Release 2021_023 (2021-07-12)

Impact

  • [NixOS 21.05] Most services will be restarted. VMs will schedule a reboot to activate the new kernel version.

  • [NixOS 20.09] Most services will be restarted.

NixOS 21.05 platform

  • Gitlab: 13.12.4 -> 13.12.7 (#PL-129936).

  • Refactoring of our network configuration to remove dependency on policy routing and simplify the setup.

  • Improve secrecy of fc.agent directory access by avoiding the password to be shown in exceptions.

  • Stabilize Ceph (Monitors and OSDs).

  • Include machine „profile“ as label in prometheus.

  • Do not check for steal on physical machines.

  • Improve our installer for NixOS on physical machines.

  • Merge upstream NixOS changes that include security fixes and other updates (#PL-129959):

    • consul: 1.9.5 -> 1.9.7

    • dovecot: 2.3.14 -> 2.3.15

    • go_1_15: 1.15.12 -> 1.15.13

    • grafana: 7.5.7 -> 7.5.9

    • imagemagick6: 6.9.12-15 -> 6.9.12-17

    • jetty: 9.4.39.v20210325 -> 9.4.41.v20210516 (CVE-2021-28169)

    • linux: 5.10.44 -> 5.10.45

    • matrix-synapse: 1.36.0 -> 1.37.1

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/96633/download/1/nixexprs.tar.xz

NixOS 20.09 platform

  • Merge upstream NixOS changes that include security fixes and other updates (#PL-129963):

    • apacheHttpd: 2.4.46 -> 2.4.48

    • dovecot: add patches for CVE-2021-29157 & CVE-2021-33515

    • go_1_15: 1.15.10 -> 1.15.13

    • go_1_16: 1.16.2 -> 1.16.3

    • imagemagick6: 6.9.12-15 -> 6.9.12-17

    • imagemagick7: 7.1.0-0 -> 7.1.0-2

    • lldpd: add patch for CVE-2020-27827

  • Production channel URL for this release: https://hydra.flyingcircus.io/build/96512/download/1/nixexprs.tar.xz

Detailed Changes