Release 2021_022 (2021-06-28)

Impact

• [NixOS 21.05] Most services will be restarted due to a core dependency change. VMs will schedule a reboot to activate the new kernel version.

• [NixOS 20.09] Most services will be restarted due to a core dependency change. VMs will schedule a reboot to activate the new kernel version.

NixOS 21.05 platform

• Provide postgresql13 role (#PL-129912).

• Port openvpn to 21.05. Compression is disabled now as recommended by OpenVPN (#PL-129855).

• Fix warnings for deprecated SystemD unit settings by changing StartLimitInterval to StartLimitIntervalSec (#PL-129909).

• Nginx: add services.nginx.legacyTlsSettings which should be used instead of recommendedTlsSettings when weaker ciphers are used for legacy clients (#PL-129818).

• Mailserver: allow service/sudo-srv users to run sudo postsuper without password (#PL-129874).

• Version updates in role documentation.

• Merge upstream NixOS changes that include security fixes and other updates (#PL-129930):

  • apacheHttpd: 2.4.47 -> 2.4.48

  • curl: add patches for CVE-2021-22897, CVE-2021-22898 & CVE-2021-22901

  • discourse: 2.7.0 -> 2.7.4

  • gitlab: 13.12.2 -> 13.12.4

  • imagemagick6: 6.9.12-12 -> 6.9.12-15

  • linux: 5.10.40 -> 5.10.44

  • matrix-synapse: 1.35.1 -> 1.36.0

  • phpPackages.composer: 2.1.1 -> 2.1.3

  • postgresql_10: 10.16 -> 10.17 (CVE-2021-32027, CVE-2021-32028)

  • postgresql_11: 11.11 -> 11.12 (CVE-2021-32027, CVE-2021-32028, CVE-2021-32029)

  • postgresql_12: 12.6 -> 12.7 (CVE-2021-32027, CVE-2021-32028, CVE-2021-32029)

  • postgresql_13: 13.2 -> 13.3 (CVE-2021-32027, CVE-2021-32028, CVE-2021-32029)

  • postgresql_9_6: 9.6.21 -> 9.6.22 (CVE-2021-32027, CVE-2021-32028)

• Production channel URL for this release: https://hydra.flyingcircus.io/build/95105/download/1/nixexprs.tar.xz

NixOS 20.09 platform

• Merge upstream NixOS changes that include security fixes and other updates (#PL-129933):

  • curl: add patch for CVE-2021-22898

  • imagemagick6: 6.9.12-12 -> 6.9.12-15

  • imagemagick: 7.0.11-13 -> 7.1.0-0

  • libxml2: fix CVE-2021-3516, CVE-2021-3517, CVE-2021-3518, CVE-2021-3537, CVE-2021-3541

  • linux: 5.4.120 -> 5.4.122

  • phpPackages.composer2: 2.0.13 -> 2.0.14

• Production channel URL for this release: https://hydra.flyingcircus.io/build/95206/download/1/nixexprs.tar.xz

Documentation

• Add documentation for NixOS 21.05 platform.

Detailed Changes

• NixOS 21.05: platform code, upstream changes

• NixOS 20.09: platform code, nixpkgs/upstream changes