Release 2022_027 (2022-11-09)

Impact

• [NixOS 22.05] Most services will be restarted because of a core dependency change. Machines will schedule a reboot to activate the changed kernel.

NixOS 22.05 platform

• nginx: we had released a hotfix to production on 2022-10-31 to temporarily use openssl 1.1 instead of openssl 3.0 to avoid a critical vulnerability which was made public on 2022-11-01. It is now replaced by an update to openssl 3.0.7. (#PL-131034).

• Pull upstream NixOS changes, security fixes and package updates (#PL-131035):

  • dbus: 1.14.0 -> 1.14.4 (CVE-2022-42010, CVE-2022-42011, CVE-2022-42012)

  • gitlab: 15.4.2 -> 15.4.4

  • go_1_18: 1.18.6 -> 1.18.7

  • grafana: 8.5.13 -> 8.5.14

  • linux: 5.10.148 -> 5.10.152

  • matrix-synapse: 1.68.0 -> 1.70.0

  • mysql80: 8.0.29 -> 8.0.31

  • nginxMainline: 1.23.0 -> 1.23.2

  • nginxStable: 1.22.0 -> 1.22.1

  • openssl: 3.0.5 -> 3.0.7 (CVE-2022-3786, CVE-2022-3602)

  • php80: 8.0.24 -> 8.0.25

  • php81: 8.1.11 -> 8.1.12

  • qemu: add patch for CVE-2022-3165

  • rabbitmq-server: 3.9.14 -> 3.9.18

  • sudo: apply patch for CVE-2022-43995

• Production channel URL for this release: https://hydra.flyingcircus.io/build/205065/download/1/nixexprs.tar.xz

Detailed Changes

• NixOS 22.05: platform code, upstream changes