Release 2023_001 (2023-01-17)

Impact

  • [NixOS 22.05] Most services will be restarted because of a core dependency change. Machines will schedule a reboot to activate the changed kernel.

  • [NixOS 22.05] matomo will be restarted.

  • [NixOS 22.05] Jitsi will be restarted and conferences will be interrupted for a short period of time.

NixOS 22.05 platform

  • Pull upstream NixOS changes, security fixes and package updates (#PL-131189):

    • cacert: 3.83 -> 3.86

    • cacert: Distrust TrustCor root certificates

    • curl: backport 7.87.0 security fixes (CVE-2022-43551, CVE-2022-43552)

    • imagemagick: 7.1.0-53 -> 7.1.0-56

    • libtiff: add patch for CVE-2022-3970

    • linux: 5.10.158 -> 5.10.161

    • matrix-synapse: 1.73.0 -> 1.74.0

    • nss_latest: 3.84 -> 3.86

    • python310: 3.10.8 -> 3.10.9 (CVE-2022-37454, CVE-2022-45061, CVE-2022-42919)

    • python310: revert asyncio changes done in 3.10.9

    • python39: 3.9.15 -> 3.9.16 (CVE-2022-37454, CVE-2022-42919, CVE-2022-45061, CVE-2015-20107)

    • python3Packages.pillow: add patch for CVE-2022-45198, test for CVE-2022-45199

    • qemu: add patches for CVE-2022-4172 & CVE-2022-4144

    • sqlite: add patch for CVE-2022-46908

    • systemd: 250.8 -> 250.9

  • matomo: update to 4.13.0 (#PL-131146).

  • Jitsi: update all packages to latest stable release (#PL-131178).

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/216361/download/1/nixexprs.tar.xz

NixOS 21.05 platform

  • Add administrator key for Oliver Schmidt.

  • Various internal changes affecting Ceph storage and KVM hosts. Fix issues with VM live migration which caused sporadic VM downtimes for up to 10 minutes (#PL-131066, #PL-130693, #PL-131149).

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/216558/download/1/nixexprs.tar.xz

Detailed Changes