Release 2021_031 (2021-09-27)

Impact

• [NixOS 21.05] Most services will be restarted to a core dependency change. VMs will schedule a reboot to activate the changed kernel.

NixOS 21.05 platform

• Webgateway docs: document Nix as the recommended configuration method for Nginx. An example NixOS module for that can be found at /etc/local/nixos/nginx.nix.example (#PL-129629).

• Mysql/Percona: make xtrabackup available with a version matching the running server. xtrabackup can be run by service users with sudo now (#PL-129826).

• Merge upstream NixOS changes that include security fixes and other updates (#PL-130108):

  • apacheHttpd: 2.4.48 -> 2.4.49 (CVE-2021-33193, CVE-2021-34798, CVE-2021-36160, CVE-2021-39275, CVE-2021-40438)

  • element-web: 1.8.2 -> 1.8.5

  • github-runner: 2.279.0 -> 2.282.0

  • glibc: 2.32-48 2.32-54

  • go_1_16: 1.16.7 -> 1.16.8

  • imagemagick: 7.1.0-5 -> 7.1.0-6

  • linux: 5.10.60 -> 5.10.67

  • matrix-synapse: 1.42.0 -> 1.43.0

  • nss: 3.68 -> 3.70

  • nodejs: 12.22.4 -> 12.22.6, 14.17.4 -> 14.17.6, 16.4.1 -> 16.8.0

  • openssl: 1.1.1k -> 1.1.1l

  • php74: 7.4.21 -> 7.4.23

  • postgresql_10: 10.17 -> 10.18

  • postgresql_11: 11.12 -> 11.13

  • postgresql_12: 12.7 -> 12.8

  • postgresql_13: 13.3 -> 13.4

  • postgresql_9_6: 9.6.22 -> 9.6.23

  • python: 3.8.9 -> 3.8.11, 3.6.13 -> 3.6.14, 3.7.10 -> 3.7.11, 3.9.4 -> 3.9.6

  • rPackages.RMySQL: fix package

  • wget: 1.21.1 -> 1.21.2 (CVE-2021-31879)

  • wireguard-tools: 1.0.20210424 -> 1.0.20210914

• Jitsi: update jitsi-videobridge, jicofo and jitsi-meet to latest stable versions. End-to-end encryption works with these versions now (#PL-130110).

• Provide a basic reusable wireguard installation and always generate one key pair with appropriate permissions (#PL-130025).

• Production channel URL for this release: https://hydra.flyingcircus.io/build/103566/download/1/nixexprs.tar.xz

Detailed Changes

• NixOS 21.05: platform code, upstream changes