A new release of the Ubuntu Cloud Images for stable Ubuntu release 18.04 LTS (Bionic Beaver) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * bind9: 1:9.11.3+dfsg-1ubuntu1.16 => 1:9.11.3+dfsg-1ubuntu1.17 * cloud-init: 21.4-0ubuntu1~18.04.1 => 22.1-14-g2e17a0d6-0ubuntu1~18.04.3 * command-not-found: 18.04.5 => 18.04.6 * libxml2: 2.9.4+dfsg1-6.1ubuntu1.4 => 2.9.4+dfsg1-6.1ubuntu1.5 * linux-meta: 4.15.0.171.160 => 4.15.0.173.162 * linux-signed: 4.15.0-171.180 => 4.15.0-173.182 * openssl1.0: 1.0.2n-1ubuntu5.7 => 1.0.2n-1ubuntu5.8 * openssl: 1.1.1-1ubuntu2.1~18.04.14 => 1.1.1-1ubuntu2.1~18.04.15 * sosreport: 4.1-1ubuntu0.18.04.3 => 4.3-1ubuntu0.18.04.1 * tar: 1.29b-2ubuntu0.2 => 1.29b-2ubuntu0.3 * tzdata: 2021e-0ubuntu0.18.04 => 2022a-0ubuntu0.18.04 The following is a complete changelog for this image. new: {'linux-headers-4.15.0-173-generic': '4.15.0-173.182', 'linux-headers-4.15.0-173': '4.15.0-173.182', 'linux-modules-4.15.0-173-generic': '4.15.0-173.182'} removed: {'linux-headers-4.15.0-171-generic': '4.15.0-171.180', 'linux-headers-4.15.0-171': '4.15.0-171.180', 'linux-modules-4.15.0-171-generic': '4.15.0-171.180'} changed: ['bind9-host', 'cloud-init', 'command-not-found', 'command-not-found-data', 'dnsutils', 'libbind9-160:amd64', 'libdns-export1100', 'libdns1100:amd64', 'libirs160:amd64', 'libisc-export169:amd64', 'libisc169:amd64', 'libisccc160:amd64', 'libisccfg160:amd64', 'liblwres160:amd64', 'libssl1.0.0:amd64', 'libssl1.1:amd64', 'libxml2:amd64', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-4.15.0-173-generic', 'linux-image-virtual', 'linux-virtual', 'openssl', 'python3-commandnotfound', 'sosreport', 'tar', 'tzdata'] new snaps: {} removed snaps: {} changed snaps: [] ==== bind9: 1:9.11.3+dfsg-1ubuntu1.16 => 1:9.11.3+dfsg-1ubuntu1.17 ==== ==== bind9-host dnsutils libbind9-160:amd64 libdns-export1100 libdns1100:amd64 libirs160:amd64 libisc-export169:amd64 libisc169:amd64 libisccc160:amd64 libisccfg160:amd64 liblwres160:amd64 * SECURITY UPDATE: cache poisoning via bogus NS records - debian/patches/CVE-2021-25220.patch: tighten rules for acceptance of records into the cache in lib/dns/resolver.c. - CVE-2021-25220 ==== cloud-init: 21.4-0ubuntu1~18.04.1 => 22.1-14-g2e17a0d6-0ubuntu1~18.04.3 ==== ==== cloud-init * d/p/cpick-eee60329-Fix-cloud-init-status-wait-when-no-datasource-found: cherry-pick eee60329: Fix cloud-init status --wait when no datasource found (#1349) (LP: #1966085) * cherry-pick 5e347d25: Revert "Ensure system_cfg read before ds net config on Oracle * d/patches/retain-apt-partner-pocket.patch: - Jammy dropped commented APT partner pocket. Retain this comment on stable releases. * d/apport-launcher.py Fix format * d/cloud-init.templates: Move LXD to back of datasource_list * refresh patches: + debian/patches/ec2-dont-apply-full-imds-network-config.patch + debian/patches/openstack-no-network-config.patch + debian/patches/renderer-do-not-prefer-netplan.patch * New upstream snapshot. (LP: #1961446) - check for existing symlink while force creating symlink (#1281) [Shreenidhi Shedi] - Do not silently ignore integer uid (#1280) - tests: create a IPv4/IPv6 VPC in Ec2 integration tests (#1291) - Integration test fix ppa (#1296) - tests: on official EC2. cloud-id actually startswith aws not ec2 (#1289) - test_ppa_source: accept both http and https URLs (#1292) [Paride Legovini] - Fix apt test on azure - add "lkundrak" as contributor [Lubomir Rintel] - Holmanb/integration test fix ppa (#1287) - Include missing subcommand in manpage (#1279) - Clean up artifacts from pytest, packaging, release with make clean (#1277) - sources/azure: ensure retries on IMDS request failure (#1271) [Chris Patterson] - sources/azure: removed unused saveable PPS paths (#1268) [Chris Patterson] - integration tests: fix Azure failures (#1269) - Release 22.1 (#1267) - sources/azure: report ready in local phase (#1265) [Chris Patterson] - sources/azure: validate IMDS network configuration metadata (#1257) [Chris Patterson] - docs: Add more details to runcmd docs (#1266) - use PEP 589 syntax for TypeDict (#1253) - mypy: introduce type checking (#1254) [Chris Patterson] - Fix extra ipv6 issues, code reduction and simplification (#1243) [eb3095] - tests: when generating crypted password, generate in target env (#1252) - sources/azure: address mypy/pyright typing complaints (#1245) [Chris Patterson] - Docs for x-shellscript* userdata (#1260) - test_apt_security: azure platform has specific security URL overrides (#1263) - tests: lsblk --json output changes mountpoint key to mountpoinst [] (#1261) - mounts: fix mount opts string for ephemeral disk (#1250) [Chris Patterson] - Shell script handlers by freq (#1166) [Chris Lalos] - minor improvements to documentation (#1259) [Mark Esler] - cloud-id: publish /run/cloud-init/cloud-id- files (#1244) - add "eslerm" as contributor (#1258) [Mark Esler] - sources/azure: refactor ssh key handling (#1248) [Chris Patterson] - bump pycloudlib (#1256) - sources/hetzner: Use EphemeralDHCPv4 instead of static configuration (#1251) [Markus Schade] - bump pycloudlib version (#1255) - Fix IPv6 netmask format for sysconfig (#1215) [Harald] - sources/azure: drop debug print (#1249) [Chris Patterson] - tests: do not check instance.pull_file().ok() (#1246) - sources/azure: consolidate ephemeral DHCP configuration (#1229) [Chris Patterson] - cc_salt_minion freebsd fix for rc.conf (#1236) - sources/azure: fix metadata check in _check_if_nic_is_primary() (#1232) [Chris Patterson] - Add _netdev option to mount Azure ephemeral disk (#1213) [Eduardo Otubo] - testing: stop universally overwriting /etc/cloud/cloud.cfg.d (#1237) - Integration test changes (#1240) - Fix Gentoo Locales (#1205) - Add "slingamn" as contributor (#1235) [Shivaram Lingamneni] - integration: do not LXD bind mount /etc/cloud/cloud.cfg.d (#1234) - Integration testing docs and refactor (#1231) - vultr: Return metadata immediately when found (#1233) [eb3095] - spell check docs with spellintian (#1223) - docs: include upstream python version info (#1230) - Schema a d (#1211) - Move LXD to end ds-identify DSLIST (#1228) - fix parallel tox execution (#1214) - sources/azure: refactor _report_ready_if_needed and _poll_imds (#1222) [Chris Patterson] - Vultr: Fix lo being used for DHCP, try next on cmd fail (#1208) [eb3095] - sources/azure: refactor _should_reprovision[_after_nic_attach]() logic (#1206) [Chris Patterson] - update ssh logs to show ssh private key gens pub and simplify code (#1221) [Steve Weber] - Remove mitechie from stale PR github action (#1217) - Include POST format in cc_phone_home docs (#1218) - Add json parsing of ip addr show (SC-723) (#1210) - cc_rsyslog: fix typo in docstring (#1207) [Louis Sautier] - Update .github-cla-signers (#1204) [Chris Lalos] - sources/azure: drop unused case in _report_failure() (#1200) [Chris Patterson] - sources/azure: always initialize _ephemeral_dhcp_ctx on unpickle (#1199) [Chris Patterson] - Add support for gentoo templates and cloud.cfg (#1179) [vteratipally] - sources/azure: unpack ret tuple in crawl_metadata() (#1194) [Chris Patterson] - tests: focal caplog has whitespace indentation for multi-line logs (#1201) - Seek interfaces, skip dummy interface, fix region codes (#1192) [eb3095] - integration: test against the Ubuntu daily images (#1198) [Paride Legovini] - cmd: status and cloud-id avoid change in behavior for 'not run' (#1197) - tox: pass PYCLOUDLIB_* env vars into integration tests when present (#1196) - sources/azure: set ovf_is_accessible when OVF is read successfully (#1193) [Chris Patterson] - Enable OVF environment transport via ISO in example (#1195) [Megian] - sources/azure: consolidate DHCP variants to EphemeralDHCPv4WithReporting (#1190) [Chris Patterson] - Single JSON schema validation in early boot (#1175) - Add DatasourceOVF network-config property to Ubuntu OVF example (#1184) [Megian] - testing: support pycloudlib config file (#1189) - Ensure system_cfg read before ds net config on Oracle (SC-720) (#1174) - Test Optimization Proposal (SC-736) (#1188) [Brett Holman] - cli: cloud-id report not-run or disabled state as cloud-id (#1162) - Remove distutils usage (#1177) [Shreenidhi Shedi] - add .python-version to gitignore (#1186) [Brett Holman] - print error if datasource import fails (#1170) [Emanuele Giuseppe Esposito] - Add new config module to set keyboard layout (#1176) [maxnet] - sources/azure: rename metadata_type -> MetadataType (#1181) [Chris Patterson] - Remove 3.5 and xenial support (SC-711) (#1167) - tests: mock LXD datasource detection in ds-identify on LXD containers (#1178) - pylint: silence errors on compat code for old jsonschema (#1172) [Paride Legovini] - testing: Add 3.10 Test Coverage (#1173) [Brett Holman] - Remove unittests from integration test job in travis (#1141) [Brett Holman] - Don't throw exceptions for empty cloud config (#1130) [Brett Holman] - bsd/resolv.d/ avoid duplicated entries (#1163) [Gonri Le Bouder] - sources/azure: do not persist failed_desired_api_version flag (#1159) [Chris Patterson] - Update cc_ubuntu_advantage calls to assume-yes (#1158) [John Chittum] - openbsd: properly restart the network on 7.0 (#1150) [Gonri Le Bouder] - Add .git-blame-ignore-revs (#1161) - Adopt Black and isort (SC-700) (#1157) - Include dpkg frontend lock in APT_LOCK_FILES (#1153) - tests/cmd/query: fix test run as root and add coverage for defaults (#1156) [Chris Patterson] - Schema processing changes (SC-676) (#1144) - Add dependency workaround for impish in bddeb (#1148) [Brett Holman] - netbsd: install new dep packages (#1151) [Gonri Le Bouder] - find_devs_with_openbsd: ensure we return the last entry (#1149) [Gonri Le Bouder] - sources/azure: remove unnecessary hostname bounce (#1143) [Chris Patterson] - find_devs/openbsd: accept ISO on disk (#1132) [Gonri Le Bouder] - Improve error log message when mount failed (#1140) [Ksenija Stanojevic] - add KsenijaS as a contributor (#1145) [Ksenija Stanojevic] - travis - don't run integration tests if no deb (#1139) [Brett Holman] - factor out function for getting top level directory of cloudinit (#1136) [Brett Holman] - testing: Add deterministic test id (#1138) [Brett Holman] - mock sleep() in azure test (#1137) [Brett Holman] - Add miraclelinux support (#1128) [Haruki TSURUMOTO] - docs: Make MACs lowercase in network config (#1135) - Add Strict Metaschema Validation (#1101) [Brett Holman] - update dead link (#1133) [Brett Holman] - cloudinit/net: handle two different routes for the same ip (#1124) [Emanuele Giuseppe Esposito] - docs: pin mistune dependency (#1134) - Reorganize unit test locations under tests/unittests (#1126) [Brett Holman] - Fix exception when no activator found (#1129) - jinja: provide and document jinja-safe key aliases in instance-data (SC-622) (#1123) - testing: Remove date from final_message test (SC-638) (#1127) - Move GCE metadata fetch to init-local (SC-502) (#1122) - Fix missing metadata routes for vultr (#1125) [eb3095] - cc_ssh_authkey_fingerprints.py: prevent duplicate messages on console (#1081) [dermotbradley] - sources/azure: remove unused remnants related to agent command (#1119) [Chris Patterson] - github: update PR template's contributing URL (#1120) [Chris Patterson] - docs: Rename HACKING.rst to CONTRIBUTING.rst (#1118) - testing: monkeypatch system_info call in unit tests (SC-533) (#1117) - Fix Vultr timeout and wait values (#1113) [eb3095] - lxd: add preference for LXD cloud-init.* config keys over user keys (#1108) - VMware: source /etc/network/interfaces.d/* on Debian [chengcheng-chcheng] - Add cjp256 as contributor (#1109) [Chris Patterson] - integration_tests: Ensure log directory exists before symlinking to it (#1110) - testing: add growpart integration test (#1104) [Brett Holman] - integration_test: Speed up CI run time (#1111) - Some miscellaneous integration test fixes (SC-606) (#1103) - tests: specialize lxd_discovery test for lxd_vm vendordata (#1106) - Add convenience symlink to integration test output (#1105) [Brett Holman] - Fix for set-name bug in networkd renderer (#1100) [Andrew Kutz] - Wait for apt lock (#1034) - testing: stop chef test from running on openstack (#1102) - alpine.py: add options to the apk upgrade command (#1089) [dermotbradley] ==== command-not-found: 18.04.5 => 18.04.6 ==== ==== command-not-found command-not-found-data python3-commandnotfound [ Arnaud Rebillout ] * cnf: Bail out early if the database is not readable * cnf-update-db: Creates a world-readable database (Closes: #986461) * Add test to make sure that the database is world-readable [ Kellen Renshaw ] * Cherry-pick cnf-update-db umask fixes from 22.04 (LP: #1953610) ==== libxml2: 2.9.4+dfsg1-6.1ubuntu1.4 => 2.9.4+dfsg1-6.1ubuntu1.5 ==== ==== libxml2:amd64 * SECURITY UPDATE: use-after-free of ID and IDREF attributes - debian/patches/CVE-2022-23308.patch: normalize ID attributes in valid.c. - CVE-2022-23308 ==== linux-meta: 4.15.0.171.160 => 4.15.0.173.162 ==== ==== linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual * Bump ABI 4.15.0-173 * Bump ABI 4.15.0-172 ==== linux-signed: 4.15.0-171.180 => 4.15.0-173.182 ==== ==== linux-image-4.15.0-173-generic * Master version: 4.15.0-173.182 * Master version: 4.15.0-172.181 ==== openssl: 1.1.1-1ubuntu2.1~18.04.14 => 1.1.1-1ubuntu2.1~18.04.15 ==== ==== libssl1.1:amd64 openssl * SECURITY UPDATE: Infinite loop in BN_mod_sqrt() - debian/patches/CVE-2022-0778-1.patch: fix infinite loop in crypto/bn/bn_sqrt.c. - debian/patches/CVE-2022-0778-2.patch: add documentation of BN_mod_sqrt() in doc/man3/BN_add.pod. - debian/patches/CVE-2022-0778-3.patch: add a negative testcase for BN_mod_sqrt in test/bntest.c, test/recipes/10-test_bn_data/bnmod.txt. - CVE-2022-0778 ==== openssl1.0: 1.0.2n-1ubuntu5.7 => 1.0.2n-1ubuntu5.8 ==== ==== libssl1.0.0:amd64 * SECURITY UPDATE: Infinite loop in BN_mod_sqrt() - debian/patches/CVE-2022-0778.patch: fix infinite loop in crypto/bn/bn_sqrt.c. - CVE-2022-0778 ==== sosreport: 4.1-1ubuntu0.18.04.3 => 4.3-1ubuntu0.18.04.1 ==== ==== sosreport * New 4.3 upstream. (LP: #1960996) * For more details, full release note is available here: - https://github.com/sosreport/sos/releases/tag/4.3 * New patches: - d/p/0002-fix-setup-py.patch: Add python sos.help module, it was missed in upstream release. - d/p/0003-mention-sos-help-in-sos-manpage.patch: Fix sos-help manpage. * Former patches, now fixed: - d/p/0002-clean-prevent-parsing-ubuntu-user.patch - d/p/0003-ubuntu-policy-fix-upload.patch - d/p/0004-chrony-configuration-can-now-be-fragmented.patch - d/p/0005-global-drop-plugin-version.patch - d/p/0006-networking-check-presence-of-devlink.patch - d/p/0007-sosnode-avoid-checksum-cleanup-if-no-archive.patch * d/control: - Add 'python3-coverage' as part of the build depends. * d/rules: - Fix misplaced and duplicated sos.conf file in /usr/config. * Remaining patches: - d/p/0001-debian-change-tmp-dir-location.patch ==== tar: 1.29b-2ubuntu0.2 => 1.29b-2ubuntu0.3 ==== ==== tar * SECURITY UPDATE: Denial of service (LP: #1912091) - debian/patches/CVE-2021-20193.patch: in read_header method in src/list.c, change the return value to be the value of status and break the execution, jumping to free next_long_name and next_long_link before returning. - CVE-2021-20193 ==== tzdata: 2021e-0ubuntu0.18.04 => 2022a-0ubuntu0.18.04 ==== ==== tzdata * New upstream release (LP: #1965791): - Palestine will spring forward on 2022-03-27 (not 2022-03-26). -- [1] http://cloud-images.ubuntu.com/releases/bionic/release-20220325/ [2] http://cloud-images.ubuntu.com/releases/bionic/release-20220310/