Release 2022_027 (2022-11-09)

Impact

  • [NixOS 22.05] Most services will be restarted because of a core dependency change. Machines will schedule a reboot to activate the changed kernel.

NixOS 22.05 platform

  • nginx: we had released a hotfix to production on 2022-10-31 to temporarily use openssl 1.1 instead of openssl 3.0 to avoid a critical vulnerability which was made public on 2022-11-01. It is now replaced by an update to openssl 3.0.7. (#PL-131034).

  • Pull upstream NixOS changes, security fixes and package updates (#PL-131035):

    • dbus: 1.14.0 -> 1.14.4 (CVE-2022-42010, CVE-2022-42011, CVE-2022-42012)

    • gitlab: 15.4.2 -> 15.4.4

    • go_1_18: 1.18.6 -> 1.18.7

    • grafana: 8.5.13 -> 8.5.14

    • linux: 5.10.148 -> 5.10.152

    • matrix-synapse: 1.68.0 -> 1.70.0

    • mysql80: 8.0.29 -> 8.0.31

    • nginxMainline: 1.23.0 -> 1.23.2

    • nginxStable: 1.22.0 -> 1.22.1

    • openssl: 3.0.5 -> 3.0.7 (CVE-2022-3786, CVE-2022-3602)

    • php80: 8.0.24 -> 8.0.25

    • php81: 8.1.11 -> 8.1.12

    • qemu: add patch for CVE-2022-3165

    • rabbitmq-server: 3.9.14 -> 3.9.18

    • sudo: apply patch for CVE-2022-43995

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/205065/download/1/nixexprs.tar.xz

Detailed Changes