Release 2023_017 (2023-07-11)

Impact

• [NixOS 23.05] Most services will restarted because of a core dependency change. Machines will schedule a reboot to activate the changed kernel.

• [NixOS 22.11] Gitlab will be restarted.

NixOS 23.05 platform

• Provide more packages with support for legacy algorithms in libxcrypt. The mailserver, lamp, webgateway and nginx roles use these as default. See the upgrade documentation for more details (PL-131617).

• Pull upstream NixOS changes, security fixes and package updates (PL-131621):

  • bind: 9.18.14 -> 9.18.16 (CVE-2023-2828, CVE-2023-2911, CVE-202-3094, CVE-2022-3736, CVE-2023-3924)

  • cacert: 3.89.1 -> 3.90

  • cmake: 3.25.3 -> 3.26.4

  • gitlab: 16.0.5 -> 16.1.2

  • imagemagick: 7.1.1-11 -> 7.1.1-12

  • libtiff: 4.5.0 -> 4.5.1 (CVE-2023-25434, CVE-2023-26965)

  • linux: 6.1.35 -> 6.1.37

  • mastodon: 4.1.2 -> 4.1.3 (CVE-2023-36460, CVE-2023-36459)

  • nss_latest: 3.90 -> 3.91

  • python310: 3.10.11 -> 3.10.12 (CVE-2023-24329)

  • python311: 3.11.3 -> 3.11.4 (CVE-2023-24329)

  • roundcube: 1.6.1 -> 1.6.2

  • strace: 6.3 -> 6.4

  • systemd: fix services not stopping

  • xorg.libX11: 1.8.4 → 1.8.6

• Production channel URL for this release: https://hydra.flyingcircus.io/build/277924/download/1/nixexprs.tar.xz

NixOS 22.11 platform

• Gitlab: 15.11.8 -> 15.11.11 (PL-131615).

• Production channel URL for this release: https://hydra.flyingcircus.io/build/277870/download/1/nixexprs.tar.xz

NixOS 21.05 platform

• internal changes only

• Production channel URL for this release: https://hydra.flyingcircus.io/build/277838/download/1/nixexprs.tar.xz

Detailed Changes

• NixOS 23.05: platform code, upstream changes

• NixOS 22.11: platform code, upstream changes

• NixOS 21.05: platform code