A new release of the Ubuntu Cloud Images for stable Ubuntu release 18.04 LTS (Bionic Beaver) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * apport: 2.20.9-0ubuntu7.17 => 2.20.9-0ubuntu7.18 * initramfs-tools: 0.130ubuntu3.10 => 0.130ubuntu3.11 * linux-meta: 4.15.0.118.105 => 4.15.0.121.108 * linux-signed: 4.15.0-118.119 => 4.15.0-121.123 * python-urllib3: 1.22-1ubuntu0.18.04.1 => 1.22-1ubuntu0.18.04.2 * shim: 15+1533136590.3beb971-0ubuntu1 => 15+1552672080.a4a1fbe-0ubuntu2 * shim-signed: 1.37~18.04.6+15+1533136590.3beb971-0ubuntu1 => 1.37~18.04.8+15+1552672080.a4a1fbe-0ubuntu2 The following is a complete changelog for this image. new: {'linux-headers-4.15.0-121-generic': '4.15.0-121.123', 'linux-modules-4.15.0-121-generic': '4.15.0-121.123', 'linux-headers-4.15.0-121': '4.15.0-121.123'} removed: {'linux-headers-4.15.0-118': '4.15.0-118.119', 'linux-modules-4.15.0-118-generic': '4.15.0-118.119', 'linux-headers-4.15.0-118-generic': '4.15.0-118.119'} changed: ['apport', 'initramfs-tools', 'initramfs-tools-bin', 'initramfs-tools-core', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-4.15.0-121-generic', 'linux-image-virtual', 'linux-virtual', 'python3-apport', 'python3-problem-report', 'python3-urllib3', 'shim', 'shim-signed'] new snaps: {} removed snaps: {} changed snaps: [] ==== apport: 2.20.9-0ubuntu7.17 => 2.20.9-0ubuntu7.18 ==== ==== apport python3-apport python3-problem-report * data/apport: Introduce support for non-positional arguments so we can easily extend core_pattern in the future (LP: #1732962) ==== initramfs-tools: 0.130ubuntu3.10 => 0.130ubuntu3.11 ==== ==== initramfs-tools initramfs-tools-bin initramfs-tools-core [ Guilherme G. Piccoli ] * scripts/functions: Prevent printf error carry over if the wrong console is set. (LP: #1879987) The function _log_msg() is "void" typed, returning whatever its last command returns. This function is the basic building block for all error/warning messages in initramfs-tools. If a bad console is provided to kernel on command-line, printf returns error, and so this error is carried over in _log_msg(). Happens that checkfs() function has a loop that runs forever in this scenario (*if* fsck is not present in initramfs and "quiet" is not passed in the command-line). If that happens, boot is stuck and cannot progress. The simple fix hereby merged is to return zero on _log_msg(). * scripts/local: Re-execute cryptroot local-block script. (LP: #1879980) Currently, if an encrypted rootfs is configured on top of a MD RAID1 array and such array gets degraded (like a member is removed/failed), initramfs-tools cannot mount the rootfs and the boot fails. We fix that issue here by allowing cryptroot script to re-run on local-block stage, given that mdadm is able to activate a degraded array in that point. There is a cryptsetup counter-part for this fix, but alone the initramfs-tools portion is innocuous. [ Jay Vosburgh ] * scripts/functions: Change netplan render for net_failover master devices. (LP: #1820929) Modify the _render_netplan function to check for network interfaces that are net_failover master devices. When found, such devices are matched only by name, not by MAC address, as the MAC is not a unique identifier for the net_failover case. In the net_failover architecture, the MAC address is used to manage the membership of the net_failover interface set, thus multiple interfaces will be assigned the same MAC address. ==== linux-meta: 4.15.0.118.105 => 4.15.0.121.108 ==== ==== linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual * Bump ABI 4.15.0-121 * Packaging resync (LP: #1786013) - [Packaging] resync debian/dkms-versions from main package * Bump ABI 4.15.0-120 * Bump ABI 4.15.0-119 ==== linux-signed: 4.15.0-118.119 => 4.15.0-121.123 ==== ==== linux-image-4.15.0-121-generic * Master version: 4.15.0-121.123 * Master version: 4.15.0-120.122 * Master version: 4.15.0-119.120 ==== python-urllib3: 1.22-1ubuntu0.18.04.1 => 1.22-1ubuntu0.18.04.2 ==== ==== python3-urllib3 * SECURITY UPDATE: CRLF injection via method parameter - debian/patches/CVE-2020-26137.patch: raise ValueError if method contains control characters in urllib3/connection.py, test/with_dummyserver/test_connectionpool.py. - CVE-2020-26137 ==== shim: 15+1533136590.3beb971-0ubuntu1 => 15+1552672080.a4a1fbe-0ubuntu2 ==== ==== shim * d/patches/fix-path-checks.patch: Cherry-pick upstream fix for regression in loading fwupd, or anything else specified as an argument (LP: #1864223) * New upstream snapshot 15+1552672080.a4a1fbe. * debian/patches/VLogError-Avoid-NULL-pointer-dereferences-in-V-Sprin.patch, debian/patches/fixup_git.patch: drop patches included in upstream. * debian/patches/MokManager-avoid-unaligned.patch: Fix compilation with GCC9: avoid -Werror=address-of-packed-member errors in MokManager. * debian/patches/tpm-correctness-1.patch, debian/patches/tpm-correctness-2.patch: fix issues in TPM calls to ensure the measurements are consistent with what is entered in the TPM event log. * debian/patches/tpm-correctness-3.patch: Don't log duplicate identical TPM events. * debian/patches/MokManager-hidpi-support.patch: Do a little bit more to try to get a more usable screen resolution for MokManager when running on HiDPI screens; by trying to detect such cases and switching to mode 0. * debian/rules: update COMMIT_ID explicitly for this new snapshot. * debian/copyright: Update upstream source location. * d/p/VLogError-Avoid-NULL-pointer-dereferences-in-V-Sprin.patch: Fix NULL pointer dereferences that lead to an exception error on arm64. (LP: #1811722) * d/p/Fix-OBJ_create-to-tolerate-a-NULL-sn-and-ln.patch: Fix NULL pointer dereference when calling OBJ_create() that leads to an exception error on arm64. (LP: #1811901) * debian/rules: Fix syntax of else statement when setting EFI_ARCH. ==== shim-signed: 1.37~18.04.6+15+1533136590.3beb971-0ubuntu1 => 1.37~18.04.8+15+1552672080.a4a1fbe-0ubuntu2 ==== ==== shim-signed -- [1] http://cloud-images.ubuntu.com/releases/bionic/release-20201014/ [2] http://cloud-images.ubuntu.com/releases/bionic/release-20200922/