Release 2022_030 (2022-12-05)

Impact

• [NixOS 22.05] Most services will be restarted because of a core dependency change. Machines will schedule a reboot to activate the changed kernel.

NixOS 22.05 platform

• Add administrator key for Oliver Schmidt.

• Pull upstream NixOS changes, security fixes and package updates (#PL-131090):

  • curl: add patches for CVE-2022-35252, CVE-2022-32221, CVE-2022-42915, CVE-2022-42916

  • github-runner: 2.296.2 -> 2.299.1

  • grafana: 8.5.14 -> 8.5.15

  • imagemagick: 7.1.0-48 -> 7.1.0-52

  • libtiff: add patches for CVE-2022-3626, CVE-2022-3627, CVE-2022-3597, CVE-2022-3598, CVE-2022-3570

  • linux: 5.10.152 -> 5.10.155

  • matrix-synapse: 1.70.1 -> 1.72.0

  • nss: 3.79.1 -> 3.79.2

  • php74: 7.4.32 -> 7.4.33 (CVE-2022-31630, CVE-2022-37454)

  • python310: 3.10.4 -> 3.10.8 (CVE-2020-10735)

  • python38: 3.8.13 -> 3.8.15 (CVE-2020-10735)

  • python39: 3.9.13 -> 3.9.15 (CVE-2020-10735)

  • redis: patch for CVE-2022-3647

  • strace: 5.19 -> 6.0

  • systemd: 250.4 -> 250.8

  • tomcat9: 9.0.53 -> 9.0.68 (CVE-2021-42340, CVE-2021-43980, CVE-2022-23181, CVE-2022-29885, CVE-2022-34305, CVE-2022-42252)

  • tomcat10: 10.0.11 -> 10.0.27 (CVE-2021-42340, CVE-2021-43980 CVE-2022-23181, CVE-2022-29885, CVE-2022-34305, CVE-2022-42252)

• Production channel URL for this release: https://hydra.flyingcircus.io/build/209823/download/1/nixexprs.tar.xz

NixOS 21.11 platform

• Add administrator key for Oliver Schmidt.

• Production channel URL for this release: https://hydra.flyingcircus.io/build/209950/download/1/nixexprs.tar.xz

NixOS 20.09 platform

• Add administrator key for Oliver Schmidt and Nils Möller.

• Production channel URL for this release: https://hydra.flyingcircus.io/build/209714/download/1/nixexprs.tar.xz

Gentoo platform

• Add administrator key for Oliver Schmidt and Nils Möller.

Detailed Changes

• NixOS 22.05: platform code, upstream changes