summary refs log tree commit diff
path: root/gnu
diff options
context:
space:
mode:
Diffstat (limited to 'gnu')
-rw-r--r--gnu/ci.scm2
-rw-r--r--gnu/local.mk4
-rw-r--r--gnu/packages/admin.scm5
-rw-r--r--gnu/packages/aux-files/findclass.php125
-rw-r--r--gnu/packages/axoloti.scm7
-rw-r--r--gnu/packages/bioinformatics.scm87
-rw-r--r--gnu/packages/browser-extensions.scm12
-rw-r--r--gnu/packages/cran.scm22
-rw-r--r--gnu/packages/elixir-xyz.scm294
-rw-r--r--gnu/packages/elixir.scm63
-rw-r--r--gnu/packages/emacs-xyz.scm10
-rw-r--r--gnu/packages/file-systems.scm4
-rw-r--r--gnu/packages/finance.scm4
-rw-r--r--gnu/packages/firmware.scm229
-rw-r--r--gnu/packages/fonts.scm6
-rw-r--r--gnu/packages/game-development.scm10
-rw-r--r--gnu/packages/geo.scm2
-rw-r--r--gnu/packages/gnome.scm30
-rw-r--r--gnu/packages/gnuzilla.scm12
-rw-r--r--gnu/packages/golang.scm3
-rw-r--r--gnu/packages/guile-xyz.scm24
-rw-r--r--gnu/packages/i2p.scm44
-rw-r--r--gnu/packages/image.scm4
-rw-r--r--gnu/packages/linux.scm39
-rw-r--r--gnu/packages/lisp-xyz.scm2
-rw-r--r--gnu/packages/mail.scm2
-rw-r--r--gnu/packages/mate.scm2
-rw-r--r--gnu/packages/music.scm2
-rw-r--r--gnu/packages/networking.scm4
-rw-r--r--gnu/packages/patches/freeimage-CVE-2020-21428.patch17
-rw-r--r--gnu/packages/patches/freeimage-CVE-2020-22524.patch229
-rw-r--r--gnu/packages/php-xyz.scm50
-rw-r--r--gnu/packages/rednotebook.scm3
-rw-r--r--gnu/packages/ssh.scm11
-rw-r--r--gnu/packages/syncthing.scm5
-rw-r--r--gnu/packages/syndication.scm35
-rw-r--r--gnu/packages/telegram.scm2
-rw-r--r--gnu/packages/video.scm29
-rw-r--r--gnu/packages/virtualization.scm6
-rw-r--r--gnu/packages/vnc.scm2
-rw-r--r--gnu/packages/web-browsers.scm2
-rw-r--r--gnu/packages/webkit.scm36
42 files changed, 1181 insertions, 300 deletions
diff --git a/gnu/ci.scm b/gnu/ci.scm
index 38dc4d1d5c..6ee8499728 100644
--- a/gnu/ci.scm
+++ b/gnu/ci.scm
@@ -373,7 +373,7 @@ valid.  Append SUFFIX to the job name."
 
 (define %x86-64-micro-architectures
   ;; Micro-architectures for which we build tuned variants.
-  '("westmere" "ivybridge" "haswell" "skylake" "skylake-avx512"))
+  '("haswell" "skylake" "x86-64-v2" "x86-64-v3" "x86-64-v4"))
 
 (define (tuned-package-jobs store package system)
   "Return a list of jobs for PACKAGE tuned for SYSTEM's micro-architectures."
diff --git a/gnu/local.mk b/gnu/local.mk
index c404d2f52f..caf2bb16fa 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -245,6 +245,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/electronics.scm			\
   %D%/packages/elf.scm				\
   %D%/packages/elixir.scm			\
+  %D%/packages/elixir-xyz.scm			\
   %D%/packages/elm.scm				\
   %D%/packages/embedded.scm			\
   %D%/packages/emacs.scm			\
@@ -507,6 +508,7 @@ GNU_SYSTEM_MODULES =				\
   %D%/packages/photo.scm			\
   %D%/packages/phabricator.scm 			\
   %D%/packages/php.scm				\
+  %D%/packages/php-xyz.scm			\
   %D%/packages/piet.scm			\
   %D%/packages/pikchr.scm			\
   %D%/packages/pkg-config.scm			\
@@ -1188,6 +1190,8 @@ dist_patch_DATA =						\
   %D%/packages/patches/freedink-engine-fix-sdl-hints.patch	\
   %D%/packages/patches/freeimage-libtiff-compat.patch		\
   %D%/packages/patches/freeimage-unbundle.patch		\
+  %D%/packages/patches/freeimage-CVE-2020-21428.patch		\
+  %D%/packages/patches/freeimage-CVE-2020-22524.patch		\
   %D%/packages/patches/fulcrum-1.9.1-unbundled-libraries.patch	\
   %D%/packages/patches/fuse-glibc-2.34.patch			\
   %D%/packages/patches/fuse-overlapping-headers.patch		\
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 03b3acba8b..377caf8793 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -61,6 +61,7 @@
 ;;; Copyright © 2023 Alexey Abramov <levenson@mmer.org>
 ;;; Copyright © 2023 Bruno Victal <mirai@makinata.eu>
 ;;; Copyright © 2023 Tobias Kortkamp <tobias.kortkamp@gmail.com>
+;;; Copyright © 2023 Jaeme Sifat <jaeme@runbox.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -4019,7 +4020,7 @@ you are running, what theme or icon set you are using, etc.")
 (define-public hyfetch
   (package
     (name "hyfetch")
-    (version "1.4.10")
+    (version "1.4.11")
     (source
      (origin
        (method git-fetch)
@@ -4029,7 +4030,7 @@ you are running, what theme or icon set you are using, etc.")
        (file-name (git-file-name name version))
        (sha256
         (base32
-         "1lf1vrasinda9j6yazznpx54gg5j24xvkjb68dxhby9dg8ql1h87"))))
+         "1ymj72virh8y8gwgg3j3skf6j0zn7p0plcza57lln1drnjspycy7"))))
     (build-system python-build-system)
     (arguments (list #:tests? #f))      ;no tests
     (inputs (list python-typing-extensions))
diff --git a/gnu/packages/aux-files/findclass.php b/gnu/packages/aux-files/findclass.php
new file mode 100644
index 0000000000..d0b250c8e1
--- /dev/null
+++ b/gnu/packages/aux-files/findclass.php
@@ -0,0 +1,125 @@
+<?php
+/**
+ * The content of this file is copied from composer's src/Composer/Autoload/ClassMapGenerator.php
+ * the findClasses method was extracted, to prevent using any dependency.
+ *
+ * Composer (and thus this file) is distributed under the expat license, and
+ * ClassMapGenerator.php also contains this notice:
+ *
+ *   This file is part of Composer.
+ *
+ *   (c) Nils Adermann <naderman@naderman.de>
+ *       Jordi Boggiano <j.boggiano@seld.be>
+ *
+ *   For the full copyright and license information, please view the LICENSE
+ *   file that was distributed with this source code.
+ *
+ *   This file is copied from the Symfony package.
+ *
+ *   (c) Fabien Potencier <fabien@symfony.com>
+ * 
+ * To the extent to wich it makes sense, as the author of the extract:
+ * Copyright © 2020 Julien Lepiller <julien@lepiller.eu>
+ */
+
+/**
+ * Extract the classes in the given file
+ *
+ * @param  string            $path The file to check
+ * @throws \RuntimeException
+ * @return array             The found classes
+ */
+function findClasses($path)
+{
+    $extraTypes = PHP_VERSION_ID < 50400 ? '' : '|trait';
+    if (defined('HHVM_VERSION') && version_compare(HHVM_VERSION, '3.3', '>=')) {
+        $extraTypes .= '|enum';
+    }
+    // Use @ here instead of Silencer to actively suppress 'unhelpful' output
+    // @link https://github.com/composer/composer/pull/4886
+    $contents = @php_strip_whitespace($path);
+    if (!$contents) {
+        if (!file_exists($path)) {
+            $message = 'File at "%s" does not exist, check your classmap definitions';
+        } elseif (!is_readable($path)) {
+            $message = 'File at "%s" is not readable, check its permissions';
+        } elseif ('' === trim(file_get_contents($path))) {
+            // The input file was really empty and thus contains no classes
+            return array();
+        } else {
+            $message = 'File at "%s" could not be parsed as PHP, it may be binary or corrupted';
+        }
+        $error = error_get_last();
+        if (isset($error['message'])) {
+            $message .= PHP_EOL . 'The following message may be helpful:' . PHP_EOL . $error['message'];
+        }
+        throw new \RuntimeException(sprintf($message, $path));
+    }
+    // return early if there is no chance of matching anything in this file
+    if (!preg_match('{\b(?:class|interface'.$extraTypes.')\s}i', $contents)) {
+        return array();
+    }
+    // strip heredocs/nowdocs
+    $contents = preg_replace('{<<<[ \t]*([\'"]?)(\w+)\\1(?:\r\n|\n|\r)(?:.*?)(?:\r\n|\n|\r)(?:\s*)\\2(?=\s+|[;,.)])}s', 'null', $contents);
+    // strip strings
+    $contents = preg_replace('{"[^"\\\\]*+(\\\\.[^"\\\\]*+)*+"|\'[^\'\\\\]*+(\\\\.[^\'\\\\]*+)*+\'}s', 'null', $contents);
+    // strip leading non-php code if needed
+    if (substr($contents, 0, 2) !== '<?') {
+        $contents = preg_replace('{^.+?<\?}s', '<?', $contents, 1, $replacements);
+        if ($replacements === 0) {
+            return array();
+        }
+    }
+    // strip non-php blocks in the file
+    $contents = preg_replace('{\?>(?:[^<]++|<(?!\?))*+<\?}s', '?><?', $contents);
+    // strip trailing non-php code if needed
+    $pos = strrpos($contents, '?>');
+    if (false !== $pos && false === strpos(substr($contents, $pos), '<?')) {
+        $contents = substr($contents, 0, $pos);
+    }
+    // strip comments if short open tags are in the file
+    if (preg_match('{(<\?)(?!(php|hh))}i', $contents)) {
+        $contents = preg_replace('{//.* | /\*(?:[^*]++|\*(?!/))*\*/}x', '', $contents);
+    }
+    preg_match_all('{
+        (?:
+             \b(?<![\$:>])(?P<type>class|interface'.$extraTypes.') \s++ (?P<name>[a-zA-Z_\x7f-\xff:][a-zA-Z0-9_\x7f-\xff:\-]*+)
+           | \b(?<![\$:>])(?P<ns>namespace) (?P<nsname>\s++[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*+(?:\s*+\\\\\s*+[a-zA-Z_\x7f-\xff][a-zA-Z0-9_\x7f-\xff]*+)*+)? \s*+ [\{;]
+        )
+    }ix', $contents, $matches);
+    $classes = array();
+    $namespace = '';
+    for ($i = 0, $len = count($matches['type']); $i < $len; $i++) {
+        if (!empty($matches['ns'][$i])) {
+            $namespace = str_replace(array(' ', "\t", "\r", "\n"), '', $matches['nsname'][$i]) . '\\';
+        } else {
+            $name = $matches['name'][$i];
+            // skip anon classes extending/implementing
+            if ($name === 'extends' || $name === 'implements') {
+                continue;
+            }
+            if ($name[0] === ':') {
+                // This is an XHP class, https://github.com/facebook/xhp
+                $name = 'xhp'.substr(str_replace(array('-', ':'), array('_', '__'), $name), 1);
+            } elseif ($matches['type'][$i] === 'enum') {
+                // In Hack, something like:
+                //   enum Foo: int { HERP = '123'; }
+                // The regex above captures the colon, which isn't part of
+                // the class name.
+                $name = rtrim($name, ':');
+            }
+            $classes[] = ltrim($namespace . $name, '\\');
+        }
+    }
+    return $classes;
+}
+
+$options = getopt('i:f:', []);
+$file = $options["f"];
+$input = $options["i"];
+
+$classes = findClasses($file);
+foreach($classes as $class) {
+  echo '$classmap[\''.$class.'\'] = \''.$input.'/'.$file.'\';';
+  echo "\n";
+}
diff --git a/gnu/packages/axoloti.scm b/gnu/packages/axoloti.scm
index 7b36922860..8e26884942 100644
--- a/gnu/packages/axoloti.scm
+++ b/gnu/packages/axoloti.scm
@@ -320,9 +320,9 @@ runtime.")
                             (toolchain (assoc-ref inputs "cross-toolchain"))
                             (includes  (string-append
                                         toolchain
-                                        "/arm-none-eabi/include:"
+                                        "/arm-none-eabi/include/c++:"
                                         toolchain
-                                        "/arm-none-eabi/include/arm-none-eabi/armv7e-m")))
+                                        "/arm-none-eabi/include/c++/arm-none-eabi/armv7e-m")))
                        (display
                         (string-append "#!" (which "sh") "\n"
                                        "export CROSS_CPATH=" includes "\n"
@@ -333,8 +333,7 @@ runtime.")
                                        " -Daxoloti_release=" runtime
                                        " -Daxoloti_runtime=" runtime
                                        " -jar " dir "/Axoloti.jar")))))
-                 (chmod target #o555))
-               #t)))
+                 (chmod target #o555)))))
          (add-after 'install 'strip-jar-timestamps
            (assoc-ref ant:%standard-phases 'strip-jar-timestamps)))))
     (inputs
diff --git a/gnu/packages/bioinformatics.scm b/gnu/packages/bioinformatics.scm
index 2546454acd..3e7b99ee61 100644
--- a/gnu/packages/bioinformatics.scm
+++ b/gnu/packages/bioinformatics.scm
@@ -10245,55 +10245,54 @@ auROC analysis.")
       (license license:gpl3))))
 
 (define-public r-sccustomize
-  (let ((commit "8414d1f5fb32277855b0619191a568932b7baeb0")
+  (let ((commit "397374590dae2ccc0c560897dcd1ce4382c18798")
         (revision "1"))
     (package
       (name "r-sccustomize")
-      (version (git-version "0.7.0" revision commit))
-      (source (origin
-                (method git-fetch)
-                (uri (git-reference
-                      (url "https://github.com/samuel-marsh/scCustomize")
-                      (commit commit)))
-                (file-name (git-file-name name version))
-                (sha256
-                 (base32
-                  "1wcgfq7lx83a2kf8pjbw524gdvxf351n08cwd5wzmmy57kf4knbj"))))
+      (version (git-version "2.0.1" revision commit))
+      (source
+       (origin
+         (method git-fetch)
+         (uri (git-reference
+               (url "https://github.com/samuel-marsh/scCustomize")
+               (commit commit)))
+         (file-name (git-file-name name version))
+         (sha256
+          (base32 "11bafm0mlck27fqd8brz80pxb8dc5q0aqbp8zv0s9sx97njp7wsl"))))
       (properties `((upstream-name . "scCustomize")))
       (build-system r-build-system)
-      (propagated-inputs
-       (list r-circlize
-             r-colorway
-             r-cowplot
-             r-data-table
-             r-dittoseq
-             r-dplyr
-             r-forcats
-             r-ggbeeswarm
-             r-ggplot2
-             r-ggprism
-             r-ggpubr
-             r-ggrastr
-             r-ggrepel
-             r-glue
-             r-janitor
-             r-magrittr
-             r-matrix
-             r-paletteer
-             r-patchwork
-             r-pbapply
-             r-purrr
-             r-remotes
-             r-scales
-             r-scattermore
-             r-seurat
-             r-seuratobject
-             r-stringi
-             r-stringr
-             r-tibble
-             r-tidyr
-             r-tidyselect
-             r-viridis))
+      (propagated-inputs (list r-circlize
+                               r-colorway
+                               r-cowplot
+                               r-data-table
+                               r-dittoseq
+                               r-dplyr
+                               r-forcats
+                               r-ggbeeswarm
+                               r-ggplot2
+                               r-ggprism
+                               r-ggpubr
+                               r-ggrastr
+                               r-ggrepel
+                               r-glue
+                               r-janitor
+                               r-magrittr
+                               r-matrix
+                               r-paletteer
+                               r-patchwork
+                               r-pbapply
+                               r-purrr
+                               r-remotes
+                               r-scales
+                               r-scattermore
+                               r-seurat
+                               r-seuratobject
+                               r-stringi
+                               r-stringr
+                               r-tibble
+                               r-tidyr
+                               r-tidyselect
+                               r-viridis))
       (native-inputs (list r-knitr))
       (home-page "https://github.com/samuel-marsh/scCustomize")
       (synopsis "Custom visualization and analyses of single-cell sequencing")
diff --git a/gnu/packages/browser-extensions.scm b/gnu/packages/browser-extensions.scm
index 0b42acc422..34dfa4b580 100644
--- a/gnu/packages/browser-extensions.scm
+++ b/gnu/packages/browser-extensions.scm
@@ -57,7 +57,7 @@ supported content to the Kodi media center.")
   ;; Arbitrary commit of branch master,
   ;; Update when updating uBlockOrigin.
   (let* ((name "ublock-main-assets")
-         (commit "d93605b8584df8cd47bcc91b3d932feecd9e3a2a")
+         (commit "76bd7cb53036a36f7e7df5ee9173f588ba8aa966")
          (revision "1")
          (version (git-version "0" revision commit)))
     (origin
@@ -67,13 +67,13 @@ supported content to the Kodi media center.")
             (commit commit)))
       (file-name (git-file-name name version))
       (sha256
-       (base32 "1bbwxmb5rb1afh6i5a7m1ysaw0022wi5g091vpahi4h805p1s7a2")))))
+       (base32 "1kdzvflr1yxykyva5vsjqr0p2ik1200xbhxwpl3cx2jsiv8l95sk")))))
 
 (define ublock-prod-assets
   ;; Arbitrary commit of branch gh-pages,
   ;; Update when updating uBlockOrigin.
   (let* ((name "ublock-prod-assets")
-         (commit "1d3df32ef6672763f44b27a95fd5cb3b5770d5e2")
+         (commit "a379a168fc149ffbd6d10cd0700d4ab4801e57f2")
          (revision "1")
          (version (git-version "0" revision commit)))
     (origin
@@ -83,12 +83,12 @@ supported content to the Kodi media center.")
             (commit commit)))
       (file-name (git-file-name name version))
       (sha256
-       (base32 "1cbx7w1nzdcjq0z4z7j9nr8922i27nslprrw5dy03xcdqwc3x4l6")))))
+       (base32 "0syf3kbhvsbn5xka5knpclxby2kp92my1w7ixvf5fs9n08ylcip1")))))
 
 (define ublock-origin
   (package
     (name "ublock-origin")
-    (version "1.53.2")
+    (version "1.54.0")
     (home-page "https://github.com/gorhill/uBlock")
     (source (origin
               (method git-fetch)
@@ -98,7 +98,7 @@ supported content to the Kodi media center.")
               (file-name (git-file-name name version))
               (sha256
                (base32
-                "0mz1k5ghyc25v51md02qx7chrbg4cxagvqi18bcbs4agq8ix6sp7"))))
+                "1yacqpf9z8lprwsj194bhlp2ba9ywzbagd6lwxj3h6g405s7zp2k"))))
     (build-system gnu-build-system)
     (outputs '("xpi" "firefox" "chromium"))
     (properties '((addon-id . "uBlock0@raymondhill.net")))
diff --git a/gnu/packages/cran.scm b/gnu/packages/cran.scm
index c9ce73b1de..9547086bf1 100644
--- a/gnu/packages/cran.scm
+++ b/gnu/packages/cran.scm
@@ -17904,6 +17904,28 @@ variables, and files, in either version 3 or 4 format, and manipulate existing
 netCDF files.")
     (license license:gpl3+)))
 
+(define-public r-ncmisc
+  (package
+    (name "r-ncmisc")
+    (version "1.2.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (cran-uri "NCmisc" version))
+       (sha256
+        (base32 "10wzznqa26fxyj6bl979qmq29p3dkr8yap4s70l3mwhhk33zpz16"))))
+    (properties `((upstream-name . "NCmisc")))
+    (build-system r-build-system)
+    (home-page "https://cran.r-project.org/package=NCmisc")
+    (synopsis "Functions for creating adaptive functions and scripts")
+    (description
+     "This package provides a set of handy functions.  It includes a versatile
+one line progress bar, one line function timer with detailed output, time delay
+function, text histogram, object preview, CRAN package search, simpler package
+installer, Linux command install check, a flexible Mode function, top function,
+simulation of correlated data, and more.")
+    (license license:gpl2+)))
+
 (define-public r-biocmanager
   (package
     (name "r-biocmanager")
diff --git a/gnu/packages/elixir-xyz.scm b/gnu/packages/elixir-xyz.scm
new file mode 100644
index 0000000000..5af8d7c1b4
--- /dev/null
+++ b/gnu/packages/elixir-xyz.scm
@@ -0,0 +1,294 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2023 Pierre-Henry Fröhring <phfrohring@deeplinks.com>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages elixir-xyz)
+  #:use-module ((guix licenses) #:prefix license:)
+  #:use-module (gnu packages elixir)
+  #:use-module (gnu packages linux)
+  #:use-module (gnu packages compression)
+  #:use-module (gnu packages base)
+  #:use-module (gnu packages)
+  #:use-module (guix build-system gnu)
+  #:use-module (guix build-system mix)
+  #:use-module (guix download)
+  #:use-module (guix git-download)
+  #:use-module (guix gexp)
+  #:use-module (guix utils)
+  #:use-module (guix packages)
+  #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-26))
+
+(define-public elixir-nimble-parsec
+  (package
+    (name "elixir-nimble-parsec")
+    (version "1.3.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (hexpm-uri name version))
+       (sha256
+        (base32 "0rxiw6jzz77v0j460wmzcprhdgn71g1hrz3mcc6djn7bnb0f70i6"))))
+    (build-system mix-build-system)
+    (arguments (list #:tests? #f)) ; no tests
+    (synopsis "Text-based parser combinators")
+    (description
+     "This library provides primitives for efficient parser combinators, allowing
+for higher-level combinators through composition.")
+    (home-page "https://hexdocs.pm/nimble_parsec/")
+    (license license:asl2.0)))
+
+(define-public elixir-makeup
+  (package
+    (name "elixir-makeup")
+    (version "1.1.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (hexpm-uri name version))
+       (sha256
+        (base32 "19jpprryixi452jwhws3bbks6ki3wni9kgzah3srg22a3x8fsi8a"))))
+    (build-system mix-build-system)
+    (propagated-inputs (list elixir-nimble-parsec))
+    (arguments (list #:tests? #f)) ; no tests
+    (synopsis "Syntax highlighter for source code")
+    (description
+     "Makeup is a generic syntax highlighter in the style of Pygments suitable for use in code hosting,
+forums, wikis or other applications that need to prettify source code.")
+    (home-page "https://hexdocs.pm/makeup/")
+    (license license:bsd-2)))
+
+(define-public elixir-jason
+  (package
+    (name "elixir-jason")
+    (version "1.4.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (hexpm-uri name version))
+       (sha256
+        (base32 "18d70i31bz11nr6vgsjn5prvhkvwqbyf3xq22ck5cnsnzp6ixc7v"))))
+    (build-system mix-build-system)
+    (arguments (list #:tests? #f)) ; no tests
+    (synopsis "JSON parser and generator")
+    (description
+     "Parser and generator are written in pure Elixir and optimized for speed. They
+are at least twice as fast as other Elixir/Erlang libraries (e.g.
+Poison). The performance is comparable to jiffy, which is implemented in C as
+a NIF.")
+    (home-page "https://hexdocs.pm/jason/")
+    (license license:asl2.0)))
+
+(define-public elixir-file-system
+  (package
+    (name "elixir-file-system")
+    (version "0.2.10")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (hexpm-uri name version))
+       (sha256
+        (base32 "1p0myxmnjjds8bbg69dd6fvhk8q3n7lb78zd4qvmjajnzgdmw6a1"))
+       (snippet #~(begin
+                    (use-modules (guix build utils) (ice-9 ftw))
+                    (mkdir "source")
+                    (for-each (lambda (file)
+                                (when (not (member file '("." ".." "source")))
+                                  (rename-file file (string-append "source/" file))))
+                              (scandir "."))
+                    (with-directory-excursion "source"
+                      (invoke (string-append #+gzip "/bin/gunzip") "-v" "contents.tar.gz")
+                      (invoke (string-append #+tar "/bin/tar") "-xvf" "contents.tar")
+                      (delete-file "contents.tar")
+                      (delete-file "priv/inotifywait.exe"))))))
+    (build-system mix-build-system)
+    (propagated-inputs (list inotify-tools))
+    (arguments (list #:tests? #f)) ; no tests
+    (synopsis "File system change watcher")
+    (description "Provides a file system change watcher wrapper based on
+https://github.com/synrc/fs.")
+    (home-page "https://hexdocs.pm/file_system/")
+    (license license:wtfpl2)))
+
+(define-public elixir-bunt
+  (package
+    (name "elixir-bunt")
+    (version "0.2.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (hexpm-uri name version))
+       (sha256
+        (base32 "19bp6xh052ql3ha0v3r8999cvja5d2p6cph02mxphfaj4jsbyc53"))))
+    (build-system mix-build-system)
+    (arguments (list #:tests? #f)) ; no tests
+    (synopsis "256 color ANSI coloring in the terminal")
+    (description "Bunt is an Elixir package that enables 256 color ANSI
+coloring in the terminal and allows users to alias colors to more semantic and
+application-specific names1.")
+    (home-page "https://hexdocs.pm/bunt/")
+    (license license:expat)))
+
+(define-public elixir-inch-ex
+  (package
+    (name "elixir-inch-ex")
+    (version "2.0.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (hexpm-uri name version))
+       (sha256
+        (base32 "1a4rjcy3hn5pc40si1d1y7qg0b0mnxx6pw825la67ky8r9gfrl4n"))))
+    (build-system mix-build-system)
+    (arguments (list #:tests? #f)) ; no tests
+    (propagated-inputs (list elixir-bunt elixir-jason))
+    (synopsis
+     "Suggest enhancements for inline documentation")
+    (description
+     "This package provides a Mix task that gives you hints where to improve your
+inline docs.")
+    (home-page "https://hex.pm/packages/inch_ex")
+    (license license:expat)))
+
+(define-public elixir-castore
+  (package
+    (name "elixir-castore")
+    (version "1.0.4")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (hexpm-uri name version))
+       (sha256
+        (base32 "1y44amb8falsmrfzpkmf7qp6215g9kdl76g91dpna4af2jwc264l"))))
+    (build-system mix-build-system)
+    (arguments (list #:tests? #f)) ; no tests
+    (synopsis "Up-to-date CA certificate store")
+    (description "The Elixir castore package is a micro-library that provides
+an up-to-date CA certificate store file for Elixir applications.")
+    (home-page "https://hexdocs.pm/castore/")
+    (license license:asl2.0)))
+
+(define-public elixir-excoveralls
+  (package
+    (name "elixir-excoveralls")
+    (version "0.18.0")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (hexpm-uri name version))
+       (sha256
+        (base32 "02x69ll5scvraky0k5gacvnnmldv5k04kgk02x087d9w3y8vn28i"))))
+    (build-system mix-build-system)
+    (propagated-inputs (list elixir-castore elixir-jason))
+    (arguments (list #:tests? #f)) ; no tests
+    (synopsis "Coverage report tool with coveralls.io integration")
+    (description
+     "Library that reports test coverage statistics, with the option to
+post to coveralls.io service. It uses Erlang's cover to generate coverage
+information, and posts the test coverage results to coveralls.io through the
+JSON API.")
+    (home-page "https://hexdocs.pm/excoveralls/")
+    (license license:expat)))
+
+(define-public elixir-credo
+  (package
+    (name "elixir-credo")
+    (version "1.7.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (hexpm-uri name version))
+       (sha256
+        (base32 "18jqi9s9r1587njzdxycvmmbma30cay9iamni4f3ih54jmh1r1z9"))))
+    (build-system mix-build-system)
+    (arguments (list #:tests? #f)) ; no tests
+    (propagated-inputs (list elixir-bunt elixir-file-system elixir-jason))
+    (native-inputs (list elixir-excoveralls elixir-inch-ex))
+    (synopsis "Static code analysis tool")
+    (description
+     "Credo is a static code analysis tool for the Elixir language with a focus on
+teaching and code consistency. Credo can show you refactoring opportunities in
+your code, complex code fragments, warn you about common mistakes, show
+inconsistencies in your naming scheme and - if needed - help you enforce a
+desired coding style.")
+    (home-page "https://hexdocs.pm/credo/")
+    (license license:expat)))
+
+(define-public elixir-erlex
+  (package
+    (name "elixir-erlex")
+    (version "0.2.6")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (hexpm-uri name version))
+       (sha256
+        (base32 "0x8c1j62y748ldvlh46sxzv5514rpzm809vxn594vd7y25by5lif"))))
+    (build-system mix-build-system)
+    (arguments (list #:tests? #f)) ; no tests
+    (synopsis
+     "Convert Erlang style structs and error messages to equivalent Elixir")
+    (description
+     "Converted structs and error messages are useful for pretty printing
+things like Dialyzer errors and Observer.")
+    (home-page "https://hexdocs.pm/erlex/")
+    (license license:asl2.0)))
+
+(define-public elixir-dialyxir
+  (package
+    (name "elixir-dialyxir")
+    (version "1.4.1")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (hexpm-uri name version))
+       (sha256
+        (base32 "00cqwhd1wabwds44jz94rvvr8z8cp12884d3lp69fqkrszb9bdw4"))))
+    (build-system mix-build-system)
+    (arguments (list #:tests? #f)) ; no tests
+    (propagated-inputs (list elixir-erlex))
+    (synopsis "Mix tasks to simplify use of Dialyzer")
+    (description
+     "Mix Tasks are usable from the directory of the mix project you want to analyze.")
+    (home-page "https://hexdocs.pm/dialyxir/")
+    (license license:asl2.0)))
+
+(define-public elixir-machete
+  (package
+    (name "elixir-machete")
+    (version "0.2.8")
+    (source
+     (origin
+       (method url-fetch)
+       (uri (hexpm-uri name version))
+       (sha256
+        (base32 "0952603bmqsf6v3ja99zpbnbx5d52i4xksjkfj3irl45ccq5pgq9"))))
+    (build-system mix-build-system)
+    (native-inputs (list elixir-credo elixir-dialyxir))
+    (synopsis "Literate test matchers for ExUnit")
+    (description
+     "Machete provides ergonomic match operators that act as building blocks to let
+you define test expectations that can match data against any combination of
+literals, variables, or parametrically defined matchers.")
+    (home-page "https://hexdocs.pm/machete/")
+    (license license:expat)))
+
+;;;
+;;; Avoid adding new packages to the end of this file. To reduce the chances
+;;; of a merge conflict, place them above by existing packages with similar
+;;; functionality or similar names.
+;;;
diff --git a/gnu/packages/elixir.scm b/gnu/packages/elixir.scm
index 724b42512c..ef8c39d0d7 100644
--- a/gnu/packages/elixir.scm
+++ b/gnu/packages/elixir.scm
@@ -27,6 +27,7 @@
   #:use-module ((guix licenses) #:prefix license:)
   #:use-module (guix build-system gnu)
   #:use-module (guix gexp)
+  #:use-module (guix utils)
   #:use-module (guix git-download)
   #:use-module (guix packages)
   #:use-module (gnu packages)
@@ -96,9 +97,20 @@
             (lambda* (#:key inputs #:allow-other-keys)
               ;; Some tests require access to a home directory.
               (setenv "HOME" "/tmp")))
-          (delete 'configure))))
-    (inputs
-     (list erlang git))
+          (delete 'configure)
+          (add-after 'install 'wrap-programs
+            (lambda* (#:key inputs outputs #:allow-other-keys)
+              (let* ((out (assoc-ref outputs "out"))
+                     (programs '("elixir" "elixirc" "iex" "mix")))
+                (for-each (lambda (program)
+                            (wrap-program (string-append out "/bin/" program)
+                              '("ERL_LIBS" prefix ("${GUIX_ELIXIR_LIBS}"))))
+                          programs)))))))
+    (inputs (list erlang git))
+    (native-search-paths
+     (list (search-path-specification
+            (variable "GUIX_ELIXIR_LIBS")
+            (files (list (string-append "lib/elixir/" (version-major+minor version)))))))
     (home-page "https://elixir-lang.org/")
     (synopsis "Elixir programming language")
     (description "Elixir is a dynamic, functional language used to build
@@ -106,3 +118,48 @@ scalable and maintainable applications.  Elixir leverages the Erlang VM, known
 for running low-latency, distributed and fault-tolerant systems, while also
 being successfully used in web development and the embedded software domain.")
     (license license:asl2.0)))
+
+(define-public elixir-hex
+  (package
+    (name "elixir-hex")
+    (version "2.0.5")
+    (source
+     (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/hexpm/hex.git")
+             (commit (string-append "v" version))))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32
+         "1kvczwvij58kgkhak68004ap81pl26600bczg21mymy2sypkgxmj"))))
+    ;; The mix-build-system assumes that Hex exists.
+    ;; We build Hex using the gnu-build-system.
+    ;; Other Elixir packages use the mix-build-system.
+    (build-system gnu-build-system)
+    (inputs (list elixir))
+    (arguments
+     (list
+      ;; Hex is needed to build packages used to test Hex.
+      ;; To avoid this circularity, we disable tests.
+      #:tests? #f
+      #:phases
+      #~(modify-phases %standard-phases
+          (delete 'bootstrap)
+          (delete 'configure)
+          (replace 'build
+            (lambda* (#:key inputs #:allow-other-keys)
+              (setenv "MIX_ENV" "prod")
+              (invoke "mix" "compile")))
+          (replace 'install
+            (lambda* (#:key inputs outputs #:allow-other-keys)
+              (define X.Y #$(version-major+minor (package-version elixir)))
+              (define out (string-append (assoc-ref outputs "out") "/lib/elixir/" X.Y "/hex"))
+              (mkdir-p out)
+              (copy-recursively "_build/prod/lib/hex" out))))))
+    (synopsis "Package manager for the Erlang VM")
+    (description
+     "This project provides tasks that integrate with Mix, Elixir's build
+tool.")
+    (home-page "https://hexdocs.pm/makeup_elixir/")
+    (license license:bsd-2)))
diff --git a/gnu/packages/emacs-xyz.scm b/gnu/packages/emacs-xyz.scm
index 9f219dd0dd..77d49627fc 100644
--- a/gnu/packages/emacs-xyz.scm
+++ b/gnu/packages/emacs-xyz.scm
@@ -11691,7 +11691,7 @@ them easier to distinguish from other, less important buffers.")
 (define-public emacs-embark
   (package
     (name "emacs-embark")
-    (version "0.23")
+    (version "1.0")
     (source
      (origin
        (method git-fetch)
@@ -11699,7 +11699,7 @@ them easier to distinguish from other, less important buffers.")
              (url "https://github.com/oantolin/embark")
              (commit version)))
        (sha256
-        (base32 "1dmsaw1m819kzmai45c4cqh5lyyha451f7dxzwwfz9crmzg2w5sf"))
+        (base32 "14alpanynww6z7yxxyiiy24c0p4pq1argsb0pmqavq25mdxgn4v2"))
        (file-name (git-file-name name version))))
     (build-system emacs-build-system)
     (arguments
@@ -24433,8 +24433,8 @@ key again.")
     (license license:gpl3+)))
 
 (define-public emacs-mbsync
-  (let ((commit "b62491c0e0d89eb9c66261a16d7ac81231c9c453")
-        (revision "4"))
+  (let ((commit "d3c81da81ce5b154c0d048047a47277338721a70")
+        (revision "5"))
     (package
       (name "emacs-mbsync")
       (version (git-version "0.1.2" revision commit))
@@ -24447,7 +24447,7 @@ key again.")
          (file-name (git-file-name name version))
          (sha256
           (base32
-           "1zlih37mkqjn2czl12zn7lgxxljvrwhqqpbksj9c91zn0f0rm3mz"))))
+           "10xxgvzjb7bl3lzgjkdsnnkd9wphkc2pm621agyjlayzcjnldz5p"))))
       (build-system emacs-build-system)
       (home-page "https://github.com/dimitri/mbsync-el")
       (synopsis "Interface to mbsync for Emacs")
diff --git a/gnu/packages/file-systems.scm b/gnu/packages/file-systems.scm
index bc061a5958..05074b2eb4 100644
--- a/gnu/packages/file-systems.scm
+++ b/gnu/packages/file-systems.scm
@@ -1365,7 +1365,7 @@ with the included @command{xfstests-check} helper.")
 (define-public zfs
   (package
     (name "zfs")
-    (version "2.1.12")
+    (version "2.1.14")
     (outputs '("out" "module" "src"))
     (source
       (origin
@@ -1374,7 +1374,7 @@ with the included @command{xfstests-check} helper.")
                               "/download/zfs-" version
                               "/zfs-" version ".tar.gz"))
           (sha256
-           (base32 "0vbf9kfryprb2mbb65jllf6xpsy44xskshglyqqwj4iyxmma5nk4"))))
+           (base32 "0gzansmin40llxxh2zkgpdyp41ikd8s5hv5mpwhpcivk1q8fv7sh"))))
     (build-system linux-module-build-system)
     (arguments
      (list
diff --git a/gnu/packages/finance.scm b/gnu/packages/finance.scm
index 6ed363552a..98a220385b 100644
--- a/gnu/packages/finance.scm
+++ b/gnu/packages/finance.scm
@@ -142,7 +142,7 @@
   ;; <https://bitcoincore.org/en/lifecycle/#schedule>.
   (package
     (name "bitcoin-core")
-    (version "25.1")
+    (version "26.0")
     (source (origin
               (method url-fetch)
               (uri
@@ -150,7 +150,7 @@
                               version "/bitcoin-" version ".tar.gz"))
               (sha256
                (base32
-                "1jcq2686x6f1g8xk91h3qfw89v1klw931wbpbcvc5a6zv2cabhmy"))))
+                "18f0rl7nzr64m54d6hmrphg7z39mmj2ix47kv78n5nr8dqkrj7db"))))
     (build-system gnu-build-system)
     (native-inputs
      (list autoconf
diff --git a/gnu/packages/firmware.scm b/gnu/packages/firmware.scm
index dfa29d35fa..5cebf515bf 100644
--- a/gnu/packages/firmware.scm
+++ b/gnu/packages/firmware.scm
@@ -872,38 +872,28 @@ Executables included are:
     (license license:bsd-2)))
 
 (define-public ovmf
-  (let ((commit "13a50a6fe1dcfa6600c38456ee24e0f9ecf51b5f")
-        (revision "1"))
+  (let ((toolchain-ver "GCC5"))
     (package
       (name "ovmf")
-      (version (git-version "20170116" revision commit))
+      (version "202308")
       (source (origin
                 (method git-fetch)
                 (uri (git-reference
                       ;; OVMF is part of the edk2 source tree.
                       (url "https://github.com/tianocore/edk2")
-                      (commit commit)))
+                      (recursive? #t) ;edk2 now uses a lot of submodules
+                      (commit (string-append "edk2-stable" version))))
                 (file-name (git-file-name name version))
                 (sha256
                  (base32
-                  "1gy2332kdqk8bjzpcsripx10896rbvgl0ic7r344kmpiwdgm948b"))))
+                  "04rnfnaqr2c7ayplj7ib730zp1snw157zx5rmykz5hz1zz2vb20j"))))
       (build-system gnu-build-system)
       (arguments
        (list
         #:tests? #f                     ; No check target.
+        #:target #f                     ; Package produces firmware.
         #:phases
         #~(modify-phases %standard-phases
-            ;; Hide the default GCC from CPLUS_INCLUDE_PATH to prevent it from
-            ;; shadowing the version of GCC provided in native-inputs.
-            (add-after 'set-paths 'hide-implicit-gcc
-              (lambda* (#:key inputs #:allow-other-keys)
-                (let ((gcc (assoc-ref inputs "gcc")))
-                  (setenv "CPLUS_INCLUDE_PATH"
-                          (string-join
-                           (delete (string-append gcc "/include/c++")
-                                   (string-split (getenv "CPLUS_INCLUDE_PATH")
-                                                 #\:))
-                           ":")))))
             (add-after 'unpack 'patch-source
               (lambda _
                 (substitute* "edksetup.sh"
@@ -916,41 +906,62 @@ Executables included are:
                        (bin (string-append tools "/BinWrappers/PosixLike")))
                   (setenv "WORKSPACE" cwd)
                   (setenv "EDK_TOOLS_PATH" tools)
+                  (setenv "PYTHON3_ENABLE" "TRUE")
+                  (setenv "PYTHON_COMMAND" "python3")
                   (setenv "PATH" (string-append (getenv "PATH") ":" bin))
                   (invoke "bash" "edksetup.sh")
+                  (substitute* "Conf/tools_def.txt"
+                    ;; Guix gcc is compiled without pie
+                    ;; The -no-pie flag causes the Ia32 build to fail
+                    (("-no-pie") ""))
                   (substitute* "Conf/target.txt"
                     (("^TARGET[ ]*=.*$") "TARGET = RELEASE\n")
+                    (("^TOOL_CHAIN_TAG[ ]*=.*$")
+                     (string-append "TOOL_CHAIN_TAG = " #$toolchain-ver "\n"))
+                    (("^TARGET_ARCH[ ]*=.*$")
+                     (string-append "TARGET_ARCH = IA32"
+                                    #$@(if (string=? "x86_64-linux" (%current-system))
+                                         '(", X64")
+                                         '())
+                                    "\n"))
                     (("^MAX_CONCURRENT_THREAD_NUMBER[ ]*=.*$")
                      (format #f "MAX_CONCURRENT_THREAD_NUMBER = ~a~%"
                              (number->string (parallel-job-count)))))
                   ;; Build build support.
-                  (setenv "BUILD_CC" "gcc")
+                  (setenv "CC" "gcc")
                   (invoke "make" "-C" tools))))
             (replace 'build
               (lambda _
-                (invoke "build" "-a" "IA32" "-t" "GCC49"
+                (invoke "build" "-a" "IA32" "-t" #$toolchain-ver
                         "-p" "OvmfPkg/OvmfPkgIa32.dsc")))
             #$@(if (string=? "x86_64-linux" (%current-system))
                    #~((add-after 'build 'build-x64
                         (lambda _
-                          (invoke "build" "-a" "X64" "-t" "GCC49"
+                          (invoke "build" "-a" "X64" "-t" #$toolchain-ver
                                   "-p" "OvmfPkg/OvmfPkgX64.dsc"))))
                    #~())
             (replace 'install
               (lambda _
                 (let ((fmw (string-append #$output "/share/firmware")))
                   (mkdir-p fmw)
-                  (copy-file "Build/OvmfIa32/RELEASE_GCC49/FV/OVMF.fd"
-                             (string-append fmw "/ovmf_ia32.bin"))
-                  #$@(if (string=? "x86_64-linux" (%current-system))
-                         '((copy-file "Build/OvmfX64/RELEASE_GCC49/FV/OVMF.fd"
-                                      (string-append fmw "/ovmf_x64.bin")))
-                         '())))))))
+                  (for-each
+                    (lambda (file)
+                      (copy-file (string-append "Build/OvmfIa32/RELEASE_"
+                                                #$toolchain-ver "/FV/" file ".fd")
+                                 (string-append fmw "/" (string-downcase file) "_ia32.bin"))
+                      #$@(if (string=? "x86_64-linux" (%current-system))
+                           #~((copy-file (string-append "Build/OvmfX64/RELEASE_"
+                                                        #$toolchain-ver "/FV/" file ".fd")
+                                         (string-append fmw "/" (string-downcase file) "_x64.bin")))
+                           #~()))
+                    (list "OVMF"
+                          "OVMF_CODE"
+                          "OVMF_VARS"))))))))
       (native-inputs
        `(("acpica" ,acpica)
-         ("gcc@5" ,gcc-5)
          ("nasm" ,nasm)
-         ("python-2" ,python-2)
+         ("perl" ,perl)
+         ("python-3" ,python-3)
          ("util-linux" ,util-linux "lib")))
       (supported-systems '("x86_64-linux" "i686-linux"))
       (home-page "https://www.tianocore.org")
@@ -961,68 +972,112 @@ Virtual Machines.  OVMF contains a sample UEFI firmware for QEMU and KVM.")
                      license:bsd-2 license:bsd-3 license:bsd-4)))))
 
 (define-public ovmf-aarch64
-  (package
-    (inherit ovmf)
-    (name "ovmf-aarch64")
-    (native-inputs
-     (append (package-native-inputs ovmf)
-             (if (not (string-prefix? "aarch64" (%current-system)))
-                 `(("cross-gcc" ,(cross-gcc "aarch64-linux-gnu"))
-                   ("cross-binutils" ,(cross-binutils "aarch64-linux-gnu")))
-                 '())))
-    (arguments
-     (substitute-keyword-arguments (package-arguments ovmf)
-       ((#:phases phases)
-        #~(modify-phases #$phases
-            #$@(if (string-prefix? "aarch64" (%current-system))
-                   '()
-                   '((add-before 'configure 'set-env
-                       (lambda _
-                         (setenv "GCC49_AARCH64_PREFIX" "aarch64-linux-gnu-")))))
-            (replace 'build
-              (lambda _
-                (invoke "build" "-a" "AARCH64" "-t" "GCC49"
-                        "-p" "ArmVirtPkg/ArmVirtQemu.dsc")))
-            (delete 'build-x64)
-            (replace 'install
-              (lambda _
-                (let ((fmw (string-append #$output "/share/firmware")))
-                  (mkdir-p fmw)
-                  (copy-file "Build/ArmVirtQemu-AARCH64/RELEASE_GCC49/FV/QEMU_EFI.fd"
-                             (string-append fmw "/ovmf_aarch64.bin")))))))))
-    (supported-systems %supported-systems)))
+  (let ((toolchain-ver "GCC5"))
+    (package
+      (inherit ovmf)
+      (name "ovmf-aarch64")
+      (native-inputs
+       (append (package-native-inputs ovmf)
+               (if (not (string-prefix? "aarch64" (%current-system)))
+                   `(("cross-gcc" ,(cross-gcc "aarch64-linux-gnu"))
+                     ("cross-binutils" ,(cross-binutils "aarch64-linux-gnu")))
+                   '())))
+      (arguments
+       (substitute-keyword-arguments (package-arguments ovmf)
+         ((#:phases phases)
+          #~(modify-phases #$phases
+              #$@(if (string-prefix? "aarch64" (%current-system))
+                     '()
+                     #~((add-before 'configure 'set-env
+                          (lambda _
+                            (setenv (string-append #$toolchain-ver "_AARCH64_PREFIX")
+                                    "aarch64-linux-gnu-")))))
+              (replace 'build
+                (lambda _
+                  (invoke "build" "-a" "AARCH64" "-t" #$toolchain-ver
+                          "-p" "ArmVirtPkg/ArmVirtQemu.dsc")))
+              (delete 'build-x64)
+              (replace 'install
+                (lambda _
+                  (let ((fmw (string-append #$output "/share/firmware")))
+                    (mkdir-p fmw)
+                    (copy-file (string-append "Build/ArmVirtQemu-AARCH64/RELEASE_"
+                                              #$toolchain-ver "/FV/QEMU_EFI.fd")
+                               (string-append fmw "/ovmf_aarch64.bin")))))))))
+      (supported-systems %supported-systems))))
 
 (define-public ovmf-arm
-  (package
-    (inherit ovmf)
-    (name "ovmf-arm")
-    (native-inputs
-     (append (package-native-inputs ovmf)
-             (if (not (string-prefix? "armhf" (%current-system)))
-                 `(("cross-gcc" ,(cross-gcc "arm-linux-gnueabihf"))
-                   ("cross-binutils" ,(cross-binutils "arm-linux-gnueabihf")))
-                 '())))
-    (arguments
-     (substitute-keyword-arguments (package-arguments ovmf)
-       ((#:phases phases)
-        #~(modify-phases #$phases
-            #$@(if (string-prefix? "armhf" (%current-system))
-                   '()
-                   '((add-before 'configure 'set-env
-                       (lambda _
-                         (setenv "GCC49_ARM_PREFIX" "arm-linux-gnueabihf-")))))
-            (replace 'build
-              (lambda _
-                (invoke "build" "-a" "ARM" "-t" "GCC49"
-                        "-p" "ArmVirtPkg/ArmVirtQemu.dsc")))
-            (delete 'build-x64)
-            (replace 'install
-              (lambda _
-                (let ((fmw (string-append #$output "/share/firmware")))
-                  (mkdir-p fmw)
-                  (copy-file "Build/ArmVirtQemu-ARM/RELEASE_GCC49/FV/QEMU_EFI.fd"
-                             (string-append fmw "/ovmf_arm.bin")))))))))
-    (supported-systems %supported-systems)))
+  (let ((toolchain-ver "GCC5"))
+    (package
+      (inherit ovmf)
+      (name "ovmf-arm")
+      (native-inputs
+       (append (package-native-inputs ovmf)
+               (if (not (string-prefix? "armhf" (%current-system)))
+                   `(("cross-gcc" ,(cross-gcc "arm-linux-gnueabihf"))
+                     ("cross-binutils" ,(cross-binutils "arm-linux-gnueabihf")))
+                   '())))
+      (arguments
+       (substitute-keyword-arguments (package-arguments ovmf)
+         ((#:phases phases)
+          #~(modify-phases #$phases
+              #$@(if (string-prefix? "armhf" (%current-system))
+                     '()
+                     #~((add-before 'configure 'set-env
+                          (lambda _
+                            (setenv (string-append #$toolchain-ver "_ARM_PREFIX")
+                                    "arm-linux-gnueabihf-")))))
+              (replace 'build
+                (lambda _
+                  (invoke "build" "-a" "ARM" "-t" #$toolchain-ver
+                          "-p" "ArmVirtPkg/ArmVirtQemu.dsc")))
+              (delete 'build-x64)
+              (replace 'install
+                (lambda _
+                  (let ((fmw (string-append #$output "/share/firmware")))
+                    (mkdir-p fmw)
+                    (copy-file (string-append "Build/ArmVirtQemu-ARM/RELEASE_"
+                                              #$toolchain-ver "/FV/QEMU_EFI.fd")
+                               (string-append fmw "/ovmf_arm.bin")))))))))
+      (supported-systems %supported-systems))))
+
+(define-public ovmf-riscv64
+  (let ((toolchain-ver "GCC5"))
+    (package
+      (inherit ovmf)
+      (name "ovmf-riscv64")
+      (native-inputs
+       (append (package-native-inputs ovmf)
+               (if (not (string-prefix? "riscv64" (%current-system)))
+                   `(("cross-gcc" ,(cross-gcc "riscv64-linux-gnu"))
+                     ("cross-binutils" ,(cross-binutils "riscv64-linux-gnu")))
+                   '())))
+      (arguments
+       (substitute-keyword-arguments (package-arguments ovmf)
+         ((#:phases phases)
+          #~(modify-phases #$phases
+              #$@(if (string-prefix? "riscv64" (%current-system))
+                     '()
+                     #~((add-before 'configure 'set-env
+                          (lambda _
+                            (setenv (string-append #$toolchain-ver "_RISCV64_PREFIX")
+                                    "riscv64-linux-gnu-")))))
+              (replace 'build
+                (lambda _
+                  (invoke "build" "-a" "RISCV64" "-t" #$toolchain-ver
+                          "-p" "OvmfPkg/RiscVVirt/RiscVVirtQemu.dsc")))
+              (delete 'build-x64)
+              (replace 'install
+                (lambda _
+                  (let ((fmw (string-append #$output "/share/firmware")))
+                    (mkdir-p fmw)
+                    (copy-file (string-append "Build/RiscVVirtQemu/RELEASE_"
+                                              #$toolchain-ver "/FV/RISCV_VIRT_CODE.fd")
+                               (string-append fmw "/RISCV_VIRT_CODE.fd"))
+                    (copy-file (string-append "Build/RiscVVirtQemu/RELEASE_"
+                                              #$toolchain-ver "/FV/RISCV_VIRT_VARS.fd")
+                               (string-append fmw "/RISCV_VIRT_VARS.fd")))))))))
+      (supported-systems %supported-systems))))
 
 (define* (make-arm-trusted-firmware platform
                                     #:key (triplet "aarch64-linux-gnu"))
diff --git a/gnu/packages/fonts.scm b/gnu/packages/fonts.scm
index 813367be8a..1b2bc319f7 100644
--- a/gnu/packages/fonts.scm
+++ b/gnu/packages/fonts.scm
@@ -2494,7 +2494,7 @@ a different style of marking.")
 (define-public font-jetbrains-mono
   (package
     (name "font-jetbrains-mono")
-    (version "2.242")
+    (version "2.304")
     (source
      (origin
        (method url-fetch)
@@ -2502,7 +2502,7 @@ a different style of marking.")
         (string-append "https://github.com/JetBrains/JetBrainsMono/releases/"
                        "download/v" version "/JetBrainsMono-" version ".zip"))
        (sha256
-        (base32 "17qs985v38x3rcg3v4av3qynwr4gvixrj50vjzy7zkkny575ncaf"))))
+        (base32 "1gvv5w0vfzndzp8k7g15j5i3yvnpr5z3imrwjs5flq19xp37cqvg"))))
     (build-system font-build-system)
     (arguments
      `(#:phases
@@ -2524,7 +2524,7 @@ a different style of marking.")
      "JetBrains Mono is a font family dedicated to developers.  JetBrains
 Mono’s typeface forms are simple and free from unnecessary details.  Rendered
 in small sizes, the text looks crisper.")
-    (license license:asl2.0)))
+    (license license:silofl1.1)))
 
 (define-public font-juliamono
   (package
diff --git a/gnu/packages/game-development.scm b/gnu/packages/game-development.scm
index c960f11e85..f2139b315f 100644
--- a/gnu/packages/game-development.scm
+++ b/gnu/packages/game-development.scm
@@ -1341,17 +1341,17 @@ and multimedia programs in the Python language.")
 
 (define-public python-pygame-sdl2
   (let ((real-version "2.1.0")
-        (renpy-version "8.1.0"))
+        (renpy-version "8.1.3"))
     (package
       (inherit python-pygame)
       (name "python-pygame-sdl2")
-      (version (string-append real-version "-for-renpy-" renpy-version))
+      (version (string-append real-version "+renpy" renpy-version))
       (source
        (origin
          (method url-fetch)
          (uri (string-append "https://www.renpy.org/dl/" renpy-version
                              "/pygame_sdl2-" version ".tar.gz"))
-         (sha256 (base32 "1qj39jqnv334p4wnxc2v5qxyahp7nkqf9hpdd2sgqcmgaqwnqqmj"))
+         (sha256 (base32 "0qlprs9n3w254ilizqzvr6s01zx72gh7an0bgwxsq4hm22qypdws"))
          (modules '((guix build utils)))
          (snippet
           '(begin
@@ -1392,7 +1392,7 @@ developed mainly for Ren'py.")
 (define-public python-renpy
   (package
     (name "python-renpy")
-    (version "8.1.0")
+    (version "8.1.3")
     (source
      (origin
        (method url-fetch)
@@ -1400,7 +1400,7 @@ developed mainly for Ren'py.")
                            "/renpy-" version "-source.tar.bz2"))
        (sha256
         (base32
-         "08l7z2vwqxkskj3rs2a0w9ahah28ixq8hy48h30k2dm9g19h450h"))
+         "1g6fz5dxp7yxhgv6q4brzf5hpfqq3l1g3dfv3fsiwwn6mj0b01z2"))
        (modules '((guix build utils)))
        (snippet
         #~(begin
diff --git a/gnu/packages/geo.scm b/gnu/packages/geo.scm
index 746b22a082..fd6bbb003a 100644
--- a/gnu/packages/geo.scm
+++ b/gnu/packages/geo.scm
@@ -529,7 +529,7 @@ topology functions.")
            libsoup
            libxml2
            rest-next
-           webkitgtk))
+           webkitgtk-for-gtk3))
     (synopsis "Graphical map viewer and wayfinding program")
     (description "GNOME Maps is a graphical map viewer.  It uses map data from
 the OpenStreetMap project.  It can provide directions for walking, bicycling,
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 69698cf4fc..b0417b2df9 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -1666,7 +1666,7 @@ sharing to the masses.")
            libmusicbrainz
            libxml2
            neon
-           webkitgtk))
+           webkitgtk-for-gtk3))
     (synopsis "File previewer for the GNOME desktop")
     (description "Sushi is a DBus-activated service that allows applications
 to preview files on the GNOME desktop.")
@@ -3398,7 +3398,7 @@ compiles to GTKBuilder XML.")
            python-pygobject
            python-lxml
            webkitgtk
-           webkitgtk-next))
+           webkitgtk))
     (native-inputs
      (list `(,glib "bin")
            gobject-introspection
@@ -6175,7 +6175,7 @@ both a traditional UI or a modern UI with a GtkHeaderBar.")
            pkg-config))
     (inputs
      (list amtk
-           webkitgtk))
+           webkitgtk-for-gtk3))
     (home-page "https://wiki.gnome.org/Apps/Devhelp")
     (synopsis "API documentation browser for GNOME")
     (description
@@ -6188,7 +6188,7 @@ throughout GNOME for API documentation).")
   (hidden-package
    (package/inherit devhelp
      (inputs (modify-inputs (package-inputs devhelp)
-               (replace "webkitgtk" webkitgtk-with-libsoup2))))))
+               (replace "webkitgtk-for-gtk3" webkitgtk-with-libsoup2))))))
 
 (define-public cogl
   (package
@@ -7204,7 +7204,7 @@ almost all of them.")
            libxslt
            nettle                       ; for hogweed
            sqlite
-           webkitgtk))
+           webkitgtk-for-gtk3))
     (home-page "https://wiki.gnome.org/Apps/Web")
     (synopsis "GNOME web browser")
     (description
@@ -7394,7 +7394,7 @@ jQuery.Syntax JavaScript libraries.")
            man-db                                 ;for URIs like "man:ls"
            groff-minimal                          ;ditto
            sqlite
-           webkitgtk
+           webkitgtk-for-gtk3
            yelp-xsl))
     (home-page "https://wiki.gnome.org/Apps/Yelp")
     (synopsis "GNOME help browser")
@@ -8074,7 +8074,7 @@ window manager.")
            libsecret
            mit-krb5
            rest-next
-           webkitgtk))
+           webkitgtk-for-gtk3))
     (synopsis "Single sign-on framework for GNOME")
     (home-page "https://wiki.gnome.org/Projects/GnomeOnlineAccounts")
     (description
@@ -8107,7 +8107,7 @@ Microsoft Exchange, Last.fm, IMAP/SMTP, Jabber, SIP and Kerberos.")
                       (delete 'disable-gtk-update-icon-cache)))))
     (inputs (modify-inputs (package-inputs gnome-online-accounts)
               (replace "rest" rest)
-              (replace "webkitgtk" webkitgtk-with-libsoup2)))))
+              (replace "webkitgtk-for-gtk3" webkitgtk-with-libsoup2)))))
 
 (define-public evolution-data-server
   (package
@@ -8193,7 +8193,7 @@ Microsoft Exchange, Last.fm, IMAP/SMTP, Jabber, SIP and Kerberos.")
            libphonenumber
            mit-krb5
            openldap
-           webkitgtk))
+           webkitgtk-for-gtk3))
     (synopsis "Store address books and calendars")
     (home-page "https://wiki.gnome.org/Apps/Evolution")
     (description
@@ -8220,7 +8220,7 @@ Evolution (hence the name), but is now used by other packages as well.")
      (modify-inputs (package-inputs evolution-data-server)
        (replace "gnome-online-accounts" gnome-online-accounts-3.44)
        (replace "libgweather4" libgweather)
-       (replace "webkitgtk" webkitgtk-with-libsoup2)))
+       (replace "webkitgtk-for-gtk3" webkitgtk-with-libsoup2)))
     (propagated-inputs
      (modify-inputs (package-propagated-inputs evolution-data-server)
        (delete "gtk")
@@ -11317,7 +11317,7 @@ views can be printed as PDF or PostScript files, or exported to HTML.")
            python-pygobject
            python-pylast
            totem-pl-parser
-           webkitgtk))
+           webkitgtk-for-gtk3))
     (propagated-inputs
      (list gst-plugins-good             ;required to start lollypop
            gst-plugins-ugly))           ;required for streaming
@@ -11786,7 +11786,7 @@ generic enough to work for everyone.")
            libsoup
            nss
            openldap
-           webkitgtk
+           webkitgtk-for-gtk3
            ytnef))
     (home-page "https://gitlab.gnome.org/GNOME/evolution")
     (synopsis "Manage your email, contacts and schedule")
@@ -12405,7 +12405,7 @@ integrate seamlessly with the GNOME desktop.")
            spice-gtk
            tracker
            vte
-           webkitgtk))
+           webkitgtk-for-gtk3))
     (home-page "https://wiki.gnome.org/Apps/Boxes")
     (synopsis "View, access, and manage remote and virtual systems")
     (description "GNOME Boxes is a simple application to view, access, and
@@ -12479,7 +12479,7 @@ non-privileged user.")
            libstemmer
            libunwind
            sqlite
-           webkitgtk
+           webkitgtk-for-gtk3
            ytnef))
     (native-inputs
      (list appstream-glib
@@ -13178,7 +13178,7 @@ profiler via Sysprof, debugging support, and more.")
            python-rarfile
            python-requests
            python-unidecode
-           webkitgtk-next))
+           webkitgtk))
     (native-inputs
      (list desktop-file-utils
            gettext-minimal
diff --git a/gnu/packages/gnuzilla.scm b/gnu/packages/gnuzilla.scm
index e5d0c4ea9b..7318ec727c 100644
--- a/gnu/packages/gnuzilla.scm
+++ b/gnu/packages/gnuzilla.scm
@@ -546,9 +546,9 @@ variable defined below.  It requires guile-json to be installed."
 ;; XXXX: Workaround 'snippet' limitations.
 (define computed-origin-method (@@ (guix packages) computed-origin-method))
 
-(define %icecat-base-version "115.5.0")
+(define %icecat-base-version "115.6.0")
 (define %icecat-version (string-append %icecat-base-version "-guix0-preview1"))
-(define %icecat-build-id "20231121000000") ;must be of the form YYYYMMDDhhmmss
+(define %icecat-build-id "20231219000000") ;must be of the form YYYYMMDDhhmmss
 
 ;; 'icecat-source' is a "computed" origin that generates an IceCat tarball
 ;; from the corresponding upstream Firefox ESR tarball, using the 'makeicecat'
@@ -568,12 +568,12 @@ variable defined below.  It requires guile-json to be installed."
                   "firefox-" upstream-firefox-version ".source.tar.xz"))
             (sha256
              (base32
-              "0a578r4kri7jdw8pkkzp7f1mm9idlk7sjxjghcb08k5p14172gyv"))))
+              "0rmw486yhkb1is1j2fy51djl5p5qggf2fhp2hgzfdj4s2bjydmv6"))))
 
          ;; The upstream-icecat-base-version may be older than the
          ;; %icecat-base-version.
-         (upstream-icecat-base-version "115.5.0")
-         (gnuzilla-commit "bd66797f3bb057c9d051d4276d63843b4d7ee854")
+         (upstream-icecat-base-version "115.6.0")
+         (gnuzilla-commit "6a76a10682b6e63f562e4b9f26f3ef12f88bd839")
          (gnuzilla-source
           (origin
             (method git-fetch)
@@ -585,7 +585,7 @@ variable defined below.  It requires guile-json to be installed."
                                       (string-take gnuzilla-commit 8)))
             (sha256
              (base32
-              "0v3ckm8yv566f2y9a2bfzakbsk529f1ykr7dj69kb9k93dgny3ja"))))
+              "15bvlz7c4d8mk10zc317rai91hd96wnchikcfdfxzl35zdnd315r"))))
 
          ;; 'search-patch' returns either a valid file name or #f, so wrap it
          ;; in 'assume-valid-file-name' to avoid 'local-file' warnings.
diff --git a/gnu/packages/golang.scm b/gnu/packages/golang.scm
index b5bf9d4b47..476edf6b4d 100644
--- a/gnu/packages/golang.scm
+++ b/gnu/packages/golang.scm
@@ -472,7 +472,8 @@ in the style of communicating sequential processes (@dfn{CSP}).")
             `(("gold" ,binutils-gold)))
            (_ `()))
        ,@(package-native-inputs go-1.4)))
-    (supported-systems (delete "powerpc-linux" %supported-systems))))
+    (supported-systems (fold delete %supported-systems
+                             (list "powerpc-linux" "i586-gnu")))))
 
 (define-public go-1.16
   (package
diff --git a/gnu/packages/guile-xyz.scm b/gnu/packages/guile-xyz.scm
index fcaf788d37..7b44dc3167 100644
--- a/gnu/packages/guile-xyz.scm
+++ b/gnu/packages/guile-xyz.scm
@@ -16,7 +16,7 @@
 ;;; Copyright © 2017 Theodoros Foradis <theodoros@foradis.org>
 ;;; Copyright © 2017 Nikita <nikita@n0.is>
 ;;; Copyright © 2017, 2018, 2021 Tobias Geerinckx-Rice <me@tobias.gr>
-;;; Copyright © 2018, 2021, 2022 Maxim Cournoyer <maxim.cournoyer@gmail.com>
+;;; Copyright © 2018, 2021, 2022, 2023 Maxim Cournoyer <maxim.cournoyer@gmail.com>
 ;;; Copyright © 2018, 2019, 2020, 2021, 2022, 2023 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2018 Pierre-Antoine Rouby <pierre-antoine.rouby@inria.fr>
 ;;; Copyright © 2018 Eric Bavier <bavier@member.fsf.org>
@@ -1106,7 +1106,7 @@ for calling methods on remote servers by exchanging JSON objects.")
 (define-public guile-ares-rs
   (package
     (name "guile-ares-rs")
-    (version "0.9.0")
+    (version "0.9.1")
     (source
      (origin
        (method git-fetch)
@@ -1116,7 +1116,7 @@ for calling methods on remote servers by exchanging JSON objects.")
        (file-name (git-file-name name version))
        (sha256
         (base32
-         "0jl4k54ydi1qxdvif4di0ri5jznlfc2gg1qhs94bhk4y22k0gp8c"))))
+         "173jg8z0cwq5r67lzxsmyir5f6cxd9i5gzb3qryq71cqq4h1c77n"))))
     (build-system guile-build-system)
     (arguments
      (list
@@ -2278,6 +2278,18 @@ users and in some situations.")
                (base32
                 "1q1snj8gz2bvqw2v2jvwlzn5xfh7f7wlp922isnzismrp4adc918"))))
     (build-system gnu-build-system)
+    (arguments
+     (list
+      #:phases
+      #~(modify-phases %standard-phases
+          (add-after 'unpack 'patch-extension-path
+            (lambda _
+              ;; Provide the absolute path of the guile-libudev extension to
+              ;; ensure the dlopen call always succeeds.
+              (substitute* (find-files "." "\\.scm")
+                (("load-extension \"libguile-udev\"")
+                 (format #f "load-extension \"~a/lib/libguile-udev.so\""
+                         #$output))))))))
     (native-inputs (list autoconf
                          automake
                          gettext-minimal
@@ -3433,7 +3445,7 @@ list of components.  This module takes care of that for you.")
                   (guix build utils)
                   (ice-9 popen)
                   (ice-9 rdelim))
-       #:disallowed-references ,(list gtk+ webkitgtk)
+       #:disallowed-references ,(list gtk+ webkitgtk-for-gtk3)
        #:phases
        (modify-phases %standard-phases
          (add-after 'unpack 'remove-dotted-circle-from-combining-character
@@ -3479,7 +3491,7 @@ list of components.  This module takes care of that for you.")
     (propagated-inputs (list gobject-introspection))
     (inputs (list guile-3.0 glib
                   ;; For tests, only relevant when compiling natively
-                  gtk+ webkitgtk))
+                  gtk+ webkitgtk-for-gtk3))
     (home-page "https://github.com/spk121/guile-gi")
     (synopsis "GObject bindings for Guile")
     (description
@@ -4018,7 +4030,7 @@ processing filters.")
        ("glib-networking" ,glib-networking)
        ("gtk+" ,gtk+)
        ("gtk+:bin" ,gtk+ "bin")
-       ("webkitgtk" ,webkitgtk)
+       ("webkitgtk" ,webkitgtk-for-gtk3)
        ("gtksourceview" ,gtksourceview-4)
        ("gsettings-desktop-schemas" ,gsettings-desktop-schemas)
        ("vte" ,vte)
diff --git a/gnu/packages/i2p.scm b/gnu/packages/i2p.scm
index 2e8c1d085d..b4f0c8d639 100644
--- a/gnu/packages/i2p.scm
+++ b/gnu/packages/i2p.scm
@@ -21,9 +21,12 @@
 
 (define-module (gnu packages i2p)
   #:use-module (gnu packages boost)
+  #:use-module (gnu packages check)
   #:use-module (gnu packages compression)
+  #:use-module (gnu packages pkg-config)
   #:use-module (gnu packages tls)
   #:use-module (gnu packages upnp)
+  #:use-module (guix gexp)
   #:use-module (guix packages)
   #:use-module (guix git-download)
   #:use-module (guix build-system cmake)
@@ -32,7 +35,7 @@
 (define-public i2pd
   (package
     (name "i2pd")
-    (version "2.44.0")
+    (version "2.50.0")
     (source
      (origin
        (method git-fetch)
@@ -41,41 +44,18 @@
              (commit version)))
        (file-name (git-file-name name version))
        (sha256
-        (base32 "0fwaalfxqdahgvx5rfkvdmf6gl10w328a18ddhyn5kvpmp9x7fgl"))))
+        (base32 "1vr251mgffawi3rj51dzlnv3fs1ssz6gl17qbsyhfr5fcd7s0hc5"))))
     (build-system cmake-build-system)
+    (native-inputs (list check pkg-config))
     (inputs
      (list boost miniupnpc openssl zlib))
     (arguments
-     '(#:configure-flags
-       (let ((source (assoc-ref %build-inputs "source")))
-         (list (string-append "-S" source "/build")
-               "-DWITH_PCH=OFF"
-               "-DWITH_STATIC=OFF"
-               "-DWITH_UPNP=ON"
-               "-DWITH_LIBRARY=ON"
-               "-DBUILD_SHARED_LIBS=ON"
-               "-DWITH_BINARY=ON"))
-       #:phases
-       (modify-phases %standard-phases
-         (replace 'check
-           (lambda* (#:key
-                     tests?
-                     (make-flags '())
-                     (parallel-tests? #t)
-                     #:allow-other-keys)
-             (let ((source (assoc-ref %build-inputs "source")))
-               (when tests?
-                 (copy-recursively (string-append source "/tests")
-                                   "./tests")
-                 (with-directory-excursion "tests"
-                   (substitute* "Makefile"
-                     (("../libi2pd") (string-append source "/libi2pd")))
-                   (apply invoke "make" "all"
-                          `(,@(if parallel-tests?
-                                `("-j" ,(number->string
-                                          (parallel-job-count)))
-                                '())
-                             ,@make-flags))))))))))
+     (list
+      #:configure-flags
+      #~(list (string-append "-S" #$source "/build")
+              "-DWITH_UPNP=ON"
+              "-DBUILD_SHARED_LIBS=ON"
+              "-DBUILD_TESTING=ON")))
     (home-page "https://i2pd.website/")
     (synopsis "Router for an end-to-end encrypted and anonymous internet")
     (description "i2pd is a client for the anonymous I2P network, upon which
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index d237bf689c..8a8e1eacb7 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -1253,7 +1253,9 @@ supplies a generic doubly-linked list and some string functions.")
               (patches
                (append
                 (search-patches "freeimage-unbundle.patch"
-                                "freeimage-libtiff-compat.patch")
+                                "freeimage-libtiff-compat.patch"
+                                "freeimage-CVE-2020-21428.patch"
+                                "freeimage-CVE-2020-22524.patch")
                 ;; Take one patch from Arch Linux that adds LibRaw 0.20 compatibility.
                 (list (origin
                         (method url-fetch)
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index c4da631089..3ca756dead 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -77,6 +77,7 @@
 ;;; Copyright © 2023 dan <i@dan.games>
 ;;; Copyright © 2023 Foundation Devices, Inc. <hello@foundationdevices.com>
 ;;; Copyright © 2023 Wilko Meyer <w@wmeyer.eu>
+;;; Copyright © 2023 Jaeme Sifat <jaeme@runbox.com>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -3101,6 +3102,40 @@ Both commands are targeted at system administrators.")
      '((release-monitoring-url . "https://www.netfilter.org/pub/iptables/")))
     (license license:gpl2+)))
 
+(define-public iptables-nft
+  (package
+    (inherit iptables)
+    (name "iptables-nft")
+    (source #f)
+    (build-system copy-build-system)
+    (arguments
+     (list
+      #:phases
+      #~(modify-phases %standard-phases
+          (delete 'unpack)
+          (replace 'install
+            (lambda* (#:key inputs #:allow-other-keys)
+              (for-each
+               (lambda (command-path)
+                 (let ((link-path (string-append #$output command-path)))
+                   (mkdir-p (dirname link-path))
+                   (symlink (search-input-file inputs "sbin/xtables-nft-multi")
+                            link-path)))
+               (apply append
+                      '("/bin/iptables-xml")
+                      (map (lambda (xtables)
+                             (list (string-append "/sbin/" xtables)
+                                   (string-append "/sbin/" xtables "-restore")
+                                   (string-append "/sbin/" xtables "-save")))
+                           '("arptables"
+                             "ebtables"
+                             "iptables"
+                             "ip6tables")))))))))
+    (inputs (list iptables))
+    (native-inputs '())
+    (synopsis
+     "Programs to configure Linux IP packet filtering rules (nftables API)")))
+
 (define-public bolt
   (package
     (name "bolt")
@@ -9389,7 +9424,7 @@ of Linux application development.")
 (define-public wireplumber
   (package
     (name "wireplumber")
-    (version "0.4.14")
+    (version "0.4.17")
     (source
      (origin
        (method git-fetch)
@@ -9399,7 +9434,7 @@ of Linux application development.")
              (commit version)))
        (file-name (git-file-name name version))
        (sha256
-        (base32 "0jmnd6000j4wx68lxgz5b4g4hxkf243ivi9swaaf8rnx99cbx91w"))))
+        (base32 "00jzn0pxy2ws819yg4p8xxhngqai3labd1alaxb8zwzymr7m06my"))))
     (build-system meson-build-system)
     (arguments
      `(#:configure-flags '("-Dsystemd=disabled"
diff --git a/gnu/packages/lisp-xyz.scm b/gnu/packages/lisp-xyz.scm
index 31192f3c4e..4daf7afd84 100644
--- a/gnu/packages/lisp-xyz.scm
+++ b/gnu/packages/lisp-xyz.scm
@@ -5065,7 +5065,7 @@ is a library for creating graphical user interfaces.")
     (inputs
      `(("cffi" ,sbcl-cffi)
        ("cl-cffi-gtk" ,sbcl-cl-cffi-gtk)
-       ("webkitgtk" ,webkitgtk)))
+       ("webkitgtk" ,webkitgtk-for-gtk3)))
     (native-inputs
      `(;; Tests seem to need Xorg.
        ;; ("xorg-server" ,xorg-server-for-tests)
diff --git a/gnu/packages/mail.scm b/gnu/packages/mail.scm
index 1676acf2f9..523c20c4a9 100644
--- a/gnu/packages/mail.scm
+++ b/gnu/packages/mail.scm
@@ -3931,7 +3931,7 @@ tools and applications:
            libsecret
            openldap
            sqlite
-           webkitgtk))
+           webkitgtk-for-gtk3))
     (native-inputs
      (list compface
            `(,glib "bin") intltool pkg-config yelp-tools))
diff --git a/gnu/packages/mate.scm b/gnu/packages/mate.scm
index 5c3b4a265e..5a6c6b5b64 100644
--- a/gnu/packages/mate.scm
+++ b/gnu/packages/mate.scm
@@ -775,7 +775,7 @@ infamous 'Wanda the Fish'.")
        ;;   Build libkpathsea as a shared library for DVI support.
        ;; ("libkpathsea" ,texlive-bin)
        ("poppler" ,poppler)
-       ("webkitgtk" ,webkitgtk)))
+       ("webkitgtk" ,webkitgtk-for-gtk3)))
     (home-page "https://mate-desktop.org")
     (synopsis "Document viewer for Mate")
     (description
diff --git a/gnu/packages/music.scm b/gnu/packages/music.scm
index bf87537aec..77e952d383 100644
--- a/gnu/packages/music.scm
+++ b/gnu/packages/music.scm
@@ -578,7 +578,7 @@ list(APPEND ctrlrLibs \"iberty\")")))))
              freetype
              libiberty
              libx11
-             webkitgtk))
+             webkitgtk-for-gtk3))
       (native-inputs
        (list pkg-config))
       (home-page "https://ctrlr.org/")
diff --git a/gnu/packages/networking.scm b/gnu/packages/networking.scm
index d5e44b53b8..2d2bce96c2 100644
--- a/gnu/packages/networking.scm
+++ b/gnu/packages/networking.scm
@@ -4195,7 +4195,7 @@ network.  This must be enabled on the target host, usually in the BIOS.")
 (define-public traceroute
   (package
     (name "traceroute")
-    (version "2.1.2")
+    (version "2.1.5")
     (source
      (origin
        (method url-fetch)
@@ -4203,7 +4203,7 @@ network.  This must be enabled on the target host, usually in the BIOS.")
                            "traceroute-" version "/traceroute-"
                            version ".tar.gz"))
        (sha256
-        (base32 "07svkglyizxirgcmv6d4ih59f3ds8pnyprvkrqcf5d3p567jcz2h"))))
+        (base32 "17l5barragw0mfgsbjfndny3w4l7zs20l6s6rvim3azajq6jcv4w"))))
     (build-system gnu-build-system)
     (arguments
      (list
diff --git a/gnu/packages/patches/freeimage-CVE-2020-21428.patch b/gnu/packages/patches/freeimage-CVE-2020-21428.patch
new file mode 100644
index 0000000000..49f427360b
--- /dev/null
+++ b/gnu/packages/patches/freeimage-CVE-2020-21428.patch
@@ -0,0 +1,17 @@
+https://sources.debian.org/data/main/f/freeimage/3.18.0%2Bds2-10/debian/patches/r1877-improved-DDS-plugin-against-malicious-images.patch
+
+Origin: upstream, r1877
+Index: Source/FreeImage/PluginDDS.cpp
+===================================================================
+diff --git a/Source/FreeImage/PluginDDS.cpp b/Source/FreeImage/PluginDDS.cpp
+--- a/Source/FreeImage/PluginDDS.cpp	(revision 1876)
++++ b/Source/FreeImage/PluginDDS.cpp	(revision 1877)
+@@ -617,7 +617,7 @@
+ 	// read the file

+ 	// -------------------------------------------------------------------------

+ 

+-	const int line = CalculateLine(width, bpp);

++	const int line = CalculateLine(width, FreeImage_GetBPP(dib));

+ 	const int filePitch = ((desc->dwFlags & DDSD_PITCH) == DDSD_PITCH) ? (int)desc->dwPitchOrLinearSize : line;

+ 	const long delta = (long)filePitch - (long)line;

+ 

diff --git a/gnu/packages/patches/freeimage-CVE-2020-22524.patch b/gnu/packages/patches/freeimage-CVE-2020-22524.patch
new file mode 100644
index 0000000000..47368d7d91
--- /dev/null
+++ b/gnu/packages/patches/freeimage-CVE-2020-22524.patch
@@ -0,0 +1,229 @@
+https://sources.debian.org/data/main/f/freeimage/3.18.0%2Bds2-10/debian/patches/r1848-improved-PFM-plugin-against-malicious-images.patch
+
+Origin: upstream, r1848
+Index: Source/FreeImage/PluginPFM.cpp
+---
+diff --git a/Source/FreeImage/PluginPFM.cpp b/Source/FreeImage/PluginPFM.cpp
+--- a/Source/FreeImage/PluginPFM.cpp	(revision 1847)
++++ b/Source/FreeImage/PluginPFM.cpp	(revision 1848)
+@@ -23,6 +23,12 @@
+ #include "Utilities.h"
+ 
+ // ==========================================================
++// Plugin Interface
++// ==========================================================
++
++static int s_format_id;
++
++// ==========================================================
+ // Internal functions
+ // ==========================================================
+ 
+@@ -59,6 +65,9 @@
+ 
+ /**
+ Get an integer value from the actual position pointed by handle
++@param io
++@param handle
++@return Returns -1 in case of failure, returns the found number otherwise
+ */
+ static int
+ pfm_get_int(FreeImageIO *io, fi_handle handle) {
+@@ -65,70 +74,72 @@
+     char c = 0;
+ 	BOOL bFirstChar;
+ 
+-    // skip forward to start of next number
++	try {
+ 
+-	if(!io->read_proc(&c, 1, 1, handle)) {
+-		throw FI_MSG_ERROR_PARSING;
+-	}
++		// skip forward to start of next number
+ 
+-    while (1) {
+-        // eat comments
++		if (io->read_proc(&c, 1, 1, handle) != 1) {
++			throw FI_MSG_ERROR_PARSING;
++		}
+ 
+-        if (c == '#') {
+-			// if we're at a comment, read to end of line
++		while (1) {
++			// eat comments
+ 
+-            bFirstChar = TRUE;
++			if (c == '#') {
++				// if we're at a comment, read to end of line
+ 
+-            while (1) {
+-				if(!io->read_proc(&c, 1, 1, handle)) {
+-					throw FI_MSG_ERROR_PARSING;
+-				}
++				bFirstChar = TRUE;
+ 
+-				if (bFirstChar && c == ' ') {
+-					// loop off 1 sp after #
+-					bFirstChar = FALSE;
+-				} else if (c == '\n') {
+-					break;
++				while (1) {
++					if (io->read_proc(&c, 1, 1, handle) != 1) {
++						throw FI_MSG_ERROR_PARSING;
++					}
++
++					if (bFirstChar && c == ' ') {
++						// loop off 1 sp after #
++						bFirstChar = FALSE;
++					}
++					else if (c == '\n') {
++						break;
++					}
+ 				}
+ 			}
+-		}
+ 
+-        if (c >= '0' && c <='9') {
+-			// we've found what we were looking for
+-            break;
+-		}
++			if (c >= '0' && c <= '9') {
++				// we've found what we were looking for
++				break;
++			}
+ 
+-		if(!io->read_proc(&c, 1, 1, handle)) {
+-			throw FI_MSG_ERROR_PARSING;
++			if (io->read_proc(&c, 1, 1, handle) != 1) {
++				throw FI_MSG_ERROR_PARSING;
++			}
+ 		}
+-    }
+ 
+-    // we're at the start of a number, continue until we hit a non-number
++		// we're at the start of a number, continue until we hit a non-number
+ 
+-    int i = 0;
++		int i = 0;
+ 
+-    while (1) {
+-        i = (i * 10) + (c - '0');
++		while (1) {
++			i = (i * 10) + (c - '0');
+ 
+-		if(!io->read_proc(&c, 1, 1, handle)) {
+-			throw FI_MSG_ERROR_PARSING;
+-		}
++			if (io->read_proc(&c, 1, 1, handle) != 1) {
++				throw FI_MSG_ERROR_PARSING;
++			}
+ 
+-		if (c < '0' || c > '9') {
+-			break;
++			if (c < '0' || c > '9') {
++				break;
++			}
+ 		}
+-    }
+ 
+-    return i;
++		return i;
++	}
++	catch (const char *message) {
++		FreeImage_OutputMessageProc(s_format_id, message);
++		return -1;
++	}
+ }
+ 
+ // ==========================================================
+-// Plugin Interface
+-// ==========================================================
+-
+-static int s_format_id;
+-
+-// ==========================================================
+ // Plugin Implementation
+ // ==========================================================
+ 
+@@ -230,8 +241,12 @@
+ 		}
+ 
+ 		// Read the header information: width, height and the scale value
+-		unsigned width  = (unsigned) pfm_get_int(io, handle);
+-		unsigned height = (unsigned) pfm_get_int(io, handle);
++		int width = pfm_get_int(io, handle);
++		int height = pfm_get_int(io, handle);
++		if ((width <= 0) || (height <= 0)) {
++			throw FI_MSG_ERROR_PARSING;
++		}
++
+ 		float scalefactor = 1;
+ 
+ 		BOOL bResult = pfm_get_line(io, handle, line_buffer, PFM_MAXLINE);
+@@ -262,7 +277,7 @@
+ 				throw FI_MSG_ERROR_MEMORY;
+ 			}
+ 
+-			for (unsigned y = 0; y < height; y++) {	
++			for (int y = 0; y < height; y++) {	
+ 				FIRGBF *bits = (FIRGBF*)FreeImage_GetScanLine(dib, height - 1 - y);
+ 
+ 				if(io->read_proc(lineBuffer, sizeof(float), lineWidth, handle) != lineWidth) {
+@@ -271,7 +286,7 @@
+ 				float *channel = lineBuffer;
+ 				if(scalefactor > 0) {
+ 					// MSB
+-					for (unsigned x = 0; x < width; x++) {
++					for (int x = 0; x < width; x++) {
+ 						REVERSEBYTES(channel++, &bits[x].red);
+ 						REVERSEBYTES(channel++, &bits[x].green);
+ 						REVERSEBYTES(channel++, &bits[x].blue);
+@@ -278,7 +293,7 @@
+ 					}
+ 				} else {
+ 					// LSB					
+-					for (unsigned x = 0; x < width; x++) {
++					for (int x = 0; x < width; x++) {
+ 						bits[x].red		= *channel++;
+ 						bits[x].green	= *channel++;
+ 						bits[x].blue	= *channel++;
+@@ -296,7 +311,7 @@
+ 				throw FI_MSG_ERROR_MEMORY;
+ 			}
+ 
+-			for (unsigned y = 0; y < height; y++) {	
++			for (int y = 0; y < height; y++) {	
+ 				float *bits = (float*)FreeImage_GetScanLine(dib, height - 1 - y);
+ 
+ 				if(io->read_proc(lineBuffer, sizeof(float), lineWidth, handle) != lineWidth) {
+@@ -305,12 +320,12 @@
+ 				float *channel = lineBuffer;
+ 				if(scalefactor > 0) {
+ 					// MSB - File is Big endian
+-					for (unsigned x = 0; x < width; x++) {
++					for (int x = 0; x < width; x++) {
+ 						REVERSEBYTES(channel++, &bits[x]);
+ 					}
+ 				} else {
+ 					// LSB - File is Little Endian
+-					for (unsigned x = 0; x < width; x++) {
++					for (int x = 0; x < width; x++) {
+ 						bits[x] = *channel++;
+ 					}
+ 				}
+@@ -323,9 +338,12 @@
+ 		return dib;
+ 
+ 	} catch (const char *text)  {
+-		if(lineBuffer) free(lineBuffer);
+-		if(dib) FreeImage_Unload(dib);
+-
++		if (lineBuffer) {
++			free(lineBuffer);
++		}
++		if (dib) {
++			FreeImage_Unload(dib);
++		}
+ 		if(NULL != text) {
+ 			FreeImage_OutputMessageProc(s_format_id, text);
+ 		}
diff --git a/gnu/packages/php-xyz.scm b/gnu/packages/php-xyz.scm
new file mode 100644
index 0000000000..bef5a2dcb4
--- /dev/null
+++ b/gnu/packages/php-xyz.scm
@@ -0,0 +1,50 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2019 Julien Lepiller <julien@lepiller.eu>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu packages php-xyz)
+  #:use-module (gnu packages)
+  #:use-module (gnu packages php)
+  #:use-module (guix packages)
+  #:use-module (guix git-download)
+  #:use-module (guix build-system copy)
+  #:use-module (guix utils)
+  #:use-module ((guix licenses) #:prefix license:))
+
+(define-public composer-classloader
+  (package
+    (name "composer-classloader")
+    (version "1.9.0")
+    (source
+     (origin
+       (method git-fetch)
+       (uri (git-reference
+             (url "https://github.com/composer/composer")
+             (commit version)))
+       (file-name (git-file-name name version))
+       (sha256
+        (base32 "0127zmmg3yx84ljngfs86q7kjhyypybkf4d1ihfrfnzgynzxfxdf"))))
+    (build-system copy-build-system)
+    (arguments
+     `(#:install-plan
+       '(("src/Composer/Autoload/ClassLoader.php" "/share/web/composer/"))))
+    (home-page "https://getcomposer.org")
+    (synopsis "PHP class loader extracted from the composer package")
+    (description "This package contains the class loader class used by Composer to
+build its autoloading feature.  This package is used by the composer-build-system
+to build its own store-aware autoloading feature.")
+    (license license:expat)))
diff --git a/gnu/packages/rednotebook.scm b/gnu/packages/rednotebook.scm
index f63104ad32..a5dcc26efd 100644
--- a/gnu/packages/rednotebook.scm
+++ b/gnu/packages/rednotebook.scm
@@ -71,7 +71,8 @@
                  `("LD_LIBRARY_PATH" ":" prefix (,webkitgtk-path)))
                #t))))))
     (inputs
-     (list gtk+ gtksourceview-3 python-pyyaml python-pygobject webkitgtk))
+     (list gtk+ gtksourceview-3 python-pyyaml python-pygobject
+           webkitgtk-for-gtk3))
     ;; TODO: package the following for python3 (if possible), add them as
     ;; dependencies, and remove them from rednotebook source:
     ;; pygtkspellcheck, elib.intl, msgfmt, txt2tags
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index 47089b197d..0b364bbe90 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -132,7 +132,7 @@ file names.
 (define-public libssh
   (package
     (name "libssh")
-    (version "0.10.5")
+    (version "0.10.6")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.libssh.org/files/"
@@ -140,7 +140,7 @@ file names.
                                   "/libssh-" version ".tar.xz"))
               (sha256
                (base32
-                "0d22gq77ga24ijlgr3d1wvhfvprx61iklkb3npifxfb7ygvjy3mn"))
+                "1hcxvsb4brznxqq6cjwxkk7yv4c48w4fcwxwd8dp9wdnyncd8q8q"))
               (modules '((guix build utils)))
               (snippet
                ;; 'PATH_MAX' is undefined on GNU/Hurd; work around it.
@@ -198,7 +198,7 @@ a server that supports the SSH-2 protocol.")
 (define-public openssh
   (package
    (name "openssh")
-   (version "9.5p1")
+   (version "9.6p1")
    (source
     (origin
       (method url-fetch)
@@ -206,11 +206,14 @@ a server that supports the SSH-2 protocol.")
                           "openssh-" version ".tar.gz"))
       (patches (search-patches "openssh-trust-guix-store-directory.patch"))
       (sha256
-       (base32 "0sq8hqk6f0x6djgvqawjbwwxpwd8r1nzjahqfl7m9yx7kfvyf9ph"))))
+       (base32 "0z3pgam8b4z05lvdb78iv06p204qwl7b94a3cnnwba2mfb0120li"))))
    (build-system gnu-build-system)
    (arguments
     (list
      #:test-target "tests"
+     ;; Not all of the tests can be run in parallel, see
+     ;; <https://marc.info/?l=openssh-unix-dev&m=170313565518842>.
+     #:parallel-tests? #f
      ;; Otherwise, the test scripts try to use a nonexistent directory and fail.
      #:make-flags
      #~(list "REGRESSTMP=\"$${BUILDDIR}/regress\"")
diff --git a/gnu/packages/syncthing.scm b/gnu/packages/syncthing.scm
index 2b8a37b518..7598b46824 100644
--- a/gnu/packages/syncthing.scm
+++ b/gnu/packages/syncthing.scm
@@ -7,6 +7,7 @@
 ;;; Copyright © 2021 Maxim Cournoyer <maxim.cournoyer@gmail.com>
 ;;; Copyright © 2021 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2022 John Kehayias <john.kehayias@protonmail.com>
+;;; Copyright © 2023 Benjamin Slade <slade@lambda-y.net>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -44,7 +45,7 @@
 (define-public syncthing
   (package
     (name "syncthing")
-    (version "1.25.0")
+    (version "1.27.1")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://github.com/syncthing/syncthing"
@@ -52,7 +53,7 @@
                                   "/syncthing-source-v" version ".tar.gz"))
               (sha256
                (base32
-                "18cyg0wnf34xi964fxvzxgcq6z0pbirk0k4z82w1cqi3f3l9jlg2"))))
+                "0d1qlzh07a9h2wx2fxm2fdask2sm750pqwk7jx62x2hcwmb08ysw"))))
     (build-system go-build-system)
     ;; The primary Syncthing executable goes to "out", while the auxiliary
     ;; server programs and utility tools go to "utils".  This reduces the size
diff --git a/gnu/packages/syndication.scm b/gnu/packages/syndication.scm
index 4d9811096b..a9e5b80bbf 100644
--- a/gnu/packages/syndication.scm
+++ b/gnu/packages/syndication.scm
@@ -43,7 +43,6 @@
   #:use-module (gnu packages cmake)
   #:use-module (gnu packages crates-io)
   #:use-module (gnu packages curl)
-  #:use-module (gnu packages documentation)
   #:use-module (gnu packages freedesktop)
   #:use-module (gnu packages gettext)
   #:use-module (gnu packages glib)
@@ -336,38 +335,6 @@ file system, and many more features.")
     (license (list license:gpl2+        ; filter/*
                    license:expat))))    ; everything else
 
-(define-public newsboat-2.13
-  (package
-    (inherit newsboat)
-    (version "2.13")
-    (source
-     (origin
-       (method url-fetch)
-       (uri (string-append "https://newsboat.org/releases/" version
-                           "/newsboat-" version ".tar.xz"))
-       (sha256
-        (base32
-         "0pik1d98ydzqi6055vdbkjg5krwifbk2hy2f5jp5p1wcy2s16dn7"))))
-    (build-system gnu-build-system)
-    (native-inputs
-     `(,@(fold alist-delete (package-native-inputs newsboat)
-               '("asciidoctor" "openssl"))
-       ;; For building documentation.
-       ("asciidoc" ,asciidoc)))
-    (inputs
-     (modify-inputs (package-inputs newsboat)
-       (replace "json-c" json-c-0.13)))
-    (arguments
-     '(#:phases
-       (modify-phases %standard-phases
-         (delete 'configure)            ; no configure script
-         (add-after 'build 'build-documentation
-           (lambda _
-             (invoke "make" "doc"))))
-       #:make-flags
-       (list (string-append "prefix=" (assoc-ref %outputs "out")))
-       #:test-target "test"))))
-
 (define-public liferea
   (package
     (name "liferea")
@@ -630,7 +597,7 @@ parser.  It is \"not fit for use at this point\", but gfeeds uses it anyway.")
            python-readability-lxml
            python-requests
            syndication-domination
-           webkitgtk-next))
+           webkitgtk))
     (home-page "https://gfeeds.gabmus.org/")
     (synopsis "Easy-to-use GTK+ RSS/Atom feed reader")
     (description "Feeds is an RSS/Atom feed reader made with GTK+
diff --git a/gnu/packages/telegram.scm b/gnu/packages/telegram.scm
index 4814c22b6c..990dc0a001 100644
--- a/gnu/packages/telegram.scm
+++ b/gnu/packages/telegram.scm
@@ -531,7 +531,7 @@ Telegram project, for its use in telegram desktop client.")
            rnnoise
            wayland
            wayland-protocols
-           webkitgtk
+           webkitgtk-for-gtk3
            webrtc-for-telegram-desktop
            xcb-util-keysyms
            xxhash
diff --git a/gnu/packages/video.scm b/gnu/packages/video.scm
index ec777d935e..b25352fdaa 100644
--- a/gnu/packages/video.scm
+++ b/gnu/packages/video.scm
@@ -3762,6 +3762,35 @@ This may help improve your viewers watching experience, and allows you to use
 your host privately.")
     (license license:gpl2+)))
 
+(define-public obs-pipewire-audio-capture
+  (package
+    (name "obs-pipewire-audio-capture")
+    (version "1.1.2")
+    (source (origin
+              (method git-fetch)
+              (uri (git-reference
+                    (url "https://github.com/dimtpap/obs-pipewire-audio-capture")
+                    (commit version)))
+              (file-name (git-file-name name version))
+              (sha256
+               (base32
+                "0qjl8xlaf54zgz34f1dfybdg2inc2ir42659kh15ncihpgbx0wzl"))))
+    (build-system cmake-build-system)
+    (arguments
+     (list
+      #:tests? #f ; no test target
+      #:configure-flags
+      #~(list (string-append "-DLIBOBS_INCLUDE_DIR="
+                             #$(this-package-input "obs") "/lib")
+              "-Wno-dev")))
+    (native-inputs (list libconfig pkg-config))
+    (inputs (list obs pipewire))
+    (home-page "https://obsproject.com/forum/resources/pipewire-audio-capture.1458/")
+    (synopsis "Audio device and application capture for OBS Studio using PipeWire")
+    (description "This plugin adds 3 sources for capturing audio outputs,
+inputs and applications using PipeWire.")
+    (license license:gpl2+)))
+
 (define-public obs-websocket
   ;; Functionality was merged into OBS.
   (deprecated-package "obs-websocket" obs))
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index ea4601a5d0..35bac9a5ac 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -25,7 +25,7 @@
 ;;; Copyright © 2021 Petr Hodina <phodina@protonmail.com>
 ;;; Copyright © 2021 Raghav Gururajan <rg@raghavgururajan.name>
 ;;; Copyright © 2022 Oleg Pykhalov <go.wigust@gmail.com>
-;;; Copyright © 2022 Ekaitz Zarraga <ekaitz@elenq.tech>
+;;; Copyright © 2022, 2023 Ekaitz Zarraga <ekaitz@elenq.tech>
 ;;; Copyright © 2022 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2022 Zhu Zihao <all_but_last@163.com>
 ;;; Copyright © 2023 Juliana Sims <juli@incana.org>
@@ -166,14 +166,14 @@
 (define-public qemu
   (package
     (name "qemu")
-    (version "8.1.1")
+    (version "8.1.3")
     (source
      (origin
        (method url-fetch)
        (uri (string-append "https://download.qemu.org/qemu-"
                            version ".tar.xz"))
        (sha256
-        (base32 "1vvxmd7xbkl083anpqm797m070qi8n5wc5qid0ppbyq0wpsjxkip"))
+        (base32 "1fv5wbxpjxqzv10bdlq0ykgqfmzqx4s8yfch9zvqcm8h0il1gk23"))
        (patches (search-patches "qemu-disable-some-qtests-tests.patch"
                                 "qemu-fix-agent-paths.patch"))
        (modules '((guix build utils)))
diff --git a/gnu/packages/vnc.scm b/gnu/packages/vnc.scm
index 8ba1292e28..7b39aba58d 100644
--- a/gnu/packages/vnc.scm
+++ b/gnu/packages/vnc.scm
@@ -151,7 +151,7 @@
            telepathy-glib
            vte                          ; for st plugin
            wayland
-           webkitgtk                    ; for www plugin
+           webkitgtk-for-gtk3           ; for www plugin
            libx11
            libxext                      ; for xdmcp plugin
            xdg-utils
diff --git a/gnu/packages/web-browsers.scm b/gnu/packages/web-browsers.scm
index ec70e47841..141917ad42 100644
--- a/gnu/packages/web-browsers.scm
+++ b/gnu/packages/web-browsers.scm
@@ -706,7 +706,7 @@ driven and does not detract you from your daily work.")
                   gsettings-desktop-schemas
                   cl-gobject-introspection
                   gtk+                  ; For the main loop
-                  webkitgtk             ; Required when we use its typelib
+                  webkitgtk-for-gtk3    ; Required when we use its typelib
                   gobject-introspection
                   pkg-config))
     (synopsis "Extensible web-browser in Common Lisp")
diff --git a/gnu/packages/webkit.scm b/gnu/packages/webkit.scm
index 0c82435cde..95dac20b81 100644
--- a/gnu/packages/webkit.scm
+++ b/gnu/packages/webkit.scm
@@ -126,14 +126,14 @@ engine that uses Wayland for graphics output.")
 
 (define-public webkitgtk
   (package
-    (name "webkitgtk")                  ; webkit2gtk4
-    (version "2.40.5")
+    (name "webkitgtk")
+    (version "2.42.3")
     (source (origin
               (method url-fetch)
               (uri (string-append "https://www.webkitgtk.org/releases/"
                                   name "-" version ".tar.xz"))
               (sha256
-               (base32 "0zq32rn34v7hzr53s100r77aglbi6wffp9b13bcj31k6cfi53q3x"))
+               (base32 "1qnq2f6chsfns1psrqbbsqhgyb458zf75nlmzskb6a2n0hq4c6ha"))
               (patches (search-patches
                         "webkitgtk-adjust-bubblewrap-paths.patch"))))
     (build-system cmake-build-system)
@@ -149,10 +149,8 @@ engine that uses Wayland for graphics output.")
       #:build-type "Release"
       #:configure-flags
       #~(list "-DPORT=GTK"
-              ;; GTKDOC will be removed upstream soon in favor of
-              ;; gi-docgen; it is normally disabled because the
-              ;; doc is rather expensive to build.
-              "-DENABLE_GTKDOC=ON"
+              "-DENABLE_INTROSPECTION=ON"
+              "-DUSE_GTK4=ON"
               ;; The minibrowser, not built by default, is a good
               ;; tool to validate the good operation of
               ;; webkitgtk.
@@ -232,7 +230,7 @@ engine that uses Wayland for graphics output.")
            ruby-2.7
            unifdef))
     (propagated-inputs
-     (list gtk+ libsoup))
+     (list gtk libsoup))
     (inputs
      (list at-spi2-core
            bubblewrap
@@ -249,8 +247,8 @@ engine that uses Wayland for graphics output.")
            libgcrypt
            libgudev
            libjpeg-turbo
+           libjxl
            libmanette
-           libnotify
            libpng
            libseccomp
            libsecret
@@ -283,34 +281,34 @@ propagated by default) such as @code{gst-plugins-good} and
                    license:bsd-2
                    license:bsd-3))))
 
-(define-public webkitgtk-next
+(define-public webkitgtk-for-gtk3
   (package
     (inherit webkitgtk)
-    (name "webkitgtk-next")             ; webkit2gtk5
+    (name "webkitgtk-for-gtk3")
     (arguments
      (substitute-keyword-arguments (package-arguments webkitgtk)
        ((#:configure-flags flags)
-        #~(cons* "-DENABLE_INTROSPECTION=ON"
-                 "-DUSE_GTK4=ON"
-                 (delete "-DENABLE_GTKDOC=ON" #$flags)))))
+        #~(cons* "-DENABLE_GTKDOC=ON"
+                 (delete "-DENABLE_INTROSPECTION=ON"
+                         (delete "-DUSE_GTK4=ON" #$flags))))))
     (propagated-inputs
      (modify-inputs (package-propagated-inputs webkitgtk)
-       (replace "gtk+" gtk)))
+       (replace "gtk" gtk+)))
     (inputs
      (modify-inputs (package-inputs webkitgtk)
-       (delete "libnotify")))))
+       (prepend libnotify)))))
 
 ;;; Required by e.g. emacs-next-pgtk, emacs-xwidgets, and some other GNOME
 ;;; packages for webkit2gtk-4.0.  See also the upstream tracker for libsoup 3:
 ;;; https://gitlab.gnome.org/GNOME/libsoup/-/issues/218.
 (define-public webkitgtk-with-libsoup2
-  (package/inherit webkitgtk
+  (package/inherit webkitgtk-for-gtk3
     (name "webkitgtk-with-libsoup2")
-    (arguments (substitute-keyword-arguments (package-arguments webkitgtk)
+    (arguments (substitute-keyword-arguments (package-arguments webkitgtk-for-gtk3)
                  ((#:configure-flags flags)
                   #~(cons "-DUSE_SOUP2=ON" #$flags))))
     (propagated-inputs
-     (modify-inputs (package-propagated-inputs webkitgtk)
+     (modify-inputs (package-propagated-inputs webkitgtk-for-gtk3)
        (replace "libsoup" libsoup-minimal-2)))))
 
 (define-public wpewebkit