Release 2022_009 (2022-03-28)

Impact

  • [NixOS 21.11] All LAMP servers will be restarted and switched from mod_php to FPM.

  • [NixOS 21.11] Most services will be restarted because of core dependency changes. VM will schedule a reboot to activate the new kernel.

  • [NixOS 21.05] LAMP: Apache will be restarted.

NixOS 21.11 platform

  • This is the first production release of the 21.11 platform. Default version for new production VMs is still 21.05.

  • LAMP: switch from mod_php to FPM due to stability reasons and for future flexibility (#PL-130496).

  • Add setuptools to global Python 3 which was dropped in the transition from 21.05 to 21.11. This avoid errors like ModuleNotFoundError: No module named 'pkg_resources'. In general, applications should not depend on the globally installed python3 interpreter but we re-add this to make upgrades to 21.11 easier (#PL-130510).

  • Make sure that home dir permissions are always set correctly when activating a new system (#PL-130524).

  • Pull upstream NixOS changes that include security fixes and other updates (#PL-130446, #PL-130514):

    • bind: 9.16.25 -> 9.16.27 (CVE-2021-25220, CVE-2022-0396)

    • element-web: 1.10.1 -> 1.10.6

    • gitlab: 14.7.1 -> 14.8.4

    • glibc: 2.33-117 -> 2.33-123

    • grafana: 8.3.6 -> 8.4.4

    • imagemagick: 7.1.0-24 -> 7.1.0-26

    • linux: 5.10.99 -> 5.10.106

    • matrix-synapse: 1.52.0 -> 1.54.0

    • mysql57: 5.7.27 -> 5.7.37

    • nginxModules.modsecurity-nginx: 1.0.1 -> 1.0.2

    • nodejs-12_x: 12.22.9 -> 12.22.11

    • nodejs-14_x: 14.18.3 -> 14.19.1

    • nodejs-16_x: 16.13.2 -> 16.14.2

    • nodejs-17_x: 17.4.0 -> 17.7.2

    • openssl_1_1: 1.1.1m -> 1.1.1n (CVE-2022-0778)

    • openssl_3_0: 3.0.1 -> 3.0.2 (CVE-2022-0778)

    • php74: 7.4.27 -> 7.4.28

    • php80: 8.0.14 -> 8.0.16

    • postfix: 3.6.4 -> 3.6.5

    • postgresql_10: 10.19 -> 10.20

    • postgresql_11: 11.14 -> 11.15

    • postgresql_12: 12.9 -> 12.10

    • postgresql_13: 13.5 -> 13.6

    • postgresql_14: 14.1 -> 14.2

    • util-linux: 2.37.3 -> 2.37.4 (CVE-2022-0563)

    • nixos/tomcat: configure default group and fix broken default package reference

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/145761/download/1/nixexprs.tar.xz

NixOS 21.05 platform

  • LAMP role: provide FPM as an alternative to the mod_php based environments. This is a drop-in replacement and can be enabled using the flyingcircus.roles.lamp.useFPM flag (#PL-130496).

  • Make sure that home dir permissions are always set correctly when activating a new system (#PL-130524).

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/145685/download/1/nixexprs.tar.xz

Detailed Changes