Release 2021_031 (2021-09-27)

Impact

  • [NixOS 21.05] Most services will be restarted to a core dependency change. VMs will schedule a reboot to activate the changed kernel.

NixOS 21.05 platform

  • Webgateway docs: document Nix as the recommended configuration method for Nginx. An example NixOS module for that can be found at /etc/local/nixos/nginx.nix.example (#PL-129629).

  • Mysql/Percona: make xtrabackup available with a version matching the running server. xtrabackup can be run by service users with sudo now (#PL-129826).

  • Merge upstream NixOS changes that include security fixes and other updates (#PL-130108):

    • apacheHttpd: 2.4.48 -> 2.4.49 (CVE-2021-33193, CVE-2021-34798, CVE-2021-36160, CVE-2021-39275, CVE-2021-40438)

    • element-web: 1.8.2 -> 1.8.5

    • github-runner: 2.279.0 -> 2.282.0

    • glibc: 2.32-48 2.32-54

    • go_1_16: 1.16.7 -> 1.16.8

    • imagemagick: 7.1.0-5 -> 7.1.0-6

    • linux: 5.10.60 -> 5.10.67

    • matrix-synapse: 1.42.0 -> 1.43.0

    • nss: 3.68 -> 3.70

    • nodejs: 12.22.4 -> 12.22.6, 14.17.4 -> 14.17.6, 16.4.1 -> 16.8.0

    • openssl: 1.1.1k -> 1.1.1l

    • php74: 7.4.21 -> 7.4.23

    • postgresql_10: 10.17 -> 10.18

    • postgresql_11: 11.12 -> 11.13

    • postgresql_12: 12.7 -> 12.8

    • postgresql_13: 13.3 -> 13.4

    • postgresql_9_6: 9.6.22 -> 9.6.23

    • python: 3.8.9 -> 3.8.11, 3.6.13 -> 3.6.14, 3.7.10 -> 3.7.11, 3.9.4 -> 3.9.6

    • rPackages.RMySQL: fix package

    • wget: 1.21.1 -> 1.21.2 (CVE-2021-31879)

    • wireguard-tools: 1.0.20210424 -> 1.0.20210914

  • Jitsi: update jitsi-videobridge, jicofo and jitsi-meet to latest stable versions. End-to-end encryption works with these versions now (#PL-130110).

  • Provide a basic reusable wireguard installation and always generate one key pair with appropriate permissions (#PL-130025).

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/103566/download/1/nixexprs.tar.xz

Detailed Changes