diff --git a/pkgs/development/libraries/jitterentropy/default.nix b/pkgs/development/libraries/jitterentropy/default.nix
index 11f6141872db..c65a3af9c42a 100644
--- a/pkgs/development/libraries/jitterentropy/default.nix
+++ b/pkgs/development/libraries/jitterentropy/default.nix
@@ -1,37 +1,31 @@
 { lib, stdenv, fetchFromGitHub }:
+
 stdenv.mkDerivation rec {
   pname = "jitterentropy";
-  version = "2.2.0";
+  version = "3.3.1";
 
   src = fetchFromGitHub {
     owner = "smuellerDD";
     repo = "jitterentropy-library";
     rev = "v${version}";
-    sha256 = "0n2l1fxr7bynnarpwdjifb2fvlsq8w5wmfh31yk5nrc756cjlgyw";
+    hash = "sha256-go7eGwBoZ58LkgKL7t8oZSc1cFlE6fPOT/ML3Aa8+CM=";
   };
-  patches = [
-    # Can be removed when upgrading beyond 2.2.0
-    ./reproducible-manpages.patch
-  ];
+
+  outputs = [ "out" "dev" ];
 
   enableParallelBuilding = true;
-
-  preInstall = ''
-    mkdir -p $out/include
-    substituteInPlace Makefile \
-      --replace "install -m 0755 -s" \
-                'install -m 0755 -s --strip-program $(STRIP)'
-  '';
+  hardeningDisable = [ "fortify" ]; # avoid warnings
 
   installFlags = [
-    "PREFIX=$(out)"
+    "PREFIX=${placeholder "out"}"
   ];
 
-  meta = {
+  meta = with lib; {
     description = "Provides a noise source using the CPU execution timing jitter";
     homepage = "https://github.com/smuellerDD/jitterentropy-library";
-    license = with lib.licenses; [ gpl2 bsd3 ];
-    platforms = lib.platforms.linux;
-    maintainers = with lib.maintainers; [ johnazoidberg ];
+    changelog = "https://github.com/smuellerDD/jitterentropy-library/raw/v${version}/CHANGES.md";
+    license = with licenses; [ bsd3 /* OR */ gpl2Only ];
+    platforms = platforms.linux;
+    maintainers = with maintainers; [ johnazoidberg c0bw3b ];
   };
 }
diff --git a/pkgs/development/libraries/jitterentropy/reproducible-manpages.patch b/pkgs/development/libraries/jitterentropy/reproducible-manpages.patch
deleted file mode 100644
index 68de5a8ae781..000000000000
--- a/pkgs/development/libraries/jitterentropy/reproducible-manpages.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-diff --git a/Makefile b/Makefile
-index 4ff069b..3b8714a 100644
---- a/Makefile
-+++ b/Makefile
-@@ -58,7 +58,7 @@ cppcheck:
- install:
- 	install -d -m 0755 $(DESTDIR)$(PREFIX)/share/man/man3
- 	install -m 644 doc/$(NAME).3 $(DESTDIR)$(PREFIX)/share/man/man3/
--	gzip -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3
-+	gzip -n -9 $(DESTDIR)$(PREFIX)/share/man/man3/$(NAME).3
- 	install -d -m 0755 $(DESTDIR)$(PREFIX)/$(LIBDIR)
- 	install -m 0755 -s lib$(NAME).so.$(LIBVERSION) $(DESTDIR)$(PREFIX)/$(LIBDIR)/
- 	install -d -m 0755 $(DESTDIR)$(PREFIX)/$(INCDIR)
diff --git a/pkgs/development/libraries/librtlsdr/default.nix b/pkgs/development/libraries/librtlsdr/default.nix
index 61f4045b785f..c09575924a0a 100644
--- a/pkgs/development/libraries/librtlsdr/default.nix
+++ b/pkgs/development/libraries/librtlsdr/default.nix
@@ -27,7 +27,7 @@ stdenv.mkDerivation rec {
 
   nativeBuildInputs = [ pkg-config cmake ];
 
-  buildInputs = [ libusb1 ];
+  propagatedBuildInputs = [ libusb1 ];
 
   meta = with lib; {
     description = "Turns your Realtek RTL2832 based DVB dongle into a SDR receiver";
diff --git a/pkgs/tools/security/rng-tools/default.nix b/pkgs/tools/security/rng-tools/default.nix
index 47bf2c8297f8..7d8de48800a0 100644
--- a/pkgs/tools/security/rng-tools/default.nix
+++ b/pkgs/tools/security/rng-tools/default.nix
@@ -1,44 +1,53 @@
-{ lib, stdenv, fetchFromGitHub, libtool, autoreconfHook, pkg-config
-, sysfsutils
-, argp-standalone
+{ lib
+, stdenv
+, fetchFromGitHub
+, autoreconfHook
+, libtool
+, pkg-config
+, argp-standalone ? null
+, openssl
+, jitterentropy ? null, withJitterEntropy ? true
   # WARNING: DO NOT USE BEACON GENERATED VALUES AS SECRET CRYPTOGRAPHIC KEYS
   # https://www.nist.gov/programs-projects/nist-randomness-beacon
-, curl ? null, libxml2 ? null, openssl ? null, withNistBeacon ? false
-  # Systems that support RDRAND but not AES-NI require libgcrypt to use RDRAND as an entropy source
-, libgcrypt ? null, withGcrypt ? true
-, jitterentropy ? null, withJitterEntropy ? true
+, curl ? null, jansson ? null, libxml2 ? null, withNistBeacon ? false
 , libp11 ? null, opensc ? null, withPkcs11 ? true
+, librtlsdr ? null, withRtlsdr ? true
 }:
 
+assert (stdenv.hostPlatform.isMusl) -> argp-standalone != null;
+assert (withJitterEntropy) -> jitterentropy != null;
+assert (withNistBeacon) -> curl != null && jansson != null && libxml2 != null;
+assert (withPkcs11) -> libp11 != null && opensc != null;
+assert (withRtlsdr) -> librtlsdr != null;
+
 with lib;
 
 stdenv.mkDerivation rec {
   pname = "rng-tools";
-  version = "6.11";
+  version = "6.14";
 
   src = fetchFromGitHub {
     owner = "nhorman";
-    repo = "rng-tools";
+    repo = pname;
     rev = "v${version}";
-    sha256 = "sha256-qheJaeVX2zuv0mvKEd6wcbSHFjiJE0t5hVCJiRSKm3M=";
+    hash = "sha256-NTXp2l5gVxKhO4Gqcy4VzomYU5B3HydkefMvdzypK8M=";
   };
 
   nativeBuildInputs = [ autoreconfHook libtool pkg-config ];
 
   configureFlags = [
-    (withFeature   withGcrypt        "libgcrypt")
-    (enableFeature withJitterEntropy "jitterentropy")
-    (withFeature   withNistBeacon    "nistbeacon")
-    (withFeature   withPkcs11        "pkcs11")
+    (enableFeature (withJitterEntropy) "jitterentropy")
+    (withFeature   (withNistBeacon)    "nistbeacon")
+    (withFeature   (withPkcs11)        "pkcs11")
+    (withFeature   (withRtlsdr)        "rtlsdr")
   ];
 
-  # argp-standalone is only used when libc lacks argp parsing (musl)
-  buildInputs = [ sysfsutils ]
-    ++ optionals stdenv.hostPlatform.isx86_64 [ argp-standalone ]
-    ++ optionals withGcrypt        [ libgcrypt ]
-    ++ optionals withJitterEntropy [ jitterentropy ]
-    ++ optionals withNistBeacon    [ curl libxml2 openssl ]
-    ++ optionals withPkcs11        [ libp11 openssl ];
+  buildInputs = [ openssl ]
+    ++ optionals (stdenv.hostPlatform.isMusl) [ argp-standalone ]
+    ++ optionals (withJitterEntropy) [ jitterentropy ]
+    ++ optionals (withNistBeacon)    [ curl jansson libxml2 ]
+    ++ optionals (withPkcs11)        [ libp11 openssl ]
+    ++ optionals (withRtlsdr)        [ librtlsdr ];
 
   enableParallelBuilding = true;
 
@@ -51,9 +60,18 @@ stdenv.mkDerivation rec {
   doCheck = true;
   preCheck = "patchShebangs tests/*.sh";
 
+  doInstallCheck = true;
+  installCheckPhase = ''
+    runHook preInstallCheck
+    set -o pipefail
+    $out/bin/rngtest --version | grep $version
+    runHook postInstallCheck
+  '';
+
   meta = {
     description = "A random number generator daemon";
     homepage = "https://github.com/nhorman/rng-tools";
+    changelog = "https://github.com/nhorman/rng-tools/releases/tag/v${version}";
     license = licenses.gpl2Plus;
     platforms = platforms.linux;
     maintainers = with maintainers; [ johnazoidberg c0bw3b ];