Release 2021_021 (2021-06-14)

Impact

  • [NixOS 21.05] Most services will be restarted due to a core dependency change. VMs will schedule a reboot to activate the new kernel version.

  • [NixOS 20.09] Most services will be restarted due to a core dependency change.

NixOS 21.05 platform

  • Removed RabbitMQ 3.6.x roles and packages. Upgrade to RabbitMQ 3.8 before upgrading to NixOS 21.05 (#PL-129907).

  • Provide optional PHP 8.0 for LAMP role (#PL-129902).

  • Update tideways daemon and PHP modules to support PHP 8.0.

  • Fix warning about duplicate /var/log line when rebuilding the system with fc-manage (#PL-129854).

  • Redis: add options flyingcircus.services.redis.maxmemory and flyingcircus.services.redis.maxmemory-policy. Memory used by Redis is limited to 80% by default (#PL-115928).

  • Telegraf: restart service after fc-manage when config in /etc/local/telegraf changes. Before, telegraf had to be restarted separately (#PL-129831).

  • Merge upstream NixOS changes that include security fixes and other updates (#PL-129908):

    • gitlab: 13.12.0 -> 13.12.2

    • linux: 5.10.37 -> 5.10.40

    • lz4: patch CVE-2021-3520 and null pointer dereference

    • matrix-synapse: 1.34.0 -> 1.35.1

    • nix: 2.3.11 -> 2.3.12

    • php74: 7.4.18 -> 7.4.20

    • php80: 8.0.5 -> 8.0.7

    • phpPackages.composer: 2.1.0 -> 2.1.1

    • polkit: Fix authentication bypass vulnerability (CVE-2021-3560)

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/93226/download/1/nixexprs.tar.xz

NixOS 20.09 platform

  • Merge upstream NixOS changes that include security fixes and other updates (#PL-129901):

    • cacert: 3.57 -> 3.66

    • imagemagick: 7.0.11-12 -> 7.0.11.13

    • lz4: patch CVE-2021-3520 and null pointer dereference

    • nginx: Fix off-by-one in DNS resolver heap write (CVE-2021-23017)

    • nss_latest: 3.63 -> 3.64

    • openvpn: 2.4.9 -> 2.4.11 (CVE-2020-15078)

    • php74.extensions.iconv: fix error signalling

    • polkit: Fix local privilege escalation vulnerability (CVE-2021-3560)

    • python3Packages.websockets: add patch for CVE-2018-1000518-redux

    • redis: 6.0.11 -> 6.0.13 (CVE-2021-29477, CVE-2021-29478)

    • samba: 4.12.14 -> 4.12.15 (CVE-2021-20254)

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/93404/download/1/nixexprs.tar.xz

Detailed Changes