Merge #237233: staging-next 2023-06-11

author: Vladimír Čunát <v@cunat.cz> 2023-06-17 18:53:26 +0200
committer: Vladimír Čunát <v@cunat.cz> 2023-06-17 18:53:26 +0200
commit: 6d80b598efe37834e4f86de9a6df3df8295edecf (patch)
tree: a7191aa98debc86cf64af8cb36251d63a60b2a90 /pkgs/development
parent: 0751fd4a36b496aa93a0b025de93403f511576c2 (diff)
parent: 05647e964fe63c733eaf04c1b68218ee71b5cf3f (diff)
60 files changed, 527 insertions, 201 deletions
diff --git a/pkgs/development/compilers/gcc/10/default.nix b/pkgs/development/compilers/gcc/10/default.nix
index 83a03cc56d6dc..df1cbdf189834 100644
--- a/pkgs/development/compilers/gcc/10/default.nix
+++ b/pkgs/development/compilers/gcc/10/default.nix
@@ -53,11 +53,7 @@ let majorVersion = "10";
 
     patches = [
       # Fix https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80431
-      (fetchurl {
-        name = "fix-bug-80431.patch";
-        url = "https://gcc.gnu.org/git/?p=gcc.git;a=patch;h=de31f5445b12fd9ab9969dc536d821fe6f0edad0";
-        sha256 = "0sd52c898msqg7m316zp0ryyj7l326cjcn2y19dcxqp15r74qj0g";
-      })
+      ../fix-bug-80431.patch
       ../11/fix-struct-redefinition-on-glibc-2.36.patch
       ../install-info-files-serially.patch
     ] ++ optional (targetPlatform != hostPlatform) ../libstdc++-target.patch
diff --git a/pkgs/development/compilers/gcc/11/default.nix b/pkgs/development/compilers/gcc/11/default.nix
index 505b9abf06b09..8513f03d2da18 100644
--- a/pkgs/development/compilers/gcc/11/default.nix
+++ b/pkgs/development/compilers/gcc/11/default.nix
@@ -57,11 +57,7 @@ let majorVersion = "11";
 
     patches = [
       # Fix https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80431
-      (fetchurl {
-        name = "fix-bug-80431.patch";
-        url = "https://gcc.gnu.org/git/?p=gcc.git;a=patch;h=de31f5445b12fd9ab9969dc536d821fe6f0edad0";
-        sha256 = "0sd52c898msqg7m316zp0ryyj7l326cjcn2y19dcxqp15r74qj0g";
-      })
+      ../fix-bug-80431.patch
       ./fix-struct-redefinition-on-glibc-2.36.patch
       ../install-info-files-serially.patch
     ] ++ optional (targetPlatform != hostPlatform) ../libstdc++-target.patch
diff --git a/pkgs/development/compilers/gcc/6/default.nix b/pkgs/development/compilers/gcc/6/default.nix
index 82ca9fd967c05..965a987aab359 100644
--- a/pkgs/development/compilers/gcc/6/default.nix
+++ b/pkgs/development/compilers/gcc/6/default.nix
@@ -67,11 +67,7 @@ let majorVersion = "6";
       ../use-source-date-epoch.patch ./0001-Fix-build-for-glibc-2.31.patch
 
       # Fix https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80431
-      (fetchurl {
-        name = "fix-bug-80431.patch";
-        url = "https://gcc.gnu.org/git/?p=gcc.git;a=patch;h=de31f5445b12fd9ab9969dc536d821fe6f0edad0";
-        sha256 = "0sd52c898msqg7m316zp0ryyj7l326cjcn2y19dcxqp15r74qj0g";
-      })
+      ../fix-bug-80431.patch
       ../install-info-files-serially.patch
     ] ++ optional (targetPlatform != hostPlatform) ../libstdc++-target.patch
       ++ optional noSysDirs ../no-sys-dirs.patch
diff --git a/pkgs/development/compilers/gcc/7/default.nix b/pkgs/development/compilers/gcc/7/default.nix
index 50039e4c0317e..6ec689ab2524b 100644
--- a/pkgs/development/compilers/gcc/7/default.nix
+++ b/pkgs/development/compilers/gcc/7/default.nix
@@ -58,11 +58,7 @@ let majorVersion = "7";
         ./0001-Fix-build-for-glibc-2.31.patch
 
         # Fix https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80431
-        (fetchurl {
-          name = "fix-bug-80431.patch";
-          url = "https://gcc.gnu.org/git/?p=gcc.git;a=patch;h=de31f5445b12fd9ab9969dc536d821fe6f0edad0";
-          sha256 = "0sd52c898msqg7m316zp0ryyj7l326cjcn2y19dcxqp15r74qj0g";
-        })
+        ../fix-bug-80431.patch
 
         ../9/fix-struct-redefinition-on-glibc-2.36.patch
         ../install-info-files-serially.patch
diff --git a/pkgs/development/compilers/gcc/8/default.nix b/pkgs/development/compilers/gcc/8/default.nix
index 483cc31ea44ce..1baed91378567 100644
--- a/pkgs/development/compilers/gcc/8/default.nix
+++ b/pkgs/development/compilers/gcc/8/default.nix
@@ -48,11 +48,7 @@ let majorVersion = "8";
 
     patches = [
       # Fix https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80431
-      (fetchurl {
-        name = "fix-bug-80431.patch";
-        url = "https://gcc.gnu.org/git/?p=gcc.git;a=patch;h=de31f5445b12fd9ab9969dc536d821fe6f0edad0";
-        sha256 = "0sd52c898msqg7m316zp0ryyj7l326cjcn2y19dcxqp15r74qj0g";
-      })
+      ../fix-bug-80431.patch
       ../9/fix-struct-redefinition-on-glibc-2.36.patch
       ../install-info-files-serially.patch
     ] ++ optional (targetPlatform != hostPlatform) ../libstdc++-target.patch
diff --git a/pkgs/development/compilers/gcc/9/default.nix b/pkgs/development/compilers/gcc/9/default.nix
index f541a83cdf469..aceb912d7a693 100644
--- a/pkgs/development/compilers/gcc/9/default.nix
+++ b/pkgs/development/compilers/gcc/9/default.nix
@@ -58,11 +58,7 @@ let majorVersion = "9";
     patches = [
       ./fix-struct-redefinition-on-glibc-2.36.patch
       # Fix https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80431
-      (fetchurl {
-        name = "fix-bug-80431.patch";
-        url = "https://gcc.gnu.org/git/?p=gcc.git;a=patch;h=de31f5445b12fd9ab9969dc536d821fe6f0edad0";
-        sha256 = "0sd52c898msqg7m316zp0ryyj7l326cjcn2y19dcxqp15r74qj0g";
-      })
+      ../fix-bug-80431.patch
       ../install-info-files-serially.patch
     ] ++ optional (targetPlatform != hostPlatform) ../libstdc++-target.patch
       ++ optional targetPlatform.isNetBSD ../libstdc++-netbsd-ctypes.patch
diff --git a/pkgs/development/compilers/gcc/fix-bug-80431.patch b/pkgs/development/compilers/gcc/fix-bug-80431.patch
new file mode 100644
index 0000000000000..2d688b8c79971
--- /dev/null
+++ b/pkgs/development/compilers/gcc/fix-bug-80431.patch
@@ -0,0 +1,92 @@
+From de31f5445b12fd9ab9969dc536d821fe6f0edad0 Mon Sep 17 00:00:00 2001
+From: Patrick Palka <ppalka@redhat.com>
+Date: Mon, 21 Jun 2021 07:54:26 -0400
+Subject: [PATCH] c++: conversion to base of vbase in NSDMI [PR80431]
+
+The delayed processing of conversions to a virtual base in an NSDMI
+assumes the target base type is a (possibly indirect) virtual base of
+the current class, but the target base type could also be a base of a
+virtual base, as in the testcase below.  Since such a base isn't a part
+of CLASSTYPE_VBASECLASSES, we end up miscompiling the testcase due to
+the call to build_base_path (with binfo=NULL_TREE) silently returning
+error_mark_node.  Fix this by using convert_to_base to build the
+conversion instead.
+
+	PR c++/80431
+
+gcc/cp/ChangeLog:
+
+	* tree.c (bot_replace): Use convert_to_base to build the
+	conversion to the (morally) virtual base.
+
+gcc/testsuite/ChangeLog:
+
+	* g++.dg/cpp0x/nsdmi-virtual1a.C: New test.
+---
+ gcc/cp/tree.c                                | 14 ++++------
+ gcc/testsuite/g++.dg/cpp0x/nsdmi-virtual1a.C | 28 ++++++++++++++++++++
+ 2 files changed, 33 insertions(+), 9 deletions(-)
+ create mode 100644 gcc/testsuite/g++.dg/cpp0x/nsdmi-virtual1a.C
+
+diff --git a/gcc/cp/tree.c b/gcc/cp/tree.c
+index fec5afaa2be..297da2b1550 100644
+--- a/gcc/cp/tree.c
++++ b/gcc/cp/tree.c
+@@ -3242,15 +3242,11 @@ bot_replace (tree* t, int* /*walk_subtrees*/, void* data_)
+   else if (TREE_CODE (*t) == CONVERT_EXPR
+ 	   && CONVERT_EXPR_VBASE_PATH (*t))
+     {
+-      /* In an NSDMI build_base_path defers building conversions to virtual
+-	 bases, and we handle it here.  */
+-      tree basetype = TYPE_MAIN_VARIANT (TREE_TYPE (TREE_TYPE (*t)));
+-      vec<tree, va_gc> *vbases = CLASSTYPE_VBASECLASSES (current_class_type);
+-      int i; tree binfo;
+-      FOR_EACH_VEC_SAFE_ELT (vbases, i, binfo)
+-	if (BINFO_TYPE (binfo) == basetype)
+-	  break;
+-      *t = build_base_path (PLUS_EXPR, TREE_OPERAND (*t, 0), binfo, true,
++      /* In an NSDMI build_base_path defers building conversions to morally
++	 virtual bases, and we handle it here.  */
++      tree basetype = TREE_TYPE (*t);
++      *t = convert_to_base (TREE_OPERAND (*t, 0), basetype,
++			    /*check_access=*/false, /*nonnull=*/true,
+ 			    tf_warning_or_error);
+     }
+ 
+diff --git a/gcc/testsuite/g++.dg/cpp0x/nsdmi-virtual1a.C b/gcc/testsuite/g++.dg/cpp0x/nsdmi-virtual1a.C
+new file mode 100644
+index 00000000000..dc847cc16e5
+--- /dev/null
++++ b/gcc/testsuite/g++.dg/cpp0x/nsdmi-virtual1a.C
+@@ -0,0 +1,28 @@
++// PR c++/80431
++// { dg-do run { target c++11 } }
++
++// A variant of nsdmi-virtual1.C where A is only a morally virtual base of B.
++
++struct A
++{
++  A(): i(42) { }
++  int i;
++  int f() { return i; }
++};
++
++struct D : A { int pad; };
++
++struct B : virtual D
++{
++  int j = i + f();
++  int k = A::i + A::f();
++};
++
++struct C: B { int pad; };
++
++int main()
++{
++  C c;
++  if (c.j != 84 || c.k != 84)
++    __builtin_abort();
++}
+-- 
+2.31.1
+
diff --git a/pkgs/development/compilers/go/1.20.nix b/pkgs/development/compilers/go/1.20.nix
index ad5a5e5944a91..7eb40c23691e6 100644
--- a/pkgs/development/compilers/go/1.20.nix
+++ b/pkgs/development/compilers/go/1.20.nix
@@ -46,11 +46,11 @@ let
 in
 stdenv.mkDerivation rec {
   pname = "go";
-  version = "1.20.4";
+  version = "1.20.5";
 
   src = fetchurl {
     url = "https://go.dev/dl/go${version}.src.tar.gz";
-    hash = "sha256-nzSs4Sh2S3o6SyOLgFhWzBshhDBN+eVpCCWwcQ9CAtY=";
+    hash = "sha256-mhXBM7os+v55ZS9IFbYufPwmf2jfG5RUxqsqPKi5aog=";
   };
 
   strictDeps = true;
diff --git a/pkgs/development/compilers/rust/1_69.nix b/pkgs/development/compilers/rust/1_69.nix
deleted file mode 100644
index 5f2e2e9acdc4c..0000000000000
--- a/pkgs/development/compilers/rust/1_69.nix
+++ /dev/null
@@ -1,63 +0,0 @@
-# New rust versions should first go to staging.
-# Things to check after updating:
-# 1. Rustc should produce rust binaries on x86_64-linux, aarch64-linux and x86_64-darwin:
-#    i.e. nix-shell -p fd or @GrahamcOfBorg build fd on github
-#    This testing can be also done by other volunteers as part of the pull
-#    request review, in case platforms cannot be covered.
-# 2. The LLVM version used for building should match with rust upstream.
-#    Check the version number in the src/llvm-project git submodule in:
-#    https://github.com/rust-lang/rust/blob/<version-tag>/.gitmodules
-# 3. Firefox and Thunderbird should still build on x86_64-linux.
-
-{ stdenv, lib
-, buildPackages
-, newScope, callPackage
-, CoreFoundation, Security, SystemConfiguration
-, pkgsBuildTarget, pkgsBuildBuild, pkgsBuildHost
-, makeRustPlatform
-, llvmPackages_11
-, llvmPackages_15, llvm_15
-} @ args:
-
-import ./default.nix {
-  rustcVersion = "1.69.0";
-  rustcSha256 = "sha256-+wWXGGetbMq703ICefWpS5n2ECSSMYe1a7XEVfo89g8=";
-
-  llvmSharedForBuild = pkgsBuildBuild.llvmPackages_15.libllvm.override { enableSharedLibraries = true; };
-  llvmSharedForHost = pkgsBuildHost.llvmPackages_15.libllvm.override { enableSharedLibraries = true; };
-  llvmSharedForTarget = pkgsBuildTarget.llvmPackages_15.libllvm.override { enableSharedLibraries = true; };
-
-  llvmBootstrapForDarwin = llvmPackages_11;
-
-  # For use at runtime
-  llvmShared = llvm_15.override { enableSharedLibraries = true; };
-
-  # Expose llvmPackages used for rustc from rustc via passthru for LTO in Firefox
-  llvmPackages = llvmPackages_15;
-
-  # Note: the version MUST be one version prior to the version we're
-  # building
-  bootstrapVersion = "1.68.2";
-
-  # fetch hashes by running `print-hashes.sh ${bootstrapVersion}`
-  bootstrapHashes = {
-    i686-unknown-linux-gnu = "a85e1aa0831e8bd31dc8ba3e042b6dea69b4d45fd5d1111bf6fd2cc9d58dd619";
-    x86_64-unknown-linux-gnu = "df7c7466ef35556e855c0d35af7ff08e133040400452eb3427c53202b6731926";
-    x86_64-unknown-linux-musl = "bd02cbdedb4b7f2169a68dc8410e8436fab3734a3a30cab81ab21661d70c6ddd";
-    arm-unknown-linux-gnueabihf = "a5847f9bcbb1fb4183656b1b01e191d8e48c7bc8346ec6831318b697a2f305c6";
-    armv7-unknown-linux-gnueabihf = "f87e4b063b5f916b4a5057e5f544f819cee9ab5da3fe1a977cddb2170e7ba0d7";
-    aarch64-unknown-linux-gnu = "b24d0df852490d80791a228f18c2b75f24b1e6437e6e745f85364edab245f7fa";
-    aarch64-unknown-linux-musl = "e6615e72aaa3e3c9c42c35139ab253a9b738a4eab719e3e306e25026c1aa93e5";
-    x86_64-apple-darwin = "632540d3d83758cb048dc45fcfbc0b29f6f170161a3051be22b0a2962a566fb9";
-    aarch64-apple-darwin = "ab4c6add94686a0392953c588c2b61d4c03f51e855232d161dc492f286e34202";
-    powerpc64le-unknown-linux-gnu = "cf95658277d71bb8ae3a0fbc53099cc1397ed40e0953c026f41cde4a9619efca";
-    riscv64gc-unknown-linux-gnu = "befcf2d53e35ae3fe0d609d1e056bdc814bd36ce54028b8d6b8b9e38c0afcaa5";
-    mips64el-unknown-linux-gnuabi64 = "ee85bbfdc2fb831f067fda19881e6427c8c86571ebff16c1bd219d850969ef0a";
-  };
-
-  selectRustPackage = pkgs: pkgs.rust_1_69;
-
-  rustcPatches = [ ];
-}
-
-(builtins.removeAttrs args [ "pkgsBuildHost" "llvmPackages_11" "llvmPackages_15" "llvm_15"])
diff --git a/pkgs/development/compilers/rust/1_70.nix b/pkgs/development/compilers/rust/1_70.nix
new file mode 100644
index 0000000000000..8c91ed01009d4
--- /dev/null
+++ b/pkgs/development/compilers/rust/1_70.nix
@@ -0,0 +1,63 @@
+# New rust versions should first go to staging.
+# Things to check after updating:
+# 1. Rustc should produce rust binaries on x86_64-linux, aarch64-linux and x86_64-darwin:
+#    i.e. nix-shell -p fd or @GrahamcOfBorg build fd on github
+#    This testing can be also done by other volunteers as part of the pull
+#    request review, in case platforms cannot be covered.
+# 2. The LLVM version used for building should match with rust upstream.
+#    Check the version number in the src/llvm-project git submodule in:
+#    https://github.com/rust-lang/rust/blob/<version-tag>/.gitmodules
+# 3. Firefox and Thunderbird should still build on x86_64-linux.
+
+{ stdenv, lib
+, buildPackages
+, newScope, callPackage
+, CoreFoundation, Security, SystemConfiguration
+, pkgsBuildTarget, pkgsBuildBuild, pkgsBuildHost
+, makeRustPlatform
+, llvmPackages_11
+, llvmPackages_16, llvm_16
+} @ args:
+
+import ./default.nix {
+  rustcVersion = "1.70.0";
+  rustcSha256 = "sha256-sr+uAAt6UEDk7Eu8UKCfIVSBkMt1cLDtdzWDaEE70nw=";
+
+  llvmSharedForBuild = pkgsBuildBuild.llvmPackages_16.libllvm.override { enableSharedLibraries = true; };
+  llvmSharedForHost = pkgsBuildHost.llvmPackages_16.libllvm.override { enableSharedLibraries = true; };
+  llvmSharedForTarget = pkgsBuildTarget.llvmPackages_16.libllvm.override { enableSharedLibraries = true; };
+
+  llvmBootstrapForDarwin = llvmPackages_11;
+
+  # For use at runtime
+  llvmShared = llvm_16.override { enableSharedLibraries = true; };
+
+  # Expose llvmPackages used for rustc from rustc via passthru for LTO in Firefox
+  llvmPackages = llvmPackages_16;
+
+  # Note: the version MUST be one version prior to the version we're
+  # building
+  bootstrapVersion = "1.69.0";
+
+  # fetch hashes by running `print-hashes.sh ${bootstrapVersion}`
+  bootstrapHashes = {
+    i686-unknown-linux-gnu = "08b2b4f58c0861f40ae159c39cc12f6d41b6858e04a43c6c0aeb36707e2971d0";
+    x86_64-unknown-linux-gnu = "2ca4a306047c0b8b4029c382910fcbc895badc29680e0332c9df990fd1c70d4f";
+    x86_64-unknown-linux-musl = "071cb04819b15d8801584a1395b28d0472ce99c0e716296e3c0bb4e6318cf171";
+    arm-unknown-linux-gnueabihf = "64c82735b4e5606af61be0d01317da436a9590b969e503cdbd19e24636e15845";
+    armv7-unknown-linux-gnueabihf = "a509f02d910041c97847e2ccc4ee908c761b7dc5b3c4715922d2b1c573a09675";
+    aarch64-unknown-linux-gnu = "88af5aa7a40c8f1b40416a1f27de8ffbe09c155d933f69d3e109c0ccee92353b";
+    aarch64-unknown-linux-musl = "76aaf3e4fd7b552feb2d70752c43896a960a2a7c940002f58a5c3f03d2b3c862";
+    x86_64-apple-darwin = "9818dab2c3726d63dfbfde12c9273e62e484ef6d6f6e05a6431a3e089c335454";
+    aarch64-apple-darwin = "36228cac303298243fb84235db87a5ecf2af49db28585a82af091caefd598677";
+    powerpc64le-unknown-linux-gnu = "8ef68b77971c079dbe23b54a2cfb52da012873d96399c424bc223635306e9a58";
+    riscv64gc-unknown-linux-gnu = "e1976bf7d0edb7e7789a1ad7ff8086fdb5306a932650fa8182a5d009883fa6c5";
+    mips64el-unknown-linux-gnuabi64 = "c4bf3043451d6122a3845db825cbe35b5ca61a44659a00004f6cca1299ad9d72";
+  };
+
+  selectRustPackage = pkgs: pkgs.rust_1_70;
+
+  rustcPatches = [ ];
+}
+
+(builtins.removeAttrs args [ "pkgsBuildHost" "llvmPackages_11" "llvmPackages_16" "llvm_16"])
diff --git a/pkgs/development/interpreters/evcxr/default.nix b/pkgs/development/interpreters/evcxr/default.nix
index f4d07df624f38..36c2dfe6a5661 100644
--- a/pkgs/development/interpreters/evcxr/default.nix
+++ b/pkgs/development/interpreters/evcxr/default.nix
@@ -20,11 +20,15 @@ rustPlatform.buildRustPackage rec {
   buildInputs = lib.optionals stdenv.isDarwin
     [ libiconv CoreServices Security ];
 
-  # test broken with rust 1.69:
-  # * https://github.com/evcxr/evcxr/issues/294
-  # * https://github.com/NixOS/nixpkgs/issues/229524
   checkFlags = [
+    # test broken with rust 1.69:
+    # * https://github.com/evcxr/evcxr/issues/294
+    # * https://github.com/NixOS/nixpkgs/issues/229524
     "--skip=check_for_errors"
+
+    # test broken with rust 1.70
+    # * https://github.com/evcxr/evcxr/issues/295
+    "--skip=partially_inferred_variable_type"
   ];
 
   postInstall = let
diff --git a/pkgs/development/interpreters/python/default.nix b/pkgs/development/interpreters/python/default.nix
index 521ba4a653ea7..1d8ba8c53dd51 100644
--- a/pkgs/development/interpreters/python/default.nix
+++ b/pkgs/development/interpreters/python/default.nix
@@ -20,20 +20,20 @@
       sourceVersion = {
         major = "3";
         minor = "10";
-        patch = "11";
+        patch = "12";
         suffix = "";
       };
-      hash = "sha256-PDvDBIMDchyQSgPrgya2Mekh8RzDvimIRWpC8RXa8Ew=";
+      hash = "sha256-r7dL8ZEw56R9EDEsj154TyTgUnmB6raOIFRs+4ZYMLg=";
     };
 
     python311 = {
       sourceVersion = {
         major = "3";
         minor = "11";
-        patch = "3";
+        patch = "4";
         suffix = "";
       };
-      hash = "sha256-il25nJYafs8nx1lWGJyWAslodR8R2+riuQDb/xwIW14=";
+      hash = "sha256-Lw5AnfKrV6qfxMvd+5dq9E5OVb9vYZ7ua8XCKXJkp/Y=";
     };
   };
 
diff --git a/pkgs/development/libraries/abseil-cpp/202103.nix b/pkgs/development/libraries/abseil-cpp/202103.nix
index 1c75853f52203..712f89e383fff 100644
--- a/pkgs/development/libraries/abseil-cpp/202103.nix
+++ b/pkgs/development/libraries/abseil-cpp/202103.nix
@@ -25,6 +25,14 @@ stdenv.mkDerivation rec {
       url = "https://github.com/abseil/abseil-cpp/commit/5bfa70c75e621c5d5ec095c8c4c0c050dcb2957e.patch";
       sha256 = "0nhjxqfxpi2pkfinnqvd5m4npf9l1kg39mjx9l3087ajhadaywl5";
     })
+
+    # Bacport gcc-13 fix:
+    #   https://github.com/abseil/abseil-cpp/pull/1187
+    (fetchpatch {
+      name = "gcc-13.patch";
+      url = "https://github.com/abseil/abseil-cpp/commit/36a4b073f1e7e02ed7d1ac140767e36f82f09b7c.patch";
+      hash = "sha256-aA7mwGEtv/cQINcawjkukmCvfNuqwUeDFssSiNKPdgg=";
+    })
   ] ++ lib.optionals stdenv.hostPlatform.isLoongArch64 [
     # https://github.com/abseil/abseil-cpp/pull/1110
     (fetchpatch {
diff --git a/pkgs/development/libraries/at-spi2-core/default.nix b/pkgs/development/libraries/at-spi2-core/default.nix
index 926dd9b04fba3..cf6cf4f93b1d2 100644
--- a/pkgs/development/libraries/at-spi2-core/default.nix
+++ b/pkgs/development/libraries/at-spi2-core/default.nix
@@ -23,13 +23,13 @@
 
 stdenv.mkDerivation rec {
   pname = "at-spi2-core";
-  version = "2.48.0";
+  version = "2.48.3";
 
   outputs = [ "out" "dev" ];
 
   src = fetchurl {
     url = "mirror://gnome/sources/${pname}/${lib.versions.majorMinor version}/${pname}-${version}.tar.xz";
-    sha256 = "kFpbbxeQto7oA7/6n1+rTOtZH7T64LL4xhLFTx1OijA=";
+    sha256 = "NzFt9DypmJzlOdVM9CmnaMKLs4oLNJUL6t0EIYJ+31U=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/development/libraries/cmocka/default.nix b/pkgs/development/libraries/cmocka/default.nix
index 968bb91181cea..6c88d1baebfa8 100644
--- a/pkgs/development/libraries/cmocka/default.nix
+++ b/pkgs/development/libraries/cmocka/default.nix
@@ -3,11 +3,11 @@
 stdenv.mkDerivation rec {
   pname = "cmocka";
   majorVersion = "1.1";
-  version = "${majorVersion}.6";
+  version = "${majorVersion}.7";
 
   src = fetchurl {
     url = "https://cmocka.org/files/${majorVersion}/cmocka-${version}.tar.xz";
-    sha256 = "0xksffx1w3pzm18ynf28cx8scrhylcbz43s1rgkkdqnyil1q6cjv";
+    sha256 = "sha256-gQVw6wuNZIBDMfgrKf9Hx5DOnNaxY+mNR6SAcEfsrYI=";
   };
 
   patches = [
diff --git a/pkgs/development/libraries/dbus/default.nix b/pkgs/development/libraries/dbus/default.nix
index 52928e1005fff..d8c3309acb9f0 100644
--- a/pkgs/development/libraries/dbus/default.nix
+++ b/pkgs/development/libraries/dbus/default.nix
@@ -19,11 +19,11 @@
 
 stdenv.mkDerivation rec {
   pname = "dbus";
-  version = "1.14.6";
+  version = "1.14.8";
 
   src = fetchurl {
     url = "https://dbus.freedesktop.org/releases/dbus/dbus-${version}.tar.xz";
-    sha256 = "sha256-/SvfG7idw2WkZTG/9jFTbyKw0cbVzixcXlm1UmWz1ms=";
+    sha256 = "sha256-pr1brFzxnww8WUva4lZaCVaWmApoOg7zfLYhLgk73jU=";
   };
 
   patches = lib.optional stdenv.isSunOS ./implement-getgrouplist.patch;
@@ -115,6 +115,7 @@ stdenv.mkDerivation rec {
   meta = with lib; {
     description = "Simple interprocess messaging system";
     homepage = "http://www.freedesktop.org/wiki/Software/dbus/";
+    changelog = "https://gitlab.freedesktop.org/dbus/dbus/-/blob/dbus-${version}/NEWS";
     license = licenses.gpl2Plus; # most is also under AFL-2.1
     maintainers = teams.freedesktop.members ++ (with maintainers; [ ]);
     platforms = platforms.unix;
diff --git a/pkgs/development/libraries/fontconfig/default.nix b/pkgs/development/libraries/fontconfig/default.nix
index 6c0b8899a3f4a..eadb30352e9a9 100644
--- a/pkgs/development/libraries/fontconfig/default.nix
+++ b/pkgs/development/libraries/fontconfig/default.nix
@@ -1,6 +1,7 @@
 { stdenv
 , lib
 , fetchurl
+, fetchpatch2
 , pkg-config
 , python3
 , freetype
@@ -14,15 +15,25 @@
 
 stdenv.mkDerivation rec {
   pname = "fontconfig";
-  version = "2.14.0";
+  version = "2.14.2";
 
   outputs = [ "bin" "dev" "lib" "out" ]; # $out contains all the config
 
   src = fetchurl {
     url = "https://www.freedesktop.org/software/fontconfig/release/${pname}-${version}.tar.xz";
-    sha256 = "3L64TJx0u/2xM9U1/hx77cnyIhqNrzkUuYTETFIOm6w=";
+    hash = "sha256-26aVtXvOFQI9LO7e+CBiwrkl5R9dTMSu9zbPE/YKRos=";
   };
 
+  patches = [
+    # Provide 11-lcdfilter-none.conf for NixOS module
+    # https://gitlab.freedesktop.org/fontconfig/fontconfig/-/merge_requests/268
+    (fetchpatch2 {
+      name = "add-optional-11-lcdfilter-none-configuration.patch";
+      url = "https://gitlab.freedesktop.org/fontconfig/fontconfig/-/commit/c2666a6d9a6ed18b1bfcef8176e25f62993e24db.patch";
+      hash = "sha256-UBzkxy3uxFO+g0aQtPnBZv7OncgQdinwzNwWS8ngjcE=";
+    })
+  ];
+
   nativeBuildInputs = [
     autoreconfHook
     gperf
diff --git a/pkgs/development/libraries/glib/default.nix b/pkgs/development/libraries/glib/default.nix
index 2f50ed4b259d4..c3955bc10e306 100644
--- a/pkgs/development/libraries/glib/default.nix
+++ b/pkgs/development/libraries/glib/default.nix
@@ -56,11 +56,11 @@ in
 
 stdenv.mkDerivation (finalAttrs: {
   pname = "glib";
-  version = "2.76.2";
+  version = "2.76.3";
 
   src = fetchurl {
     url = "mirror://gnome/sources/glib/${lib.versions.majorMinor finalAttrs.version}/glib-${finalAttrs.version}.tar.xz";
-    sha256 = "JPOEeFex2GdM2wOJo27ewPE8ZmzTznJ+zTQOudqKyp4=";
+    sha256 = "wL5ETkA9fDGE0fOU+J8LZEcQtekzG1T6TotQN4E60yo=";
   };
 
   patches = lib.optionals stdenv.isDarwin [
diff --git a/pkgs/development/libraries/google-cloud-cpp/default.nix b/pkgs/development/libraries/google-cloud-cpp/default.nix
index 1be64b11d991e..cb626ffac968c 100644
--- a/pkgs/development/libraries/google-cloud-cpp/default.nix
+++ b/pkgs/development/libraries/google-cloud-cpp/default.nix
@@ -125,6 +125,8 @@ stdenv.mkDerivation rec {
     "-DGOOGLE_CLOUD_CPP_ENABLE=${lib.concatStringsSep ";" apis}"
   ];
 
+  requiredSystemFeatures = [ "big-parallel" ];
+
   meta = with lib; {
     license = with licenses; [ asl20 ];
     homepage = "https://github.com/googleapis/google-cloud-cpp";
diff --git a/pkgs/development/libraries/gstreamer/good/default.nix b/pkgs/development/libraries/gstreamer/good/default.nix
index ef6143b36ec90..f125d3ae30f32 100644
--- a/pkgs/development/libraries/gstreamer/good/default.nix
+++ b/pkgs/development/libraries/gstreamer/good/default.nix
@@ -34,13 +34,10 @@
 , qt6Support ? false, qt6
 , raspiCameraSupport ? false, libraspberrypi
 , enableJack ? true, libjack2
-, libXdamage
-, libXext
-, libXfixes
+, enableX11 ? stdenv.isLinux, xorg
 , ncurses
 , wayland
 , wayland-protocols
-, xorg
 , libgudev
 , wavpack
 , glib
@@ -105,15 +102,14 @@ stdenv.mkDerivation rec {
     mpg123
     twolame
     libintl
-    libXdamage
-    libXext
-    libXfixes
     ncurses
-    xorg.libXfixes
-    xorg.libXdamage
     wavpack
   ] ++ lib.optionals raspiCameraSupport [
     libraspberrypi
+  ] ++ lib.optionals enableX11 [
+    xorg.libXext
+    xorg.libXfixes
+    xorg.libXdamage
   ] ++ lib.optionals gtkSupport [
     # for gtksink
     gtk3
@@ -149,6 +145,8 @@ stdenv.mkDerivation rec {
     "-Dqt6=disabled"
   ] ++ lib.optionals (!gtkSupport) [
     "-Dgtk3=disabled"
+  ] ++ lib.optionals (!enableX11) [
+    "-Dximagesrc=disabled" # Linux-only
   ] ++ lib.optionals (!enableJack) [
     "-Djack=disabled"
   ] ++ lib.optionals (!stdenv.isLinux) [
@@ -158,7 +156,6 @@ stdenv.mkDerivation rec {
     "-Dpulse=disabled" # TODO check if we can keep this enabled
     "-Dv4l2-gudev=disabled" # Linux-only
     "-Dv4l2=disabled" # Linux-only
-    "-Dximagesrc=disabled" # Linux-only
   ] ++ lib.optionals (!raspiCameraSupport) [
     "-Drpicamsrc=disabled"
   ];
diff --git a/pkgs/development/libraries/gtk/3.x.nix b/pkgs/development/libraries/gtk/3.x.nix
index 33e4c44641021..a527faf5a8beb 100644
--- a/pkgs/development/libraries/gtk/3.x.nix
+++ b/pkgs/development/libraries/gtk/3.x.nix
@@ -63,7 +63,7 @@ in
 
 stdenv.mkDerivation (finalAttrs: {
   pname = "gtk+3";
-  version = "3.24.37";
+  version = "3.24.38";
 
   outputs = [ "out" "dev" ] ++ lib.optional withIntrospection "devdoc";
   outputBin = "dev";
@@ -77,7 +77,7 @@ stdenv.mkDerivation (finalAttrs: {
     inherit (finalAttrs) version;
   in fetchurl {
     url = "mirror://gnome/sources/gtk+/${lib.versions.majorMinor version}/gtk+-${version}.tar.xz";
-    sha256 = "sha256-Z0XwtMBTeUFR/Q8OJHSwd8zP9fg+ndG/PTn+n+X7f1c=";
+    sha256 = "sha256-zhHezwGLJb3YUFVEpPhyQoVOyIvgVNmt5fOiBETdjuc=";
   };
 
   patches = [
diff --git a/pkgs/development/libraries/libelf/default.nix b/pkgs/development/libraries/libelf/default.nix
index 3302d127d4d3e..0a1a7175296ef 100644
--- a/pkgs/development/libraries/libelf/default.nix
+++ b/pkgs/development/libraries/libelf/default.nix
@@ -21,6 +21,8 @@ stdenv.mkDerivation rec {
     # Fix warnings from preprocessor instructions.
     # https://github.com/NixOS/nixpkgs/issues/59929
     ./preprocessor-warnings.patch
+    # `configure` defines a test `main` with an implicit `int` return, which clang 16 disallows.
+    ./fix-configure-main.patch
   ];
 
   enableParallelBuilding = true;
@@ -55,7 +57,13 @@ stdenv.mkDerivation rec {
        # cross-compiling, but `autoreconfHook` brings in `makeWrapper` which
        # doesn't work with the bootstrapTools bash, so can only do this for
        # cross builds when `stdenv.shell` is a newer bash.
-    ++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) autoreconfHook;
+    ++ lib.optional (stdenv.hostPlatform != stdenv.buildPlatform
+       # The provided `configure` script fails on clang 16 because some tests have a `main`
+       # returning an implicit `int`, which clang 16 treats as an error. Running `autoreconf` fixes
+       # the test and allows `configure` to detect clang properly.
+       # This is done only for clang on Darwin because the Darwin stdenv bootstrap does not use
+       # libelf, so should be safe because it will always be run with a compatible version of bash.
+       || (stdenv.cc.isClang && stdenv.isDarwin)) autoreconfHook;
 
   meta = {
     description = "ELF object file access library";
diff --git a/pkgs/development/libraries/libelf/fix-configure-main.patch b/pkgs/development/libraries/libelf/fix-configure-main.patch
new file mode 100644
index 0000000000000..cc7e5f4c41d11
--- /dev/null
+++ b/pkgs/development/libraries/libelf/fix-configure-main.patch
@@ -0,0 +1,12 @@
+diff -ur a/configure.in b/configure.in
+--- a/configure.in	2008-05-23 04:17:56.000000000 -0400
++++ b/configure.in	2023-06-01 19:16:04.801921924 -0400
+@@ -282,7 +282,7 @@
+ #define memmove(d,s,n) bcopy((s),(d),(n))
+ #endif
+ extern int strcmp();
+-main() {
++int main() {
+   char buf[] = "0123456789";
+   memmove(buf + 1, buf, 9);
+   if (strcmp(buf, "0012345678")) exit(1);
diff --git a/pkgs/development/libraries/libopus/default.nix b/pkgs/development/libraries/libopus/default.nix
index 7c563e081d018..6c6e55a528e40 100644
--- a/pkgs/development/libraries/libopus/default.nix
+++ b/pkgs/development/libraries/libopus/default.nix
@@ -1,26 +1,67 @@
-{ lib, stdenv, fetchurl
-, fixedPoint ? false, withCustomModes ? true }:
+{ lib
+, stdenv
+, fetchpatch
+, fetchurl
+, meson
+, python3
+, ninja
+, fixedPoint ? false
+, withCustomModes ? true
+
+# tests
+, ffmpeg-headless
+}:
 
 stdenv.mkDerivation rec {
   pname = "libopus";
-  version = "1.3.1";
+  version = "1.4";
 
   src = fetchurl {
-    url = "mirror://mozilla/opus/opus-${version}.tar.gz";
-    sha256 = "17gz8kxs4i7icsc1gj713gadiapyklynlwqlf0ai98dj4lg8xdb5";
+    url = "https://downloads.xiph.org/releases/opus/opus-${version}.tar.gz";
+    sha256 = "sha256-ybMrQlO+WuY9H/Fu6ga5S18PKVG3oCrO71jjo85JxR8=";
   };
 
+  patches = [
+    ./fix-pkg-config-paths.patch
+    # Fix meson build for arm64. Remove with next release
+    # https://gitlab.xiph.org/xiph/opus/-/merge_requests/59
+    (fetchpatch {
+      url = "https://gitlab.xiph.org/xiph/opus/-/commit/20c032d27c59d65b19b8ffbb2608e5282fe817eb.patch";
+      hash = "sha256-2pX+0ay5PTyHL2plameBX2L1Q4aTx7V7RGiTdhNIuE4=";
+    })
+  ];
+
+  postPatch = ''
+    patchShebangs meson/
+  '';
+
   outputs = [ "out" "dev" ];
 
-  configureFlags = lib.optional fixedPoint "--enable-fixed-point"
-                ++ lib.optional withCustomModes "--enable-custom-modes";
+  nativeBuildInputs = [
+    meson
+    python3
+    ninja
+  ];
+
+  mesonFlags = [
+    (lib.mesonBool "fixed-point" fixedPoint)
+    (lib.mesonBool "custom-modes" withCustomModes)
+    (lib.mesonEnable "asm" false)
+    (lib.mesonEnable "docs" false)
+  ];
 
   doCheck = !stdenv.isi686 && !stdenv.isAarch32; # test_unit_LPC_inv_pred_gain fails
 
+  passthru.tests = {
+    inherit ffmpeg-headless;
+  };
+
   meta = with lib; {
     description = "Open, royalty-free, highly versatile audio codec";
-    license = lib.licenses.bsd3;
-    homepage = "https://www.opus-codec.org/";
+    homepage = "https://opus-codec.org/";
+    changelog = "https://gitlab.xiph.org/xiph/opus/-/releases/v${version}";
+    license = licenses.bsd3;
     platforms = platforms.all;
+    maintainers = [ ];
   };
 }
diff --git a/pkgs/development/libraries/libopus/fix-pkg-config-paths.patch b/pkgs/development/libraries/libopus/fix-pkg-config-paths.patch
new file mode 100644
index 0000000000000..d54b7f5558c9f
--- /dev/null
+++ b/pkgs/development/libraries/libopus/fix-pkg-config-paths.patch
@@ -0,0 +1,13 @@
+--- i/meson.build
++++ w/meson.build
+@@ -591,8 +591,8 @@ pkgconf = configuration_data()
+ 
+ pkgconf.set('prefix', join_paths(get_option('prefix')))
+ pkgconf.set('exec_prefix', '${prefix}')
+-pkgconf.set('libdir', '${prefix}/@0@'.format(get_option('libdir')))
+-pkgconf.set('includedir', '${prefix}/@0@'.format(get_option('includedir')))
++pkgconf.set('libdir', '${prefix}' / get_option('libdir'))
++pkgconf.set('includedir', '${prefix}' / get_option('includedir'))
+ pkgconf.set('VERSION', opus_version)
+ pkgconf.set('PC_BUILD', pc_build)
+ pkgconf.set('LIBM', libm.found() ? '-lm' : '')
diff --git a/pkgs/development/libraries/libssh2/default.nix b/pkgs/development/libraries/libssh2/default.nix
index ba1455350e600..091885a1f084a 100644
--- a/pkgs/development/libraries/libssh2/default.nix
+++ b/pkgs/development/libraries/libssh2/default.nix
@@ -11,7 +11,8 @@ stdenv.mkDerivation rec {
 
   outputs = [ "out" "dev" "devdoc" ];
 
-  buildInputs = [ openssl zlib ]
+  propagatedBuildInputs = [ openssl ]; # see Libs: in libssh2.pc
+  buildInputs = [ zlib ]
     ++ lib.optional stdenv.hostPlatform.isMinGW windows.mingw_w64;
 
   meta = with lib; {
diff --git a/pkgs/development/libraries/libwacom/default.nix b/pkgs/development/libraries/libwacom/default.nix
index f1f6762bab8c3..c03dd99a125b6 100644
--- a/pkgs/development/libraries/libwacom/default.nix
+++ b/pkgs/development/libraries/libwacom/default.nix
@@ -13,7 +13,7 @@
 
 stdenv.mkDerivation rec {
   pname = "libwacom";
-  version = "2.6.0";
+  version = "2.7.0";
 
   outputs = [ "out" "dev" ];
 
@@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
     owner = "linuxwacom";
     repo = "libwacom";
     rev = "libwacom-${version}";
-    sha256 = "sha256-9zqW6zPrFcxv/yAAtFgdVavKVMXeDBoMP3E/XriUcT0=";
+    sha256 = "sha256-NNfhZMshM5U/EfJHuNgkDe5NEkEGKtJ56vSpXyGf/xw=";
   };
 
   postPatch = ''
diff --git a/pkgs/development/libraries/libwacom/surface.nix b/pkgs/development/libraries/libwacom/surface.nix
index 6168686cf50b7..22707a375954e 100644
--- a/pkgs/development/libraries/libwacom/surface.nix
+++ b/pkgs/development/libraries/libwacom/surface.nix
@@ -7,8 +7,8 @@ let
   libwacom-surface = fetchFromGitHub {
     owner = "linux-surface";
     repo = "libwacom-surface";
-    rev = "v2.6.0-1";
-    hash = "sha256-4UOO9LMyCJd4LkqU0uva/0Xc44fIVdIQi27tJOtNEFk=";
+    rev = "v2.7.0-1";
+    hash = "sha256-LgJ8YFQQN05kyd6kxBakIIiGgZ9icW27xKK3Dz6TwLs=";
   };
 in libwacom.overrideAttrs (old: {
   pname = "libwacom-surface";
diff --git a/pkgs/development/libraries/libxcrypt/default.nix b/pkgs/development/libraries/libxcrypt/default.nix
index 97ca6870496e5..60e8168f7fd4b 100644
--- a/pkgs/development/libraries/libxcrypt/default.nix
+++ b/pkgs/development/libraries/libxcrypt/default.nix
@@ -8,11 +8,11 @@
 
 stdenv.mkDerivation (finalAttrs: {
   pname = "libxcrypt";
-  version = "4.4.33";
+  version = "4.4.35";
 
   src = fetchurl {
     url = "https://github.com/besser82/libxcrypt/releases/download/v${finalAttrs.version}/libxcrypt-${finalAttrs.version}.tar.xz";
-    hash = "sha256-6HrPnGUsVzpHE9VYIVn5jzBdVu1fdUzmT1fUGU1rOm8=";
+    hash = "sha256-qMk1UFtV8d8NF/i/1ZRox8Zwmh0xgxsPjj4EWrj9RV0=";
   };
 
   outputs = [
@@ -46,7 +46,7 @@ stdenv.mkDerivation (finalAttrs: {
       '';
     };
     enabledCryptSchemeIds = [
-      # https://github.com/besser82/libxcrypt/blob/v4.4.33/lib/hashes.conf
+      # https://github.com/besser82/libxcrypt/blob/v4.4.35/lib/hashes.conf
       "y"   # yescrypt
       "gy"  # gost_yescrypt
       "7"   # scrypt
@@ -58,6 +58,7 @@ stdenv.mkDerivation (finalAttrs: {
   };
 
   meta = with lib; {
+    changelog = "https://github.com/besser82/libxcrypt/blob/v${finalAttrs.version}/NEWS";
     description = "Extended crypt library for descrypt, md5crypt, bcrypt, and others";
     homepage = "https://github.com/besser82/libxcrypt/";
     platforms = platforms.all;
diff --git a/pkgs/development/libraries/mesa/default.nix b/pkgs/development/libraries/mesa/default.nix
index d56b34432d70e..a2acd331e783d 100644
--- a/pkgs/development/libraries/mesa/default.nix
+++ b/pkgs/development/libraries/mesa/default.nix
@@ -85,8 +85,8 @@
 */
 
 let
-  version = "23.1.1";
-  hash = "sha256-omeQMe1bc7KcTwQqxk2W+DsM/khYYX3jLi78GWxlOkA=";
+  version = "23.1.2";
+  hash = "sha256-YLHzrbFWGDDBWL88aFCJQ2dPudafOEw8colpQ4WrXH4=";
 
   # Release calendar: https://www.mesa3d.org/release-calendar.html
   # Release frequency: https://www.mesa3d.org/releasing.html#schedule
diff --git a/pkgs/development/libraries/nettle/default.nix b/pkgs/development/libraries/nettle/default.nix
index ba133320da572..3a1297f897636 100644
--- a/pkgs/development/libraries/nettle/default.nix
+++ b/pkgs/development/libraries/nettle/default.nix
@@ -1,10 +1,10 @@
 { callPackage, fetchurl }:
 
 callPackage ./generic.nix rec {
-  version = "3.9";
+  version = "3.9.1";
 
   src = fetchurl {
     url = "mirror://gnu/nettle/nettle-${version}.tar.gz";
-    hash = "sha256-Duet9acgFhC7f+Csu3ybO+g75EkE3TXrvNllzYlr/qo=";
+    hash = "sha256-zP7/mBsMpxu9b7ywVPQHxg/7ZEOJpb6A1nFtW1UMbOM=";
   };
 }
diff --git a/pkgs/development/libraries/nlohmann_json/default.nix b/pkgs/development/libraries/nlohmann_json/default.nix
index 3c8244c755320..29c7ca2c690bf 100644
--- a/pkgs/development/libraries/nlohmann_json/default.nix
+++ b/pkgs/development/libraries/nlohmann_json/default.nix
@@ -1,6 +1,7 @@
 { stdenv
 , lib
 , fetchFromGitHub
+, fetchpatch
 , cmake
 }:
 let
@@ -21,6 +22,24 @@ in stdenv.mkDerivation (finalAttrs: {
     hash = "sha256-SUdhIV7tjtacf5DkoWk9cnkfyMlrkg8ZU7XnPZd22Tw=";
   };
 
+  patches = [
+    # Backport fix for gcc-13:
+    #   https://github.com/nlohmann/json/pull/3895
+    (fetchpatch {
+      name = "gcc-13-rebind.patch";
+      url = "https://github.com/nlohmann/json/commit/a5b09d50b786638ed9deb09ef13860a3cb64eb6b.patch";
+      hash = "sha256-Jbi0VwZP+ZHTGbpIwgKCVc66gOmwjkT5iOUe85eIzM0=";
+    })
+
+    # Backport fix for gcc-13:
+    #   https://github.com/nlohmann/json/pull/3950
+    (fetchpatch {
+      name = "gcc-13-eq-op.patch";
+      url = "https://github.com/nlohmann/json/commit/a49829bd984c0282be18fcec070df0c31bf77dd5.patch";
+      hash = "sha256-D+cRtdN6AXr4z3/y9Ui7Zqp3e/y10tp+DOL80ZtPz5E=";
+    })
+  ];
+
   nativeBuildInputs = [ cmake ];
 
   cmakeFlags = [
diff --git a/pkgs/development/libraries/ocl-icd/default.nix b/pkgs/development/libraries/ocl-icd/default.nix
index ea8e1841b0c1a..dfacf433b77f0 100644
--- a/pkgs/development/libraries/ocl-icd/default.nix
+++ b/pkgs/development/libraries/ocl-icd/default.nix
@@ -9,13 +9,13 @@
 
 stdenv.mkDerivation rec {
   pname = "ocl-icd";
-  version = "2.3.1";
+  version = "2.3.2";
 
   src = fetchFromGitHub {
     owner = "OCL-dev";
     repo = "ocl-icd";
     rev = "v${version}";
-    sha256 = "1km2rqc9pw6xxkqp77a22pxfsb5kgw95w9zd15l5jgvyjb6rqqad";
+    sha256 = "sha256-nx9Zz5DpS29g1HRIwPAQi6i+d7Blxd53WQ7Sb1a3FHg=";
   };
 
   nativeBuildInputs = [
diff --git a/pkgs/development/libraries/openexr/default.nix b/pkgs/development/libraries/openexr/default.nix
index ba0263bcad13b..38e0fadd07389 100644
--- a/pkgs/development/libraries/openexr/default.nix
+++ b/pkgs/development/libraries/openexr/default.nix
@@ -28,13 +28,35 @@ stdenv.mkDerivation rec {
       extraPrefix = "OpenEXR/IlmImf/";
       sha256 = "1wa2jn6sa0n3phaqvklnlbgk1bz60y756ad4jk4d757pzpnannsy";
     })
+    (fetchpatch {
+      name = "CVE-2021-3933.patch";
+      url = "https://github.com/AcademySoftwareFoundation/openexr/commit/5db6f7aee79e3e75e8c3780b18b28699614dd08e.patch";
+      stripLen = 4;
+      extraPrefix = "OpenEXR/IlmImf/";
+      sha256 = "sha256-DrpldpNgN5pWKzIuuPIrynGX3EpP8YhJlu+lLfNFGxQ=";
+    })
+
+    # Backport gcc-13 fix:
+    #   https://github.com/AcademySoftwareFoundation/openexr/pull/1264
+    ./gcc-13.patch
   ];
 
+  # tests are determined to use /var/tmp on unix
+  postPatch = ''
+    find . -name tmpDir.h | while read -r f ; do
+      substituteInPlace $f --replace '/var/tmp' "$TMPDIR"
+    done
+  '';
+
   cmakeFlags = lib.optional stdenv.hostPlatform.isStatic "-DCMAKE_SKIP_RPATH=ON";
 
   nativeBuildInputs = [ cmake ];
   propagatedBuildInputs = [ ilmbase zlib ];
 
+  # https://github.com/AcademySoftwareFoundation/openexr/issues/1400
+  # https://github.com/AcademySoftwareFoundation/openexr/issues/1281
+  doCheck = !stdenv.isAarch32 && !stdenv.isi686;
+
   meta = with lib; {
     description = "A high dynamic-range (HDR) image file format";
     homepage = "https://www.openexr.com/";
diff --git a/pkgs/development/libraries/openexr/gcc-13.patch b/pkgs/development/libraries/openexr/gcc-13.patch
new file mode 100644
index 0000000000000..d508b6028f76d
--- /dev/null
+++ b/pkgs/development/libraries/openexr/gcc-13.patch
@@ -0,0 +1,33 @@
+https://github.com/AcademySoftwareFoundation/openexr/pull/1264
+https://github.com/AcademySoftwareFoundation/openexr/commit/d0088a3c6943a9a53fc24e29885414d082d531fe.patch
+
+--- a/OpenEXR/IlmImf/ImfDwaCompressor.cpp
++++ b/OpenEXR/IlmImf/ImfDwaCompressor.cpp
+@@ -159,6 +159,7 @@
+ #include <limits>
+ 
+ #include <cstddef>
++#include <cstdint>
+ 
+ 
+ // Windows specific addition to prevent the indirect import of the redefined min/max macros
+--- a/OpenEXR/IlmImf/ImfHuf.cpp
++++ b/OpenEXR/IlmImf/ImfHuf.cpp
+@@ -53,6 +53,7 @@
+ #include <cstring>
+ #include <cassert>
+ #include <algorithm>
++#include <cstdint>
+ 
+ 
+ using namespace std;
+--- a/OpenEXR/IlmImf/ImfMisc.cpp
++++ b/OpenEXR/IlmImf/ImfMisc.cpp
+@@ -52,6 +52,7 @@
+ #include <ImfConvert.h>
+ #include <ImfPartType.h>
+ #include <ImfTileDescription.h>
++#include <cstdint>
+ #include "ImfNamespace.h"
+ 
+ OPENEXR_IMF_INTERNAL_NAMESPACE_SOURCE_ENTER
diff --git a/pkgs/development/libraries/qpdf/default.nix b/pkgs/development/libraries/qpdf/default.nix
index 67e16f6f3eeb8..b1b78bb257048 100644
--- a/pkgs/development/libraries/qpdf/default.nix
+++ b/pkgs/development/libraries/qpdf/default.nix
@@ -2,13 +2,13 @@
 
 stdenv.mkDerivation rec {
   pname = "qpdf";
-  version = "11.3.0";
+  version = "11.4.0";
 
   src = fetchFromGitHub {
     owner = "qpdf";
     repo = "qpdf";
     rev = "v${version}";
-    hash = "sha256-UZq973X93E+Ll1IKjfJNPQuQwBFOU3egFGODgXV21x0=";
+    hash = "sha256-cG8TxgWXZGol7X2eRQNeknMo4L8PoWSMvxOsDVO/Rx4=";
   };
 
   nativeBuildInputs = [ cmake perl ];
diff --git a/pkgs/development/libraries/s2n-tls/default.nix b/pkgs/development/libraries/s2n-tls/default.nix
index 6ee476ae94597..be49af907cbf1 100644
--- a/pkgs/development/libraries/s2n-tls/default.nix
+++ b/pkgs/development/libraries/s2n-tls/default.nix
@@ -8,13 +8,13 @@
 
 stdenv.mkDerivation rec {
   pname = "s2n-tls";
-  version = "1.3.44";
+  version = "1.3.45";
 
   src = fetchFromGitHub {
     owner = "aws";
     repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-8YF9PhxTrXQBTUJvTrJZFDVijQecTeZ1ayGuvQRqGEE=";
+    sha256 = "sha256-ZipZXCwat3H0NoUX9T6XB7/qMRvViB2QrYpgj0U41nU=";
   };
 
   nativeBuildInputs = [ cmake ];
diff --git a/pkgs/development/libraries/silgraphite/graphite2.nix b/pkgs/development/libraries/silgraphite/graphite2.nix
index 495a5ba04f071..5e7358fa15f9a 100644
--- a/pkgs/development/libraries/silgraphite/graphite2.nix
+++ b/pkgs/development/libraries/silgraphite/graphite2.nix
@@ -23,6 +23,12 @@ stdenv.mkDerivation rec {
   buildInputs = [ freetype ];
 
   patches = lib.optionals stdenv.isDarwin [ ./macosx.patch ];
+  postPatch = ''
+    # disable broken 'nametabletest' test, fails on gcc-13:
+    #   https://github.com/silnrsi/graphite/pull/74
+    substituteInPlace tests/CMakeLists.txt \
+      --replace 'add_subdirectory(nametabletest)' '#add_subdirectory(nametabletest)'
+  '';
 
   cmakeFlags = lib.optionals static [
     "-DBUILD_SHARED_LIBS=OFF"
diff --git a/pkgs/development/libraries/zeromq/4.x.nix b/pkgs/development/libraries/zeromq/4.x.nix
index b37dfbdd70773..53b1f2f7431a7 100644
--- a/pkgs/development/libraries/zeromq/4.x.nix
+++ b/pkgs/development/libraries/zeromq/4.x.nix
@@ -1,5 +1,13 @@
-{ lib, stdenv, fetchFromGitHub, cmake, asciidoc, pkg-config, libsodium
-, enableDrafts ? false }:
+{ lib
+, stdenv
+, fetchFromGitHub
+, fetchpatch
+, cmake
+, asciidoc
+, pkg-config
+, libsodium
+, enableDrafts ? false
+}:
 
 stdenv.mkDerivation rec {
   pname = "zeromq";
@@ -12,6 +20,16 @@ stdenv.mkDerivation rec {
     sha256 = "sha256-epOEyHOswUGVwzz0FLxhow/zISmZHxsIgmpOV8C8bQM=";
   };
 
+  patches = [
+    # Backport gcc-13 fix:
+    #   https://github.com/zeromq/libzmq/pull/4480
+    (fetchpatch {
+      name = "gcc-13.patch";
+      url = "https://github.com/zeromq/libzmq/commit/438d5d88392baffa6c2c5e0737d9de19d6686f0d.patch";
+      hash = "sha256-tSTYSrQzgnfbY/70QhPdOnpEXX05VAYwVYuW8P1LWf0=";
+    })
+  ];
+
   nativeBuildInputs = [ cmake asciidoc pkg-config ];
   buildInputs = [ libsodium ];
 
diff --git a/pkgs/development/python-modules/autoflake/default.nix b/pkgs/development/python-modules/autoflake/default.nix
index 6cb03e00de1ee..9446a6dc2b4c2 100644
--- a/pkgs/development/python-modules/autoflake/default.nix
+++ b/pkgs/development/python-modules/autoflake/default.nix
@@ -4,8 +4,9 @@
 , hatchling
 , pyflakes
 , pytestCheckHook
+, pythonOlder
+, tomli
 }:
-
 buildPythonPackage rec {
   pname = "autoflake";
   version = "2.0.1";
@@ -22,7 +23,8 @@ buildPythonPackage rec {
 
   propagatedBuildInputs = [
     pyflakes
-  ];
+  ]
+  ++ lib.optional (pythonOlder "3.11") tomli;
 
   nativeCheckInputs = [
     pytestCheckHook
diff --git a/pkgs/development/python-modules/chardet/default.nix b/pkgs/development/python-modules/chardet/default.nix
index e750bbece81de..69353dcaec289 100644
--- a/pkgs/development/python-modules/chardet/default.nix
+++ b/pkgs/development/python-modules/chardet/default.nix
@@ -23,8 +23,7 @@ buildPythonPackage rec {
   ];
 
   nativeCheckInputs = [
-    # "hypothesis" indirectly depends on chardet to build its documentation.
-    (hypothesis.override { enableDocumentation = false; })
+    hypothesis
     pytestCheckHook
   ];
 
diff --git a/pkgs/development/python-modules/cryptography/default.nix b/pkgs/development/python-modules/cryptography/default.nix
index 4815bfe90559a..02a960ac48f4c 100644
--- a/pkgs/development/python-modules/cryptography/default.nix
+++ b/pkgs/development/python-modules/cryptography/default.nix
@@ -72,8 +72,7 @@ buildPythonPackage rec {
 
   nativeCheckInputs = [
     cryptography-vectors
-    # "hypothesis" indirectly depends on cryptography to build its documentation
-    (hypothesis.override { enableDocumentation = false; })
+    hypothesis
     iso8601
     pretend
     py
diff --git a/pkgs/development/python-modules/filelock/default.nix b/pkgs/development/python-modules/filelock/default.nix
index 4b25ff52aad54..62a65cfbdf63c 100644
--- a/pkgs/development/python-modules/filelock/default.nix
+++ b/pkgs/development/python-modules/filelock/default.nix
@@ -3,20 +3,21 @@
 , fetchPypi
 , hatch-vcs
 , hatchling
+, pytest-mock
 , pytestCheckHook
 , pythonOlder
 }:
 
 buildPythonPackage rec {
   pname = "filelock";
-  version = "3.9.0";
+  version = "3.12.0";
   format = "pyproject";
 
   disabled = pythonOlder "3.7";
 
   src = fetchPypi {
     inherit pname version;
-    hash = "sha256-ezGfJDQLUfVaK/ehKsB1WpsD5xgxHaxWeg9Pf6vS9d4=";
+    hash = "sha256-/AOuQyiMAT0uqDyFlwAbESnbNRqtnFf+JAkyeRa45xg=";
   };
 
   nativeBuildInputs = [
@@ -25,6 +26,7 @@ buildPythonPackage rec {
   ];
 
   nativeCheckInputs = [
+    pytest-mock
     pytestCheckHook
   ];
 
diff --git a/pkgs/development/python-modules/furl/default.nix b/pkgs/development/python-modules/furl/default.nix
index 0f561573d5811..3c9592c37d0d4 100644
--- a/pkgs/development/python-modules/furl/default.nix
+++ b/pkgs/development/python-modules/furl/default.nix
@@ -16,6 +16,13 @@ buildPythonPackage rec {
     sha256 = "5a6188fe2666c484a12159c18be97a1977a71d632ef5bb867ef15f54af39cc4e";
   };
 
+  # With python 3.11.4, invalid IPv6 address does throw ValueError
+  # https://github.com/gruns/furl/issues/164#issuecomment-1595637359
+  postPatch = ''
+    substituteInPlace tests/test_furl.py \
+      --replace '[0:0:0:0:0:0:0:1:1:1:1:1:1:1:1:9999999999999]' '[2001:db8::9999]'
+  '';
+
   propagatedBuildInputs = [
     orderedmultidict
     six
diff --git a/pkgs/development/python-modules/hypothesis/default.nix b/pkgs/development/python-modules/hypothesis/default.nix
index bfa2ca0dc87e8..fab840a74e992 100644
--- a/pkgs/development/python-modules/hypothesis/default.nix
+++ b/pkgs/development/python-modules/hypothesis/default.nix
@@ -8,21 +8,21 @@
 , doCheck ? true
 , pytestCheckHook
 , pytest-xdist
+, python
 , sortedcontainers
+, stdenv
 , pythonOlder
 , sphinxHook
 , sphinx-rtd-theme
 , sphinx-hoverxref
 , sphinx-codeautolink
 , tzdata
-# Used to break internal dependency loop.
-, enableDocumentation ? true
 }:
 
 buildPythonPackage rec {
   pname = "hypothesis";
   version = "6.68.2";
-  outputs = [ "out" ] ++ lib.optional enableDocumentation "doc";
+  outputs = [ "out" ];
   format = "setuptools";
 
   disabled = pythonOlder "3.7";
@@ -49,13 +49,6 @@ buildPythonPackage rec {
 
   postUnpack = "sourceRoot=$sourceRoot/hypothesis-python";
 
-  nativeBuildInputs = lib.optionals enableDocumentation [
-    sphinxHook
-    sphinx-rtd-theme
-    sphinx-hoverxref
-    sphinx-codeautolink
-  ];
-
   propagatedBuildInputs = [
     attrs
     sortedcontainers
@@ -67,7 +60,7 @@ buildPythonPackage rec {
     pexpect
     pytest-xdist
     pytestCheckHook
-  ] ++ lib.optionals (isPyPy) [
+  ] ++ lib.optionals isPyPy [
     tzdata
   ];
 
@@ -86,6 +79,30 @@ buildPythonPackage rec {
     "hypothesis"
   ];
 
+  passthru = {
+    doc = stdenv.mkDerivation {
+      # Forge look and feel of multi-output derivation as best as we can.
+      #
+      # Using 'outputs = [ "doc" ];' breaks a lot of assumptions.
+      name = "${pname}-${version}-doc";
+      inherit src pname version;
+
+      postInstallSphinx = ''
+        mv $out/share/doc/* $out/share/doc/python$pythonVersion-$pname-$version
+      '';
+
+      nativeBuildInputs = [
+        sphinxHook
+        sphinx-rtd-theme
+        sphinx-hoverxref
+        sphinx-codeautolink
+      ];
+
+      inherit (python) pythonVersion;
+      inherit meta;
+    };
+  };
+
   meta = with lib; {
     description = "Library for property based testing";
     homepage = "https://github.com/HypothesisWorks/hypothesis";
diff --git a/pkgs/development/python-modules/iso8601/default.nix b/pkgs/development/python-modules/iso8601/default.nix
index af90e739163c8..c3e022cdb38bd 100644
--- a/pkgs/development/python-modules/iso8601/default.nix
+++ b/pkgs/development/python-modules/iso8601/default.nix
@@ -25,8 +25,7 @@ buildPythonPackage rec {
   ];
 
   nativeCheckInputs = [
-    # "hypothesis" indirectly depends on iso8601 to build its documentation
-    (hypothesis.override { enableDocumentation = false; })
+    hypothesis
     pytestCheckHook
     pytz
   ];
diff --git a/pkgs/development/python-modules/markupsafe/default.nix b/pkgs/development/python-modules/markupsafe/default.nix
index 7f2ae8af89ac4..e63af344a3a00 100644
--- a/pkgs/development/python-modules/markupsafe/default.nix
+++ b/pkgs/development/python-modules/markupsafe/default.nix
@@ -7,7 +7,7 @@
 
 buildPythonPackage rec {
   pname = "markupsafe";
-  version = "2.1.2";
+  version = "2.1.3";
   format = "setuptools";
 
   disabled = pythonOlder "3.7";
@@ -15,7 +15,7 @@ buildPythonPackage rec {
   src = fetchPypi {
     pname = "MarkupSafe";
     inherit version;
-    hash = "sha256-q8q8jCsmA21i1MdGOBpvfPYKr8xlMZitZ4MGmGsJRQ0=";
+    hash = "sha256-r1mO0y1q6G8bdHuCeDlYsaSrj2F7Bv5oeVx/Amq73K0=";
   };
 
   nativeCheckInputs = [
@@ -25,6 +25,7 @@ buildPythonPackage rec {
   pythonImportsCheck = [ "markupsafe" ];
 
   meta = with lib; {
+    changelog = "https://markupsafe.palletsprojects.com/en/${versions.majorMinor version}.x/changes/#version-${replaceStrings [ "." ] [ "-" ] version}";
     description = "Implements a XML/HTML/XHTML Markup safe string";
     homepage = "https://palletsprojects.com/p/markupsafe/";
     license = licenses.bsd3;
diff --git a/pkgs/development/python-modules/numpy/default.nix b/pkgs/development/python-modules/numpy/default.nix
index 401a1120527ae..d96d2c13515e2 100644
--- a/pkgs/development/python-modules/numpy/default.nix
+++ b/pkgs/development/python-modules/numpy/default.nix
@@ -76,8 +76,7 @@ in buildPythonPackage rec {
 
   nativeCheckInputs = [
     pytest
-    # "hypothesis" indirectly depends on numpy to build its documentation.
-    (hypothesis.override { enableDocumentation = false; })
+    hypothesis
     typing-extensions
   ];
 
diff --git a/pkgs/development/python-modules/pandas/default.nix b/pkgs/development/python-modules/pandas/default.nix
index 68d925cc2a9f7..d74c63b1030b1 100644
--- a/pkgs/development/python-modules/pandas/default.nix
+++ b/pkgs/development/python-modules/pandas/default.nix
@@ -44,8 +44,7 @@ buildPythonPackage rec {
 
   nativeCheckInputs = [
     glibcLocales
-    # hypothesis indirectly depends on pandas to build its documentation
-    (hypothesis.override { enableDocumentation = false; })
+    hypothesis
     jinja2
     pytest-asyncio
     pytest-xdist
diff --git a/pkgs/development/python-modules/platformdirs/default.nix b/pkgs/development/python-modules/platformdirs/default.nix
index c807faff9d0b1..9d2deb68d4429 100644
--- a/pkgs/development/python-modules/platformdirs/default.nix
+++ b/pkgs/development/python-modules/platformdirs/default.nix
@@ -11,7 +11,7 @@
 
 buildPythonPackage rec {
   pname = "platformdirs";
-  version = "3.0.0";
+  version = "3.5.1";
   format = "pyproject";
 
   disabled = pythonOlder "3.7";
@@ -20,7 +20,7 @@ buildPythonPackage rec {
     owner = pname;
     repo = pname;
     rev = "refs/tags/${version}";
-    hash = "sha256-RiZ26BGqS8nN5qHpUt7LIXSck/cGM8qlet3uL81TyPo=";
+    hash = "sha256-/qi22jiF+P7XcG/D+dxoOrHk89amdBoGewrTqZZOsoM=";
   };
 
   SETUPTOOLS_SCM_PRETEND_VERSION = version;
diff --git a/pkgs/development/python-modules/pycodestyle/default.nix b/pkgs/development/python-modules/pycodestyle/default.nix
index ed4ac3f5fbf37..cdbec27700806 100644
--- a/pkgs/development/python-modules/pycodestyle/default.nix
+++ b/pkgs/development/python-modules/pycodestyle/default.nix
@@ -18,6 +18,13 @@ buildPythonPackage rec {
     hash = "sha256-NHGHvbR2Mp2Y9pXCE9cpWoRtEVL/T+m6y4qVkLjucFM=";
   };
 
+  patches = [
+    # https://github.com/PyCQA/pycodestyle/issues/1151
+    # Applies a modified version of an upstream patch that only applied
+    # to Python 3.12.
+    ./python-3.11.4-compat.patch
+  ];
+
   # https://github.com/PyCQA/pycodestyle/blob/2.10.0/tox.ini#L13
   checkPhase = ''
     ${python.interpreter} -m pycodestyle --statistics pycodestyle.py
diff --git a/pkgs/development/python-modules/pycodestyle/python-3.11.4-compat.patch b/pkgs/development/python-modules/pycodestyle/python-3.11.4-compat.patch
new file mode 100644
index 0000000000000..d8a0d7953776d
--- /dev/null
+++ b/pkgs/development/python-modules/pycodestyle/python-3.11.4-compat.patch
@@ -0,0 +1,16 @@
+diff --git a/testsuite/test_api.py b/testsuite/test_api.py
+index 8dde32ff..38e34acf 100644
+--- a/testsuite/test_api.py
++++ b/testsuite/test_api.py
+@@ -329,7 +329,10 @@ def test_check_nullbytes(self):
+         count_errors = pep8style.input_file('stdin', lines=['\x00\n'])
+ 
+         stdout = sys.stdout.getvalue()
+-        expected = "stdin:1:1: E901 ValueError"
++        if sys.version_info < (3, 11, 4):
++            expected = "stdin:1:1: E901 ValueError"
++        else:
++            expected = "stdin:1:1: E901 SyntaxError: source code string cannot contain null bytes"  # noqa: E501
+         self.assertTrue(stdout.startswith(expected),
+                         msg='Output %r does not start with %r' %
+                         (stdout, expected))
diff --git a/pkgs/development/python-modules/pyflakes/default.nix b/pkgs/development/python-modules/pyflakes/default.nix
index 56e6e88645262..d83c02783729c 100644
--- a/pkgs/development/python-modules/pyflakes/default.nix
+++ b/pkgs/development/python-modules/pyflakes/default.nix
@@ -2,6 +2,7 @@
 , buildPythonPackage
 , pythonOlder
 , fetchPypi
+, fetchpatch, isPy311
 , pytestCheckHook
 }:
 
@@ -18,6 +19,14 @@ buildPythonPackage rec {
     hash = "sha256-7IsnamtgvYDe/tJa3X5DmIHBnmSFCv2bNGKD1BZf0P0=";
   };
 
+  patches = lib.optional isPy311 # could be made unconditional on rebuild
+    (fetchpatch {
+      name = "tests-py311.patch";
+      url = "https://github.com/PyCQA/pyflakes/commit/836631f2f73d45baa4021453d89fc9fd6f52be58.diff";
+      hash = "sha256-xlgql+bN0HsGnTMkwax3ZG/5wrbkUl/kQkjlr3lsgRw=";
+    })
+  ;
+
   nativeCheckInputs = [
     pytestCheckHook
   ];
diff --git a/pkgs/development/python-modules/sentry-sdk/default.nix b/pkgs/development/python-modules/sentry-sdk/default.nix
index 0010723fcf46f..33886f82f4f14 100644
--- a/pkgs/development/python-modules/sentry-sdk/default.nix
+++ b/pkgs/development/python-modules/sentry-sdk/default.nix
@@ -40,7 +40,7 @@
 
 buildPythonPackage rec {
   pname = "sentry-sdk";
-  version = "1.25.0";
+  version = "1.25.1";
   format = "setuptools";
 
   disabled = pythonOlder "3.7";
@@ -49,7 +49,7 @@ buildPythonPackage rec {
     owner = "getsentry";
     repo = "sentry-python";
     rev = "refs/tags/${version}";
-    hash = "sha256-aY6oZf6S6jioeL10euxo1ijvzE7FcHQoWjadE21ILA4=";
+    hash = "sha256-I7lsyMJ6akQvpzXEcUrWfomTX+oFYCX7YiE4cf6KAuE=";
   };
 
   propagatedBuildInputs = [
diff --git a/pkgs/development/python-modules/twisted/default.nix b/pkgs/development/python-modules/twisted/default.nix
index f45acbe87a4e9..0731822c3bc67 100644
--- a/pkgs/development/python-modules/twisted/default.nix
+++ b/pkgs/development/python-modules/twisted/default.nix
@@ -159,8 +159,7 @@ buildPythonPackage rec {
   nativeCheckInputs = [
     git
     glibcLocales
-    # "hypothesis" indirectly depends on twisted to build its documentation.
-    (hypothesis.override { enableDocumentation = false; })
+    hypothesis
     pyhamcrest
   ]
   ++ passthru.optional-dependencies.conch
diff --git a/pkgs/development/python-modules/w3lib/default.nix b/pkgs/development/python-modules/w3lib/default.nix
index a01b1e5f5f9da..08ce68fdd616a 100644
--- a/pkgs/development/python-modules/w3lib/default.nix
+++ b/pkgs/development/python-modules/w3lib/default.nix
@@ -2,6 +2,7 @@
 , buildPythonPackage
 , fetchPypi
 , pytestCheckHook
+, pythonAtLeast
 , pythonOlder
 }:
 
@@ -25,8 +26,10 @@ buildPythonPackage rec {
     "w3lib"
   ];
 
-  disabledTests = [
-    "test_add_or_replace_parameter"
+  disabledTests = lib.optionals (pythonAtLeast "3.11") [
+    # regressed on Python 3.11.4
+    # https://github.com/scrapy/w3lib/issues/212
+    "test_safe_url_string_url"
   ];
 
   meta = with lib; {
diff --git a/pkgs/development/python-modules/yarl/default.nix b/pkgs/development/python-modules/yarl/default.nix
index 1a1295d29bee4..b17b845f3340b 100644
--- a/pkgs/development/python-modules/yarl/default.nix
+++ b/pkgs/development/python-modules/yarl/default.nix
@@ -1,6 +1,7 @@
 { lib
 , buildPythonPackage
 , fetchPypi
+, fetchpatch
 , pythonAtLeast
 , pythonOlder
 , idna
@@ -22,6 +23,14 @@ buildPythonPackage rec {
     hash = "sha256-SdQ0AsbjATrQl4YCv2v1MoU1xI0ZIwS5G5ejxnkLFWI=";
   };
 
+  patches = [
+    # https://github.com/aio-libs/yarl/issues/876
+    (fetchpatch {
+      url = "https://github.com/aio-libs/yarl/commit/0a94c6e4948e00fff072c0cf367afbf4ac36f906.patch";
+      hash = "sha256-bqT46OLZLkBef8FQ1L95ITD70mC3+WIkr3+h2ekKrvE=";
+    })
+  ];
+
   postPatch = ''
     sed -i '/^addopts/d' setup.cfg
   '';
diff --git a/pkgs/development/tools/misc/gdb/default.nix b/pkgs/development/tools/misc/gdb/default.nix
index 4273335099695..129b55e740980 100644
--- a/pkgs/development/tools/misc/gdb/default.nix
+++ b/pkgs/development/tools/misc/gdb/default.nix
@@ -29,11 +29,11 @@ assert pythonSupport -> python3 != null;
 
 stdenv.mkDerivation rec {
   pname = targetPrefix + basename + lib.optionalString hostCpuOnly "-host-cpu-only";
-  version = "13.1";
+  version = "13.2";
 
   src = fetchurl {
     url = "mirror://gnu/gdb/${basename}-${version}.tar.xz";
-    hash = "sha256-EVrVwY1ppr4qsViC02XdoqIhHBT0gLNQLG66V24ulaA=";
+    hash = "sha256-/Vvrt74YM6vbbgI8L0mKNUSYKB350FUj2JFbq+uJPwo=";
   };
 
   postPatch = lib.optionalString stdenv.isDarwin ''
@@ -48,12 +48,6 @@ stdenv.mkDerivation rec {
 
   patches = [
     ./debug-info-from-env.patch
-
-    # Backport musl fix
-    (fetchpatch {
-      url = "https://sourceware.org/git/?p=binutils-gdb.git;a=patch;h=2e977d9901393ea1bacbe1896af0929e968bc811";
-      hash = "sha256-/+UYjiOxrszJy1x8xavs63/ptNZ+ISIAQhG+i86VDpA=";
-    })
   ] ++ lib.optionals stdenv.isDarwin [
     ./darwin-target-match.patch
   ];
diff --git a/pkgs/development/tools/rust/maturin/default.nix b/pkgs/development/tools/rust/maturin/default.nix
index ea639874edd24..27691c748a9ae 100644
--- a/pkgs/development/tools/rust/maturin/default.nix
+++ b/pkgs/development/tools/rust/maturin/default.nix
@@ -11,16 +11,16 @@
 
 rustPlatform.buildRustPackage rec {
   pname = "maturin";
-  version = "1.0.0";
+  version = "1.0.1";
 
   src = fetchFromGitHub {
     owner = "PyO3";
     repo = "maturin";
     rev = "v${version}";
-    hash = "sha256-Y/eqkA23gzoCmsFeYqZsK52e6s8ElIdKavL4ay9Q0Zs=";
+    hash = "sha256-iVN6LpikU+TP4P9ZJUVQR/ZNkRHjYLgdDA0aQeWMZfA=";
   };
 
-  cargoHash = "sha256-fr7HuMfuErYyPhAdwvj+HluW/K4mSHW/kKcdnWOW1i4=";
+  cargoHash = "sha256-iX4cbZ0PV0/o42f1QKNlAkwHEif2fu+RvhdzH7tWOZE=";
 
   nativeBuildInputs = lib.optionals stdenv.isLinux [ pkg-config ];
 
diff --git a/pkgs/development/web/nodejs/nodejs.nix b/pkgs/development/web/nodejs/nodejs.nix
index d824d576a471c..75690367ec937 100644
--- a/pkgs/development/web/nodejs/nodejs.nix
+++ b/pkgs/development/web/nodejs/nodejs.nix
@@ -178,7 +178,7 @@ let
       Name: v8
       Description: V8 JavaScript Engine
       Version: $major.$minor.$patch
-      Libs: -L$libv8/lib -lv8 -pthread -licui18n
+      Libs: -L$libv8/lib -lv8 -pthread -licui18n -licuuc
       Cflags: -I$libv8/include
       EOF
     '';
author	Vladimír Čunát <v@cunat.cz>	2023-06-17 18:53:26 +0200
committer	Vladimír Čunát <v@cunat.cz>	2023-06-17 18:53:26 +0200
commit	6d80b598efe37834e4f86de9a6df3df8295edecf (patch)
tree	a7191aa98debc86cf64af8cb36251d63a60b2a90 /pkgs/development
parent	0751fd4a36b496aa93a0b025de93403f511576c2 (diff)
parent	05647e964fe63c733eaf04c1b68218ee71b5cf3f (diff)