A new release of the Ubuntu Cloud Images for stable Ubuntu release 21.10 (Impish Indri) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * apport: 2.20.11-0ubuntu70 => 2.20.11-0ubuntu71 * bind9: 1:9.16.15-1ubuntu1 => 1:9.16.15-1ubuntu1.1 * distro-info-data: 0.51ubuntu1 => 0.51ubuntu1.1 * linux-meta: 5.13.0.19.30 => 5.13.0.20.31 * linux-signed: 5.13.0-19.19 => 5.13.0-20.20 * tzdata: 2021a-2ubuntu1 => 2021e-0ubuntu0.21.10 * ubuntu-advantage-tools: 27.2.2~21.10.1 => 27.3~21.10.1 * update-manager: 1:21.10.4 => 1:21.10.5 * usrmerge: 25ubuntu1 => 25ubuntu1.1 * util-linux: 2.36.1-8ubuntu1 => 2.36.1-8ubuntu2 The following is a complete changelog for this image. new: {'linux-modules-5.13.0-20-generic': '5.13.0-20.20', 'linux-headers-5.13.0-20': '5.13.0-20.20', 'linux-headers-5.13.0-20-generic': '5.13.0-20.20'} removed: {'linux-modules-5.13.0-19-generic': '5.13.0-19.19', 'linux-headers-5.13.0-19': '5.13.0-19.19', 'linux-headers-5.13.0-19-generic': '5.13.0-19.19'} changed: ['apport', 'bind9-dnsutils', 'bind9-host', 'bind9-libs:amd64', 'bsdextrautils', 'bsdutils', 'distro-info-data', 'eject', 'fdisk', 'libblkid1:amd64', 'libfdisk1:amd64', 'libmount1:amd64', 'libsmartcols1:amd64', 'libuuid1:amd64', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-5.13.0-20-generic', 'linux-image-virtual', 'linux-virtual', 'mount', 'python3-apport', 'python3-problem-report', 'python3-update-manager', 'tzdata', 'ubuntu-advantage-tools', 'update-manager-core', 'usrmerge', 'util-linux', 'uuid-runtime'] new snaps: {} removed snaps: {} changed snaps: ['lxd', 'snapd'] ==== apport: 2.20.11-0ubuntu70 => 2.20.11-0ubuntu71 ==== ==== apport python3-apport python3-problem-report * SECURITY UPDATE: Privilege escalation via core files - refactor privilege dropping and create core files in a well-known directory in apport/fileutils.py, apport/report.py, data/apport, test/test_fileutils.py, test/test_report.py, test/test_signal_crashes.py, test/test_ui.py. - use systemd-tmpfiles to create and manage the well-known core file directory in setup.py, data/systemd/apport.conf, debian/apport.install. ==== bind9: 1:9.16.15-1ubuntu1 => 1:9.16.15-1ubuntu1.1 ==== ==== bind9-dnsutils bind9-host bind9-libs:amd64 * SECURITY UPDATE: resolver performance degradation via lame cache abuse - debian/patches/CVE-2021-25219.patch: disable lame cache in bin/named/config.c, bin/named/server.c, lib/dns/resolver.c. - CVE-2021-25219 ==== distro-info-data: 0.51ubuntu1 => 0.51ubuntu1.1 ==== ==== distro-info-data * Add Ubuntu 22.04, Jammy Jellyfish (LP: #1947368). ==== linux-meta: 5.13.0.19.30 => 5.13.0.20.31 ==== ==== linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual * Bump ABI 5.13.0-20 * Packaging resync (LP: #1786013) - [Packaging] resync debian/dkms-versions from main package ==== linux-signed: 5.13.0-19.19 => 5.13.0-20.20 ==== ==== linux-image-5.13.0-20-generic * Master version: 5.13.0-20.20 ==== tzdata: 2021a-2ubuntu1 => 2021e-0ubuntu0.21.10 ==== ==== tzdata * New upstream release (LP: #1948698), affecting the following timestamp: - Palestine will fall back 2021-10-29 (not 2021-10-30) at 01:00. * Update ICU timezone data files which are utilized by php to 2021a3. * Dropped the patches which were cherry-picked from upstream as the situation is somewhat less confused now. ==== ubuntu-advantage-tools: 27.2.2~21.10.1 => 27.3~21.10.1 ==== ==== ubuntu-advantage-tools * d/tools.postinst: - consider cloud to be "none" on any cloud-id error - purge old ua-messaging.timer/service files - keep ua-timer.timer disabled if ua-messaging.timer was disabled by the user - properly configure both ubuntu-advantage-timer and ubuntu-advantage-licence-check logs * d/tools.postrm: - remove ubuntu-advantage-timer and ubuntu-advantage-license-check logs during purge * systemd: - remove ua-messaging.timer/service - add new ua-timer.timer that runs every 6 hours - add new ua-license_check.timer that runs every 5 minutes only if activated by ua-license-check.path * New upstream release 27.3 (LP: #1942929) - ros: + add beta support to enable ros and ros-updates + add support for "required services" so that esm-infra and esm-apps get auto-enabled when enabling ros or ros-updates + add support for "dependent services" so that user gets prompted to disable ros/ros-updates if they disable esm-infra/esm-apps - fips: + allow fips on GCP bionic now that optimized kernel is ready + disallow enabling fips on focal on clouds until cloud-optimized focal fips-certified kernel is ready (LP: #1939449, LP: #1939932) + print warning about generic fips kernel if cloud-id fails - cloud: + rely only on cloud-id to determine cloud type (LP: #1940131) + catch errors when determining cloud type (LP: #1938207, LP: #1944676) (GH: #1541) - azure: + bump IMDS API version to support Azure published images - cli: + collect-logs command that creates a tar file with debug-relevant logs and status info (GH: #463) + clean locks on exceptions more thoroughly to avoid false "Operation in progress" status messages + retain past service state after detach + shows better error message when a port value in a proxy is invalid - non-unicode locale support: + remove unicode-only characters from help file + don't print unicode-only characters in ua fix if non-utf8 locale (GH: #1463) - logrotate: + add logrotate functionality for ubuntu-advantage-timer.log. + Fix root:root logrotate permissions. - ua-timer.timer: + introduce a single systemd timer to handle ua recurring jobs + timer runs every 2 hours to support most frequent timer job + recurring job intervals are configurable in uaclient.conf + individual jobs are disabled if their interval is set to 0 - status job: + update ua status every 12 hours - messaging job: + update APT/MOTD ESM messaging every 6 hours - metering job: + disabled until infrastructure is ready + for attached machines only, periodically update contract server with status information for proper contract metering - ua-license-check.timer: + only runs on LTS GCP instances that are not attached + runs every 5 minutes to check if gcp instance has license required to auto-attach - logs: + fixes duplicate logging (GH: #553) - tests and support: + remove groovy integration tests + various improvements to integration tests ==== update-manager: 1:21.10.4 => 1:21.10.5 ==== ==== python3-update-manager update-manager-core * UpdateManager/backend/__init__.py: When checking for snap seeds also take into consideration whether or not the metapackage associated with the snap is installed. (LP: #1947501) ==== usrmerge: 25ubuntu1 => 25ubuntu1.1 ==== ==== usrmerge * Clear generated files if they have already been re-generated (LP: #1930573) ==== util-linux: 2.36.1-8ubuntu1 => 2.36.1-8ubuntu2 ==== ==== bsdextrautils bsdutils eject fdisk libblkid1:amd64 libfdisk1:amd64 libmount1:amd64 libsmartcols1:amd64 libuuid1:amd64 mount util-linux uuid-runtime * Fix HiFive partition names (LP: #1944741) - include: Rename HiFive partition UUIDs - po: Update translations after changes to HiFive partition names -- [1] http://cloud-images.ubuntu.com/releases/impish/release-20211103/ [2] http://cloud-images.ubuntu.com/releases/impish/release-20211014/