A new release of the Ubuntu Cloud Images for stable Ubuntu release 20.04 LTS (Focal Fossa) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * base-files: 11ubuntu5.2 => 11ubuntu5.3 * glib2.0: 2.64.3-1~ubuntu20.04.1 => 2.64.6-1~ubuntu20.04.1 * glibc: 2.31-0ubuntu9.1 => 2.31-0ubuntu9.2 * linux-meta: 5.4.0.64.67 => 5.4.0.65.68 * linux-signed: 5.4.0-64.72 => 5.4.0-65.73 * lshw: 02.18.85-0.3ubuntu2 => 02.18.85-0.3ubuntu2.20.04.1 * python-apt: 2.0.0ubuntu0.20.04.3 => 2.0.0ubuntu0.20.04.4 * sudo: 1.8.31-1ubuntu1.1 => 1.8.31-1ubuntu1.2 * tzdata: 2020f-0ubuntu0.20.04.1 => 2021a-0ubuntu0.20.04 * update-manager: 1:20.04.10.3 => 1:20.04.10.5 * update-notifier: 3.192.30.4 => 3.192.30.5 The following is a complete changelog for this image. new: {'linux-modules-5.4.0-65-generic': '5.4.0-65.73', 'linux-headers-5.4.0-65-generic': '5.4.0-65.73', 'linux-headers-5.4.0-65': '5.4.0-65.73'} removed: {'alsa-utils': '1.2.2-1ubuntu2', 'libsamplerate0:amd64': '0.1.9-2', 'linux-headers-5.4.0-64': '5.4.0-64.72', 'libatopology2:amd64': '1.2.2-2.1ubuntu2.3', 'libgomp1:amd64': '10.2.0-5ubuntu1~20.04', 'ubuntu-drivers-common': '1:0.8.6.3~0.20.04.2', 'linux-modules-5.4.0-64-generic': '5.4.0-64.72', 'libfftw3-single3:amd64': '3.3.8-2ubuntu1', 'python3-xkit': '0.5.0ubuntu4', 'linux-headers-5.4.0-64-generic': '5.4.0-64.72'} changed: ['base-files', 'libc-bin', 'libc6:amd64', 'libglib2.0-0:amd64', 'libglib2.0-bin', 'libglib2.0-data', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-5.4.0-65-generic', 'linux-image-virtual', 'linux-virtual', 'locales', 'lshw', 'motd-news-config', 'python-apt-common', 'python3-apt', 'python3-update-manager', 'sudo', 'tzdata', 'update-manager-core', 'update-notifier-common'] new snaps: {} removed snaps: {} changed snaps: ['lxd'] ==== base-files: 11ubuntu5.2 => 11ubuntu5.3 ==== ==== base-files motd-news-config * /etc/issue, /etc/issue.net, /etc/lsb-release, /etc/os-release: Bump version number to 20.04.2 in preparation of the next point release. ==== glib2.0: 2.64.3-1~ubuntu20.04.1 => 2.64.6-1~ubuntu20.04.1 ==== ==== libglib2.0-0:amd64 libglib2.0-bin libglib2.0-data [ Iain Lane ] * New upstream release (LP: #1907433), fixing bugs: - Ensure g_subprocess_communicate_async() never blocks - Fix large writes in gfileutils - Fix splice behavior on cancellation - gdatetime: Avoid integer overflow creating dates too far in the past - gdesktopappinfo: Fix unnecessarily copied and leaked URI list - gthreadedresolver: faulty logic in parse_res_txt - gtk3/glib crash on gimp - gvariant: Ensure GVS.depth is initialised - trash portal: Handle portal failures * gbp.conf: Set upstream branch to upstream/2.64.x * Drop patches applied upstream: - glib-compile-resources-Fix-exporting-on-Visual-Studio.patch - gdesktopappinfo-Fix-unnecessarily-copied-and-leaked-URI-l.patch * Revert changes from Debian which we don't need in this SRU: + Revert "d/tests/build: Don't exercise static linking for GIO" + control{,.in}: Re-lower libmount BD version. The problems that prompted this to be raised happened post-focal. * Team upload * New upstream release - Improve async-signal-safety * d/tests/build: Don't exercise static linking for GIO. libmount will no longer support being linked statically from 2.35.2-8 onwards. For now I'm continuing to test that the other libraries can still be statically linked, but please consider them to be "at risk". (Closes: #963933) * Re-enable libmount support. libmount no longer depends on libcryptsetup, avoiding the various crashes that we are working around. Future versions will dlopen it on-demand, which should also avoid those crashes. Bump the build-dependency to a suitable version. * d/p/tests-Use-g_assert_-in-cancellable-test-rather-than-g_ass.patch, d/p/gcancellable-Fix-minor-race-between-GCancellable-and-GCan.patch: Split combined d/p/git_gsource_segfault.patch into its two component upstream commits, and add metadata * d/p/glib-compile-resources-Fix-exporting-on-Visual-Studio.patch, d/p/gdesktopappinfo-Fix-unnecessarily-copied-and-leaked-URI-l.patch: Add post-release bugfixes from upstream * Team upload * Temporarily disable libmount support. Recent Debian revisions of libmount pull in libcryptsetup as a dependency, for dm-verity support. libcryptsetup depends on json-c and OpenSSL, causing crashes due to symbol conflicts with other JSON libraries (jansson and json-glib, for example in firewalld and virt-manager) and with statically-linked copies of OpenSSL (for example in Steam and Minecraft). Until this is resolved in some other way, disable libmount and parse /etc/fstab and /proc/mounts ourselves, as we do in libglib2.0-udeb. Mitigates: #963933, #963932, #963525, #963721 ==== glibc: 2.31-0ubuntu9.1 => 2.31-0ubuntu9.2 ==== ==== libc-bin libc6:amd64 locales * Drop check preventing using float128 which breaks new icc (LP: #1895358) * Detect debconf consistently in libc6.preinst and do not crash if it is not used (LP: #1902955) * Ship libc variant compiled for profiling in libc6-prof (LP: #1908307) * elf: Add endianness markup to ld.so.cache (Closes: #731082) (LP: #1906250) ==== linux-meta: 5.4.0.64.67 => 5.4.0.65.68 ==== ==== linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual * Bump ABI 5.4.0-65 ==== linux-signed: 5.4.0-64.72 => 5.4.0-65.73 ==== ==== linux-image-5.4.0-65-generic * Master version: 5.4.0-65.73 ==== lshw: 02.18.85-0.3ubuntu2 => 02.18.85-0.3ubuntu2.20.04.1 ==== ==== lshw * Add cherry-picked patches for NMVe support (LP: #1826737): - d/p/lp1826737-code-clean-up.patch - d/p/lp1826737-implement-NVMe-scanning.patch - d/p/lp1826737-align-physical-ID-with-NVMe-namespace.patch - d/p/lp1826737-treat-NVMe-namespaces-like-disks.patch ==== python-apt: 2.0.0ubuntu0.20.04.3 => 2.0.0ubuntu0.20.04.4 ==== ==== python-apt-common python3-apt * Update mirror lists ==== sudo: 1.8.31-1ubuntu1.1 => 1.8.31-1ubuntu1.2 ==== ==== sudo * SECURITY UPDATE: dir existence issue via sudoedit race - debian/patches/CVE-2021-23239.patch: fix potential directory existing info leak in sudoedit in src/sudo_edit.c. - CVE-2021-23239 * SECURITY UPDATE: heap-based buffer overflow - debian/patches/CVE-2021-3156-pre1.patch: sanity check size when converting the first record to TS_LOCKEXCL in plugins/sudoers/timestamp.c. - debian/patches/CVE-2021-3156-1.patch: reset valid_flags to MODE_NONINTERACTIVE for sudoedit in src/parse_args.c. - debian/patches/CVE-2021-3156-2.patch: add sudoedit flag checks in plugin in plugins/sudoers/policy.c. - debian/patches/CVE-2021-3156-3.patch: fix potential buffer overflow when unescaping backslashes in plugins/sudoers/sudoers.c. - debian/patches/CVE-2021-3156-4.patch: fix the memset offset when converting a v1 timestamp to TS_LOCKEXCL in plugins/sudoers/timestamp.c. - debian/patches/CVE-2021-3156-5.patch: don't assume that argv is allocated as a single flat buffer in src/parse_args.c. - CVE-2021-3156 ==== tzdata: 2020f-0ubuntu0.20.04.1 => 2021a-0ubuntu0.20.04 ==== ==== tzdata * New upstream version (LP: #1913482), affecting the following future timestamp: - South Sudan changes from +03 to +02 on 2021-02-01 at 00:00. * Update ICU timezone data files which are utilized by php and update them to 2021a. ==== update-manager: 1:20.04.10.3 => 1:20.04.10.5 ==== ==== python3-update-manager update-manager-core * UpdateManager/backend/__init__.py: Really make commit_oem a no-op in the base class to avoid crash when people force synaptic backend (LP: #1913732) * Fix typo in previous changelog * Revert previous change to UpdateList.py, as it breaks kernel autoremoval (LP: #1912718) * UpdateManager/backend/__init__.py: Make commit_oem a no-op in the base class to avoid crash when people force synaptic backend (LP: #1913732) ==== update-notifier: 3.192.30.4 => 3.192.30.5 ==== ==== update-notifier-common * control: Move ubuntu-drivers-common dep to update-notifier. It's only needed when launching update-manager, which happens from /usr/bin/update-notifier which is in the update-notifier package. Having it in update-notifier-common causes ubuntu-drivers-common and all its deps to be pulled in on all flavours, even ones without update-manager. (LP: #1912496) -- [1] http://cloud-images.ubuntu.com/releases/focal/release-20210201/ [2] http://cloud-images.ubuntu.com/releases/focal/release-20210125/