From 433135b4684afc9ced260bdce86cc9d5f32be70f Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Fri, 1 Oct 2021 04:16:18 +0000 Subject: [PATCH 1/7] linux: 5.10.69 -> 5.10.70 (cherry picked from commit 8417ed79d87f44c35af2e698921988c6525eedb1) --- pkgs/os-specific/linux/kernel/linux-5.10.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-5.10.nix b/pkgs/os-specific/linux/kernel/linux-5.10.nix index 8ecad893e58..a5ec7b651de 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.10.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.10.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.10.69"; + version = "5.10.70"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1jhcl8qh4w4m2jnbp0glr6xbpn7phv17q6w3d247djnc7g2rwbr3"; + sha256 = "0cmj5l425c6kkaplcp1y692j123lhyqq2jgfi642jzqxf4rnqwvm"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_10 ]; From c124a09c04be8d969c6d546855c58456386195a6 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Fri, 1 Oct 2021 04:16:26 +0000 Subject: [PATCH 2/7] linux: 5.14.8 -> 5.14.9 (cherry picked from commit b540e8b5a9082f8150fb3de37e793bc5cef25388) --- pkgs/os-specific/linux/kernel/linux-5.14.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-5.14.nix b/pkgs/os-specific/linux/kernel/linux-5.14.nix index 35e03223d31..ada49944b5e 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.14.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.14.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.14.8"; + version = "5.14.9"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,6 +13,6 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "12cvvrxky92z1g9kj7pgb83yg9pnv2fvi7jf0pyagvqjqladl3na"; + sha256 = "1rl77k40xp9j0y8q5bgmhfmwiwbrdxjcsaw8dris456mjbdhg3xs"; }; } // (args.argsOverride or { })) From 6f5e339c3d2090e57427259e675f5890ee86e250 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Fri, 1 Oct 2021 04:16:32 +0000 Subject: [PATCH 3/7] linux: 5.4.149 -> 5.4.150 (cherry picked from commit 6937daff0d376cfe33ec7945f768a66beaee0eaf) --- pkgs/os-specific/linux/kernel/linux-5.4.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix index 2158d69d20f..152a5dabfd8 100644 --- a/pkgs/os-specific/linux/kernel/linux-5.4.nix +++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix @@ -3,7 +3,7 @@ with lib; buildLinux (args // rec { - version = "5.4.149"; + version = "5.4.150"; # modDirVersion needs to be x.y.z, will automatically add .0 if needed modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg; @@ -13,7 +13,7 @@ buildLinux (args // rec { src = fetchurl { url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz"; - sha256 = "1s1zka0iay0drgkdnmzf587jbrg1gx13xv26k5r1qc7dik8xc6p7"; + sha256 = "18iaqsbqlvk0j71d4q4h99ah300s0i7jwspr2x6g01shn2xsj97l"; }; kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_4 ]; From 925681abe424fc7ed851b808f8af936093edb8f5 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Fri, 1 Oct 2021 04:17:08 +0000 Subject: [PATCH 4/7] linux/hardened/patches/5.10: 5.10.69-hardened1 -> 5.10.70-hardened1 (cherry picked from commit f178ff4a04c8d4e2ed43e6538a1aac336bfa891c) --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index 983a7df80dd..f245916e604 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -13,9 +13,9 @@ }, "5.10": { "extra": "-hardened1", - "name": "linux-hardened-5.10.69-hardened1.patch", - "sha256": "11frhnprvxnqxm8yn1kay2jv2i473i9glnvsjnqz6kj8f0q2gl4v", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.69-hardened1/linux-hardened-5.10.69-hardened1.patch" + "name": "linux-hardened-5.10.70-hardened1.patch", + "sha256": "12r6x7v7n3f7c7pn86ivykg6gqmqlzwrsncdkvj5qf7raw38ad5r", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.70-hardened1/linux-hardened-5.10.70-hardened1.patch" }, "5.14": { "extra": "-hardened1", From 068683802e10dd0fb3d28c7eb95c4c0b9bdb1552 Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Fri, 1 Oct 2021 04:17:09 +0000 Subject: [PATCH 5/7] linux/hardened/patches/5.14: 5.14.8-hardened1 -> 5.14.9-hardened1 (cherry picked from commit dd93aec4c4905c17f17020658ed1f5858c9d6b81) --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index f245916e604..be3f7a23b46 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -19,9 +19,9 @@ }, "5.14": { "extra": "-hardened1", - "name": "linux-hardened-5.14.8-hardened1.patch", - "sha256": "1kg02ixyd2dbk97iz28g26k1nnxi96s0bcyr90wc7diylhf7kz4a", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.14.8-hardened1/linux-hardened-5.14.8-hardened1.patch" + "name": "linux-hardened-5.14.9-hardened1.patch", + "sha256": "190588p6xw65y1f106zgnv5s043yi633vg0zdbz85qjz27g49db8", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.14.9-hardened1/linux-hardened-5.14.9-hardened1.patch" }, "5.4": { "extra": "-hardened1", From 60ca87841f371b6f06f14b5a1d4bfc8bdb5d10ed Mon Sep 17 00:00:00 2001 From: TredwellGit Date: Fri, 1 Oct 2021 04:17:10 +0000 Subject: [PATCH 6/7] linux/hardened/patches/5.4: 5.4.149-hardened1 -> 5.4.150-hardened1 (cherry picked from commit 642ca73937decde097a6c83205f48a5ac081fe94) --- pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json index be3f7a23b46..6b9aaccadd3 100644 --- a/pkgs/os-specific/linux/kernel/hardened/patches.json +++ b/pkgs/os-specific/linux/kernel/hardened/patches.json @@ -25,8 +25,8 @@ }, "5.4": { "extra": "-hardened1", - "name": "linux-hardened-5.4.149-hardened1.patch", - "sha256": "1v21dz66ngsdsdcld23rgmidz955x74al5nsxnvwasc5gh18ahh9", - "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.149-hardened1/linux-hardened-5.4.149-hardened1.patch" + "name": "linux-hardened-5.4.150-hardened1.patch", + "sha256": "0vaxp5lfs7d5py0530sdhz8yzbzjxlwaam63mflwfd4mm8gf3ggc", + "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.150-hardened1/linux-hardened-5.4.150-hardened1.patch" } } From 670ee4d5b651569cfe7c304e3dcad2f3779cab05 Mon Sep 17 00:00:00 2001 From: Michael Weiss Date: Fri, 1 Oct 2021 21:47:39 +0200 Subject: [PATCH 7/7] chromium: 94.0.4606.61 -> 94.0.4606.71 https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html This update includes 4 security fixes. Google is aware the exploits for CVE-2021-37975 and CVE-2021-37976 exist in the wild. CVEs: CVE-2021-37974 CVE-2021-37975 CVE-2021-37976 (cherry picked from commit ce50eda3949fa3149aea4f0f556dbb63f48e4288) --- .../networking/browsers/chromium/upstream-info.json | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json index c4c5d4f024b..d85480fce14 100644 --- a/pkgs/applications/networking/browsers/chromium/upstream-info.json +++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json @@ -1,8 +1,8 @@ { "stable": { - "version": "94.0.4606.61", - "sha256": "1gxrxmd2almwf067zycilyxkmc0d62h99ln8wp3n3i02bi9xnik4", - "sha256bin64": "116xrf8hcprbdpdx6a4xysac2phyvw88vs3n1bs24ly6pxydsasz", + "version": "94.0.4606.71", + "sha256": "0nywwcdjda1b1swfslks8i28qq6jx9gyw50bhl8c2plcc0pbmfya", + "sha256bin64": "1ffa9hqs7ibch0by574l01lwhi5a1mhcyy1qrlr81ssq4pyygrq4", "deps": { "gn": { "version": "2021-08-11", @@ -12,9 +12,9 @@ } }, "chromedriver": { - "version": "94.0.4606.41", - "sha256_linux": "06flgis4am4jmd9qz6yn1jfdr07w2n3mfrlicw6a9icg5ir64fdq", - "sha256_darwin": "1mc0hhksqm5ms4k4aji043xzxncbifjwz5fqzywy4ji64w5kqrca" + "version": "94.0.4606.61", + "sha256_linux": "1l7ls8qqqd9q3a20a459q40jd9djzf67s8qfdmfj44vwgidiw0fj", + "sha256_darwin": "1b43agdd6vw5zarrbbk1sgmdr6n3d9cdl4dcikk304yplh58d49v" } }, "beta": {