackage ../applications/video/kodi-packages/joystick { };
+
+  netflix = callPackage ../applications/video/kodi-packages/netflix { };
+
+  svtplay = callPackage ../applications/video/kodi-packages/svtplay { };
+
+  steam-controller = callPackage ../applications/video/kodi-packages/steam-controller { };
+
+  steam-launcher = callPackage ../applications/video/kodi-packages/steam-launcher { };
+
+  pdfreader = callPackage ../applications/video/kodi-packages/pdfreader { };
+
+  pvr-hts = callPackage ../applications/video/kodi-packages/pvr-hts { };
+
+  pvr-hdhomerun = callPackage ../applications/video/kodi-packages/pvr-hdhomerun { };
+
+  pvr-iptvsimple = callPackage ../applications/video/kodi-packages/pvr-iptvsimple { };
+
+  osmc-skin = callPackage ../applications/video/kodi-packages/osmc-skin { };
+
+  vfs-sftp = callPackage ../applications/video/kodi-packages/vfs-sftp { };
+
+  vfs-libarchive = callPackage ../applications/video/kodi-packages/vfs-libarchive { };
+
+  # addon packages (dependencies)
+
+  certifi = callPackage ../applications/video/kodi-packages/certifi { };
+
+  chardet = callPackage ../applications/video/kodi-packages/chardet { };
+
+  idna = callPackage ../applications/video/kodi-packages/idna { };
+
+  inputstream-adaptive = callPackage ../applications/video/kodi-packages/inputstream-adaptive { };
+
+  inputstreamhelper = callPackage ../applications/video/kodi-packages/inputstreamhelper { };
+
+  myconnpy = callPackage ../applications/video/kodi-packages/myconnpy { };
+
+  requests = callPackage ../applications/video/kodi-packages/requests { };
+
+  signals = callPackage ../applications/video/kodi-packages/signals { };
+
+  urllib3 = callPackage ../applications/video/kodi-packages/urllib3 { };
+
+}; in self
diff --git a/pkgs/top-level/ocaml-packages.nix b/pkgs/top-level/ocaml-packages.nix
index a0556ccecb1..fd8165085f0 100644
--- a/pkgs/top-level/ocaml-packages.nix
+++ b/pkgs/top-level/ocaml-packages.nix
@@ -576,6 +576,10 @@ let
 
     lua-ml = callPackage ../development/ocaml-modules/lua-ml { };
 
+    luv = callPackage ../development/ocaml-modules/luv {
+      inherit (pkgs) file;
+    };
+
     lwt = callPackage ../development/ocaml-modules/lwt {
       ocaml-migrate-parsetree = ocaml-migrate-parsetree-2-1;
     };
@@ -925,7 +929,9 @@ let
 
     ppx_bap = callPackage ../development/ocaml-modules/ppx_bap { };
 
-    ppx_bitstring = callPackage ../development/ocaml-modules/bitstring/ppx.nix { };
+    ppx_bitstring = callPackage ../development/ocaml-modules/bitstring/ppx.nix {
+      ppxlib = ppxlib.override { version = "0.22.0"; };
+    };
 
     ppxfind = callPackage ../development/ocaml-modules/ppxfind { };
 
diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix
index 1c2645a6879..2c021c24f29 100644
--- a/pkgs/top-level/perl-packages.nix
+++ b/pkgs/top-level/perl-packages.nix
@@ -8016,6 +8016,7 @@ let
       url = "mirror://cpan/authors/id/L/LE/LEONT/File-Map-0.67.tar.gz";
       sha256 = "1hpv4aprgypjxjx1kzbjnf6r29a98rw7mndlinixzk62vyz5sy0j";
     };
+    perlPreHook = "export LD=$CC";
     propagatedBuildInputs = [ PerlIOLayers SubExporterProgressive ];
     buildInputs = [ TestFatal TestWarnings ];
     meta = {
@@ -9142,10 +9143,6 @@ let
     };
     buildInputs = [ pkgs.gtk3 ];
     propagatedBuildInputs = [ Readonly Gtk3 ];
-    # Tests are broken with PerlMagick and imagemagick version 7 as of 2021-02-22.
-    # See https://github.com/carygravel/gtk3-imageview/issues/19 and
-    # https://github.com/NixOS/nixpkgs/pull/114007#issuecomment-783595659.
-    doCheck = false;
     checkInputs = [ TestDifferences PerlMagick TryTiny TestMockObject CarpAlways pkgs.librsvg ];
     checkPhase = ''
       ${pkgs.xvfb_run}/bin/xvfb-run -s '-screen 0 800x600x24' \
@@ -10883,10 +10880,10 @@ let
 
   JSONValidator = buildPerlPackage {
     pname = "JSON-Validator";
-    version = "4.10";
+    version = "4.14";
     src = fetchurl {
-      url = "mirror://cpan/authors/id/J/JH/JHTHORSEN/JSON-Validator-4.10.tar.gz";
-      sha256 = "15hgjldd85ada8anz5fdrlnixvwqahnvv3hprcvr9jgj3gvx0lww";
+      url = "mirror://cpan/authors/id/J/JH/JHTHORSEN/JSON-Validator-4.14.tar.gz";
+      sha256 = "16zaaw7p94nz7yclz30b9xph0riy5ailqg5rjkvi1yps2hr9ba7z";
     };
     buildInputs = [ TestDeep ];
     propagatedBuildInputs = [ DataValidateDomain DataValidateIP Mojolicious NetIDNEncode YAMLLibYAML ];
@@ -11260,10 +11257,10 @@ let
 
   LinkEmbedder = buildPerlPackage {
     pname = "LinkEmbedder";
-    version = "1.16";
+    version = "1.17";
     src = fetchurl {
-      url = "mirror://cpan/authors/id/J/JH/JHTHORSEN/LinkEmbedder-1.16.tar.gz";
-      sha256 = "0pm5h5rlfparfvsi3ygj53mwjg8lwhql5mj0macfvsvfnfvnnp6j";
+      url = "mirror://cpan/authors/id/J/JH/JHTHORSEN/LinkEmbedder-1.17.tar.gz";
+      sha256 = "10r1q2xfba59w818li5xaj6jlph9qla7vb99ir1ampq5n8g0s5i6";
     };
     buildInputs = [ TestDeep ];
     propagatedBuildInputs = [ Mojolicious ];
@@ -12914,10 +12911,10 @@ let
 
   MinionBackendSQLite = buildPerlModule {
     pname = "Minion-Backend-SQLite";
-    version = "5.0.3";
+    version = "5.0.4";
     src = fetchurl {
-      url = "mirror://cpan/authors/id/D/DB/DBOOK/Minion-Backend-SQLite-v5.0.3.tar.gz";
-      sha256 = "1ch92846cgr1s1y6nlicjxlq9r4qh1a3fig0jlr7ligzw05mxib4";
+      url = "mirror://cpan/authors/id/D/DB/DBOOK/Minion-Backend-SQLite-v5.0.4.tar.gz";
+      sha256 = "0xhcsxm3x5v9azmyy12wiwlbpiisq06hgj3yf9ggqx8fp9jqppb1";
     };
     buildInputs = [ ModuleBuildTiny ];
     propagatedBuildInputs = [ Minion MojoSQLite ];
@@ -13525,10 +13522,10 @@ let
 
   Mojolicious = buildPerlPackage {
     pname = "Mojolicious";
-    version = "8.71";
+    version = "9.10";
     src = fetchurl {
-      url = "mirror://cpan/authors/id/S/SR/SRI/Mojolicious-8.71.tar.gz";
-      sha256 = "03bfxzq11v6k47axdwqhp2d3p1z17nwyxj0yww5z3x293p6zsnqm";
+      url = "mirror://cpan/authors/id/S/SR/SRI/Mojolicious-9.10.tar.gz";
+      sha256 = "0y4ccy85vh7nily2y1c457f687qc8rwi4mnx13619hslkagw4rqw";
     };
     meta = {
       homepage = "https://mojolicious.org";
@@ -13540,10 +13537,10 @@ let
 
   MojoliciousPluginAssetPack = buildPerlPackage {
     pname = "Mojolicious-Plugin-AssetPack";
-    version = "2.10";
+    version = "2.13";
     src = fetchurl {
-      url = "mirror://cpan/authors/id/J/JH/JHTHORSEN/Mojolicious-Plugin-AssetPack-2.10.tar.gz";
-      sha256 = "0jfspr0mrb8f9p89d01ri7ci0dazrg341sbyd1khppxxwviip378";
+      url = "mirror://cpan/authors/id/S/SR/SRI/Mojolicious-Plugin-AssetPack-2.13.tar.gz";
+      sha256 = "1254yy70c7wv3p64pjyxc2h1p9czs65jm6lzl42qmn1x19i8fggj";
     };
     propagatedBuildInputs = [ FileWhich IPCRun3 Mojolicious ];
     meta = {
@@ -13587,10 +13584,10 @@ let
 
   MojoliciousPluginOpenAPI = buildPerlPackage {
     pname = "Mojolicious-Plugin-OpenAPI";
-    version = "3.40";
+    version = "4.00";
     src = fetchurl {
-      url = "mirror://cpan/authors/id/J/JH/JHTHORSEN/Mojolicious-Plugin-OpenAPI-3.40.tar.gz";
-      sha256 = "0pj2azis2xfqcy04j0734hsfq3v60wympzpvsgfhmj0w66mb238y";
+      url = "mirror://cpan/authors/id/J/JH/JHTHORSEN/Mojolicious-Plugin-OpenAPI-4.00.tar.gz";
+      sha256 = "1npnbygs12d683m5i6cgvdmw6glvppnv75f4qpp908fdz8lwcb2z";
     };
     propagatedBuildInputs = [ JSONValidator ];
     meta = {
@@ -13683,10 +13680,10 @@ let
 
   MojoSQLite = buildPerlModule {
     pname = "Mojo-SQLite";
-    version = "3.004";
+    version = "3.005";
     src = fetchurl {
-      url = "mirror://cpan/authors/id/D/DB/DBOOK/Mojo-SQLite-3.004.tar.gz";
-      sha256 = "d9ca9c1f3e8183611638e318b88ad3c0f8ab7e65f6ac72e48bffe51aea03b983";
+      url = "mirror://cpan/authors/id/D/DB/DBOOK/Mojo-SQLite-3.005.tar.gz";
+      sha256 = "0appzyhr5adzdfxns31lj568hz18bkmxmcv7fpafrx67b98cpza1";
     };
     buildInputs = [ ModuleBuildTiny ];
     propagatedBuildInputs = [ DBDSQLite Mojolicious SQLAbstract URIdb ];
@@ -13715,6 +13712,23 @@ let
     };
   };
 
+  MojoIOLoopDelay = buildPerlModule {
+    pname = "Mojo-IOLoop-Delay";
+    version = "8.76";
+    src = fetchurl {
+      url = "mirror://cpan/authors/id/J/JB/JBERGER/Mojo-IOLoop-Delay-8.76.tar.gz";
+      sha256 = "1vd9s1r82wfxh8y1g2ninsyvzkawx7n6ncll8lhdj89p91hw1jwf";
+    };
+    buildInputs = [ ModuleBuildTiny ];
+    propagatedBuildInputs = [ Mojolicious ];
+    meta = {
+      homepage = "https://github.com/jberger/Mojo-IOLoop-Delay";
+      description = "(DISCOURAGED) Promises/A+ and flow-control helpers";
+      license = lib.licenses.artistic2;
+      maintainers = [ maintainers.zakame ];
+    };
+  };
+
   MojoIOLoopForkCall = buildPerlModule {
     pname = "Mojo-IOLoop-ForkCall";
     version = "0.20";
@@ -13722,10 +13736,17 @@ let
       url = "mirror://cpan/authors/id/J/JB/JBERGER/Mojo-IOLoop-ForkCall-0.20.tar.gz";
       sha256 = "2b9962244c25a71e4757356fb3e1237cf869e26d1c27215115ba7b057a81f1a6";
     };
-    propagatedBuildInputs = [ IOPipely Mojolicious ];
+    propagatedBuildInputs = [ IOPipely Mojolicious MojoIOLoopDelay ];
+    preBuild = ''
+      # This module needs the deprecated Mojo::IOLoop::Delay
+      substituteInPlace lib/Mojo/IOLoop/ForkCall.pm \
+        --replace "use Mojo::IOLoop;" "use Mojo::IOLoop; use Mojo::IOLoop::Delay;"
+    '';
     meta = {
-      description = "Run blocking functions asynchronously by forking";
+      homepage = "https://github.com/jberger/Mojo-IOLoop-ForkCall";
+      description = "Run blocking functions asynchronously by forking (deprecated)";
       license = with lib.licenses; [ artistic1 gpl1Plus ];
+      maintainers = [ maintainers.zakame ];
     };
   };
 
@@ -13765,10 +13786,10 @@ let
 
   MojoUserAgentCached = buildPerlPackage {
     pname = "Mojo-UserAgent-Cached";
-    version = "1.12";
+    version = "1.16";
     src = fetchurl {
-      url = "mirror://cpan/authors/id/N/NI/NICOMEN/Mojo-UserAgent-Cached-1.12.tar.gz";
-      sha256 = "08pa3sz63sq2y3g3lbhy2msbnx0myb2igmmc28cm3kaznryvsgwm";
+      url = "mirror://cpan/authors/id/N/NI/NICOMEN/Mojo-UserAgent-Cached-1.16.tar.gz";
+      sha256 = "17gp1kn97s1wv973w0g92alx13lmcvdan794471sfq2is6s6v1qd";
     };
     buildInputs = [ ModuleInstall ];
     propagatedBuildInputs = [ AlgorithmLCSS CHI DataSerializer DevelStackTrace Mojolicious Readonly StringTruncate ];
@@ -15912,10 +15933,10 @@ let
 
   OpenAPIClient = buildPerlPackage rec {
     pname = "OpenAPI-Client";
-    version = "0.25";
+    version = "1.00";
     src = fetchurl {
-      url = "mirror://cpan/authors/id/J/JH/JHTHORSEN/OpenAPI-Client-0.25.tar.gz";
-      sha256 = "bc6be443c9c44348899fd595e080abe53760ae7561d63615a2f9b9f0a943336c";
+      url = "mirror://cpan/authors/id/J/JH/JHTHORSEN/OpenAPI-Client-1.00.tar.gz";
+      sha256 = "41bcf211c1123fbfb844413aa53f97061410b592591367b61273a206865991f7";
     };
     propagatedBuildInputs = [ MojoliciousPluginOpenAPI ];
     meta = {
@@ -16755,6 +16776,11 @@ let
     preConfigure =
       ''
         sed -i -e 's|my \$INC_magick = .*|my $INC_magick = "-I${pkgs.imagemagick.dev}/include/ImageMagick";|' Makefile.PL
+
+        # Enable HDRI support to match the native ImageMagick 7 defaults
+        # See: https://github.com/ImageMagick/ImageMagick/issues/3402#issuecomment-801195538
+        substituteInPlace Makefile.PL \
+          --replace 'MAGICKCORE_HDRI_ENABLE=0' 'MAGICKCORE_HDRI_ENABLE=1'
       '';
   };
 
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 2c65295c097..95d942a64f1 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -328,6 +328,8 @@ in {
 
   ajpy = callPackage ../development/python-modules/ajpy { };
 
+  ajsonrpc = callPackage ../development/python-modules/ajsonrpc { };
+
   alabaster = callPackage ../development/python-modules/alabaster { };
 
   alarmdecoder = callPackage ../development/python-modules/alarmdecoder { };
@@ -1589,6 +1591,7 @@ in {
     cudatoolkit = pkgs.cudatoolkit_10_0;
     cudnn = pkgs.cudnn_cudatoolkit_10_0;
     nccl = pkgs.nccl_cudatoolkit_10;
+    cutensor = pkgs.cutensor_cudatoolkit_10;
   };
 
   curio = callPackage ../development/python-modules/curio { };
@@ -4112,6 +4115,8 @@ in {
 
   mask-rcnn = callPackage ../development/python-modules/mask-rcnn { };
 
+  mat2 = callPackage ../development/python-modules/mat2 { };
+
   matchpy = callPackage ../development/python-modules/matchpy { };
 
   mathlibtools = callPackage ../development/python-modules/mathlibtools { };
@@ -8953,6 +8958,8 @@ in {
 
   yt = callPackage ../development/python-modules/yt { };
 
+  ytmusicapi = callPackage ../development/python-modules/ytmusicapi { };
+
   yubico-client = callPackage ../development/python-modules/yubico-client { };
 
   z3c-checkversions = callPackage ../development/python-modules/z3c-checkversions { };