Release 2021_023 (2021-07-12)

Impact

• [NixOS 21.05] Most services will be restarted. VMs will schedule a reboot to activate the new kernel version.

• [NixOS 20.09] Most services will be restarted.

NixOS 21.05 platform

• Gitlab: 13.12.4 -> 13.12.7 (#PL-129936).

• Refactoring of our network configuration to remove dependency on policy routing and simplify the setup.

• Improve secrecy of fc.agent directory access by avoiding the password to be shown in exceptions.

• Stabilize Ceph (Monitors and OSDs).

• Include machine “profile” as label in prometheus.

• Do not check for steal on physical machines.

• Improve our installer for NixOS on physical machines.

• Merge upstream NixOS changes that include security fixes and other updates (#PL-129959):

  • consul: 1.9.5 -> 1.9.7

  • dovecot: 2.3.14 -> 2.3.15

  • go_1_15: 1.15.12 -> 1.15.13

  • grafana: 7.5.7 -> 7.5.9

  • imagemagick6: 6.9.12-15 -> 6.9.12-17

  • jetty: 9.4.39.v20210325 -> 9.4.41.v20210516 (CVE-2021-28169)

  • linux: 5.10.44 -> 5.10.45

  • matrix-synapse: 1.36.0 -> 1.37.1

• Production channel URL for this release: https://hydra.flyingcircus.io/build/96633/download/1/nixexprs.tar.xz

NixOS 20.09 platform

• Merge upstream NixOS changes that include security fixes and other updates (#PL-129963):

  • apacheHttpd: 2.4.46 -> 2.4.48

  • dovecot: add patches for CVE-2021-29157 & CVE-2021-33515

  • go_1_15: 1.15.10 -> 1.15.13

  • go_1_16: 1.16.2 -> 1.16.3

  • imagemagick6: 6.9.12-15 -> 6.9.12-17

  • imagemagick7: 7.1.0-0 -> 7.1.0-2

  • lldpd: add patch for CVE-2020-27827

• Production channel URL for this release: https://hydra.flyingcircus.io/build/96512/download/1/nixexprs.tar.xz

Detailed Changes

• NixOS 21.05: platform code, upstream changes

• NixOS 20.09: platform code, nixpkgs/upstream changes