Release 2023_014 (2023-06-19)¶

Impact¶

[NixOS 23.05] most services will be restarted due to a core dependency change
[NixOS 22.11] MySQL, PostgreSQL, RabbitMQ, and php-fpm will be restarted. Machines will schedule a reboot to activate the changed kernel.

Pull upstream NixOS changes, security fixes and package updates:
- element-{web,desktop}: 1.11.32 -> 1.11.33
- python38: 3.8.16 -> 3.8.17 (CVE-2023-24329)
- python39: 3.9.16 -> 3.9.17 (CVE-2023-24329)
- python312: 3.12.0b1 -> 3.12.0b2
- php82: 8.2.6 -> 8.2.7
- php81: 8.1.19 -> 8.1.20
- php80: 8.0.28 -> 8.0.29
- systemd: 253.3 -> 253.5
- opencv: add patches for CVE-2023-2617 & CVE-2023-2618
- openssl: 3.0.8 -> 3.0.9 (CVE-2023-2650, CVE-2023-1255, CVE-2023-0466, CVE-2023-0465 CVE-2023-0464)
- ffmpeg_4: 4.4.3 -> 4.4.4
- curl: 8.0.1 -> 8.1.1 (CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322)
- binutils: fix CVE-2023-1972
- grafana: 9.5.2 -> 9.5.3 (CVE-2023-2801, CVE-2023-2183)
Production channel URL for this release: https://hydra.flyingcircus.io/build/269200/download/1/nixexprs.tar.xz

Update nixpkgs

Pull upstream NixOS changes, security fixes and package updates:
- grafana: 9.4.9 -> 9.4.12 (CVE-2023-2183, CVE-2023-2801)
- matrix-synapse: 1.84.1 -> 1.85.1
- chromium: 113.0.5672.126 -> 114.0.5735.106 (CVE-2023-3079, CVE-2023-2929 CVE-2023-2930 CVE-2023-2931 CVE-2023-2932 CVE-2023-2933 CVE-2023-2934 CVE-2023-2935 CVE-2023-2936 CVE-2023-2937 CVE-2023-2938 CVE-2023-2939 CVE-2023-2940 CVE-2023-2941)
- imagemagick: 7.1.1-10 -> 7.1.1-11
- linux: 5.15.113 -> 5.15.114
- openssl_1_1: 1.1.1t -> 1.1.1u (CVE-2023-2650, CVE-2023-0466, CVE-2023-0465, CVE-2023-0464)
Production channel URL for this release: https://hydra.flyingcircus.io/build/269306/download/1/nixexprs.tar.xz