Merge master into staging-next

2023-05-13 00:02:05 +00:00 · 2023-05-13 00:02:05 +00:00 · 2f665c348c
parent 206417b7a2 15f699fbf9
commit 2f665c348c
44 changed files with 13132 additions and 5105 deletions
--- a/nixos/doc/manual/preface.md
+++ b/nixos/doc/manual/preface.md
@ -4,7 +4,7 @@ This manual describes how to install, use and extend NixOS, a Linux distribution

 Additional information regarding the Nix package manager and the Nixpkgs project can be found in respectively the [Nix manual](https://nixos.org/nix/manual) and the [Nixpkgs manual](https://nixos.org/nixpkgs/manual).

-If you encounter problems, please report them on the [`Discourse`](https://discourse.nixos.org), the [Matrix room](https://matrix.to/#nix:nixos.org), or on the [`#nixos` channel on Libera.Chat](irc://irc.libera.chat/#nixos). Alternatively, consider [contributing to this manual](#chap-contributing). Bugs should be reported in [NixOS’ GitHub issue tracker](https://github.com/NixOS/nixpkgs/issues).
+If you encounter problems, please report them on the [`Discourse`](https://discourse.nixos.org), the [Matrix room](https://matrix.to/#/%23nix:nixos.org), or on the [`#nixos` channel on Libera.Chat](irc://irc.libera.chat/#nixos). Alternatively, consider [contributing to this manual](#chap-contributing). Bugs should be reported in [NixOS’ GitHub issue tracker](https://github.com/NixOS/nixpkgs/issues).

 ::: {.note}
 Commands prefixed with `#` have to be run as root, either requiring to login as root user or temporarily switching to it using `sudo` for example.
--- a/pkgs/applications/audio/spotify-tui/Cargo.lock
+++ b/pkgs/applications/audio/spotify-tui/Cargo.lock
--- a/pkgs/applications/audio/spotify-tui/Cargo.lock.patch
+++ b/pkgs/applications/audio/spotify-tui/Cargo.lock.patch
@ -1,11 +0,0 @@
--- a/Cargo.lock	2022-04-27 17:25:49.017415644 +0300
-+++ b/Cargo.lock	2022-04-27 17:25:51.307433984 +0300
-@@ -1722,8 +1722,6 @@
- [[package]]
- name = "rspotify"
- version = "0.10.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eefd7bb58b714606b30a490f751d7926942e2874eef5e82934d60d7a4a68dca4"
- dependencies = [
-  "base64 0.10.1",
-  "chrono",
--- a/pkgs/applications/audio/spotify-tui/Cargo.toml.patch
+++ b/pkgs/applications/audio/spotify-tui/Cargo.toml.patch
@ -1,12 +0,0 @@
--- a/Cargo.toml	2022-04-25 18:20:04.329712912 +0200
-+++ b/Cargo.toml	2022-04-25 18:20:44.296429608 +0200
-@@ -29,6 +29,9 @@
- rand = "0.8.3"
- anyhow = "1.0.43"
- 
-+[patch.crates-io]
-+rspotify = { path = "./rspotify-0.10.0" }
-+
- [[bin]]
- bench = false
- path = "src/main.rs"
--- a/pkgs/applications/audio/spotify-tui/default.nix
+++ b/pkgs/applications/audio/spotify-tui/default.nix
@ -1,9 +1,7 @@
 { lib
-, stdenv
-, fetchFromGitHub
-, fetchCrate
-, fetchpatch
 , rustPlatform
+, fetchFromGitHub
+, stdenv
 , installShellFiles
 , pkg-config
 , openssl
@ -24,62 +22,25 @@ rustPlatform.buildRustPackage rec {
    hash = "sha256-L5gg6tjQuYoAC89XfKE38KCFONwSAwfNoFEUPH4jNAI=";
  };

-  cargoPatches = [
-    # Use patched rspotify
-    ./Cargo.lock.patch
-
-    # Needed so that the patch below it applies.
-    (fetchpatch {
-      name = "update-dirs.patch";
-      url = "https://github.com/Rigellute/spotify-tui/commit/3881defc1ed0bcf79df1aef4836b857f64be657c.patch";
-      hash = "sha256-OGqiYLFojMwR3RgKbddXxPDiAdzPySnscVVsVmTT7t4=";
-    })
-
-    # https://github.com/Rigellute/spotify-tui/pull/990
-    (fetchpatch {
-      name = "update-socket2-for-rust-1.64.patch";
-      url = "https://github.com/Rigellute/spotify-tui/commit/14df9419cf72da13f3b55654686a95647ea9dfea.patch";
-      hash = "sha256-craY6UwmHDdxih3nZBdPkNJtQ6wvVgf09Ovqdxi0JZo=";
-    })
-  ];
-
-  patches = [
-    # Use patched rspotify
-    ./Cargo.toml.patch
-  ];
-
-  preBuild = let
-    rspotify = stdenv.mkDerivation rec {
-      pname = "rspotify";
-      version = "0.10.0";
-
-      src = fetchCrate {
-        inherit pname version;
-        sha256 = "sha256-KDtqjVQlMHlhL1xXP3W1YG/YuX9pdCjwW/7g18469Ts=";
-      };
-
-      dontBuild = true;
-      installPhase = ''
-        mkdir $out
-        cp -R . $out
-      '';
-
-      patches = [
-        # add `collection` variant
-        ./0001-Add-Collection-SearchType.patch
-      ];
-    };
-  in ''
-    ln -s ${rspotify} ./rspotify-${rspotify.version}
-  '';
-
-  cargoHash = "sha256-aZJ6Q/rvqrv+wvQw2eKFPnSROhI5vXPvr5pu1hwtZKA=";
+  cargoLock = {
+    lockFile = ./Cargo.lock;
+  };

  nativeBuildInputs = [ installShellFiles ] ++ lib.optionals stdenv.isLinux [ pkg-config python3 ];
  buildInputs = [ ]
    ++ lib.optionals stdenv.isLinux [ openssl libxcb ]
    ++ lib.optionals stdenv.isDarwin [ AppKit Security ];

+  postPatch = ''
+    # update Cargo.lock to fix build
+    ln -sf ${./Cargo.lock} Cargo.lock
+
+    # Add patch adding the collection variant to rspotify used by spotify-tu
+    # This fixes the issue of getting an error when playing liked songs
+    # see https://github.com/NixOS/nixpkgs/pull/170915
+    patch -p1 -d $cargoDepsCopy/rspotify-0.10.0 < ${./0001-Add-Collection-SearchType.patch}
+  '';
+
  postInstall = ''
    for shell in bash fish zsh; do
      $out/bin/spt --completions $shell > spt.$shell
@ -91,7 +52,7 @@ rustPlatform.buildRustPackage rec {
    description = "Spotify for the terminal written in Rust";
    homepage = "https://github.com/Rigellute/spotify-tui";
    changelog = "https://github.com/Rigellute/spotify-tui/blob/v${version}/CHANGELOG.md";
-    license = licenses.mit;
+    license = with licenses; [ mit /* or */ asl20 ];
    maintainers = with maintainers; [ jwijenbergh ];
    mainProgram = "spt";
  };
--- a/pkgs/applications/editors/emacs/elisp-packages/manual-packages.nix
+++ b/pkgs/applications/editors/emacs/elisp-packages/manual-packages.nix
@ -35,8 +35,6 @@ in

  haskell-unicode-input-method = callPackage ./manual-packages/haskell-unicode-input-method { };

-  header-file-mode = callPackage ./manual-packages/header-file-mode { };
-
  helm-words = callPackage ./manual-packages/helm-words { };

  idris2-mode = callPackage ./manual-packages/idris2-mode { };
--- a/pkgs/applications/editors/emacs/elisp-packages/manual-packages/header-file-mode/default.nix
+++ b/pkgs/applications/editors/emacs/elisp-packages/manual-packages/header-file-mode/default.nix
@ -1,34 +0,0 @@
-{ trivialBuild
-, lib
-, fetchFromGitHub
-}:
-
-trivialBuild {
-  pname = "header-file-mode";
-  version = "unstable-2022-05-25";
-
-  src = fetchFromGitHub {
-    owner = "aidalgol";
-    repo = "header-file-mode";
-    rev = "cf6ce33b436ae9631aece1cd30a459cb0f89d1cd";
-    sha256 = "sha256-+TDJubmBc0Hl+2ms58rnOf3hTaQE3ayrIpGWl4j39GQ=";
-  };
-
-  postUnpack = ''
-    sourceRoot="$sourceRoot/lisp"
-  '';
-
-  postBuild = ''
-    emacs -L . --batch -l package --eval '(package-generate-autoloads "header-file" ".")'
-  '';
-
-  meta = {
-    description = ''
-      A major mode that, when associated with the .h file extension, will put
-      those file into the major mode of their corresponding implementation file.
-    '';
-    license = lib.licenses.gpl3Plus;
-    platforms = lib.platforms.all;
-    maintainers = with lib.maintainers; [ aidalgol ];
-  };
-}
--- a/pkgs/applications/emulators/zsnes/2.x.nix
+++ b/pkgs/applications/emulators/zsnes/2.x.nix
@ -12,13 +12,13 @@

 stdenv.mkDerivation (finalAttrs: {
  pname = "zsnes2";
-  version = "2.0.10";
+  version = "2.0.12";

  src = fetchFromGitHub {
    owner = "xyproto";
    repo = "zsnes";
    rev = finalAttrs.version;
-    hash = "sha256-QFPl3I2nFWMmgQRGxrlt4Vh5N4SygvBLjeFiQpgRr8o=";
+    hash = "sha256-Xz+9YgMpnHyno7vP67aut4tIyG/gTn7SnU2FO2QMND0=";
  };

  nativeBuildInputs = [
--- a/pkgs/applications/graphics/hello-wayland/default.nix
+++ b/pkgs/applications/graphics/hello-wayland/default.nix
@ -1,5 +1,5 @@
 { stdenv, lib, fetchFromGitHub
-, imagemagick, pkg-config, wayland, wayland-protocols
+, imagemagick, pkg-config, wayland-scanner, wayland, wayland-protocols
 , unstableGitUpdater
 }:

@ -14,7 +14,8 @@ stdenv.mkDerivation {
    sha256 = "NMQE2zU858b6OZhdS2oZnGvLK+eb7yU0nFaMAcpNw04=";
  };

-  nativeBuildInputs = [ imagemagick pkg-config ];
+  depsBuildBuild = [ pkg-config ];
+  nativeBuildInputs = [ imagemagick pkg-config wayland-scanner ];
  buildInputs = [ wayland wayland-protocols ];

  installPhase = ''
--- a/pkgs/applications/misc/get_iplayer/default.nix
+++ b/pkgs/applications/misc/get_iplayer/default.nix
@ -2,19 +2,19 @@

 perlPackages.buildPerlPackage rec {
  pname = "get_iplayer";
-  version = "3.27";
+  version = "3.31";

  src = fetchFromGitHub {
    owner = "get-iplayer";
    repo = "get_iplayer";
    rev = "v${version}";
-    sha256 = "077y31gg020wjpx5pcivqgkqawcjxh5kjnvq97x2gd7i3wwc30qi";
+    sha256 = "+ChCF27nmPKbqaZVxsZ6TlbzSdEz6RfMs87NE8xaSRw=";
  };

  nativeBuildInputs = [ makeWrapper ];
  buildInputs = [ perl ];
  propagatedBuildInputs = with perlPackages; [
-    HTMLParser HTTPCookies LWP LWPProtocolHttps XMLLibXML XMLSimple
+    HTMLParser HTTPCookies LWP LWPProtocolHttps XMLLibXML XMLSimple Mojolicious
  ];

  preConfigure = "touch Makefile.PL";
--- a/pkgs/applications/networking/browsers/firefox-bin/update.nix
+++ b/pkgs/applications/networking/browsers/firefox-bin/update.nix
@ -27,7 +27,7 @@ in writeScript "update-${pname}" ''
  HOME=`mktemp -d`
  export GNUPGHOME=`mktemp -d`

-  gpg --receive-keys 14F26682D0916CDD81E37B6D61B7B526D98F0353
+  gpg --receive-keys ADD7079479700DCADFDD5337E36D3B13F3D93274

  tmpfile=`mktemp`
  url=${baseUrl}
--- a/pkgs/applications/networking/browsers/firefox/update.nix
+++ b/pkgs/applications/networking/browsers/firefox/update.nix
@ -22,7 +22,7 @@ writeScript "update-${attrPath}" ''
  set -eux
  HOME=`mktemp -d`
  export GNUPGHOME=`mktemp -d`
-  gpg --receive-keys 14F26682D0916CDD81E37B6D61B7B526D98F0353
+  gpg --receive-keys ADD7079479700DCADFDD5337E36D3B13F3D93274

  url=${baseUrl}

--- a/pkgs/applications/networking/cluster/habitat/Cargo.lock
+++ b/pkgs/applications/networking/cluster/habitat/Cargo.lock
--- a/pkgs/applications/networking/cluster/habitat/default.nix
+++ b/pkgs/applications/networking/cluster/habitat/default.nix
@ -1,45 +1,66 @@
-{ lib, fetchFromGitHub, rustPlatform, pkg-config
-, libsodium, libarchive, openssl, zeromq }:
+{ lib
+, rustPlatform
+, fetchFromGitHub
+, pkg-config
+, protobuf
+, libsodium
+, openssl
+, xz
+, zeromq
+, cacert
+}:

 rustPlatform.buildRustPackage rec {
  pname = "habitat";
-  # Newer versions required protobuf, which requires some finesse to get to
-  # compile with the vendored protobuf crate.
-  version = "0.90.6";
+  version = "1.6.652";

  src = fetchFromGitHub {
    owner = "habitat-sh";
    repo = "habitat";
    rev = version;
-    sha256 = "0rwi0lkmhlq4i8fba3s9nd9ajhz2dqxzkgfp5i8y0rvbfmhmfd6b";
+    hash = "sha256-aWQ4A8NxTOauwad1q58Q4IFDUImX/L/4YTCeVLaq8gw=";
  };

  cargoLock = {
    lockFile = ./Cargo.lock;
    outputHashes = {
-      "ipc-channel-0.9.0" = "sha256-ZinW3vTsb6dWDRN1/P4TlOlbjiQSHkE6n6f1yEiKsbA=";
-      "nats-0.3.2" = "sha256-ebZSSczF76FMsYRC9hc4n9yTQVyAD4JgaqpFvGG+01U=";
-      "zmq-0.8.3" = "sha256-ZydP7ThHvLMWc8snm52Wlhji35Gn5Y2TzzN75UH5xLE=";
+      "clap-2.33.1" = "sha256-ixyNr91VNB2ce2cIr0CdPmvKYRlckhKLeaSbqxouIAY=";
+      "configopt-0.1.0" = "sha256-DvpC4WDIzknN5A6+68H7p8bG5lwZ2f+kc9yYhTl16ZM=";
+      "rants-0.6.0" = "sha256-B8uDoiqddCki3j7aC8kilEcmJjvB4ICjZjjTun2UEkY=";
+      "retry-1.0.0" = "sha256-ZaHnzOCelV4V0+MTIbH3DXxdz8QZVgcMq2YeV0S6X6o=";
+      "structopt-0.3.15" = "sha256-0vIX7J7VktKytT3ZnOm45qPRMHDkdJg20eU6pZBIH+Q=";
+      "zmq-0.9.2" = "sha256-bsDCPYLb9hUr6htPQ7rSoasKAqoWBx5FiEY1gOOtdJQ=";
    };
  };

-  nativeBuildInputs = [ pkg-config ];
-  buildInputs = [ libsodium libarchive openssl zeromq ];
+  nativeBuildInputs = [
+    pkg-config
+    protobuf
+  ];

-  cargoBuildFlags = ["--package hab"];
+  buildInputs = [
+    libsodium
+    openssl
+    xz
+    zeromq
+  ];

-  checkPhase = ''
-    runHook preCheck
-    echo "Running cargo test"
-    cargo test --package hab
-    runHook postCheck
-  '';
+  cargoBuildFlags = [ "-p" "hab" ];
+  cargoTestFlags = cargoBuildFlags;
+
+  env = {
+    OPENSSL_NO_VENDOR = true;
+    SODIUM_USE_PKG_CONFIG = true;
+    SSL_CERT_FILE = "${cacert}/etc/ssl/certs/ca-bundle.crt";
+  };

  meta = with lib; {
    description = "An application automation framework";
    homepage = "https://www.habitat.sh";
+    changelog = "https://github.com/habitat-sh/habitat/blob/${src.rev}/CHANGELOG.md";
    license = licenses.asl20;
    maintainers = with maintainers; [ rushmorem ];
+    mainProgram = "hab";
    platforms = [ "x86_64-linux" ];
  };
 }
--- a/pkgs/applications/networking/dyndns/cfdyndns/default.nix
+++ b/pkgs/applications/networking/dyndns/cfdyndns/default.nix
@ -2,15 +2,15 @@

 rustPlatform.buildRustPackage rec {
  pname = "cfdyndns";
-  version = "0.0.3";
+  version = "0.0.4";
  src = fetchFromGitHub {
    owner = "colemickens";
    repo = "cfdyndns";
    rev = "v${version}";
-    sha256 = "1fba0w2979dmc2wyggqx4fj52rrl1s2vpjk6mkj1811a848l1hdi";
+    hash = "sha256-kgpTKhMvxuy+Q9M5U/PKJt7pZ2kSQxkCNjNu8aIyutg=";
  };

-  cargoSha256 = "06qbagq4gvm5vk846lxskli02z9lqxsvis6ndq29bj0b9yyvdkay";
+  cargoHash = "sha256-78TQkRHEbSaCyCM48hH1h8GG0BGJmC2zc7gTZc2t9Nc=";

  nativeBuildInputs = [ pkg-config ];
  buildInputs = [ openssl ];
--- a/pkgs/applications/networking/mailreaders/meli/default.nix
+++ b/pkgs/applications/networking/mailreaders/meli/default.nix
@ -1,59 +0,0 @@
-{ stdenv
-, lib
-, fetchgit
-, rustPlatform
-, pkg-config
-, openssl
-, dbus
-, sqlite
-, file
-, makeWrapper
-, notmuch
-  # Build with support for notmuch backend
-, withNotmuch ? true
-}:
-
-rustPlatform.buildRustPackage rec {
-  pname = "meli";
-  version = "alpha-0.7.2";
-
-  src = fetchgit {
-    url = "https://git.meli.delivery/meli/meli.git";
-    rev = version;
-    sha256 = "sha256-cbigEJhX6vL+gHa40cxplmPsDhsqujkzQxe0Dr6+SK0=";
-  };
-
-  cargoSha256 = "sha256-ZE653OtXyZ9454bKPApmuL2kVko/hGBWEAya1L1KIoc=";
-
-  nativeBuildInputs = [ pkg-config makeWrapper ];
-
-  buildInputs = [ openssl dbus sqlite ] ++ lib.optional withNotmuch notmuch;
-
-  nativeCheckInputs = [ file ];
-
-  buildFeatures = lib.optionals withNotmuch [ "notmuch" ];
-
-  postInstall = ''
-    mkdir -p $out/share/man/man1
-    gzip < docs/meli.1 > $out/share/man/man1/meli.1.gz
-    mkdir -p $out/share/man/man5
-    gzip < docs/meli.conf.5 > $out/share/man/man5/meli.conf.5.gz
-    gzip < docs/meli-themes.5 > $out/share/man/man5/meli-themes.5.gz
-  '' + lib.optionalString withNotmuch ''
-    # Fixes this runtime error when meli is started with notmuch configured:
-    # $ meli
-    # libnotmuch5 was not found in your system. Make sure it is installed and
-    # in the library paths.
-    # notmuch is not a valid mail backend
-    wrapProgram $out/bin/meli --set LD_LIBRARY_PATH ${notmuch}/lib
-  '';
-
-  meta = with lib; {
-    broken = (stdenv.isLinux && stdenv.isAarch64);
-    description = "Experimental terminal mail client aiming for configurability and extensibility with sane defaults";
-    homepage = "https://meli.delivery";
-    license = licenses.gpl3;
-    maintainers = with maintainers; [ _0x4A6F matthiasbeyer ];
-    platforms = platforms.linux;
-  };
-}
--- a/pkgs/applications/networking/mumble/0001-BUILD-crypto-Migrate-to-OpenSSL-3.0-compatible-API.patch
+++ b/pkgs/applications/networking/mumble/0001-BUILD-crypto-Migrate-to-OpenSSL-3.0-compatible-API.patch
@ -0,0 +1,553 @@
+From f4cea62ed95e4967d8591f25e903f5e8fc2e2a30 Mon Sep 17 00:00:00 2001
+From: Terry Geng <terry@terriex.com>
+Date: Mon, 6 Dec 2021 10:45:11 -0500
+Subject: [PATCH] BUILD(crypto): Migrate to OpenSSL 3.0-compatible API
+
+OpenSSL 3.0 deprecated several low-level APIs and the usage of them
+caused errors/warnings that prevent the binary from being built against
+OpenSSL 3.0.
+Some primitive efforts have been made in #5317 but were incomplete.
+This commit follows https://www.openssl.org/docs/man3.0/man7/migration_guide.html,
+https://code.woboq.org/qt6/qtopcua/src/opcua/x509/qopcuakeypair_openssl.cpp.html,
+and clears all errors/warnings related to the usage of deprecated APIs.
+
+Fixes #5277
+Fixes #4266
+---
+ src/SelfSignedCertificate.cpp | 235 +++++++++++-----------------------
+ src/SelfSignedCertificate.h   |   5 +
+ src/crypto/CryptStateOCB2.cpp |  53 +++++---
+ src/crypto/CryptStateOCB2.h   |   9 +-
+ 4 files changed, 121 insertions(+), 181 deletions(-)
+
+diff --git a/src/SelfSignedCertificate.cpp b/src/SelfSignedCertificate.cpp
+index a77e5fad9..ea0dec4cc 100644
+--- a/src/SelfSignedCertificate.cpp
+++ b/src/SelfSignedCertificate.cpp
+@@ -5,8 +5,6 @@
+ 
+ #include "SelfSignedCertificate.h"
+ 
+-#include <openssl/x509v3.h>
+-
+ #define SSL_STRING(x) QString::fromLatin1(x).toUtf8().data()
+ 
+ static int add_ext(X509 *crt, int nid, char *value) {
+@@ -28,108 +26,86 @@ static int add_ext(X509 *crt, int nid, char *value) {
+ 	return 1;
+ }
+ 
+-bool SelfSignedCertificate::generate(CertificateType certificateType, QString clientCertName, QString clientCertEmail,
+-									 QSslCertificate &qscCert, QSslKey &qskKey) {
+-	bool ok                    = true;
+-	X509 *x509                 = nullptr;
+-	EVP_PKEY *pkey             = nullptr;
+-	RSA *rsa                   = nullptr;
+-	BIGNUM *e                  = nullptr;
+-	X509_NAME *name            = nullptr;
+-	ASN1_INTEGER *serialNumber = nullptr;
+-	ASN1_TIME *notBefore       = nullptr;
+-	ASN1_TIME *notAfter        = nullptr;
+-	QString commonName;
+-	bool isServerCert = certificateType == CertificateTypeServerCertificate;
+-
+-	if (CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) == -1) {
+-		ok = false;
+-		goto out;
+EVP_PKEY *SelfSignedCertificate::generate_rsa_keypair() {
+	EVP_PKEY *pkey = EVP_PKEY_new();
+	if (!pkey) {
+		return nullptr;
+ 	}
+ 
+-	x509 = X509_new();
+-	if (!x509) {
+-		ok = false;
+-		goto out;
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+	EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, nullptr);
+	if (!ctx) {
+		return nullptr;
+ 	}
+-
+-	pkey = EVP_PKEY_new();
+-	if (!pkey) {
+-		ok = false;
+-		goto out;
+	if (EVP_PKEY_keygen_init(ctx) <= 0) {
+		return nullptr;
+ 	}
+-
+-	rsa = RSA_new();
+	if (EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048) <= 0) {
+		return nullptr;
+	}
+	if (EVP_PKEY_keygen(ctx, &pkey) <= 0) {
+		return nullptr;
+	}
+	EVP_PKEY_CTX_free(ctx);
+#else
+	RSA *rsa  = RSA_new();
+	BIGNUM *e = BN_new();
+ 	if (!rsa) {
+-		ok = false;
+-		goto out;
+		return nullptr;
+ 	}
+-
+-	e = BN_new();
+ 	if (!e) {
+-		ok = false;
+-		goto out;
+		return nullptr;
+ 	}
+ 	if (BN_set_word(e, 65537) == 0) {
+-		ok = false;
+-		goto out;
+		return nullptr;
+ 	}
+-
+ 	if (RSA_generate_key_ex(rsa, 2048, e, nullptr) == 0) {
+-		ok = false;
+-		goto out;
+		return nullptr;
+ 	}
+-
+ 	if (EVP_PKEY_assign_RSA(pkey, rsa) == 0) {
+-		ok = false;
+-		goto out;
+		return nullptr;
+ 	}
+	BN_free(e);
+	RSA_free(rsa);
+#endif
+	return pkey;
+}
+ 
+-	if (X509_set_version(x509, 2) == 0) {
+-		ok = false;
+-		goto out;
+#define CHECK(statement) \
+	if (!(statement)) {  \
+		ok = false;      \
+		goto out;        \
+ 	}
+ 
+-	serialNumber = X509_get_serialNumber(x509);
+-	if (!serialNumber) {
+-		ok = false;
+-		goto out;
+-	}
+-	if (ASN1_INTEGER_set(serialNumber, 1) == 0) {
+-		ok = false;
+-		goto out;
+-	}
+ 
+-	notBefore = X509_get_notBefore(x509);
+-	if (!notBefore) {
+-		ok = false;
+-		goto out;
+-	}
+-	if (!X509_gmtime_adj(notBefore, 0)) {
+-		ok = false;
+-		goto out;
+-	}
+bool SelfSignedCertificate::generate(CertificateType certificateType, QString clientCertName, QString clientCertEmail,
+									 QSslCertificate &qscCert, QSslKey &qskKey) {
+	bool ok                    = true;
+	EVP_PKEY *pkey             = nullptr;
+	X509 *x509                 = nullptr;
+	X509_NAME *name            = nullptr;
+	ASN1_INTEGER *serialNumber = nullptr;
+	ASN1_TIME *notBefore       = nullptr;
+	ASN1_TIME *notAfter        = nullptr;
+	QString commonName;
+	bool isServerCert = certificateType == CertificateTypeServerCertificate;
+ 
+-	notAfter = X509_get_notAfter(x509);
+-	if (!notAfter) {
+-		ok = false;
+-		goto out;
+-	}
+-	if (!X509_gmtime_adj(notAfter, 60 * 60 * 24 * 365 * 20)) {
+-		ok = false;
+-		goto out;
+-	}
+	// In Qt 5.15, a class was added to wrap up the procedures of generating a self-signed certificate.
+	// See https://doc.qt.io/qt-5/qopcuax509certificatesigningrequest.html.
+	// We should consider migrating to this class after switching to Qt 5.15.
+ 
+-	if (X509_set_pubkey(x509, pkey) == 0) {
+-		ok = false;
+-		goto out;
+-	}
+	CHECK(pkey = generate_rsa_keypair());
+ 
+-	name = X509_get_subject_name(x509);
+-	if (!name) {
+-		ok = false;
+-		goto out;
+-	}
+	CHECK(x509 = X509_new());
+	CHECK(X509_set_version(x509, 2));
+	CHECK(serialNumber = X509_get_serialNumber(x509));
+	CHECK(ASN1_INTEGER_set(serialNumber, 1));
+	CHECK(notBefore = X509_get_notBefore(x509));
+	CHECK(X509_gmtime_adj(notBefore, 0));
+	CHECK(notAfter = X509_get_notAfter(x509));
+	CHECK(X509_gmtime_adj(notAfter, 60 * 60 * 24 * 365 * 20))
+	CHECK(X509_set_pubkey(x509, pkey));
+	CHECK(name = X509_get_subject_name(x509));
+ 
+ 	if (isServerCert) {
+ 		commonName = QLatin1String("Murmur Autogenerated Certificate v2");
+@@ -141,120 +117,63 @@ bool SelfSignedCertificate::generate(CertificateType certificateType, QString cl
+ 		}
+ 	}
+ 
+-	if (X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_UTF8,
+-								   reinterpret_cast< unsigned char * >(commonName.toUtf8().data()), -1, -1, 0)
+-		== 0) {
+-		ok = false;
+-		goto out;
+-	}
+	CHECK(X509_NAME_add_entry_by_txt(name, "CN", MBSTRING_UTF8,
+									 reinterpret_cast< unsigned char * >(commonName.toUtf8().data()), -1, -1, 0));
+ 
+-	if (X509_set_issuer_name(x509, name) == 0) {
+-		ok = false;
+-		goto out;
+-	}
+	CHECK(X509_set_issuer_name(x509, name));
+ 
+-	if (add_ext(x509, NID_basic_constraints, SSL_STRING("critical,CA:FALSE")) == 0) {
+-		ok = false;
+-		goto out;
+-	}
+	CHECK(add_ext(x509, NID_basic_constraints, SSL_STRING("critical,CA:FALSE")));
+ 
+ 	if (isServerCert) {
+-		if (add_ext(x509, NID_ext_key_usage, SSL_STRING("serverAuth,clientAuth")) == 0) {
+-			ok = false;
+-			goto out;
+-		}
+		CHECK(add_ext(x509, NID_ext_key_usage, SSL_STRING("serverAuth,clientAuth")))
+ 	} else {
+-		if (add_ext(x509, NID_ext_key_usage, SSL_STRING("clientAuth")) == 0) {
+-			ok = false;
+-			goto out;
+-		}
+		CHECK(add_ext(x509, NID_ext_key_usage, SSL_STRING("clientAuth")));
+ 	}
+ 
+-	if (add_ext(x509, NID_subject_key_identifier, SSL_STRING("hash")) == 0) {
+-		ok = false;
+-		goto out;
+-	}
+	CHECK(add_ext(x509, NID_subject_key_identifier, SSL_STRING("hash")));
+ 
+ 	if (isServerCert) {
+-		if (add_ext(x509, NID_netscape_comment, SSL_STRING("Generated from murmur")) == 0) {
+-			ok = false;
+-			goto out;
+-		}
+		CHECK(add_ext(x509, NID_netscape_comment, SSL_STRING("Generated from murmur")));
+ 	} else {
+-		if (add_ext(x509, NID_netscape_comment, SSL_STRING("Generated by Mumble")) == 0) {
+-			ok = false;
+-			goto out;
+-		}
+		CHECK(add_ext(x509, NID_netscape_comment, SSL_STRING("Generated by Mumble")));
+ 	}
+ 
+ 	if (!isServerCert) {
+ 		if (!clientCertEmail.trimmed().isEmpty()) {
+-			if (add_ext(x509, NID_subject_alt_name,
+-						QString::fromLatin1("email:%1").arg(clientCertEmail).toUtf8().data())
+-				== 0) {
+-				ok = false;
+-				goto out;
+-			}
+			CHECK(add_ext(x509, NID_subject_alt_name,
+						  QString::fromLatin1("email:%1").arg(clientCertEmail).toUtf8().data()));
+ 		}
+ 	}
+ 
+-	if (X509_sign(x509, pkey, EVP_sha1()) == 0) {
+-		ok = false;
+-		goto out;
+-	}
+	CHECK(X509_sign(x509, pkey, EVP_sha1()));
+ 
+ 	{
+ 		QByteArray crt;
+ 		int len = i2d_X509(x509, nullptr);
+-		if (len <= 0) {
+-			ok = false;
+-			goto out;
+-		}
+		CHECK(len > 0);
+ 		crt.resize(len);
+ 
+ 		unsigned char *dptr = reinterpret_cast< unsigned char * >(crt.data());
+-		if (i2d_X509(x509, &dptr) != len) {
+-			ok = false;
+-			goto out;
+-		}
+		CHECK(i2d_X509(x509, &dptr) == len);
+ 
+ 		qscCert = QSslCertificate(crt, QSsl::Der);
+-		if (qscCert.isNull()) {
+-			ok = false;
+-			goto out;
+-		}
+		CHECK(!qscCert.isNull());
+ 	}
+ 
+ 	{
+ 		QByteArray key;
+ 		int len = i2d_PrivateKey(pkey, nullptr);
+-		if (len <= 0) {
+-			ok = false;
+-			goto out;
+-		}
+		CHECK(len > 0);
+ 		key.resize(len);
+ 
+ 		unsigned char *dptr = reinterpret_cast< unsigned char * >(key.data());
+-		if (i2d_PrivateKey(pkey, &dptr) != len) {
+-			ok = false;
+-			goto out;
+-		}
+		CHECK(i2d_PrivateKey(pkey, &dptr) == len);
+ 
+ 		qskKey = QSslKey(key, QSsl::Rsa, QSsl::Der);
+-		if (qskKey.isNull()) {
+-			ok = false;
+-			goto out;
+-		}
+		CHECK(!qskKey.isNull());
+ 	}
+ 
+ out:
+-	if (e) {
+-		BN_free(e);
+-	}
+-	// We only need to free the pkey pointer,
+-	// not the RSA pointer. We have assigned
+-	// our RSA key to pkey, and it will be freed
+-	// once we free pkey.
+ 	if (pkey) {
+ 		EVP_PKEY_free(pkey);
+ 	}
+diff --git a/src/SelfSignedCertificate.h b/src/SelfSignedCertificate.h
+index b85a8752b..7c5f59e9c 100644
+--- a/src/SelfSignedCertificate.h
+++ b/src/SelfSignedCertificate.h
+@@ -6,6 +6,10 @@
+ #ifndef MUMBLE_SELFSIGNEDCERTIFICATE_H_
+ #define MUMBLE_SELFSIGNEDCERTIFICATE_H_
+ 
+#include <openssl/evp.h>
+#include <openssl/rsa.h>
+#include <openssl/x509v3.h>
+
+ #include <QtCore/QString>
+ #include <QtNetwork/QSslCertificate>
+ #include <QtNetwork/QSslKey>
+@@ -16,6 +20,7 @@ class SelfSignedCertificate {
+ private:
+ 	static bool generate(CertificateType certificateType, QString clientCertName, QString clientCertEmail,
+ 						 QSslCertificate &qscCert, QSslKey &qskKey);
+	static EVP_PKEY *generate_rsa_keypair();
+ 
+ public:
+ 	static bool generateMumbleCertificate(QString name, QString email, QSslCertificate &qscCert, QSslKey &qskKey);
+diff --git a/src/crypto/CryptStateOCB2.cpp b/src/crypto/CryptStateOCB2.cpp
+index 2176d6488..640fdedac 100644
+--- a/src/crypto/CryptStateOCB2.cpp
+++ b/src/crypto/CryptStateOCB2.cpp
+@@ -30,7 +30,7 @@
+ #include <cstring>
+ #include <openssl/rand.h>
+ 
+-CryptStateOCB2::CryptStateOCB2() : CryptState() {
+CryptStateOCB2::CryptStateOCB2() : CryptState(), enc_ctx(EVP_CIPHER_CTX_new()), dec_ctx(EVP_CIPHER_CTX_new()) {
+ 	for (int i = 0; i < 0x100; i++)
+ 		decrypt_history[i] = 0;
+ 	memset(raw_key, 0, AES_KEY_SIZE_BYTES);
+@@ -38,6 +38,11 @@ CryptStateOCB2::CryptStateOCB2() : CryptState() {
+ 	memset(decrypt_iv, 0, AES_BLOCK_SIZE);
+ }
+ 
+CryptStateOCB2::~CryptStateOCB2() noexcept {
+	EVP_CIPHER_CTX_free(enc_ctx);
+	EVP_CIPHER_CTX_free(dec_ctx);
+}
+
+ bool CryptStateOCB2::isValid() const {
+ 	return bInit;
+ }
+@@ -46,8 +51,6 @@ void CryptStateOCB2::genKey() {
+ 	CryptographicRandom::fillBuffer(raw_key, AES_KEY_SIZE_BYTES);
+ 	CryptographicRandom::fillBuffer(encrypt_iv, AES_BLOCK_SIZE);
+ 	CryptographicRandom::fillBuffer(decrypt_iv, AES_BLOCK_SIZE);
+-	AES_set_encrypt_key(raw_key, AES_KEY_SIZE_BITS, &encrypt_key);
+-	AES_set_decrypt_key(raw_key, AES_KEY_SIZE_BITS, &decrypt_key);
+ 	bInit = true;
+ }
+ 
+@@ -56,8 +59,6 @@ bool CryptStateOCB2::setKey(const std::string &rkey, const std::string &eiv, con
+ 		memcpy(raw_key, rkey.data(), AES_KEY_SIZE_BYTES);
+ 		memcpy(encrypt_iv, eiv.data(), AES_BLOCK_SIZE);
+ 		memcpy(decrypt_iv, div.data(), AES_BLOCK_SIZE);
+-		AES_set_encrypt_key(raw_key, AES_KEY_SIZE_BITS, &encrypt_key);
+-		AES_set_decrypt_key(raw_key, AES_KEY_SIZE_BITS, &decrypt_key);
+ 		bInit = true;
+ 		return true;
+ 	}
+@@ -256,10 +257,24 @@ static void inline ZERO(keyblock &block) {
+ 		block[i] = 0;
+ }
+ 
+-#define AESencrypt(src, dst, key) \
+-	AES_encrypt(reinterpret_cast< const unsigned char * >(src), reinterpret_cast< unsigned char * >(dst), key);
+-#define AESdecrypt(src, dst, key) \
+-	AES_decrypt(reinterpret_cast< const unsigned char * >(src), reinterpret_cast< unsigned char * >(dst), key);
+#define AESencrypt(src, dst, key)                                                                 \
+	{                                                                                             \
+		int outlen = 0;                                                                           \
+		EVP_EncryptInit_ex(enc_ctx, EVP_aes_128_ecb(), NULL, key, NULL);                          \
+		EVP_CIPHER_CTX_set_padding(enc_ctx, 0);                                                   \
+		EVP_EncryptUpdate(enc_ctx, reinterpret_cast< unsigned char * >(dst), &outlen,             \
+						  reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE);        \
+		EVP_EncryptFinal_ex(enc_ctx, reinterpret_cast< unsigned char * >(dst + outlen), &outlen); \
+	}
+#define AESdecrypt(src, dst, key)                                                                 \
+	{                                                                                             \
+		int outlen = 0;                                                                           \
+		EVP_DecryptInit_ex(dec_ctx, EVP_aes_128_ecb(), NULL, key, NULL);                          \
+		EVP_CIPHER_CTX_set_padding(dec_ctx, 0);                                                   \
+		EVP_DecryptUpdate(dec_ctx, reinterpret_cast< unsigned char * >(dst), &outlen,             \
+						  reinterpret_cast< const unsigned char * >(src), AES_BLOCK_SIZE);        \
+		EVP_DecryptFinal_ex(dec_ctx, reinterpret_cast< unsigned char * >(dst + outlen), &outlen); \
+	}
+ 
+ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encrypted, unsigned int len,
+ 								 const unsigned char *nonce, unsigned char *tag, bool modifyPlainOnXEXStarAttack) {
+@@ -267,7 +282,7 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+ 	bool success = true;
+ 
+ 	// Initialize
+-	AESencrypt(nonce, delta, &encrypt_key);
+	AESencrypt(nonce, delta, raw_key);
+ 	ZERO(checksum);
+ 
+ 	while (len > AES_BLOCK_SIZE) {
+@@ -299,7 +314,7 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+ 		if (flipABit) {
+ 			*reinterpret_cast< unsigned char * >(tmp) ^= 1;
+ 		}
+-		AESencrypt(tmp, tmp, &encrypt_key);
+		AESencrypt(tmp, tmp, raw_key);
+ 		XOR(reinterpret_cast< subblock * >(encrypted), delta, tmp);
+ 		XOR(checksum, checksum, reinterpret_cast< const subblock * >(plain));
+ 		if (flipABit) {
+@@ -315,7 +330,7 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+ 	ZERO(tmp);
+ 	tmp[BLOCKSIZE - 1] = SWAPPED(len * 8);
+ 	XOR(tmp, tmp, delta);
+-	AESencrypt(tmp, pad, &encrypt_key);
+	AESencrypt(tmp, pad, raw_key);
+ 	memcpy(tmp, plain, len);
+ 	memcpy(reinterpret_cast< unsigned char * >(tmp) + len, reinterpret_cast< const unsigned char * >(pad) + len,
+ 		   AES_BLOCK_SIZE - len);
+@@ -325,7 +340,7 @@ bool CryptStateOCB2::ocb_encrypt(const unsigned char *plain, unsigned char *encr
+ 
+ 	S3(delta);
+ 	XOR(tmp, delta, checksum);
+-	AESencrypt(tmp, tag, &encrypt_key);
+	AESencrypt(tmp, tag, raw_key);
+ 
+ 	return success;
+ }
+@@ -336,13 +351,13 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+ 	bool success = true;
+ 
+ 	// Initialize
+-	AESencrypt(nonce, delta, &encrypt_key);
+	AESencrypt(nonce, delta, raw_key);
+ 	ZERO(checksum);
+ 
+ 	while (len > AES_BLOCK_SIZE) {
+ 		S2(delta);
+ 		XOR(tmp, delta, reinterpret_cast< const subblock * >(encrypted));
+-		AESdecrypt(tmp, tmp, &decrypt_key);
+		AESdecrypt(tmp, tmp, raw_key);
+ 		XOR(reinterpret_cast< subblock * >(plain), delta, tmp);
+ 		XOR(checksum, checksum, reinterpret_cast< const subblock * >(plain));
+ 		len -= AES_BLOCK_SIZE;
+@@ -354,7 +369,7 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+ 	ZERO(tmp);
+ 	tmp[BLOCKSIZE - 1] = SWAPPED(len * 8);
+ 	XOR(tmp, tmp, delta);
+-	AESencrypt(tmp, pad, &encrypt_key);
+	AESencrypt(tmp, pad, raw_key);
+ 	memset(tmp, 0, AES_BLOCK_SIZE);
+ 	memcpy(tmp, encrypted, len);
+ 	XOR(tmp, tmp, pad);
+@@ -372,7 +387,7 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+ 
+ 	S3(delta);
+ 	XOR(tmp, delta, checksum);
+-	AESencrypt(tmp, tag, &encrypt_key);
+	AESencrypt(tmp, tag, raw_key);
+ 
+ 	return success;
+ }
+@@ -381,5 +396,5 @@ bool CryptStateOCB2::ocb_decrypt(const unsigned char *encrypted, unsigned char *
+ #undef SHIFTBITS
+ #undef SWAPPED
+ #undef HIGHBIT
+-#undef AES_encrypt
+-#undef AES_decrypt
+#undef AESencrypt
+#undef AESdecrypt
+diff --git a/src/crypto/CryptStateOCB2.h b/src/crypto/CryptStateOCB2.h
+index 53d4b4b6a..cc3f1c0bc 100644
+--- a/src/crypto/CryptStateOCB2.h
+++ b/src/crypto/CryptStateOCB2.h
+@@ -8,8 +8,9 @@
+ 
+ #include "CryptState.h"
+ 
+-#include <openssl/aes.h>
+#include <openssl/evp.h>
+ 
+#define AES_BLOCK_SIZE 16
+ #define AES_KEY_SIZE_BITS 128
+ #define AES_KEY_SIZE_BYTES (AES_KEY_SIZE_BITS / 8)
+ 
+@@ -17,7 +18,7 @@
+ class CryptStateOCB2 : public CryptState {
+ public:
+ 	CryptStateOCB2();
+-	~CryptStateOCB2(){};
+	~CryptStateOCB2() noexcept override;
+ 
+ 	virtual bool isValid() const Q_DECL_OVERRIDE;
+ 	virtual void genKey() Q_DECL_OVERRIDE;
+@@ -43,8 +44,8 @@ private:
+ 	unsigned char decrypt_iv[AES_BLOCK_SIZE];
+ 	unsigned char decrypt_history[0x100];
+ 
+-	AES_KEY encrypt_key;
+-	AES_KEY decrypt_key;
+	EVP_CIPHER_CTX *enc_ctx;
+	EVP_CIPHER_CTX *dec_ctx;
+ };
+ 
+ 
+-- 
+2.38.4
+
--- a/pkgs/applications/networking/mumble/default.nix
+++ b/pkgs/applications/networking/mumble/default.nix
@ -20,6 +20,10 @@ let
    pname = overrides.type;
    version = source.version;

+    patches = [
+      ./0001-BUILD-crypto-Migrate-to-OpenSSL-3.0-compatible-API.patch
+    ];
+
    nativeBuildInputs = [ cmake pkg-config python3 qt5.wrapQtAppsHook qt5.qttools ]
      ++ (overrides.nativeBuildInputs or [ ]);

--- a/pkgs/applications/networking/p2p/synapse-bt/default.nix
+++ b/pkgs/applications/networking/p2p/synapse-bt/default.nix
@ -2,16 +2,16 @@

 rustPlatform.buildRustPackage rec {
  pname = "synapse-bt";
-  version = "1.0";
+  version = "unstable-2023-02-16";

  src = fetchFromGitHub {
    owner = "Luminarys";
    repo = "synapse";
-    rev = version;
-    sha256 = "01npv3zwia5d534zdwisd9xfng507adv4qkljf8z0zm0khqqn71a";
+    rev = "2165fe22589d7255e497d196c1d42b4c2ace1408";
+    hash = "sha256-2irXNgEK9BjRuNu3DUMElmf2vIpGzwoFneAEe97GRh4=";
  };

-  cargoSha256 = "0sy0vlpkj967g9lyyh7ska8cpw5xh0g04kj071a32idrqc3dcjb1";
+  cargoHash = "sha256-TwXouPYM7Hg1HEr2KnEPScYFkC52PcQ5kb5aGP1gj9U=";

  nativeBuildInputs = [ pkg-config ];
  buildInputs = [ openssl ]
--- a/pkgs/applications/version-management/p4/default.nix
+++ b/pkgs/applications/version-management/p4/default.nix
@ -40,12 +40,12 @@ let
 in
 stdenv.mkDerivation rec {
  pname = "p4";
-  version = "2022.1.2305383";
+  version = "2022.2.2407422";

  src = fetchurl {
    # Upstream replaces minor versions, so use archived URL.
-    url = "https://web.archive.org/web/20220901184735id_/https://ftp.perforce.com/perforce/r22.1/bin.tools/p4source.tgz";
-    sha256 = "27ab3ddd7b178b05cf0b710e941650dac0688d294110ebafda9027732c0944c6";
+    url = "https://web.archive.org/web/20230512173806id_/https://ftp.perforce.com/perforce/r22.2/bin.tools/p4source.tgz";
+    sha256 = "4355375def3f3d2256d4a92ac1b9960173e7aa97404346c0c74caf23a0905e1b";
  };

  nativeBuildInputs = [ jam ];
--- a/pkgs/build-support/emacs/trivial.nix
+++ b/pkgs/build-support/emacs/trivial.nix
@ -21,6 +21,7 @@ callPackage ./generic.nix envargs ({
    LISPDIR=$out/share/emacs/site-lisp
    install -d $LISPDIR
    install *.el *.elc $LISPDIR
+    emacs --batch -l package --eval "(package-generate-autoloads \"${args.pname}\" \"$LISPDIR\")"

    runHook postInstall
  '';
--- a/pkgs/development/compilers/hvm/default.nix
+++ b/pkgs/development/compilers/hvm/default.nix
@ -1,25 +1,36 @@
 { lib
 , rustPlatform
 , fetchCrate
+, fetchpatch
 , stdenv
 , darwin
 }:

 rustPlatform.buildRustPackage rec {
  pname = "hvm";
-  version = "1.0.0";
+  version = "1.0.8";

  src = fetchCrate {
    inherit pname version;
-    sha256 = "sha256-nPkUGUcekZ2fvQgiVTNvt8vfQsNMyqsrkT2zqEfu/bE=";
+    hash = "sha256-dPO3GWDojuz7nilOr09xC6tPhBZ95wjAk0ErItzAbxw=";
  };

-  cargoSha256 = "sha256-EaZTpKFZPfDlP/2XylhJHznvlah7VNw4snrKDmT7ecw=";
+  cargoHash = "sha256-XsKVXlceg3HHGalHcXfmJPKhAQm4DqdsJ2c+NF+AOI4=";

-  buildInputs = lib.optionals (stdenv.isDarwin && stdenv.isAarch64) [
-    darwin.apple_sdk.frameworks.IOKit
-  ] ++ lib.optionals (stdenv.isDarwin && stdenv.isx86_64) [
-    darwin.apple_sdk_11_0.frameworks.Foundation
+  patches = [
+    # see https://github.com/higherorderco/hvm/pull/220
+    # this commit removes the feature to fix build with rust nightly
+    # but this feature is required with rust stable
+    (fetchpatch {
+      name = "revert-fix-remove-feature-automic-mut-ptr.patch";
+      url = "https://github.com/higherorderco/hvm/commit/c0e35c79b4e31c266ad33beadc397c428e4090ee.patch";
+      hash = "sha256-9xxu7NOtz3Tuzf5F0Mi4rw45Xnyh7h9hbTrzq4yfslg=";
+      revert = true;
+    })
+  ];
+
+  buildInputs = lib.optionals stdenv.isDarwin [
+    darwin.apple_sdk_11_0.frameworks.IOKit
  ];

  # tests are broken
@ -30,7 +41,7 @@ rustPlatform.buildRustPackage rec {

  meta = with lib; {
    description = "A pure functional compile target that is lazy, non-garbage-collected, and parallel";
-    homepage = "https://github.com/kindelia/hvm";
+    homepage = "https://github.com/higherorderco/hvm";
    license = licenses.mit;
    maintainers = with maintainers; [ figsoda ];
  };
--- a/pkgs/development/compilers/kind2/default.nix
+++ b/pkgs/development/compilers/kind2/default.nix
@ -3,31 +3,57 @@
 , fetchCrate
 , stdenv
 , darwin
+, fetchpatch
 }:

 rustPlatform.buildRustPackage rec {
  pname = "kind2";
-  version = "0.3.7";
+  version = "0.3.10";

  src = fetchCrate {
    inherit pname version;
-    sha256 = "sha256-ZG0BbGcjQBqeNTqfy7WweVHK7sUuKeQSsFi9KIsyIE4=";
+    hash = "sha256-X2sjfYrSSym289jDJV3hNmcwyQCMnrabmGCUKD5wfdY=";
  };

-  cargoSha256 = "sha256-j64L3HNk2r+MH9eDHWT/ARJ9DT4CchcuVxtIYYVsDxo=";
+  cargoHash = "sha256-KzoEh/kMKsHx9K3t1/uQZ7fdsZEM+v8UOft8JjEB1Zw=";

  buildInputs = lib.optionals stdenv.isDarwin [
    darwin.apple_sdk_11_0.frameworks.Security
-  ] ++ lib.optionals (stdenv.isDarwin && stdenv.isx86_64) [
-    darwin.apple_sdk_11_0.frameworks.CoreFoundation
  ];

+  postPatch =
+    let
+      hvmPatch = fetchpatch {
+        name = "revert-fix-remove-feature-automic-mut-ptr.patch";
+        url = "https://github.com/higherorderco/hvm/commit/c0e35c79b4e31c266ad33beadc397c428e4090ee.patch";
+        hash = "sha256-9xxu7NOtz3Tuzf5F0Mi4rw45Xnyh7h9hbTrzq4yfslg=";
+        revert = true;
+      };
+    in
+    ''
+      pushd $cargoDepsCopy/hvm
+
+      oldLibHash=$(sha256sum src/lib.rs | cut -d " " -f 1)
+      oldMainHash=$(sha256sum src/main.rs | cut -d " " -f 1)
+
+      patch -p1 < ${hvmPatch}
+
+      newLibHash=$(sha256sum src/lib.rs | cut -d " " -f 1)
+      newMainHash=$(sha256sum src/main.rs | cut -d " " -f 1)
+
+      substituteInPlace .cargo-checksum.json \
+        --replace "$oldLibHash" "$newLibHash" \
+        --replace "$oldMainHash" "$newMainHash"
+
+      popd
+    '';
+
  # requires nightly features
  RUSTC_BOOTSTRAP = true;

  meta = with lib; {
    description = "A functional programming language and proof assistant";
-    homepage = "https://github.com/kindelia/kind";
+    homepage = "https://github.com/higherorderco/kind";
    license = licenses.mit;
    maintainers = with maintainers; [ figsoda ];
  };
--- a/pkgs/development/compilers/rust/rustfmt.nix
+++ b/pkgs/development/compilers/rust/rustfmt.nix
@ -15,6 +15,17 @@ rustPlatform.buildRustPackage rec {
    rustc.llvm
  ] ++ lib.optional stdenv.isDarwin Security;

+  # rustfmt uses the rustc_driver and std private libraries, and Rust's build process forces them to have
+  # an install name of `@rpath/...` [0] [1] instead of the standard on macOS, which is an absolute path
+  # to itself.
+  #
+  # [0]: https://github.com/rust-lang/rust/blob/f77f4d55bdf9d8955d3292f709bd9830c2fdeca5/src/bootstrap/builder.rs#L1543
+  # [1]: https://github.com/rust-lang/rust/blob/f77f4d55bdf9d8955d3292f709bd9830c2fdeca5/compiler/rustc_codegen_ssa/src/back/linker.rs#L323-L331
+  preFixup = lib.optionalString stdenv.isDarwin ''
+    install_name_tool -add_rpath "${rustc}/lib" "$out/bin/rustfmt"
+    install_name_tool -add_rpath "${rustc}/lib" "$out/bin/git-rustfmt"
+  '';
+
  # As of 1.0.0 and rustc 1.30 rustfmt requires a nightly compiler
  RUSTC_BOOTSTRAP = 1;

--- a/pkgs/development/node-packages/node-packages.nix
+++ b/pkgs/development/node-packages/node-packages.nix
--- a/pkgs/development/python-modules/finvizfinance/default.nix
+++ b/pkgs/development/python-modules/finvizfinance/default.nix
@ -0,0 +1,71 @@
+{ lib
+, buildPythonPackage
+, pythonOlder
+, fetchFromGitHub
+, beautifulsoup4
+, datetime
+, lxml
+, pandas
+, pytest-mock
+, pytestCheckHook
+, requests
+}:
+
+buildPythonPackage rec {
+  pname = "finvizfinance";
+  version = "0.14.5";
+  format = "setuptools";
+
+  disabled = pythonOlder "3.5";
+
+  src = fetchFromGitHub {
+    owner = "lit26";
+    repo = "finvizfinance";
+    rev = "refs/tags/v${version}";
+    hash = "sha256-yhOa/CS+9UdI+TVMObBsOqIp9XggMJvNjteSMa5DJcM=";
+  };
+
+  postPatch = ''
+    substituteInPlace setup.py \
+      --replace "bs4" "beautifulsoup4"
+  '';
+
+  nativeCheckInputs = [
+    pytest-mock
+    pytestCheckHook
+  ];
+
+  propagatedBuildInputs = [
+    beautifulsoup4
+    datetime
+    lxml
+    pandas
+    requests
+  ];
+
+  pythonImportsCheck = [
+    "finvizfinance"
+  ];
+
+  disabledTests = [
+    # Tests require network access
+    "test_finvizfinance_calendar"
+    "test_finvizfinance_crypto"
+    "test_forex_performance_percentage"
+    "test_group_overview"
+    "test_finvizfinance_insider"
+    "test_finvizfinance_news"
+    "test_finvizfinance_finvizfinance"
+    "test_statements"
+    "test_screener_overview"
+  ];
+
+  meta = with lib; {
+    description = "Finviz Finance information downloader";
+    homepage = "https://github.com/lit26/finvizfinance";
+    changelog = "https://github.com/lit26/finvizfinance/releases/tag/v${version}";
+    license = licenses.mit;
+    maintainers = with maintainers; [ icyrockcom ];
+  };
+}
+
--- a/pkgs/development/python-modules/python-roborock/default.nix
+++ b/pkgs/development/python-modules/python-roborock/default.nix
@ -16,7 +16,7 @@

 buildPythonPackage rec {
  pname = "python-roborock";
-  version = "0.15.0";
+  version = "0.17.3";
  format = "pyproject";

  disabled = pythonOlder "3.7";
@ -25,7 +25,7 @@ buildPythonPackage rec {
    owner = "humbertogontijo";
    repo = "python-roborock";
    rev = "refs/tags/v${version}";
-    hash = "sha256-Cyp/uCSQTDB21v+nRu73gfJgTGm3qvdkyXXMPXMsMVA=";
+    hash = "sha256-lDSIed+/n/3D2kI44FcTbcTl9xAl+EbCPGrhfN5q4JE=";
  };

  nativeBuildInputs = [
--- a/pkgs/development/tools/continuous-integration/gitea-actions-runner/default.nix
+++ b/pkgs/development/tools/continuous-integration/gitea-actions-runner/default.nix
@ -5,17 +5,17 @@

 buildGoModule rec {
  pname = "gitea-actions-runner";
-  version = "0.1.2";
+  version = "0.1.8";

  src = fetchFromGitea {
    domain = "gitea.com";
    owner = "gitea";
    repo = "act_runner";
    rev = "v${version}";
-    hash = "sha256-0wLBFZdFaGTselRZIJ809wHQFhAjt4sdmZp12LQOB9I=";
+    hash = "sha256-J67g0jy/5Dfmvu3bSPqH+r9+MuLyl2lZyEZrOovfNJI=";
  };

-  vendorHash = "sha256-GBqt5qSM2mDAS7klWdJiC6t5HaVKaP0PjecYnHZBzrc=";
+  vendorHash = "sha256-Ik4n1oB6MWE2djcM5CdDhJKx4IJsZu7eJr5St+T67B4=";

  ldflags = [
    "-s"
--- a/pkgs/development/tools/lurk/default.nix
+++ b/pkgs/development/tools/lurk/default.nix
@ -1,21 +1,43 @@
-{ lib, rustPlatform, fetchFromGitHub }:
+{ lib
+, rustPlatform
+, fetchFromGitHub
+, fetchpatch
+}:

 rustPlatform.buildRustPackage rec {
  pname = "lurk";
-  version = "0.2.9";
+  version = "0.3.3";

  src = fetchFromGitHub {
    owner = "jakwai01";
    repo = pname;
    rev = "v${version}";
-    sha256 = "sha256-Vvz1CWNpMbVpICL42VQHLM7AWSONGSXP5kfZ8rZlw8M=";
+    hash = "sha256-D/wJAmlc6OUuD8kSfGevG+UoPKy58X0lObL7mjiBG+c=";
  };

-  cargoSha256 = "sha256-AoFkgm13vj/18GOuSIgzs+xk82lSQ6zGpq4QVWcClv8=";
+  cargoHash = "sha256-PFR6jMAvEybT/XOfLrv21F8ZxSX0BZDiEFtgQL5fL18=";
+
+  cargoPatches = [
+    # update the version to 0.3.3
+    (fetchpatch {
+      name = "chore-prepare-release.patch";
+      url = "https://github.com/JakWai01/lurk/commit/cb4355674159255ac4186283a93de294de057d1b.patch";
+      hash = "sha256-N+/8AGEToEqhkQ6BYGQP279foZbt6DzUBmAUaHm9hW4=";
+    })
+  ];
+
+  patches = [
+    (fetchpatch {
+      name = "fix-tests.patch";
+      url = "https://github.com/JakWai01/lurk/commit/87eb4aa8bf9a551b24cec2146699cb2c22d62019.patch";
+      hash = "sha256-m44m1338VODX+HGEVMLozKfVvXsQxvLIpo28VBK//vM=";
+    })
+  ];

  meta = with lib; {
    description = "A simple and pretty alternative to strace";
    homepage = "https://github.com/jakwai01/lurk";
+    changelog = "https://github.com/jakwai01/lurk/releases/tag/${src.rev}";
    license = licenses.agpl3Only;
    maintainers = with maintainers; [ figsoda ];
    platforms = [ "i686-linux" "x86_64-linux" ];
--- a/pkgs/development/tools/misc/hydra-cli/Cargo.lock
+++ b/pkgs/development/tools/misc/hydra-cli/Cargo.lock
--- a/pkgs/development/tools/misc/hydra-cli/default.nix
+++ b/pkgs/development/tools/misc/hydra-cli/default.nix
@ -1,4 +1,11 @@
-{ stdenv, lib, pkg-config, openssl, fetchFromGitHub, rustPlatform, darwin }:
+{ lib
+, rustPlatform
+, fetchFromGitHub
+, pkg-config
+, openssl
+, stdenv
+, darwin
+}:

 rustPlatform.buildRustPackage rec {
  pname = "hydra-cli";
@ -10,20 +17,32 @@ rustPlatform.buildRustPackage rec {
    rev = "v${version}";
    sha256 = "1fd3swdjx249971ak1bgndm5kh6rlzbfywmydn122lhfi6ry6a03";
  };
-  cargoSha256 = "16446ppkvc6l8087x5m5kyy5gk4f7inyj7rzrfysriw4fvqxjsf3";

-  buildInputs = [ openssl ]
-                ++ lib.optionals stdenv.isDarwin [ darwin.apple_sdk.frameworks.Security ];
+  cargoLock = {
+    lockFile = ./Cargo.lock;
+  };

  nativeBuildInputs = [
    pkg-config
  ];

+  buildInputs = [
+    openssl
+  ] ++ lib.optionals stdenv.isDarwin [
+    darwin.apple_sdk.frameworks.Security
+  ];
+
+  # build fails due to outdated socket2 dependency
+  postPatch = ''
+    ln -sf ${./Cargo.lock} Cargo.lock
+  '';
+
+  __darwinAllowLocalNetworking = true;
+
  meta = with lib; {
    description = "A client for the Hydra CI";
    homepage = "https://github.com/nlewo/hydra-cli";
    license = with licenses; [ mit ];
    maintainers = with maintainers; [ gilligan lewo ];
  };
-
 }
--- a/pkgs/development/tools/ruff/Cargo.lock
+++ b/pkgs/development/tools/ruff/Cargo.lock
@ -138,21 +138,6 @@ dependencies = [
 "os_str_bytes",
 ]

-[[package]]
-name = "ascii"
-version = "1.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d92bec98840b8f03a5ff5413de5293bfcd8bf96467cf5452609f939ec6f5de16"
-
-[[package]]
-name = "ascii-canvas"
-version = "3.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8824ecca2e851cec16968d54a01dd372ef8f95b244fb84b84e70128be347c3c6"
-dependencies = [
- "term",
-]
-
 [[package]]
 name = "assert_cmd"
 version = "2.0.11"
@ -160,7 +145,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "86d6b683edf8d1119fe420a94f8a7e389239666aa72e65495d91c00462510151"
 dependencies = [
 "anstyle",
- "bstr 1.4.0",
+ "bstr",
 "doc-comment",
 "predicates",
 "predicates-core",
@ -200,21 +185,6 @@ dependencies = [
 "serde",
 ]

-[[package]]
-name = "bit-set"
-version = "0.5.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0700ddab506f33b20a03b13996eccd309a48e5ff77d0d95926aa0210fb4e95f1"
-dependencies = [
- "bit-vec",
-]
-
-[[package]]
-name = "bit-vec"
-version = "0.6.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "349f9b6a179ed607305526ca489b34ad0a41aed5f7980fa90eb03160b69598fb"
-
 [[package]]
 name = "bitflags"
 version = "1.3.2"
@ -223,20 +193,9 @@ checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"

 [[package]]
 name = "bitflags"
-version = "2.1.0"
+version = "2.2.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c70beb79cbb5ce9c4f8e20849978f34225931f665bb49efa6982875a4d5facb3"
-
-[[package]]
-name = "bstr"
-version = "0.2.17"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ba3569f383e8f1598449f1a423e72e99569137b47740b1da11ef19af3d5c3223"
-dependencies = [
- "lazy_static",
- "memchr",
- "regex-automata",
-]
+checksum = "24a6904aef64d73cf10ab17ebace7befb918b82164785cb89907993be7f83813"

 [[package]]
 name = "bstr"
@ -700,16 +659,6 @@ dependencies = [
 "dirs-sys 0.4.0",
 ]

-[[package]]
-name = "dirs-next"
-version = "2.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b98cf8ebf19c3d1b223e151f99a4f9f0690dca41414773390fc824184ac833e1"
-dependencies = [
- "cfg-if",
- "dirs-sys-next",
-]
-
 [[package]]
 name = "dirs-sys"
 version = "0.3.7"
@ -732,17 +681,6 @@ dependencies = [
 "windows-sys 0.45.0",
 ]

-[[package]]
-name = "dirs-sys-next"
-version = "0.1.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4ebda144c4fe02d1f7ea1a7d9641b6fc6b580adcfa024ae48797ecdeb6825b4d"
-dependencies = [
- "libc",
- "redox_users",
- "winapi",
-]
-
 [[package]]
 name = "doc-comment"
 version = "0.3.3"
@ -767,15 +705,6 @@ version = "1.8.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7fcaabb2fef8c910e7f4c7ce9f67a1283a1715879a7c230ca9d6d1ae31f16d91"

-[[package]]
-name = "ena"
-version = "0.14.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c533630cf40e9caa44bd91aadc88a75d75a4c3a12b4cfde353cbed41daa1e1f1"
-dependencies = [
- "log",
-]
-
 [[package]]
 name = "encode_unicode"
 version = "0.3.6"
@ -833,15 +762,9 @@ dependencies = [
 "windows-sys 0.48.0",
 ]

-[[package]]
-name = "fixedbitset"
-version = "0.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0ce7134b9999ecaf8bcd65542e436736ef32ddca1b3e06094cb6ec5755203b80"
-
 [[package]]
 name = "flake8-to-ruff"
-version = "0.0.265"
+version = "0.0.267"
 dependencies = [
 "anyhow",
 "clap 4.2.4",
@ -918,7 +841,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "029d74589adefde59de1a0c4f4732695c32805624aec7b68d91503d4dba79afc"
 dependencies = [
 "aho-corasick 0.7.20",
- "bstr 1.4.0",
+ "bstr",
 "fnv",
 "log",
 "regex",
@ -1168,37 +1091,11 @@ dependencies = [
 "libc",
 ]

-[[package]]
-name = "lalrpop"
-version = "0.19.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f34313ec00c2eb5c3c87ca6732ea02dcf3af99c3ff7a8fb622ffb99c9d860a87"
-dependencies = [
- "ascii-canvas",
- "bit-set",
- "diff",
- "ena",
- "is-terminal",
- "itertools",
- "lalrpop-util",
- "petgraph",
- "pico-args",
- "regex",
- "regex-syntax 0.6.29",
- "string_cache",
- "term",
- "tiny-keccak",
- "unicode-xid",
-]
-
 [[package]]
 name = "lalrpop-util"
-version = "0.19.9"
+version = "0.20.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e5c1f7869c94d214466c5fd432dfed12c379fd87786768d36455892d46b18edd"
-dependencies = [
- "regex",
-]
+checksum = "3f35c735096c0293d313e8f2a641627472b83d01b937177fe76e5e2708d31e0d"

 [[package]]
 name = "lazy_static"
@ -1297,16 +1194,6 @@ version = "0.3.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9b085a4f2cde5781fc4b1717f2e86c62f5cda49de7ba99a7c2eae02b61c9064c"

-[[package]]
-name = "lock_api"
-version = "0.4.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "435011366fe56583b16cf956f9df0095b405b82d76425bc8981c0e22e60ec4df"
-dependencies = [
- "autocfg",
- "scopeguard",
-]
-
 [[package]]
 name = "log"
 version = "0.4.17"
@ -1316,15 +1203,6 @@ dependencies = [
 "cfg-if",
 ]

-[[package]]
-name = "lz4_flex"
-version = "0.9.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1a8cbbb2831780bc3b9c15a41f5b49222ef756b6730a95f3decfdd15903eb5a3"
-dependencies = [
- "twox-hash",
-]
-
 [[package]]
 name = "matches"
 version = "0.1.10"
@ -1388,12 +1266,6 @@ version = "1.0.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "308d96db8debc727c3fd9744aac51751243420e46edf401010908da7f8d5e57c"

-[[package]]
-name = "new_debug_unreachable"
-version = "1.0.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e4a24736216ec316047a1fc4252e27dabb04218aa4a3f37c6e7ddbf1f9782b54"
-
 [[package]]
 name = "nextest-workspace-hack"
 version = "0.1.0"
@ -1457,15 +1329,6 @@ dependencies = [
 "num-traits",
 ]

-[[package]]
-name = "num-complex"
-version = "0.4.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "02e0d21255c828d6f128a1e41534206671e8c3ea0c62f32291e808dc82cff17d"
-dependencies = [
- "num-traits",
-]
-
 [[package]]
 name = "num-integer"
 version = "0.1.45"
@ -1525,29 +1388,6 @@ dependencies = [
 "winapi",
 ]

-[[package]]
-name = "parking_lot"
-version = "0.12.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3742b2c103b9f06bc9fff0a37ff4912935851bee6d36f3c02bcc755bcfec228f"
-dependencies = [
- "lock_api",
- "parking_lot_core",
-]
-
-[[package]]
-name = "parking_lot_core"
-version = "0.9.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9069cbb9f99e3a5083476ccb29ceb1de18b9118cafa53e90c9551235de2b9521"
-dependencies = [
- "cfg-if",
- "libc",
- "redox_syscall 0.2.16",
- "smallvec",
- "windows-sys 0.45.0",
-]
-
 [[package]]
 name = "paste"
 version = "1.0.12"
@ -1624,23 +1464,13 @@ version = "2.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "478c572c3d73181ff3c2539045f6eb99e5491218eae919370993b890cdbdd98e"

-[[package]]
-name = "petgraph"
-version = "0.6.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4dd7d28ee937e54fe3080c91faa1c3a46c06de6252988a7f4592ba2310ef22a4"
-dependencies = [
- "fixedbitset",
- "indexmap",
-]
-
 [[package]]
 name = "phf"
 version = "0.11.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "928c6535de93548188ef63bb7c4036bd415cd8f36ad25af44b9789b2ee72a48c"
 dependencies = [
- "phf_shared 0.11.1",
+ "phf_shared",
 ]

 [[package]]
@ -1650,7 +1480,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a56ac890c5e3ca598bbdeaa99964edb5b0258a583a9eb6ef4e89fc85d9224770"
 dependencies = [
 "phf_generator",
- "phf_shared 0.11.1",
+ "phf_shared",
 ]

 [[package]]
@ -1659,19 +1489,10 @@ version = "0.11.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b1181c94580fa345f50f19d738aaa39c0ed30a600d95cb2d3e23f94266f14fbf"
 dependencies = [
- "phf_shared 0.11.1",
+ "phf_shared",
 "rand",
 ]

-[[package]]
-name = "phf_shared"
-version = "0.10.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b6796ad771acdc0123d2a88dc428b5e38ef24456743ddb1744ed628f9815c096"
-dependencies = [
- "siphasher",
-]
-
 [[package]]
 name = "phf_shared"
 version = "0.11.1"
@ -1681,12 +1502,6 @@ dependencies = [
 "siphasher",
 ]

-[[package]]
-name = "pico-args"
-version = "0.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "db8bcd96cb740d03149cbad5518db9fd87126a10ab519c011893b1754134c468"
-
 [[package]]
 name = "pin-project-lite"
 version = "0.2.9"
@ -1732,18 +1547,6 @@ dependencies = [
 "syn 1.0.109",
 ]

-[[package]]
-name = "ppv-lite86"
-version = "0.2.17"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5b40af805b3121feab8a3c29f04d8ad262fa8e0561883e7653e024ae4479e6de"
-
-[[package]]
-name = "precomputed-hash"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "925383efa346730478fb4838dbe9137d2a47675ad789c546d150a6e1dd4ab31c"
-
 [[package]]
 name = "predicates"
 version = "3.0.3"
@ -1849,30 +1652,12 @@ dependencies = [
 "proc-macro2",
 ]

-[[package]]
-name = "radium"
-version = "0.7.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dc33ff2d4973d518d823d61aa239014831e521c75da58e3df4840d3f47749d09"
-
 [[package]]
 name = "rand"
 version = "0.8.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
 dependencies = [
- "libc",
- "rand_chacha",
- "rand_core",
-]
-
-[[package]]
-name = "rand_chacha"
-version = "0.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
-dependencies = [
- "ppv-lite86",
 "rand_core",
 ]

@ -1881,9 +1666,6 @@ name = "rand_core"
 version = "0.6.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
-dependencies = [
- "getrandom",
-]

 [[package]]
 name = "rayon"
@ -1944,7 +1726,7 @@ checksum = "af83e617f331cc6ae2da5443c602dfa5af81e517212d9d611a5b3ba1777b5370"
 dependencies = [
 "aho-corasick 1.0.1",
 "memchr",
- "regex-syntax 0.7.1",
+ "regex-syntax",
 ]

 [[package]]
@ -1953,12 +1735,6 @@ version = "0.1.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6c230d73fb8d8c1b9c0b3135c5142a8acee3a0558fb8db5cf1cb65f8d7862132"

-[[package]]
-name = "regex-syntax"
-version = "0.6.29"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f162c6dd7b008981e4d40210aca20b4bd0f9b60ca9271061b07f78537722f2e1"
-
 [[package]]
 name = "regex-syntax"
 version = "0.7.1"
@ -2004,11 +1780,11 @@ dependencies = [

 [[package]]
 name = "ruff"
-version = "0.0.265"
+version = "0.0.267"
 dependencies = [
 "annotate-snippets 0.9.1",
 "anyhow",
- "bitflags 2.1.0",
+ "bitflags 2.2.1",
 "chrono",
 "clap 4.2.4",
 "colored",
@ -2044,7 +1820,7 @@ dependencies = [
 "ruff_rustpython",
 "ruff_text_size",
 "rustc-hash",
- "rustpython-common",
+ "rustpython-format",
 "rustpython-parser",
 "schemars",
 "semver",
@ -2093,7 +1869,7 @@ dependencies = [

 [[package]]
 name = "ruff_cli"
-version = "0.0.265"
+version = "0.0.267"
 dependencies = [
 "annotate-snippets 0.9.1",
 "anyhow",
@ -2101,7 +1877,7 @@ dependencies = [
 "assert_cmd",
 "atty",
 "bincode",
- "bitflags 2.1.0",
+ "bitflags 2.2.1",
 "cachedir",
 "chrono",
 "clap 4.2.4",
@ -2151,7 +1927,7 @@ dependencies = [
 "ruff",
 "ruff_cli",
 "ruff_diagnostics",
- "rustpython-common",
+ "rustpython-format",
 "rustpython-parser",
 "schemars",
 "serde_json",
@ -2200,7 +1976,7 @@ name = "ruff_python_ast"
 version = "0.0.0"
 dependencies = [
 "anyhow",
- "bitflags 2.1.0",
+ "bitflags 2.2.1",
 "is-macro",
 "itertools",
 "log",
@ -2209,10 +1985,9 @@ dependencies = [
 "num-traits",
 "once_cell",
 "regex",
- "ruff_rustpython",
 "ruff_text_size",
 "rustc-hash",
- "rustpython-common",
+ "rustpython-literal",
 "rustpython-parser",
 "serde",
 "smallvec",
@ -2234,7 +2009,6 @@ dependencies = [
 "ruff_testing_macros",
 "ruff_text_size",
 "rustc-hash",
- "rustpython-common",
 "rustpython-parser",
 "similar",
 "test-case",
@ -2244,7 +2018,7 @@ dependencies = [
 name = "ruff_python_semantic"
 version = "0.0.0"
 dependencies = [
- "bitflags 2.1.0",
+ "bitflags 2.2.1",
 "is-macro",
 "nohash-hasher",
 "ruff_python_ast",
@ -2268,8 +2042,6 @@ name = "ruff_rustpython"
 version = "0.0.0"
 dependencies = [
 "anyhow",
- "once_cell",
- "rustpython-common",
 "rustpython-parser",
 ]

@ -2286,7 +2058,7 @@ dependencies = [
 [[package]]
 name = "ruff_text_size"
 version = "0.0.0"
-source = "git+https://github.com/charliermarsh/RustPython.git?rev=c3147d2c1524ebd0e90cf1c2938d770314fd5a5a#c3147d2c1524ebd0e90cf1c2938d770314fd5a5a"
+source = "git+https://github.com/RustPython/Parser.git?rev=a983f4383fb1ad8c1c66acb1d5b0016e59f95a49#a983f4383fb1ad8c1c66acb1d5b0016e59f95a49"
 dependencies = [
 "schemars",
 "serde",
@ -2357,75 +2129,66 @@ dependencies = [
 [[package]]
 name = "rustpython-ast"
 version = "0.2.0"
-source = "git+https://github.com/charliermarsh/RustPython.git?rev=c3147d2c1524ebd0e90cf1c2938d770314fd5a5a#c3147d2c1524ebd0e90cf1c2938d770314fd5a5a"
+source = "git+https://github.com/RustPython/Parser.git?rev=a983f4383fb1ad8c1c66acb1d5b0016e59f95a49#a983f4383fb1ad8c1c66acb1d5b0016e59f95a49"
 dependencies = [
+ "is-macro",
 "num-bigint",
- "ruff_text_size",
+ "rustpython-parser-core",
 ]

 [[package]]
-name = "rustpython-common"
+name = "rustpython-format"
 version = "0.2.0"
-source = "git+https://github.com/charliermarsh/RustPython.git?rev=c3147d2c1524ebd0e90cf1c2938d770314fd5a5a#c3147d2c1524ebd0e90cf1c2938d770314fd5a5a"
+source = "git+https://github.com/RustPython/Parser.git?rev=a983f4383fb1ad8c1c66acb1d5b0016e59f95a49#a983f4383fb1ad8c1c66acb1d5b0016e59f95a49"
 dependencies = [
- "ascii",
- "bitflags 1.3.2",
- "bstr 0.2.17",
- "cfg-if",
- "getrandom",
- "hexf-parse",
+ "bitflags 2.2.1",
 "itertools",
- "lexical-parse-float",
- "libc",
- "lock_api",
 "num-bigint",
 "num-traits",
- "once_cell",
- "radium",
- "rand",
- "siphasher",
- "unic-ucd-category",
- "volatile",
- "widestring",
+ "rustpython-literal",
 ]

 [[package]]
-name = "rustpython-compiler-core"
+name = "rustpython-literal"
 version = "0.2.0"
-source = "git+https://github.com/charliermarsh/RustPython.git?rev=c3147d2c1524ebd0e90cf1c2938d770314fd5a5a#c3147d2c1524ebd0e90cf1c2938d770314fd5a5a"
+source = "git+https://github.com/RustPython/Parser.git?rev=a983f4383fb1ad8c1c66acb1d5b0016e59f95a49#a983f4383fb1ad8c1c66acb1d5b0016e59f95a49"
 dependencies = [
- "bitflags 1.3.2",
- "itertools",
- "lz4_flex",
- "num-bigint",
- "num-complex",
- "ruff_text_size",
+ "hexf-parse",
+ "lexical-parse-float",
+ "num-traits",
+ "unic-ucd-category",
 ]

 [[package]]
 name = "rustpython-parser"
 version = "0.2.0"
-source = "git+https://github.com/charliermarsh/RustPython.git?rev=c3147d2c1524ebd0e90cf1c2938d770314fd5a5a#c3147d2c1524ebd0e90cf1c2938d770314fd5a5a"
+source = "git+https://github.com/RustPython/Parser.git?rev=a983f4383fb1ad8c1c66acb1d5b0016e59f95a49#a983f4383fb1ad8c1c66acb1d5b0016e59f95a49"
 dependencies = [
 "anyhow",
 "itertools",
- "lalrpop",
 "lalrpop-util",
 "log",
 "num-bigint",
 "num-traits",
 "phf",
 "phf_codegen",
- "ruff_text_size",
 "rustc-hash",
 "rustpython-ast",
- "rustpython-compiler-core",
+ "rustpython-parser-core",
 "tiny-keccak",
 "unic-emoji-char",
 "unic-ucd-ident",
 "unicode_names2",
 ]

+[[package]]
+name = "rustpython-parser-core"
+version = "0.2.0"
+source = "git+https://github.com/RustPython/Parser.git?rev=a983f4383fb1ad8c1c66acb1d5b0016e59f95a49#a983f4383fb1ad8c1c66acb1d5b0016e59f95a49"
+dependencies = [
+ "ruff_text_size",
+]
+
 [[package]]
 name = "rustversion"
 version = "1.0.12"
@ -2613,19 +2376,6 @@ version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a2eb9349b6444b326872e140eb1cf5e7c522154d69e7a0ffb0fb81c06b37543f"

-[[package]]
-name = "string_cache"
-version = "0.8.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f91138e76242f575eb1d3b38b4f1362f10d3a43f47d182a5b359af488a02293b"
-dependencies = [
- "new_debug_unreachable",
- "once_cell",
- "parking_lot",
- "phf_shared 0.10.0",
- "precomputed-hash",
-]
-
 [[package]]
 name = "strsim"
 version = "0.10.0"
@ -2698,17 +2448,6 @@ dependencies = [
 "windows-sys 0.45.0",
 ]

-[[package]]
-name = "term"
-version = "0.7.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c59df8ac95d96ff9bede18eb7300b0fda5e5d8d90960e76f8e14ae765eedbf1f"
-dependencies = [
- "dirs-next",
- "rustversion",
- "winapi",
-]
-
 [[package]]
 name = "termcolor"
 version = "1.2.0"
@ -2944,16 +2683,6 @@ dependencies = [
 "once_cell",
 ]

-[[package]]
-name = "twox-hash"
-version = "1.6.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "97fee6b57c6a41524a810daee9286c02d7752c4253064d0b05472833a438f675"
-dependencies = [
- "cfg-if",
- "static_assertions",
-]
-
 [[package]]
 name = "typed-arena"
 version = "2.0.2"
@ -3061,12 +2790,6 @@ version = "0.1.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c0edd1e5b14653f783770bce4a4dabb4a5108a5370a5f5d8cfe8710c361f6c8b"

-[[package]]
-name = "unicode-xid"
-version = "0.2.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f962df74c8c05a667b5ee8bcf162993134c104e96440b663c8daa176dc772d8c"
-
 [[package]]
 name = "unicode_names2"
 version = "0.6.0"
@ -3126,12 +2849,6 @@ version = "0.9.4"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "49874b5167b65d7193b8aba1567f5c7d93d001cafc34600cee003eda787e483f"

-[[package]]
-name = "volatile"
-version = "0.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f8e76fae08f03f96e166d2dfda232190638c10e0383841252416f9cfe2ae60e6"
-
 [[package]]
 name = "wait-timeout"
 version = "0.2.0"
@ -3293,12 +3010,6 @@ dependencies = [
 "once_cell",
 ]

-[[package]]
-name = "widestring"
-version = "0.5.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "17882f045410753661207383517a6f62ec3dbeb6a4ed2acce01f0728238d1983"
-
 [[package]]
 name = "wild"
 version = "2.1.0"
--- a/pkgs/development/tools/ruff/default.nix
+++ b/pkgs/development/tools/ruff/default.nix
@ -1,6 +1,7 @@
 { lib
 , rustPlatform
 , fetchFromGitHub
+, fetchpatch
 , installShellFiles
 , stdenv
 , darwin
@ -8,26 +9,37 @@

 rustPlatform.buildRustPackage rec {
  pname = "ruff";
-  version = "0.0.265";
+  version = "0.0.267";

  src = fetchFromGitHub {
    owner = "charliermarsh";
    repo = pname;
    rev = "v${version}";
-    hash = "sha256-b45kPvN2yILZBvP8eSNfWD6gpinwi9RsvmonRGYj0cI=";
+    hash = "sha256-inbW+oobW0hAsNdvJoiHvKoKAUjcuhEUrJe7fh5c6go=";
  };

-  # We have to use importCargoLock here because `cargo vendor` currently doesn't support workspace
-  # inheritance within Git dependencies, but importCargoLock does.
  cargoLock = {
    lockFile = ./Cargo.lock;
    outputHashes = {
      "libcst-0.1.0" = "sha256-jG9jYJP4reACkFLrQBWOYH6nbKniNyFVItD0cTZ+nW0=";
-      "ruff_text_size-0.0.0" = "sha256-+pAsfjJfN6899zIv2sj2gMyCuR8m/Ko928ZUw+X6u7Y=";
+      "ruff_text_size-0.0.0" = "sha256-rOk7N6YyMDiC/mn60Q5b3JGFvclj4ICbhYlpwNQsOiI=";
+      "rustpython-literal-0.2.0" = "sha256-GBlD+oZpUxciPcBMw5Qq1sJoZqs4RwjZ+W53M3CqdAc=";
      "unicode_names2-0.6.0" = "sha256-eWg9+ISm/vztB0KIdjhq5il2ZnwGJQCleCYfznCI3Wg=";
    };
  };

+  patches = [
+    # without this patch, cargo-vendor-dir fails with the following error:
+    # ln: failed to create symbolic link '...-rustpython-literal-0.2.0': Permission denied
+    # this patch removes dependencies with the same name and fixes the conflict
+    # https://github.com/charliermarsh/ruff/pull/4388
+    (fetchpatch {
+      name = "use-new-rustpython-format-crate-over-rustpython-common.patch";
+      url = "https://github.com/charliermarsh/ruff/commit/10eb4a38e86449fae023fbb591ffc16efec85bc8.patch";
+      hash = "sha256-bIun+Ge0bh4te0ih3bQtwRWJGi1h0weiLaN1AOhXR6E=";
+    })
+  ];
+
  nativeBuildInputs = [
    installShellFiles
  ];
--- a/pkgs/development/tools/rust/cargo-dephell/Cargo.lock
+++ b/pkgs/development/tools/rust/cargo-dephell/Cargo.lock
--- a/pkgs/development/tools/rust/cargo-dephell/default.nix
+++ b/pkgs/development/tools/rust/cargo-dephell/default.nix
@ -1,4 +1,13 @@
-{ lib, rustPlatform, fetchFromGitHub, pkg-config, openssl, stdenv, Security }:
+{ lib
+, rustPlatform
+, fetchFromGitHub
+, pkg-config
+, stdenv
+, curl
+, openssl
+, darwin
+, libgit2_1_3_0
+}:

 rustPlatform.buildRustPackage rec {
  pname = "cargo-dephell";
@ -8,14 +17,31 @@ rustPlatform.buildRustPackage rec {
    owner = "mimoo";
    repo = pname;
    rev = "v${version}";
-    sha256 = "1v3psrkjhgbkq9lm3698ac77qgk090jbly4r187nryj0vcmf9s1l";
+    hash = "sha256-NOjkKttA+mwPCpl4uiRIYD58DlMomVFpwnM9KGfWd+w=";
  };

-  cargoSha256 = "0fwj782dbyj3ps16hxmq61drf8714863jb0d3mhivn3zlqawyyil";
+  cargoLock = {
+    lockFile = ./Cargo.lock;
+  };

-  nativeBuildInputs = [ pkg-config ];
+  nativeBuildInputs = [
+    pkg-config
+  ] ++ lib.optionals stdenv.isDarwin [
+    curl
+  ];

-  buildInputs = [ openssl ] ++ lib.optional stdenv.isDarwin Security;
+  buildInputs = [
+    openssl
+  ] ++ lib.optional stdenv.isDarwin [
+    curl
+    darwin.apple_sdk.frameworks.Security
+    libgit2_1_3_0
+  ];
+
+  # update Cargo.lock to work with openssl 3
+  postPatch = ''
+    ln -sf ${./Cargo.lock} Cargo.lock
+  '';

  meta = with lib; {
    description = "A tool to analyze the third-party dependencies imported by a rust crate or rust workspace";
--- a/pkgs/os-specific/linux/odp-dpdk/default.nix
+++ b/pkgs/os-specific/linux/odp-dpdk/default.nix
@ -1,25 +1,28 @@
-{ lib, stdenv, fetchurl, autoreconfHook, pkg-config
-, dpdk, libbpf, libconfig, libpcap, numactl, openssl, zlib, libbsd, libelf, jansson
+{ lib
+, stdenv
+, fetchurl
+, autoreconfHook
+, pkg-config
+, dpdk
+, libbpf
+, libconfig
+, libpcap
+, numactl
+, openssl
+, zlib
+, libbsd
+, libelf
+, jansson
 , libnl
-}: let
-  dpdk_19_11 = dpdk.overrideAttrs (old: rec {
-    version = "19.11.12";
-    src = fetchurl {
-      url = "https://fast.dpdk.org/rel/dpdk-${version}.tar.xz";
-      sha256 = "sha256-F9m2+MZi3n0psPIwjWwhiIbbNkoGlxqtru2OlV7TbzQ=";
-    };
-    mesonFlags = old.mesonFlags ++ [
-      "-Denable_docs=false"
-    ];
-  });
+}:

-in stdenv.mkDerivation rec {
+stdenv.mkDerivation rec {
  pname = "odp-dpdk";
-  version = "1.37.0.0_DPDK_19.11";
+  version = "1.41.0.0_DPDK_22.11";

  src = fetchurl {
    url = "https://git.linaro.org/lng/odp-dpdk.git/snapshot/${pname}-${version}.tar.gz";
-    sha256 = "sha256-Ai6+6eZJeG0BrwNboBPfgDGkUbCC8lcj7+oxmWjWP2k=";
+    hash = "sha256-4p+R+7IeDKQFqBzQTvXfR407exxhoS8pnKxF9Qnr8tw=";
  };

  nativeBuildInputs = [
@ -28,7 +31,7 @@ in stdenv.mkDerivation rec {
  ];

  buildInputs = [
-    dpdk_19_11
+    dpdk
    libconfig
    libpcap
    numactl
--- a/pkgs/os-specific/linux/pam_p11/default.nix
+++ b/pkgs/os-specific/linux/pam_p11/default.nix
@ -1,4 +1,4 @@
-{ lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config, libp11, pam, libintl }:
+{ lib, stdenv, fetchFromGitHub, autoreconfHook, pkg-config, libp11, pam, libintl, fetchpatch }:

 stdenv.mkDerivation rec {
  pname = "pam_p11";
@ -11,6 +11,15 @@ stdenv.mkDerivation rec {
    sha256 = "1caidy18rq5zk82d51x8vwidmkhwmanf3qm25x1yrdlbhxv6m7lk";
  };

+  patches = [
+    # fix with openssl 3.x
+    (fetchpatch {
+      url = "https://github.com/OpenSC/pam_p11/pull/22.patch";
+      excludes = [ ".github/build.sh" ];
+      hash = "sha256-bm/agnBgvrr8L8yoGK4gzBqOGgsNWf9NIgcNJG7proE=";
+    })
+  ];
+
  nativeBuildInputs = [ autoreconfHook pkg-config ];
  buildInputs = [ pam libp11.passthru.openssl libp11 ]
    ++ lib.optionals stdenv.isDarwin [ libintl ];
--- a/pkgs/servers/monitoring/grafana/default.nix
+++ b/pkgs/servers/monitoring/grafana/default.nix
@ -2,7 +2,7 @@

 buildGoModule rec {
  pname = "grafana";
-  version = "9.5.1";
+  version = "9.5.2";

  excludedPackages = [ "alert_webhook_listener" "clean-swagger" "release_publisher" "slow_proxy" "slow_proxy_mac" "macaron" "devenv" ];

@ -10,15 +10,15 @@ buildGoModule rec {
    rev = "v${version}";
    owner = "grafana";
    repo = "grafana";
-    hash = "sha256-uYmbW7+h4dr2LlLpQ2kefcTZ+WdW56JwneTwj9BCIkU=";
+    hash = "sha256-4Gt5VwKD6YkxNSKxvfGjakXF4jF9aoaFZ+dXy/GsDaU=";
  };

  srcStatic = fetchurl {
    url = "https://dl.grafana.com/oss/release/grafana-${version}.linux-amd64.tar.gz";
-    hash = "sha256-2bdQXN1CmcGDXDZUf/4uYtOw7HYA3KLGRKBRlXLJw4c=";
+    hash = "sha256-xY600pasxP/+XbbbX4U3zp8R837/46+uJ9zQWva5Or8=";
  };

-  vendorHash = "sha256-b965ODZM0DgF8ZNrqa+Pwq8NE2qjePI9pBe2TgOVqwQ=";
+  vendorHash = "sha256-E9Qdsk691+laPrQQnYBIwxAIbXh7wxB0G2e/Vp+4x98=";

  nativeBuildInputs = [ wire ];

--- a/pkgs/tools/networking/dogdns/Cargo.lock
+++ b/pkgs/tools/networking/dogdns/Cargo.lock
--- a/pkgs/tools/networking/dogdns/default.nix
+++ b/pkgs/tools/networking/dogdns/default.nix
@ -34,17 +34,22 @@ rustPlatform.buildRustPackage rec {

  outputs = [ "out" "man" ];

-  postBuild = ''
-    just man
-  '';
-
  cargoLock = {
    lockFile = ./Cargo.lock;
    outputHashes = {
-      "mutagen-0.2.0" = "sha256-AZj+CXhaVPFFxg4Vwuzrlg87fBk+mz5FJFfVWc+PrSo=";
+      "mutagen-0.2.0" = "sha256-FnSeNI9lAcxonRFTu7wnP/M/d5UbMzSZ97w+mUqoEg8=";
    };
  };

+  postPatch = ''
+    # update Cargo.lock to work with openssl 3
+    ln -sf ${./Cargo.lock} Cargo.lock
+  '';
+
+  postBuild = ''
+    just man
+  '';
+
  postInstall = ''
    installShellCompletion completions/dog.{bash,fish,zsh}
    installManPage ./target/man/*.1
--- a/pkgs/tools/networking/shadowsocks-v2ray-plugin/default.nix
+++ b/pkgs/tools/networking/shadowsocks-v2ray-plugin/default.nix
@ -23,6 +23,7 @@ buildGoModule rec {
    license = licenses.mit;
    maintainers = [ maintainers.ahrzb ];
    mainProgram = "v2ray-plugin";
+    broken = true; # build fails with go > 1.17
  };
 }

--- a/pkgs/top-level/aliases.nix
+++ b/pkgs/top-level/aliases.nix
@ -1020,6 +1020,7 @@ mapAliases ({
  mcgrid = throw "mcgrid has been removed from nixpkgs, as it's not compatible with rivet 3"; # Added 2020-05-23
  mcomix3 = mcomix; # Added 2022-06-05
  mediatomb = throw "mediatomb is no longer maintained upstream, use gerbera instead"; # added 2022-01-04
+  meli = throw "'meli' has been removed as it requires an outdated version of openssl"; # added 2023-05-12
  meme = meme-image-generator; # Added 2021-04-21
  memtest86 = throw "'memtest86' has been renamed to/replaced by 'memtest86plus'"; # Converted to throw 2022-02-22
  mercurial_4 = throw "mercurial_4 has been removed as it's unmaintained"; # Added 2021-10-18
--- a/pkgs/top-level/all-packages.nix
+++ b/pkgs/top-level/all-packages.nix
@ -4149,9 +4149,7 @@ with pkgs;
                          { inherit (haskellPackages) alex happy Agda ghcWithPackages;
                          };

-  cfdyndns = callPackage ../applications/networking/dyndns/cfdyndns {
-    openssl = openssl_1_1;
-  };
+  cfdyndns = callPackage ../applications/networking/dyndns/cfdyndns { };

  cf-terraforming = callPackage ../tools/misc/cf-terraforming { };

@ -6867,7 +6865,6 @@ with pkgs;
  dog = callPackage ../tools/system/dog { };

  dogdns = callPackage ../tools/networking/dogdns {
-    openssl = openssl_1_1;
    inherit (darwin.apple_sdk.frameworks) Security;
  };

@ -8337,9 +8334,7 @@ with pkgs;

  haveged = callPackage ../tools/security/haveged { };

-  habitat = callPackage ../applications/networking/cluster/habitat {
-    openssl = openssl_1_1;
-  };
+  habitat = callPackage ../applications/networking/cluster/habitat { };

  hashcash = callPackage ../tools/security/hashcash { };

@ -15378,7 +15373,7 @@ with pkgs;

  gwt240 = callPackage ../development/compilers/gwt/2.4.0.nix { };

-  hvm = callPackage ../development/compilers/hvm { };
+  hvm = darwin.apple_sdk_11_0.callPackage ../development/compilers/hvm { };

  iay = callPackage ../tools/misc/iay {
    inherit (darwin.apple_sdk.frameworks) AppKit Security Foundation Cocoa;
@ -16245,10 +16240,7 @@ with pkgs;
  cargo-cross = callPackage ../development/tools/rust/cargo-cross { };
  cargo-deny = callPackage ../development/tools/rust/cargo-deny { };
  cargo-depgraph = callPackage ../development/tools/rust/cargo-depgraph { };
-  cargo-dephell = callPackage ../development/tools/rust/cargo-dephell {
-    inherit (darwin.apple_sdk.frameworks) Security;
-    openssl = openssl_1_1;
-  };
+  cargo-dephell = callPackage ../development/tools/rust/cargo-dephell { };
  cargo-diet = callPackage ../development/tools/rust/cargo-diet { };
  cargo-dist = callPackage ../development/tools/rust/cargo-dist { };
  cargo-embed = callPackage ../development/tools/rust/cargo-embed {
@ -20934,9 +20926,7 @@ with pkgs;

  hydra_unstable = callPackage ../development/tools/misc/hydra/unstable.nix { nix = nixVersions.nix_2_13; };

-  hydra-cli = callPackage ../development/tools/misc/hydra-cli {
-    openssl = openssl_1_1;
-  };
+  hydra-cli = callPackage ../development/tools/misc/hydra-cli { };

  hydraAntLogger = callPackage ../development/libraries/java/hydra-ant-logger { };

@ -22188,9 +22178,7 @@ with pkgs;

  libow = callPackage ../development/libraries/libow { };

-  libp11 = callPackage ../development/libraries/libp11 {
-    openssl = openssl_1_1;
-  };
+  libp11 = callPackage ../development/libraries/libp11 { };

  libpam-wrapper = callPackage ../development/libraries/libpam-wrapper { };

@ -23466,18 +23454,6 @@ with pkgs;
    inherit lib pkgs qt5;
  });

-  # TODO: remove once no package needs this anymore or together with OpenSSL 1.1
-  # Current users: mumble, murmur
-  qt5_openssl_1_1 = qt5.overrideScope (_: super: {
-    qtbase = super.qtbase.override {
-      openssl = openssl_1_1;
-      libmysqlclient = libmysqlclient.override {
-        openssl = openssl_1_1;
-        curl = curl.override { openssl = openssl_1_1; };
-      };
-    };
-  });
-
  # plasma5Packages maps to the Qt5 packages set that is used to build the plasma5 desktop
  plasma5Packages = libsForQt5;

@ -25176,9 +25152,7 @@ with pkgs;

  inherit (callPackages ../servers/firebird { }) firebird_4 firebird_3 firebird_2_5 firebird;

-  freeradius = callPackage ../servers/freeradius {
-    openssl = openssl_1_1;
-  };
+  freeradius = callPackage ../servers/freeradius { };

  freshrss = callPackage ../servers/web-apps/freshrss { };

@ -27211,9 +27185,7 @@ with pkgs;

  odin = callPackage ../development/compilers/odin { };

-  odp-dpdk = callPackage ../os-specific/linux/odp-dpdk {
-    openssl = openssl_1_1;
-  };
+  odp-dpdk = callPackage ../os-specific/linux/odp-dpdk { };

  odroid-xu3-bootloader = callPackage ../tools/misc/odroid-xu3-bootloader { };

@ -32168,10 +32140,6 @@ with pkgs;

  meld = callPackage ../applications/version-management/meld { };

-  meli = callPackage ../applications/networking/mailreaders/meli {
-    openssl = openssl_1_1;
-  };
-
  melmatcheq.lv2 = callPackage ../applications/audio/melmatcheq.lv2 { };

  melody = callPackage ../tools/misc/melody { };
@ -32518,14 +32486,12 @@ with pkgs;
      pulseSupport = config.pulseaudio or false;
      iceSupport = config.murmur.iceSupport or true;
      grpcSupport = config.murmur.grpcSupport or true;
-      qt5 = qt5_openssl_1_1;
    }).murmur;

  mumble = (callPackages ../applications/networking/mumble {
      avahi = avahi-compat;
      jackSupport = config.mumble.jackSupport or false;
      speechdSupport = config.mumble.speechdSupport or false;
-      qt5 = qt5_openssl_1_1;
    }).mumble;

  mumble_overlay = callPackage ../applications/networking/mumble/overlay.nix {
@ -32648,7 +32614,6 @@ with pkgs;

  p4 = callPackage ../applications/version-management/p4 {
    inherit (darwin.apple_sdk.frameworks) CoreServices Foundation Security;
-    openssl = openssl_1_1;
  };
  p4d = callPackage ../applications/version-management/p4d { };
  p4v = callPackage ../applications/version-management/p4v { };
@ -32771,7 +32736,6 @@ with pkgs;

  synapse-bt = callPackage ../applications/networking/p2p/synapse-bt {
    inherit (darwin.apple_sdk.frameworks) CoreServices Security;
-    openssl = openssl_1_1;
  };

  synfigstudio = callPackage ../applications/graphics/synfigstudio { };
@ -33870,7 +33834,6 @@ with pkgs;

  spotify-tui = callPackage ../applications/audio/spotify-tui {
    inherit (darwin.apple_sdk.frameworks) AppKit Security;
-    openssl = openssl_1_1;
  };

  sptlrx = callPackage ../applications/audio/sptlrx { };
--- a/pkgs/top-level/python-packages.nix
+++ b/pkgs/top-level/python-packages.nix
@ -3529,6 +3529,8 @@ self: super: with self; {

  fints = callPackage ../development/python-modules/fints { };

+  finvizfinance = callPackage ../development/python-modules/finvizfinance { };
+
  fiona = callPackage ../development/python-modules/fiona { };

  fipy = callPackage ../development/python-modules/fipy { };