Release 2023_001 (2023-01-17)

Impact

• [NixOS 22.05] Most services will be restarted because of a core dependency change. Machines will schedule a reboot to activate the changed kernel.

• [NixOS 22.05] matomo will be restarted.

• [NixOS 22.05] Jitsi will be restarted and conferences will be interrupted for a short period of time.

NixOS 22.05 platform

• Pull upstream NixOS changes, security fixes and package updates (#PL-131189):

  • cacert: 3.83 -> 3.86

  • cacert: Distrust TrustCor root certificates

  • curl: backport 7.87.0 security fixes (CVE-2022-43551, CVE-2022-43552)

  • imagemagick: 7.1.0-53 -> 7.1.0-56

  • libtiff: add patch for CVE-2022-3970

  • linux: 5.10.158 -> 5.10.161

  • matrix-synapse: 1.73.0 -> 1.74.0

  • nss_latest: 3.84 -> 3.86

  • python310: 3.10.8 -> 3.10.9 (CVE-2022-37454, CVE-2022-45061, CVE-2022-42919)

  • python310: revert asyncio changes done in 3.10.9

  • python39: 3.9.15 -> 3.9.16 (CVE-2022-37454, CVE-2022-42919, CVE-2022-45061, CVE-2015-20107)

  • python3Packages.pillow: add patch for CVE-2022-45198, test for CVE-2022-45199

  • qemu: add patches for CVE-2022-4172 & CVE-2022-4144

  • sqlite: add patch for CVE-2022-46908

  • systemd: 250.8 -> 250.9

• matomo: update to 4.13.0 (#PL-131146).

• Jitsi: update all packages to latest stable release (#PL-131178).

• Production channel URL for this release: https://hydra.flyingcircus.io/build/216361/download/1/nixexprs.tar.xz

NixOS 21.05 platform

• Add administrator key for Oliver Schmidt.

• Various internal changes affecting Ceph storage and KVM hosts. Fix issues with VM live migration which caused sporadic VM downtimes for up to 10 minutes (#PL-131066, #PL-130693, #PL-131149).

• Production channel URL for this release: https://hydra.flyingcircus.io/build/216558/download/1/nixexprs.tar.xz

Detailed Changes

• NixOS 22.05: platform code, upstream changes

• NixOS 21.05: platform code