From 4be685dbddecae8d17c557d91321c87bfd03111b Mon Sep 17 00:00:00 2001
From: Yurii Matsiuk <ymatsiuk@users.noreply.github.com>
Date: Fri, 18 Jun 2021 12:08:37 +0200
Subject: [PATCH 1/6] bluejeans: add update script

(cherry picked from commit ba379085a0c36a853979a4bdc0b42b0482318276)
---
 .../instant-messengers/bluejeans/default.nix       | 14 ++++++++++----
 .../instant-messengers/bluejeans/update.sh         | 12 ++++++++++++
 2 files changed, 22 insertions(+), 4 deletions(-)
 create mode 100755 pkgs/applications/networking/instant-messengers/bluejeans/update.sh

diff --git a/pkgs/applications/networking/instant-messengers/bluejeans/default.nix b/pkgs/applications/networking/instant-messengers/bluejeans/default.nix
index b3cd9d8c140..2f26de4830b 100644
--- a/pkgs/applications/networking/instant-messengers/bluejeans/default.nix
+++ b/pkgs/applications/networking/instant-messengers/bluejeans/default.nix
@@ -38,13 +38,16 @@
 , xdg-utils
 }:
 
+let
+  getFirst = n: v: builtins.concatStringsSep "." (lib.take n (lib.splitString "." v));
+in
+
 stdenv.mkDerivation rec {
   pname = "bluejeans";
-  version = "2.21.3";
-  buildNumber = "2";
+  version = "2.21.3.2";
 
   src = fetchurl {
-    url = "https://swdl.bluejeans.com/desktop-app/linux/${version}/BlueJeans_${version}.${buildNumber}.rpm";
+    url = "https://swdl.bluejeans.com/desktop-app/linux/${getFirst 3 version}/BlueJeans_${version}.rpm";
     sha256 = "sha256-a/REuxkqZmLLa7N3CUgUAdq74VMD9D10a/Sx2jOj1QA=";
   };
 
@@ -106,7 +109,7 @@ stdenv.mkDerivation rec {
       --set-interpreter $(cat $NIX_CC/nix-support/dynamic-linker) \
       opt/BlueJeans/resources/BluejeansHelper
 
-    cc $localtime64_stub -shared -o "$out"/opt/BlueJeans/liblocaltime64_stub.so
+    cc $localtime64_stub -shared -o "${placeholder "out"}"/opt/BlueJeans/liblocaltime64_stub.so
 
     makeWrapper $out/opt/BlueJeans/bluejeans-v2 $out/bin/bluejeans \
       --set LD_LIBRARY_PATH "${libPath}":"${placeholder "out"}"/opt/BlueJeans \
@@ -119,6 +122,8 @@ stdenv.mkDerivation rec {
     patchShebangs "$out"
   '';
 
+  passthru.updateScript = ./update.sh;
+
   meta = with lib; {
     description = "Video, audio, and web conferencing that works together with the collaboration tools you use every day";
     homepage = "https://www.bluejeans.com";
@@ -127,3 +132,4 @@ stdenv.mkDerivation rec {
     platforms = [ "x86_64-linux" ];
   };
 }
+
diff --git a/pkgs/applications/networking/instant-messengers/bluejeans/update.sh b/pkgs/applications/networking/instant-messengers/bluejeans/update.sh
new file mode 100755
index 00000000000..2c527462003
--- /dev/null
+++ b/pkgs/applications/networking/instant-messengers/bluejeans/update.sh
@@ -0,0 +1,12 @@
+#!/usr/bin/env nix-shell
+#!nix-shell -i bash -p curl pup common-updater-scripts
+
+set -eu -o pipefail
+
+version="$(curl -Ls https://www.bluejeans.com/download | \
+    pup 'a[aria-label~="Linux"] attr{href}' | \
+    #output contains *.deb and *.rpm
+    grep "\.rpm" | \
+    awk -F'[ ._ ]' '{printf $6"."$7"."$8"."$9"\n"}')"
+
+update-source-version bluejeans-gui "$version"

From b587c9883bc76a351d48572af1c3841ccce40ac6 Mon Sep 17 00:00:00 2001
From: Yurii Matsiuk <ymatsiuk@users.noreply.github.com>
Date: Fri, 18 Jun 2021 12:09:55 +0200
Subject: [PATCH 2/6] bluejeans: 2.21.3.2 -> 2.22.0.87

(cherry picked from commit 3601c66133d63a213e5c43c4956585c0fb90c2da)
---
 .../networking/instant-messengers/bluejeans/default.nix       | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/applications/networking/instant-messengers/bluejeans/default.nix b/pkgs/applications/networking/instant-messengers/bluejeans/default.nix
index 2f26de4830b..f8cc0daccb9 100644
--- a/pkgs/applications/networking/instant-messengers/bluejeans/default.nix
+++ b/pkgs/applications/networking/instant-messengers/bluejeans/default.nix
@@ -44,11 +44,11 @@ in
 
 stdenv.mkDerivation rec {
   pname = "bluejeans";
-  version = "2.21.3.2";
+  version = "2.22.0.87";
 
   src = fetchurl {
     url = "https://swdl.bluejeans.com/desktop-app/linux/${getFirst 3 version}/BlueJeans_${version}.rpm";
-    sha256 = "sha256-a/REuxkqZmLLa7N3CUgUAdq74VMD9D10a/Sx2jOj1QA=";
+    sha256 = "sha256-0nobn+YcvqakwvBdkoEJrzHoL+OGym2zJ806oUabYfo=";
   };
 
   nativeBuildInputs = [ rpmextract makeWrapper ];

From 8ad9b064fdbc33b2964c4d49333c2a0ca7cd84f4 Mon Sep 17 00:00:00 2001
From: Emil Karlson <jekarlson@gmail.com>
Date: Wed, 11 Aug 2021 09:06:17 +0300
Subject: [PATCH 3/6] sparse: add perl to buildInputs

cgcc command has shebang of /usr/bin/perl, which obviously does not
work for nixos, adding perl to buildInputs seems to make all the magic
happen, as per usual.

(cherry picked from commit e7836bc5a5a2a2257afd515e3e221c8ff5d67b97)
---
 pkgs/development/tools/analysis/sparse/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/development/tools/analysis/sparse/default.nix b/pkgs/development/tools/analysis/sparse/default.nix
index e0d9840472b..a234aa2d7cf 100644
--- a/pkgs/development/tools/analysis/sparse/default.nix
+++ b/pkgs/development/tools/analysis/sparse/default.nix
@@ -1,4 +1,4 @@
-{ fetchurl, lib, stdenv, pkg-config, libxml2, llvm }:
+{ fetchurl, lib, stdenv, pkg-config, libxml2, llvm, perl }:
 
 stdenv.mkDerivation rec {
   name = "sparse-0.5.0";
@@ -13,7 +13,7 @@ stdenv.mkDerivation rec {
   '';
 
   nativeBuildInputs = [ pkg-config ];
-  buildInputs = [ libxml2 llvm ];
+  buildInputs = [ libxml2 llvm perl ];
   doCheck = true;
 
   meta = {

From 2f24078a0135b050bc187c3d9cef630c0731db29 Mon Sep 17 00:00:00 2001
From: Maxine Aubrey <maxeaubrey@gmail.com>
Date: Wed, 11 Aug 2021 14:52:02 +0200
Subject: [PATCH 4/6] fwupd: 1.5.7 -> 1.5.12

- https://github.com/fwupd/fwupd/releases/tag/1.5.8
- https://github.com/fwupd/fwupd/releases/tag/1.5.9
- https://github.com/fwupd/fwupd/releases/tag/1.5.10
- https://github.com/fwupd/fwupd/releases/tag/1.5.11
- https://github.com/fwupd/fwupd/releases/tag/1.5.12

(cherry picked from commit 2f3e3c788e071ec3c8b3b7e743f07b453248803e)
---
 pkgs/os-specific/linux/firmware/fwupd/default.nix | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/pkgs/os-specific/linux/firmware/fwupd/default.nix b/pkgs/os-specific/linux/firmware/fwupd/default.nix
index 24e23f2b7e9..4f3c3a79f5b 100644
--- a/pkgs/os-specific/linux/firmware/fwupd/default.nix
+++ b/pkgs/os-specific/linux/firmware/fwupd/default.nix
@@ -91,7 +91,7 @@ let
 
   self = stdenv.mkDerivation rec {
     pname = "fwupd";
-    version = "1.5.7";
+    version = "1.5.12";
 
     # libfwupd goes to lib
     # daemon, plug-ins and libfwupdplugin go to out
@@ -100,7 +100,7 @@ let
 
     src = fetchurl {
       url = "https://people.freedesktop.org/~hughsient/releases/fwupd-${version}.tar.xz";
-      sha256 = "16isrrv6zhdgccbfnz7km5g1cnvfnip7aiidkfhf5dlnrnyb2sxh";
+      sha256 = "sha256-BluwLlm6s/2H/USARQpAvDR0+X8WP/q0h8VvxA6Qftc=";
     };
 
     patches = [
@@ -296,7 +296,6 @@ let
         "fwupd/thunderbolt.conf"
         "fwupd/upower.conf"
         "fwupd/uefi_capsule.conf"
-        "pki/fwupd/GPG-KEY-Hughski-Limited"
         "pki/fwupd/GPG-KEY-Linux-Foundation-Firmware"
         "pki/fwupd/GPG-KEY-Linux-Vendor-Firmware-Service"
         "pki/fwupd/LVFS-CA.pem"

From 9485d3ab3b7f1f980520fe9779711bb3fe91cab8 Mon Sep 17 00:00:00 2001
From: Roman Volosatovs <rvolosatovs@riseup.net>
Date: Mon, 9 Aug 2021 21:31:04 +0200
Subject: [PATCH 5/6] linux_zen: 5.13.7 -> 5.13.9

(cherry picked from commit a9bf9c44e516f1097cb3d13e62293bf14669560c)
---
 pkgs/os-specific/linux/kernel/linux-zen.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/os-specific/linux/kernel/linux-zen.nix b/pkgs/os-specific/linux/kernel/linux-zen.nix
index 2b91a259232..712f3f08895 100644
--- a/pkgs/os-specific/linux/kernel/linux-zen.nix
+++ b/pkgs/os-specific/linux/kernel/linux-zen.nix
@@ -1,7 +1,7 @@
 { lib, fetchFromGitHub, buildLinux, ... } @ args:
 
 let
-  version = "5.13.7";
+  version = "5.13.9";
   suffix = "zen1";
 in
 
@@ -14,7 +14,7 @@ buildLinux (args // {
     owner = "zen-kernel";
     repo = "zen-kernel";
     rev = "v${version}-${suffix}";
-    sha256 = "sha256-ZvB5Ejt9MXP4QK5cj9CGQgFJIfDV03IW5xcknCxDui0=";
+    sha256 = "sha256-RuY6ZIIKU56R+IGMtQDV6mIubGDqonRpsIdlrpAHFXM=";
   };
 
   structuredExtraConfig = with lib.kernel; {

From 2fd674897299b1700b9be7cbe7445447b411029e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Janne=20He=C3=9F?= <janne@hess.ooo>
Date: Wed, 11 Aug 2021 20:02:34 +0200
Subject: [PATCH 6/6] libspf2: Fix CVE-2021-20314

There is no new release yet (see mailing list post on oss-security), so
I'm picking the commit that fixes the CVE.

There is another security flaw (without a CVE number) that is also
mentioned in the oss-security announcement but it is not explained which
commit patches the problem.

(cherry picked from commit 46b7a5be1ced0280951d1a5736b0316de92a53f2)
---
 pkgs/development/libraries/libspf2/default.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkgs/development/libraries/libspf2/default.nix b/pkgs/development/libraries/libspf2/default.nix
index 6a9cb8b647c..dc46e356e2c 100644
--- a/pkgs/development/libraries/libspf2/default.nix
+++ b/pkgs/development/libraries/libspf2/default.nix
@@ -17,6 +17,11 @@ stdenv.mkDerivation rec {
       url = "https://github.com/shevek/libspf2/commit/5852828582f556e73751076ad092f72acf7fc8b6.patch";
       sha256 = "1v6ashqzpr0xidxq0vpkjd8wd66cj8df01kyzj678ljzcrax35hk";
     })
+    (fetchurl {
+      name = "0002-CVE-2021-20314.patch";
+      url = "https://github.com/shevek/libspf2/commit/c37b7c13c30e225183899364b9f2efdfa85552ef.patch";
+      sha256 = "190nnh7mlz6328829ba6jajad16s3md8kraspn81qnvhwh0nkiak";
+    })
   ];
 
   postPatch = ''