Release 2022_009 (2022-03-28)¶
Impact¶
[NixOS 21.11] All LAMP servers will be restarted and switched from mod_php to FPM.
[NixOS 21.11] Most services will be restarted because of core dependency changes. VM will schedule a reboot to activate the new kernel.
[NixOS 21.05] LAMP: Apache will be restarted.
NixOS 21.11 platform¶
This is the first production release of the 21.11 platform. Default version for new production VMs is still 21.05.
LAMP: switch from mod_php to FPM due to stability reasons and for future flexibility (#PL-130496).
Add setuptools to global Python 3 which was dropped in the transition from 21.05 to 21.11. This avoid errors like
ModuleNotFoundError: No module named 'pkg_resources'
. In general, applications should not depend on the globally installed python3 interpreter but we re-add this to make upgrades to 21.11 easier (#PL-130510).Make sure that home dir permissions are always set correctly when activating a new system (#PL-130524).
Pull upstream NixOS changes that include security fixes and other updates (#PL-130446, #PL-130514):
bind: 9.16.25 -> 9.16.27 (CVE-2021-25220, CVE-2022-0396)
element-web: 1.10.1 -> 1.10.6
gitlab: 14.7.1 -> 14.8.4
glibc: 2.33-117 -> 2.33-123
grafana: 8.3.6 -> 8.4.4
imagemagick: 7.1.0-24 -> 7.1.0-26
linux: 5.10.99 -> 5.10.106
matrix-synapse: 1.52.0 -> 1.54.0
mysql57: 5.7.27 -> 5.7.37
nginxModules.modsecurity-nginx: 1.0.1 -> 1.0.2
nodejs-12_x: 12.22.9 -> 12.22.11
nodejs-14_x: 14.18.3 -> 14.19.1
nodejs-16_x: 16.13.2 -> 16.14.2
nodejs-17_x: 17.4.0 -> 17.7.2
openssl_1_1: 1.1.1m -> 1.1.1n (CVE-2022-0778)
openssl_3_0: 3.0.1 -> 3.0.2 (CVE-2022-0778)
php74: 7.4.27 -> 7.4.28
php80: 8.0.14 -> 8.0.16
postfix: 3.6.4 -> 3.6.5
postgresql_10: 10.19 -> 10.20
postgresql_11: 11.14 -> 11.15
postgresql_12: 12.9 -> 12.10
postgresql_13: 13.5 -> 13.6
postgresql_14: 14.1 -> 14.2
util-linux: 2.37.3 -> 2.37.4 (CVE-2022-0563)
nixos/tomcat: configure default group and fix broken default package reference
Production channel URL for this release: https://hydra.flyingcircus.io/build/145761/download/1/nixexprs.tar.xz
NixOS 21.05 platform¶
LAMP role: provide FPM as an alternative to the mod_php based environments. This is a drop-in replacement and can be enabled using the flyingcircus.roles.lamp.useFPM flag (#PL-130496).
Make sure that home dir permissions are always set correctly when activating a new system (#PL-130524).
Production channel URL for this release: https://hydra.flyingcircus.io/build/145685/download/1/nixexprs.tar.xz
Detailed Changes¶
NixOS 21.05: platform code