Release 2021_022 (2021-06-28)

Impact

  • [NixOS 21.05] Most services will be restarted due to a core dependency change. VMs will schedule a reboot to activate the new kernel version.

  • [NixOS 20.09] Most services will be restarted due to a core dependency change. VMs will schedule a reboot to activate the new kernel version.

NixOS 21.05 platform

  • Provide postgresql13 role (#PL-129912).

  • Port openvpn to 21.05. Compression is disabled now as recommended by OpenVPN (#PL-129855).

  • Fix warnings for deprecated SystemD unit settings by changing StartLimitInterval to StartLimitIntervalSec (#PL-129909).

  • Nginx: add services.nginx.legacyTlsSettings which should be used instead of recommendedTlsSettings when weaker ciphers are used for legacy clients (#PL-129818).

  • Mailserver: allow service/sudo-srv users to run sudo postsuper without password (#PL-129874).

  • Version updates in role documentation.

  • Merge upstream NixOS changes that include security fixes and other updates (#PL-129930):

    • apacheHttpd: 2.4.47 -> 2.4.48

    • curl: add patches for CVE-2021-22897, CVE-2021-22898 & CVE-2021-22901

    • discourse: 2.7.0 -> 2.7.4

    • gitlab: 13.12.2 -> 13.12.4

    • imagemagick6: 6.9.12-12 -> 6.9.12-15

    • linux: 5.10.40 -> 5.10.44

    • matrix-synapse: 1.35.1 -> 1.36.0

    • phpPackages.composer: 2.1.1 -> 2.1.3

    • postgresql_10: 10.16 -> 10.17 (CVE-2021-32027, CVE-2021-32028)

    • postgresql_11: 11.11 -> 11.12 (CVE-2021-32027, CVE-2021-32028, CVE-2021-32029)

    • postgresql_12: 12.6 -> 12.7 (CVE-2021-32027, CVE-2021-32028, CVE-2021-32029)

    • postgresql_13: 13.2 -> 13.3 (CVE-2021-32027, CVE-2021-32028, CVE-2021-32029)

    • postgresql_9_6: 9.6.21 -> 9.6.22 (CVE-2021-32027, CVE-2021-32028)

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/95105/download/1/nixexprs.tar.xz

NixOS 20.09 platform

  • Merge upstream NixOS changes that include security fixes and other updates (#PL-129933):

    • curl: add patch for CVE-2021-22898

    • imagemagick6: 6.9.12-12 -> 6.9.12-15

    • imagemagick: 7.0.11-13 -> 7.1.0-0

    • libxml2: fix CVE-2021-3516, CVE-2021-3517, CVE-2021-3518, CVE-2021-3537, CVE-2021-3541

    • linux: 5.4.120 -> 5.4.122

    • phpPackages.composer2: 2.0.13 -> 2.0.14

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/95206/download/1/nixexprs.tar.xz

Documentation

  • Add documentation for NixOS 21.05 platform.

Detailed Changes