From 433135b4684afc9ced260bdce86cc9d5f32be70f Mon Sep 17 00:00:00 2001
From: TredwellGit <tredwell@tutanota.com>
Date: Fri, 1 Oct 2021 04:16:18 +0000
Subject: [PATCH 1/7] linux: 5.10.69 -> 5.10.70

(cherry picked from commit 8417ed79d87f44c35af2e698921988c6525eedb1)
---
 pkgs/os-specific/linux/kernel/linux-5.10.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/os-specific/linux/kernel/linux-5.10.nix b/pkgs/os-specific/linux/kernel/linux-5.10.nix
index 8ecad893e58..a5ec7b651de 100644
--- a/pkgs/os-specific/linux/kernel/linux-5.10.nix
+++ b/pkgs/os-specific/linux/kernel/linux-5.10.nix
@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "5.10.69";
+  version = "5.10.70";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,7 +13,7 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "1jhcl8qh4w4m2jnbp0glr6xbpn7phv17q6w3d247djnc7g2rwbr3";
+    sha256 = "0cmj5l425c6kkaplcp1y692j123lhyqq2jgfi642jzqxf4rnqwvm";
   };
 
   kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_10 ];

From c124a09c04be8d969c6d546855c58456386195a6 Mon Sep 17 00:00:00 2001
From: TredwellGit <tredwell@tutanota.com>
Date: Fri, 1 Oct 2021 04:16:26 +0000
Subject: [PATCH 2/7] linux: 5.14.8 -> 5.14.9

(cherry picked from commit b540e8b5a9082f8150fb3de37e793bc5cef25388)
---
 pkgs/os-specific/linux/kernel/linux-5.14.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/os-specific/linux/kernel/linux-5.14.nix b/pkgs/os-specific/linux/kernel/linux-5.14.nix
index 35e03223d31..ada49944b5e 100644
--- a/pkgs/os-specific/linux/kernel/linux-5.14.nix
+++ b/pkgs/os-specific/linux/kernel/linux-5.14.nix
@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "5.14.8";
+  version = "5.14.9";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,6 +13,6 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "12cvvrxky92z1g9kj7pgb83yg9pnv2fvi7jf0pyagvqjqladl3na";
+    sha256 = "1rl77k40xp9j0y8q5bgmhfmwiwbrdxjcsaw8dris456mjbdhg3xs";
   };
 } // (args.argsOverride or { }))

From 6f5e339c3d2090e57427259e675f5890ee86e250 Mon Sep 17 00:00:00 2001
From: TredwellGit <tredwell@tutanota.com>
Date: Fri, 1 Oct 2021 04:16:32 +0000
Subject: [PATCH 3/7] linux: 5.4.149 -> 5.4.150

(cherry picked from commit 6937daff0d376cfe33ec7945f768a66beaee0eaf)
---
 pkgs/os-specific/linux/kernel/linux-5.4.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/os-specific/linux/kernel/linux-5.4.nix b/pkgs/os-specific/linux/kernel/linux-5.4.nix
index 2158d69d20f..152a5dabfd8 100644
--- a/pkgs/os-specific/linux/kernel/linux-5.4.nix
+++ b/pkgs/os-specific/linux/kernel/linux-5.4.nix
@@ -3,7 +3,7 @@
 with lib;
 
 buildLinux (args // rec {
-  version = "5.4.149";
+  version = "5.4.150";
 
   # modDirVersion needs to be x.y.z, will automatically add .0 if needed
   modDirVersion = if (modDirVersionArg == null) then concatStringsSep "." (take 3 (splitVersion "${version}.0")) else modDirVersionArg;
@@ -13,7 +13,7 @@ buildLinux (args // rec {
 
   src = fetchurl {
     url = "mirror://kernel/linux/kernel/v5.x/linux-${version}.tar.xz";
-    sha256 = "1s1zka0iay0drgkdnmzf587jbrg1gx13xv26k5r1qc7dik8xc6p7";
+    sha256 = "18iaqsbqlvk0j71d4q4h99ah300s0i7jwspr2x6g01shn2xsj97l";
   };
 
   kernelTests = args.kernelTests or [ nixosTests.kernel-generic.linux_5_4 ];

From 925681abe424fc7ed851b808f8af936093edb8f5 Mon Sep 17 00:00:00 2001
From: TredwellGit <tredwell@tutanota.com>
Date: Fri, 1 Oct 2021 04:17:08 +0000
Subject: [PATCH 4/7] linux/hardened/patches/5.10: 5.10.69-hardened1 ->
 5.10.70-hardened1

(cherry picked from commit f178ff4a04c8d4e2ed43e6538a1aac336bfa891c)
---
 pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json
index 983a7df80dd..f245916e604 100644
--- a/pkgs/os-specific/linux/kernel/hardened/patches.json
+++ b/pkgs/os-specific/linux/kernel/hardened/patches.json
@@ -13,9 +13,9 @@
     },
     "5.10": {
         "extra": "-hardened1",
-        "name": "linux-hardened-5.10.69-hardened1.patch",
-        "sha256": "11frhnprvxnqxm8yn1kay2jv2i473i9glnvsjnqz6kj8f0q2gl4v",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.69-hardened1/linux-hardened-5.10.69-hardened1.patch"
+        "name": "linux-hardened-5.10.70-hardened1.patch",
+        "sha256": "12r6x7v7n3f7c7pn86ivykg6gqmqlzwrsncdkvj5qf7raw38ad5r",
+        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.10.70-hardened1/linux-hardened-5.10.70-hardened1.patch"
     },
     "5.14": {
         "extra": "-hardened1",

From 068683802e10dd0fb3d28c7eb95c4c0b9bdb1552 Mon Sep 17 00:00:00 2001
From: TredwellGit <tredwell@tutanota.com>
Date: Fri, 1 Oct 2021 04:17:09 +0000
Subject: [PATCH 5/7] linux/hardened/patches/5.14: 5.14.8-hardened1 ->
 5.14.9-hardened1

(cherry picked from commit dd93aec4c4905c17f17020658ed1f5858c9d6b81)
---
 pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json
index f245916e604..be3f7a23b46 100644
--- a/pkgs/os-specific/linux/kernel/hardened/patches.json
+++ b/pkgs/os-specific/linux/kernel/hardened/patches.json
@@ -19,9 +19,9 @@
     },
     "5.14": {
         "extra": "-hardened1",
-        "name": "linux-hardened-5.14.8-hardened1.patch",
-        "sha256": "1kg02ixyd2dbk97iz28g26k1nnxi96s0bcyr90wc7diylhf7kz4a",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.14.8-hardened1/linux-hardened-5.14.8-hardened1.patch"
+        "name": "linux-hardened-5.14.9-hardened1.patch",
+        "sha256": "190588p6xw65y1f106zgnv5s043yi633vg0zdbz85qjz27g49db8",
+        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.14.9-hardened1/linux-hardened-5.14.9-hardened1.patch"
     },
     "5.4": {
         "extra": "-hardened1",

From 60ca87841f371b6f06f14b5a1d4bfc8bdb5d10ed Mon Sep 17 00:00:00 2001
From: TredwellGit <tredwell@tutanota.com>
Date: Fri, 1 Oct 2021 04:17:10 +0000
Subject: [PATCH 6/7] linux/hardened/patches/5.4: 5.4.149-hardened1 ->
 5.4.150-hardened1

(cherry picked from commit 642ca73937decde097a6c83205f48a5ac081fe94)
---
 pkgs/os-specific/linux/kernel/hardened/patches.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pkgs/os-specific/linux/kernel/hardened/patches.json b/pkgs/os-specific/linux/kernel/hardened/patches.json
index be3f7a23b46..6b9aaccadd3 100644
--- a/pkgs/os-specific/linux/kernel/hardened/patches.json
+++ b/pkgs/os-specific/linux/kernel/hardened/patches.json
@@ -25,8 +25,8 @@
     },
     "5.4": {
         "extra": "-hardened1",
-        "name": "linux-hardened-5.4.149-hardened1.patch",
-        "sha256": "1v21dz66ngsdsdcld23rgmidz955x74al5nsxnvwasc5gh18ahh9",
-        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.149-hardened1/linux-hardened-5.4.149-hardened1.patch"
+        "name": "linux-hardened-5.4.150-hardened1.patch",
+        "sha256": "0vaxp5lfs7d5py0530sdhz8yzbzjxlwaam63mflwfd4mm8gf3ggc",
+        "url": "https://github.com/anthraxx/linux-hardened/releases/download/5.4.150-hardened1/linux-hardened-5.4.150-hardened1.patch"
     }
 }

From 670ee4d5b651569cfe7c304e3dcad2f3779cab05 Mon Sep 17 00:00:00 2001
From: Michael Weiss <dev.primeos@gmail.com>
Date: Fri, 1 Oct 2021 21:47:39 +0200
Subject: [PATCH 7/7] chromium: 94.0.4606.61 -> 94.0.4606.71

https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_30.html

This update includes 4 security fixes. Google is aware the exploits for
CVE-2021-37975 and CVE-2021-37976 exist in the wild.

CVEs:
CVE-2021-37974 CVE-2021-37975 CVE-2021-37976

(cherry picked from commit ce50eda3949fa3149aea4f0f556dbb63f48e4288)
---
 .../networking/browsers/chromium/upstream-info.json  | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/pkgs/applications/networking/browsers/chromium/upstream-info.json b/pkgs/applications/networking/browsers/chromium/upstream-info.json
index c4c5d4f024b..d85480fce14 100644
--- a/pkgs/applications/networking/browsers/chromium/upstream-info.json
+++ b/pkgs/applications/networking/browsers/chromium/upstream-info.json
@@ -1,8 +1,8 @@
 {
   "stable": {
-    "version": "94.0.4606.61",
-    "sha256": "1gxrxmd2almwf067zycilyxkmc0d62h99ln8wp3n3i02bi9xnik4",
-    "sha256bin64": "116xrf8hcprbdpdx6a4xysac2phyvw88vs3n1bs24ly6pxydsasz",
+    "version": "94.0.4606.71",
+    "sha256": "0nywwcdjda1b1swfslks8i28qq6jx9gyw50bhl8c2plcc0pbmfya",
+    "sha256bin64": "1ffa9hqs7ibch0by574l01lwhi5a1mhcyy1qrlr81ssq4pyygrq4",
     "deps": {
       "gn": {
         "version": "2021-08-11",
@@ -12,9 +12,9 @@
       }
     },
     "chromedriver": {
-      "version": "94.0.4606.41",
-      "sha256_linux": "06flgis4am4jmd9qz6yn1jfdr07w2n3mfrlicw6a9icg5ir64fdq",
-      "sha256_darwin": "1mc0hhksqm5ms4k4aji043xzxncbifjwz5fqzywy4ji64w5kqrca"
+      "version": "94.0.4606.61",
+      "sha256_linux": "1l7ls8qqqd9q3a20a459q40jd9djzf67s8qfdmfj44vwgidiw0fj",
+      "sha256_darwin": "1b43agdd6vw5zarrbbk1sgmdr6n3d9cdl4dcikk304yplh58d49v"
     }
   },
   "beta": {