A new release of the Ubuntu Cloud Images for stable Ubuntu release 20.04 LTS (Focal Fossa) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * alsa-lib: 1.2.2-2.1ubuntu2.2 => 1.2.2-2.1ubuntu2.3 * apport: 2.20.11-0ubuntu27.13 => 2.20.11-0ubuntu27.14 * cloud-init: 20.3-2-g371b392c-0ubuntu1~20.04.1 => 20.4-0ubuntu1~20.04.1 * libproxy: 0.4.15-10ubuntu1.1 => 0.4.15-10ubuntu1.2 * linux-meta: 5.4.0.54.57 => 5.4.0.59.62 * linux-signed: 5.4.0-54.60 => 5.4.0-59.65 * p11-kit: 0.23.20-1build1 => 0.23.20-1ubuntu0.1 * python-apt: 2.0.0ubuntu0.20.04.2 => 2.0.0ubuntu0.20.04.3 * update-notifier: 3.192.30 => 3.192.30.3 The following is a complete changelog for this image. new: {'linux-modules-5.4.0-59-generic': '5.4.0-59.65', 'linux-headers-5.4.0-59': '5.4.0-59.65', 'linux-headers-5.4.0-59-generic': '5.4.0-59.65'} removed: {'linux-headers-5.4.0-54-generic': '5.4.0-54.60', 'linux-modules-5.4.0-54-generic': '5.4.0-54.60', 'linux-headers-5.4.0-54': '5.4.0-54.60'} changed: ['apport', 'cloud-init', 'libasound2-data', 'libasound2:amd64', 'libp11-kit0:amd64', 'libproxy1v5:amd64', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-5.4.0-59-generic', 'linux-image-virtual', 'linux-virtual', 'python-apt-common', 'python3-apport', 'python3-apt', 'python3-problem-report', 'update-notifier-common'] new snaps: {} removed snaps: {} changed snaps: ['core18', 'snapd'] ==== alsa-lib: 1.2.2-2.1ubuntu2.2 => 1.2.2-2.1ubuntu2.3 ==== ==== libasound2-data libasound2:amd64 * d/p/0001-control-ctlparse-fix-enum-values-in-or.patch - Fix ctl parsing for enum value setting, let it support both "" and '' (LP: #1899857) ==== apport: 2.20.11-0ubuntu27.13 => 2.20.11-0ubuntu27.14 ==== ==== apport python3-apport python3-problem-report * data/apport: only drop supplemental groups if the user is root. (LP: #1906565) ==== cloud-init: 20.3-2-g371b392c-0ubuntu1~20.04.1 => 20.4-0ubuntu1~20.04.1 ==== ==== cloud-init * New upstream release. (LP: #1905599) - Release 20.4 (#686) [James Falcon] - tox: avoid tox testenv subsvars for xenial support (#684) - Ensure proper root permissions in integration tests (#664) [James Falcon] - LXD VM support in integration tests (#678) [James Falcon] - Integration test for fallocate falling back to dd (#681) [James Falcon] - .travis.yml: correctly integration test the built .deb (#683) - Ability to hot-attach NICs to preprovisioned VMs before reprovisioning (#613) [aswinrajamannar] - Support configuring SSH host certificates. (#660) [Jonathan Lung] - add integration test for #1900837 (#679) - cc_resizefs on FreeBSD: Fix _can_skip_ufs_resize (#655) [Mina Gali] - DataSourceAzure: push dmesg log to KVP (#670) [Anh Vo] - Make mount in place for tests work (#667) [James Falcon] - integration_tests: restore emission of settings to log (#657) - DataSourceAzure: update password for defuser if exists (#671) [Anh Vo] - tox.ini: only select "ci" marked tests for CI runs (#677) - Azure helper: Increase Azure Endpoint HTTP retries (#619) [Johnson Shi] - DataSourceAzure: send failure signal on Azure datasource failure (#594) [Johnson Shi] - test_persistence: simplify VersionIsPoppedFromState (#674) - only run a subset of integration tests in CI (#672) - cli: add --system param to allow validating system user-data on a machine (#575) - test_persistence: add VersionIsPoppedFromState test (#673) - introduce an upgrade framework and related testing (#659) - add --no-tty option to gpg (#669) [Till Riedel] - Pin pycloudlib to a working commit (#666) [James Falcon] - DataSourceOpenNebula: exclude SRANDOM from context output (#665) - cloud_tests: add hirsute release definition (#662) - split integration and cloud_tests requirements (#652) - faq.rst: add warning to answer that suggests running `clean` (#661) - Fix stacktrace in DataSourceRbxCloud if no metadata disk is found (#632) [Scott Moser] - Make wakeonlan Network Config v2 setting actually work (#626) [dermotbradley] - HACKING.md: unify network-refactoring namespace (#658) [Mina Gali] - replace usage of dmidecode with kenv on FreeBSD (#621) [Mina Gali] - Prevent timeout on travis integration tests. (#651) [James Falcon] - azure: enable pushing the log to KVP from the last pushed byte (#614) [Moustafa Moustafa] - Fix launch_kwargs bug in integration tests (#654) [James Falcon] - split read_fs_info into linux & freebsd parts (#625) [Mina Gali] - PULL_REQUEST_TEMPLATE.md: expand commit message section (#642) - Make some language improvements in growpart documentation (#649) [Shane Frasier] - Revert ".travis.yml: use a known-working version of lxd (#643)" (#650) - Fix not sourcing default 50-cloud-init ENI file on Debian (#598) [WebSpider] - remove unnecessary reboot from gpart resize (#646) [Mina Gali] - cloudinit: move dmi functions out of util (#622) [Scott Moser] - integration_tests: various launch improvements (#638) - test_lp1886531: don't assume /etc/fstab exists (#639) - Remove Ubuntu restriction from PR template (#648) [James Falcon] - util: fix mounting of vfat on *BSD (#637) [Mina Gali] - conftest: improve docstring for disable_subp_usage (#644) - doc: add example query commands to debug Jinja templates (#645) - Correct documentation and testcase data for some user-data YAML (#618) [dermotbradley] - Hetzner: Fix instance_id / SMBIOS serial comparison (#640) [Markus Schade] - .travis.yml: use a known-working version of lxd (#643) - tools/build-on-freebsd: fix comment explaining purpose of the script (#635) [Mina Gali] - Hetzner: initialize instance_id from system-serial-number (#630) [Markus Schade] - Explicit set IPV6_AUTOCONF and IPV6_FORCE_ACCEPT_RA on static6 (#634) [Eduardo Otubo] - get_interfaces: don't exclude Open vSwitch bridge/bond members (#608) [Lukas Mrdian] - Add config modules for controlling IBM PowerVM RMC. (#584) [Aman306] - Update network config docs to clarify MAC address quoting (#623) [dermotbradley] - gentoo: fix hostname rendering when value has a comment (#611) [Manuel Aguilera] - refactor integration testing infrastructure (#610) [James Falcon] - stages: don't reset permissions of cloud-init.log every boot (#624) - docs: Add how to use cloud-localds to boot qemu (#617) [Joshua Powers] - Drop vestigial update_resolve_conf_file function (#620) [Scott Moser] - cc_mounts: correctly fallback to dd if fallocate fails (#585) - .travis.yml: add integration-tests to Travis matrix (#600) - ssh_util: handle non-default AuthorizedKeysFile config (#586) [Eduardo Otubo] - Multiple file fix for AuthorizedKeysFile config (#60) [Eduardo Otubo] - bddeb: new --packaging-branch argument to pull packaging from branch (#576) [Paride Legovini] - Add more integration tests (#615) [lucasmoura] - DataSourceAzure: write marker file after report ready in preprovisioning (#590) [Johnson Shi] - integration_tests: emit settings to log during setup (#601) - integration_tests: implement citest tests run in Travis (#605) - Add Azure support to integration test framework (#604) [James Falcon] - openstack: consider product_name as valid chassis tag (#580) [Adrian Vladu] - azure: clean up and refactor report_diagnostic_event (#563) [Johnson Shi] - net: add the ability to blacklist network interfaces based on driver during enumeration of physical network devices (#591) [Anh Vo] - integration_tests: don't error on cloud-init failure (#596) - integration_tests: improve cloud-init.log assertions (#593) - conftest.py: remove top-level import of httpretty (#599) - tox.ini: add integration-tests testenv definition (#595) - PULL_REQUEST_TEMPLATE.md: empty checkboxes need a space (#597) - add integration test for #1886531 (#592) - Initial implementation of integration testing infrastructure (#581) [James Falcon] - Fix name of ntp and chrony service on CentOS and RHEL. (#589) [Scott Moser] - Adding a PR template (#587) [James Falcon] - Azure parse_network_config uses fallback cfg when generate IMDS network cfg fails (#549) [Johnson Shi] - features: refresh docs for easier out-of-context reading (#582) - Fix typo in resolv_conf module's description (#578) [Wacaw Schiller] - cc_users_groups: minor doc formatting fix (#577) - Fix typo in disk_setup module's description (#579) [Wacaw Schiller] - Add vendor-data support to seedfrom parameter for NoCloud and OVF (#570) [Johann Queuniet] - boot.rst: add First Boot Determination section (#568) - opennebula.rst: minor readability improvements (#573) [Mina Gali] - cloudinit: remove unused LOG variables (#574) - create a shutdown_command method in distro classes (#567) [Emmanuel Thom] - user_data: remove unused constant (#566) - network: Fix type and respect name when rendering vlan in sysconfig. (#541) [Eduardo Otubo] - Retrieve SSH keys from IMDS first with OVF as a fallback (#509) [Thomas Stringer] - Add jqueuniet as contributor (#569) [Johann Queuniet] - distros: minor typo fix (#562) - Bump the integration-requirements versioned dependencies (#565) [Paride Legovini] - network-config-format-v1: fix typo in nameserver example (#564) [Stanislas] - Run cloud-init-local.service after the hv_kvp_daemon (#505) [Robert Schweikert] - Add method type hints for Azure helper (#540) [Johnson Shi] - systemd: add Before=shutdown.target when Conflicts=shutdown.target is used (#546) [Paride Legovini] - LXD: detach network from profile before deleting it (#542) [Paride Legovini] - redhat spec: add missing BuildRequires (#552) [Paride Legovini] ==== libproxy: 0.4.15-10ubuntu1.1 => 0.4.15-10ubuntu1.2 ==== ==== libproxy1v5:amd64 * SECURITY UPDATE: Buffer overflow - debian/patches/CVE-2020-26154.patch: fix buffer overflow when PAC is enabled in libproxy/url.cpp. - CVE-2020-26154 ==== linux-meta: 5.4.0.54.57 => 5.4.0.59.62 ==== ==== linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual * Bump ABI 5.4.0-59 * Packaging resync (LP: #1786013) - [Packaging] resync debian/dkms-versions from main package * Bump ABI 5.4.0-58 * Packaging resync (LP: #1786013) - [Packaging] resync debian/dkms-versions from main package * Bump ABI 5.4.0-57 * Packaging resync (LP: #1786013) - [Packaging] resync debian/dkms-versions from main package * Bump ABI 5.4.0-56 * Bump ABI 5.4.0-55 ==== linux-signed: 5.4.0-54.60 => 5.4.0-59.65 ==== ==== linux-image-5.4.0-59-generic * Master version: 5.4.0-59.65 * Master version: 5.4.0-58.64 * Master version: 5.4.0-57.63 * Master version: 5.4.0-56.62 * Master version: 5.4.0-55.61 ==== p11-kit: 0.23.20-1build1 => 0.23.20-1ubuntu0.1 ==== ==== libp11-kit0:amd64 * SECURITY UPDATE: multiple integer overflows - debian/patches/CVE-2020-29361-1.patch: check for arithmetic overflows before allocating in p11-kit/iter.c, p11-kit/lists.c, p11-kit/proxy.c, p11-kit/rpc-message.c, p11-kit/rpc-message.h, p11-kit/rpc-server.c, trust/index.c. - debian/patches/CVE-2020-29361-2.patch: follow-up to arithmetic overflow fix in common/compat.c, p11-kit/rpc-message.c. - CVE-2020-29361 * SECURITY UPDATE: heap over-read in the RPC protocol - debian/patches/CVE-2020-29362.patch: fix bounds check in p11-kit/rpc-message.c. - CVE-2020-29362 * SECURITY UPDATE: heap overflow in RPC protocol - debian/patches/CVE-2020-29363.patch: check attribute length against buffer size in p11-kit/rpc-message.c. - CVE-2020-29363 ==== python-apt: 2.0.0ubuntu0.20.04.2 => 2.0.0ubuntu0.20.04.3 ==== ==== python-apt-common python3-apt * REGRESSION UPDATE: Passing a file descriptor to apt_inst.ArFile or apt_inst.DebFile caused a segmentation fault (LP: #1907676) - python/arfile.cc: Fix segmentation fault when opening fd, track lifetime correctly ==== update-notifier: 3.192.30 => 3.192.30.3 ==== ==== update-notifier-common * data/apt_check.py: Update UA Infra: ESM product name and doc url (LP: #1901627) - data/apt_check.py: Update name and URL - tests/test_motd.py: adapt unittests to match new behavior - po/*.po: translation files with intltool-update -r [ Robie Basak ] * 3.192.30.2 skipped due to erroneous upload. [ Chad Smith ] * data/apt_check.py: Update ESM security pockets names (LP: #1881632) - the UbuntuESM pocket was renamed from -security to -infra-security - new origin UbuntuESMApps, with a corresponding pocket of -apps-security -- [1] http://cloud-images.ubuntu.com/releases/focal/release-20210105/ [2] http://cloud-images.ubuntu.com/releases/focal/release-20201210/