diff --git a/pkgs/development/libraries/glib/default.nix b/pkgs/development/libraries/glib/default.nix
index 7c7d0aca75c..68bc169bb89 100644
--- a/pkgs/development/libraries/glib/default.nix
+++ b/pkgs/development/libraries/glib/default.nix
@@ -188,6 +188,8 @@ stdenv.mkDerivation rec {
 
   inherit doCheck;
 
+  separateDebugInfo = stdenv.isLinux;
+
   passthru = rec {
     gioModuleDir = "lib/gio/modules";
     makeSchemaPath = dir: name: "${dir}/share/gsettings-schemas/${name}/glib-2.0/schemas";
diff --git a/pkgs/development/libraries/gtk/3.x.nix b/pkgs/development/libraries/gtk/3.x.nix
index 15c3ab2daf8..7f09b52d51f 100644
--- a/pkgs/development/libraries/gtk/3.x.nix
+++ b/pkgs/development/libraries/gtk/3.x.nix
@@ -3,6 +3,9 @@
 , fetchpatch
 , pkgconfig
 , gettext
+, docbook_xsl
+, docbook_xml_dtd_43
+, gtk-doc
 , meson
 , ninja
 , python3
@@ -33,6 +36,7 @@
 , wayland-protocols
 , xineramaSupport ? stdenv.isLinux
 , cupsSupport ? stdenv.isLinux
+, withGtkDoc ? stdenv.isLinux
 , cups ? null
 , AppKit
 , Cocoa
@@ -46,7 +50,7 @@ stdenv.mkDerivation rec {
   pname = "gtk+3";
   version = "3.24.12";
 
-  outputs = [ "out" "dev" ];
+  outputs = [ "out" "dev" ] ++ optional withGtkDoc "devdoc";
   outputBin = "dev";
 
   setupHooks = [
@@ -78,6 +82,7 @@ stdenv.mkDerivation rec {
   separateDebugInfo = stdenv.isLinux;
 
   mesonFlags = [
+    "-Dgtk_doc=${boolToString withGtkDoc}"
     "-Dtests=false"
   ];
 
@@ -114,6 +119,10 @@ stdenv.mkDerivation rec {
     python3
     sassc
     setupHooks
+  ] ++ optionals withGtkDoc [
+    docbook_xml_dtd_43
+    docbook_xsl
+    gtk-doc
   ];
 
   buildInputs = [
diff --git a/pkgs/development/libraries/libgdiplus/default.nix b/pkgs/development/libraries/libgdiplus/default.nix
index cdaf972911d..1a690ca7aa1 100644
--- a/pkgs/development/libraries/libgdiplus/default.nix
+++ b/pkgs/development/libraries/libgdiplus/default.nix
@@ -4,13 +4,13 @@
 
 stdenv.mkDerivation rec {
   pname = "libgdiplus";
-  version = "6.0.2";
+  version = "6.0.4";
 
   src = fetchFromGitHub {
     owner = "mono";
     repo = "libgdiplus";
     rev = version;
-    sha256 = "07a3n7i35mn5j2djah64by785b1hzy8ckk1pz0xwvk716yzb7sxg";
+    sha256 = "1pf3yhwq9qk0w3yv9bb8qlwwqkffg7xb4sgc8yqdnn6pa56i3vmn";
   };
 
   NIX_LDFLAGS = "-lgif";
@@ -21,6 +21,8 @@ stdenv.mkDerivation rec {
 
   nativeBuildInputs = [ autoreconfHook pkgconfig ];
 
+  configureFlags = stdenv.lib.optionalString stdenv.cc.isClang "--host=${stdenv.hostPlatform.system}";
+
   buildInputs =
     [ glib cairo fontconfig libtiff giflib
       libjpeg libpng libXrender libexif
diff --git a/pkgs/tools/misc/file/default.nix b/pkgs/tools/misc/file/default.nix
index b3ed85ca228..a06b38c0ec7 100644
--- a/pkgs/tools/misc/file/default.nix
+++ b/pkgs/tools/misc/file/default.nix
@@ -1,4 +1,4 @@
-{ stdenv, fetchurl, file, zlib, libgnurx }:
+{ stdenv, fetchurl, fetchpatch, file, zlib, libgnurx }:
 
 stdenv.mkDerivation rec {
   pname = "file";
@@ -12,6 +12,14 @@ stdenv.mkDerivation rec {
     sha256 = "0zz0p9bqnswfx0c16j8k62ivjq1m16x10xqv4hy9lcyxyxkkkhg9";
   };
 
+  patches = [
+    (fetchpatch {
+      name = "CVE-2019-18218.patch";
+      url = "https://sources.debian.org/data/main/f/file/1:5.37-6/debian/patches/cherry-pick.FILE5_37-67-g46a8443f.limit-the-number-of-elements-in-a-vector-found-by-oss-fuzz.patch";
+      sha256 = "1i22y91yndc3n2p2ngczp1lwil8l05sp8ciicil74xrc5f91y6mj";
+    })
+  ];
+
   nativeBuildInputs = stdenv.lib.optional (stdenv.hostPlatform != stdenv.buildPlatform) file;
   buildInputs = [ zlib ]
               ++ stdenv.lib.optional stdenv.hostPlatform.isWindows libgnurx;