Release 2022_023 (2022-09-26)¶
Impact¶
[NixOS 22.05] PostgreSQL, matrix-synapse, nextcloud and Gitlab will be restarted. Machines will schedule a reboot to activate the changed kernel.
NixOS 22.05 platform¶
webgateway/nginx: set HTTP version to 1.1 (before: 1.0) and timeouts to 60s (before: 90s) in
recommendedProxySettings
which are enabled by default. The timeout can be changed via the newservices.nginx.proxyTimeout
option. The switch to HTTP/1.1 fixes HTTP 413 responses from haproxy when Nginx passes a GET requests with a request body. haproxy stopped to accept these requests via HTTP/1.0 starting with version 2.5 because they could be a security risk. You may want to check plain nginx config in/etc/local/nginx
and change these settings accordingly or remove them to use the defaults (#PL-130875).Fix a logrotate config check failure when
extraRules
are defined but noseparateFacilities
(#PL-130890).Improve init process for new machines which fixes an issue with unusable machines bootstrapped on 22.05 in production. The changes also increase reliability of the process and shortens the time until a VM reaches desired states. SSH access to new machines now works earlier (using an IP address, DNS may still take some time for new machines) (#PL-130893).
Write state version (currently equal to the platform version: 22.05) to
/etc/local/nixos/state_version
. This has no effect for now but allows us to manage platform upgrades better in the future (#PL-130893).Fix broken
httpd.service
andnginx.service
unit files when the services are not enabled. This caused confusing („has a bad unit file setting“) error messages (#PL-130503).Pull upstream NixOS changes that include security fixes and other updates (#PL-130892):
element-web: 1.11.4 -> 1.11.5
gcc12: 12.1.0 -> 12.2.0
git: 2.36.0 -> 2.36.2, fix CVE-2022-29187
github-runner: 2.295.0 -> 2.296.2
gitlab: 15.2.2 -> 15.3.3
go_1_17: 1.17.10 -> 1.17.13
go_1_18: 1.18.2 -> 1.18.6
grafana: 8.5.9 -> 8.5.11 (CVE-2022-31176)
imagemagick: 7.1.0-46 -> 7.1.0-48
inetutils: add patch for CVE-2022-39028
k3s: 1.23.6+k3s1 -> 1.23.10+k3s1
libtiff: patch CVE-2022-{2867,2868,2869}
linux: 5.10.136 -> 5.10.143
matrix-synapse: 1.65.0 -> 1.67.0
nextcloud24: 24.0.4 -> 24.0.5
nss_latest: 3.81 -> 3.82
podman: 4.1.1 -> 4.2.0
postgresql_10: 10.21 -> 10.22
postgresql_11: 11.16 -> 11.17
postgresql_12: 12.11 -> 12.12
postgresql_13: 13.7 -> 13.8
postgresql_14: 14.4 -> 14.5
qemu: add patch for CVE-2020-14394
qemu: add patches for CVE-2022-0216
rsync: 3.2.3 -> 3.2.5
samba: 4.15.5 -> 4.15.9
vim: 8.2.5172 -> 9.0.0244, fix CVE-2022-25{22,71,8{0,1},98}
Production channel URL for this release: https://hydra.flyingcircus.io/build/190932/download/1/nixexprs.tar.xz
NixOS 21.11 platform¶
Write state version (currently equal to the platform version: 21.11) to
/etc/local/nixos/state_version
. This has no effect for now but allows us to manage platform upgrades better in the future (#PL-130893).Production channel URL for this release: https://hydra.flyingcircus.io/build/190759/download/1/nixexprs.tar.xz
Detailed Changes¶
NixOS 22.05: platform code, upstream changes
NixOS 21.11: platform code