Release 2023_030 (2023-11-20)

Impact

• [NixOS 23.05] Many services will be restarted because of a core dependency change.

NixOS 23.05 platform

• adjust home dir permissions for service users correctly when machines see a different UID at a later time. Ownership is now set for the (service) user name, not the UID (PL-131881).

• fc-userscan/garbage collect: ignore all dirs starting with nixpkgs because scanning them takes a long time and yields false positives. In addition to that, pkgs/test/make-binary-wrapper from nixpkgs is ignored explicitly because it crashes userscan at the moment (PL-131439).

• k3s/kubernetes: implement clean automated maintenance. Agent nodes are drained (pods move to other nodes if possible) before executing maintenance requests and are uncordoned after maintenance is finished. Only one agent node can be in maintenance at any given time (PL-131525).

• mailman: restart service on failure (PL-131783).

• percona80: 8.0.32-24 -> 8.0.34-26 (PL-131639)

• Pull upstream NixOS changes, security fixes and package updates (PL-131920):

  • chromedriver: 118.0.5993.70 -> 119.0.6045.105

  • chromium: 118.0.5993.117 -> 119.0.6045.105

  • element-web: 1.1.46 -> 1.1.47

  • gitlab-container-registry: 3.84.0 -> 3.85.0

  • gitlab: 16.4.1 -> 16.5.1

  • libtiff: patch for CVE-2023-41175 & CVE-2023-40745

  • openssl_3: 3.0.11 -> 3.0.12 (CVE-2023-5363)

  • procps: patch CVE-2023-4016

  • python310Packages.urllib3: 1.26.14 -> 1.26.18 (CVE-2023-45803)

  • strace: 6.5 -> 6.6

• Production channel URL for this release: https://hydra.flyingcircus.io/build/324213/download/1/nixexprs.tar.xz

Detailed Changes

• NixOS 23.05: platform code, upstream changes