156 files changed, 2806 insertions, 853 deletions

diff --git a/lib/default.nix b/lib/default.nix
index dea82ee077e..033269e6b60 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -22,6 +22,8 @@ let
 in
   { inherit trivial lists strings stringsWithDeps attrsets sources options
       properties modules types meta debug maintainers licenses platforms systems;
+    # Pull in some builtins not included elsewhere.
+    inherit (builtins) pathExists readFile;
   }
   # !!! don't include everything at top-level; perhaps only the most
   # commonly used functions.
diff --git a/lib/licenses.nix b/lib/licenses.nix
index 55517c5e1e5..b13a72f3f64 100644
--- a/lib/licenses.nix
+++ b/lib/licenses.nix
@@ -186,6 +186,12 @@
     url = http://www.mozilla.org/MPL/MPL-1.1.html;
   };
 
+  mpl20 = {
+    shortName = "MPL2.0";
+    fullName = "Mozilla Public License version 2.0";
+    url = https://www.mozilla.org/MPL/2.0;
+  };
+
   openssl = {
     shortName = "openssl";
     fullName = "OpenSSL license";
diff --git a/lib/lists.nix b/lib/lists.nix
index 578686ae366..262a529b2b6 100644
--- a/lib/lists.nix
+++ b/lib/lists.nix
@@ -1,14 +1,14 @@
 # General list operations.
 let
+
   inherit (import ./trivial.nix) deepSeq;
 
   inc = builtins.add 1;
 
   dec = n: builtins.sub n 1;
 
-  inherit (builtins) elemAt;
 in rec {
-  inherit (builtins) head tail length isList add sub lessThan;
+  inherit (builtins) head tail length isList add sub lessThan elemAt;
 
 
   # Create a list consisting of a single element.  `singleton x' is
diff --git a/lib/misc.nix b/lib/misc.nix
index 19e5081009d..c128b9af9d8 100644
--- a/lib/misc.nix
+++ b/lib/misc.nix
@@ -206,9 +206,7 @@ rec {
     in
       work startSet [] [];
 
-  genericClosure =
-    if builtins ? genericClosure then builtins.genericClosure
-    else lazyGenericClosure;
+  genericClosure = builtins.genericClosure or lazyGenericClosure;
 
   innerModifySumArgs = f: x: a: b: if b == null then (f a b) // x else 
         innerModifySumArgs f x (a // b);
diff --git a/lib/modules.nix b/lib/modules.nix
index acd10e7bf57..f914947e784 100644
--- a/lib/modules.nix
+++ b/lib/modules.nix
@@ -185,8 +185,7 @@ rec {
     ) funs;
 
 
-  moduleMerge = path: modules:
-    let modules_ = modules; in
+  moduleMerge = path: modules_:
     let
       addName = name:
         if path == "" then name else path + "." + name;
diff --git a/lib/options.nix b/lib/options.nix
index a91115287e4..b6a88008bb7 100644
--- a/lib/options.nix
+++ b/lib/options.nix
@@ -11,10 +11,7 @@ with import ./properties.nix;
 
 rec {
 
-  inherit (lib) isType;
-  
-
-  isOption = isType "option";
+  isOption = lib.isType "option";
   mkOption = attrs: attrs // {
     _type = "option";
     # name (this is the name of the attributem it is automatically generated by the traversal)
@@ -66,7 +63,7 @@ rec {
               if all opt.check list then
                 opt.merge list
               else
-                throw "One of option ${name} values has a bad type.";
+                throw "A value of the option `${name}' has a bad type.";
           }
         else opt;
 
@@ -77,7 +74,7 @@ rec {
               if opt.check opt.default then
                 opt.default
               else
-                throw "The default value of option ${name} has a bad type.";
+                throw "The default value of the option `${name}' has a bad type.";
           }
         else opt;
 
@@ -275,6 +272,8 @@ rec {
             description = opt.description or (throw "Option ${opt.name}: No description.");
             declarations = map (x: toString x.source) opt.declarations;
             #definitions = map (x: toString x.source) opt.definitions;
+            internal = opt.internal or false;
+            visible = opt.visible or true;
           }
           // optionalAttrs (opt ? example) { example = scrubOptionValue opt.example; }
           // optionalAttrs (opt ? default) { default = scrubOptionValue opt.default; }
diff --git a/nixos/.topmsg b/nixos/.topmsg
new file mode 100644
index 00000000000..9632e592631
--- /dev/null
+++ b/nixos/.topmsg
@@ -0,0 +1 @@
+improvements to vsftpd module
diff --git a/nixos/doc/manual/configuration.xml b/nixos/doc/manual/configuration.xml
index e93c49d1cce..b0b1da71184 100644
--- a/nixos/doc/manual/configuration.xml
+++ b/nixos/doc/manual/configuration.xml
@@ -13,6 +13,15 @@ effect after you run <command>nixos-rebuild</command>.</para>
 
 <!--===============================================================-->
 
+<section xml:id="sec-configuration-syntax"><title>Configuration syntax</title>
+
+<para>TODO</para>
+
+</section>
+
+
+<!--===============================================================-->
+
 <section><title>Package management</title>
 
 <para>This section describes how to add additional packages to your
diff --git a/nixos/doc/manual/default.nix b/nixos/doc/manual/default.nix
index 56ad652c60e..db3245fcc07 100644
--- a/nixos/doc/manual/default.nix
+++ b/nixos/doc/manual/default.nix
@@ -1,22 +1,37 @@
 { pkgs, options
-# revision can have multiple values: local, HEAD or any revision number.
-, revision ? "HEAD"
+, revision ? "master"
 }:
 
 with pkgs.lib;
 
 let
 
-  # To prevent infinite recursion, remove system.path from the
-  # options.  Not sure why this happens.
-  options_ =
-    options //
-    { system = removeAttrs options.system ["path"]; };
+  # Remove invisible and internal options.
+  options' = filter (opt: opt.visible && !opt.internal) (optionAttrSetToDocList options);
 
-  optionsXML = builtins.toFile "options.xml" (builtins.unsafeDiscardStringContext
-    (builtins.toXML (optionAttrSetToDocList options_)));
+  # Clean up declaration sites to not refer to the NixOS source tree.
+  options'' = flip map options' (opt: opt // {
+    declarations = map (fn: stripPrefix fn) opt.declarations;
+  });
+
+  prefix = toString pkgs.path;
+
+  stripPrefix = fn:
+    if substring 0 (stringLength prefix) fn == prefix then
+      substring (add (stringLength prefix) 1) 1000 fn
+    else
+      fn;
+
+  optionsXML = builtins.toFile "options.xml" (builtins.unsafeDiscardStringContext (builtins.toXML options''));
 
   optionsDocBook = pkgs.runCommand "options-db.xml" {} ''
+    if grep /nixpkgs/nixos/modules ${optionsXML}; then
+      echo "The manual appears to depend on the location of Nixpkgs, which is bad"
+      echo "since this prevents sharing via the NixOS channel.  This is typically"
+      echo "caused by an option default that refers to a relative path (see above"
+      echo "for hints about the offending path)."
+      exit 1
+    fi
     ${pkgs.libxslt}/bin/xsltproc \
       --stringparam revision '${revision}' \
       -o $out ${./options-to-docbook.xsl} ${optionsXML}
@@ -64,9 +79,12 @@ in rec {
 
       cp ${./style.css} $dst/style.css
 
-      ensureDir $out/nix-support
+      mkdir -p $out/nix-support
+      echo "nix-build out $out" >> $out/nix-support/hydra-build-products
       echo "doc manual $dst manual.html" >> $out/nix-support/hydra-build-products
     ''; # */
+
+    meta.description = "The NixOS manual in HTML format";
   };
 
   # Generate the NixOS manpages.
@@ -87,7 +105,7 @@ in rec {
         ./man-pages.xml
 
       # Generate manpages.
-      ensureDir $out/share/man
+      mkdir -p $out/share/man
       xsltproc --nonet --xinclude \
         --param man.output.in.separate.dir 1 \
         --param man.output.base.dir "'$out/share/man/'" \
diff --git a/nixos/doc/manual/installation.xml b/nixos/doc/manual/installation.xml
index 3068fa5cb94..d274cfc6908 100644
--- a/nixos/doc/manual/installation.xml
+++ b/nixos/doc/manual/installation.xml
@@ -44,7 +44,7 @@ Wiki</link>.</para>
   <listitem><para>The NixOS manual is available on virtual console 8
   (press Alt+F8 to access).</para></listitem>
 
-  <listitem><para>Login as <literal>root</literal>, empty
+  <listitem><para>Login as <literal>root</literal> and the empty
   password.</para></listitem>
 
   <listitem><para>If you downloaded the graphical ISO image, you can
@@ -89,7 +89,13 @@ $ lvcreate --size 1G --name smalldisk MyVolGroup</screen>
   </para></listitem>
 
   <listitem><para>Mount the target file system on which NixOS should
-  be installed on <filename>/mnt</filename>.</para></listitem>
+  be installed on <filename>/mnt</filename>, e.g.
+
+<screen>
+$ mount /dev/disk/by-label/nixos /mnt
+</screen>
+
+  </para></listitem>
 
   <listitem>
 
@@ -97,40 +103,56 @@ $ lvcreate --size 1G --name smalldisk MyVolGroup</screen>
     <filename>/mnt/etc/nixos/configuration.nix</filename> that
     specifies the intended configuration of the system.  This is
     because NixOS has a <emphasis>declarative</emphasis> configuration
-    model: you create or edit a description of the configuration that
-    you want to be built and activated, and then NixOS takes care of
-    realising that configuration.  The command
-    <command>nixos-option</command> can generate an initial
-    configuration file for you:
+    model: you create or edit a description of the desired
+    configuration of your system, and then NixOS takes care of making
+    it happen.  The syntax of the NixOS configuration file is
+    described in <xref linkend="sec-configuration-syntax"/>, while a
+    list of available configuration options appears in <xref
+    linkend="ch-options"/>.  A minimal example is shown in <xref
+    linkend="ex-config"/>.</para>
 
-<screen>
-$ nixos-option --install</screen>
+    <para>The command <command>nixos-generate-config</command> can
+    generate an initial configuration file for you:
 
-    It tries to figure out the kernel modules necessary for mounting
-    the root device, as well as various other hardware
-    characteristics.  However, it doesn’t try to figure out the
-    <option>fileSystems</option> option yet.</para>
+<screen>
+$ nixos-generate-config --root /mnt</screen>
 
-    <para>You should edit
+    You should then edit
     <filename>/mnt/etc/nixos/configuration.nix</filename> to suit your
-    needs.  The text editors <command>nano</command> and
-    <command>vim</command> are available.</para>
-
-    <para>You need to specify a root file system in
-    <option>fileSystems</option> and the target device for the Grub boot
-    loader in <option>boot.loader.grub.device</option>.  See
-    <xref linkend="ch-options"/> for a list of the available configuration
-    options.</para>
-
-    <note><para>It is very important that you specify in the option
-    <option>boot.initrd.kernelModules</option> all kernel modules that
-    are necessary for mounting the root file system, otherwise the
-    installed system will not be able to boot.  (If this happens, boot
-    from the CD again, mount the target file system on
+    needs:
+
+<screen>
+$ nano /mnt/etc/nixos/configuration.nix
+</screen>
+
+    The <command>vim</command> text editor is also available.</para>
+
+    <para>You <emphasis>must</emphasis> set the option
+    <option>boot.loader.grub.device</option> to specify on which disk
+    the GRUB boot loader is to be installed.  Without it, NixOS cannot
+    boot.</para>
+
+    <para>Another critical option is <option>fileSystems</option>,
+    specifying the file systems that need to be mounted by NixOS.
+    However, you typically don’t need to set it yourself, because
+    <command>nixos-generate-config</command> sets it automatically in
+    <filename>/mnt/etc/nixos/hardware-configuration.nix</filename>
+    from your currently mounted file systems.  (The configuration file
+    <filename>hardware-configuration.nix</filename> is included from
+    <filename>configuration.nix</filename> and will be overwritten by
+    future invocations of <command>nixos-generate-config</command>;
+    thus, you generally should not modify it.)</para>
+
+    <note><para>Depending on your hardware configuration or type of
+    file system, you may need to set the option
+    <option>boot.initrd.kernelModules</option> to include the kernel
+    modules that are necessary for mounting the root file system,
+    otherwise the installed system will not be able to boot.  (If this
+    happens, boot from the CD again, mount the target file system on
     <filename>/mnt</filename>, fix
     <filename>/mnt/etc/nixos/configuration.nix</filename> and rerun
     <filename>nixos-install</filename>.)  In most cases,
-    <command>nixos-option --install</command> will figure out the
+    <command>nixos-generate-config</command> will figure out the
     required modules.</para></note>
 
     <para>Examples of real-world NixOS configuration files can be
@@ -218,7 +240,7 @@ $ fdisk /dev/sda <lineannotation>(or whatever device you want to install on)</li
 $ mkfs.ext4 -L nixos /dev/sda1 <lineannotation>(idem)</lineannotation>
 $ mkswap -L swap /dev/sda2 <lineannotation>(idem)</lineannotation>
 $ mount LABEL=nixos /mnt
-$ nixos-option --install
+$ nixos-generate-config
 $ nano /mnt/etc/nixos/configuration.nix
 <lineannotation>(in particular, set the fileSystems and swapDevices options)</lineannotation>
 $ nixos-install
@@ -228,8 +250,16 @@ $ reboot</screen>
 <example xml:id='ex-config'><title>NixOS configuration</title>
 <screen>
 {
+  imports =
+    [ # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+    ];
+
   boot.loader.grub.device = "/dev/sda";
 
+  # Note: setting fileSystems and swapDevices is generally not
+  # necessary, since nixos-generate-config has set them automatically
+  # in hardware-configuration.nix.
   fileSystems."/".device = "/dev/disk/by-label/nixos";
 
   swapDevices =
diff --git a/nixos/doc/manual/man-nixos-generate-config.xml b/nixos/doc/manual/man-nixos-generate-config.xml
index ff69d8d9170..e4fba4a40a9 100644
--- a/nixos/doc/manual/man-nixos-generate-config.xml
+++ b/nixos/doc/manual/man-nixos-generate-config.xml
@@ -110,6 +110,23 @@
     </listitem>
   </varlistentry>
 
+  <varlistentry>
+    <term><option>--no-filesystems</option></term>
+    <listitem>
+      <para>Omit everything concerning file system information
+      (which includes swap devices) from the hardware configuration.</para>
+    </listitem>
+  </varlistentry>
+
+  <varlistentry>
+    <term><option>--show-hardware-config</option></term>
+    <listitem>
+      <para>Don't generate <filename>configuration.nix</filename> or
+      <filename>hardware-configuration.nix</filename> and print the
+      hardware configuration to stdout only.</para>
+    </listitem>
+  </varlistentry>
+
 </variablelist>
 
 </refsection>
diff --git a/nixos/doc/manual/manual.xml b/nixos/doc/manual/manual.xml
index 7d6634bf093..dfbd865b505 100644
--- a/nixos/doc/manual/manual.xml
+++ b/nixos/doc/manual/manual.xml
@@ -42,7 +42,7 @@
     xlink:href="irc://irc.freenode.net/#nixos">
     <literal>#nixos</literal> channel on Freenode</link>.  Bugs should
     be reported in <link
-    xlink:href="https://github.com/NixOS/nixos/issues">NixOS’ GitHub
+    xlink:href="https://github.com/NixOS/nixpkgs/issues">NixOS’ GitHub
     issue tracker</link>.</para>
 
   </preface>
@@ -55,7 +55,7 @@
   <xi:include href="troubleshooting.xml" />
   <xi:include href="development.xml" />
   <chapter xml:id="ch-options">
-    <title>List of Options</title>
+    <title>List of options</title>
     <xi:include href="options-db.xml" />
   </chapter>
 
diff --git a/nixos/doc/manual/options-to-docbook.xsl b/nixos/doc/manual/options-to-docbook.xsl
index adc6c93c722..73c905fbca1 100644
--- a/nixos/doc/manual/options-to-docbook.xsl
+++ b/nixos/doc/manual/options-to-docbook.xsl
@@ -125,6 +125,11 @@
   </xsl:template>
 
 
+  <xsl:template match="attrs[attr[@name = '_type' and string[@value = 'literalExample']]]">
+    <xsl:value-of select="attr[@name = 'text']/string/@value" />
+  </xsl:template>
+
+
   <xsl:template match="attrs">
     {
     <xsl:for-each select="attr">
@@ -155,8 +160,15 @@
           repository (if it’s a module and we have a revision number),
           or to the local filesystem. -->
           <xsl:choose>
-            <xsl:when test="$revision != 'local' and contains(@value, '/modules/')">
-              <xsl:attribute name="xlink:href">https://github.com/NixOS/nixos/blob/<xsl:value-of select="$revision"/>/modules/<xsl:value-of select="substring-after(@value, '/modules/')"/></xsl:attribute>
+            <xsl:when test="not(starts-with(@value, '/'))">
+              <xsl:choose>
+                <xsl:when test="$revision = 'local'">
+                  <xsl:attribute name="xlink:href">https://github.com/NixOS/nixpkgs/blob/master/<xsl:value-of select="@value"/></xsl:attribute>
+                </xsl:when>
+                <xsl:otherwise>
+                  <xsl:attribute name="xlink:href">https://github.com/NixOS/nixpkgs/blob/<xsl:value-of select="$revision"/>/<xsl:value-of select="@value"/></xsl:attribute>
+                </xsl:otherwise>
+              </xsl:choose>
             </xsl:when>
             <xsl:when test="$revision != 'local' and contains(@value, 'nixops') and contains(@value, '/nix/')">
               <xsl:attribute name="xlink:href">https://github.com/NixOS/nixops/blob/<xsl:value-of select="$revision"/>/nix/<xsl:value-of select="substring-after(@value, '/nix/')"/></xsl:attribute>
@@ -169,8 +181,8 @@
           /nix/store/<hash> prefix by the default location of nixos
           sources. -->
           <xsl:choose>
-            <xsl:when test="contains(@value, '/modules/')">
-              &lt;nixos/modules/<xsl:value-of select="substring-after(@value, '/modules/')"/>&gt;
+            <xsl:when test="not(starts-with(@value, '/'))">
+              &lt;nixpkgs/<xsl:value-of select="@value"/>&gt;
             </xsl:when>
             <xsl:when test="contains(@value, 'nixops') and contains(@value, '/nix/')">
               &lt;nixops/<xsl:value-of select="substring-after(@value, '/nix/')"/>&gt;
diff --git a/nixos/lib/eval-config.nix b/nixos/lib/eval-config.nix
index 72ba66cdbac..cd543c958ff 100644
--- a/nixos/lib/eval-config.nix
+++ b/nixos/lib/eval-config.nix
@@ -66,7 +66,6 @@ rec {
   # Optionally check wether all config values have corresponding
   # option declarations.
   config =
-    let doCheck = optionDefinitions.environment.checkConfigurationOptions; in
-    assert doCheck -> pkgs.lib.checkModule "" systemModule;
+    assert optionDefinitions.environment.checkConfigurationOptions -> pkgs.lib.checkModule "" systemModule;
     systemModule.config;
 }
diff --git a/nixos/modules/config/system-path.nix b/nixos/modules/config/system-path.nix
index e65be03afac..0610ad54da3 100644
--- a/nixos/modules/config/system-path.nix
+++ b/nixos/modules/config/system-path.nix
@@ -7,8 +7,6 @@ with pkgs.lib;
 
 let
 
-  cfg = config.environment;
-
   extraManpages = pkgs.runCommand "extra-manpages" { buildInputs = [ pkgs.help2man ]; }
     ''
       mkdir -p $out/share/man/man1
@@ -87,33 +85,10 @@ in
     system = {
 
       path = mkOption {
-        default = cfg.systemPackages;
+        internal = true;
         description = ''
           The packages you want in the boot environment.
         '';
-
-        apply = list: pkgs.buildEnv {
-          name = "system-path";
-          paths = list;
-          inherit (cfg) pathsToLink;
-          ignoreCollisions = true;
-          # !!! Hacky, should modularise.
-          postBuild =
-            ''
-              if [ -x $out/bin/update-mime-database -a -w $out/share/mime/packages ]; then
-                  $out/bin/update-mime-database -V $out/share/mime
-              fi
-
-              if [ -x $out/bin/gtk-update-icon-cache -a -f $out/share/icons/hicolor/index.theme ]; then
-                  $out/bin/gtk-update-icon-cache $out/share/icons/hicolor
-              fi
-
-              if [ -x $out/bin/glib-compile-schemas -a -w $out/share/glib-2.0/schemas ]; then
-                  $out/bin/glib-compile-schemas $out/share/glib-2.0/schemas
-              fi
-            '';
-        };
-
       };
 
     };
@@ -138,5 +113,27 @@ in
         "/share/man"
       ];
 
+    system.path = pkgs.buildEnv {
+      name = "system-path";
+      paths = config.environment.systemPackages;
+      inherit (config.environment) pathsToLink;
+      ignoreCollisions = true;
+      # !!! Hacky, should modularise.
+      postBuild =
+        ''
+          if [ -x $out/bin/update-mime-database -a -w $out/share/mime/packages ]; then
+              $out/bin/update-mime-database -V $out/share/mime
+          fi
+
+          if [ -x $out/bin/gtk-update-icon-cache -a -f $out/share/icons/hicolor/index.theme ]; then
+              $out/bin/gtk-update-icon-cache $out/share/icons/hicolor
+          fi
+
+          if [ -x $out/bin/glib-compile-schemas -a -w $out/share/glib-2.0/schemas ]; then
+              $out/bin/glib-compile-schemas $out/share/glib-2.0/schemas
+          fi
+        '';
+    };
+
   };
 }
diff --git a/nixos/modules/installer/tools/nixos-generate-config.pl b/nixos/modules/installer/tools/nixos-generate-config.pl
index 3418b0122de..0f9142990ec 100644
--- a/nixos/modules/installer/tools/nixos-generate-config.pl
+++ b/nixos/modules/installer/tools/nixos-generate-config.pl
@@ -23,6 +23,8 @@ sub uniq {
 my $outDir = "/etc/nixos";
 my $rootDir = ""; # = /
 my $force = 0;
+my $noFilesystems = 0;
+my $showHardwareConfig = 0;
 
 for (my $n = 0; $n < scalar @ARGV; $n++) {
     my $arg = $ARGV[$n];
@@ -43,6 +45,12 @@ for (my $n = 0; $n < scalar @ARGV; $n++) {
     elsif ($arg eq "--force") {
         $force = 1;
     }
+    elsif ($arg eq "--no-filesystems") {
+        $noFilesystems = 1;
+    }
+    elsif ($arg eq "--show-hardware-config") {
+        $showHardwareConfig = 1;
+    }
     else {
         die "$0: unrecognized argument ‘$arg’\n";
     }
@@ -332,40 +340,48 @@ my $initrdAvailableKernelModules = toNixExpr(uniq @initrdAvailableKernelModules)
 my $kernelModules = toNixExpr(uniq @kernelModules);
 my $modulePackages = toNixExpr(uniq @modulePackages);
 
-$outDir = "$rootDir$outDir";
-
-my $fn = "$outDir/hardware-configuration.nix";
-print STDERR "writing $fn...\n";
-mkpath($outDir, 0, 0755);
+my $fsAndSwap = "";
+if (!$noFilesystems) {
+    $fsAndSwap = "\n${fileSystems}  ";
+    $fsAndSwap .= "swapDevices =" . multiLineList("    ", @swapDevices) . ";\n";
+}
 
-write_file($fn, <<EOF);
+my $hwConfig = <<EOF;
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, pkgs, ... }:
 
 {
-  imports = ${\multiLineList("    ", @imports)};
+  imports =${\multiLineList("    ", @imports)};
 
   boot.initrd.availableKernelModules = [$initrdAvailableKernelModules ];
   boot.kernelModules = [$kernelModules ];
   boot.extraModulePackages = [$modulePackages ];
-
-${fileSystems}  swapDevices = ${\multiLineList("    ", @swapDevices)};
-
+$fsAndSwap
   nix.maxJobs = $cpus;
 ${\join "", (map { "  $_\n" } (uniq @attrs))}}
 EOF
 
 
-# Generate a basic configuration.nix, unless one already exists.
-$fn = "$outDir/configuration.nix";
-if ($force || ! -e $fn) {
+if ($showHardwareConfig) {
+    print STDOUT $hwConfig;
+} else {
+    $outDir = "$rootDir$outDir";
+
+    my $fn = "$outDir/hardware-configuration.nix";
     print STDERR "writing $fn...\n";
+    mkpath($outDir, 0, 0755);
+    write_file($fn, $hwConfig);
 
-    my $bootloaderConfig;
-    if (-e "/sys/firmware/efi/efivars") {
-        $bootLoaderConfig = <<EOF;
+    # Generate a basic configuration.nix, unless one already exists.
+    $fn = "$outDir/configuration.nix";
+    if ($force || ! -e $fn) {
+        print STDERR "writing $fn...\n";
+
+        my $bootloaderConfig;
+        if (-e "/sys/firmware/efi/efivars") {
+            $bootLoaderConfig = <<EOF;
   # Use the gummiboot efi boot loader.
   boot.loader.grub.enable = false;
   boot.loader.gummiboot.enable = true;
@@ -374,17 +390,17 @@ if ($force || ! -e $fn) {
   # EFI booting requires kernel >= 3.10
   boot.kernelPackages = pkgs.linuxPackages_3_10;
 EOF
-    } else {
-        $bootLoaderConfig = <<EOF;
+        } else {
+            $bootLoaderConfig = <<EOF;
   # Use the GRUB 2 boot loader.
   boot.loader.grub.enable = true;
   boot.loader.grub.version = 2;
   # Define on which hard drive you want to install Grub.
   # boot.loader.grub.device = "/dev/sda";
 EOF
-    }
+        }
 
-    write_file($fn, <<EOF);
+        write_file($fn, <<EOF);
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
@@ -397,29 +413,10 @@ EOF
       ./hardware-configuration.nix
     ];
 
-  boot.initrd.kernelModules =
-    [ # Specify all kernel modules that are necessary for mounting the root
-      # filesystem.
-      # "xfs" "ata_piix"
-      # fbcon # Uncomment this when EFI booting to see the console before the root partition is mounted
-    ];
-
 $bootLoaderConfig
   # networking.hostName = "nixos"; # Define your hostname.
   # networking.wireless.enable = true;  # Enables wireless.
 
-  # Add filesystem entries for each partition that you want to see
-  # mounted at boot time.  This should include at least the root
-  # filesystem.
-
-  # fileSystems."/".device = "/dev/disk/by-label/nixos";
-
-  # fileSystems."/data" =     # where you want to mount the device
-  #   { device = "/dev/sdb";  # the device
-  #     fsType = "ext3";      # the type of the partition
-  #     options = "data=journal";
-  #   };
-
   # Select internationalisation properties.
   # i18n = {
   #   consoleFont = "lat9w-16";
@@ -445,8 +442,9 @@ $bootLoaderConfig
   # services.xserver.desktopManager.kde4.enable = true;
 }
 EOF
-} else {
-    print STDERR "warning: not overwriting existing $fn\n";
+    } else {
+        print STDERR "warning: not overwriting existing $fn\n";
+    }
 }
 
 # workaround for a bug in substituteAll
diff --git a/nixos/modules/installer/tools/nixos-rebuild.sh b/nixos/modules/installer/tools/nixos-rebuild.sh
index 6b747bc1a2b..d655210c90e 100644
--- a/nixos/modules/installer/tools/nixos-rebuild.sh
+++ b/nixos/modules/installer/tools/nixos-rebuild.sh
@@ -109,8 +109,8 @@ fi
 # more conservative.
 if [ "$action" != dry-run -a -n "$buildNix" ]; then
     echo "building Nix..." >&2
-    if ! nix-build '<nixos>' -A config.environment.nix -o $tmpDir/nix "${extraBuildFlags[@]}" > /dev/null; then
-        if ! nix-build '<nixos>' -A nixFallback -o $tmpDir/nix "${extraBuildFlags[@]}" > /dev/null; then
+    if ! nix-build '<nixpkgs/nixos>' -A config.environment.nix -o $tmpDir/nix "${extraBuildFlags[@]}" > /dev/null; then
+        if ! nix-build '<nixpkgs/nixos>' -A nixFallback -o $tmpDir/nix "${extraBuildFlags[@]}" > /dev/null; then
             nix-build '<nixpkgs>' -A nixUnstable -o $tmpDir/nix "${extraBuildFlags[@]}" > /dev/null
         fi
     fi
@@ -139,16 +139,16 @@ fi
 if [ -z "$rollback" ]; then
     echo "building the system configuration..." >&2
     if [ "$action" = switch -o "$action" = boot ]; then
-        nix-env "${extraBuildFlags[@]}" -p "$profile" -f '<nixos>' --set -A system
+        nix-env "${extraBuildFlags[@]}" -p "$profile" -f '<nixpkgs/nixos>' --set -A system
         pathToConfig="$profile"
     elif [ "$action" = test -o "$action" = build -o "$action" = dry-run ]; then
-        nix-build '<nixos>' -A system -K -k "${extraBuildFlags[@]}" > /dev/null
+        nix-build '<nixpkgs/nixos>' -A system -K -k "${extraBuildFlags[@]}" > /dev/null
         pathToConfig=./result
     elif [ "$action" = build-vm ]; then
-        nix-build '<nixos>' -A vm -K -k "${extraBuildFlags[@]}" > /dev/null
+        nix-build '<nixpkgs/nixos>' -A vm -K -k "${extraBuildFlags[@]}" > /dev/null
         pathToConfig=./result
     elif [ "$action" = build-vm-with-bootloader ]; then
-        nix-build '<nixos>' -A vmWithBootLoader -K -k "${extraBuildFlags[@]}" > /dev/null
+        nix-build '<nixpkgs/nixos>' -A vmWithBootLoader -K -k "${extraBuildFlags[@]}" > /dev/null
         pathToConfig=./result
     else
         showSyntax
diff --git a/nixos/modules/misc/assertions.nix b/nixos/modules/misc/assertions.nix
index 9cd58550adc..229f8f27860 100644
--- a/nixos/modules/misc/assertions.nix
+++ b/nixos/modules/misc/assertions.nix
@@ -6,6 +6,8 @@ let
 
   failed = map (x: x.message) (filter (x: !x.assertion) config.assertions);
 
+  showWarnings = res: fold (w: x: builtins.trace "warning: ${w}" x) res config.warnings;
+
 in
 
 {
@@ -13,6 +15,7 @@ in
   options = {
 
     assertions = mkOption {
+      internal = true;
       default = [];
       example = [ { assertion = false; message = "you can't enable this for that reason"; } ];
       merge = pkgs.lib.mergeListOption;
@@ -23,14 +26,26 @@ in
       '';
     };
 
+    warnings = mkOption {
+      internal = true;
+      default = [];
+      type = types.listOf types.string;
+      example = [ "The `foo' service is deprecated and will go away soon!" ];
+      description = ''
+        This option allows modules to show warnings to users during
+        the evaluation of the system configuration.
+      '';
+    };
+
   };
 
   config = {
 
-    # This option is evaluated always. Thus the assertions are checked as well. hacky!
-    environment.systemPackages =
+    # This option is evaluated always. Thus the assertions are checked
+    # as well. Hacky!
+    environment.systemPackages = showWarnings (
       if [] == failed then []
-      else throw "\nFailed assertions:\n${concatStringsSep "\n" (map (x: "- ${x}") failed)}";
+      else throw "\nFailed assertions:\n${concatStringsSep "\n" (map (x: "- ${x}") failed)}");
 
   };
 
diff --git a/nixos/modules/misc/version.nix b/nixos/modules/misc/version.nix
index 1b519d3e6ee..5ab24686152 100644
--- a/nixos/modules/misc/version.nix
+++ b/nixos/modules/misc/version.nix
@@ -7,30 +7,50 @@ with pkgs.lib;
   options = {
 
     system.nixosVersion = mkOption {
+      internal = true;
       type = types.uniq types.string;
       description = "NixOS version.";
     };
 
     system.nixosVersionSuffix = mkOption {
+      internal = true;
       type = types.uniq types.string;
       description = "NixOS version suffix.";
     };
 
+    system.nixosRevision = mkOption {
+      internal = true;
+      type = types.uniq types.string;
+      description = "NixOS Git revision hash.";
+    };
+
     system.nixosCodeName = mkOption {
+      internal = true;
       type = types.uniq types.string;
       description = "NixOS release code name.";
     };
 
+    system.defaultChannel = mkOption {
+      internal = true;
+      type = types.uniq types.string;
+      default = https://nixos.org/channels/nixos-unstable;
+      description = "Default NixOS channel to which the root user is subscribed.";
+    };
+
   };
 
   config = {
 
     system.nixosVersion =
-      mkDefault (builtins.readFile "${toString pkgs.path}/.version" + config.system.nixosVersionSuffix);
+      mkDefault (readFile "${toString pkgs.path}/.version" + config.system.nixosVersionSuffix);
 
     system.nixosVersionSuffix =
       let suffixFile = "${toString pkgs.path}/.version-suffix"; in
-      mkDefault (if builtins.pathExists suffixFile then builtins.readFile suffixFile else "pre-git");
+      mkDefault (if pathExists suffixFile then readFile suffixFile else "pre-git");
+
+    system.nixosRevision =
+      let fn = "${toString pkgs.path}/.git-revision"; in
+      mkDefault (if pathExists fn then readFile fn else "master");
 
     # Note: code names must only increase in alphabetical order.
     system.nixosCodeName = "Aardvark";
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index a2e1abf036b..62e5b8e49c2 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -130,6 +130,7 @@
   ./services/monitoring/dd-agent.nix
   ./services/monitoring/graphite.nix
   ./services/monitoring/monit.nix
+  ./services/monitoring/munin.nix
   ./services/monitoring/nagios/default.nix
   ./services/monitoring/smartd.nix
   ./services/monitoring/statsd.nix
@@ -237,6 +238,7 @@
   ./services/x11/window-managers/twm.nix
   ./services/x11/window-managers/wmii.nix
   ./services/x11/window-managers/xmonad.nix
+  ./services/x11/redshift.nix
   ./services/x11/xfs.nix
   ./services/x11/xserver.nix
   ./system/activation/activation-script.nix
diff --git a/nixos/modules/programs/shell.nix b/nixos/modules/programs/shell.nix
index 679c4979dfa..8052502c21e 100644
--- a/nixos/modules/programs/shell.nix
+++ b/nixos/modules/programs/shell.nix
@@ -39,7 +39,7 @@ in
 
         # Subscribe the root user to the NixOS channel by default.
         if [ "$USER" = root -a ! -e $HOME/.nix-channels ]; then
-            echo "http://nixos.org/channels/nixos-unstable nixos" > $HOME/.nix-channels
+            echo "${config.system.defaultChannel} nixos" > $HOME/.nix-channels
         fi
 
         # Create the per-user garbage collector roots directory.
diff --git a/nixos/modules/programs/ssh.nix b/nixos/modules/programs/ssh.nix
index 5ec32376b60..64bf2508316 100644
--- a/nixos/modules/programs/ssh.nix
+++ b/nixos/modules/programs/ssh.nix
@@ -1,6 +1,6 @@
 # Global configuration for the SSH client.
 
-{config, pkgs, ...}:
+{ config, pkgs, ... }:
 
 with pkgs.lib;
 
@@ -31,7 +31,7 @@ in
       setXAuthLocation = mkOption {
         default = true;
         description = ''
-          Whether to set the path to xauth for X11-forwarded connections.
+          Whether to set the path to <command>xauth</command> for X11-forwarded connections.
           Pulls in X11 dependency.
         '';
       };
@@ -46,10 +46,13 @@ in
     };
   };
 
-  assertions = [{ assertion = if cfg.forwardX11 then cfg.setXAuthLocation else true;
-                  message = "cannot enable X11 forwarding without setting xauth location";}];
-
   config = {
+
+    assertions = singleton
+      { assertion = cfg.forwardX11 -> cfg.setXAuthLocation;
+        message = "cannot enable X11 forwarding without setting XAuth location";
+      };
+
     environment.etc =
       [ { # SSH configuration.  Slight duplication of the sshd_config
           # generation in the sshd service.
diff --git a/nixos/modules/rename.nix b/nixos/modules/rename.nix
index 27b6f01c71f..1d19fe6da76 100644
--- a/nixos/modules/rename.nix
+++ b/nixos/modules/rename.nix
@@ -1,110 +1,126 @@
-{pkgs, options, config, ...}:
+{ config, pkgs, options, ... }:
+
+with pkgs.lib;
 
 let
 
-  alias = from: to: {
+  alias = from: to: rename {
+    inherit from to;
     name = "Alias";
-    msg.use = x: x;
-    msg.define = x: x;
+    use = id;
+    define = id;
+    visible = true;
   };
 
-  obsolete = from: to: {
+  obsolete = from: to: rename {
+    inherit from to;
     name = "Obsolete name";
-    msg.use = x:
-      builtins.trace "Obsolete option `${from}' is used instead of `${to}'." x;
-    msg.define = x:
-      builtins.trace "Obsolete option `${from}' is defined instead of `${to}'." x;
+    use = x: builtins.trace "Obsolete option `${showOption from}' is used instead of `${showOption to}'." x;
+    define = x: builtins.trace "Obsolete option `${showOption from}' is defined instead of `${showOption to}'." x;
   };
 
-  deprecated = from: to: {
+  deprecated = from: to: rename {
+    inherit from to;
     name = "Deprecated name";
-    msg.use = x:
-      abort "Deprecated option `${from}' is used instead of `${to}'.";
-    msg.define = x:
-      abort "Deprecated option `${from}' is defined instead of `${to}'.";
+    use = x: abort "Deprecated option `${showOption from}' is used instead of `${showOption to}'.";
+    define = x: abort "Deprecated option `${showOption from}' is defined instead of `${showOption to}'.";
   };
 
+  showOption = concatStringsSep ".";
 
-  zipModules = list: with pkgs.lib;
+  zipModules = list:
     zipAttrsWith (n: v:
       if tail v != [] then
         if n == "_type" then (head v)
-        else if n == "extraConfigs" then (concatLists v)
+        else if n == "extraConfigs" then concatLists v
+        else if n == "warnings" then concatLists v
         else if n == "description" || n == "apply" then
           abort "Cannot rename an option to multiple options."
         else zipModules v
       else head v
     ) list;
 
-  rename = statusTemplate: from: to: with pkgs.lib;
+  rename = { from, to, name, use, define, visible ? false }:
     let
-      status = statusTemplate from to;
-      setTo = setAttrByPath (splitString "." to);
-      setFrom = setAttrByPath (splitString "." from);
-      toOf = attrByPath (splitString "." to)
-        (abort "Renaming error: option `${to}' does not exists.");
-      fromOf = attrByPath (splitString "." from)
-        (abort "Internal error: option `${from}' should be declared.");
+      setTo = setAttrByPath to;
+      setFrom = setAttrByPath from;
+      toOf = attrByPath to
+        (abort "Renaming error: option `${showOption to}' does not exists.");
+      fromOf = attrByPath from
+        (abort "Internal error: option `${showOption from}' should be declared.");
     in
-      [{
-        options = setFrom (mkOption {
-          description = "${status.name} of <option>${to}</option>.";
-          apply = x: status.msg.use (toOf config);
-        });
-      }] ++
-      [{
-        options = setTo (mkOption {
-          extraConfigs =
-            let externalDefs = (fromOf options).definitions; in
-            if externalDefs == [] then []
-            else map (def: def.value) (status.msg.define externalDefs);
-        });
-      }];
+      [ { options = setFrom (mkOption {
+            description = "${name} of <option>${showOption to}</option>.";
+            apply = x: use (toOf config);
+            inherit visible;
+          });
+        }
+        { options = setTo (mkOption {
+            extraConfigs =
+              let externalDefs = (fromOf options).definitions; in
+              if externalDefs == [] then []
+              else map (def: def.value) (define externalDefs);
+          });
+        }
+      ];
+
+  obsolete' = option: singleton
+    { options = setAttrByPath option (mkOption {
+        default = null;
+        visible = false;
+      });
+      config.warnings = optional (getAttrFromPath option config != null)
+        "The option `${showOption option}' defined in your configuration no longer has any effect; please remove it.";
+    };
 
 in zipModules ([]
 
 # usage example:
-# ++ rename alias "services.xserver.slim.theme" "services.xserver.displayManager.slim.theme"
-++ rename obsolete "environment.extraPackages" "environment.systemPackages"
-++ rename obsolete "environment.enableBashCompletion" "programs.bash.enableCompletion"
+# ++ alias [ "services" "xserver" "slim" "theme" ] [ "services" "xserver" "displayManager" "slim" "theme" ]
+++ obsolete [ "environment" "extraPackages" ] [ "environment" "systemPackages" ]
+++ obsolete [ "environment" "enableBashCompletion" ] [ "programs" "bash" "enableCompletion" ]
 
-++ rename obsolete "security.extraSetuidPrograms" "security.setuidPrograms"
-++ rename obsolete "networking.enableWLAN" "networking.wireless.enable"
-++ rename obsolete "networking.enableRT73Firmware" "networking.enableRalinkFirmware"
+++ obsolete [ "security" "extraSetuidPrograms" ] [ "security" "setuidPrograms" ]
+++ obsolete [ "networking" "enableWLAN" ] [ "networking" "wireless" "enable" ]
+++ obsolete [ "networking" "enableRT73Firmware" ] [ "networking" "enableRalinkFirmware" ]
 
 # FIXME: Remove these eventually.
-++ rename obsolete "boot.systemd.sockets" "systemd.sockets"
-++ rename obsolete "boot.systemd.targets" "systemd.targets"
-++ rename obsolete "boot.systemd.services" "systemd.services"
+++ obsolete [ "boot" "systemd" "sockets" ] [ "systemd" "sockets" ]
+++ obsolete [ "boot" "systemd" "targets" ] [ "systemd" "targets" ]
+++ obsolete [ "boot" "systemd" "services" ] [ "systemd" "services" ]
 
 # Old Grub-related options.
-++ rename obsolete "boot.copyKernels" "boot.loader.grub.copyKernels"
-++ rename obsolete "boot.extraGrubEntries" "boot.loader.grub.extraEntries"
-++ rename obsolete "boot.extraGrubEntriesBeforeNixos" "boot.loader.grub.extraEntriesBeforeNixOS"
-++ rename obsolete "boot.grubDevice" "boot.loader.grub.device"
-++ rename obsolete "boot.bootMount" "boot.loader.grub.bootDevice"
-++ rename obsolete "boot.grubSplashImage" "boot.loader.grub.splashImage"
+++ obsolete [ "boot" "copyKernels" ] [ "boot" "loader" "grub" "copyKernels" ]
+++ obsolete [ "boot" "extraGrubEntries" ] [ "boot" "loader" "grub" "extraEntries" ]
+++ obsolete [ "boot" "extraGrubEntriesBeforeNixos" ] [ "boot" "loader" "grub" "extraEntriesBeforeNixOS" ]
+++ obsolete [ "boot" "grubDevice" ] [ "boot" "loader" "grub" "device" ]
+++ obsolete [ "boot" "bootMount" ] [ "boot" "loader" "grub" "bootDevice" ]
+++ obsolete [ "boot" "grubSplashImage" ] [ "boot" "loader" "grub" "splashImage" ]
 
-++ rename obsolete "boot.initrd.extraKernelModules" "boot.initrd.kernelModules"
+++ obsolete [ "boot" "initrd" "extraKernelModules" ] [ "boot" "initrd" "kernelModules" ]
 
 # OpenSSH
-++ rename obsolete "services.sshd.ports" "services.openssh.ports"
-++ rename alias "services.sshd.enable" "services.openssh.enable"
-++ rename obsolete "services.sshd.allowSFTP" "services.openssh.allowSFTP"
-++ rename obsolete "services.sshd.forwardX11" "services.openssh.forwardX11"
-++ rename obsolete "services.sshd.gatewayPorts" "services.openssh.gatewayPorts"
-++ rename obsolete "services.sshd.permitRootLogin" "services.openssh.permitRootLogin"
-++ rename obsolete "services.xserver.startSSHAgent" "services.xserver.startOpenSSHAgent"
+++ obsolete [ "services" "sshd" "ports" ] [ "services" "openssh" "ports" ]
+++ alias [ "services" "sshd" "enable" ] [ "services" "openssh" "enable" ]
+++ obsolete [ "services" "sshd" "allowSFTP" ] [ "services" "openssh" "allowSFTP" ]
+++ obsolete [ "services" "sshd" "forwardX11" ] [ "services" "openssh" "forwardX11" ]
+++ obsolete [ "services" "sshd" "gatewayPorts" ] [ "services" "openssh" "gatewayPorts" ]
+++ obsolete [ "services" "sshd" "permitRootLogin" ] [ "services" "openssh" "permitRootLogin" ]
+++ obsolete [ "services" "xserver" "startSSHAgent" ] [ "services" "xserver" "startOpenSSHAgent" ]
 
 # KDE
-++ rename deprecated "kde.extraPackages" "environment.kdePackages"
-# ++ rename obsolete "environment.kdePackages" "environment.systemPackages" # !!! doesn't work!
+++ deprecated [ "kde" "extraPackages" ] [ "environment" "kdePackages" ]
+# ++ obsolete [ "environment" "kdePackages" ] [ "environment" "systemPackages" ] # !!! doesn't work!
 
 # Multiple efi bootloaders now
-++ rename obsolete "boot.loader.efi.efibootmgr.enable" "boot.loader.efi.canTouchEfiVariables"
+++ obsolete [ "boot" "loader" "efi" "efibootmgr" "enable" ] [ "boot" "loader" "efi" "canTouchEfiVariables" ]
 
 # NixOS environment changes
 # !!! this hardcodes bash, could we detect from config which shell is actually used?
-++ rename obsolete "environment.promptInit" "programs.bash.promptInit"
+++ obsolete [ "environment" "promptInit" ] [ "programs" "bash" "promptInit" ]
+
+# Options that are obsolete and have no replacement.
+++ obsolete' [ "boot" "loader" "grub" "bootDevice" ]
+++ obsolete' [ "boot" "initrd" "luks" "enable" ]
 
-) # do not add renaming after this.
+)
diff --git a/nixos/modules/services/audio/fuppes.nix b/nixos/modules/services/audio/fuppes.nix
index df73e62fc94..9c8849e525b 100644
--- a/nixos/modules/services/audio/fuppes.nix
+++ b/nixos/modules/services/audio/fuppes.nix
@@ -60,8 +60,7 @@ with pkgs.lib;
       };
 
       vfolder = mkOption {
-        default = ./fuppes/vfolder.cfg;
-        example = /etc/fuppes/vfolder.cfg;
+        example = literalExample "/etc/fuppes/vfolder.cfg";
         description = ''
           XML file describing the layout of virtual folder visible by the
           client.
@@ -109,6 +108,8 @@ with pkgs.lib;
 
     services.fuppesd.name = mkDefault config.networking.hostName;
 
+    services.fuppesd.vfolder = mkDefault ./fuppes/vfolder.cfg;
+
     security.sudo.enable = true;
   };
 }
diff --git a/nixos/modules/services/databases/firebird.nix b/nixos/modules/services/databases/firebird.nix
index aca0d58900b..75c225bdb67 100644
--- a/nixos/modules/services/databases/firebird.nix
+++ b/nixos/modules/services/databases/firebird.nix
@@ -1,9 +1,18 @@
 { config, pkgs, ... }:
 
-# TODO: this file needs some additional work - at least you can connect to
-# firebird ..
-# Example how to connect:
-# isql /var/db/firebird/data/your-db.fdb -u sysdba -p <default password>
+# TODO: This may file may need additional review, eg which configuartions to
+# expose to the user.
+#
+# I only used it to access some simple databases.
+
+# test:
+# isql, then type the following commands:
+# CREATE DATABASE '/var/db/firebird/data/test.fdb' USER 'SYSDBA' PASSWORD 'masterkey';
+# CONNECT '/var/db/firebird/data/test.fdb' USER 'SYSDBA' PASSWORD 'masterkey';
+# CREATE TABLE test ( text varchar(100) );
+# DROP DATABASE;
+#
+# Be careful, virtuoso-opensource also provides a different isql command !
 
 # There are at least two ways to run firebird. superserver has been choosen
 # however there are no strong reasons to prefer this or the other one AFAIK
@@ -18,7 +27,8 @@ let
 
   firebird = cfg.package;
 
-  pidFile = "${cfg.pidDir}/firebirdd.pid";
+  dataDir = "${cfg.baseDir}/data";
+  systemDir = "${cfg.baseDir}/system";
 
 in
 
@@ -32,9 +42,9 @@ in
 
       enable = mkOption {
         default = false;
-        description = "
-          Whether to enable the firebird super server.
-        ";
+        description = ''
+          Whether to enable the Firebird super server.
+        '';
       };
 
       package = mkOption {
@@ -45,29 +55,31 @@ in
             reasons. See comments at the firebirdSuper derivation
         */
 
-        description = "
+        description = ''
           Which firebird derivation to use.
-        ";
+        '';
       };
 
       port = mkOption {
         default = "3050";
-        description = "Port of Firebird.";
+        description = ''
+          Port Firebird uses.
+        '';
       };
 
       user = mkOption {
         default = "firebird";
-        description = "User account under which firebird runs.";
+        description = ''
+          User account under which firebird runs.
+        '';
       };
 
-      dataDir = mkOption {
-        default = "/var/db/firebird/data"; # ubuntu is using /var/lib/firebird/2.1/data/.. ?
-        description = "Location where firebird databases are stored.";
-      };
-
-      pidDir = mkOption {
-        default = "/run/firebird";
-        description = "Location of the file which stores the PID of the firebird server.";
+      baseDir = mkOption {
+        default = "/var/db/firebird"; # ubuntu is using /var/lib/firebird/2.1/data/.. ?
+        description = ''
+          Location containing data/ and system/ directories.
+          data/ stores the databases, system/ stores the password database security2.fdb.
+        '';
       };
 
     };
@@ -79,12 +91,10 @@ in
 
   config = mkIf config.services.firebird.enable {
 
-    users.extraUsers.firebird.description =  "Firebird server user";
-
-    environment.systemPackages = [firebird];
+    environment.systemPackages = [cfg.package];
 
     systemd.services.firebird =
-      { description = "firebird super server";
+      { description = "Firebird Super-Server";
 
         wantedBy = [ "multi-user.target" ];
 
@@ -92,20 +102,17 @@ in
         # is a better way
         preStart =
           ''
-            secureDir="${cfg.dataDir}/../system"
-
             mkdir -m 0700 -p \
-              "${cfg.dataDir}" \
-              "${cfg.pidDir}" \
-              /var/log/firebird \
-              "$secureDir"
+              "${dataDir}" \
+              "${systemDir}" \
+              /var/log/firebird
 
-            if ! test -e "$secureDir/security2.fdb"; then
-                cp ${firebird}/security2.fdb "$secureDir"
+            if ! test -e "${systemDir}/security2.fdb"; then
+                cp ${firebird}/security2.fdb "${systemDir}"
             fi
 
-            chown -R ${cfg.user} "${cfg.pidDir}" "${cfg.dataDir}" "$secureDir" /var/log/firebird
-            chmod -R 700 "${cfg.pidDir}" "${cfg.dataDir}" "$secureDir" /var/log/firebird
+            chown -R ${cfg.user} "${dataDir}" "${systemDir}" /var/log/firebird
+            chmod -R 700         "${dataDir}" "${systemDir}" /var/log/firebird
           '';
 
         serviceConfig.PermissionsStartOnly = true; # preStart must be run as root
@@ -119,9 +126,9 @@ in
 
     # think about this again - and eventually make it an option
     environment.etc."firebird/firebird.conf".text = ''
-      # RootDirectory = Restrict ${cfg.dataDir}
-      DatabaseAccess = Restrict ${cfg.dataDir}
-      ExternalFileAccess = Restrict ${cfg.dataDir}
+      # RootDirectory = Restrict ${dataDir}
+      DatabaseAccess = Restrict ${dataDir}
+      ExternalFileAccess = Restrict ${dataDir}
       # what is this? is None allowed?
       UdfAccess = None
       # "Native" =  traditional interbase/firebird, "mixed" is windows only
@@ -142,8 +149,14 @@ in
       #RemoteAuxPort = 0
       # rsetrict connections to a network card:
       #RemoteBindAddress =
-      # there are some more settings ..
+      # there are some additional settings which should be reviewed
     '';
+
+    users.extraUsers.firebird = {
+      description = "Firebird server user";
+      group = "firebird";
+      uid = config.ids.uids.firebird;
     };
 
+  };
 }
diff --git a/nixos/modules/services/databases/mysql.nix b/nixos/modules/services/databases/mysql.nix
index 663c2cc4505..8be05a27cdc 100644
--- a/nixos/modules/services/databases/mysql.nix
+++ b/nixos/modules/services/databases/mysql.nix
@@ -93,8 +93,8 @@ in
         default = [];
         description = "List of database names and their initial schemas that should be used to create databases on the first startup of MySQL";
         example = [
-          { name = "foodatabase"; schema = ./foodatabase.sql; }
-          { name = "bardatabase"; schema = ./bardatabase.sql; }
+          { name = "foodatabase"; schema = literalExample "./foodatabase.sql"; }
+          { name = "bardatabase"; schema = literalExample "./bardatabase.sql"; }
         ];
       };
 
diff --git a/nixos/modules/services/databases/mysql55.nix b/nixos/modules/services/databases/mysql55.nix
index 46148d68f4c..fe8b29e3c6b 100644
--- a/nixos/modules/services/databases/mysql55.nix
+++ b/nixos/modules/services/databases/mysql55.nix
@@ -86,8 +86,8 @@ in
         default = [];
         description = "List of database names and their initial schemas that should be used to create databases on the first startup of MySQL";
         example = [
-          { name = "foodatabase"; schema = ./foodatabase.sql; }
-          { name = "bardatabase"; schema = ./bardatabase.sql; }
+          { name = "foodatabase"; schema = literalExample "./foodatabase.sql"; }
+          { name = "bardatabase"; schema = literalExample "./bardatabase.sql"; }
         ];
       };
 
diff --git a/nixos/modules/services/databases/postgresql.nix b/nixos/modules/services/databases/postgresql.nix
index fc6b5b167b8..1c43dad1d50 100644
--- a/nixos/modules/services/databases/postgresql.nix
+++ b/nixos/modules/services/databases/postgresql.nix
@@ -95,14 +95,6 @@ in
         '';
       };
 
-      authMethod = mkOption {
-        default = " ident sameuser ";
-        description = ''
-          How to authorize users.
-          Note: ident needs absolute trust to all allowed client hosts.
-        '';
-      };
-
       enableTCPIP = mkOption {
         default = false;
         description = ''
diff --git a/nixos/modules/services/misc/nix-gc.nix b/nixos/modules/services/misc/nix-gc.nix
index dfdc4db65d5..ad6889ce142 100644
--- a/nixos/modules/services/misc/nix-gc.nix
+++ b/nixos/modules/services/misc/nix-gc.nix
@@ -52,7 +52,7 @@ in
 
     systemd.services.nix-gc =
       { description = "Nix Garbage Collector";
-        serviceConfig.ExecStart = "${config.environment.nix}/bin/nix-collect-garbage ${cfg.options}";
+        script = "exec ${config.environment.nix}/bin/nix-collect-garbage ${cfg.options}";
         startAt = optionalString cfg.automatic cfg.dates;
       };
 
diff --git a/nixos/modules/services/misc/nixos-manual.nix b/nixos/modules/services/misc/nixos-manual.nix
index 1260272b68e..a593d05ee62 100644
--- a/nixos/modules/services/misc/nixos-manual.nix
+++ b/nixos/modules/services/misc/nixos-manual.nix
@@ -11,10 +11,15 @@ let
 
   cfg = config.services.nixosManual;
 
+  versionModule =
+    { system.nixosVersionSuffix = config.system.nixosVersionSuffix;
+      system.nixosRevision = config.system.nixosRevision;
+    };
+
   manual = import ../../../doc/manual {
-    inherit (cfg) revision;
     inherit pkgs;
-    options = (fixMergeModules baseModules
+    revision = config.system.nixosRevision;
+    options = (fixMergeModules ([ versionModule ] ++ baseModules)
       (removeAttrs extraArgs ["config" "options"]) // {
         modules = [ ];
       }).options;
@@ -75,16 +80,6 @@ in
       '';
     };
 
-    services.nixosManual.revision = mkOption {
-      default = "local";
-      type = types.uniq types.string;
-      description = ''
-        Revision of the targeted source file.  This value can either be
-        <literal>"local"</literal>, <literal>"HEAD"</literal> or any
-        revision number embedded in a string.
-      '';
-    };
-
   };
 
 
diff --git a/nixos/modules/services/monitoring/munin.nix b/nixos/modules/services/monitoring/munin.nix
new file mode 100644
index 00000000000..42d5f61af30
--- /dev/null
+++ b/nixos/modules/services/monitoring/munin.nix
@@ -0,0 +1,215 @@
+{ config, pkgs, ... }:
+
+# TODO: support munin-async
+# TODO: LWP/Pg perl libs aren't recognized
+
+# TODO: support fastcgi
+# http://munin-monitoring.org/wiki/CgiHowto2
+# spawn-fcgi -s /var/run/munin/fastcgi-graph.sock -U www-data   -u munin -g munin /usr/lib/munin/cgi/munin-cgi-graph
+# spawn-fcgi -s /var/run/munin/fastcgi-html.sock  -U www-data   -u munin -g munin /usr/lib/munin/cgi/munin-cgi-html
+# https://paste.sh/vofcctHP#-KbDSXVeWoifYncZmLfZzgum
+# nginx http://munin.readthedocs.org/en/latest/example/webserver/nginx.html
+
+
+with pkgs.lib;
+
+let
+  nodeCfg = config.services.munin-node;
+  cronCfg = config.services.munin-cron;
+
+  muninPlugins = pkgs.stdenv.mkDerivation {
+    name = "munin-available-plugins";
+    buildCommand = ''
+      mkdir -p $out
+
+      cp --preserve=mode ${pkgs.munin}/lib/plugins/* $out/
+
+      for file in $out/*; do
+        case "$file" in
+            plugin.sh) continue;;
+        esac
+
+        # read magic makers from the file
+        family=$(sed -nr 's/.*#%#\s+family\s*=\s*(\S+)\s*/\1/p' $file)
+        cap=$(sed -nr 's/.*#%#\s+capabilities\s*=\s*(.+)/\1/p' $file)
+
+        wrapProgram $file \
+          --set PATH "/run/current-system/sw/bin:/run/current-system/sw/sbin" \
+          --set MUNIN_LIBDIR "${pkgs.munin}/lib" \
+          --set MUNIN_PLUGSTATE "/var/run/munin"
+ 
+        # munin uses markers to tell munin-node-configure what a plugin can do
+        echo "#%# family=$family" >> $file
+        echo "#%# capabilities=$cap" >> $file
+      done
+
+      # NOTE: we disable disktstats because plugin seems to fail and it hangs html generation (100% CPU + memory leak)
+      rm -f $out/diskstats
+    '';
+    buildInputs = [ pkgs.makeWrapper ];
+  };
+
+  muninConf = pkgs.writeText "munin.conf"
+    ''
+      dbdir     /var/lib/munin
+      htmldir   /var/www/munin
+      logdir    /var/log/munin
+      rundir    /var/run/munin
+
+      ${cronCfg.extraGlobalConfig}
+      
+      ${cronCfg.hosts}
+    '';
+
+  nodeConf = pkgs.writeText "munin-node.conf"
+    ''
+      log_level 3
+      log_file Sys::Syslog
+      port 4949
+      host *
+      background 0
+      user root
+      group root
+      host_name ${config.networking.hostName}
+      setsid 0
+  
+      # wrapped plugins by makeWrapper being with dots
+      ignore_file ^\.
+      
+      allow ^127\.0\.0\.1$
+
+      ${nodeCfg.extraConfig}
+    '';
+in
+
+{
+
+  options = {
+
+    services.munin-node = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Enable Munin Node agent. Munin node listens on 0.0.0.0 and
+          by default accepts connections only from 127.0.0.1 for security reasons.
+
+          See <link xlink:href='http://munin-monitoring.org/wiki/munin-node.conf' />.
+        '';
+      };
+      
+      extraConfig = mkOption {
+        default = "";
+        description = ''
+          <filename>munin-node.conf</filename> extra configuration. See
+          <link xlink:href='http://munin-monitoring.org/wiki/munin-node.conf' />
+        '';
+      };
+
+      # TODO: add option to add additional plugins
+
+    };
+
+    services.munin-cron = {
+
+      enable = mkOption {
+        default = false;
+        description = ''
+          Enable munin-cron. Takes care of all heavy lifting to collect data from
+          nodes and draws graphs to html. Runs munin-update, munin-limits,
+          munin-graphs and munin-html in that order.
+ 
+          HTML output is in <filename>/var/www/munin/</filename>, configure your
+          favourite webserver to serve static files.
+        '';
+        example = literalExample ''
+          services = {
+             munin-node.enable = true;
+             munin-cron = {
+               enable = true;
+               hosts = '''
+                 [''${config.networking.hostName}]
+                 address localhost
+               ''';
+               extraGlobalConfig = '''
+                 contact.email.command mail -s "Munin notification for ''${var:host}" someone@example.com
+               ''';
+             };
+          };
+        '';
+      };
+      
+      extraGlobalConfig = mkOption {
+        default = "";
+        description = ''
+          <filename>munin.conf</filename> extra global configuration.
+          See <link xlink:href='http://munin-monitoring.org/wiki/munin.conf' />.
+          Useful to setup notifications, see
+          <link xlink:href='http://munin-monitoring.org/wiki/HowToContact' />
+        '';
+      };
+
+      hosts = mkOption {
+        example = ''
+          [''${config.networking.hostName}]
+          address localhost
+        '';
+        description = ''
+          Definitions of hosts of nodes to collect data from. Needs at least one
+          hosts for cron to succeed. See
+          <link xlink:href='http://munin-monitoring.org/wiki/munin.conf' />
+        '';
+      };
+ 
+    };
+
+  };
+
+  config = mkMerge [ (mkIf (nodeCfg.enable || cronCfg.enable)  {
+
+    environment.systemPackages = [ pkgs.munin ];
+
+    users.extraUsers = [{
+      name = "munin";
+      description = "Munin monitoring user";
+      group = "munin";
+    }];
+
+    users.extraGroups = [{
+      name = "munin";
+    }];
+
+  }) (mkIf nodeCfg.enable {
+
+    systemd.services.munin-node = {
+      description = "Munin node, the agent process";
+      after = [ "network.target" ];
+      wantedBy = [ "multi-user.target" ];
+      path = [ pkgs.munin ];
+      environment.MUNIN_PLUGSTATE = "/var/run/munin";
+      serviceConfig = {
+        ExecStart = "${pkgs.munin}/sbin/munin-node --config ${nodeConf} --servicedir /etc/munin/plugins/";
+      };
+    };
+
+    system.activationScripts.munin-node = ''
+      echo "updating munin plugins..."
+
+      mkdir -p /etc/munin/plugins
+      rm -rf /etc/munin/plugins/*
+      PATH="/run/current-system/sw/bin:/run/current-system/sw/sbin" ${pkgs.munin}/sbin/munin-node-configure --shell --families contrib,auto,manual --config ${nodeConf} --libdir=${muninPlugins} --servicedir=/etc/munin/plugins 2>/dev/null | ${pkgs.bash}/bin/bash
+    '';
+
+  }) (mkIf cronCfg.enable {
+
+    services.cron.systemCronJobs = [
+      "*/5 * * * * munin ${pkgs.munin}/bin/munin-cron --config ${muninConf}"
+    ];
+
+    system.activationScripts.munin-cron = stringAfter [ "users" "groups" ] ''
+      mkdir -p /var/{run,log,www,lib}/munin
+      chown -R munin:munin /var/{run,log,www,lib}/munin
+    '';
+
+  })];
+}
diff --git a/nixos/modules/services/networking/ejabberd.nix b/nixos/modules/services/networking/ejabberd.nix
index 05e0aba7d70..75950f55a27 100644
--- a/nixos/modules/services/networking/ejabberd.nix
+++ b/nixos/modules/services/networking/ejabberd.nix
@@ -44,7 +44,7 @@ in
       loadDumps = mkOption {
         default = [];
         description = "Configuration dump that should be loaded on the first startup";
-        example = [ ./myejabberd.dump ];
+        example = literalExample "[ ./myejabberd.dump ]";
       };
     };
 
diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix
index c85c9307e3e..f5670ccdcbf 100644
--- a/nixos/modules/services/networking/ssh/sshd.nix
+++ b/nixos/modules/services/networking/ssh/sshd.nix
@@ -181,11 +181,11 @@ in
         example = [
           {
             hostNames = [ "myhost" "myhost.mydomain.com" "10.10.1.4" ];
-            publicKeyFile = ./pubkeys/myhost_ssh_host_dsa_key.pub;
+            publicKeyFile = literalExample "./pubkeys/myhost_ssh_host_dsa_key.pub";
           }
           {
             hostNames = [ "myhost2" ];
-            publicKeyFile = ./pubkeys/myhost2_ssh_host_dsa_key.pub;
+            publicKeyFile = literalExample "./pubkeys/myhost2_ssh_host_dsa_key.pub";
           }
         ];
         options = {
diff --git a/nixos/modules/services/networking/vsftpd.nix b/nixos/modules/services/networking/vsftpd.nix
index 1b2432401de..d9f1e96b1d2 100644
--- a/nixos/modules/services/networking/vsftpd.nix
+++ b/nixos/modules/services/networking/vsftpd.nix
@@ -4,12 +4,92 @@ with pkgs.lib;
 
 let
 
+  /* minimal secure setup:
+
+   enable = true;
+   forceLocalLoginsSSL = true;
+   forceLocalDataSSL = true;
+   userlistDeny = false;
+   localUsers = true;
+   userlist = ["non-root-user" "other-non-root-user"];
+   rsaCertFile = "/var/vsftpd/vsftpd.pem";
+
+  */
+
   cfg = config.services.vsftpd;
 
   inherit (pkgs) vsftpd;
 
-  yesNoOption = p : name :
-    "${name}=${if p then "YES" else "NO"}";
+  yesNoOption = nixosName: vsftpdName: default: description: {
+    cfgText = "${vsftpdName}=${if getAttr nixosName cfg then "YES" else "NO"}";
+
+    nixosOption = {
+      name = nixosName;
+      value = mkOption {
+        inherit description default;
+        type = types.bool;
+      };
+    };
+  };
+
+  optionDescription = [
+
+    (yesNoOption "anonymousUser" "anonymous_enable" false ''
+     Whether to enable the anonymous FTP user.
+    '')
+    (yesNoOption "localUsers" "local_enable" false ''
+     Whether to enable FTP for local users.
+    '')
+    (yesNoOption "writeEnable" "write_enable" false ''
+    Whether any write activity is permitted to users.
+    '')
+    (yesNoOption "anonymousUploadEnable" "anon_upload_enable" false ''
+    Whether any uploads are permitted to anonymous users.
+    '')
+    (yesNoOption "anonymousMkdirEnable" "anon_mkdir_write_enable" false ''
+    Whether any uploads are permitted to anonymous users.
+    '')
+    (yesNoOption "chrootlocalUser" "chroot_local_user" false ''
+    Whether local users are confined to their home directory.
+    '')
+    (yesNoOption "userlistEnable" "userlist_enable" false ''
+    Whether users are included.
+    '')
+    (yesNoOption "userlistDeny" "userlist_deny" false ''
+      Specifies whether <option>userlistFile</option> is a list of user
+      names to allow or deny access.
+      The default <literal>false</literal> means whitelist/allow.
+    '')
+    (yesNoOption "forceLocalLoginsSSL" "force_local_logins_ssl" false ''
+    Only applies if <option>sslEnable</option> is true. Non anonymous (local) users
+    must use a secure SSL connection to send a password.
+    '')
+    (yesNoOption "forceLocalDataSSL" "force_local_data_ssl" false ''
+    Only applies if <option>sslEnable</option> is true. Non anonymous (local) users
+    must use a secure SSL connection for sending/receiving data on data connection.
+    '')
+    (yesNoOption "ssl_tlsv1" "ssl_tlsv1" true  '' '')
+    (yesNoOption "ssl_sslv2" "ssl_sslv2" false '' '')
+    (yesNoOption "ssl_sslv3" "ssl_sslv3" false '' '')
+
+    {
+      cfgText = if cfg.rsaCertFile == null then ""
+        else ''
+        sslEnable=YES
+        rsa_cert_file=${cfg.rsaCertFile}
+      '';
+
+      nixosOption = {
+        name = "rsaCertFile";
+        value = mkOption {
+          default = null;
+          description = ''
+            rsa certificate file.
+          '';
+        };
+      };
+    }
+    ];
 
 in
 
@@ -26,52 +106,34 @@ in
         description = "Whether to enable the vsftpd FTP server.";
       };
 
-      anonymousUser = mkOption {
-        default = false;
-        description = "Whether to enable the anonymous FTP user.";
-      };
-
-      anonymousUserHome = mkOption {
-        default = "/home/ftp";
-        description = "Path to anonymous user data.";
-      };
-
-      localUsers = mkOption {
-        default = false;
-        description = "Whether to enable FTP for local users.";
-      };
+      userlist = mkOption {
+        default = [];
 
-      writeEnable = mkOption {
-        default = false;
-        description = "Whether any write activity is permitted to users.";
+        description = ''
+          See <option>userlistFile</option>.
+        '';
       };
 
-      anonymousUploadEnable = mkOption {
-        default = false;
-        description = "Whether any uploads are permitted to anonymous users.";
-      };
+      userlistFile = mkOption {
+        default = pkgs.writeText "userlist" (concatMapStrings (x: "${x}\n") cfg.userlist);
+        description = ''
+          Newline separated list of names to be allowed/denied if <option>userlistEnable</option>
+          is <literal>true</literal>. Meaning see <option>userlistDeny</option>.
 
-      anonymousMkdirEnable = mkOption {
-        default = false;
-        description = "Whether mkdir is permitted to anonymous users.";
-      };
+          The default is a file containing the users from <option>userlist</option>.
 
-      chrootlocalUser = mkOption {
-        default = false;
-        description = "Whether local users are confined to their home directory.";
+          If explicitely set to null userlist_file will not be set in vsftpd's config file.
+        '';
       };
 
-      userlistEnable = mkOption {
-        default = false;
-        description = "Whether users are included.";
-      };
-
-      userlistDeny = mkOption {
-        default = false;
-        description = "Whether users are excluded.";
+      anonymousUserHome = mkOption {
+        default = "/home/ftp/";
+	description = ''
+	  Directory to consider the HOME of the anonymous user.
+	'';
       };
 
-    };
+    } // (listToAttrs (catAttrs "nixosOption" optionDescription)) ;
 
   };
 
@@ -80,6 +142,15 @@ in
 
   config = mkIf cfg.enable {
 
+    assertions = [
+      {
+        assertion =
+              (cfg.forceLocalLoginsSSL -> cfg.rsaCertFile != null)
+          &&  (cfg.forceLocalDataSSL -> cfg.rsaCertFile != null);
+        message = "vsftpd: If forceLocalLoginsSSL or forceLocalDataSSL is true then a rsaCertFile must be provided!";
+      }
+    ];
+
     users.extraUsers =
       [ { name = "vsftpd";
           uid = config.ids.uids.vsftpd;
@@ -99,6 +170,21 @@ in
         gid = config.ids.gids.ftp;
       };
 
+    # If you really have to access root via FTP use mkOverride or userlistDeny
+    # = false and whitelist root
+    services.vsftpd.userlist = if cfg.userlistDeny then ["root"] else [];
+
+    environment.etc."vsftpd.conf".text =
+      concatMapStrings (x: "${x.cfgText}\n") optionDescription
+      + ''
+      ${if cfg.userlistFile == null then ""
+        else "userlist_file=${cfg.userlistFile}"}
+      background=NO
+      listen=YES
+      nopriv_user=vsftpd
+      secure_chroot_dir=/var/empty
+    '';
+
     jobs.vsftpd =
       { description = "vsftpd server";
 
@@ -107,22 +193,6 @@ in
 
         preStart =
           ''
-            # !!! Why isn't this generated in the normal way?
-            cat > /etc/vsftpd.conf <<EOF
-            ${yesNoOption cfg.anonymousUser "anonymous_enable"}
-            ${yesNoOption cfg.localUsers "local_enable"}
-            ${yesNoOption cfg.writeEnable "write_enable"}
-            ${yesNoOption cfg.anonymousUploadEnable "anon_upload_enable"}
-            ${yesNoOption cfg.anonymousMkdirEnable "anon_mkdir_write_enable"}
-            ${yesNoOption cfg.chrootlocalUser "chroot_local_user"}
-            ${yesNoOption cfg.userlistEnable "userlist_enable"}
-            ${yesNoOption cfg.userlistDeny "userlist_deny"}
-            background=NO
-            listen=YES
-            nopriv_user=vsftpd
-            secure_chroot_dir=/var/empty
-            EOF
-
             ${if cfg.anonymousUser then ''
               mkdir -p -m 555 ${cfg.anonymousUserHome}
               chown -R ftp:ftp ${cfg.anonymousUserHome}
diff --git a/nixos/modules/services/web-servers/zope2.nix b/nixos/modules/services/web-servers/zope2.nix
index 19afa55d7fe..f75b62b219a 100644
--- a/nixos/modules/services/web-servers/zope2.nix
+++ b/nixos/modules/services/web-servers/zope2.nix
@@ -37,14 +37,14 @@ let
         default =
           ''
           <zodb_db main>
-          mount-point /
-          cache-size 30000
-          <blobstorage>
-              blob-dir /var/lib/zope2/${name}/blobstorage
-              <filestorage>
-              path /var/lib/zope2/${name}/filestorage/Data.fs
-              </filestorage>
-          </blobstorage>
+            mount-point /
+            cache-size 30000
+            <blobstorage>
+                blob-dir /var/lib/zope2/${name}/blobstorage
+                <filestorage>
+                path /var/lib/zope2/${name}/filestorage/Data.fs
+                </filestorage>
+            </blobstorage>
           </zodb_db>
           '';
         type = types.string;
@@ -76,14 +76,14 @@ in
           extra =
             ''
             <zodb_db main>
-            mount-point /
-            cache-size 30000
-            <blobstorage>
-                blob-dir /var/lib/zope2/plone01/blobstorage
-                <filestorage>
-                path /var/lib/zope2/plone01/filestorage/Data.fs
-                </filestorage>
-            </blobstorage>
+              mount-point /
+              cache-size 30000
+              <blobstorage>
+                  blob-dir /var/lib/zope2/plone01/blobstorage
+                  <filestorage>
+                  path /var/lib/zope2/plone01/filestorage/Data.fs
+                  </filestorage>
+              </blobstorage>
             </zodb_db>
             '';
 
@@ -107,32 +107,32 @@ in
           let
             interpreter = pkgs.writeScript "interpreter"
               ''
-import sys
-
-_interactive = True
-if len(sys.argv) > 1:
-    _options, _args = __import__("getopt").getopt(sys.argv[1:], 'ic:m:')
-    _interactive = False
-    for (_opt, _val) in _options:
-        if _opt == '-i':
-            _interactive = True
-        elif _opt == '-c':
-            exec _val
-        elif _opt == '-m':
-            sys.argv[1:] = _args
-            _args = []
-            __import__("runpy").run_module(
-                 _val, {}, "__main__", alter_sys=True)
-
-    if _args:
-        sys.argv[:] = _args
-        __file__ = _args[0]
-        del _options, _args
-        execfile(__file__)
-
-if _interactive:
-    del _interactive
-    __import__("code").interact(banner="", local=globals())
+              import sys
+
+              _interactive = True
+              if len(sys.argv) > 1:
+                  _options, _args = __import__("getopt").getopt(sys.argv[1:], 'ic:m:')
+                  _interactive = False
+                  for (_opt, _val) in _options:
+                      if _opt == '-i':
+                          _interactive = True
+                      elif _opt == '-c':
+                          exec _val
+                      elif _opt == '-m':
+                          sys.argv[1:] = _args
+                          _args = []
+                          __import__("runpy").run_module(
+                              _val, {}, "__main__", alter_sys=True)
+
+                  if _args:
+                      sys.argv[:] = _args
+                      __file__ = _args[0]
+                      del _options, _args
+                      execfile(__file__)
+
+              if _interactive:
+                  del _interactive
+                  __import__("code").interact(banner="", local=globals())
               '';
             env = pkgs.buildEnv {
               name = "zope2-${name}-env";
@@ -149,73 +149,76 @@ if _interactive:
                 '';
             };
             conf = pkgs.writeText "zope2-${name}-conf"
-              ''%define INSTANCEHOME ${env}
-instancehome $INSTANCEHOME
-%define CLIENTHOME /var/lib/zope2/${name}
-clienthome $CLIENTHOME
-
-debug-mode off
-security-policy-implementation C
-verbose-security off
-default-zpublisher-encoding utf-8
-zserver-threads ${toString opts.threads}
-effective-user ${opts.user}
-
-pid-filename /var/lib/zope2/${name}/pid
-lock-filename /var/lib/zope2/${name}/lock
-python-check-interval 1000
-enable-product-installation off
-
-<environment>
-  zope_i18n_compile_mo_files false
-</environment>
-
-<eventlog>
-level INFO
-<logfile>
-    path /var/log/zope2/${name}.log
-    level INFO
-</logfile>
-</eventlog>
-
-<logger access>
-level WARN
-<logfile>
-    path /var/log/zope2/${name}-Z2.log
-    format %(message)s
-</logfile>
-</logger>
-
-<http-server>
-address ${opts.http_address}
-</http-server>
-
-<zodb_db temporary>
-<temporarystorage>
-    name temporary storage for sessioning
-</temporarystorage>
-mount-point /temp_folder
-container-class Products.TemporaryFolder.TemporaryContainer
-</zodb_db>
-
-${opts.extra}
+              ''
+              %define INSTANCEHOME ${env}
+              instancehome $INSTANCEHOME
+              %define CLIENTHOME /var/lib/zope2/${name}
+              clienthome $CLIENTHOME
+
+              debug-mode off
+              security-policy-implementation C
+              verbose-security off
+              default-zpublisher-encoding utf-8
+              zserver-threads ${toString opts.threads}
+              effective-user ${opts.user}
+
+              pid-filename /var/lib/zope2/${name}/pid
+              lock-filename /var/lib/zope2/${name}/lock
+              python-check-interval 1000
+              enable-product-installation off
+
+              <environment>
+                zope_i18n_compile_mo_files false
+              </environment>
+
+              <eventlog>
+              level INFO
+              <logfile>
+                  path /var/log/zope2/${name}.log
+                  level INFO
+              </logfile>
+              </eventlog>
+
+              <logger access>
+              level WARN
+              <logfile>
+                  path /var/log/zope2/${name}-Z2.log
+                  format %(message)s
+              </logfile>
+              </logger>
+
+              <http-server>
+              address ${opts.http_address}
+              </http-server>
+
+              <zodb_db temporary>
+              <temporarystorage>
+                  name temporary storage for sessioning
+              </temporarystorage>
+              mount-point /temp_folder
+              container-class Products.TemporaryFolder.TemporaryContainer
+              </zodb_db>
+
+              ${opts.extra}
               '';
             ctlScript = pkgs.writeScript "zope2-${name}-ctl-script"
-              ''#!${env}/bin/python
+              ''
+              #!${env}/bin/python
 
-import sys
-import plone.recipe.zope2instance.ctl
+              import sys
+              import plone.recipe.zope2instance.ctl
 
-if __name__ == '__main__':
-    sys.exit(plone.recipe.zope2instance.ctl.main(
-        ["-C", "${conf}"]
-        + sys.argv[1:]))
+              if __name__ == '__main__':
+                  sys.exit(plone.recipe.zope2instance.ctl.main(
+                      ["-C", "${conf}"]
+                      + sys.argv[1:]))
               '';
 
             ctl = pkgs.writeScript "zope2-${name}-ctl"
-              ''#!${pkgs.bash}/bin/bash -e
-export PYTHONHOME=${env}
-exec ${ctlScript} "$@"
+              ''
+              #!${pkgs.bash}/bin/bash -e
+              export PYTHONHOME=${env}
+              exec ${ctlScript} "$@"
               '';
           in {
             description = "zope2 ${name} instance";
diff --git a/nixos/modules/services/x11/redshift.nix b/nixos/modules/services/x11/redshift.nix
new file mode 100644
index 00000000000..bf7f974edc7
--- /dev/null
+++ b/nixos/modules/services/x11/redshift.nix
@@ -0,0 +1,51 @@
+{ config, pkgs, ... }:
+with pkgs.lib;
+let
+  cfg = config.services.redshift;
+
+in {
+  options = {
+    services.redshift.enable = mkOption {
+      type = types.bool;
+      default = false;
+      example = true;
+      description = "Enable Redshift to change your screen's colour temperature depending on the time of day";
+    };
+
+    services.redshift.latitude = mkOption {
+      description = "Your current latitude";
+      type = types.string;
+    };
+
+    services.redshift.longitude = mkOption {
+      description = "Your current longitude";
+      type = types.string;
+    };
+
+    services.redshift.temperature = {
+      day = mkOption {
+        description = "Colour temperature to use during day time";
+        default = 5500;
+        type = types.int;
+      };
+      night = mkOption {
+        description = "Colour temperature to use during night time";
+        default = 3700;
+        type = types.int;
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.redshift = {
+      description = "Redshift colour temperature adjuster";
+      requires = [ "display-manager.service" ];
+      script = ''
+        ${pkgs.redshift}/bin/redshift \
+          -l ${cfg.latitude}:${cfg.longitude} \
+          -t ${toString cfg.temperature.day}:${toString cfg.temperature.night}
+      '';
+      environment = { DISPLAY = ":0"; };
+    };
+  };
+}
diff --git a/nixos/modules/services/x11/xserver.nix b/nixos/modules/services/x11/xserver.nix
index 02ba680255b..e391da5c572 100644
--- a/nixos/modules/services/x11/xserver.nix
+++ b/nixos/modules/services/x11/xserver.nix
@@ -232,8 +232,11 @@ in
       s3tcSupport = mkOption {
         default = false;
         description = ''
-          Make S2TC via libtxc_dxtn available to OpenGL drivers. Using
-          this library may require a patent license depending on your location.
+          Make S3TC(S3 Texture Compression) via libtxc_dxtn available
+          to OpenGL drivers. It is essential for many games to work
+          with FOSS GPU drivers.
+
+          Using this library may require a patent license depending on your location.
         '';
       };
 
diff --git a/nixos/modules/system/activation/activation-script.nix b/nixos/modules/system/activation/activation-script.nix
index dc017563217..ff3c844030b 100644
--- a/nixos/modules/system/activation/activation-script.nix
+++ b/nixos/modules/system/activation/activation-script.nix
@@ -44,8 +44,12 @@ in
       };
 
       description = ''
-        Activate the new configuration (i.e., update /etc, make accounts,
-        and so on).
+        A set of shell script fragments that are executed when a NixOS
+        system configuration is activated.  Examples are updating
+        /etc, creating accounts, and so on.  Since these are executed
+        every time you boot the system or run
+        <command>nixos-rebuild</command>, it's important that they are
+        idempotent and fast.
       '';
 
       merge = mergeTypedOption "script" builtins.isAttrs (fold mergeAttrs {});
diff --git a/nixos/modules/system/activation/top-level.nix b/nixos/modules/system/activation/top-level.nix
index 32157e41985..a04914bedaf 100644
--- a/nixos/modules/system/activation/top-level.nix
+++ b/nixos/modules/system/activation/top-level.nix
@@ -122,6 +122,7 @@ in
   options = {
 
     system.build = mkOption {
+      internal = true;
       default = {};
       description = ''
         Attribute set of derivations used to setup the system.
@@ -144,6 +145,7 @@ in
     };
 
     system.boot.loader.id = mkOption {
+      internal = true;
       default = "";
       description = ''
         Id string of the used bootloader.
@@ -151,6 +153,7 @@ in
     };
 
     system.boot.loader.kernelFile = mkOption {
+      internal = true;
       default = pkgs.stdenv.platform.kernelTarget;
       type = types.uniq types.string;
       description = ''
@@ -169,8 +172,8 @@ in
     };
 
     system.extraSystemBuilderCmds = mkOption {
-      default = "";
       internal = true;
+      default = "";
       merge = concatStringsSep "\n";
       description = ''
         This code will be added to the builder creating the system store path.
diff --git a/nixos/modules/system/boot/loader/grub/grub.nix b/nixos/modules/system/boot/loader/grub/grub.nix
index c7c1f675c77..955235da70f 100644
--- a/nixos/modules/system/boot/loader/grub/grub.nix
+++ b/nixos/modules/system/boot/loader/grub/grub.nix
@@ -86,12 +86,6 @@ in
         '';
       };
 
-      # !!! How can we mark options as obsolete?
-      bootDevice = mkOption {
-        default = "";
-        description = "Obsolete.";
-      };
-
       configurationName = mkOption {
         default = "";
         example = "Stable 2.6.21";
@@ -173,15 +167,7 @@ in
       };
 
       splashImage = mkOption {
-        default =
-          if cfg.version == 1
-          then pkgs.fetchurl {
-            url = http://www.gnome-look.org/CONTENT/content-files/36909-soft-tux.xpm.gz;
-            sha256 = "14kqdx2lfqvh40h6fjjzqgff1mwk74dmbjvmqphi6azzra7z8d59";
-          }
-          # GRUB 1.97 doesn't support gzipped XPMs.
-          else ./winkler-gnu-blue-640x480.png;
-        example = null;
+        example = literalExample "./my-background.png";
         description = ''
           Background image used for GRUB.  It must be a 640x480,
           14-colour image in XPM format, optionally compressed with
@@ -233,30 +219,43 @@ in
 
   ###### implementation
 
-  config = mkIf cfg.enable {
+  config = mkMerge [
 
-    boot.loader.grub.devices = optional (cfg.device != "") cfg.device;
+    { boot.loader.grub.splashImage = mkDefault (
+        if cfg.version == 1 then pkgs.fetchurl {
+          url = http://www.gnome-look.org/CONTENT/content-files/36909-soft-tux.xpm.gz;
+          sha256 = "14kqdx2lfqvh40h6fjjzqgff1mwk74dmbjvmqphi6azzra7z8d59";
+        }
+        # GRUB 1.97 doesn't support gzipped XPMs.
+        else ./winkler-gnu-blue-640x480.png);
+    }
 
-    system.build.installBootLoader =
-      if cfg.devices == [] then
-        throw "You must set the ‘boot.loader.grub.device’ option to make the system bootable."
-      else
-        "PERL5LIB=${makePerlPath [ pkgs.perlPackages.XMLLibXML pkgs.perlPackages.XMLSAX ]} " +
-        "${pkgs.perl}/bin/perl ${./install-grub.pl} ${grubConfig}";
+    (mkIf cfg.enable {
 
-    system.build.grub = grub;
+      boot.loader.grub.devices = optional (cfg.device != "") cfg.device;
 
-    # Common attribute for boot loaders so only one of them can be
-    # set at once.
-    system.boot.loader.id = "grub";
+      system.build.installBootLoader =
+        if cfg.devices == [] then
+          throw "You must set the ‘boot.loader.grub.device’ option to make the system bootable."
+        else
+          "PERL5LIB=${makePerlPath [ pkgs.perlPackages.XMLLibXML pkgs.perlPackages.XMLSAX ]} " +
+          "${pkgs.perl}/bin/perl ${./install-grub.pl} ${grubConfig}";
 
-    environment.systemPackages = [ grub ];
+      system.build.grub = grub;
 
-    boot.loader.grub.extraPrepareConfig =
-      concatStrings (mapAttrsToList (n: v: ''
-        ${pkgs.coreutils}/bin/cp -pf "${v}" "/boot/${n}"
-      '') config.boot.loader.grub.extraFiles);
+      # Common attribute for boot loaders so only one of them can be
+      # set at once.
+      system.boot.loader.id = "grub";
 
-  };
+      environment.systemPackages = [ grub ];
+
+      boot.loader.grub.extraPrepareConfig =
+        concatStrings (mapAttrsToList (n: v: ''
+          ${pkgs.coreutils}/bin/cp -pf "${v}" "/boot/${n}"
+        '') config.boot.loader.grub.extraFiles);
+
+    })
+
+  ];
 
 }
diff --git a/nixos/modules/system/boot/luksroot.nix b/nixos/modules/system/boot/luksroot.nix
index 29f5eb4fd77..ba357f5d2de 100644
--- a/nixos/modules/system/boot/luksroot.nix
+++ b/nixos/modules/system/boot/luksroot.nix
@@ -44,12 +44,9 @@ in
 {
 
   options = {
-    boot.initrd.luks.enable = mkOption {
-      default = false;
-      description = "Obsolete.";
-    };
 
     boot.initrd.luks.mitigateDMAAttacks = mkOption {
+      type = types.bool;
       default = true;
       description = ''
         Unless enabled, encryption keys can be easily recovered by an attacker with physical
@@ -62,6 +59,7 @@ in
     };
 
     boot.initrd.luks.cryptoModules = mkOption {
+      type = types.listOf types.string;
       default =
         [ "aes" "aes_generic" "blowfish" "twofish"
           "serpent" "cbc" "xts" "lrw" "sha1" "sha256" "sha512"
@@ -142,7 +140,9 @@ in
         };
 
       };
+
     };
+
   };
 
   config = mkIf (luks.devices != []) {
diff --git a/nixos/modules/virtualisation/libvirtd.nix b/nixos/modules/virtualisation/libvirtd.nix
index 52dab153094..280143d4e3f 100644
--- a/nixos/modules/virtualisation/libvirtd.nix
+++ b/nixos/modules/virtualisation/libvirtd.nix
@@ -61,7 +61,7 @@ in
   config = mkIf cfg.enable {
 
     environment.systemPackages =
-      [ pkgs.libvirt ]
+      [ pkgs.libvirt pkgs.netcat-openbsd ]
        ++ optional cfg.enableKVM pkgs.qemu_kvm;
 
     boot.kernelModules = [ "tun" ];
diff --git a/nixos/release.nix b/nixos/release.nix
index e19403eccb6..866a992f79a 100644
--- a/nixos/release.nix
+++ b/nixos/release.nix
@@ -16,7 +16,9 @@ let
 
 
   versionModule =
-    { system.nixosVersionSuffix = versionSuffix;  };
+    { system.nixosVersionSuffix = versionSuffix;
+      system.nixosRevision = nixpkgs.rev or nixpkgs.shortRev;
+    };
 
 
   makeIso =
@@ -73,7 +75,7 @@ let
         };
 
 
-in {
+in rec {
 
   channel =
     pkgs.releaseTools.makeSourceTarball {
@@ -91,6 +93,7 @@ in {
       distPhase = ''
         rm -rf .git
         echo -n $VERSION_SUFFIX > .version-suffix
+        echo -n ${nixpkgs.rev or nixpkgs.shortRev} > .git-revision
         releaseName=nixos-$VERSION$VERSION_SUFFIX
         mkdir -p $out/tarballs
         mkdir ../$releaseName
@@ -106,18 +109,8 @@ in {
     };
 
 
-  manual =
-    (import ./doc/manual {
-      inherit pkgs;
-      options =
-        (import lib/eval-config.nix {
-          modules = [
-            { fileSystems = [];
-              boot.loader.grub.device = "/dev/sda";
-            } ];
-        }).options;
-      revision = toString (nixpkgs.rev or nixpkgs.shortRev);
-    }).manual;
+  manual = iso_minimal.x86_64-linux.config.system.build.manual.manual;
+  manpages = iso_minimal.x86_64-linux.config.system.build.manual.manpages;
 
 
   iso_minimal = pkgs.lib.genAttrs systems (system: makeIso {
diff --git a/nixos/tests/default.nix b/nixos/tests/default.nix
index 16d45126de1..ce5776c8e46 100644
--- a/nixos/tests/default.nix
+++ b/nixos/tests/default.nix
@@ -21,11 +21,12 @@ with import ../lib/testing.nix { inherit system minimal; };
   #mpich = makeTest (import ./mpich.nix);
   mysql = makeTest (import ./mysql.nix);
   mysql_replication = makeTest (import ./mysql-replication.nix);
+  munin = makeTest (import ./munin.nix);
   nat = makeTest (import ./nat.nix);
   nfs3 = makeTest (import ./nfs.nix { version = 3; });
   #nfs4 = makeTest (import ./nfs.nix { version = 4; });
   openssh = makeTest (import ./openssh.nix);
-  partition = makeTest (import ./partition.nix);
+  #partition = makeTest (import ./partition.nix);
   printing = makeTest (import ./printing.nix);
   proxy = makeTest (import ./proxy.nix);
   quake3 = makeTest (import ./quake3.nix);
diff --git a/nixos/tests/munin.nix b/nixos/tests/munin.nix
new file mode 100644
index 00000000000..66ae1c0d87f
--- /dev/null
+++ b/nixos/tests/munin.nix
@@ -0,0 +1,31 @@
+{ pkgs, ... }:
+
+# This test runs basic munin setup with node and cron job running on the same
+# machine.
+
+{
+  nodes = { 
+    one =
+      { config, pkgs, ... }:
+        { 
+          services = {
+           munin-node.enable = true;
+           munin-cron = {
+             enable = true;
+             hosts = ''
+               [${config.networking.hostName}]
+               address localhost
+             '';
+           };
+          };
+        };
+    };
+  
+  testScript = ''
+    startAll;
+  
+    $one->waitForUnit("munin-node.service");
+    $one->waitForFile("/var/lib/munin/one/one-uptime-uptime-g.rrd");
+    $one->waitForFile("/var/www/munin/one/index.html");
+  '';
+}
diff --git a/pkgs/applications/audio/audacious/default.nix b/pkgs/applications/audio/audacious/default.nix
index 6846607d61d..f9a8d075241 100644
--- a/pkgs/applications/audio/audacious/default.nix
+++ b/pkgs/applications/audio/audacious/default.nix
@@ -1,28 +1,28 @@
 { stdenv, fetchurl, pkgconfig, glib, gtk3, libmowgli, libmcs
 , gettext, dbus_glib, libxml2, libmad, xlibs, alsaLib, libogg
-, libvorbis, libcdio, libcddb, flac, ffmpeg
+, libvorbis, libcdio, libcddb, flac, ffmpeg, makeWrapper
 }:
 
 let
-  version = "3.3.4";
+  version = "3.4.1";
 in
 stdenv.mkDerivation {
   name = "audacious-${version}";
 
   src = fetchurl {
     url = "http://distfiles.audacious-media-player.org/audacious-${version}.tar.bz2";
-    sha256 = "19zw4yj8g4fvxkv0ql8v8vgxzldxl1fzig239zzv88mpnvwxn737";
+    sha256 = "0wf99b0nrk90fyak4gpwi076qnsrmv1j8958cvi57rxig21lvvap";
   };
 
   pluginsSrc = fetchurl {
     url = "http://distfiles.audacious-media-player.org/audacious-plugins-${version}.tar.bz2";
-    sha256 = "1l5g0zq73qp1hlrf4xsaj0n3hg0asrp7169531jgpncjn15dhvdn";
+    sha256 = "02ivrxs6109nmmz9pkbf9dkm36s2lyp9vfv59sm0acxxd4db71md";
   };
 
   buildInputs =
     [ gettext pkgconfig glib gtk3 libmowgli libmcs libxml2 dbus_glib
       libmad xlibs.libXcomposite libogg libvorbis flac alsaLib libcdio
-      libcddb ffmpeg
+      libcddb ffmpeg makeWrapper
     ];
 
   # Here we build bouth audacious and audacious-plugins in one
@@ -44,7 +44,16 @@ stdenv.mkDerivation {
         src=$pluginsSrc
         genericBuild
       )
+
+      (
+        source $stdenv/setup
+        # gsettings schemas for file dialogues
+        for file in "$out"/bin/*; do
+          wrapProgram "$file" --prefix XDG_DATA_DIRS : "$XDG_ADD"
+        done
+      )
     '';
+  XDG_ADD = gtk3 + "/share";
 
   enableParallelBuilding = true;
 
diff --git a/pkgs/applications/audio/spotify/default.nix b/pkgs/applications/audio/spotify/default.nix
index f4d264c0d8f..615ee6a93cc 100644
--- a/pkgs/applications/audio/spotify/default.nix
+++ b/pkgs/applications/audio/spotify/default.nix
@@ -1,9 +1,11 @@
-{ fetchurl, stdenv, dpkg, xlibs, qt4, alsaLib, makeWrapper, openssl, freetype, glib, pango, cairo, atk, gdk_pixbuf, gtk, cups, nspr, nss, libpng, GConf, libgcrypt, chromium, sqlite, gst_plugins_base, gstreamer }:
+{ fetchurl, stdenv, dpkg, xlibs, qt4, alsaLib, makeWrapper, openssl, freetype
+, glib, pango, cairo, atk, gdk_pixbuf, gtk, cups, nspr, nss, libpng, GConf
+, libgcrypt, chromium, sqlite, gst_plugins_base, gstreamer, udev }:
 
 assert stdenv.system == "i686-linux" || stdenv.system == "x86_64-linux";
 
 let
-  version = "0.9.1.55";
+  version = "0.9.4.183";
   qt4webkit =
     if stdenv.system == "i686-linux" then
       fetchurl {
@@ -25,13 +27,13 @@ stdenv.mkDerivation {
   src =
     if stdenv.system == "i686-linux" then
       fetchurl {
-        url = "http://repository.spotify.com/pool/non-free/s/spotify/spotify-client_${version}.gbdd3b79.203-1_i386.deb";
-        sha256 = "1sls4gb85700126bbk4sz73ipa2rjcinmpnsi78q0bsdj365y2wc";
+        url = "http://repository.spotify.com/pool/non-free/s/spotify/spotify-client_${version}.g644e24e.428-1_i386.deb";
+        sha256 = "1wl6v5x8vm74h5lxp8fhvmih8l122aadsf1qxvpk0k3y6mbx0ifa";
       }
     else if stdenv.system == "x86_64-linux" then
       fetchurl {
-        url = "http://repository.spotify.com/pool/non-free/s/spotify/spotify-client_${version}.gbdd3b79.203-1_amd64.deb";
-        sha256 = "10pzj3p8bjbxh9nnm4qc5s1hn9nh7hgh3vbwm0xblj9rn71wl03y";
+        url = "http://repository.spotify.com/pool/non-free/s/spotify/spotify-client_${version}.g644e24e.428-1_amd64.deb";
+        sha256 = "1yniln6iswrrrny01qr2w5zcvam0vnrvy9mwbnk9i14i2ch0f3fx";
       }
     else throw "Spotify not supported on this platform.";
 
@@ -57,12 +59,15 @@ stdenv.mkDerivation {
       ln -s ${nspr}/lib/libnspr4.so $out/lib/libnspr4.so.0d
       ln -s ${nspr}/lib/libplc4.so $out/lib/libplc4.so.0d
 
+      # Work around Spotify trying to open libudev.so.0 (which we don't have)
+      ln -s ${udev}/lib/libudev.so.1 $out/lib/libudev.so.0
+
       mkdir -p $out/bin
 
       ln -s $out/spotify-client/spotify $out/bin/spotify
       patchelf \
         --interpreter "$(cat $NIX_GCC/nix-support/dynamic-linker)" \
-        --set-rpath $out/lib:$out/spotify-client:${stdenv.lib.makeLibraryPath [ xlibs.libXScrnSaver xlibs.libX11 qt4 alsaLib stdenv.gcc.gcc freetype glib pango cairo atk gdk_pixbuf gtk GConf cups sqlite]}:${stdenv.gcc.gcc}/lib64 \
+        --set-rpath $out/spotify-client/Data:$out/lib:$out/spotify-client:${stdenv.lib.makeLibraryPath [ xlibs.libXScrnSaver xlibs.libX11 qt4 alsaLib stdenv.gcc.gcc freetype glib pango cairo atk gdk_pixbuf gtk GConf cups sqlite]}:${stdenv.gcc.gcc}/lib64 \
         $out/spotify-client/spotify
 
       dpkg-deb -x ${qt4webkit} ./
@@ -74,23 +79,20 @@ stdenv.mkDerivation {
       gcc -shared ${./preload.c} -o $preload -ldl -DOUT=\"$out\" -fPIC
 
       wrapProgram $out/bin/spotify --set LD_PRELOAD $preload --prefix LD_LIBRARY_PATH : "${stdenv.lib.makeLibraryPath [ GConf libpng cups libgcrypt sqlite gst_plugins_base gstreamer]}:$out/lib"
+
+      # Desktop file
+      mkdir -p "$out/share/applications/"
+      cp "$out/spotify-client/spotify.desktop" "$out/share/applications/"
+      sed -i "s|Icon=.*|Icon=$out/spotify-client/Icons/spotify-linux-512.png|" "$out/share/applications/spotify.desktop"
     ''; # */
 
   dontStrip = true;
   dontPatchELF = true;
 
   meta = {
-    homepage = https://www.spotify.com/download/previews/;
+    homepage = https://www.spotify.com/;
     description = "Spotify for Linux allows you to play music from the Spotify music service";
     license = "unfree";
     maintainers = [ stdenv.lib.maintainers.eelco ];
-
-    longDescription =
-      ''
-        Spotify is a digital music streaming service.  This package
-        provides the Spotify client for Linux.  At present, it does not
-        work with free Spotify accounts; it requires a Premium or
-        Unlimited account.
-      '';
   };
 }
diff --git a/pkgs/applications/editors/emacs-24/default.nix b/pkgs/applications/editors/emacs-24/default.nix
index 0dcb585e12e..18e263dae67 100644
--- a/pkgs/applications/editors/emacs-24/default.nix
+++ b/pkgs/applications/editors/emacs-24/default.nix
@@ -46,11 +46,12 @@ stdenv.mkDerivation rec {
                           (append (reverse (mapcar (lambda (x) (concat x "/share/emacs/site-lisp/"))
                                                    (split-string (getenv "NIX_PROFILES"))))
                            load-path)))
+        
+    ;; make tramp work for NixOS machines
+    (eval-after-load 'tramp '(add-to-list 'tramp-remote-path "/run/current-system/sw/bin"))
     EOF
   '';
 
-
-
   doCheck = true;
 
   meta = with stdenv.lib; {
diff --git a/pkgs/applications/misc/synergy/cryptopp.patch b/pkgs/applications/misc/synergy/cryptopp.patch
index f20ef9544a2..d0aebb87261 100644
--- a/pkgs/applications/misc/synergy/cryptopp.patch
+++ b/pkgs/applications/misc/synergy/cryptopp.patch
@@ -20,10 +20,10 @@ index 3b61fc0..2206646 100644
  
  if (WIN32)
  	# add /analyze in order to unconver potential bugs in the source code
-diff --git a/src/lib/synergy/CCryptoMode.h b/src/lib/synergy/CCryptoMode.h
+diff --git a/src/lib/io/CCryptoMode.h b/src/lib/io/CCryptoMode.h
 index 9b7e8ad..0d659ac 100644
---- a/src/lib/synergy/CCryptoMode.h
-+++ b/src/lib/synergy/CCryptoMode.h
+--- a/src/lib/io/CCryptoMode.h
++++ b/src/lib/io/CCryptoMode.h
 @@ -17,9 +17,9 @@
  
  #pragma once
@@ -37,10 +37,10 @@ index 9b7e8ad..0d659ac 100644
  #include "ECryptoMode.h"
  #include "CString.h"
  
-diff --git a/src/lib/synergy/CCryptoStream.h b/src/lib/synergy/CCryptoStream.h
+diff --git a/src/lib/io/CCryptoStream.h b/src/lib/io/CCryptoStream.h
 index 104b1f6..09c4dc4 100644
---- a/src/lib/synergy/CCryptoStream.h
-+++ b/src/lib/synergy/CCryptoStream.h
+--- a/src/lib/io/CCryptoStream.h
++++ b/src/lib/io/CCryptoStream.h
 @@ -20,8 +20,8 @@
  #include "BasicTypes.h"
  #include "CStreamFilter.h"
diff --git a/pkgs/applications/misc/synergy/default.nix b/pkgs/applications/misc/synergy/default.nix
index 0b3734ea147..c01d67943e5 100644
--- a/pkgs/applications/misc/synergy/default.nix
+++ b/pkgs/applications/misc/synergy/default.nix
@@ -7,11 +7,11 @@ assert !stdenv.isLinux -> unzip != null;
 with stdenv.lib;
 
 stdenv.mkDerivation rec {
-  name = "synergy-1.4.12";
+  name = "synergy-1.4.15";
 
   src = fetchurl {
-  	url = "http://synergy.googlecode.com/files/${name}-Source.tar.gz";
-  	sha256 = "0j884skwqy8r8ckj9a4rlwsbjwb1yrj9wqma1nwhr2inff6hrdim";
+    url = "http://synergy.googlecode.com/files/${name}-Source.tar.gz";
+    sha256 = "0l1mxxky9hacyva0npzkgkwg4wkmihzq3abdrds0w5f6is44adv4";
   };
 
   patches = optional stdenv.isLinux ./cryptopp.patch;
diff --git a/pkgs/applications/misc/urlview/default.nix b/pkgs/applications/misc/urlview/default.nix
new file mode 100644
index 00000000000..02d26f66001
--- /dev/null
+++ b/pkgs/applications/misc/urlview/default.nix
@@ -0,0 +1,39 @@
+{ stdenv, fetchurl, ncurses, automake111x, autoreconfHook }:
+
+stdenv.mkDerivation rec {
+  version    = "0.9";
+  patchLevel = "19";
+
+  name = "urlview-${version}-${patchLevel}";
+
+  urlBase = "mirror://debian/pool/main/u/urlview/";
+
+  src = fetchurl {
+    url = urlBase + "urlview_${version}.orig.tar.gz";
+    sha256 = "746ff540ccf601645f500ee7743f443caf987d6380e61e5249fc15f7a455ed42";
+  };
+
+  buildInputs = [ ncurses automake111x autoreconfHook ];
+
+  preAutoreconf = ''
+    touch NEWS
+  '';
+
+  preConfigure = ''
+    mkdir -p $out/share/man/man1
+  '';
+
+  debianPatches = fetchurl {
+    url = urlBase + "urlview_${version}-${patchLevel}.diff.gz";
+    sha256 = "056883c17756f849fb9235596d274fbc5bc0d944fcc072bdbb13d1e828301585";
+  };
+
+  patches = debianPatches;
+
+  meta = {
+    description = "Extract URLs from text";
+    homepage = http://packages.qa.debian.org/u/urlview.html;
+    licencse = stdenv.lib.licenses.gpl2;
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/applications/misc/xpdf/default.nix b/pkgs/applications/misc/xpdf/default.nix
index 5218df77595..fdcdd4770d0 100644
--- a/pkgs/applications/misc/xpdf/default.nix
+++ b/pkgs/applications/misc/xpdf/default.nix
@@ -18,26 +18,20 @@ stdenv.mkDerivation {
   };
 
   buildInputs =
-    (if enableGUI then [x11 motif] else []) ++
-    (if useT1Lib then [t1lib] else []);
+    stdenv.lib.optionals enableGUI [x11 motif] ++
+    stdenv.lib.optional useT1Lib t1lib ++
+    stdenv.lib.optional enablePDFtoPPM freetype;
 
   # Debian uses '-fpermissive' to bypass some errors on char* constantness.
   CXXFLAGS = "-O2 -fpermissive";
 
-  configureFlags =
-    "--infodir=$out/share/info --mandir=$out/share/man --enable-a4-paper"
-    + (if enablePDFtoPPM then
-         " --with-freetype2-library=${freetype}/lib"
-         + " --with-freetype2-includes=${freetype}/include/freetype2"
-       else "");
-
-  postInstall = "
-    if test -n \"${base14Fonts}\"; then
-      substituteInPlace $out/etc/xpdfrc \\
-        --replace /usr/local/share/ghostscript/fonts ${base14Fonts} \\
-        --replace '#fontFile' fontFile
-    fi
-  ";
+  configureFlags = "--enable-a4-paper";
+
+  postInstall = stdenv.lib.optionalString (base14Fonts != null) ''
+    substituteInPlace $out/etc/xpdfrc \
+      --replace /usr/local/share/ghostscript/fonts ${base14Fonts} \
+      --replace '#fontFile' fontFile
+  '';
 
   meta = {
     homepage = "http://www.foolabs.com/xpdf/";
diff --git a/pkgs/applications/networking/browsers/chromium/sources.nix b/pkgs/applications/networking/browsers/chromium/sources.nix
index 96c58ef8e9c..ae49890caf3 100644
--- a/pkgs/applications/networking/browsers/chromium/sources.nix
+++ b/pkgs/applications/networking/browsers/chromium/sources.nix
@@ -1,18 +1,18 @@
 # This file is autogenerated from update.sh in the same directory.
 {
   dev = {
-    version = "31.0.1650.4";
-    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-31.0.1650.4.tar.xz";
-    sha256 = "1i61izfn06ldxkgdrisdibbn5hrghyjslf81yszpw69k0z87k3lm";
+    version = "32.0.1671.3";
+    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-32.0.1671.3.tar.xz";
+    sha256 = "0bv86ig3mrd95zh78880bcyh9b8w46s7slxq3mwwmrmqp0s8qaq0";
   };
   beta = {
-    version = "30.0.1599.66";
-    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-30.0.1599.66.tar.xz";
-    sha256 = "092ps4y4s544lswrqqk8qij5n7ax4bsfl5vdj5cwfncvsqpjds4g";
+    version = "31.0.1650.26";
+    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-31.0.1650.26.tar.xz";
+    sha256 = "14jvbjn7nsc4psi7n6rjsb5d930k4jawbgqlx3hkhmkz5nhbrplx";
   };
   stable = {
-    version = "30.0.1599.66";
-    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-30.0.1599.66.tar.xz";
-    sha256 = "092ps4y4s544lswrqqk8qij5n7ax4bsfl5vdj5cwfncvsqpjds4g";
+    version = "30.0.1599.101";
+    url = "http://commondatastorage.googleapis.com/chromium-browser-official/chromium-30.0.1599.101.tar.xz";
+    sha256 = "0bd49k9qpycpp4z230pqwsi22565lzhyq59js34baawjqql6ynfr";
   };
 }
diff --git a/pkgs/applications/networking/browsers/dwb/default.nix b/pkgs/applications/networking/browsers/dwb/default.nix
index b120ebcac54..0421a8a6c6a 100644
--- a/pkgs/applications/networking/browsers/dwb/default.nix
+++ b/pkgs/applications/networking/browsers/dwb/default.nix
@@ -6,8 +6,8 @@ stdenv.mkDerivation {
 
   src = fetchgit {
     url = "https://bitbucket.org/portix/dwb.git";
-    rev = "4a4c3adb8fbc680a0a2b8c9d3d3a4105c07c2514";
-    sha256 = "93e8f2c82609447d54a3c139c153cc66d37d3c6aa8922cd09717caa95fd8b1d5";
+    rev = "84a8621787baded72e84afdd5cdda278cb81e007";
+    sha256 = "5a32f3c21ad59b43935a16108244f84d260fafaea9b93d41e8de9ba9089ee7b0";
   };
 
   buildInputs = [ pkgconfig makeWrapper libsoup webkit gtk3 gnutls json_c m4  ];
@@ -21,6 +21,8 @@ stdenv.mkDerivation {
     wrapProgram "$out/bin/dwb" \
      --prefix GIO_EXTRA_MODULES : "${glib_networking}/lib/gio/modules" \
      --prefix XDG_DATA_DIRS : "${gsettings_desktop_schemas}/share:$out/share"
+    wrapProgram "$out/bin/dwbem" \
+     --prefix GIO_EXTRA_MODULES : "${glib_networking}/lib/gio/modules"
   '';
 
   meta = {
diff --git a/pkgs/applications/networking/browsers/mozilla-plugins/fribid/builder.sh b/pkgs/applications/networking/browsers/mozilla-plugins/fribid/builder.sh
new file mode 100644
index 00000000000..fb36125b3a1
--- /dev/null
+++ b/pkgs/applications/networking/browsers/mozilla-plugins/fribid/builder.sh
@@ -0,0 +1,4 @@
+source $stdenv/setup
+export PREFIX=$out
+configureFlags="--plugin-path=$out/lib/mozilla/plugins"
+genericBuild
diff --git a/pkgs/applications/networking/browsers/mozilla-plugins/fribid/default.nix b/pkgs/applications/networking/browsers/mozilla-plugins/fribid/default.nix
new file mode 100644
index 00000000000..7422654ec98
--- /dev/null
+++ b/pkgs/applications/networking/browsers/mozilla-plugins/fribid/default.nix
@@ -0,0 +1,31 @@
+{ stdenv, fetchurl, pkgconfig, openssl, glib, libX11, gtk3, gettext, intltool }:
+
+let version = "1.0.2"; in
+stdenv.mkDerivation rec {
+  name = "fribid-${version}";
+  builder = ./builder.sh;
+
+  src = fetchurl {
+    url = "https://fribid.se/releases/source/${name}.tar.bz2";
+    sha256 = "d7cd9adf04fedf50b266a5c14ddb427cbb263d3bc160ee0ade03aca9d5356e5c";
+  };
+
+  buildInputs = [ pkgconfig openssl libX11 gtk3 glib gettext intltool ];
+  patches = [
+    ./translation-xgettext-to-intltool.patch
+    ./plugin-linkfix.patch
+    ./emulated-version.patch
+    ./ipc-lazytrace.patch
+    ];
+
+  passthru.mozillaPlugin = "/lib/mozilla/plugins";
+
+  meta = {
+    description = "A browser plugin to manage Swedish BankID:s";
+    homepage = http://fribid.se;
+    licenses = [ "GPLv2" "MPLv1" ];
+    maintainers = [ stdenv.lib.maintainers.edwtjo ];
+    platforms = with stdenv.lib.platforms; linux;
+  };
+}
+
diff --git a/pkgs/applications/networking/browsers/mozilla-plugins/fribid/emulated-version.patch b/pkgs/applications/networking/browsers/mozilla-plugins/fribid/emulated-version.patch
new file mode 100644
index 00000000000..f730ad017b1
--- /dev/null
+++ b/pkgs/applications/networking/browsers/mozilla-plugins/fribid/emulated-version.patch
@@ -0,0 +1,12 @@
+--- a/common/defines.h  2012-11-14 18:02:43.000000000 +0100
++++ b/common/defines.h  2013-09-20 19:17:45.669290630 +0200
+@@ -39,7 +39,7 @@
+ #define RELEASE_TIME        1352912534
+ #define IPCVERSION          "10"
+ 
+-#define EMULATED_VERSION    "4.15.0.14"
++#define EMULATED_VERSION    "4.17.0.11" // Was 4.15.0.14
+ #define DNSVERSION          "2"
+ #define STATUSDOMAIN        ".status.fribid.se"
+ 
+
diff --git a/pkgs/applications/networking/browsers/mozilla-plugins/fribid/ipc-lazytrace.patch b/pkgs/applications/networking/browsers/mozilla-plugins/fribid/ipc-lazytrace.patch
new file mode 100644
index 00000000000..b7d05ddd0ef
--- /dev/null
+++ b/pkgs/applications/networking/browsers/mozilla-plugins/fribid/ipc-lazytrace.patch
@@ -0,0 +1,10 @@
+--- a/plugin/ipc.c	2012-11-14 18:02:43.000000000 +0100
++++ b/plugin/ipc.c	2013-09-21 08:55:39.960265058 +0200
+@@ -74,6 +74,7 @@
+         //close(pipeOut[PIPE_READ_END]);
+
+         execvp(mainBinary, (char *const *)argv);
++        fprintf(stderr, "Wanted signing executable\t<%s>\n", mainBinary);
+         perror(BINNAME ": Failed to execute main binary");
+         exit(1);
+     } else {
diff --git a/pkgs/applications/networking/browsers/mozilla-plugins/fribid/plugin-linkfix.patch b/pkgs/applications/networking/browsers/mozilla-plugins/fribid/plugin-linkfix.patch
new file mode 100644
index 00000000000..1128381238b
--- /dev/null
+++ b/pkgs/applications/networking/browsers/mozilla-plugins/fribid/plugin-linkfix.patch
@@ -0,0 +1,11 @@
+--- a/plugin/Makefile	2013-09-18 13:55:11.091652553 +0200
++++ b/plugin/Makefile	2013-09-18 13:58:27.513618750 +0200
+@@ -60,7 +60,7 @@
+ 	for path in $(NPAPI_PLUGIN_PATHS); do \
+ 	    (../configure --internal--remove-link $(DESTDIR)$$path/libfribidplugin.so $(NPAPI_PLUGIN_LIB) || exit 1) && \
+ 	    install -d $(DESTDIR)$$path && \
+-	    ln -sf $(NPAPI_PLUGIN_LIB) $(DESTDIR)$$path/libfribidplugin.so; \
++	    ln -sf $(DESTDIR)$(NPAPI_PLUGIN_LIB) $(DESTDIR)$$path/libfribidplugin.so; \
+ 	done
+
+ uninstall:
diff --git a/pkgs/applications/networking/browsers/mozilla-plugins/fribid/translation-xgettext-to-intltool.patch b/pkgs/applications/networking/browsers/mozilla-plugins/fribid/translation-xgettext-to-intltool.patch
new file mode 100644
index 00000000000..dcac4f17928
--- /dev/null
+++ b/pkgs/applications/networking/browsers/mozilla-plugins/fribid/translation-xgettext-to-intltool.patch
@@ -0,0 +1,16 @@
+--- a/translations/Makefile	2013-09-18 07:25:16.503800613 +0200
++++ b/translations/Makefile	2013-09-18 07:25:29.495869405 +0200
+@@ -38,7 +38,7 @@
+ all: template.pot $(MOFILES)
+
+ template.pot: $(POTFILES) $(DEFINES)
+-	xgettext -k_ -ktranslatable -d $(DOMAIN) --package-name=$(PACKAGENAME) --package-version=$(PACKAGEVERSION) --copyright-holder='YOUR NAME' -o $@ $(POTFILES)
++	intltool-update --gettext-package=$(PACKAGENAME) -o $@ sv
+
+ .po.mo:
+ 	msgfmt $< -o $@
+--- a/translations/POTFILES.in	2013-09-16 20:28:56.766106014 +0200
++++ b/translations/POTFILES.in	2013-09-18 13:15:05.252689648 +0200
+@@ -0,0 +1,2 @@
++client/gtk.c
++client/gtk/sign.glade
diff --git a/pkgs/applications/networking/dropbox/default.nix b/pkgs/applications/networking/dropbox/default.nix
index 4e911bc3345..99589a3d71b 100644
--- a/pkgs/applications/networking/dropbox/default.nix
+++ b/pkgs/applications/networking/dropbox/default.nix
@@ -2,7 +2,7 @@
 , libSM, libX11, libXext, libXcomposite, libXcursor, libXdamage
 , libXfixes, libXi, libXinerama, libXrandr, libXrender
 , dbus, dbus_glib, fontconfig, gcc, patchelf
-, atk, glib, gdk_pixbuf, gtk, pango
+, atk, glib, gdk_pixbuf, gtk, pango, zlib
 }:
 
 # this package contains the daemon version of dropbox
@@ -20,14 +20,14 @@ let
   arch = if stdenv.system == "x86_64-linux" then "x86_64"
     else if stdenv.system == "i686-linux" then "x86"
     else throw "Dropbox client for: ${stdenv.system} not supported!";
-    
+
   interpreter = if stdenv.system == "x86_64-linux" then "ld-linux-x86-64.so.2"
     else if stdenv.system == "i686-linux" then "ld-linux.so.2"
     else throw "Dropbox client for: ${stdenv.system} not supported!";
 
-  version = "1.4.21";
-  sha256 = if stdenv.system == "x86_64-linux" then "94073842f4a81feee80bca590e1df73fc3cab47ba879407ceba2de48f30d84e2"
-    else if stdenv.system == "i686-linux" then "121v92m20l73xjmzng3vmcp4zsp9mlbcfia73f5py5y74kndb2ap"
+  version = "2.4.3";
+  sha256 = if stdenv.system == "x86_64-linux" then "0g8iqgc18qbw8fvdjf0fhbal34rvwr5izrf5acfzqjg99dgih81r"
+    else if stdenv.system == "i686-linux" then "1nhmk319whj6cil6wg9hrfln9bxin3fnf6sxb0zg2ycfpnnqi0la"
     else throw "Dropbox client for: ${stdenv.system} not supported!";
 
   # relative location where the dropbox libraries are stored
@@ -40,7 +40,7 @@ let
       libSM libX11 libXext libXcomposite libXcursor libXdamage
       libXfixes libXi libXinerama libXrandr libXrender
       atk dbus dbus_glib glib fontconfig gcc gdk_pixbuf
-      gtk pango
+      gtk pango zlib
     ];
 
   desktopItem = makeDesktopItem {
diff --git a/pkgs/applications/science/logic/ekrhyper/default.nix b/pkgs/applications/science/logic/ekrhyper/default.nix
index 7ff1acb062b..c90099f495a 100644
--- a/pkgs/applications/science/logic/ekrhyper/default.nix
+++ b/pkgs/applications/science/logic/ekrhyper/default.nix
@@ -3,11 +3,11 @@ let
   s = # Generated upstream information
   rec {
     baseName="ekrhyper";
-    version="1_4_08022013";
+    version="1_4_30072013";
     name="${baseName}-${version}";
-    hash="0vni5pq1p99428ii3g13chiqxcs8k1fm6jlvg1jqh4qdcs42w7yb";
-    url="http://userpages.uni-koblenz.de/~bpelzer/ekrhyper/ekrh_1_4_08022013.tar.gz";
-    sha256="0vni5pq1p99428ii3g13chiqxcs8k1fm6jlvg1jqh4qdcs42w7yb";
+    hash="0ashsblm477r7dmq9f33wajkbr29rbyyc919mifdgrrdy6zlc663";
+    url="http://userpages.uni-koblenz.de/~bpelzer/ekrhyper/ekrh_1_4_30072013.tar.gz";
+    sha256="0ashsblm477r7dmq9f33wajkbr29rbyyc919mifdgrrdy6zlc663";
   };
   buildInputs = [
     ocaml perl
diff --git a/pkgs/applications/science/logic/eprover/default.nix b/pkgs/applications/science/logic/eprover/default.nix
index d36956d1375..35e70a4b0d7 100644
--- a/pkgs/applications/science/logic/eprover/default.nix
+++ b/pkgs/applications/science/logic/eprover/default.nix
@@ -3,11 +3,11 @@ let
   s = # Generated upstream information
   rec {
     baseName="eprover";
-    version="1.7";
+    version="1.8";
     name="${baseName}-${version}";
-    hash="1prkgjpg8lajcylz9nj2hfjxl3l42cqbfvilg30z9b5br14l36rh";
-    url="http://www4.in.tum.de/~schulz/WORK/E_DOWNLOAD/V_1.7/E.tgz";
-    sha256="1prkgjpg8lajcylz9nj2hfjxl3l42cqbfvilg30z9b5br14l36rh";
+    hash="0bl4dr7k6simwdvdyxhnjkiz4nm5y0nr8bfhc34zk0360i9m6sk3";
+    url="http://www4.in.tum.de/~schulz/WORK/E_DOWNLOAD/V_1.8/E.tgz";
+    sha256="0bl4dr7k6simwdvdyxhnjkiz4nm5y0nr8bfhc34zk0360i9m6sk3";
   };
 in
 stdenv.mkDerivation {
diff --git a/pkgs/applications/version-management/fossil/default.nix b/pkgs/applications/version-management/fossil/default.nix
index a1959eedba2..2a669729a9c 100644
--- a/pkgs/applications/version-management/fossil/default.nix
+++ b/pkgs/applications/version-management/fossil/default.nix
@@ -1,11 +1,11 @@
-{stdenv, fetchurl, zlib, openssl, tcl, readline, sqlite}:
+{stdenv, fetchurl, zlib, openssl, tcl, readline, sqlite, withJson ? true}:
 
 stdenv.mkDerivation {
-  name = "fossil-1.24";
+  name = "fossil-1.27";
 
   src = fetchurl {
-    url = http://www.fossil-scm.org/download/fossil-src-20121022124804.tar.gz;
-    sha256 = "0gcvcrd368acxd79gh7p7caicgqd0f076n0i2if63mg3b8ivz9im";
+    url = http://www.fossil-scm.org/download/fossil-src-20130911114349.tar.gz;
+    sha256 = "0n40z8bx2311i11zjx2x15lw3q8vzjwvfqzikrjlqnpal4vzd72f";
   };
 
   buildInputs = [ zlib openssl readline sqlite ];
@@ -14,6 +14,7 @@ stdenv.mkDerivation {
   doCheck = true;
 
   checkTarget = "test";
+  configureFlags = if withJson then  "--json" else  "";
 
   preBuild=''
     export USER=nonexistent-but-specified-user
diff --git a/pkgs/applications/virtualization/virt-manager/default.nix b/pkgs/applications/virtualization/virt-manager/default.nix
index d1e2a8b7883..de3e5c98d36 100644
--- a/pkgs/applications/virtualization/virt-manager/default.nix
+++ b/pkgs/applications/virtualization/virt-manager/default.nix
@@ -1,4 +1,5 @@
-{ stdenv, fetchurl, pythonPackages, intltool, libvirt, libxml2Python, curl, python, makeWrapper, virtinst, pyGtkGlade, pythonDBus, gnome_python, gtkvnc}:
+{ stdenv, fetchurl, pythonPackages, intltool, libvirt, libxml2Python, curl,
+  python, makeWrapper, virtinst, pyGtkGlade, pythonDBus, gnome_python, gtkvnc, vte}:
 
 with stdenv.lib;
 
@@ -18,7 +19,8 @@ stdenv.mkDerivation rec {
       distutils_extra simplejson readline glance cheetah lockfile httplib2
       # !!! should libvirt be a build-time dependency?  Note that
       # libxml2Python is a dependency of libvirt.py. 
-      libvirt libxml2Python urlgrabber virtinst pyGtkGlade pythonDBus gnome_python gtkvnc
+      libvirt libxml2Python urlgrabber virtinst pyGtkGlade pythonDBus gnome_python
+      gtkvnc vte
     ];
 
   buildInputs =
diff --git a/pkgs/applications/window-managers/compiz/default.nix b/pkgs/applications/window-managers/compiz/default.nix
index 46aa6e4d77e..02b7b9987bd 100644
--- a/pkgs/applications/window-managers/compiz/default.nix
+++ b/pkgs/applications/window-managers/compiz/default.nix
@@ -15,10 +15,11 @@ let
   s = # Generated upstream information
   rec {
     baseName="compiz";
-    version="0.9.9.0";
-    name="compiz-${version}";
-    url="https://launchpad.net/compiz/0.9.9/${version}/+download/${name}.tar.bz2";
-    sha256="0nxv9lv0zwzs82p2d5g38sbvzbqgfs837xdgwc26lh5wdv31d93s";
+    version="0.9.10.0";
+    name="${baseName}-${version}";
+    hash="0kvjib0ns02cikpsjq5hlf746yjx2gkfh373pvrb25lzv3rs1qax";
+    url="https://launchpad.net/compiz/0.9.10/0.9.10.0/+download/compiz-0.9.10.0.tar.bz2";
+    sha256="0kvjib0ns02cikpsjq5hlf746yjx2gkfh373pvrb25lzv3rs1qax";
   };
   buildInputs = [cmake pkgconfig
     libXrender renderproto gtk libwnck pango cairo
diff --git a/pkgs/build-support/fetchurl/mirrors.nix b/pkgs/build-support/fetchurl/mirrors.nix
index c4841c50d94..c6c294d5504 100644
--- a/pkgs/build-support/fetchurl/mirrors.nix
+++ b/pkgs/build-support/fetchurl/mirrors.nix
@@ -159,7 +159,7 @@ rec {
 
   # Debian.
   debian = [
-    ftp://ftp.au.debian.org/debian/
+    #ftp://ftp.au.debian.org/debian/
     ftp://ftp.de.debian.org/debian/
     ftp://ftp.es.debian.org/debian/
     ftp://ftp.fr.debian.org/debian/
diff --git a/pkgs/build-support/upstream-updater/urls-from-page.sh b/pkgs/build-support/upstream-updater/urls-from-page.sh
index d456794a563..aecf645eb81 100755
--- a/pkgs/build-support/upstream-updater/urls-from-page.sh
+++ b/pkgs/build-support/upstream-updater/urls-from-page.sh
@@ -9,6 +9,6 @@ relpath="${path#$server}"
  
 echo "URL: $url" >&2
 
-curl -L -k "$url" | sed -re 's/^/-/;s/[hH][rR][eE][fF]=("([^"]*)"|'\''([^'\'']*)'\''|([^"'\'' <>&]+)[ <>&])/\n+\2\3\4\n-/g' | \
+curl -A 'text/html; text/xhtml; text/xml; */*' -L -k "$url" | sed -re 's/^/-/;s/[hH][rR][eE][fF]=("([^"]*)"|'\''([^'\'']*)'\''|([^"'\'' <>&]+)[ <>&])/\n+\2\3\4\n-/g' | \
   sed -e '/^-/d; s/^[+]//; /^#/d;'"s/^\\//$protocol:\\/\\/$server\\//g" | \
   sed -re 's`^[^:]*$`'"$protocol://$basepath/&\`"
diff --git a/pkgs/build-support/vm/default.nix b/pkgs/build-support/vm/default.nix
index 996770d2fcc..0296c434d6f 100644
--- a/pkgs/build-support/vm/default.nix
+++ b/pkgs/build-support/vm/default.nix
@@ -514,7 +514,8 @@ rec {
 
       echo "%_topdir $rpmout" >> $HOME/.rpmmacros
 
-      rpmbuild -vv -ta "$srcName"
+      if [ `uname -m` = i686 ]; then extra="--target i686-linux"; fi
+      rpmbuild -vv $extra -ta "$srcName"
 
       eval "$postBuild"
     '';
@@ -937,6 +938,32 @@ rec {
       unifiedSystemDir = true;
     };
 
+    fedora19i386 = {
+      name = "fedora-19-i386";
+      fullName = "Fedora 19 (i386)";
+      packagesList = fetchurl {
+        url = mirror://fedora/linux/releases/19/Everything/i386/os/repodata/b72220bcdefff8b38de1c9029a630db4813e073f88c4b080ca274d133e0460d1-primary.xml.gz;
+        sha256 = "b72220bcdefff8b38de1c9029a630db4813e073f88c4b080ca274d133e0460d1";
+      };
+      urlPrefix = mirror://fedora/linux/releases/19/Everything/i386/os;
+      archs = ["noarch" "i386" "i586" "i686"];
+      packages = commonFedoraPackages ++ [ "cronie" "util-linux" ];
+      unifiedSystemDir = true;
+    };
+
+    fedora19x86_64 = {
+      name = "fedora-19-x86_64";
+      fullName = "Fedora 19 (x86_64)";
+      packagesList = fetchurl {
+        url = mirror://fedora/linux/releases/19/Everything/x86_64/os/repodata/d3f67da6461748f57a06459e6877fd07858828e256f58f032704186a65430fd3-primary.xml.gz;
+        sha256 = "d3f67da6461748f57a06459e6877fd07858828e256f58f032704186a65430fd3";
+      };
+      urlPrefix = mirror://fedora/linux/releases/19/Everything/x86_64/os;
+      archs = ["noarch" "x86_64"];
+      packages = commonFedoraPackages ++ [ "cronie" "util-linux" ];
+      unifiedSystemDir = true;
+    };
+
     opensuse103i386 = {
       name = "opensuse-10.3-i586";
       fullName = "openSUSE 10.3 (i586)";
@@ -1026,7 +1053,7 @@ rec {
 
   /* The set of supported Dpkg-based distributions. */
 
-  debDistros = {
+  debDistros = rec {
 
     # Interestingly, the SHA-256 hashes provided by Ubuntu in
     # http://nl.archive.ubuntu.com/ubuntu/dists/{gutsy,hardy}/Release are
@@ -1335,6 +1362,40 @@ rec {
       packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
     };
 
+    ubuntu1310i386 = {
+      name = "ubuntu-13.10-saucy-i386";
+      fullName = "Ubuntu 13.10 Saucy (i386)";
+      packagesLists =
+        [ (fetchurl {
+            url = mirror://ubuntu/dists/saucy/main/binary-i386/Packages.bz2;
+            sha256 = "9b35d44a737e6aa7e1cb5e2b52ba0ed8717c8820b3950c2e7ade07024db9c138";
+          })
+          (fetchurl {
+            url = mirror://ubuntu/dists/saucy/universe/binary-i386/Packages.bz2;
+            sha256 = "84ff81ef23bcece68bfc3dd4b0b1fd38e5b81ac90ad48b4e4210396b425da500";
+          })
+        ];
+      urlPrefix = mirror://ubuntu;
+      packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
+    };
+
+    ubuntu1310x86_64 = {
+      name = "ubuntu-13.10-saucy-amd64";
+      fullName = "Ubuntu 13.10 Saucy (amd64)";
+      packagesList =
+        [ (fetchurl {
+            url = mirror://ubuntu/dists/saucy/main/binary-amd64/Packages.bz2;
+            sha256 = "d000968f9653d7c25928002b0850fe2da97607682f63a351eb2c89896a219a12";
+          })
+          (fetchurl {
+            url = mirror://ubuntu/dists/saucy/universe/binary-amd64/Packages.bz2;
+            sha256 = "06ec77f2f5d6ee70ffb805affe3a6b3e8d5b6463fbfe42ba6588295c7e1f65bc";
+          })
+        ];
+      urlPrefix = mirror://ubuntu;
+      packages = commonDebPackages ++ [ "diffutils" "libc-bin" ];
+    };
+
     debian40i386 = {
       name = "debian-4.0r9-etch-i386";
       fullName = "Debian 4.0r9 Etch (i386)";
@@ -1380,44 +1441,48 @@ rec {
     };
 
     debian60i386 = {
-      name = "debian-6.0.7-squeeze-i386";
-      fullName = "Debian 6.0.7 Squeeze (i386)";
+      name = "debian-6.0.8-squeeze-i386";
+      fullName = "Debian 6.0.8 Squeeze (i386)";
       packagesList = fetchurl {
         url = mirror://debian/dists/squeeze/main/binary-i386/Packages.bz2;
-        sha256 = "a770f26b5fce1a16460b68f135dfe97f4f4a9894b538ece0104a508c83ec65d5";
+        sha256 = "c850339aaf46a4ed4abc7c1789c29ea58c3a152aa173ee004578fda86b28391f";
       };
       urlPrefix = mirror://debian;
       packages = commonDebianPackages;
     };
 
     debian60x86_64 = {
-      name = "debian-6.0.7-squeeze-amd64";
-      fullName = "Debian 6.0.7 Squeeze (amd64)";
+      name = "debian-6.0.8-squeeze-amd64";
+      fullName = "Debian 6.0.8 Squeeze (amd64)";
       packagesList = fetchurl {
         url = mirror://debian/dists/squeeze/main/binary-amd64/Packages.bz2;
-        sha256 = "b2bb561bde59ac67e07c70aa7c86a33f237436e6891796a93c6ed6ffb032080e";
+        sha256 = "1506ab7de3ad5a2c706183536d2ee88589d7cb922d9e0de36ac062d464082dda";
       };
       urlPrefix = mirror://debian;
       packages = commonDebianPackages;
     };
 
-    debian70i386 = {
-      name = "debian-7.1.0-wheezy-i386";
-      fullName = "Debian 7.1.0 Wheezy (i386)";
+    # Backward compatibility.
+    debian70i386 = debian7i386;
+    debian70x86_64 = debian7x86_64;
+
+    debian7i386 = {
+      name = "debian-7.2-wheezy-i386";
+      fullName = "Debian 7.2 Wheezy (i386)";
       packagesList = fetchurl {
         url = mirror://debian/dists/wheezy/main/binary-i386/Packages.bz2;
-        sha256 = "c2751c48805b41c3eddd31cfe92ffa46df13a7d6ce7896b8dc5ce4b2f7f329c5";
+        sha256 = "2e80242e323f233c40b3020b0f1a57d12df8a120ee82af88ff7032ba4688f97d";
       };
       urlPrefix = mirror://debian;
       packages = commonDebianPackages;
     };
 
-    debian70x86_64 = {
-      name = "debian-7.1.0-wheezy-amd64";
-      fullName = "Debian 7.1.0 Wheezy (amd64)";
+    debian7x86_64 = {
+      name = "debian-7.2-wheezy-amd64";
+      fullName = "Debian 7.2 Wheezy (amd64)";
       packagesList = fetchurl {
         url = mirror://debian/dists/wheezy/main/binary-amd64/Packages.bz2;
-        sha256 = "9b15b4348cadbcf170c9e83d6fbcb64efac2b787ebdfef16ba21dd70dfca0001";
+        sha256 = "adfc4cd3d3b855c73c9e2e12163a33c193f98c9bad25765080fa6136378a6e3b";
       };
       urlPrefix = mirror://debian;
       packages = commonDebianPackages;
@@ -1515,6 +1580,7 @@ rec {
     "curl"
     "patch"
     "locales"
+    "coreutils"
     # Needed by checkinstall:
     "util-linux"
     "file"
diff --git a/pkgs/data/documentation/man-pages/default.nix b/pkgs/data/documentation/man-pages/default.nix
index 15b49a2a99e..1b3454c8ce5 100644
--- a/pkgs/data/documentation/man-pages/default.nix
+++ b/pkgs/data/documentation/man-pages/default.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl }:
 
 stdenv.mkDerivation rec {
-  name = "man-pages-3.53";
+  name = "man-pages-3.54";
 
   src = fetchurl {
     url = "mirror://kernel/linux/docs/man-pages/${name}.tar.xz";
-    sha256 = "0kzkjfrw65f7bv6laz3jism4yqajmfh3vdq2jb5d6gyp4n14sxnl";
+    sha256 = "0rb75dl9hh4v2s95bcssy12j8qrbd2dmlzry68gphyxk5c7yipbl";
   };
 
   preBuild =
diff --git a/pkgs/data/fonts/lmodern/lmmath.nix b/pkgs/data/fonts/lmodern/lmmath.nix
index 651a84726af..90132272dd1 100644
--- a/pkgs/data/fonts/lmodern/lmmath.nix
+++ b/pkgs/data/fonts/lmodern/lmmath.nix
@@ -14,10 +14,10 @@ stdenv.mkDerivation {
   sourceRoot = ".";
 
   installPhase = ''
-    mkdir -p $out/texmf/fonts/opentype
+    mkdir -p $out/texmf-dist/fonts/opentype
     mkdir -p $out/share/fonts/opentype
 
-    cp *.{OTF,otf} $out/texmf/fonts/opentype/lmmath-regular.otf
+    cp *.{OTF,otf} $out/texmf-dist/fonts/opentype/lmmath-regular.otf
     cp *.{OTF,otf} $out/share/fonts/opentype/lmmath-regular.otf
 
     ln -s $out/texmf* $out/share/
diff --git a/pkgs/development/compilers/ats2/default.nix b/pkgs/development/compilers/ats2/default.nix
new file mode 100644
index 00000000000..074fc4f334f
--- /dev/null
+++ b/pkgs/development/compilers/ats2/default.nix
@@ -0,0 +1,19 @@
+{ stdenv, fetchurl, gmp }:
+
+let version = "0.0.3"; in stdenv.mkDerivation {
+  name = "ats2-postiats-${version}";
+
+  src = fetchurl {
+    url = "mirror://sourceforge/ats2-lang/ATS2-Postiats-${version}.tgz";
+    sha256 = "0hq63zrmm92j5ffnsmylhhllm8kgjpjkaj4xvzz1zlshz39lijxp";
+  };
+
+  buildInputs = [ gmp ];
+
+  meta = {
+    description = "A statically typed programming language that unifies implementation with formal specification";
+    homepage = http://www.ats-lang.org/;
+    license = stdenv.lib.licenses.gpl3Plus;
+    maintainers = [ stdenv.lib.maintainers.shlevy ];
+  };
+}
diff --git a/pkgs/development/compilers/elm/elm.nix b/pkgs/development/compilers/elm/elm.nix
index 2c851ebbf3f..17b173a3334 100644
--- a/pkgs/development/compilers/elm/elm.nix
+++ b/pkgs/development/compilers/elm/elm.nix
@@ -1,17 +1,20 @@
-{ cabal, binary, blazeHtml, blazeMarkup, cmdargs, filepath, hjsmin
-, indents, mtl, pandoc, parsec, transformers, unionFind, uniplate
+{ cabal, aeson, aesonPretty, binary, blazeHtml, blazeMarkup
+, cmdargs, filepath, HTF, indents, languageEcmascript, mtl, pandoc
+, parsec, text, transformers, unionFind, uniplate
 }:
 
 cabal.mkDerivation (self: {
   pname = "Elm";
-  version = "0.9.0.2";
-  sha256 = "0yr395wsj0spi6h9d6lm5hvdryybpf8i1qpv4gz9dk0bwlyc8iwh";
+  version = "0.10";
+  sha256 = "0wwda9w9r3qw7b23bj4qnfj4vgl7zwwnslxmgz3rv0cmxn9klqx2";
   isLibrary = true;
   isExecutable = true;
   buildDepends = [
-    binary blazeHtml blazeMarkup cmdargs filepath hjsmin indents mtl
-    pandoc parsec transformers unionFind uniplate
+    aeson aesonPretty binary blazeHtml blazeMarkup cmdargs filepath
+    indents languageEcmascript mtl pandoc parsec text transformers
+    unionFind uniplate
   ];
+  testDepends = [ HTF ];
   doCheck = false;
   meta = {
     homepage = "http://elm-lang.org";
diff --git a/pkgs/development/compilers/ocaml/4.01.0.nix b/pkgs/development/compilers/ocaml/4.01.0.nix
new file mode 100644
index 00000000000..c11bb7536be
--- /dev/null
+++ b/pkgs/development/compilers/ocaml/4.01.0.nix
@@ -0,0 +1,63 @@
+{ stdenv, fetchurl, ncurses, x11 }:
+
+let
+   useX11 = !stdenv.isArm && !stdenv.isMips;
+   useNativeCompilers = !stdenv.isMips;
+   inherit (stdenv.lib) optionals optionalString;
+in
+
+stdenv.mkDerivation rec {
+
+  name = "ocaml-4.01.0";
+
+  src = fetchurl {
+    url = "http://caml.inria.fr/pub/distrib/ocaml-4.01/${name}.tar.bz2";
+    sha256 = "b1ca708994180236917ae79e17606da5bd334ca6acd6873a550027e1c0ec874a";
+  };
+
+  prefixKey = "-prefix ";
+  configureFlags = ["-no-tk"] ++ optionals useX11 [ "-x11lib" x11 ];
+  buildFlags = "world" + optionalString useNativeCompilers " bootstrap world.opt";
+  buildInputs = [ncurses] ++ optionals useX11 [ x11 ];
+  installTargets = "install" + optionalString useNativeCompilers " installopt";
+  preConfigure = ''
+    CAT=$(type -tp cat)
+    sed -e "s@/bin/cat@$CAT@" -i config/auto-aux/sharpbang
+  '';
+  postBuild = ''
+    mkdir -p $out/include
+    ln -sv $out/lib/ocaml/caml $out/include/caml
+  '';
+
+  passthru = {
+    nativeCompilers = useNativeCompilers;
+  };
+
+  meta = {
+    homepage = http://caml.inria.fr/ocaml;
+    licenses = [ "QPL" /* compiler */ "LGPLv2" /* library */ ];
+    description = "OCaml, the most popular variant of the Caml language";
+
+    longDescription =
+      ''
+        OCaml is the most popular variant of the Caml language.  From a
+        language standpoint, it extends the core Caml language with a
+        fully-fledged object-oriented layer, as well as a powerful module
+        system, all connected by a sound, polymorphic type system featuring
+        type inference.
+
+        The OCaml system is an industrial-strength implementation of this
+        language, featuring a high-performance native-code compiler (ocamlopt)
+        for 9 processor architectures (IA32, PowerPC, AMD64, Alpha, Sparc,
+        Mips, IA64, HPPA, StrongArm), as well as a bytecode compiler (ocamlc)
+        and an interactive read-eval-print loop (ocaml) for quick development
+        and portability.  The OCaml distribution includes a comprehensive
+        standard library, a replay debugger (ocamldebug), lexer (ocamllex) and
+        parser (ocamlyacc) generators, a pre-processor pretty-printer (camlp4)
+        and a documentation generator (ocamldoc).
+      '';
+
+    platforms = stdenv.lib.platforms.linux ++ stdenv.lib.platforms.darwin;
+  };
+
+}
diff --git a/pkgs/development/compilers/smlnj/default.nix b/pkgs/development/compilers/smlnj/default.nix
new file mode 100644
index 00000000000..b3a29a1e1c7
--- /dev/null
+++ b/pkgs/development/compilers/smlnj/default.nix
@@ -0,0 +1,66 @@
+{ stdenv, fetchurl }:
+let
+  version = "110.76";
+  baseurl = "http://smlnj.cs.uchicago.edu/dist/working/${version}";
+
+  sources = map fetchurl [
+    { url = "${baseurl}/config.tgz";              sha256 = "0mx5gib1jq5hl3j6gvkkfh60x2hx146xiisclaz4jgy452ywikj1"; }
+    { url = "${baseurl}/cm.tgz";                  sha256 = "14y1pqqw5p5va3rvpk2jddx2gcm37z5hwp5zdm43z02afscq37jk"; }
+    { url = "${baseurl}/compiler.tgz";            sha256 = "10gn7cwqzbnh4k3l6brb9hp59k9vz2m9fcaarv2fw1gilfw5a9rj"; }
+    { url = "${baseurl}/runtime.tgz";             sha256 = "0zqajizayzrlrxm47q492mqgfxya7rwqrq4faafai8qfwga6q27n"; }
+    { url = "${baseurl}/system.tgz";              sha256 = "0dys0f0cdgnivk1niam9g736c3mzrjf9r29051g0579an8yi8slg"; }
+    { url = "${baseurl}/MLRISC.tgz";              sha256 = "00n1zk65cwf2kf669mn09lp0ya6bfap1czhyq0nfza409vm4v54x"; }
+    { url = "${baseurl}/smlnj-lib.tgz";           sha256 = "1mx1vjxbpfgcq6fkmh2qirjfqzn3wcnjf4a9ijr7k2bwgnh99sc1"; }
+    { url = "${baseurl}/ckit.tgz";                sha256 = "1fqdxs2cgzffj0i9rmzv1aljwnhx98hyvj3c2kivw3ligxp4wly4"; }
+    { url = "${baseurl}/nlffi.tgz";               sha256 = "08dmvs95xmbas3hx7n0csxxl0d0bmhxg7gav1ay02gy9n8iw3g87"; }
+    { url = "${baseurl}/cml.tgz";                 sha256 = "1qc1hs2k2xmn03ldyz2zf0pzbryd1n4bwix226ch8z9pnfimglyb"; }
+    { url = "${baseurl}/eXene.tgz";               sha256 = "01z69rgmshh694wkcwrzi72z5d5glpijj7mqxb17yz106xyzmgim"; }
+    { url = "${baseurl}/ml-lpt.tgz";              sha256 = "13gw4197ivzvd6qcbg5pzclhv1f2jy2c433halh021d60qjv4w4r"; }
+    { url = "${baseurl}/ml-lex.tgz";              sha256 = "0sqa533zca1l7p79qhkb7lspvhk4k2r3839745sci32fzwy1804x"; }
+    { url = "${baseurl}/ml-yacc.tgz";             sha256 = "1kzi0dpybd9hkklk460mgbwfkixjhav225kkmwnk3jxby3zgflci"; }
+    { url = "${baseurl}/ml-burg.tgz";             sha256 = "0kjrba8l0v6jn3g6gv9dvrklpvxx9x57b7czwnrrd33pi28sv7fm"; }
+    { url = "${baseurl}/pgraph.tgz";              sha256 = "174n22m7zibgk68033qql86kyk6mxjni4j0kcadafs0g2xmh6i6z"; }
+    { url = "${baseurl}/trace-debug-profile.tgz"; sha256 = "1pq4wwx5ad7zx1306ka06lqwnjv446zz6ndpq6s9ak6ha79f2s9p"; }
+    { url = "${baseurl}/heap2asm.tgz";            sha256 = "0p91fzwkfr7hng7c026gy5ggl5l9isxpm007iq6ivpjrfjy547wc"; }
+    { url = "${baseurl}/smlnj-c.tgz";             sha256 = "0vra4gi91w0cjsw3rm162hgz5xsqbr7yds44q7zhs27kccsirpqc"; }
+    { url = "${baseurl}/boot.x86-unix.tgz";       sha256 = "0qcvdhlvpr02c1ssk4jz6175lb9pkdg7zrfscqz6f7crnsgmc5nx"; }
+  ];
+in stdenv.mkDerivation {
+  name = "smlnj-${version}";
+
+  inherit sources;
+
+  patchPhase = ''
+    sed -i '/PATH=/d' config/_arch-n-opsys base/runtime/config/gen-posix-names.sh
+    echo SRCARCHIVEURL="file:/$TMP" > config/srcarchiveurl
+  '';
+
+  unpackPhase = ''
+    for s in $sources; do
+      b=$(basename $s)
+      cp $s ''${b#*-}
+    done
+    unpackFile config.tgz
+    mkdir base
+    ./config/unpack $TMP runtime
+  '';
+
+  buildPhase = ''
+    ./config/install.sh
+  '';
+
+  installPhase = ''
+    mkdir -pv $out
+    cp -rv bin lib $out
+
+    for i in $out/bin/*; do
+      sed -i "2iSMLNJ_HOME=$out/" $i
+    done
+  '';
+
+  meta = {
+    description = "Standard ML of New Jersey, a compiler";
+    homepage = http://smlnj.org;
+    license = stdenv.lib.licenses.bsd3;
+  };
+}
diff --git a/pkgs/development/libraries/dbus/default.nix b/pkgs/development/libraries/dbus/default.nix
index b47e3c4a0e0..8ec47f86e34 100644
--- a/pkgs/development/libraries/dbus/default.nix
+++ b/pkgs/development/libraries/dbus/default.nix
@@ -77,7 +77,8 @@ let
   });
 
 
-in rec {
+  attrs = rec {
+  # If you change much fix indentation
 
   # This package has been split because most applications only need dbus.lib
   # which serves as an interface to a *system-wide* daemon,
@@ -114,4 +115,5 @@ in rec {
   docs = dbus_drv "docs" "doc" {
     postInstall = ''rm -r "$out/lib"'';
   };
-}
+};
+in attrs.libs // attrs
diff --git a/pkgs/development/libraries/glew/default.nix b/pkgs/development/libraries/glew/default.nix
index 14b44801e76..313eec0bc7d 100644
--- a/pkgs/development/libraries/glew/default.nix
+++ b/pkgs/development/libraries/glew/default.nix
@@ -8,6 +8,7 @@ stdenv.mkDerivation rec {
     sha256 = "11xpmsw7m5qn7y8fa2ihhqcislz1bdd83mp99didd5ac84756dlv";
   };
 
+
   buildInputs = [ x11 libXmu libXi ];
   propagatedBuildInputs = [ mesa_glu ]; # GL/glew.h includes GL/glu.h
 
@@ -15,8 +16,9 @@ stdenv.mkDerivation rec {
     sed -i 's|lib64|lib|' config/Makefile.linux
   '';
 
+buildPhase = "make all";
   installPhase = ''
-    GLEW_DEST=$out make install
+    GLEW_DEST=$out make install.all
     mkdir -pv $out/share/doc/glew
     mkdir -p $out/lib/pkgconfig
     cp glew*.pc $out/lib/pkgconfig
diff --git a/pkgs/development/libraries/haskell/HTF/default.nix b/pkgs/development/libraries/haskell/HTF/default.nix
new file mode 100644
index 00000000000..7abdc9b4730
--- /dev/null
+++ b/pkgs/development/libraries/haskell/HTF/default.nix
@@ -0,0 +1,26 @@
+{ cabal, aeson, cpphs, Diff, filepath, haskellSrcExts, HUnit
+, liftedBase, monadControl, mtl, QuickCheck, random, regexCompat
+, temporary, text, unorderedContainers, xmlgen
+}:
+
+cabal.mkDerivation (self: {
+  pname = "HTF";
+  version = "0.11.0.1";
+  sha256 = "0c4z76rsmdck60p7p2ypxx0d0r7k2vcb9viqp2yalyxzaaj7a9f5";
+  isLibrary = true;
+  isExecutable = true;
+  buildDepends = [
+    aeson cpphs Diff haskellSrcExts HUnit liftedBase monadControl mtl
+    QuickCheck random regexCompat text xmlgen
+  ];
+  testDepends = [
+    aeson filepath mtl random regexCompat temporary text
+    unorderedContainers
+  ];
+  meta = {
+    homepage = "https://github.com/skogsbaer/HTF/";
+    description = "The Haskell Test Framework";
+    license = "LGPL";
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/Hipmunk/default.nix b/pkgs/development/libraries/haskell/Hipmunk/default.nix
index 7ee64f4254e..e2f78497a7a 100644
--- a/pkgs/development/libraries/haskell/Hipmunk/default.nix
+++ b/pkgs/development/libraries/haskell/Hipmunk/default.nix
@@ -2,11 +2,11 @@
 
 cabal.mkDerivation (self: {
   pname = "Hipmunk";
-  version = "5.2.0.11";
-  sha256 = "0pcbwlq0njgj6dzh8h94gml63wv52f6l9hdas378lm7v8gbizxl7";
+  version = "5.2.0.12";
+  sha256 = "0gybmwwij6gs3gsklcvck0nc1niyh6pvirnxgrcwclrz94ivpj42";
   buildDepends = [ StateVar transformers ];
   meta = {
-    homepage = "http://patch-tag.com/r/felipe/hipmunk/home";
+    homepage = "https://github.com/meteficha/Hipmunk";
     description = "A Haskell binding for Chipmunk";
     license = "unknown";
     platforms = self.ghc.meta.platforms;
diff --git a/pkgs/development/libraries/haskell/case-insensitive/1.1.nix b/pkgs/development/libraries/haskell/case-insensitive/1.1.0.1.nix
index fb3a9d27101..4f63796850a 100644
--- a/pkgs/development/libraries/haskell/case-insensitive/1.1.nix
+++ b/pkgs/development/libraries/haskell/case-insensitive/1.1.0.1.nix
@@ -4,8 +4,8 @@
 
 cabal.mkDerivation (self: {
   pname = "case-insensitive";
-  version = "1.1";
-  sha256 = "1likcqdlhbbk78s887n5g9a4jjxxyh46hj4wc7l7snf6f9ygd5lj";
+  version = "1.1.0.1";
+  sha256 = "1hwkdkpr88r3s7c8w1msw1pawz8cfi0lwj1z9dcsp0xs788yzapp";
   buildDepends = [ deepseq hashable text ];
   testDepends = [ HUnit testFramework testFrameworkHunit text ];
   meta = {
diff --git a/pkgs/development/libraries/haskell/data-pprint/default.nix b/pkgs/development/libraries/haskell/data-pprint/default.nix
index 351f1d83477..b78096a1835 100644
--- a/pkgs/development/libraries/haskell/data-pprint/default.nix
+++ b/pkgs/development/libraries/haskell/data-pprint/default.nix
@@ -1,15 +1,10 @@
-{ cabal, deepseq, mtl, parallel, time, fetchurl }:
+{ cabal, deepseq, mtl, parallel, time }:
 
 cabal.mkDerivation (self: {
   pname = "data-pprint";
-  version = "0.2.2";
-  sha256 = "0cr69qv2j8fmmlir8rzlafcxk1cg3lg1z0zrwkz0lb7idm25fy36";
+  version = "0.2.3";
+  sha256 = "1ygbhn399d4hlrdjmg7gxbr5akydb78p6qa80rv7m6j0fsqzbf6y";
   buildDepends = [ deepseq mtl parallel time ];
-  patches = [ (fetchurl { url = "https://github.com/divipp/ActiveHs-misc/pull/3.patch";
-                          sha256 = "0wxvc7cbv4qpjl5zxy41863qpzda2ma75pmnnqx29qyh3rxp7biw";
-                        })
-            ];
-  patchFlags = "-p2";
   meta = {
     description = "Prettyprint and compare Data values";
     license = self.stdenv.lib.licenses.bsd3;
diff --git a/pkgs/development/libraries/haskell/hslua/default.nix b/pkgs/development/libraries/haskell/hslua/default.nix
index ebccbf963fe..11740095284 100644
--- a/pkgs/development/libraries/haskell/hslua/default.nix
+++ b/pkgs/development/libraries/haskell/hslua/default.nix
@@ -1,12 +1,10 @@
-{ cabal, lua, mtl }:
+{ cabal, mtl }:
 
 cabal.mkDerivation (self: {
   pname = "hslua";
   version = "0.3.7";
   sha256 = "1q5s2b7x9idvdvp31yl86mmy476gfq6rg8f0r8faqxrm45jwgv2q";
   buildDepends = [ mtl ];
-  pkgconfigDepends = [ lua ];
-  configureFlags = "-fsystem-lua";
   meta = {
     description = "A Lua language interpreter embedding in Haskell";
     license = self.stdenv.lib.licenses.bsd3;
diff --git a/pkgs/development/libraries/haskell/language-ecmascript/default.nix b/pkgs/development/libraries/haskell/language-ecmascript/default.nix
new file mode 100644
index 00000000000..8fc147191ad
--- /dev/null
+++ b/pkgs/development/libraries/haskell/language-ecmascript/default.nix
@@ -0,0 +1,23 @@
+{ cabal, dataDefaultClass, Diff, filepath, HUnit, mtl, parsec
+, QuickCheck, testFramework, testFrameworkHunit
+, testFrameworkQuickcheck2, uniplate
+}:
+
+cabal.mkDerivation (self: {
+  pname = "language-ecmascript";
+  version = "0.15.2";
+  sha256 = "1iszs9f2jryddcz36a6anfyfxpwjhzn49xjqvnd5m6rjdq6y403w";
+  buildDepends = [
+    dataDefaultClass Diff mtl parsec QuickCheck uniplate
+  ];
+  testDepends = [
+    dataDefaultClass Diff filepath HUnit mtl parsec QuickCheck
+    testFramework testFrameworkHunit testFrameworkQuickcheck2
+  ];
+  meta = {
+    homepage = "http://github.com/jswebtools/language-ecmascript";
+    description = "JavaScript parser and pretty-printer library";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/linear/default.nix b/pkgs/development/libraries/haskell/linear/default.nix
index b68558cf914..feeeaed3be5 100644
--- a/pkgs/development/libraries/haskell/linear/default.nix
+++ b/pkgs/development/libraries/haskell/linear/default.nix
@@ -1,19 +1,19 @@
-{ cabal, distributive, doctest, filepath, hashable, HUnit, lens
-, reflection, semigroupoids, semigroups, simpleReflect, tagged
-, testFramework, testFrameworkHunit, transformers
+{ cabal, binary, distributive, doctest, filepath, hashable, HUnit
+, lens, reflection, semigroupoids, semigroups, simpleReflect
+, tagged, testFramework, testFrameworkHunit, transformers
 , unorderedContainers, vector
 }:
 
 cabal.mkDerivation (self: {
   pname = "linear";
-  version = "1.3";
-  sha256 = "0b5qjsbdkqv0h1236lv2nisjh9yz7gc5bd6xv6i8q5jryzs43pi9";
+  version = "1.3.1";
+  sha256 = "1s07qbdi12rc4djk4s0ds5sh79qcqfmgrbwfj1ygskq3ra88qqsa";
   buildDepends = [
-    distributive hashable reflection semigroupoids semigroups tagged
-    transformers unorderedContainers vector
+    binary distributive hashable reflection semigroupoids semigroups
+    tagged transformers unorderedContainers vector
   ];
   testDepends = [
-    doctest filepath HUnit lens simpleReflect testFramework
+    binary doctest filepath HUnit lens simpleReflect testFramework
     testFrameworkHunit
   ];
   meta = {
@@ -21,5 +21,6 @@ cabal.mkDerivation (self: {
     description = "Linear Algebra";
     license = self.stdenv.lib.licenses.bsd3;
     platforms = self.ghc.meta.platforms;
+    maintainers = [ self.stdenv.lib.maintainers.ocharles ];
   };
 })
diff --git a/pkgs/development/libraries/haskell/monad-control/default.nix b/pkgs/development/libraries/haskell/monad-control/default.nix
index ac59d470145..12657a63b4c 100644
--- a/pkgs/development/libraries/haskell/monad-control/default.nix
+++ b/pkgs/development/libraries/haskell/monad-control/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "monad-control";
-  version = "0.3.2.1";
-  sha256 = "17wfdg3a2kkx1jwh7gfgbyx4351b420krsf8syb8l9xrl9gdz5a3";
+  version = "0.3.2.2";
+  sha256 = "1wwcx2k0nzmjqxf8d8wasnhvdx5q3nxkcyq7vbprkfy85sj7ivxc";
   buildDepends = [
     baseUnicodeSymbols transformers transformersBase
   ];
diff --git a/pkgs/development/libraries/haskell/pandoc-citeproc/default.nix b/pkgs/development/libraries/haskell/pandoc-citeproc/default.nix
index 4960e16202e..dd400ef550d 100644
--- a/pkgs/development/libraries/haskell/pandoc-citeproc/default.nix
+++ b/pkgs/development/libraries/haskell/pandoc-citeproc/default.nix
@@ -6,8 +6,8 @@
 
 cabal.mkDerivation (self: {
   pname = "pandoc-citeproc";
-  version = "0.1.2";
-  sha256 = "055msvrcqjkijkhzws48scpc4z90g0qjjsdcd0fhy309da6vax57";
+  version = "0.1.2.1";
+  sha256 = "13i4shpbd9swbsrpmkpb7jx79m12z12m9f3x167fs78509dak3iv";
   isLibrary = true;
   isExecutable = true;
   buildDepends = [
@@ -15,7 +15,9 @@ cabal.mkDerivation (self: {
     pandoc pandocTypes parsec rfc5051 split syb tagsoup texmath text
     time utf8String vector yaml
   ];
-  testDepends = [ aeson aesonPretty Diff pandoc pandocTypes ];
+  testDepends = [
+    aeson aesonPretty Diff filepath pandoc pandocTypes yaml
+  ];
   doCheck = false;
   meta = {
     description = "Supports using pandoc with citeproc";
diff --git a/pkgs/development/libraries/haskell/pandoc-types/default.nix b/pkgs/development/libraries/haskell/pandoc-types/default.nix
index e1e7ac54d4c..41024c6b7d2 100644
--- a/pkgs/development/libraries/haskell/pandoc-types/default.nix
+++ b/pkgs/development/libraries/haskell/pandoc-types/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "pandoc-types";
-  version = "1.12.2.3";
-  sha256 = "05xbpsx44sys0rkf2aqs4fcv4bg02ffhicp49jgnjyw9jiynhzzj";
+  version = "1.12.3";
+  sha256 = "1klfplpn2faw9da7xw5h5sx44annc2g7himyzyvb436wjnkjan0j";
   buildDepends = [ aeson syb ];
   meta = {
     homepage = "http://johnmacfarlane.net/pandoc";
diff --git a/pkgs/development/libraries/haskell/pandoc/default.nix b/pkgs/development/libraries/haskell/pandoc/default.nix
index c3149c4a2e2..b5ccc95bd3f 100644
--- a/pkgs/development/libraries/haskell/pandoc/default.nix
+++ b/pkgs/development/libraries/haskell/pandoc/default.nix
@@ -9,8 +9,8 @@
 
 cabal.mkDerivation (self: {
   pname = "pandoc";
-  version = "1.12.0.2";
-  sha256 = "125vl6l7nd3s3zwkms46y8l5zhg22iwz5387ll9rd2hf6asfpp56";
+  version = "1.12.1";
+  sha256 = "0csyrcfdqv2mc7ngn63lan3c1dd6zy0pb24k0z1lsraqlmmw76nf";
   isLibrary = true;
   isExecutable = true;
   buildDepends = [
diff --git a/pkgs/development/libraries/haskell/path-pieces/default.nix b/pkgs/development/libraries/haskell/path-pieces/default.nix
index 14b9f8d7081..cdfe320a060 100644
--- a/pkgs/development/libraries/haskell/path-pieces/default.nix
+++ b/pkgs/development/libraries/haskell/path-pieces/default.nix
@@ -1,11 +1,11 @@
-{ cabal, fileLocation, hspec, HUnit, QuickCheck, text, time }:
+{ cabal, hspec, HUnit, QuickCheck, text, time }:
 
 cabal.mkDerivation (self: {
   pname = "path-pieces";
-  version = "0.1.2";
-  sha256 = "1cxsa8lq1f2jf86iv6f17nraiav8k2vzjxln1y7z45qhcp1sbbaa";
+  version = "0.1.3";
+  sha256 = "03x9kfcaz1zsdpdzs05pcl0hv4hffgsl2js8xiy5slba6n841v4l";
   buildDepends = [ text time ];
-  testDepends = [ fileLocation hspec HUnit QuickCheck text ];
+  testDepends = [ hspec HUnit QuickCheck text ];
   meta = {
     description = "Components of paths";
     license = self.stdenv.lib.licenses.bsd3;
diff --git a/pkgs/development/libraries/haskell/tagstream-conduit/default.nix b/pkgs/development/libraries/haskell/tagstream-conduit/default.nix
index 1b290bd310b..ca177a80a10 100644
--- a/pkgs/development/libraries/haskell/tagstream-conduit/default.nix
+++ b/pkgs/development/libraries/haskell/tagstream-conduit/default.nix
@@ -5,8 +5,8 @@
 
 cabal.mkDerivation (self: {
   pname = "tagstream-conduit";
-  version = "0.5.4";
-  sha256 = "1djf66kn3m4sdwmis82f9w2nkmjyrq12zda7ic9pcsvra579868i";
+  version = "0.5.4.1";
+  sha256 = "1gahdil5jasm6v7gp519ahr2yc7ppysdnmkl21cd4zzn6y1r0gw9";
   buildDepends = [
     attoparsec attoparsecConduit blazeBuilder blazeBuilderConduit
     caseInsensitive conduit text transformers
diff --git a/pkgs/development/libraries/haskell/text-format/default.nix b/pkgs/development/libraries/haskell/text-format/default.nix
new file mode 100644
index 00000000000..b9507d7777a
--- /dev/null
+++ b/pkgs/development/libraries/haskell/text-format/default.nix
@@ -0,0 +1,14 @@
+{ cabal, doubleConversion, text, time, transformers }:
+
+cabal.mkDerivation (self: {
+  pname = "text-format";
+  version = "0.3.1.0";
+  sha256 = "13k5a1kfmapd4yckm2vcrwz4vrrf32c2dpisdw0hyvzvmdib3n60";
+  buildDepends = [ doubleConversion text time transformers ];
+  meta = {
+    homepage = "https://github.com/bos/text-format";
+    description = "Text formatting";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/haskell/uuid/default.nix b/pkgs/development/libraries/haskell/uuid/default.nix
index 37ef38da4e2..2160d22607b 100644
--- a/pkgs/development/libraries/haskell/uuid/default.nix
+++ b/pkgs/development/libraries/haskell/uuid/default.nix
@@ -1,16 +1,18 @@
-{ cabal, binary, criterion, cryptohash, deepseq, HUnit, maccatcher
-, mersenneRandomPure64, QuickCheck, random, testFramework
-, testFrameworkHunit, testFrameworkQuickcheck2, time
+{ cabal, binary, cryptohash, deepseq, hashable, HUnit, networkInfo
+, QuickCheck, random, testFramework, testFrameworkHunit
+, testFrameworkQuickcheck2, time
 }:
 
 cabal.mkDerivation (self: {
   pname = "uuid";
-  version = "1.2.14";
-  sha256 = "13r2yzhb9nj1h6wfy7w9k59d27z9iza5r4apmf72zby2fi9vdnwy";
-  buildDepends = [ binary cryptohash maccatcher random time ];
+  version = "1.3.2";
+  sha256 = "0kwrb200i41l8ipgwviv934sa2ic2hqvlpj72pmkw4ba50viyc8m";
+  buildDepends = [
+    binary cryptohash deepseq hashable networkInfo random time
+  ];
   testDepends = [
-    criterion deepseq HUnit mersenneRandomPure64 QuickCheck random
-    testFramework testFrameworkHunit testFrameworkQuickcheck2
+    HUnit QuickCheck random testFramework testFrameworkHunit
+    testFrameworkQuickcheck2
   ];
   jailbreak = true;
   doCheck = false;
diff --git a/pkgs/development/libraries/haskell/xdot/default.nix b/pkgs/development/libraries/haskell/xdot/default.nix
index 130402ec75b..f7a2b731d03 100644
--- a/pkgs/development/libraries/haskell/xdot/default.nix
+++ b/pkgs/development/libraries/haskell/xdot/default.nix
@@ -2,8 +2,8 @@
 
 cabal.mkDerivation (self: {
   pname = "xdot";
-  version = "0.2.3.1";
-  sha256 = "1gricrnssxgzaq1z7nnyppmz284nix0m89477x22mal125pkcf7n";
+  version = "0.2.4";
+  sha256 = "0723drp9zs3hrayld99j4fniyvm65fz19hkk4001vpvgjw27dfja";
   buildDepends = [ cairo graphviz gtk mtl polyparse text ];
   meta = {
     description = "Parse Graphviz xdot files and interactively view them using GTK and Cairo";
diff --git a/pkgs/development/libraries/haskell/xmlgen/default.nix b/pkgs/development/libraries/haskell/xmlgen/default.nix
new file mode 100644
index 00000000000..f45b7b4a6a0
--- /dev/null
+++ b/pkgs/development/libraries/haskell/xmlgen/default.nix
@@ -0,0 +1,15 @@
+{ cabal, blazeBuilder, filepath, HUnit, hxt, mtl, QuickCheck, text
+}:
+
+cabal.mkDerivation (self: {
+  pname = "xmlgen";
+  version = "0.6.2.0";
+  sha256 = "0b6fyg6mlm068f2jjmil52az4hk144pryf1c0wr1gx6ddx9yzjy4";
+  buildDepends = [ blazeBuilder mtl text ];
+  testDepends = [ filepath HUnit hxt QuickCheck text ];
+  meta = {
+    description = "Fast XML generation library";
+    license = self.stdenv.lib.licenses.bsd3;
+    platforms = self.ghc.meta.platforms;
+  };
+})
diff --git a/pkgs/development/libraries/jsoncpp/default.nix b/pkgs/development/libraries/jsoncpp/default.nix
new file mode 100644
index 00000000000..b1aa03991bd
--- /dev/null
+++ b/pkgs/development/libraries/jsoncpp/default.nix
@@ -0,0 +1,32 @@
+{ stdenv, fetchurl, scons}:
+
+let
+  basename = "jsoncpp";
+  version = "0.6.0-rc2";
+  pkgname = "${basename}-src-${version}.tar.gz";
+in 
+stdenv.mkDerivation rec {
+  name = "${basename}-${version}";
+  src = fetchurl {
+    url = "mirror://sourceforge/${basename}/${pkgname}";
+    sha256 = "10xj15nziqpwc6r3yznpb49wm4jqc5wakjsmj65v087mcg8r7lfl";
+  };
+
+  buildInputs = [ scons ];
+
+  buildPhase = ''
+    mkdir -p $out
+    scons platform=linux-gcc check
+  '';
+
+  installPhase = ''
+    cp -r include $out
+    cp -r libs/* $out/lib
+  '';
+
+  meta = {
+    homepage = http://jsoncpp.sourceforge.net;
+    repositories.svn = svn://svn.code.sf.net/p/jsoncpp/code;
+    description = "A simple API to manipulate JSON data in C++";
+  };
+}
diff --git a/pkgs/development/libraries/libvncserver/default.nix b/pkgs/development/libraries/libvncserver/default.nix
index 7856183e5e9..da9e1dc3148 100644
--- a/pkgs/development/libraries/libvncserver/default.nix
+++ b/pkgs/development/libraries/libvncserver/default.nix
@@ -1,29 +1,41 @@
-args :  
-let 
-  lib = args.lib;
-  fetchurl = args.fetchurl;
+{stdenv, fetchurl,
+  libtool, libjpeg, openssl, libX11, libXdamage, xproto, damageproto, 
+  xextproto, libXext, fixesproto, libXfixes, xineramaproto, libXinerama, 
+  libXrandr, randrproto, libXtst, zlib
+}:
 
-  version = lib.attrByPath ["version"] "0.9.9" args; 
-  buildInputs = with args; [
+assert stdenv.isLinux;
+
+let
+  s = # Generated upstream information
+  rec {
+    baseName="libvncserver";
+    version="0.9.9";
+    name="${baseName}-${version}";
+    hash="1y83z31wbjivbxs60kj8a8mmjmdkgxlvr2x15yz95yy24lshs1ng";
+    url="mirror://sourceforge/project/libvncserver/libvncserver/0.9.9/LibVNCServer-0.9.9.tar.gz";
+    sha256="1y83z31wbjivbxs60kj8a8mmjmdkgxlvr2x15yz95yy24lshs1ng";
+  };
+  buildInputs = [
     libtool libjpeg openssl libX11 libXdamage xproto damageproto
     xextproto libXext fixesproto libXfixes xineramaproto libXinerama
     libXrandr randrproto libXtst zlib
   ];
 in
-rec {
+stdenv.mkDerivation {
+  inherit (s) name version;
+  inherit buildInputs;
   src = fetchurl {
-    url = "mirror://sourceforge/libvncserver/LibVNCServer-${version}.tar.gz";
-    sha256 = "1y83z31wbjivbxs60kj8a8mmjmdkgxlvr2x15yz95yy24lshs1ng";
+    inherit (s) url sha256;
   };
-
-  inherit buildInputs;
-  configureFlags = [];
-
-  /* doConfigure should be specified separately */
-  phaseNames = ["doConfigure" "doMakeInstall"];
-      
-  name = "libvncserver-" + version;
+  preConfigure = ''
+    sed -e 's@/usr/include/linux@${stdenv.gcc.libc}/include/linux@g' -i configure
+  '';
   meta = {
-    description = "VNC server library";
+    inherit (s) version;
+    description =  "VNC server library";
+    license = stdenv.lib.licenses.gpl2Plus ;
+    maintainers = [stdenv.lib.maintainers.raskin];
+    platforms = stdenv.lib.platforms.linux;
   };
 }
diff --git a/pkgs/development/libraries/libvncserver/default.upstream b/pkgs/development/libraries/libvncserver/default.upstream
new file mode 100644
index 00000000000..eae48197439
--- /dev/null
+++ b/pkgs/development/libraries/libvncserver/default.upstream
@@ -0,0 +1,4 @@
+url http://sourceforge.net/projects/libvncserver/files/libvncserver/
+SF_version_dir
+version_link '[.]tar[.][bgx]z[0-9]*/download$'
+SF_redirect
diff --git a/pkgs/development/libraries/poppler/default.nix b/pkgs/development/libraries/poppler/default.nix
index 6b8fb898d90..9cd094855d2 100644
--- a/pkgs/development/libraries/poppler/default.nix
+++ b/pkgs/development/libraries/poppler/default.nix
@@ -54,7 +54,6 @@ let
     };
   } merge ]); # poppler_drv
 
-in rec {
   /* We always use cairo in poppler, so we always depend on glib,
      so we always build the glib wrapper (~350kB).
      We also always build the cpp wrapper (<100kB).
@@ -69,4 +68,5 @@ in rec {
     NIX_LDFLAGS = "-lpoppler";
     postConfigure = "cd qt4";
   };
-}
+
+in { inherit poppler_glib poppler_qt4; } // poppler_glib
diff --git a/pkgs/development/libraries/simgear/default.nix b/pkgs/development/libraries/simgear/default.nix
index de8e1d1df1d..cb534cfbf31 100644
--- a/pkgs/development/libraries/simgear/default.nix
+++ b/pkgs/development/libraries/simgear/default.nix
@@ -1,7 +1,7 @@
 x@{builderDefsPackage
   , plib, freeglut, xproto, libX11, libXext, xextproto, libXi , inputproto
   , libICE, libSM, libXt, libXmu, mesa, boost, zlib, libjpeg , freealut
-  , openscenegraph, openal, expat, cmake
+  , openscenegraph, openal, expat, cmake, apr
   , ...}:
 builderDefsPackage
 (a :
@@ -13,11 +13,11 @@ let
     (builtins.attrNames (builtins.removeAttrs x helperArgNames));
   sourceInfo = rec {
     baseName="simgear";
-    version="2.10.0";
+    version="2.12.0";
     name="${baseName}-${version}";
     extension="tar.bz2";
     url="http://mirrors.ibiblio.org/pub/mirrors/simgear/ftp/Source/${name}.${extension}";
-    hash="0pb148hb35p1c5iz0kpiclmswjl9bax9xfm087ldpxsqg9a0sb2q";
+    hash="0spl6afk8rm96ss4lh7zy5561m5m2qgwsnqjyp35jr1gyyrc944f";
   };
 in
 rec {
diff --git a/pkgs/development/libraries/sodium/default.nix b/pkgs/development/libraries/sodium/default.nix
index 0d40df40574..13248753105 100644
--- a/pkgs/development/libraries/sodium/default.nix
+++ b/pkgs/development/libraries/sodium/default.nix
@@ -3,11 +3,11 @@ let
   s = # Generated upstream information
   rec {
     baseName="sodium";
-    version="0.3";
+    version="0.4.3";
     name="${baseName}-${version}";
-    hash="0l1p0d7ag186hhs65kifp8jfgf4mm9rngv41bhq35d7d9gw2d2lh";
-    url="http://download.dnscrypt.org/libsodium/releases/libsodium-0.3.tar.gz";
-    sha256="0l1p0d7ag186hhs65kifp8jfgf4mm9rngv41bhq35d7d9gw2d2lh";
+    hash="0hk0zca1kpj6xlc2j2qx9qy7287pi0896frmxq5d7qmcwsdf372r";
+    url="http://download.dnscrypt.org/libsodium/releases/libsodium-0.4.3.tar.gz";
+    sha256="0hk0zca1kpj6xlc2j2qx9qy7287pi0896frmxq5d7qmcwsdf372r";
   };
   buildInputs = [
   ];
diff --git a/pkgs/development/lisp-modules/asdf/default.nix b/pkgs/development/lisp-modules/asdf/default.nix
index c615573ae3e..48b49ee3583 100644
--- a/pkgs/development/lisp-modules/asdf/default.nix
+++ b/pkgs/development/lisp-modules/asdf/default.nix
@@ -3,11 +3,11 @@ let
   s = # Generated upstream information
   rec {
     baseName="asdf";
-    version="3.0.2.1";
+    version="3.0.2.4";
     name="${baseName}-${version}";
-    hash="1npd4dxsgk06ayhln56mwwky0vdpf7i77mkxfh105pld8w5xs4r4";
-    url="http://common-lisp.net/project/asdf/archives/asdf-3.0.2.1.tar.gz";
-    sha256="1npd4dxsgk06ayhln56mwwky0vdpf7i77mkxfh105pld8w5xs4r4";
+    hash="0b6rkpghw2vndvmgyacijdn3d76ykbjfwpxwv8m0jl7ynrf6l5ag";
+    url="http://common-lisp.net/project/asdf/archives/asdf-3.0.2.4.tar.gz";
+    sha256="0b6rkpghw2vndvmgyacijdn3d76ykbjfwpxwv8m0jl7ynrf6l5ag";
   };
   buildInputs = [
     texinfo texLive
diff --git a/pkgs/development/tools/haskell/HaRe/default.nix b/pkgs/development/tools/haskell/HaRe/default.nix
index 1ef60e7950d..f7d67f4be66 100644
--- a/pkgs/development/tools/haskell/HaRe/default.nix
+++ b/pkgs/development/tools/haskell/HaRe/default.nix
@@ -6,8 +6,8 @@
 
 cabal.mkDerivation (self: {
   pname = "HaRe";
-  version = "0.7.0.6";
-  sha256 = "0i2zl08rg7777jarw2v3797v0va80h7bg166wfq9lzynz9vqsima";
+  version = "0.7.0.7";
+  sha256 = "0pgl5mav4sqc453by7nddf5fz7nj231072bklzj6crcph7qw4zy4";
   isLibrary = true;
   isExecutable = true;
   buildDepends = [
diff --git a/pkgs/development/tools/misc/cl-launch/default.nix b/pkgs/development/tools/misc/cl-launch/default.nix
index 63c585b00a9..3978d96400c 100644
--- a/pkgs/development/tools/misc/cl-launch/default.nix
+++ b/pkgs/development/tools/misc/cl-launch/default.nix
@@ -3,11 +3,11 @@ let
   s = # Generated upstream information
   rec {
     baseName="cl-launch";
-    version="3.21.1";
+    version="3.22.1";
     name="${baseName}-${version}";
-    hash="1241lyn2a3ry06ii9zlns0cj462bi7rih41vlbbmra1chj4c21ij";
-    url="http://common-lisp.net/project/xcvb/cl-launch/cl-launch-3.21.1.tar.gz";
-    sha256="1241lyn2a3ry06ii9zlns0cj462bi7rih41vlbbmra1chj4c21ij";
+    hash="08lb8nm4dvkbgraqclw5xd7j6xskw9hgjpg9ql087gib5a90k09i";
+    url="http://common-lisp.net/project/xcvb/cl-launch/cl-launch-3.22.1.tar.gz";
+    sha256="08lb8nm4dvkbgraqclw5xd7j6xskw9hgjpg9ql087gib5a90k09i";
   };
   buildInputs = [
   ];
diff --git a/pkgs/development/tools/misc/luarocks/default.nix b/pkgs/development/tools/misc/luarocks/default.nix
index 7681c8153db..d905d078d40 100644
--- a/pkgs/development/tools/misc/luarocks/default.nix
+++ b/pkgs/development/tools/misc/luarocks/default.nix
@@ -3,11 +3,11 @@ let
   s = # Generated upstream information
   rec {
     baseName="luarocks";
-    version="2.0.13-rc1";
+    version="2.1.0";
     name="${baseName}-${version}";
-    hash="1cpdi61dwcc2i4bwrn7bb8fibkd1s75jrr0bjcbs8p76rn6hkb2y";
-    url="http://luarocks.org/releases/luarocks-2.0.13-rc1.tar.gz";
-    sha256="1cpdi61dwcc2i4bwrn7bb8fibkd1s75jrr0bjcbs8p76rn6hkb2y";
+    hash="12aqwchzn77yin2ahpxnc3lam5w0xhksrnhf31n3r7cxdsfh446c";
+    url="http://luarocks.org/releases/luarocks-2.1.0-rc3.tar.gz";
+    sha256="12aqwchzn77yin2ahpxnc3lam5w0xhksrnhf31n3r7cxdsfh446c";
   };
   buildInputs = [
     lua curl
diff --git a/pkgs/development/tools/misc/texinfo/5.2.nix b/pkgs/development/tools/misc/texinfo/5.2.nix
index 31f81cbf3af..1bb8fca0ecf 100644
--- a/pkgs/development/tools/misc/texinfo/5.2.nix
+++ b/pkgs/development/tools/misc/texinfo/5.2.nix
@@ -11,7 +11,7 @@ stdenv.mkDerivation rec {
   buildInputs = [ ncurses perl xz ];
 
   preInstall = ''
-    installFlags="TEXMF=$out/texmf";
+    installFlags="TEXMF=$out/texmf-dist";
     installTargets="install install-tex";
   '';
 
diff --git a/pkgs/development/tools/misc/xc3sprog/default.nix b/pkgs/development/tools/misc/xc3sprog/default.nix
new file mode 100644
index 00000000000..52471c30fd0
--- /dev/null
+++ b/pkgs/development/tools/misc/xc3sprog/default.nix
@@ -0,0 +1,25 @@
+{ stdenv, fetchsvn, cmake, libusb, libftdi }:
+
+# The xc3sprog project doesn't seem to make proper releases, they only put out
+# prebuilt binary subversion snapshots on sourceforge.
+
+stdenv.mkDerivation rec {
+  version = "748"; # latest @ 2013-10-26
+  name = "xc3sprog-${version}";
+
+  src = fetchsvn rec {
+    url = "https://svn.code.sf.net/p/xc3sprog/code/trunk";
+    sha256 = "0wkz6094kkqz91qpa24pzlbhndc47sjmqhwk3p7ccabv0041rzk0";
+    rev = "${version}";
+  };
+
+  buildInputs = [ cmake libusb libftdi ];
+
+  meta = with stdenv.lib; {
+    description = "Command-line tools for programming FPGAs, microcontrollers and PROMs via JTAG";
+    homepage = http://xc3sprog.sourceforge.net/;
+    license = licenses.gpl2Plus;
+    platforms = platforms.linux;
+    maintainers = [ maintainers.bjornfor ];
+  };
+}
diff --git a/pkgs/development/tools/slimerjs/default.nix b/pkgs/development/tools/slimerjs/default.nix
new file mode 100644
index 00000000000..23aae157f09
--- /dev/null
+++ b/pkgs/development/tools/slimerjs/default.nix
@@ -0,0 +1,38 @@
+{stdenv, fetchurl, unzip, xulrunner, bash}:
+let
+  s = # Generated upstream information
+  rec {
+    baseName="slimerjs";
+    version="0.8.3";
+    name="${baseName}-${version}";
+    hash="07gwiay2pbzyscn8gnwb8i92xffjahhinlswc1z4h8dbjk837d8h";
+    url="http://download.slimerjs.org/v0.8/slimerjs-0.8.3.zip";
+    sha256="07gwiay2pbzyscn8gnwb8i92xffjahhinlswc1z4h8dbjk837d8h";
+  };
+  buildInputs = [
+    unzip
+  ];
+in
+stdenv.mkDerivation {
+  inherit (s) name version;
+  inherit buildInputs;
+  src = fetchurl {
+    inherit (s) url sha256;
+  };
+  installPhase = ''
+    mkdir -p "$out"/{bin,share/doc/slimerjs,lib/slimerjs}
+    cp LICENSE README* "$out/share/doc/slimerjs"
+    cp * "$out/lib/slimerjs"
+    echo '#!${bash}/bin/bash' >>  "$out/bin/slimerjs"
+    echo 'export SLIMERJSLAUNCHER=${xulrunner}/bin/xulrunner' >>  "$out/bin/slimerjs"
+    echo "'$out/lib/slimerjs/slimerjs' \"\$@\"" >> "$out/bin/slimerjs"
+    chmod a+x "$out/bin/slimerjs"
+  '';
+  meta = {
+    inherit (s) version;
+    description = ''Gecko-based programmatically-driven browser'';
+    license = stdenv.lib.licenses.mpl20 ;
+    maintainers = [stdenv.lib.maintainers.raskin];
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/development/tools/slimerjs/default.upstream b/pkgs/development/tools/slimerjs/default.upstream
new file mode 100644
index 00000000000..f2d6b89e51b
--- /dev/null
+++ b/pkgs/development/tools/slimerjs/default.upstream
@@ -0,0 +1,2 @@
+url http://slimerjs.org/download.html
+version_link '/slimerjs-[0-9.]+[.]zip$'
diff --git a/pkgs/games/alienarena/default.nix b/pkgs/games/alienarena/default.nix
index 856d9afe0f9..d9852971adf 100644
--- a/pkgs/games/alienarena/default.nix
+++ b/pkgs/games/alienarena/default.nix
@@ -2,11 +2,11 @@
 , libvorbis, freetype, openal, mesa }:
 
 stdenv.mkDerivation rec {
-  name = "alienarena-7.52";
+  name = "alienarena-7.65";
 
   src = fetchurl {
-    url = "http://icculus.org/alienarena/Files/alienarena-7_52-linux20110929.tar.gz";
-    sha256 = "1s1l3apxsxnd8lyi568y38a1fcdr0gwmc3lkgq2nkc676k4gki3m";
+    url = "http://icculus.org/alienarena/Files/alienarena-7.65-linux20130207.tar.gz";
+    sha256 = "03nnv4m2xmswr0020hssajncdb8sy95jp5yccsm53sgxga4r8igg";
   };
 
   buildInputs = [ pkgconfig libjpeg libX11 curl libogg libvorbis
@@ -14,7 +14,8 @@ stdenv.mkDerivation rec {
 
   patchPhase = ''
     substituteInPlace ./configure \
-      --replace libopenal.so.1 ${openal}/lib/libopenal.so.1
+      --replace libopenal.so.1 ${openal}/lib/libopenal.so.1 \
+      --replace libGL.so.1 ${mesa}/lib/libGL.so.1
   '';
 
   meta = {
diff --git a/pkgs/games/flightgear/default.nix b/pkgs/games/flightgear/default.nix
index 9b9e7ab9680..71183d0ea2a 100644
--- a/pkgs/games/flightgear/default.nix
+++ b/pkgs/games/flightgear/default.nix
@@ -1,58 +1,63 @@
-x@{builderDefsPackage
-  , freeglut, freealut, mesa, libICE, libjpeg, openal, openscenegraph, plib
-  , libSM, libunwind, libX11, xproto, libXext, xextproto, libXi, inputproto
-  , libXmu, libXt, simgear, zlib, boost, cmake, libpng
-  , ...}:
-builderDefsPackage
-(a :
-let
-  helperArgNames = ["stdenv" "fetchurl" "builderDefsPackage"] ++
-    [];
-
-  buildInputs = map (n: builtins.getAttr n x)
-    (builtins.attrNames (builtins.removeAttrs x helperArgNames));
-  sourceInfo = rec {
-    baseName="flightgear";
-    version="2.10.0";
-    name="${baseName}-${version}";
-    extension="tar.bz2";
-    url="http://ftp.linux.kiev.ua/pub/fgfs/Source/${name}.${extension}";
-    hash="0pq5nwyxwp8ar5rr0jh8p04bv0i9i841m374jwd748csnsn28zh6";
+{ stdenv, fetchurl
+, freeglut, freealut, mesa, libICE, libjpeg, openal, openscenegraph, plib
+, libSM, libunwind, libX11, xproto, libXext, xextproto, libXi, inputproto
+, libXmu, libXt, simgear, zlib, boost, cmake, libpng, udev, fltk13, apr
+, makeDesktopItem
+}:
+
+stdenv.mkDerivation rec {
+  version = "2.12.0";
+  name = "flightgear-${version}";
+
+  src = fetchurl {
+    url = "http://ftp.linux.kiev.ua/pub/fgfs/Source/${name}.tar.bz2";
+    sha256 = "0h9ka4pa2njxbvy5jlmnsjy5ynzms504ygqn7hd80g3c58drsjc4";
   };
-in
-rec {
-  src = a.fetchurl {
-    url = sourceInfo.url;
-    sha256 = sourceInfo.hash;
+
+  datasrc = fetchurl {
+    url = "http://ftp.igh.cnrs.fr/pub/flightgear/ftp/Shared/FlightGear-data-${version}.tar.bz";
+    sha256 = "0qjvcj2cz7ypa91v95lws44fg8c1p0pazv24ljkai2m2r0jgsv8k";
+  };
+
+  # Of all the files in the source and data archives, there doesn't seem to be
+  # a decent icon :-)
+  iconsrc = fetchurl {
+    url = "http://wiki.flightgear.org/images/6/62/FlightGear_logo.png";
+    sha256 = "1ikz413jia55vfnmx8iwrlxvx8p16ggm81mbrj66wam3q7s2dm5p";
   };
 
-  datasrc = a.fetchurl {
-    url = "http://ftp.igh.cnrs.fr/pub/flightgear/ftp/Shared/FlightGear-data-2.0.0.tar.bz2";
-    sha256 = "0kvmvh5qycbpdjx12l20cbhljwimmcgww2dg4lkc2sky0kg14ic1";
+  desktopItem = makeDesktopItem {
+    name = "flightgear";
+    exec = "fgfs";
+    icon = "${iconsrc}";
+    comment = "FlightGear Flight Simulator";
+    desktopName = "FlightGear";
+    genericName = "Flight simulator";
+    categories = "Game;Simulation";
   };
 
-  inherit (sourceInfo) name version;
-  inherit buildInputs;
+  buildInputs = [
+    freeglut freealut mesa libICE libjpeg openal openscenegraph plib
+    libSM libunwind libX11 xproto libXext xextproto libXi inputproto
+    libXmu libXt simgear zlib boost cmake libpng udev fltk13 apr
+  ];
 
-  /* doConfigure should be removed if not needed */
-  phaseNames = ["doCmake" "doMakeInstall" "deployData"];
+  preConfigure = ''
+    export cmakeFlagsArray=(-DFG_DATA_DIR="$out/share/FlightGear/")
+  '';
 
-  deployData = a.fullDepEntry ''
+  postInstall = ''
     mkdir -p "$out/share/FlightGear"
-    cd "$out/share/FlightGear"
-    tar xvf ${datasrc}
-  '' ["minInit" "defEnsureDir"];
-
-  meta = {
-    description = "A flight simulator";
-    maintainers = with a.lib.maintainers;
-    [
-      raskin
-    ];
-    #platforms = a.lib.platforms.linux;
-    license = a.lib.licenses.gpl2;
-  };
-  passthru = {
-  };
-}) x
+    tar xvf "${datasrc}" -C "$out/share/FlightGear/" --strip-components=1
 
+    mkdir -p "$out/share/applications/"
+    cp "${desktopItem}"/share/applications/* "$out/share/applications/"
+  '';
+
+  meta = with stdenv.lib; {
+    description = "Flight simulator";
+    maintainers = with maintainers; [ raskin ];
+    #platforms = platforms.linux; # disabled from hydra because it's so big
+    license = licenses.gpl2;
+  };
+}
diff --git a/pkgs/games/freeciv/default.nix b/pkgs/games/freeciv/default.nix
index de62b4a669a..ac1fc7395ae 100644
--- a/pkgs/games/freeciv/default.nix
+++ b/pkgs/games/freeciv/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, zlib, bzip2, pkgconfig
+{ stdenv, fetchurl, zlib, bzip2, pkgconfig, curl, lzma, gettext
 , sdlClient ? true, SDL, SDL_mixer, SDL_image, SDL_ttf, SDL_gfx, freetype
 , gtkClient ? false, gtk
 , server ? true, readline }:
@@ -6,18 +6,23 @@
 let
   inherit (stdenv.lib) optional optionals;
   client = sdlClient || gtkClient;
+
+  sdlName = if sdlClient then "-sdl" else "";
+  gtkName = if gtkClient then "-gtk" else "";
+
+  baseName = "freeciv-2.4.0";
 in
-stdenv.mkDerivation rec {
-  name = "freeciv-2.3.1";
+stdenv.mkDerivation {
+  name = baseName + sdlName + gtkName;
 
   src = fetchurl {
-    url = "mirror://sourceforge/freeciv/${name}.tar.bz2";
-    sha256 = "1n3ak0y9hj9kha0r3cdbi8zb47vrgal1jsbblamqgwwwgzy8cri3";
+    url = "mirror://sourceforge/freeciv/${baseName}.tar.bz2";
+    sha256 = "1bc01pyihsrby6w95n49gi90ggp40dyxsy4kmlmwcakxfxprwakv";
   };
 
   nativeBuildInputs = [ pkgconfig ];
 
-  buildInputs = [ zlib bzip2 ]
+  buildInputs = [ zlib bzip2 curl lzma gettext ]
     ++ optionals sdlClient [ SDL SDL_mixer SDL_image SDL_ttf SDL_gfx freetype ]
     ++ optional gtkClient gtk
     ++ optional server readline;
diff --git a/pkgs/games/gsb/default.nix b/pkgs/games/gsb/default.nix
new file mode 100644
index 00000000000..52c3830c22a
--- /dev/null
+++ b/pkgs/games/gsb/default.nix
@@ -0,0 +1,74 @@
+{ stdenv, config, requireFile
+, curl3, SDL, SDL_image, libpng12, libjpeg62, libvorbis, libogg, openal, mesa
+, libX11, libXext, libXft, fontconfig, zlib }:
+
+assert stdenv.system == "i686-linux" || stdenv.system == "x86_64-linux";
+
+stdenv.mkDerivation rec {
+  name = "gsb-1.56.0";
+
+  goBuyItNow = '' 
+    We cannot download the full version automatically, as you require a license.
+    Once you bought a license, you need to add your downloaded version to the nix store.
+    You can do this by using "nix-prefetch-url file://gsb1324679796.tar.gz" in the
+    directory where you saved it.
+  ''; 
+
+  src = requireFile {
+     message = goBuyItNow;
+     name = "gsb1324679796.tar.gz";
+     sha256 = "12jsz9v55w9zxwiz4kbm6phkv60q3c2kyv5imsls13385pzwcs8i";
+  };
+
+  arch = if stdenv.system == "i686-linux" then "x86" else "x86_64";
+
+  phases = "unpackPhase installPhase";
+
+  # XXX: stdenv.lib.makeLibraryPath doesn't pick up /lib64
+  libPath = stdenv.lib.makeLibraryPath [ stdenv.gcc.gcc stdenv.gcc.libc ] 
+    + ":" + stdenv.lib.makeLibraryPath [ SDL SDL_image libjpeg62 libpng12 mesa ]
+    + ":" + stdenv.lib.makeLibraryPath [ curl3 openal libvorbis libogg ]
+    + ":" + stdenv.lib.makeLibraryPath [ libX11 libXext libXft fontconfig zlib ]
+    + ":" + stdenv.gcc.gcc + "/lib64";
+
+  installPhase = ''
+    ensureDir $out/libexec/positech/GSB/
+    ensureDir $out/bin
+
+    patchelf \
+      --interpreter "$(cat $NIX_GCC/nix-support/dynamic-linker)" \
+      --set-rpath $libPath \
+      ./GSB.bin.$arch
+
+    cp -r * $out/libexec/positech/GSB/
+    rm -rf $out/libexec/positech/GSB/lib64/
+    rm -rf $out/libexec/positech/GSB/lib/
+
+    #makeWrapper doesn't do cd. :(
+
+    cat > $out/bin/GSB << EOF
+    #!/bin/sh
+    cd $out/libexec/positech/GSB
+    exec ./GSB.bin.$arch
+    EOF
+    chmod +x $out/bin/GSB
+  '';
+
+  meta = {
+    description = "Gratuitous Space Battles";
+    longDescription = ''
+      a strategy / management / simulation game that does away with all the
+      base building and delays and gets straight to the meat and potatoes of
+      science-fiction games : The big space battles fought by huge spaceships with
+      tons of laser beams and things going 'zap!', 'ka-boom!' and 'ka-pow!'. In GSB
+      you put your ships together from modular components, arrange them into fleets,
+      give your ships orders of engagement and then hope they emerge victorious from
+      battle (or at least blow to bits in aesthetically pleasing ways).
+    '';
+    homepage = http://www.positech.co.uk/gratuitousspacebattles/index.html;
+    license = [ "unfree" ];
+    maintainers = with stdenv.lib.maintainers; [ jcumming ];
+    platforms = [ "x86_64-linux" "i686-linux" ] ;
+  };
+
+}
diff --git a/pkgs/games/residualvm/default.nix b/pkgs/games/residualvm/default.nix
new file mode 100644
index 00000000000..36c40f9bec5
--- /dev/null
+++ b/pkgs/games/residualvm/default.nix
@@ -0,0 +1,30 @@
+{ stdenv, fetchurl, SDL, zlib, libmpeg2, libmad, libogg, libvorbis, flac, alsaLib
+, openglSupport ? false, mesa ? null
+}:
+
+assert openglSupport -> mesa != null;
+
+with stdenv.lib;
+
+stdenv.mkDerivation rec {
+  version = "0.1.1";
+  name = "residualvm-${version}";
+
+  src = fetchurl {
+    url = "mirror://sourceforge/residualvm/residualvm-${version}-sources.tar.bz2";
+    sha256 = "99c419b13885a49bdfc10a50a3a6000fd1ba9504f6aae04c74b840ec6f57a963";
+  };
+
+  buildInputs = [ stdenv SDL zlib libmpeg2 libmad libogg libvorbis flac alsaLib ]
+    ++ optional openglSupport [ mesa ];
+
+  configureFlags="--enable-all-engines";
+
+  meta = {
+    description = "Interpreter for LucasArts' Lua-based 3D adventure games";
+    homepage = http://residualvm.org/;
+    repositories.git = https://github.com/residualvm/residualvm.git;
+    licencse = licenses.gpl2;
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/games/sauerbraten/default.nix b/pkgs/games/sauerbraten/default.nix
index ff99b428cef..8bec0f7b1a9 100644
--- a/pkgs/games/sauerbraten/default.nix
+++ b/pkgs/games/sauerbraten/default.nix
@@ -14,7 +14,7 @@ let
     baseName="sauerbraten";
     version="3331";
     name="${baseName}-r${version}";
-    url="https://sauerbraten.svn.sourceforge.net/svnroot/sauerbraten";
+    url="https://svn.code.sf.net/p/sauerbraten/code";
     hash="0904hk9rz2x941c9587bfxa4rca81260j3m2hjjrp984w67x2w7y";
   };
 in
diff --git a/pkgs/games/xboard/default.nix b/pkgs/games/xboard/default.nix
index 7e73bfad540..45411263876 100644
--- a/pkgs/games/xboard/default.nix
+++ b/pkgs/games/xboard/default.nix
@@ -5,11 +5,11 @@ let
   s = # Generated upstream information
   rec {
     baseName="xboard";
-    version="4.7.1";
+    version="4.7.2";
     name="${baseName}-${version}";
-    hash="0hnav2swswaf0463c4wnmgwaif3g42f2a1mqyqc5fa1py32iy6ry";
-    url="mirror://gnu/xboard/xboard-4.7.1.tar.gz";
-    sha256="0hnav2swswaf0463c4wnmgwaif3g42f2a1mqyqc5fa1py32iy6ry";
+    hash="1vm95fjp3pkvvjvamfs7zqw4l4b4v7v52h2npvf9j5059fckcrwv";
+    url="http://ftp.gnu.org/gnu/xboard/xboard-4.7.2.tar.gz";
+    sha256="1vm95fjp3pkvvjvamfs7zqw4l4b4v7v52h2npvf9j5059fckcrwv";
   };
   buildInputs = [
     libX11 xproto libXt libXaw libSM libICE libXmu 
diff --git a/pkgs/misc/emulators/wine/default.nix b/pkgs/misc/emulators/wine/stable.nix
index 4e6ef5af00d..9c1f7fd24ae 100644
--- a/pkgs/misc/emulators/wine/default.nix
+++ b/pkgs/misc/emulators/wine/stable.nix
@@ -6,7 +6,16 @@
 assert stdenv.isLinux;
 assert stdenv.gcc.gcc != null;
 
-let gecko = fetchurl {
+let 
+    version = "1.6";
+    name = "wine-${version}";
+
+    src = fetchurl {
+      url = "mirror://sourceforge/wine/${name}.tar.bz2";
+      sha256 = "1bj21d94i0mqvkmzxd4971232yniribk7q3fllf23ynbpppk1wg1";
+    };
+
+    gecko = fetchurl {
       url = "mirror://sourceforge/wine/wine_gecko-2.21-x86.msi";
       sha256 = "1n0zccnvchkg0m896sjx5psk4bxw9if32xyxib1rbfdasykay7zh";
     };
@@ -22,13 +31,7 @@ let gecko = fetchurl {
     };
 
 in stdenv.mkDerivation rec {
-  version = "1.6";
-  name = "wine-${version}";
-
-  src = fetchurl {
-    url = "mirror://sourceforge/wine/${name}.tar.bz2";
-    sha256 = "1bj21d94i0mqvkmzxd4971232yniribk7q3fllf23ynbpppk1wg1";
-  };
+  inherit version name src;
 
   buildInputs = [
     xlibs.xlibs flex bison xlibs.libXi mesa
diff --git a/pkgs/misc/emulators/wine/stable.upstream b/pkgs/misc/emulators/wine/stable.upstream
new file mode 100644
index 00000000000..b5913798a88
--- /dev/null
+++ b/pkgs/misc/emulators/wine/stable.upstream
@@ -0,0 +1,8 @@
+url http://sourceforge.net/projects/wine/files/Source/
+version_link '[-][0-9]+[.][0-9]*[24680][.]([0-9]+[.])*tar[.][^./]+/download$'
+SF_redirect
+do_overwrite () {
+  ensure_hash
+  set_var_value version "$CURRENT_VERSION"
+  set_var_value sha256 "$CURRENT_HASH"
+}
diff --git a/pkgs/misc/emulators/wine/unstable.nix b/pkgs/misc/emulators/wine/unstable.nix
new file mode 100644
index 00000000000..02ce076ce0f
--- /dev/null
+++ b/pkgs/misc/emulators/wine/unstable.nix
@@ -0,0 +1,77 @@
+{ stdenv, fetchurl, xlibs, flex, bison, mesa, alsaLib
+, ncurses, libpng, libjpeg, lcms, freetype, fontconfig, fontforge
+, libxml2, libxslt, openssl, gnutls, cups, libdrm, makeWrapper
+}:
+
+assert stdenv.isLinux;
+assert stdenv.gcc.gcc != null;
+
+let 
+    version = "1.7.4";
+    name = "wine-${version}";
+
+    src = fetchurl {
+      url = "mirror://sourceforge/wine/${name}.tar.bz2";
+      sha256 = "0sb9zfrvlrjx1icfb94clgac239i9yfhyv48zv9iddgmvdjk8ysi";
+    };
+
+    gecko = fetchurl {
+      url = "mirror://sourceforge/wine/wine_gecko-2.21-x86.msi";
+      sha256 = "1n0zccnvchkg0m896sjx5psk4bxw9if32xyxib1rbfdasykay7zh";
+    };
+
+    gecko64 = fetchurl {
+      url = "mirror://sourceforge/wine/wine_gecko-2.21-x86_64.msi";
+      sha256 = "0grc86dkq90i59zw43hakh62ra1ajnk11m64667xjrlzi7f0ndxw";
+    };
+
+    mono = fetchurl {
+      url = "mirror://sourceforge/wine/wine-mono-0.0.8.msi";
+      sha256 = "00jl24qp7vh3hlqv7wsw1s529lr5p0ybif6s73jy85chqaxj7z1x";
+    };
+
+in stdenv.mkDerivation rec {
+  inherit version name src;
+
+  buildInputs = [
+    xlibs.xlibs flex bison xlibs.libXi mesa
+    xlibs.libXcursor xlibs.libXinerama xlibs.libXrandr
+    xlibs.libXrender xlibs.libXxf86vm xlibs.libXcomposite
+    alsaLib ncurses libpng libjpeg lcms fontforge
+    libxml2 libxslt openssl gnutls cups makeWrapper
+  ];
+
+  # Wine locates a lot of libraries dynamically through dlopen().  Add
+  # them to the RPATH so that the user doesn't have to set them in
+  # LD_LIBRARY_PATH.
+  NIX_LDFLAGS = map (path: "-rpath ${path}/lib ") [
+    freetype fontconfig stdenv.gcc.gcc mesa libdrm
+    xlibs.libXinerama xlibs.libXrender xlibs.libXrandr
+    xlibs.libXcursor xlibs.libXcomposite libpng libjpeg
+    openssl gnutls cups
+  ];
+
+  # Don't shrink the ELF RPATHs in order to keep the extra RPATH
+  # elements specified above.
+  dontPatchELF = true;
+
+  postInstall = ''
+    install -D ${gecko} $out/share/wine/gecko/${gecko.name}
+  '' + stdenv.lib.optionalString (stdenv.system == "x86_64-linux") ''
+    install -D ${gecko} $out/share/wine/gecko/${gecko64.name}
+  '' + ''
+    install -D ${mono} $out/share/wine/mono/${mono.name}
+    wrapProgram $out/bin/wine --prefix LD_LIBRARY_PATH : ${stdenv.gcc.gcc}/lib
+  '';
+
+  enableParallelBuilding = true;
+
+  meta = {
+    homepage = "http://www.winehq.org/";
+    license = "LGPL";
+    inherit version;
+    description = "An Open Source implementation of the Windows API on top of X, OpenGL, and Unix";
+    maintainers = [stdenv.lib.maintainers.raskin stdenv.lib.maintainers.simons];
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/misc/emulators/wine/default.upstream b/pkgs/misc/emulators/wine/unstable.upstream
index e23f341c28a..e3616df7680 100644
--- a/pkgs/misc/emulators/wine/default.upstream
+++ b/pkgs/misc/emulators/wine/unstable.upstream
@@ -1,4 +1,5 @@
 url http://sourceforge.net/projects/wine/files/Source/
+attribute_name wine_unstable
 version_link '[.]tar[.][^./]+/download$'
 SF_redirect
 do_overwrite () {
diff --git a/pkgs/misc/my-env/default.nix b/pkgs/misc/my-env/default.nix
index ac2dc7f8cda..1c0dc0cbfe9 100644
--- a/pkgs/misc/my-env/default.nix
+++ b/pkgs/misc/my-env/default.nix
@@ -59,7 +59,7 @@
 { mkDerivation, substituteAll, pkgs }:
     { stdenv ? pkgs.stdenv, name, buildInputs ? []
     , propagatedBuildInputs ? [], gcc ? stdenv.gcc, cTags ? [], extraCmds ? ""
-    , cleanupCmds ? "", shell ? "${pkgs.bashInteractive}/bin/bash"}:
+    , cleanupCmds ? "", shell ? "${pkgs.bashInteractive}/bin/bash --norc"}:
 
 mkDerivation {
   # The setup.sh script from stdenv will expect the native build inputs in
@@ -146,8 +146,8 @@ mkDerivation {
     EOF
 
     mkdir -p $out/bin
-    sed -e s,@shell@,${shell}, -e s,@myenvpath@,$out/dev-envs/${name}, \
-      -e s,@name@,${name}, ${./loadenv.sh} > $out/bin/load-env-${name}
+    sed -e 's,@shell@,${shell},' -e s,@myenvpath@,$out/dev-envs/${name}, \
+      -e 's,@name@,${name},' ${./loadenv.sh} > $out/bin/load-env-${name}
     chmod +x $out/bin/load-env-${name}
   '';
 }
diff --git a/pkgs/misc/my-env/loadenv.sh b/pkgs/misc/my-env/loadenv.sh
index 5d126f0c29b..6752d1c03b5 100644
--- a/pkgs/misc/my-env/loadenv.sh
+++ b/pkgs/misc/my-env/loadenv.sh
@@ -10,5 +10,5 @@ export buildInputs
 export NIX_STRIP_DEBUG=0
 export TZ="$OLDTZ"
 
-@shell@ --norc
+@shell@
 
diff --git a/pkgs/misc/vim-plugins/default.nix b/pkgs/misc/vim-plugins/default.nix
index af4363f9217..b17b8490a0b 100644
--- a/pkgs/misc/vim-plugins/default.nix
+++ b/pkgs/misc/vim-plugins/default.nix
@@ -1,4 +1,4 @@
-{ fetchurl, stdenv, python, cmake, vim, perl, ruby, unzip }:
+{ fetchurl, stdenv, python, cmake, vim, perl, ruby, unzip, which }:
 
 /*
 About Vim and plugins
@@ -90,14 +90,13 @@ let vimHelpTags = ''
     installPhase = ''
       target=$out/vim-plugins/$path
       ensureDir $out/vim-plugins
-      ls -l
       cp -r . $target
       ${vimHelpTags}
       vimHelpTags $target
     '';
   });
 
-in
+in rec
 
 {
 
@@ -251,4 +250,61 @@ in
     path = "xdebug";
     postInstall = false;
   };
+
+  vimshell = simpleDerivation rec {
+    version = "9.2";
+    name = "vimshell-${version}";
+
+    meta = with stdenv.lib; {
+      description = "An extreme shell that doesn't depend on external shells and is written completely in Vim script";
+      homepage    = https://github.com/Shougo/vimshell.vim;
+      repositories.git = https://github.com/Shougo/vimshell.vim.git;
+      license     = licenses.gpl3;
+      maintainers = with maintainers; [ lovek323 ];
+      platforms   = platforms.unix;
+    };
+
+    src = fetchurl {
+      url    = "https://github.com/Shougo/vimshell.vim/archive/ver.${version}.tar.gz";
+      sha256 = "1pbwxdhpv6pr09b6hwkgy7grpmpwlqpsgsawl38r40q6yib8zb4a";
+    };
+
+    buildInputs = [ vimproc ];
+
+    preBuild = ''
+      sed -ie '1 i\
+      set runtimepath+=${vimproc}/vim-plugins/vimproc\
+      ' autoload/vimshell.vim
+    '';
+
+    path = "vimshell";
+  };
+
+  vimproc = simpleDerivation rec {
+    version = "5cf4c6bfe9bf0649159b5648d736d54c96e99b3e";
+    name    = "vimproc-${version}";
+
+    meta = with stdenv.lib; {
+      description = "An asynchronous execution library for Vim";
+      homepage    = https://github.com/Shougo/vimproc.vim;
+      repositories.git = https://github.com/Shougo/vimproc.vim.git;
+      license     = licenses.gpl3;
+      maintainers = with maintainers; [ lovek323 ];
+      platforms   = platforms.unix;
+    };
+
+    src = fetchurl {
+      url    = "${meta.homepage}/archive/${version}.tar.gz";
+      sha256 = "0f76mc7v3656sf9syaq1rxzk3dqz6i5w190wgj15sjjnapzd956p";
+    };
+
+    buildInputs = [ which ];
+
+    buildPhase = ''
+      sed -i 's/vimproc_mac\.so/vimproc_unix\.so/' autoload/vimproc.vim
+      make -f make_unix.mak
+    '';
+
+    path = "vimproc";
+  };
 }
diff --git a/pkgs/os-specific/linux/conspy/default.nix b/pkgs/os-specific/linux/conspy/default.nix
new file mode 100644
index 00000000000..44689cd5d62
--- /dev/null
+++ b/pkgs/os-specific/linux/conspy/default.nix
@@ -0,0 +1,37 @@
+{stdenv, fetchurl, autoconf, automake, ncurses}:
+let
+  s = # Generated upstream information
+  rec {
+    baseName="conspy";
+    version="1.8";
+    name="${baseName}-${version}";
+    hash=sha256;
+    url="http://ace-host.stuart.id.au/russell/files/conspy/conspy-1.8.tar.gz";
+    sha256="1jc2maqp4w4mzlr3s8yni03w1p9sir5hb7gha3ffxj4n32nx42dq";
+  };
+  buildInputs = [
+    autoconf automake ncurses
+  ];
+in
+stdenv.mkDerivation {
+  inherit (s) name version;
+  inherit buildInputs;
+  src = fetchurl {
+    inherit (s) url sha256;
+    curlOpts = " -A application/octet-stream ";
+  };
+  preConfigure = ''
+    touch NEWS
+    echo "EPL 1.0" > COPYING
+    aclocal
+    automake --add-missing
+    autoconf
+  '';
+  meta = {
+    inherit (s) version;
+    description = "Linux text console viewer";
+    license = stdenv.lib.licenses.epl10 ;
+    maintainers = [stdenv.lib.maintainers.raskin];
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/os-specific/linux/conspy/default.upstream b/pkgs/os-specific/linux/conspy/default.upstream
new file mode 100644
index 00000000000..db0c0fd9680
--- /dev/null
+++ b/pkgs/os-specific/linux/conspy/default.upstream
@@ -0,0 +1 @@
+url http://ace-host.stuart.id.au/russell/files/conspy/
diff --git a/pkgs/os-specific/linux/forktty/default.nix b/pkgs/os-specific/linux/forktty/default.nix
new file mode 100644
index 00000000000..6402b5c69d8
--- /dev/null
+++ b/pkgs/os-specific/linux/forktty/default.nix
@@ -0,0 +1,36 @@
+{stdenv, fetchurl}:
+let
+  s = # Generated upstream information
+  rec {
+    baseName="forktty";
+    version="1.3";
+    name="${baseName}-${version}";
+    hash="0nd55zdqly6nl98k9lc7j751x86cw9hayx1qn0725f22r1x3j5zb";
+    url="http://sunsite.unc.edu/pub/linux/utils/terminal/forktty-1.3.tgz";
+    sha256="0nd55zdqly6nl98k9lc7j751x86cw9hayx1qn0725f22r1x3j5zb";
+  };
+  buildInputs = [
+  ];
+in
+stdenv.mkDerivation {
+  inherit (s) name version;
+  inherit buildInputs;
+  src = fetchurl {
+    inherit (s) url sha256;
+  };
+  preBuild = ''
+    sed -e s@/usr/bin/ginstall@install@g -i Makefile
+  '';
+  preInstall = ''
+    mkdir -p "$out/bin"
+    mkdir -p "$out/share/man/man8"
+  '';
+  makeFlags='' prefix="''${out}" manprefix="''${out}/share/" '';
+  meta = {
+    inherit (s) version;
+    description = ''Tool to detach from controlling TTY and attach to another'';
+    license = stdenv.lib.licenses.gpl2 ;
+    maintainers = [stdenv.lib.maintainers.raskin];
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/os-specific/linux/forktty/default.upstream b/pkgs/os-specific/linux/forktty/default.upstream
new file mode 100644
index 00000000000..45cb775a0ae
--- /dev/null
+++ b/pkgs/os-specific/linux/forktty/default.upstream
@@ -0,0 +1,2 @@
+url http://sunsite.unc.edu/pub/linux/utils/terminal/
+version_link 'forktty.*tgz'
diff --git a/pkgs/os-specific/linux/gfxtablet/default.nix b/pkgs/os-specific/linux/gfxtablet/default.nix
new file mode 100644
index 00000000000..394defdb19a
--- /dev/null
+++ b/pkgs/os-specific/linux/gfxtablet/default.nix
@@ -0,0 +1,35 @@
+{stdenv, fetchgit, linuxHeaders}:
+let
+  s = # Generated upstream information
+  rec {
+    version="git-2013-10-21";
+    name = "gfxtablet-uinput-driver-${version}";
+    rev = "c4e337ae0b53a8ccdfe11b904ff129714bd25ec4";
+    sha256 = "19d96r2vw9xv82fnfwdyyyf0fja6n06mgg14va996knsn2x5l4la";
+    url = "https://github.com/rfc2822/GfxTablet.git";
+  };
+  buildInputs = [
+    linuxHeaders
+  ];
+in
+stdenv.mkDerivation {
+  inherit (s) name version;
+  inherit buildInputs;
+  src = fetchgit {
+    inherit (s) url sha256 rev;
+  };
+  preBuild = ''cd driver-uinput'';
+  installPhase = ''
+    mkdir -p "$out/bin"
+    cp networktablet "$out/bin"
+    mkdir -p "$out/share/doc/gfxtablet/"
+    cp ../*.md "$out/share/doc/gfxtablet/"
+  '';
+  meta = {
+    inherit (s) version;
+    description = ''Uinput driver for Android GfxTablet tablet-as-input-device app'';
+    license = stdenv.lib.licenses.mit ;
+    maintainers = [stdenv.lib.maintainers.raskin];
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/os-specific/linux/kernel/linux-3.11.nix b/pkgs/os-specific/linux/kernel/linux-3.11.nix
index 6a3320669a5..6531895d8a7 100644
--- a/pkgs/os-specific/linux/kernel/linux-3.11.nix
+++ b/pkgs/os-specific/linux/kernel/linux-3.11.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl, ... } @ args:
 
 import ./generic.nix (args // rec {
-  version = "3.11.4";
+  version = "3.11.6";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz";
-    sha256 = "1kv6j7mc5r5qw43kirc0fv83khpnwy8m7158qf8ar08p3r01i3mi";
+    sha256 = "0klbyx6qy3ifwrwh5w7yzk6m6jd32flkk73z95bih3ihmbnbzlvs";
   };
 
   features.iwlwifi = true;
diff --git a/pkgs/os-specific/linux/kernel/linux-3.4.nix b/pkgs/os-specific/linux/kernel/linux-3.4.nix
index d37ca172479..47393b0ae74 100644
--- a/pkgs/os-specific/linux/kernel/linux-3.4.nix
+++ b/pkgs/os-specific/linux/kernel/linux-3.4.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl, ... } @ args:
 
 import ./generic.nix (args // rec {
-  version = "3.4.66";
+  version = "3.4.67";
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v3.x/linux-${version}.tar.xz";
-    sha256 = "09jrj989mqk76klrg5zq1z8qrx3gif69bqi78ywq3jky8dmrwz3y";
+    sha256 = "1ndzlwhxvlm4lr86240h3ysxhmdkgdcp0n6qhid5nwrmxf5fpb1d";
   };
 
   features.iwlwifi = true;
diff --git a/pkgs/os-specific/linux/kernel/patches.nix b/pkgs/os-specific/linux/kernel/patches.nix
index 73533104ca9..5bda5b1f263 100644
--- a/pkgs/os-specific/linux/kernel/patches.nix
+++ b/pkgs/os-specific/linux/kernel/patches.nix
@@ -134,9 +134,11 @@ rec {
   grsecurity_2_9_1_3_2_51 =
     { name = "grsecurity-2.9.1-3.2.51";
       patch = fetchurl {
-        url = http://grsecurity.net/stable/grsecurity-2.9.1-3.2.51-201309101928.patch;
-        sha256 = "90f9ddc74d56f4525b8faa8505a95f45c23a2e763c7519ba5ae953069a51aca2";
+        url = http://grsecurity.net/stable/grsecurity-2.9.1-3.2.51-201309281102.patch;
+        sha256 = "0mwwdmccihzhl25c9q92x0k33c5kxbz6mikid9diramvki7sk0l8";
       };
+      # The grsec kernel patch seems to include the apparmor patches as of 2.9.1-3.2.51
+      features.apparmor = true;
     };
 
 }
diff --git a/pkgs/os-specific/linux/ttysnoop/default.nix b/pkgs/os-specific/linux/ttysnoop/default.nix
new file mode 100644
index 00000000000..670c9608344
--- /dev/null
+++ b/pkgs/os-specific/linux/ttysnoop/default.nix
@@ -0,0 +1,38 @@
+{stdenv, fetchurl}:
+let
+  s = # Generated upstream information
+  rec {
+    baseName="ttysnoop";
+    version="0.12d.k26";
+    name="${baseName}-${version}";
+    hash="0jb2zchaiqmmickj0la7wjw3sf9vy65qfhhs11yrzx4mmwkp0395";
+    url="http://sysd.org/stas/files/active/0/ttysnoop-0.12d.k26.tar.gz";
+    sha256="0jb2zchaiqmmickj0la7wjw3sf9vy65qfhhs11yrzx4mmwkp0395";
+  };
+  buildInputs = [
+  ];
+in
+stdenv.mkDerivation {
+  inherit (s) name version;
+  inherit buildInputs;
+  src = fetchurl {
+    inherit (s) url sha256;
+  };
+  preBuild = ''
+    sed -e "s@/sbin@$out/sbin@g" -i Makefile
+    sed -e "s@/usr/man@$out/share/man@g" -i Makefile
+    mkdir -p "$out/share/man/man8"
+    mkdir -p "$out/sbin"
+  '';
+  postInstall = ''
+    mkdir -p "$out/etc"
+    cp snooptab.dist "$out/etc/snooptab"
+  '';
+  meta = {
+    inherit (s) version;
+    description = "A tool to clone input and output of another tty/pty to the current one";
+    license = stdenv.lib.licenses.gpl2 ;
+    maintainers = [stdenv.lib.maintainers.raskin];
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/os-specific/linux/ttysnoop/default.upstream b/pkgs/os-specific/linux/ttysnoop/default.upstream
new file mode 100644
index 00000000000..905a639c31e
--- /dev/null
+++ b/pkgs/os-specific/linux/ttysnoop/default.upstream
@@ -0,0 +1,3 @@
+url http://sysd.org/stas/node/35
+ensure_choice
+version '.*-([0-9a-z.]+)[.]tar[.].*' '\1'
diff --git a/pkgs/servers/http/nginx/default.nix b/pkgs/servers/http/nginx/default.nix
index 8e77d07e5c5..28390aa38da 100644
--- a/pkgs/servers/http/nginx/default.nix
+++ b/pkgs/servers/http/nginx/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, fetchgit, openssl, zlib, pcre, libxml2, libxslt, expat, fullWebDAV ? false }:
+{ stdenv, fetchurl, fetchgit, openssl, zlib, pcre, libxml2, libxslt, expat, fullWebDAV ? false, syslog ? false }:
 
 let
   dav-ext = fetchgit {
@@ -6,6 +6,12 @@ let
     rev = "54cebc1f21fc13391aae692c6cce672fa7986f9d";
     sha256 = "1dvpq1fg5rslnl05z8jc39sgnvh3akam9qxfl033akpczq1bh8nq";
   };
+
+  syslog-ext = fetchgit {
+    url = https://github.com/yaoweibin/nginx_syslog_patch.git;
+    rev = "165affd9741f0e30c4c8225da5e487d33832aca3";
+    sha256 = "14dkkafjnbapp6jnvrjg9ip46j00cr8pqc2g7374z9aj7hrvdvhs";
+  };
 in
 
 stdenv.mkDerivation rec {
@@ -18,6 +24,8 @@ stdenv.mkDerivation rec {
 
   buildInputs = [ openssl zlib pcre libxml2 libxslt ] ++ stdenv.lib.optional fullWebDAV expat;
 
+  patches = if syslog then [ "${syslog-ext}/syslog_1.4.0.patch" ] else [];
+
   configureFlags = [
     "--with-http_ssl_module"
     "--with-http_xslt_module"
@@ -27,7 +35,8 @@ stdenv.mkDerivation rec {
     "--with-http_secure_link_module"
     # Install destination problems
     # "--with-http_perl_module"
-  ] ++ stdenv.lib.optional fullWebDAV "--add-module=${dav-ext}";
+  ] ++ stdenv.lib.optional fullWebDAV "--add-module=${dav-ext}"
+    ++ stdenv.lib.optional syslog "--add-module=${syslog-ext}";
 
   preConfigure = ''
     export NIX_CFLAGS_COMPILE="$NIX_CFLAGS_COMPILE -I${libxml2}/include/libxml2"
diff --git a/pkgs/servers/mail/mailman/default.nix b/pkgs/servers/mail/mailman/default.nix
new file mode 100644
index 00000000000..cda5dba32e0
--- /dev/null
+++ b/pkgs/servers/mail/mailman/default.nix
@@ -0,0 +1,26 @@
+{ stdenv, fetchurl, python }:
+
+stdenv.mkDerivation rec {
+  name = "mailman-2.1.16";
+
+  src = fetchurl {
+    url = "mirror://gnu/mailman/${name}.tgz";
+    sha256 = "0qsgnqjfi07kdiwzik0i78a5q3q5kcw1r61g48abix9qjc32n5ax";
+  };
+
+  buildInputs = [ python ];
+
+  patches = [ ./fix-var-prefix.patch ];
+
+  configureFlags = "--without-permcheck --with-cgi-ext=.cgi --with-var-prefix=/var/lib/mailman";
+
+  installTargets = "doinstall";         # Leave out the 'update' target that's implied by 'install'.
+
+  meta = {
+    homepage = "http://www.gnu.org/software/mailman/";
+    description = "Free software for managing electronic mail discussion and e-newsletter lists";
+    license = stdenv.lib.licenses.gpl2Plus;
+    platforms = stdenv.lib.platforms.linux;
+    maintainers = [ stdenv.lib.maintainers.simons ];
+  };
+}
diff --git a/pkgs/servers/mail/mailman/fix-var-prefix.patch b/pkgs/servers/mail/mailman/fix-var-prefix.patch
new file mode 100644
index 00000000000..9bb735ecbed
--- /dev/null
+++ b/pkgs/servers/mail/mailman/fix-var-prefix.patch
@@ -0,0 +1,33 @@
+diff -ubr mailman-2.1.16-orig/contrib/redhat_fhs.patch mailman-2.1.16/contrib/redhat_fhs.patch
+--- mailman-2.1.16-orig/contrib/redhat_fhs.patch	2013-10-21 14:55:48.797631434 +0200
++++ mailman-2.1.16/contrib/redhat_fhs.patch	2013-10-21 14:56:42.534310378 +0200
+@@ -197,7 +197,7 @@
+ +	    else true; \
+ +	    fi; \
+ +	done
+- 	chmod o-r $(DESTDIR)$(var_prefix)/archives/private
++ 	chmod o-r $(prefix)$(var_prefix)/archives/private
+  	@for d in $(ARCH_INDEP_DIRS); \
+  	do \
+ Only in mailman-2.1.5.FHS: Makefile.in~
+diff -ubr mailman-2.1.16-orig/Makefile.in mailman-2.1.16/Makefile.in
+--- mailman-2.1.16-orig/Makefile.in	2013-10-21 14:55:48.798631519 +0200
++++ mailman-2.1.16/Makefile.in	2013-10-21 14:56:42.562313220 +0200
+@@ -87,7 +87,7 @@
+ 	@echo "Creating architecture independent directories..."
+ 	@for d in $(VAR_DIRS); \
+ 	do \
+-	    dir=$(DESTDIR)$(var_prefix)/$$d; \
++	    dir=$(prefix)$(var_prefix)/$$d; \
+ 	    if test ! -d $$dir; then \
+ 		echo "Creating directory hierarchy $$dir"; \
+ 		$(srcdir)/mkinstalldirs $$dir; \
+@@ -96,7 +96,7 @@
+ 	    else true; \
+ 	    fi; \
+ 	done
+-	chmod o-r $(DESTDIR)$(var_prefix)/archives/private
++	chmod o-r $(prefix)$(var_prefix)/archives/private
+ 	@for d in $(ARCH_INDEP_DIRS); \
+ 	do \
+ 	    dir=$(DESTDIR)$(prefix)/$$d; \
diff --git a/pkgs/servers/monitoring/munin/adding_servicedir_munin-node.patch b/pkgs/servers/monitoring/munin/adding_servicedir_munin-node.patch
new file mode 100644
index 00000000000..856f3d73011
--- /dev/null
+++ b/pkgs/servers/monitoring/munin/adding_servicedir_munin-node.patch
@@ -0,0 +1,84 @@
+From 75a3ec48814e7b9a9b22259a04009076363be3f1 Mon Sep 17 00:00:00 2001
+From: Igor Kolar <igor.kolar@gmail.com>
+Date: Thu, 17 Oct 2013 00:48:23 +0200
+Subject: [PATCH 1/2] node: added --servicedir switch to munin-node
+
+This code is copied over from munin-node-config, that already does the same
+---
+ node/sbin/munin-node | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/node/sbin/munin-node b/node/sbin/munin-node
+index 7b2e180..0a93450 100755
+--- a/node/sbin/munin-node
++++ b/node/sbin/munin-node
+@@ -35,7 +35,7 @@ use Munin::Node::OS;
+ use Munin::Node::Service;
+ use Munin::Node::Server;
+ 
+-my $servicedir;
++my $servicedir = "$Munin::Common::Defaults::MUNIN_CONFDIR/plugins";
+ my $sconfdir = "$Munin::Common::Defaults::MUNIN_CONFDIR/plugin-conf.d";
+ my $conffile = "$Munin::Common::Defaults::MUNIN_CONFDIR/munin-node.conf";
+ my $DEBUG    = 0;
+@@ -101,6 +101,7 @@ sub parse_args
+ 
+     print_usage_and_exit() unless GetOptions(
+         "config=s"     => \$conffile,
++        "servicedir=s" => \$servicedir,
+         "debug!"       => \$DEBUG,
+         "pidebug!"     => \$PIDEBUG,
+         "paranoia!"    => \$paranoia,
+@@ -166,6 +167,10 @@ and returning the output they produce.
+ 
+ Use E<lt>fileE<gt> as configuration file. [@@CONFDIR@@/munin-node.conf]
+ 
++=item B<< --servicedir <dir> >>
++
++Override plugin directory [@@CONFDIR@@/plugins/]
++
+ =item B< --[no]paranoia >
+ 
+ Only run plugins owned by root. Check permissions as well. [--noparanoia]
+-- 
+1.8.4
+
+
+From b8e17cbe73ae4c71b93ff5687ba86db1d0c1f5bd Mon Sep 17 00:00:00 2001
+From: Steve Schnepp <steve.schnepp@pwkf.org>
+Date: Thu, 17 Oct 2013 11:52:10 +0200
+Subject: [PATCH 2/2] node: untaint the service-dir args
+
+---
+ node/sbin/munin-node | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/node/sbin/munin-node b/node/sbin/munin-node
+index 0a93450..909c8c4 100755
+--- a/node/sbin/munin-node
++++ b/node/sbin/munin-node
+@@ -99,9 +99,10 @@ sub parse_args
+ {
+     my @ORIG_ARGV  = @ARGV;
+ 
++    my $servicedir_cmdline;
+     print_usage_and_exit() unless GetOptions(
+         "config=s"     => \$conffile,
+-        "servicedir=s" => \$servicedir,
++        "servicedir=s" => \$servicedir_cmdline,
+         "debug!"       => \$DEBUG,
+         "pidebug!"     => \$PIDEBUG,
+         "paranoia!"    => \$paranoia,
+@@ -109,6 +110,9 @@ sub parse_args
+         "help"         => \&print_usage_and_exit,
+     );
+ 
++    # We untaint the args brutally, since the sysadm should know what he does
++    $servicedir = $1 if defined $servicedir_cmdline && $servicedir_cmdline =~ m/(.*)/;
++
+     # Reset ARGV (for HUPing)
+     @ARGV = @ORIG_ARGV;
+ 
+-- 
+1.8.4
+
diff --git a/pkgs/servers/monitoring/munin/default.nix b/pkgs/servers/monitoring/munin/default.nix
index d7da0f658e2..4f16ab35527 100644
--- a/pkgs/servers/monitoring/munin/default.nix
+++ b/pkgs/servers/monitoring/munin/default.nix
@@ -1,9 +1,5 @@
 { stdenv, fetchurl, makeWrapper, which, coreutils, rrdtool, perl, perlPackages
-, python, ruby, openjdk }:
-
-# TODO: split into server/node derivations
-
-# FIXME: munin tries to write log files and web graphs to its installation path.
+, python, ruby, openjdk, nettools }:
 
 stdenv.mkDerivation rec {
   version = "2.0.17";
@@ -19,6 +15,7 @@ stdenv.mkDerivation rec {
     which
     coreutils
     rrdtool
+    nettools
     perl
     perlPackages.ModuleBuild
     perlPackages.HTMLTemplate
@@ -36,17 +33,49 @@ stdenv.mkDerivation rec {
     perlPackages.NetServer
     perlPackages.ListMoreUtils
     perlPackages.TimeHiRes
+    perlPackages.LWPUserAgent
+    perlPackages.DBDPg
     python
     ruby
     openjdk
+    # tests
+    perlPackages.TestLongString
+    perlPackages.TestDifferences
+    perlPackages.TestDeep
+    perlPackages.TestMockModule
+    perlPackages.TestMockObject
+    perlPackages.FileSlurp
+    perlPackages.IOStringy
+  ];
+
+  # TODO: tests are failing http://munin-monitoring.org/ticket/1390#comment:1
+  # NOTE: important, test command always exits with 0, think of a way to abort the build once tests pass
+  doCheck = false;
+
+  checkPhase = ''
+   export PERL5LIB="$PERL5LIB:${rrdtool}/lib/perl"
+   LC_ALL=C make -j1 test 
+  '';
+
+  patches = [
+    # https://rt.cpan.org/Public/Bug/Display.html?id=75112
+    ./dont_preserve_source_dir_permissions.patch
+
+    # https://github.com/munin-monitoring/munin/pull/134
+    ./adding_servicedir_munin-node.patch
   ];
 
   preBuild = ''
+    substituteInPlace "Makefile" \
+      --replace "/bin/pwd" "pwd"
+
+    # munin checks at build time if user/group exists, unpure
     sed -i '/CHECKUSER/d' Makefile
     sed -i '/CHOWN/d' Makefile
     sed -i '/CHECKGROUP/d' Makefile
-    substituteInPlace "Makefile" \
-      --replace "/usr/pwd" "pwd"
+
+    # munin hardcodes PATH, we need it to obey $PATH
+    sed -i '/ENV{PATH}/d' node/lib/Munin/Node/Service.pm
   '';
 
   # DESTDIR shouldn't be needed (and shouldn't have worked), but munin
@@ -60,7 +89,7 @@ stdenv.mkDerivation rec {
     PYTHON=${python}/bin/python
     RUBY=${ruby}/bin/ruby
     JAVARUN=${openjdk}/bin/java
-    HOSTNAME=default
+    PLUGINUSER=munin
   '';
 
   postFixup = ''
@@ -78,7 +107,8 @@ stdenv.mkDerivation rec {
         case "$file" in
             *.jar) continue;;
         esac
-        wrapProgram "$file" --set PERL5LIB $out/lib/perl5/site_perl:${perlPackages.Log4Perl}/lib/perl5/site_perl:${perlPackages.IOSocketInet6}/lib/perl5/site_perl:${perlPackages.Socket6}/lib/perl5/site_perl:${perlPackages.URI}/lib/perl5/site_perl:${perlPackages.DBFile}/lib/perl5/site_perl:${perlPackages.DateManip}/lib/perl5/site_perl:${perlPackages.HTMLTemplate}/lib/perl5/site_perl:${perlPackages.FileCopyRecursive}/lib/perl5/site_perl:${perlPackages.FCGI}/lib/perl5/site_perl:${perlPackages.NetSNMP}/lib/perl5/site_perl:${perlPackages.NetServer}/lib/perl5/site_perl:${perlPackages.ListMoreUtils}/lib/perl5/site_perl:${perlPackages.TimeHiRes}/lib/perl5/site_perl:${rrdtool}/lib/perl
+        wrapProgram "$file" \
+          --set PERL5LIB "$out/lib/perl5/site_perl:${perlPackages.Log4Perl}/lib/perl5/site_perl:${perlPackages.IOSocketInet6}/lib/perl5/site_perl:${perlPackages.Socket6}/lib/perl5/site_perl:${perlPackages.URI}/lib/perl5/site_perl:${perlPackages.DBFile}/lib/perl5/site_perl:${perlPackages.DateManip}/lib/perl5/site_perl:${perlPackages.HTMLTemplate}/lib/perl5/site_perl:${perlPackages.FileCopyRecursive}/lib/perl5/site_perl:${perlPackages.FCGI}/lib/perl5/site_perl:${perlPackages.NetSNMP}/lib/perl5/site_perl:${perlPackages.NetServer}/lib/perl5/site_perl:${perlPackages.ListMoreUtils}/lib/perl5/site_perl:${perlPackages.TimeHiRes}/lib/perl5/site_perl:${rrdtool}/lib/perl:${perlPackages.DBDPg}/lib/perl5/site_perl:${perlPackages.LWPUserAgent}/lib/perl5/site_perl"
     done
   '';
 
diff --git a/pkgs/servers/monitoring/munin/dont_preserve_source_dir_permissions.patch b/pkgs/servers/monitoring/munin/dont_preserve_source_dir_permissions.patch
new file mode 100644
index 00000000000..78eac728305
--- /dev/null
+++ b/pkgs/servers/monitoring/munin/dont_preserve_source_dir_permissions.patch
@@ -0,0 +1,18 @@
+# https://rt.cpan.org/Public/Bug/Display.html?id=75112
+diff --git a/master/lib/Munin/Master/HTMLOld.pm b/master/lib/Munin/Master/HTMLOld.pm
+index 2b6e71f..c0aa2c0 100644
+--- a/master/lib/Munin/Master/HTMLOld.pm
++++ b/master/lib/Munin/Master/HTMLOld.pm
+@@ -711,10 +711,12 @@ sub emit_main_index {
+ 
+ sub copy_web_resources {
+     my ($staticdir, $htmldir) = @_;
++       local $File::Copy::Recursive::KeepMode = 0;
+ 	unless(dircopy($staticdir, "$htmldir/static")){
+ 		ERROR "[ERROR] Could not copy contents from $staticdir to $htmldir";
+ 		die "[ERROR] Could not copy contents from $staticdir to $htmldir";
+ 	}
++       local $File::Copy::Recursive::KeepMode = 1;
+ }
+ 
+ sub instanciate_comparison_templates {
diff --git a/pkgs/servers/monitoring/zabbix/2.0.nix b/pkgs/servers/monitoring/zabbix/2.0.nix
index 8752f54647f..1386e1609eb 100644
--- a/pkgs/servers/monitoring/zabbix/2.0.nix
+++ b/pkgs/servers/monitoring/zabbix/2.0.nix
@@ -5,11 +5,11 @@ assert enableJabber -> minmay != null;
 
 let
 
-  version = "2.0.8";
+  version = "2.0.9";
 
   src = fetchurl {
     url = "mirror://sourceforge/zabbix/zabbix-${version}.tar.gz";
-    sha256 = "16jiwjw4041j3qn1cs4k812mih8mjwz5022ac0h0n78avrh4kff4";
+    sha256 = "057fjqww0qzs56nm8m3c36kbrhwriysvjvqzgwm9j2bg9ylixvym";
   };
 
   preConfigure =
@@ -31,14 +31,6 @@ in
 
     inherit src preConfigure;
 
-    patchFlags = "-p0";
-    patches =
-      [ (fetchurl {
-          url = "https://support.zabbix.com/secure/attachment/24449/ZBX-7091-2.0.8.patch";
-          sha256 = "1rlk3812dd12imk29i0fw6bzpgi44a8231kiq3bl5yryx18qh580";
-        })
-      ];
-
     configureFlags = [
       "--enable-agent"
       "--enable-server"
diff --git a/pkgs/stdenv/generic/default.nix b/pkgs/stdenv/generic/default.nix
index 3ae6f4bde4c..63860292011 100644
--- a/pkgs/stdenv/generic/default.nix
+++ b/pkgs/stdenv/generic/default.nix
@@ -49,7 +49,7 @@ let
         # Add a utility function to produce derivations that use this
         # stdenv and its shell.
         mkDerivation = attrs:
-          if !allowUnfree && (let l = attrs.meta.license or ""; in l == "unfree" || l == "unfree-redistributable") then
+          if !allowUnfree && (let l = lib.lists.toList attrs.meta.license or []; in lib.lists.elem "unfree" l || lib.lists.elem "unfree-redistributable" l) then
             throw "package ‘${attrs.name}’ has an unfree license, refusing to evaluate"
           else
             lib.addPassthru (derivation (
diff --git a/pkgs/tools/archivers/zpaq/default.nix b/pkgs/tools/archivers/zpaq/default.nix
index 6b04fe17268..3159bae1826 100644
--- a/pkgs/tools/archivers/zpaq/default.nix
+++ b/pkgs/tools/archivers/zpaq/default.nix
@@ -3,11 +3,11 @@ let
   s = # Generated upstream information
   rec {
     baseName="zpaq";
-    version="625";
+    version="642";
     name="${baseName}-${version}";
-    hash="0d3ly8l6mzbqxkg68yz7mid3dr056fgr5n49rlkjwcfg533c5gwx";
-    url="http://mattmahoney.net/dc/zpaq625.zip";
-    sha256="0d3ly8l6mzbqxkg68yz7mid3dr056fgr5n49rlkjwcfg533c5gwx";
+    hash="020nd5gzzynhccldbf1kh4x1cc3445b7ig2cl30xvxaz16h1r2p5";
+    url="http://mattmahoney.net/dc/zpaq642.zip";
+    sha256="020nd5gzzynhccldbf1kh4x1cc3445b7ig2cl30xvxaz16h1r2p5";
   };
   buildInputs = [
     unzip
@@ -29,14 +29,13 @@ stdenv.mkDerivation {
   };
   sourceRoot = ".";
   buildPhase = ''
-    g++ -shared -O3 libzpaq.cpp divsufsort.c ${compileFlags} -o libzpaq.so
-    g++ -O3 -L. -L"$out/lib" -lzpaq zpaq.cpp -o zpaq
-    g++ -O3 -L. -L"$out/lib" -lzpaq zpaqd.cpp -o zpaqd
+    g++ -shared -O3 libzpaq.cpp ${compileFlags} -o libzpaq.so
+    g++ -O3 -L. -L"$out/lib" -lzpaq divsufsort.c zpaq.cpp -o zpaq
   '';
   installPhase = ''
     mkdir -p "$out"/{bin,include,lib,share/doc/zpaq}
     cp libzpaq.so "$out/lib"
-    cp zpaq zpaqd "$out/bin"
+    cp zpaq "$out/bin"
     cp libzpaq.h divsufsort.h "$out/include"
     cp readme.txt "$out/share/doc/zpaq"
   '';
diff --git a/pkgs/tools/archivers/zpaq/zpaqd.nix b/pkgs/tools/archivers/zpaq/zpaqd.nix
new file mode 100644
index 00000000000..cfb76d2ff9b
--- /dev/null
+++ b/pkgs/tools/archivers/zpaq/zpaqd.nix
@@ -0,0 +1,49 @@
+{stdenv, fetchurl, unzip}:
+let
+  s = # Generated upstream information
+  rec {
+    baseName="zpaqd";
+    version="633";
+    name="${baseName}-${version}";
+    hash="00zgc4mcmsd3d4afgzmrp6ymcyy8gb9kap815d5a3f9zhhzkz4dx";
+    url="http://mattmahoney.net/dc/zpaqd633.zip";
+    sha256="00zgc4mcmsd3d4afgzmrp6ymcyy8gb9kap815d5a3f9zhhzkz4dx";
+  };
+  buildInputs = [
+    unzip
+  ];
+  isUnix = stdenv.isLinux || stdenv.isGNU || stdenv.isDarwin || stdenv.isBSD;
+  isx86 = stdenv.isi686 || stdenv.isx86_64;
+  compileFlags = ""
+    + (stdenv.lib.optionalString isUnix " -Dunix -pthread ")
+    + (stdenv.lib.optionalString (!isx86) " -DNOJIT ")
+    + " -DNDEBUG "
+    + " -fPIC "
+    ;
+in
+stdenv.mkDerivation {
+  inherit (s) name version;
+  inherit buildInputs;
+  src = fetchurl {
+    inherit (s) url sha256;
+  };
+  sourceRoot = ".";
+  buildPhase = ''
+    g++ -shared -O3 libzpaq.cpp ${compileFlags} -o libzpaq.so
+    g++ -O3 -L. -L"$out/lib" -lzpaq zpaqd.cpp -o zpaqd
+  '';
+  installPhase = ''
+    mkdir -p "$out"/{bin,include,lib,share/doc/zpaq}
+    cp libzpaq.so "$out/lib"
+    cp zpaqd "$out/bin"
+    cp libzpaq.h "$out/include"
+    cp readme_zpaqd.txt "$out/share/doc/zpaq"
+  '';
+  meta = {
+    inherit (s) version;
+    description = ''ZPAQ archiver decompressor and algorithm development tool'';
+    license = stdenv.lib.licenses.gpl3Plus ;
+    maintainers = [stdenv.lib.maintainers.raskin];
+    platforms = stdenv.lib.platforms.linux;
+  };
+}
diff --git a/pkgs/tools/archivers/zpaq/zpaqd.upstream b/pkgs/tools/archivers/zpaq/zpaqd.upstream
new file mode 100644
index 00000000000..ef83c58e460
--- /dev/null
+++ b/pkgs/tools/archivers/zpaq/zpaqd.upstream
@@ -0,0 +1,5 @@
+url http://mattmahoney.net/dc/zpaqutil.html
+version_link 'zpaqd[0-9]+[.]zip'
+version "[^0-9]*([0-9]+)[^0-9]*" '\1'
+name zpaqd
+attribute_name zpaqd
diff --git a/pkgs/tools/compression/lrzip/default.nix b/pkgs/tools/compression/lrzip/default.nix
index 23b516e32e4..6fd1ae97d96 100644
--- a/pkgs/tools/compression/lrzip/default.nix
+++ b/pkgs/tools/compression/lrzip/default.nix
@@ -1,12 +1,12 @@
 {stdenv, fetchurl, zlib, lzo, bzip2, nasm, perl}:
 
 stdenv.mkDerivation rec {
-  version = "0.614";
+  version = "0.616";
   name = "lrzip-${version}";
 
   src = fetchurl {
     url = "http://ck.kolivas.org/apps/lrzip/${name}.tar.bz2";
-    sha256 = "16i6mz2z6gx8xiva7zb0j78yvkwq1bjbdkl7w3i10195ll097ad8";
+    sha256 = "1bimlbsfzjvippbma08ifm1grcy9i7avryrkdvnvrfyqnj6mlbcq";
   };
 
   buildInputs = [ zlib lzo bzip2 nasm perl ];
diff --git a/pkgs/tools/filesystems/e2fsprogs/default.nix b/pkgs/tools/filesystems/e2fsprogs/default.nix
index b855fce17d0..83d9c25a3e6 100644
--- a/pkgs/tools/filesystems/e2fsprogs/default.nix
+++ b/pkgs/tools/filesystems/e2fsprogs/default.nix
@@ -1,11 +1,11 @@
 { stdenv, fetchurl, pkgconfig, libuuid }:
 
 stdenv.mkDerivation rec {
-  name = "e2fsprogs-1.42.7";
+  name = "e2fsprogs-1.42.8";
 
   src = fetchurl {
     url = "mirror://sourceforge/e2fsprogs/${name}.tar.gz";
-    sha256 = "0ibkkvp6kan0hn0d1anq4n2md70j5gcm7mwna515w82xwyr02rfw";
+    sha256 = "b984aaf1fe888d6a4cf8c2e8d397207879599b5368f1d33232c1ec9d68d00c97";
   };
 
   buildInputs = [ pkgconfig libuuid ];
diff --git a/pkgs/tools/filesystems/glusterfs/default.nix b/pkgs/tools/filesystems/glusterfs/default.nix
index 7cae84a19c7..9d4168b2d7d 100644
--- a/pkgs/tools/filesystems/glusterfs/default.nix
+++ b/pkgs/tools/filesystems/glusterfs/default.nix
@@ -3,11 +3,11 @@ let
   s = # Generated upstream information 
   rec {
     baseName="glusterfs";
-    version="3.3.1";
-    name="glusterfs-3.3.1";
-    hash="06bmnyl3vh8s21kk98idm2fl7kq38na94k5l67l9l1grl3iyzahr";
-    url="http://download.gluster.org/pub/gluster/glusterfs/3.3/3.3.1/glusterfs-3.3.1.tar.gz";
-    sha256="06bmnyl3vh8s21kk98idm2fl7kq38na94k5l67l9l1grl3iyzahr";
+    version="3.4.1";
+    name="${baseName}-${version}";
+    hash="0fdp3bifd7n20xlmsmj374pbp11k7np71f7ibzycsvmqqviv9wdm";
+    url="http://download.gluster.org/pub/gluster/glusterfs/3.4/3.4.1/glusterfs-3.4.1.tar.gz";
+    sha256="0fdp3bifd7n20xlmsmj374pbp11k7np71f7ibzycsvmqqviv9wdm";
   };
   buildInputs = [
     fuse bison flex openssl python ncurses readline
diff --git a/pkgs/tools/graphics/cuneiform/default.nix b/pkgs/tools/graphics/cuneiform/default.nix
index 3c75af4bcf3..2638594903a 100644
--- a/pkgs/tools/graphics/cuneiform/default.nix
+++ b/pkgs/tools/graphics/cuneiform/default.nix
@@ -36,6 +36,7 @@ rec {
 
   name = "cuneiform-" + version;
   meta = {
+    inherit version;
     description = "Cuneiform OCR";
   };
 }
diff --git a/pkgs/tools/misc/rockbox-utility/default.nix b/pkgs/tools/misc/rockbox-utility/default.nix
index 4f271bcd623..adb2a456b88 100644
--- a/pkgs/tools/misc/rockbox-utility/default.nix
+++ b/pkgs/tools/misc/rockbox-utility/default.nix
@@ -1,15 +1,15 @@
-{ stdenv, fetchurl, libusb, qt4 }:
+{ stdenv, fetchurl, libusb1, qt4 }:
 
 stdenv.mkDerivation  rec {
   name = "rockbox-utility-${version}";
-  version = "1.2.8";
+  version = "1.3.1";
 
   src = fetchurl {
-    url = "http://download.rockbox.org/rbutil/source/rbutil_${version}-src.tar.bz2";
-    sha256 = "1gjwlyrwvzfdhqdwvq1chdnjkcn9lk21ixp92h5y74826j3ahdgs";
+    url = "http://download.rockbox.org/rbutil/source/RockboxUtility-v${version}-src.tar.bz2";
+    sha256 = "6c04b5c7eaad1762577908dedb9e40f5b0cee675150ae5ba844ea2c9bea294ca";
   };
 
-  buildInputs = [ libusb qt4 ];
+  buildInputs = [ libusb1 qt4 ];
 
   preBuild = ''
     cd rbutil/rbutilqt
diff --git a/pkgs/tools/networking/curl/7.15.nix b/pkgs/tools/networking/curl/7.15.nix
new file mode 100644
index 00000000000..0a87eaa944c
--- /dev/null
+++ b/pkgs/tools/networking/curl/7.15.nix
@@ -0,0 +1,75 @@
+{ stdenv, fetchurl
+, zlibSupport ? false, zlib ? null
+, sslSupport ? false, openssl ? null
+, scpSupport ? false, libssh2 ? null
+, gssSupport ? false, gss ? null
+, c-aresSupport ? false, c-ares ? null
+, linkStatic ? false
+}:
+
+assert zlibSupport -> zlib != null;
+assert sslSupport -> openssl != null;
+assert scpSupport -> libssh2 != null;
+assert c-aresSupport -> c-ares != null;
+
+stdenv.mkDerivation rec {
+  name = "curl-7.15.0";
+
+  src = fetchurl {
+    url = "http://curl.haxx.se/download/archeology/${name}.tar.gz";
+    sha256 = "061bgjm6rv0l9804vmm4jvr023l52qvmy9qq4zjv4lgqhlljvhz3";
+  };
+
+  # Zlib and OpenSSL must be propagated because `libcurl.la' contains
+  # "-lz -lssl", which aren't necessary direct build inputs of
+  # applications that use Curl.
+  propagatedBuildInputs = with stdenv.lib;
+    optional zlibSupport zlib ++
+    optional gssSupport gss ++
+    optional c-aresSupport c-ares ++
+    optional sslSupport openssl;
+
+  preConfigure = ''
+    sed -e 's|/usr/bin|/no-such-path|g' -i.bak configure
+  '';
+  configureFlags = [
+      ( if sslSupport then "--with-ssl=${openssl}" else "--without-ssl" )
+      ( if scpSupport then "--with-libssh2=${libssh2}" else "--without-libssh2" )
+    ]
+    ++ stdenv.lib.optional c-aresSupport "--enable-ares=${c-ares}"
+    ++ stdenv.lib.optional gssSupport "--with-gssapi=${gss}"
+    ++ stdenv.lib.optionals linkStatic [ "--enable-static" "--disable-shared" ]
+  ;
+
+  dontDisableStatic = linkStatic;
+
+  CFLAGS = if stdenv ? isDietLibC then "-DHAVE_INET_NTOA_R_2_ARGS=1" else "";
+  LDFLAGS = if linkStatic then "-static" else "";
+  CXX = "g++";
+  CXXCPP = "g++ -E";
+
+  # libtool hack to get a static binary. Notice that to 'configure' I passed
+  # other LDFLAGS, because it doesn't use libtool for linking in the tests.
+  makeFlags = if linkStatic then "LDFLAGS=-all-static" else "";
+
+  crossAttrs = {
+    # We should refer to the cross built openssl
+    # For the 'urandom', maybe it should be a cross-system option
+    configureFlags = [
+        ( if sslSupport then "--with-ssl=${openssl.crossDrv}" else "--without-ssl" )
+        "--with-random /dev/urandom"
+      ]
+      ++ stdenv.lib.optionals linkStatic [ "--enable-static" "--disable-shared" ]
+    ;
+  };
+
+  passthru = {
+    inherit sslSupport openssl;
+  };
+
+  meta = {
+    homepage = "http://curl.haxx.se/";
+    description = "A command line tool for transferring files with URL syntax";
+    platforms = stdenv.lib.platforms.all;
+  };
+}
diff --git a/pkgs/tools/networking/netcat-openbsd/default.nix b/pkgs/tools/networking/netcat-openbsd/default.nix
new file mode 100644
index 00000000000..c7bbf3892d2
--- /dev/null
+++ b/pkgs/tools/networking/netcat-openbsd/default.nix
@@ -0,0 +1,32 @@
+{stdenv, fetchurl, pkgconfig, libbsd}:
+
+stdenv.mkDerivation rec {
+  name = "netcat-openbsd-1.105";
+  version = "1.105";
+
+  srcs = [
+    (fetchurl {
+      url = "mirror://debian/pool/main/n/netcat-openbsd/netcat-openbsd_1.105.orig.tar.gz";
+      md5 = "7e67b22f1ad41a1b7effbb59ff28fca1";
+    })
+    (fetchurl {
+      url = "mirror://debian/pool/main/n/netcat-openbsd/netcat-openbsd_1.105-7.debian.tar.gz";
+      md5 = "e914f8eb7eda5c75c679dd77787ac76b";
+    })
+  ];
+
+  buildInputs = [ pkgconfig libbsd ];
+  sourceRoot = name;
+  patches = [ "../debian/patches/*.patch" ];
+
+  installPhase = ''
+    install -Dm0755 nc $out/bin/nc
+  '';
+
+  meta = {
+    homepage = "http://packages.debian.org/netcat-openbsd";
+    description = "TCP/IP swiss army knife. OpenBSD variant.";
+    platforms = stdenv.lib.platforms.linux;
+  };
+
+}
diff --git a/pkgs/tools/package-management/nix/unstable.nix b/pkgs/tools/package-management/nix/unstable.nix
index a548a9f13bd..7bdc8d1aefb 100644
--- a/pkgs/tools/package-management/nix/unstable.nix
+++ b/pkgs/tools/package-management/nix/unstable.nix
@@ -5,11 +5,11 @@
 }:
 
 stdenv.mkDerivation rec {
-  name = "nix-1.7pre3252_792fd51";
+  name = "nix-1.7pre3267_2d9bb56";
 
   src = fetchurl {
-    url = "http://hydra.nixos.org/build/6500161/download/5/${name}.tar.xz";
-    sha256 = "f99c1996292ea1a20068f0a6d58d3dc4775f30fdd22cdd756ac4d749acb2c20e";
+    url = "http://hydra.nixos.org/build/6611474/download/5/${name}.tar.xz";
+    sha256 = "f62b48910651c4651cd4473a0bb433d65cf60c93c0f80d589b26fec52b3b82b3";
   };
 
   nativeBuildInputs = [ perl pkgconfig ];
diff --git a/pkgs/tools/typesetting/tex/tex4ht/default.nix b/pkgs/tools/typesetting/tex/tex4ht/default.nix
index 24612de549e..f903ef5792f 100644
--- a/pkgs/tools/typesetting/tex/tex4ht/default.nix
+++ b/pkgs/tools/typesetting/tex/tex4ht/default.nix
@@ -24,7 +24,7 @@ stdenv.mkDerivation rec {
     for f in src/tex4ht src/t4ht src/htcmd "bin/unix/"*; do
       mv $f $out/bin/
     done
-    mv texmf $out/
+    mv texmf $out/texmf-dist
   '';
 
   meta = {
diff --git a/pkgs/top-level/all-packages.nix b/pkgs/top-level/all-packages.nix
index 3450035e884..5a3280b2012 100644
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@@ -661,6 +661,8 @@ let
 
   connect = callPackage ../tools/networking/connect { };
 
+  conspy = callPackage ../os-specific/linux/conspy {};
+
   convertlit = callPackage ../tools/text/convertlit { };
 
   collectd = callPackage ../tools/system/collectd { };
@@ -712,6 +714,11 @@ let
     scpSupport = zlibSupport && !stdenv.isSunOS && !stdenv.isCygwin;
   };
 
+  curl3 = callPackage ../tools/networking/curl/7.15.nix rec {
+    zlibSupport = true;
+    sslSupport = zlibSupport;
+  };
+
   cunit = callPackage ../tools/misc/cunit { };
 
   curlftpfs = callPackage ../tools/filesystems/curlftpfs { };
@@ -891,6 +898,8 @@ let
     withX11 = true;
   };
 
+  forktty = callPackage ../os-specific/linux/forktty {};
+
   fortune = callPackage ../tools/misc/fortune { };
 
   fox = callPackage ../development/libraries/fox/default.nix {
@@ -1372,6 +1381,8 @@ let
 
   netcat = callPackage ../tools/networking/netcat { };
 
+  netcat-openbsd = callPackage ../tools/networking/netcat-openbsd { };
+
   netkittftp = callPackage ../tools/networking/netkit/tftp { };
 
   netpbm = callPackage ../tools/graphics/netpbm { };
@@ -1880,6 +1891,8 @@ let
 
   ttf2pt1 = callPackage ../tools/misc/ttf2pt1 { };
 
+  ttysnoop = callPackage ../os-specific/linux/ttysnoop {};
+
   twitterBootstrap = callPackage ../development/web/twitter-bootstrap {};
 
   txt2man = callPackage ../tools/misc/txt2man { };
@@ -1900,6 +1913,8 @@ let
 
   upx = callPackage ../tools/compression/upx { };
 
+  urlview = callPackage ../applications/misc/urlview {};
+
   usbmuxd = callPackage ../tools/misc/usbmuxd {};
 
   vacuum = callPackage ../applications/networking/instant-messengers/vacuum {};
@@ -2148,6 +2163,7 @@ let
   zip = callPackage ../tools/archivers/zip { };
 
   zpaq = callPackage ../tools/archivers/zpaq { };
+  zpaqd = callPackage ../tools/archivers/zpaq/zpaqd.nix { };
 
   zsync = callPackage ../tools/compression/zsync { };
 
@@ -2191,6 +2207,8 @@ let
 
   aspectj = callPackage ../development/compilers/aspectj { };
 
+  ats2 = callPackage ../development/compilers/ats2 { };
+
   avra = callPackage ../development/compilers/avra { };
 
   bigloo = callPackage ../development/compilers/bigloo { };
@@ -2897,6 +2915,8 @@ let
 
   ocaml_4_00_1 = callPackage ../development/compilers/ocaml/4.00.1.nix { };
 
+  ocaml_4_01_0 = callPackage ../development/compilers/ocaml/4.01.0.nix { };
+
   orc = callPackage ../development/compilers/orc { };
 
   metaocaml_3_09 = callPackage ../development/compilers/ocaml/metaocaml-3.09.nix { };
@@ -3055,6 +3075,8 @@ let
     boost = boost149; # sdcc 3.2.0 fails to build with boost 1.53
   };
 
+  smlnj = callPackage_i686 ../development/compilers/smlnj { };
+
   stalin = callPackage ../development/compilers/stalin { };
 
   strategoPackages = recurseIntoAttrs strategoPackages018;
@@ -3758,6 +3780,8 @@ let
 
   simpleBuildTool = callPackage ../development/tools/build-managers/simple-build-tool { };
 
+  slimerjs = callPackage ../development/tools/slimerjs {};
+
   sloccount = callPackage ../development/tools/misc/sloccount { };
 
   smatch = callPackage ../development/tools/analysis/smatch {
@@ -3820,6 +3844,8 @@ let
 
   valkyrie = callPackage ../development/tools/analysis/valkyrie { };
 
+  xc3sprog = callPackage ../development/tools/misc/xc3sprog { };
+
   xxdiff = callPackage ../development/tools/misc/xxdiff { };
 
   yacc = bison;
@@ -4014,8 +4040,7 @@ let
 
   db48 = callPackage ../development/libraries/db4/db4-4.8.nix { };
 
-  dbus = let dbus_all = callPackage ../development/libraries/dbus { };
-    in dbus_all.libs // dbus_all; # previously dbus.libs also contained the daemon
+  dbus = callPackage ../development/libraries/dbus { };
   dbus_cplusplus  = callPackage ../development/libraries/dbus-cplusplus { };
   dbus_glib       = callPackage ../development/libraries/dbus-glib { };
   dbus_java       = callPackage ../development/libraries/java/dbus-java { };
@@ -4144,6 +4169,8 @@ let
 
   gav = callPackage ../games/gav { };
 
+  gsb = callPackage ../games/gsb { };
+
   gdome2 = callPackage ../development/libraries/gdome2 {
     inherit (gnome) gtkdoc;
   };
@@ -4569,6 +4596,8 @@ let
 
   json_c = callPackage ../development/libraries/json-c { };
 
+  jsoncpp = callPackage ../development/libraries/jsoncpp { };
+
   libjson = callPackage ../development/libraries/libjson { };
 
   judy = callPackage ../development/libraries/judy { };
@@ -5081,12 +5110,7 @@ let
 
   libvisual = callPackage ../development/libraries/libvisual { };
 
-  libvncserver = builderDefsPackage (import ../development/libraries/libvncserver) {
-    inherit libtool libjpeg openssl zlib;
-    inherit (xlibs) xproto libX11 damageproto libXdamage
-      libXext xextproto fixesproto libXfixes xineramaproto
-      libXinerama libXrandr randrproto libXtst;
-  };
+  libvncserver = callPackage ../development/libraries/libvncserver {};
 
   libviper = callPackage ../development/libraries/libviper { };
 
@@ -5403,8 +5427,7 @@ let
 
   policykit = callPackage ../development/libraries/policykit { };
 
-  poppler = let popplers = callPackage ../development/libraries/poppler { lcms = lcms2; };
-    in popplers // popplers.poppler_glib;
+  poppler = callPackage ../development/libraries/poppler { lcms = lcms2; };
   popplerQt4 = poppler.poppler_qt4;
 
   poppler_0_18 = callPackage ../development/libraries/poppler/0.18.nix {
@@ -6179,6 +6202,8 @@ let
 
   lighttpd = callPackage ../servers/http/lighttpd { };
 
+  mailman = callPackage ../servers/mail/mailman { };
+
   mediatomb = callPackage ../servers/mediatomb {
     ffmpeg = ffmpeg_0_6_90;
   };
@@ -6509,6 +6534,8 @@ let
 
   fxload = callPackage ../os-specific/linux/fxload { };
 
+  gfxtablet = callPackage ../os-specific/linux/gfxtablet {};
+
   gpm = callPackage ../servers/gpm { };
 
   hdparm = callPackage ../os-specific/linux/hdparm { };
@@ -6603,9 +6630,27 @@ let
       ];
   };
 
+  # Note: grsec is not enabled automatically, you need to specify which kernel
+  # config options you need (e.g. by overriding extraConfig). See list of options here:
+  # https://en.wikibooks.org/wiki/Grsecurity/Appendix/Grsecurity_and_PaX_Configuration_Options
   linux_3_2_grsecurity = lowPrio (lib.overrideDerivation (linux_3_2.override (args: {
     kernelPatches = args.kernelPatches ++ [ kernelPatches.grsecurity_2_9_1_3_2_51 ];
-  })) (args: { makeFlags = "DISABLE_PAX_PLUGINS=y";}));
+  })) (args: {
+    # Install gcc plugins. These are needed for compiling dependant packages.
+    postInstall = ''
+      ${args.postInstall or ""}
+      cp tools/gcc/*.so $out/lib/modules/$version/build/tools/gcc/
+    '';
+    # Apparently as of gcc 4.6, gcc-plugin headers (which are needed by PaX plugins)
+    # include libgmp headers, so we need these extra tweaks
+    buildInputs = args.buildInputs ++ [ gmp ];
+    preConfigure = ''
+      ${args.preConfigure or ""}
+      sed -i 's|-I|-I${gmp}/include -I|' scripts/gcc-plugin.sh
+      sed -i 's|HOST_EXTRACFLAGS +=|HOST_EXTRACFLAGS += -I${gmp}/include|' tools/gcc/Makefile
+      sed -i 's|HOST_EXTRACXXFLAGS +=|HOST_EXTRACXXFLAGS += -I${gmp}/include|' tools/gcc/Makefile
+    '';
+  }));
 
   linux_3_2_apparmor = lowPrio (linux_3_2.override {
     kernelPatches = [ kernelPatches.apparmor_3_2 ];
@@ -6805,6 +6850,7 @@ let
   linuxPackages_3_0 = recurseIntoAttrs (linuxPackagesFor linux_3_0 linuxPackages_3_0);
   linuxPackages_3_2 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_3_2 linuxPackages_3_2);
   linuxPackages_3_2_apparmor = linuxPackagesFor pkgs.linux_3_2_apparmor linuxPackages_3_2_apparmor;
+  linuxPackages_3_2_grsecurity = linuxPackagesFor pkgs.linux_3_2_grsecurity linuxPackages_3_2_grsecurity;
   linuxPackages_3_2_xen = linuxPackagesFor pkgs.linux_3_2_xen linuxPackages_3_2_xen;
   linuxPackages_3_4 = recurseIntoAttrs (linuxPackagesFor pkgs.linux_3_4 linuxPackages_3_4);
   linuxPackages_3_4_apparmor = linuxPackagesFor pkgs.linux_3_4_apparmor linuxPackages_3_4_apparmor;
@@ -7756,6 +7802,8 @@ let
 
   fossil = callPackage ../applications/version-management/fossil { };
 
+  fribid = callPackage ../applications/networking/browsers/mozilla-plugins/fribid { };
+
   fvwm = callPackage ../applications/window-managers/fvwm { };
 
   geany = callPackage ../applications/editors/geany { };
@@ -8875,6 +8923,7 @@ let
   virtviewer = callPackage ../applications/virtualization/virt-viewer {};
   virtmanager = callPackage ../applications/virtualization/virt-manager {
     inherit (gnome) gnome_python;
+    vte = gnome.vte.override { pythonSupport = true; };
   };
 
   virtinst = callPackage ../applications/virtualization/virtinst {};
@@ -8970,6 +9019,7 @@ let
           ++ lib.optional (cfg.enableGeckoMediaPlayer or false) gecko_mediaplayer
           ++ lib.optional (supportsJDK && cfg.jre or false && jrePlugin ? mozillaPlugin) jrePlugin
           ++ lib.optional (cfg.enableGoogleTalkPlugin or false) google_talk_plugin
+          ++ lib.optional (cfg.enableFriBIDPlugin or false) fribid
          );
       libs =
         if cfg.enableQuakeLive or false
@@ -9188,6 +9238,11 @@ let
 
   freeciv = callPackage ../games/freeciv { };
 
+  freeciv_gtk = callPackage ../games/freeciv {
+    gtkClient = true;
+    sdlClient = false;
+  };
+
   freedink = callPackage ../games/freedink { };
 
   fsg = callPackage ../games/fsg {
@@ -9271,6 +9326,10 @@ let
 
   racer = callPackage ../games/racer { };
 
+  residualvm = callPackage ../games/residualvm {
+    openglSupport = mesaSupported;
+  };
+
   rigsofrods = callPackage ../games/rigsofrods {
     mygui = myguiSvn;
   };
@@ -10157,9 +10216,13 @@ let
   VisualBoyAdvance = callPackage ../misc/emulators/VisualBoyAdvance { };
 
   # Wine cannot be built in 64-bit; use a 32-bit build instead.
-  wine = callPackage_i686 ../misc/emulators/wine {
+  wineStable = callPackage_i686 ../misc/emulators/wine/stable.nix {
     bison = bison2;
   };
+  wineUnstable = lowPrio (callPackage_i686 ../misc/emulators/wine/unstable.nix {
+    bison = bison2;
+  });
+  wine = wineStable;
 
   # winetricks is a shell script with no binary components. Safe to just use the current platforms
   # build instead of the i686 specific build.
diff --git a/pkgs/top-level/haskell-packages.nix b/pkgs/top-level/haskell-packages.nix
index d05769b10e7..c8d7b0dee85 100644
--- a/pkgs/top-level/haskell-packages.nix
+++ b/pkgs/top-level/haskell-packages.nix
@@ -141,7 +141,7 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
     inherit (self) cabal ghc;
     async        = self.async_2_0_1_4;
     attoparsec   = self.attoparsec_0_10_4_0;
-    caseInsensitive = self.caseInsensitive_1_1;
+    caseInsensitive = self.caseInsensitive_1_1_0_1;
     cgi          = self.cgi_3001_1_7_5;
     fgl          = self.fgl_5_4_2_4;
     GLUT         = self.GLUT_2_5_0_1;
@@ -677,8 +677,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
   carray = callPackage ../development/libraries/haskell/carray {};
 
   caseInsensitive_1_0_0_1 = callPackage ../development/libraries/haskell/case-insensitive/1.0.0.1.nix {};
-  caseInsensitive_1_1 = callPackage ../development/libraries/haskell/case-insensitive/1.1.nix {};
-  caseInsensitive = self.caseInsensitive_1_1;
+  caseInsensitive_1_1_0_1 = callPackage ../development/libraries/haskell/case-insensitive/1.1.0.1.nix {};
+  caseInsensitive = self.caseInsensitive_1_1_0_1;
 
   cautiousFile = callPackage ../development/libraries/haskell/cautious-file {};
 
@@ -1170,6 +1170,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   hexpat = callPackage ../development/libraries/haskell/hexpat {};
 
+  HTF = callPackage ../development/libraries/haskell/HTF {};
+
   HTTP_4000_0_6 = callPackage ../development/libraries/haskell/HTTP/4000.0.6.nix {};
   HTTP_4000_0_9 = callPackage ../development/libraries/haskell/HTTP/4000.0.9.nix {};
   HTTP_4000_1_1 = callPackage ../development/libraries/haskell/HTTP/4000.1.1.nix {};
@@ -1257,9 +1259,7 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   hsemail = callPackage ../development/libraries/haskell/hsemail {};
 
-  hslua = callPackage ../development/libraries/haskell/hslua {
-    lua = pkgs.lua5_1;
-  };
+  hslua = callPackage ../development/libraries/haskell/hslua {};
 
   HSH = callPackage ../development/libraries/haskell/HSH {};
 
@@ -1368,6 +1368,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   languageCQuote = callPackage ../development/libraries/haskell/language-c-quote {};
 
+  languageEcmascript = callPackage ../development/libraries/haskell/language-ecmascript {};
+
   languageJava = callPackage ../development/libraries/haskell/language-java {};
 
   languageJavascript = callPackage ../development/libraries/haskell/language-javascript {};
@@ -2077,6 +2079,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
   text_0_11_3_1 = callPackage ../development/libraries/haskell/text/0.11.3.1.nix {};
   text = self.text_0_11_3_1;
 
+  textFormat = callPackage ../development/libraries/haskell/text-format {};
+
   textIcu = callPackage ../development/libraries/haskell/text-icu {};
 
   thespian = callPackage ../development/libraries/haskell/thespian {};
@@ -2276,6 +2280,8 @@ let result = let callPackage = x : y : modifyPrio (newScope result.finalReturn x
 
   xmlConduit = callPackage ../development/libraries/haskell/xml-conduit {};
 
+  xmlgen = callPackage ../development/libraries/haskell/xmlgen {};
+
   xmlHamlet = callPackage ../development/libraries/haskell/xml-hamlet {};
 
   xmlhtml = callPackage ../development/libraries/haskell/xmlhtml {};
diff --git a/pkgs/top-level/perl-packages.nix b/pkgs/top-level/perl-packages.nix
index 461dc0c1f6e..6f1ddd226e1 100644
--- a/pkgs/top-level/perl-packages.nix
+++ b/pkgs/top-level/perl-packages.nix
@@ -3633,6 +3633,19 @@ rec {
     };
   };
 
+  GnuPG = buildPerlPackage {
+    name = "GnuPG-0.19";
+    src = fetchurl {
+      url = mirror://cpan/authors/id/Y/YA/YANICK/GnuPG-0.19.tar.gz;
+      sha256 = "af53f2d3f63297e046676eae14a76296afdd2910e09723b6b113708622b7989b";
+    };
+    buildInputs = [ pkgs.gnupg1orig ];
+    meta = {
+      platforms = stdenv.lib.platforms.linux;
+      maintainers = with maintainers; [ ocharles ];
+    };
+  };
+
   GoogleProtocolBuffers = buildPerlPackage rec {
     name = "Google-ProtocolBuffers-0.08";
     src = fetchurl {
@@ -4590,6 +4603,21 @@ rec {
     };
   };
 
+  LocalePO = buildPerlPackage {
+    name = "Locale-PO-0.23";
+    src = fetchurl {
+      url = mirror://cpan/authors/id/C/CO/COSIMO/Locale-PO-0.23.tar.gz;
+      sha256 = "52e5fdc88ec4eb00512418a938dc5089476ea66c9e744fee3c6bbfdf17a0d302";
+    };
+    propagatedBuildInputs = [ FileSlurp ];
+    meta = {
+      description = "Perl module for manipulating .po entries from GNU gettext";
+      license = "unknown";
+      platforms = stdenv.lib.platforms.linux;
+      maintainers = with maintainers; [ ocharles ];
+    };
+  };
+
   LockFileSimple = buildPerlPackage rec {
     name = "LockFile-Simple-0.207";
     src = fetchurl {
@@ -6116,6 +6144,7 @@ rec {
       url = "mirror://cpan/authors/id/D/DT/DTOWN/${name}.tar.gz";
       sha256 = "0hdpn1cw52x8cw24m9ayzpf4rwarm0khygn1sv3wvwxkrg0pphql";
     };
+    doCheck = false; # The test suite fails, see https://rt.cpan.org/Public/Bug/Display.html?id=85799
   };
 
   NetSSLeay = buildPerlPackage rec {
@@ -7609,6 +7638,21 @@ rec {
     doCheck = false; # no `hostname' in stdenv
   };
 
+  TAPParserSourceHandlerpgTAP = buildPerlModule {
+    name = "TAP-Parser-SourceHandler-pgTAP-3.29";
+    src = fetchurl {
+      url = mirror://cpan/authors/id/D/DW/DWHEELER/TAP-Parser-SourceHandler-pgTAP-3.29.tar.gz;
+      sha256 = "918aa9ada7a05334ace7304e7b9e002bbf0b569bfcf8fb06118777bdabd60e1b";
+    };
+    meta = {
+      homepage = http://search.cpan.org/dist/Tap-Parser-Sourcehandler-pgTAP/;
+      description = "Stream TAP from pgTAP test scripts";
+      license = "perl";
+      platforms = stdenv.lib.platforms.linux;
+      maintainers = with maintainers; [ ocharles ];
+    };
+  };
+
   TaskCatalystTutorial = buildPerlPackage rec {
     name = "Task-Catalyst-Tutorial-0.06";
     src = fetchurl {
@@ -7679,6 +7723,19 @@ rec {
     };
   };
 
+  TemplatePluginJSONEscape = buildPerlPackage {
+    name = "Template-Plugin-JSON-Escape-0.02";
+    src = fetchurl {
+      url = mirror://cpan/authors/id/N/NA/NANTO/Template-Plugin-JSON-Escape-0.02.tar.gz;
+      sha256 = "051a8b1d3bc601d58fc51e246067d36450cfe970278a0456e8ab61940f13cd86";
+    };
+    propagatedBuildInputs = [ JSON TemplateToolkit ];
+    meta = {
+      maintainers = with maintainers; [ ocharles ];
+      platforms   = stdenv.lib.platforms.unix;
+    };
+  };
+
   TemplateTimer = buildPerlPackage {
     name = "Template-Timer-1.00";
     src = fetchurl {
diff --git a/pkgs/top-level/python-packages.nix b/pkgs/top-level/python-packages.nix
index 8baaa25d303..6f6c52a1b0d 100644
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@@ -2271,11 +2271,11 @@ pythonPackages = modules // import ./python-packages-generated.nix {
 
   ecdsa = buildPythonPackage rec {
     name = "ecdsa-${version}";
-    version = "0.9";
+    version = "0.10";
 
     src = fetchurl {
       url = "http://pypi.python.org/packages/source/e/ecdsa/${name}.tar.gz";
-      md5 = "2b9c35245ce391d6b7d8f991aad5c630";
+      md5 = "e95941b3bcbf1726472bb724d7478551";
     };
 
     # Only needed for tests