Release 2023_023 (2023-10-04)

Impact

  • [NixOS 23.05] Machines will reboot after the update to activate the changed kernel.

NixOS 23.05 platform

  • fc-agent: make scheduled system updates more reliable and less noisy when temporary failures occur (PL-131774, PL-131769).

  • Pull upstream NixOS changes, security fixes and package updates (PL-131765):

    • bind: 9.18.16 -> 9.18.19

    • dovecot: 2.3.20 -> 2.3.21

    • element-web: 1.11.40 -> 1.11.43

    • github-runner: 2.307.1 -> 2.309.0

    • gitlab-container-registry: 3.79.0 -> 3.82.0

    • gitlab: 16.1.3 -> 16.3.4

    • go_1_20: 1.20.7 -> 1.20.8

    • imagemagick: 7.1.1-15 -> 7.1.1-18

    • inetutils: add patch for CVE-2023-40303

    • k3s: 1.26.4 -> 1.26.6

    • libwebp: fix for CVE-2023-486

    • linux: 6.1.51 -> 6.1.55

    • mastodon: 4.1.6 -> 4.1.9

    • matrix-synapse: 1.91.0 -> 1.92.1

    • nss_latest: 3.92 -> 3.93

    • openssl_1_1: apply patch for CVE-2023-4807

    • php81: 8.1.20 -> 8.1.23

    • php82: 8.2.9 -> 8.2.10

    • python38: 3.8.17 -> 3.8.18 (CVE-2023-40217)

    • python39: 3.9.17 -> 3.9.18 (CVE-2023-40217)

    • roundcube: 1.6.2 -> 1.6.3

    • strace: 6.4 -> 6.5

  • lamp: add attribute name for vhosts. The default behavior remains identical.

  • nfs: The export options on managed NFS servers can now be customized (PL-131538).

  • postgresql: Automatically monitor for a new warning that PostgreSQL issues if collations have potentially changed. Automatically upgrade (and silence) those warnings if no objects are actually affected (PL-131544).

  • slurm: the fc-slurm all-nodes ready command which is used by our automated maintenance system now waits for the nodes to actually become ready by checking their reported state (PL-131739).

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/302940/download/1/nixexprs.tar.xz

Detailed Changes