A new release of the Ubuntu Cloud Images for stable Ubuntu release 20.04 LTS (Focal Fossa) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * alsa-ucm-conf: 1.2.2-1ubuntu0.8 => 1.2.2-1ubuntu0.9 * curl: 7.68.0-1ubuntu2.5 => 7.68.0-1ubuntu2.6 * fwupd: 1.3.11-1~focal1 => 1.5.11-0ubuntu1~20.04.2 * fwupd-signed: 1.27.1ubuntu2+1.3.11-1~focal1 => 1.27.1ubuntu5+1.5.11-0ubuntu1~20.04.2 * glib2.0: 2.64.6-1~ubuntu20.04.3 => 2.64.6-1~ubuntu20.04.4 * gnutls28: 3.6.13-2ubuntu1.3 => 3.6.13-2ubuntu1.6 * libdrm: 2.4.102-1ubuntu1~20.04.1 => 2.4.105-3~20.04.1 * linux-meta: 5.4.0.80.84 => 5.4.0.81.85 * linux-signed: 5.4.0-80.90 => 5.4.0-81.91 * networkd-dispatcher: 2.0.1-1 => 2.1-2~ubuntu20.04.1 * openssh: 1:8.2p1-4ubuntu0.2 => 1:8.2p1-4ubuntu0.3 * openssl: 1.1.1f-1ubuntu2.4 => 1.1.1f-1ubuntu2.5 * shadow: 1:4.8.1-1ubuntu5.20.04 => 1:4.8.1-1ubuntu5.20.04.1 * shim-signed: 1.40.4+15+1552672080.a4a1fbe-0ubuntu2 => 1.40.6+15.4-0ubuntu7 * sosreport: 4.1-1ubuntu0.20.04.2 => 4.1-1ubuntu0.20.04.3 * systemd: 245.4-4ubuntu3.10 => 245.4-4ubuntu3.11 * ubuntu-advantage-tools: 27.1~20.04.1 => 27.2.2~20.04.1 The following is a complete changelog for this image. new: {'linux-modules-5.4.0-81-generic': '5.4.0-81.91', 'libnss3:amd64': '2:3.49.1-1ubuntu1.5', 'udisks2': '2.8.4-1ubuntu1', 'libatasmart4:amd64': '0.19-5', 'libblockdev-utils2:amd64': '2.23-2ubuntu3', 'libvolume-key1': '0.3.12-3.1', 'libudisks2-0:amd64': '2.8.4-1ubuntu1', 'libblockdev-swap2:amd64': '2.23-2ubuntu3', 'libblockdev-loop2:amd64': '2.23-2ubuntu3', 'libparted-fs-resize0:amd64': '3.3-4ubuntu0.20.04.1', 'linux-headers-5.4.0-81-generic': '5.4.0-81.91', 'libjcat1:amd64': '0.1.3-2~ubuntu20.04.1', 'libblockdev-fs2:amd64': '2.23-2ubuntu3', 'libblockdev-crypto2:amd64': '2.23-2ubuntu3', 'linux-headers-5.4.0-81': '5.4.0-81.91', 'libblockdev2:amd64': '2.23-2ubuntu3', 'libblockdev-part-err2:amd64': '2.23-2ubuntu3', 'libblockdev-part2:amd64': '2.23-2ubuntu3', 'libnspr4:amd64': '2:4.25-1'} removed: {'linux-headers-5.4.0-80': '5.4.0-80.90', 'linux-headers-5.4.0-80-generic': '5.4.0-80.90', 'linux-modules-5.4.0-80-generic': '5.4.0-80.90', 'shim': '15+1552672080.a4a1fbe-0ubuntu2'} changed: ['alsa-ucm-conf', 'curl', 'fwupd', 'fwupd-signed', 'libcurl3-gnutls:amd64', 'libcurl4:amd64', 'libdrm-common', 'libdrm2:amd64', 'libfwupd2:amd64', 'libfwupdplugin1:amd64', 'libglib2.0-0:amd64', 'libglib2.0-bin', 'libglib2.0-data', 'libgnutls30:amd64', 'libnss-systemd:amd64', 'libpam-systemd:amd64', 'libssl1.1:amd64', 'libsystemd0:amd64', 'libudev1:amd64', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-5.4.0-81-generic', 'linux-image-virtual', 'linux-virtual', 'login', 'networkd-dispatcher', 'openssh-client', 'openssh-server', 'openssh-sftp-server', 'openssl', 'passwd', 'shim-signed', 'sosreport', 'systemd', 'systemd-sysv', 'systemd-timesyncd', 'ubuntu-advantage-tools', 'udev'] new snaps: {} removed snaps: {} changed snaps: ['core18', 'snapd'] ==== alsa-ucm-conf: 1.2.2-1ubuntu0.8 => 1.2.2-1ubuntu0.9 ==== ==== alsa-ucm-conf * d/p/0028-rt715-don-t-initialize-obsolete-ADC-controls.patch * d/p/0029-sof-soundwire-rt715-use-the-hw-volume-control.patch * d/p/0030-rt715-add-the-missing-sof-prefix-to-the-hw-control-n.patch Conditionally initialize the codec rt715 according to mixer names (LP: #1936009) ==== curl: 7.68.0-1ubuntu2.5 => 7.68.0-1ubuntu2.6 ==== ==== curl libcurl3-gnutls:amd64 libcurl4:amd64 * SECURITY UPDATE: TELNET stack contents disclosure - debian/patches/CVE-2021-22898.patch: check sscanf() for correct number of matches in lib/telnet.c. - CVE-2021-22898 * SECURITY UPDATE: Bad connection reuse due to flawed path name checks - debian/patches/CVE-2021-22924.patch: fix connection reuse checks for issuer cert and case sensitivity in lib/url.c, lib/urldata.h, lib/vtls/gtls.c, lib/vtls/nss.c, lib/vtls/openssl.c, lib/vtls/vtls.c. - CVE-2021-22924 * SECURITY UPDATE: TELNET stack contents disclosure again - debian/patches/CVE-2021-22925.patch: fix option parser to not send uninitialized contents in lib/telnet.c. - CVE-2021-22925 ==== fwupd: 1.3.11-1~focal1 => 1.5.11-0ubuntu1~20.04.2 ==== ==== fwupd libfwupd2:amd64 libfwupdplugin1:amd64 * force to use libjcat >= 0.1.3, or signature verification will failed. * New upstream version (1.5.11) to support Dell dock USB4 module. (LP: #1934209) * Drop all patches upstream. * Downgrade libgusb from 0.3.5 to 0.3.4 which used in focal after checking through all commits between. * New upstream version (1.5.8) * Backport a patch to fix SBAT (LP: #1921539) * Drop all other patches, upstream. * Backport a patch to fix regression in fwupdtool activate * Backport a patch to fix activatable devices getting stuck in an update loop * Rebuild to pick up new signing keys. * Backport a patch to fix FTBFS on armhf for SBAT * New upstream version (1.5.7) - Fixes issues with SBAT on UEFI. * Fixes dependencies for -dev packages: Closes: #980691, #980684 [ Steve McIntyre ] * Fix up Uploaders for the -signed packages - remove Jared, add Matthias [ Mario Limonciello ] * New upstream version (1.5.6) * drop all upstream patches * fwupd.postinst: Adjust to read /etc/os-release instead of `/etc/lsb-release` * New upstream version (1.5.5) * trivial: debian: migrate uefi->uefi_capsule in uefi.conf * trivial: debian: fix modules-load.d directory * trivial: debian: add dbus to recommends (Closes: #980049) * Backport 2 patches for continual "Unknown" message on new connections * trivial: debian: read /etc/lsb-release instead of dpkg-dev (Closes: #977860, #977861, #970783) * trivial: debian: only install fwupd-msr.conf if needed * New upstream version (1.5.3) * Drop all patches (upstream) * Follow defaults for nvme and redfish plugins (don't need efivar now) * debian/control: - Drop libsoup build dependency - Add libcurl build dependency - Add systemd build dependency * Migrate debian/fwupd.preinst content to debian/fwupd.maintscript * Backport patch to fix ppc64el autopkgtest failure * trivial: debian: disable downloading from LVFS in autopkgtest * Add breaks for fwupdate 12-7 (Closes: #960688) * trivial: debian: add git to fwupdate-tests dependencies [ Mario Limonciello ] * Backport a patch to indicate if packages are supported or not * backport a patch to fix autopkgtests on ppc64el * trivial: debian: don't hardcode paths in libexec * trivial: debian: disable msr plugin on all !x86 [ Jessica Clarke ] * debian: Check DEB_HOST_ARCH_CPU not DEB_HOST_ARCH for MSR plugin * debian: Prefer Makefile substitution over shell substitution * debian: Use if/else rather than overriding default values * debian: Drop pointless dh_shlibdeps override * debian: Check for valgrind in Makefile not shell and don't hard-code path * debian: Fix dangerous lack of set -e * debian: Fix another instance of unusual ifeq syntax * debian: Build up CONFARGS list rather than individual variables * debian: Fix another dangerous missing set -e * debian: Use uniform spacing around semicolons * debian: Avoid looking like a set -e is missing * debian: Remove unnecessary ./ use * debian: Add quotes around glob * New upstream version (1.5.1) * Drop backported patches * Add udisks2 to recommends * Backport a patch to fix a crash when udisks2 is missing (Closes: #970054) * Disable flashrom for ia64 * New upstream version (1.4.6) * New upstream version (1.4.5) * Drop flashrom patch, now upstream * Regenerate control file - Refresh dependencies for 1.4.x - Drop Jared as uploader * Stop generating debian/control automatically at build time * Add build-dep on libflashrom-dev ==== fwupd-signed: 1.27.1ubuntu2+1.3.11-1~focal1 => 1.27.1ubuntu5+1.5.11-0ubuntu1~20.04.2 ==== ==== fwupd-signed ==== glib2.0: 2.64.6-1~ubuntu20.04.3 => 2.64.6-1~ubuntu20.04.4 ==== ==== libglib2.0-0:amd64 libglib2.0-bin libglib2.0-data * Initialise memory used for file builder buffers to zero, since memory artifacts found themseleves into gschema.compiled files, leading to glib being unable to parse the gschema.compiled files, causing gdm, gnome-shell and various gnome applications to fail to start. (LP: #1930359) - d/p/gvdb-builder-Initialise-some-memory-to-zero-in-the-bloom-.patch ==== gnutls28: 3.6.13-2ubuntu1.3 => 3.6.13-2ubuntu1.6 ==== ==== libgnutls30:amd64 * SECURITY UPDATE: use after free issue in key_share extension - debian/patches/CVE-2021-20231.patch: avoid use-after-free around realloc in lib/ext/key_share.c. - CVE-2021-20231 * SECURITY UPDATE: use after free issue in client_send_params - debian/patches/CVE-2021-20232.patch: avoid use-after-free around realloc in lib/ext/pre_shared_key.c. - CVE-2021-20232 * testpkcs11: use datefudge to allow testing with expired certificates. (LP: #1910255) * debian/patches/update-status-request-revoked.patch: update the status-request-revoked.c test so that it passes and the package builds. ==== libdrm: 2.4.102-1ubuntu1~20.04.1 => 2.4.105-3~20.04.1 ==== ==== libdrm-common libdrm2:amd64 * Backport to focal. (LP: #1923880, #1925320) * Revert a commit causing additional dependencies to be added to *.pc.in. Also drop libpciaccess-dev from libdrm-dev Depends. * control: Add libpciaccess-dev to libdrm-dev depends. * revert-set-fb-modifiers-flag.diff: Revert a commit which broke chrome on certain setups. * New upstream release. (LP: #1923880) * symbols: Updated. * New upstream release. * Add signing-key from Simon Ser. * control: Manpages now need python3-docutils instead of docbook-xsl to build, make it so. * hurd-port.diff: Dropped. (Closes: #975658) * New upstream release. (Closes: #970304) * control, rules, hurd-port.diff: Add support for Hurd. (Closes: #909436) * New upstream release. * fix-realpath-vs-firefox.diff: Dropped, upstream. * libdrm-tests.install: Added /usr/bin/drmdevice. * fix-realpath-vs-firefox.diff: Fix webgl on intel with firefox. (Closes: #956665) (LP: #1872586) * New upstream release. * source, watch: Upstream provides only xz tarballs, bump source to 3.0 (quilt). * Add my key to signing-key.asc. * control: Use debhelper-compat, bump to 12. * control: Bump policy to 4.5.0. * local-options: Update extend-diff-ignore. * symbols: Updated. * rules: Override dh_missing. * rules: Include additional test binaries on arm. (Closes: #944752) * Revert dropping libdrm-tests, since the package ended up in NEW anyway. * control, rules: Disable libdrm-tests, 2.4.100 is needed for mesa 19.3 now and not after waiting for the NEW queue to clear. [ Timo Aaltonen ] * New upstream release. (Closes: #943777) * symbols: Updated. [ Rohan Garg ] * Add a libdrm-tests package. (Closes: #868898) * New upstream release. (Closes: #934494) * 02_kfreebsd.diff: Dropped, upstream. * symbols: Updated. [ Andreas Boll ] * New upstream release. * Update libdrm-amdgpu1.symbols and shlibs. * Update libdrm-freedreno1.symbols and shlibs. [ James Clarke ] * Fix build on GNU/kFreeBSD (Closes: #837034, #909249). * Remove no longer needed build-dep libbsd-overlay. [ Timo Aaltonen ] * rules, control: Switch to meson. [ Andreas Boll ] * New upstream release. - Fixes WebGL on Firefox (Closes: #907698). * Update libdrm-amdgpu1.symbols and shlibs. * Drop static libdrm library from libdrm-dev. * Update extend-diff-ignore. [ Guido Gnther ] * Enable etnaviv on arm64 (Closes: #906915) [ Timo Aaltonen ] * New upstream release. (LP: #1789924) * Update libdrm-amdgpu1.symbols and shlibs. * New upstream release. * Update libdrm-freedreno1.symbols and shlibs. * New upstream release. * Update libdrm-freedreno1.symbols and shlibs. * control: Update to my Debian address. * Update Vcs-* URLs to point at salsa.debian.org. * Bump debhelper compat to 11. * Bump standards version to 4.1.4. * Update libdrm-freedreno1.symbols and shlibs (Closes: #892960). * New upstream release. * New upstream release. * Update libdrm-amdgpu1.symbols and shlibs. * Bump standards version to 4.1.3. * Update extend-diff-ignore. * New upstream release. * Update libdrm2.symbols and shlibs. * Update libdrm-amdgpu1.symbols and shlibs. * Update libdrm-etnaviv1.symbols and shlibs. * Update libdrm-freedreno1.symbols and shlibs. * Bump standards version to 4.1.2. * New upstream release. * Update libdrm-amdgpu1.symbols and shlibs. * New upstream release. * Update libdrm-amdgpu1.symbols and shlibs. * Bump standards version to 4.1.1. * libdrm-amdgpu1.symbols: Updated. * New upstream release. * libdrm2.symbols: Updated. * New upstream release. * New upstream release. * debian/upstream/signing-key.asc: add key from Lucas Stach. * Add libdrm-common package for new data files. * debian/*.symbols: add new symbols. * debian/rules: Bump shlibs for the libraries with new symbols. * debian/control: Bump Standards-Version to 4.0.0; no changes needed. * Upload to unstable. * New upstream release. * Bump libdrm2's and libdrm-amdgpu1's symbols and shlibs. * New upstream release. * Bump libdrm-amdgpu1's and libdrm-etnaviv1's symbols and shlibs. * Remove libpthread-stubs0-dev build-dep per configure.ac. * Team upload. * New upstream release. * Bump libdrm-amdgpu1 symbols. * Update debian/upstream/signing-key.asc * New upstream release. * Update extend-diff-ignore. * Cherry-pick 19c4cfc (intel: Add handle to hashtable before freeing along an error path) from upstream (LP: #1671377). * New upstream release. * Bump libdrm2's and libdrm-intel1's symbols and shlibs. * Update extend-diff-ignore. * Add debian/source/format file. [ Andreas Boll ] * Switch to dbgsym packages. * Enable building etnaviv on armhf (Closes: #852685). [ Emilio Pozuelo Monfort ] * Stop passing --disable-silent-rules to configure, debhelper does it now. * Don't override dh_auto_install, it defaults to debian/tmp. * New upstream release. * Update debian/upstream/signing-key.asc. * Bump libdrm2's, libdrm-freedreno1's and libdrm-intel1's symbols and shlibs. * Bump debhelper compat to 10. * New upstream release. * Bump libdrm2's, libdrm-amdgpu1's, libdrm-freedreno1's and libdrm- intel1's symbols and shlibs. * Update a bunch of URLs in packaging to https. * New upstream release. * Update symbols file and bump shlibs for libdrm2. * Update libdrm-intel1.symbols and shlibs. * Remove Hurd from the architecture list. It FTBFS, haven't built in the past and won't be useful without the equivalent of the Linux Direct Rendering Manager (DRM) subsystem. * New upstream release. * Update libdrm-freedreno1.symbols and shlibs. * source/local-options: Add more files to extend-diff-ignore option. Fixes 17 patch-system-but-direct-changes-in-diff lintian warnings. [ Andreas Boll ] * New upstream release. * Update debian/upstream/signing-key.asc. * Bump Standards-Version to 3.9.8, no changes needed. * Update watch url to use https instead of http. [ Julien Cristau ] * Build libdrm-tegra on arm64 (closes: #828023). Thanks, Martin Michlmayr! * New upstream release. (LP: #1577735) * New upstream release. * patches: Refreshed. * libdrm-amdgpu1.symbols: Updated. * Update libdrm-exynos1.symbols and shlibs. * New upstream release. * Update symbols file and bump shlibs for libdrm2. * Update libdrm-intel1.symbols and shlibs. * Update libdrm-nouveau2.symbols and shlibs. * Drop obsolete Replaces from pre-wheezy. * Add myself to Uploaders. * rules: Bump freedreno shlib back to 2.4.65. [ Andreas Boll ] * Update libdrm-freedreno1.symbols and shlibs. * Drop Debian revision from new symbols in libdrm2.symbols. [ Fathi Boudra ] * Enable freedreno build on arm64 architecture. [ Andreas Boll ] * New upstream release. * Update debian/upstream/signing-key.asc. * Update symbols file and bump shlibs for libdrm2. * Enable libdrm-amdgpu1 on kfreebsd-*. * Fix Vcs-* fields. * Add upstream url. [ Robert Hooker ] * New upstream release. * Bump symbols file and shlibs for libdrm-freedreno1. [ Robert Hooker ] * New upstream release. - Drop Fix-headers-inclusion-in-xf86drmMode.c.diff, upstream. * Add new libdrm-amdgpu1 package. [ Sven Joachim ] * New upstream release. - nouveau: restore check that avoids multiple user bos per kernel bo (Closes: #789759). * Update symbols file and bump shlibs for libdrm2. * Refresh the patch from 2.4.60-3 after upstream changes. * Remove duplicate Section fields from debian/control. * Update debian/upstream/signing-key.asc. * Bump Standards-Version to 3.9.6, no changes needed. [ Julien Cristau ] * Update debian/upstream/signing-key.asc. * Fix kfreebsd patch that caused an FTBFS on Linux/x32: only include if configure detects it (closes: #787496). Thanks, Thorsten Glaser. * Add build-dep on xutils-dev for xorg-macros. * Cherry-pick upstream patch to let valgrind auto-detection work. [ Timo Aaltonen ] * control: Add a typo in libdrm-tegra0 description. [ Julien Cristau ] * Fix FTBFS on kfreebsd: include for sysctlbyname, and use -lbsd to make the tests build (they use getopt, and our libbsd-overlay cflags redirect that to bsd_getopt). * Bump shlibs for libraries with new symbols. * Add missing dependency of libdrm-dev on libdrm-tegra0 on arm*. * Let uscan verify tarball signatures. [ Maarten Lankhorst ] * Fix ftbfs on armhf. * New upstream release. * libdrm-intel1.symbols, libdrm2.symbols: Updated. * New upstream release. * Add libdrm-tegra0 on arm. [ Andreas Boll ] * Update libdrm-freedreno1.symbols and shlibs (fixes FTBFS). [ Andreas Boll ] * New upstream release. - 03_hide_symbols.diff dropped, upstream. * Update libdrm-intel1.symbols and shlibs. * New upstream release. * Enable building freedreno and exynos on arm. (Closes: #741509) * Add a squashed patch from upstream to hide all private symbols. - 03_hide_symbols.diff [ Andreas Boll ] * New upstream release. * Add 02_fix_qxl_drm_h.diff (Closes: #746807). [ Timo Aaltonen ] * New upstream release. - 02_kbsd_modeset.diff dropped, upstream [ Julien Cristau ] * Remove Cyril Brulebois from Uploaders. [ Maarten Lankhorst ] * New upstream release. * New upstream release. * New upstream release. * Cherry-pick a commit from upstream to fix a radeonsi regression. - c8a437f4c76: radeon: Update unaligned offset for 2D->1D tiling transition on SI * New upstream release. [ Colin Watson ] * Declare libdrm-dev Multi-Arch: same. [ Maarten Lankhorst ] * Cherry-pick upstream patch to fix relocations for all cards = 2.6.28. * Set libdrm2 shlibs to 2.4.3, libdrm-intel1 shlibs to 2.4.5. Update symbols files. * Remove from the source package a bunch of files that are only used by the kernel drm component. This gets rid of the mga, r128 and radeon microcode, and thus closes: #502675. Thanks, Ben Hutchings! [ Brice Goglin ] * Update upstream URL in debian/copyright. * Bump Standards-Version to 3.7.3 (no changes). * Drop the XS- prefix from Vcs-Git and Vcs-Browser fields in debian/control. * Install the upstream ChangeLog. [ Julien Cristau ] * New upstream release (needed for mesa 7.1 and newer xserver). * Note: this release removes the memory manager (TTM) interface used by the i915tex dri driver. * debian/rules: don't call configure with --host if we're not cross-building, and fix some rules dependencies. [ Timo Aaltonen ] * Bump the shlibs to 2.3.1. [ David Nusinow ] * Add NEWS.Debian explaining the change in the last upload to interested administrators. [ Julien Cristau ] * Upload to unstable. * Add myself to uploaders * Patch libdrm to default to device permission 666 so we don't have to do it in xorg.conf. The only way libdrm can do anything is through the server anyway. This can still be overridden by a user's xorg.conf. This change also requires adding quilt to the build-depends * Update my email address in debian/control. * Add XS-Vcs-Git and XS-Vcs-Browser in debian/control. * Upload to unstable. [ Thierry Reding ] * New upstream release. * Set the Debian X Strike Force as maintainer. * Add myself to uploaders. * Add a debugging symbol package for libdrm2. [ Julien Cristau ] * Bump shlibs to libdrm2 >= 2.3.0. * Add myself to uploaders. * Add build-dep on dpkg-dev >= 1.13.19 to make sure that the binary:Version substvar is available. * libdrm2-dbg depends on libdrm2 (= ${binary:Version}). * Don't install libdrm.la, and use dh_install --list-missing. * Non-maintainer upload. * New upstream release. * Bump Standards-Version to 3.7.2, no changes required. * Bump debhelper compatibility to 5 and adjust build-dependency. * Don't try to install pkgconfig files from usr/share/pkgconfig because there is nothing in that directory. * Non-maintainer upload. * New upstream release (closes: #377166). - Includes a fix for FTBFS on GNU/kFreeBSD (closes: #332994). * Manually force static build. * New upstream release - Fixes a pathological hash table smash discovered by the Coverity scanner - updates the installed header files for various new #defines * First upload to Debian * New upstream release. * Change binary package from libdrm1 to libdrm2, following soversion bump. * New upstream version. * Yay for understandable bug reports! *gmprf* * debian/control:libdrm1 =~ s/development/runtime/ (closes: bug#325515) * libdrm.pc.in: add -ldrm to Libs * New upstream * debian/control: it's "Direct Rendering Infraestructure". I was rather sure it stand for interface... thanks Michel. (closes: bug#324514) * debian/control: forgot to actually write this in the file. Build-Depends on libx11-dev. Thanks Kurt (closes: bug#324560) * Forgot to fix the other broken bit :-P * Initial release. Closes: #324074 ==== linux-meta: 5.4.0.80.84 => 5.4.0.81.85 ==== ==== linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual * Bump ABI 5.4.0-81 * Packaging resync (LP: #1786013) - [Packaging] resync debian/dkms-versions from main package ==== linux-signed: 5.4.0-80.90 => 5.4.0-81.91 ==== ==== linux-image-5.4.0-81-generic * Master version: 5.4.0-81.91 ==== networkd-dispatcher: 2.0.1-1 => 2.1-2~ubuntu20.04.1 ==== ==== networkd-dispatcher [ Lukas Mrdian ] * Add d/p/0003-Normalize-parsed-IP-address-value.patch to handle IP address networkctl output of systemd v244+ (LP: #1884248) [ Julian Andres Klode ] * debian/gbp.conf: Point to debian/bullseye * New upstream release 2.1 (Closes: #968941) - fixes parsing of current systemd (LP: #1884248) ==== openssh: 1:8.2p1-4ubuntu0.2 => 1:8.2p1-4ubuntu0.3 ==== ==== openssh-client openssh-server openssh-sftp-server * d/systemd/ssh@.service: preserve the systemd managed runtime directory to ensure parallel processes will not disrupt one another when halting (LP: #1905285) ==== openssl: 1.1.1f-1ubuntu2.4 => 1.1.1f-1ubuntu2.5 ==== ==== libssl1.1:amd64 openssl * Cherry-pick an upstream patch to fix s390x AES code (LP: #1931994) ==== shadow: 1:4.8.1-1ubuntu5.20.04 => 1:4.8.1-1ubuntu5.20.04.1 ==== ==== login passwd * Disallow purely numeric usernames. This includes hexadecimal octal syntax. (LP: #1927078) ==== shim-signed: 1.40.4+15+1552672080.a4a1fbe-0ubuntu2 => 1.40.6+15.4-0ubuntu7 ==== ==== shim-signed ==== sosreport: 4.1-1ubuntu0.20.04.2 => 4.1-1ubuntu0.20.04.3 ==== ==== sosreport * d/p/0004-networking-check-presence-of-devlink.patch: - Fix devlink module load by networking plugin (LP: #1923661) ==== systemd: 245.4-4ubuntu3.10 => 245.4-4ubuntu3.11 ==== ==== libnss-systemd:amd64 libpam-systemd:amd64 libsystemd0:amd64 libudev1:amd64 systemd systemd-sysv systemd-timesyncd udev * d/p/lp1937117/0001-revert-lp1929560-network-move-set-MAC-and-set-nomaster-operations-out.patch, d/p/lp1937117/0002-avoid-changing-interface-master-if-interface-already-up.patch: - Don't change interface master if interface is already up, due to users expecting previous buggy behavior (LP: #1937117) ==== ubuntu-advantage-tools: 27.1~20.04.1 => 27.2.2~20.04.1 ==== ==== ubuntu-advantage-tools * Backport new upstream fix: (LP: #1936833) to focal - Fix regression introduced on 27.2.1 (LP: #1934902) * d/tools.postinst: - Do not fail in postinst if cloud-init did not run. This fixes the regression introduced in 27.2.1. (LP: #1936833) * d/control: - remove unnecessary distro-info dependency from build-depends * d/rules: - pick right version of distro-info based on release * docs: + add information about proxy auth to manpage and readme * lib: + handle missing configStatus key in patch status json script * d/control: - add comments to explain complex build-depends - add version requirement to distro-info (LP: #1932028) * d/tools.postinst: - run status.json schema patch script to avoid non-root status errors * New upstream release 27.2: - attach: print contract server reason for 403 (GH: #1630) - cli: add ua config set, unset and show subcommands - config: + add default ua_config setting values + only allow some fields to be set by envvar + use defaults for contract and security url - docs: + add proxy config options to man page + add instructions to generate MOTD messages + add support matrix info + remove broken api link - enable: allow downgrading packages during enable (GH: #1659) - fips: + add focal test for fips-updates + alert if wrong fips package installed on gov clouds + install correct fips package on gov clouds + only install conditional_packages if necessary and available - logs: log env vars that affect config on cli runs - proxy: + add config options to set proxies + print message when setting proxy + support configuring apt proxies + support configuring snap and livepatch proxies + support setting proxy for web requests + validate urls before setting as proxies - refresh: support refreshing config and contract separately - status + add config info to json output + add env vars to json output + do not show unavailable services in json output + support yaml format with same content as json format + update account info in json output + update contract info in json output + update root level keys of json output - refactor: + remove side effects from can_enable (GH: #1654, #1571) + use DatetimeAwareJSONDecoder to parse date strings - tests: + add additional enable test for incompatible services + add flag to enable proposed pocket + add test to check and print version being tested + drop trusty specific tests * Cherrypick upstream pr #1681 to unbreak many migrations. LP: #1930741 * d/control: - specify debianutils min version * d/changelog: - fix lintian typos amend and redact incorrect 27.0 entry (GH: #1624) * lintian: - override ubuntu-advantage-pro wanted-by-target cloud-init - override xenial specific errors - rename package-specific overrides for pro vs tools * New upstream release 27.1: - apt-hook: + avoid segfault when comparing null Apt file origin to esm (LP: #1929123) + avoid wrapping static message formats at 80 chars + update go build flags based on lintian warnings (GH: #1626) + only add newlines for MOTD if message file length is non-zero - attach: do not print contract name if empty - autocomplete: Do not show beta services in autocomplete (GH: #1594) - cis: + make service non-beta + post enable message pointing to docs + update cis help url - docs: update releases.md per SRU review feedback on branch structuring - enable: correct messaging for beta service (GH: #1588) - errors: print a more helpful message when ssl fails (GH: #1618) - fips: + Block enabling fips if fips-updates once enabled (GH: #1600) + Update output of fips commands (GH: #1631) - livepatch: alert when snapd does not have wait cmd (LP: #1927329) - logging: remove tracebacks for UserFacingErrors (GH: #1586) - messaging: + Infra and Apps messaging is mutually exclusive (GH: #1573) + point to u.com/16-04 instead of u.com/advantage on ESM (GH: #1584) + separate _remove_msg_template. emit no warranty on infra disabled - pro: obtain AWS IMDSv2 API token before trying to grab pkcs7 doc (GH: #1608) - status: do not show info if not on contract (GH: #1592) - tests: + drop trusty specific tests + fix mock for handle_message_operations + fix motd message for bionic (GH: #1615) + integration tests for hirsute and groovy + manual test for trusty upgrade to xenial + reboot after dist-upgrade for upgrade test + test enabling CIS on focal (GH: #1582) + update messages in integration tests (GH: #1635) + use proposed pocket on xenial upgrade test - jenkins: + add pytest runs for xenial and bionic + run focal lxd integration tests * d/control: - order build-depends alternatives newer first (LP: #1926949) - apt-hook: do not attempt to package go APT JSON hook on some architectures (GH: #1603) (LP: #1927886, LP: #1927795) * Bug-fix release 27.0.2: build failures on riscv64 and powerpc - apt-hook: refactor json hook messaging to be dry - tests: fix subp ls error case for powerpc builds - jenkinsfile: add --resolve-alternatives for trusty builds - amend changelog: add omitted apt-hook message for 27.0.1 stanza * Add .gitignore and cleanup ignored directory .pytest_cache * apt-hook: mitigate failures with true * New upstream release 27.0: - [redacted: actually landed in 27.0.1] apt-hook: mitigate failures with true - messages: add optional (s) to apt messaging to include singular/plural pkgs - apt-hook: avoid reporting and counting duplicate package names (GH: #1578) - fix: don't say reboot required when unnecessary (LP: #1926183) - test: uncomment additional xenial upgrade tests * New upstream beta3 release: - config: avoid tracebacks on invalid features value in uaclient.conf (GH: #1564) - apt-hook: new json hook for security update counts - Remove redundant messaging from uaclient * d/control: - add distro-info dependency - add new debianutils dependency - add optional dh-systemd | debhelper (>= 13.3) to fallback on hirsute and later when dh-systemd is not present * d/rules: enable and start ua-messaging.timer on package install * d/postinst: - configure esm on any LTS release avoid beta services - configure esm-infra when is_active_esm and apps on LTS - xenial enable unauthenticated apt source for apps/infra * New upstream release 27.0~beta: - apt-hook: + adapt hook to process separate message templates + esm-apps and esm-infra pkg counts not mutually-exclusive + print static messages on apt upgrade/dist-upgrade (GH: #1546) - config: create settings_overrides on config (GH: #1507) - docs: add entry for uploading new version to ppa - esm: + add pin never when disabling esm-infra/apps on xenial + enable infra when EOL LTS and apps on all LTS (GH: #1558) - fips: add notice when installing over old fips - fix: + add links to ubuntu.com/gcp/aws in messaging when on non-PRO + add notice to reboot operation on ua fix + do not prompt user for beta services (GH: #1544) + notify users if reboot is required (GH: #1476) + update how the expired token logic works + wrap output greater than 80 chars (GH: #1487) - lib: fix notice handling on reboot script - messages + provide static message files for use in APT and MOTD + update_ua_messages on attach/detach/disable - mypy: add lib/ dir for coverage - status: do not remove notices on non-root call (GH: #1518) - subp: separate % format strings when logging (GH: #1520) - systemd: add ua-messaging.timer to update ua MOTD and APT msgs - update-motd.d: add conditional hooks for motd to source ua messages - util: add is_lts and is_active_esm funtions to support ESM - test + add integration tests asserting esm-apps setup due to postinst + manual test script for xenial upgrade + trusty and xenial infra and apps disabled in pkg install - behave: use unaltered cloud images unsetting UACLIENT_BEHAVE_PPA - jenkins: make lint and style stage run sequentially * d/*: prefix all the debhelper conf files with the package name * d/control: - add Rules-Requires-Root: no - bump Standards-Version to 4.5.1 - make ubuntu-advantage-pro Architecture: all * d/lintian-overrides: - override maintainer-script-calls-service - package-supports-alternative-init-but-no-init.d-script * d/postinst: move the u-a-pro note to a config script * d/ubuntu-advantage-tools.templates: suggest the use of apt * New upstream release 27.0~beta: - apt: add retry for apt-helper command (GH: #1431) - cli: drop subcommand repeated help output, fix enable & refresh (GH: #1440) - config: + allow parsing yaml delivered from env values + environment variable support for feature overrides (GH: #1395) + create config to add extra params to security url - docs: + add ppas and fix typos + use Ubuntu Pro not Ubuntu PRO + add stop "." punctuation to messages (GH: #1320) - fips: fix FIPS message when disable operation fails - fix: + add basic UASecurityClient to which queries CVE and USNs + add security_url to config + check if service is enabled during ua fix (GH: #1462) + closer representation of cve and usn responses + filter usns by cve details (GH: #1470) + fix regex to be more permissive and strict + get_cve_affected_source_packages_status won't list not-affected (GH: #1467) + handle other package status when running ua fix (GH: #1435) + improve error message for ua fix (GH: #1420) + install pkg fixes when they are on standard pocket (GH: #1401) + move timeout and retries to security client only + only prompt for subscription attach for UA-related pkg updates + parse all related USNS to a given CVE when fixing + parse full API responses for related CVEs and USNs + prefer USN.release_packages binary pkg versions to CVE src ver (GH: #1436) + prompt for new ua token when expired one is used (GH: #1475) + prompt to emit pro suggestion on pro_clouds if unattached (GH: #1386) + prompt to enable service during ua fix (GH: #1455) + provide related CVE URLs instead of USNs (GH: #1456) + raise errors when source_link is null or unexpected format + show packages that were not fixed in the output + update output for released packages in ua fix (GH: #1438) + update message for invalid issue in ua fix (GH: #1433) + use pocket values from USNs (GH: #1439) - logs: emit error response on API errors and redact sensitive logs (GH: #1424) - serviceclient: add 10 second timeout and two retries to API calls (GH: #1374) - util: + add error prompts on invalid selection + add timeout to readurl - tests: + Add disable_auto_attach config to all test PRO vms + add merge_usn_released_binary_package_versions tests + add unittest coverage for override_usn_release_package_status + drop traceback checks on fips integration tests + refactor integration tests for ua fix cmd + run status wait before detach in PRO tests + use ssh to run commands on lxd containers - jenkins: archiveArtifacts can only reference paths within workspace * d/control: add new debianutils dependency * New upstream release 26.3 - util: improve is_container check for chroot - cli: pass assume_yes param to services on detach (GH: #1530) * Drop dh-systemd build dependency. * status: show beta services in status if enabled (GH: #1410) * New upstream release 26.1 - contract: block detach call to contract if machine-id change - docs: add readme docs about mastering clean golden images - fips: add reboot notices for fips operations (GH: #1368) - livepatch: add retry when running canonical-livepatch status (GH: #1360) - util: use lru_cache to avoid re-reading os-release and machine-id (GH: #1329) - tests: + add disable_auto_attach config to all test PRO vms + add more log artifacts during failed integration test + check cloudinit status after launching image + mock leaking livepatch.application_status for fips test + retry package installs on apt exit 100 - jenkins: parameterize build stages to avoid parallel job collision * auto-attach: fix comparing numeric iid * New upstream release 26.0: - auto-attach: systemd unit to run before ua-reboot-cmds.service - config: remove_notice should remove notices.json when empty - fips: + add notice if running a deactivated FIPS kernel (GH: #1348) + block enabling FIPS on clouds using Xenial + block enabling fips on GCP instances + check /proc/sys/crypto/fips_enable to see if fips is enabled + override fips metapackage when on bionic cloud + update metapackage override logic on fips - notices: clear lock file and notice when encountering any exception (GH: #1326) - reboot_cmds: retry on lock held errors due to pro auto-attach - services: allow uaclient to disable services during enable - status: include beta services in json formatted output with --all (GH: #1341) - tests: + add FIPS tests to AWS and Azure bionic images + add GCP pro test for focal machine + add after_step collection of artifacts on failure + remove proc file check after disabling fips + pro: block auto-attach with cloud-config bootcmd + add validation of systemd unit ua-reboot-cmds.service + test enabling fips-updates when fips is enabled - jenkins: - add deb build stage to assert package builds - use series-specific sbuild --build-dir avoid races - use --append-to-version for each sbuild run to avoid races - presume success when no integration artifacts created * d/rules: - add --with systemd to allow reboot init script - do not remove lib/systemd/system folder * d/postinst: - create marker file when reboot script need to run: - enable livepatch across trusty to xenial upgrade - update fips on existing fips pro machines * New upstream release 26.0~beta: - gcp: add Google Cloud Platform support (GH #1269) - fips: + remove is_beta from fips sevices + fips pro: add upgrade support to require reboot to unmark held fips pkgs + update origin UbuntuFIPSUpdates - status: + add notice to tabular output + held locks emit notice about Operation in progress - cli: help sort output so trusty ordering matches xenial++ - cis: rename service from cis-audit - config: provide config notices and add_notice and remove_notice methods - contract: add resource-machine-access route and datapath - init: add init script to run commands on reboot - keys: add ubuntu-advantage-cis keyring - livepatch: make livepatch react to enableByDefault delta - log: log when we install pkgs because of contract delta - make: drop six testdeps target - pro: do not install pro debs on non-pro instances - services: Update beta info for services (GH #1220) - tools: add tox-lxd-runner, that execute the test command in a shell - tools: refresh-keyrings handles cis keys. drop series-specific keys - tests: + add GCE support for integration tests + add cis integration tests for unattached and pro + add pytest constraint for mypy tests + add unittests for reboot_cmds script + fix esm package messages for new update notifier version + pin importlib-metadata for mypy tests + repo tests for request_resource_machine_access + unit tests for config cache clearing and machine-access data - jenkins: + add basic Jenkinsfile for CI runs per PR + add jenkins parseable test results + add lxc cleanup stage on Jenkinsfile * Release version 25.0 * New upstream release 25.0~beta3: - upgrade-lts-conract: noop during do-release-upgrade on unattached (GH: #1255) - ua-auto-attach: order systemd unit before cloud-config.service - Update FIPSUpdates pin origin - fips: unmark held fips packages for ubuntu pro fips image support (GH: #1109) - repo: handle changes to additionalPackages contract deltas - repo: move package installation to install_packages method - pro: trigger auto-attach as soon as instance-data.json is available (GH: #1234) - Conditionally install packages when enabling FIPS - fips: allow disable (GH: #1168) - cli: add trailing newline to argparse errors (GH: #1236) - Install fips metapacking when enabling service - integration test improvements: + upgrade-test: fix upgrade path restart failures on trusty (GH: #1257) + Fix integration test setup scripts (GH: #1253) + strict checking for command success on behave + Update tests to use new pycloudlib LXD abstraction + Add upgrade scenario tests when FIPS is enabled + Improve FIPS tests for checking packages + Update esm-infra xenial lxd test + Fix vm tests as esm-apps is beta service + Fix azure generic integration testing + Update esm-apps check on staging_commands tests + Install pycloudlib for azure jobs only + Fix shell condition in run_azure_travis_integration_tests.sh + Update azure jobs on travis + Update travis url in README + Update travis scripts to use ppa only on master + Fix cron event type check on travis yaml * New upstream release 25.0~beta2: - help: update esm-infra help text (GH: #1212) - apt-hook: update apt cli messaging for UA Infra: ESM and UA Apps: ESM product names - help: update fips help docs (GH: #1213) - help: revert CIS help doc URL (GH: #1211) - help: add new fips help URLs to CLI help docs (GH: #1210) - Show error when enabling service with invalid repo [Lucas Moura] (GH: #954) - Update beta info for services (#1220) [Lucas Moura] (GH: #1216) - Do not enable fips when fips-updates is active [Lucas Moura] (GH: #1209) - Add vm test commands in tox.ini (#1204) [Lucas Moura] * Beta bug fix release - status: fix missing description_override key after upgrade from trusty (GH: #1201) - During contract delta processing use _check_application_status_on_cache instead of live service status * d/control: - add po-debconf dependency and fix lintian not-using-po-debconf and untranslatable-debconf-templates - add ${misc:Depends} dep to ubuntu-advantage-pro to fix lintian debhelper-but-no-misc-depends (GH: #1024) * d/rules: - drop --with systemd fix build-depends-on-obsolete-package - set fix lintian warning extra:Depends even if empty * d/postrm - Add more gpg keys to be deleted in postrm for Xenial+ support * d/postinst: - do not unconfigure non-trusty esm. no series in apt filenames (GH: #1170) - check if esm is already enabled (GH: #1095) * New upstream release 25.0: - Do not uninstall additionalPackages or livepatch when disabling services - check for issubclass on clean_apt_files - Add do-release-upgrade support for esm-infra and apps suites (GH: #1169) - Apply contract deltas during do-release-upgrade operations - cli: add ua help command - cli: status add blocking --wait param and lock files for config change - Fix livepatch behaviour on aws pro focal machine - travis: drop inapplicable workspaces from specific awsgeneric release jobs - Add possible reboot text after enabling/disabling services - apt-hook: package apt-hook and apt configuration files on all releases (GH: #1150) - Fix enable fail bug - Add uaclient.conf override mechanism for auto-attach, beta services and machine-token - Support ESM Apps [Brian Murray] (GH: #930) - Do not enable services if blocking services is active (GH: #1029) - contract: handle 401 on invalid token, 403 on expired (GH: #1335) - Hide beta services from default status output and enable/disable operations (GH: #1079) (GH: #1091) - fips: force apt noninteractive prompts during package installs (GH: #1084) - tests: add unit tests for aws-gov/aws-china cloud detection - Add AWS China and GovCloud partitions [Robert Jennings] - Disable beta services to be show/enabled without flag - Add missing build_pr command to environment - Use additionalPackages from service payload - Add integration testing for Travis runs [patriciadomin] (GH: #856) (GH: #857) (GH: #853) * New bug-fix-only release 24.4: - uaclient.version bump to 24.4 - fips: honor additionalPackage directive from contract for bionic (GH #1173) * New bug-fix-only release 24.3: - uaclient.version bump to 24.3 - fips: add conditional reboot message only if /var/run/reboot-required is present - fips: add apt repo key for FIPS and FIPS updates (GH #1026) * New bug-fix-only release 24.2: - uaclient.version bump to 24.2 - pro: Add AWS China and GovCloud partitions support (GH #1077) * New bug-fix-only release 24.1: - livepatch: run snap wait system snap.seeded before trying to install (GH: #1049) - version: return debian/changelog version when git describe fails to match upstream . tags for git-ubuntu workflow (GH: #1058) * bump version to 24.0 for new versioninig scheme * New upstream release 20.3: - ubuntu-pro: automatically reattach across instance id delta (LP: #1867573) - integration testing: + add behave tests ua subcommands for attached vm + add invalid token tests + add reuse_container test docs + refactor token parameter * d/templates: add a debconf note on upgrade from pre-ubuntu pro package * d/control: create a separate ubuntu-advantage-pro package which delivers the tooling and scripts necessary to auto-attach pro machines This change breaks/replaces ubuntu-advantage-tools <= 20.1 * d/maintscript: rm_conffile /etc/init/ua-auto-attach.conf from ua-tools pkg * d/postint: remove stale systemd symlinks which have migrated to ubuntu-pro * d/rules: only install the apt hook on trusty * d/rules: provide --no-start to debhelper to avoid auto-attach on pkg install * Release 20.2: - ubuntu-pro: + azure: fix detection of DatasourceAzureNet as azure on trusty + generalize identity_doc to return dict instead of string + auto-attach: any 4XX errors during auto-attach are the result of non-Pro + auto-attach: handle 403 errors raised by contract server for invalid vms - attach: persist any status config changes after attach failures - output: add messaging using a different subscription if attached * Release 20.1: - azure-pro, support for azure ubuntu pro auto-attach: + add azure auto-attach instance as valid cloud_instance_factory + add azure cloud instance module and tests + generalize request_aws_contract_token for multiple cloud_types + contract: request_auto_attach_contract_token takes an instance param - constraints: add constraint on pyyaml version in trusty - auto-attach: move duplicate invalid cloud_type check out of cli * d/postinst: only configure ESM on supported architectures (LP: #1851858) [Andreas Hasenack] * d/postinst: rename existing ubuntu-esm-precise.list file to trusty. This fixes the upgrade path from precise to trusty and to this client while esm is enabled (LP: #1850672) * Release 19.7: - aws: handle missing SYS_HYPERVISOR_PRODUCT_UUID - aws-pro: support for aws ubuntu pro auto-attach - pro: add cloud identity module and fix unit tests - pro: update systemd service and upstart boot scripts to auto-attach - pro: esm do not do apt pin never on disable on xenial or bionic - pro: esm-apps has origin UbuntuESMApps and esm-infra is UbuntuESM - status: dynamic status available now from refreshed machine-token - uaclient: update customer visible messages after UX review - esm-apps: allow unattended security upgrades for esm-apps - systemd: needs WantedBy=multi-user.target to get pulled into boot - cli: update docstring to describe errors raised from auto-attach - keyrings: update ubuntu-advantage-esm-apps.gpg with correct key - repo: match strict repo url in apt-policy to avoid esm substring matches - esm: don't disable_apt_auth_only for ESM entitlements - initial implementation of esm-apps - repo: don't raise exception in application_status if aptURL missing - entitlements: rely solely on contract server for repo_url - cli: exit 0 if already attached - cli: use decorators for action_attach and action_attach_premium - cli: add assert_not_attached decorator - status: custom descriptions for n/a service status * New upstream release. Main changes: - drop SSO interactive login support - d/control: no longer depend on pymacaroons, which was only needed for the SSO interactive login support - drop keyrings for services not supported in trusty: cc-eal, fips, fips-updates, cis audit - make sure /var/lib/ubuntu-advantage/private has 0700 perms - rename esm to esm-infra. Also handle upgrades - don't unecessarily remove config files that are already handled by dpkg - expand the apt related runtime dependencies - handle sources.list.d esm snippet when release upgrading from precise - ua status now reports availability of services even in unattached state - the "ua status" output was changed, including the json format option - drop "ua status" call in postinst as it now requires internet access and that is restricted in LP builders and test runners. - fix the d/t/usage DEP8 test that was also using status * d/t/usage: fix dep8 test ("entitlements" was renamed to "services") * New upstream release (LP: #1832757): - packaging: + d/control: depend on libapt-pkg to use pin-priority never + d/postinst: adjust logfile permissions + d/postinst: remove public files and generate status cache on upgrade + d/postinst: Remove the old CACHE_DIR in postinst + d/postrm: remove log files on package purge + d/postrm: remove the ESM pinning file on purge + trusty should remove v1 esm key if present after upgrade + keyrings: regenerate keyrings on a trusty host + refresh keyrings to match current production for fips and cc-eal - apt: + all repo entitlements now call apt-get update on enable + enable -updates if -updates from the Ubuntu archive is enabled + Add basic i18n (good enough for lang packs) + retry apt install and update commands 3 times simple backoff + write commented -updates lines instead of omitting them - attach/detach: + added --no-auto-enable option + suppress messages from inapplicable default entitlements + two-factor auth reprompt only two-factor auth on failed 2fa + honour enableByDefault obligations from contract server + livepatch: no auto-enable on attach for trusty + don't attempt to disable inapplicable entitlements during detach + check for root before checking for attach in assert_attached_root - status: + add --json cli formatting option + emit a SERVICE header in status output + redact technical support and expiry for free contracts + unentitled services will report n/a - cc-eal: + add a warning about download size before install + change cc to cc-eal in docs, parameters and commandline help - esm: + add esm-v2 gpg keyring, drop old keyring, ignore aptKey directive + and livepatch auto enabled on attach where supported + on upgrade do not install preferences to pin never if esm enabled + remove only the apt auth entry on disable, leaving sources.list + use Pin-Priority never apt preference file to disable esm initially - fips: + display as pending when linux-fips is not the running kernel + only install/upgrade optional packages that are already on the system - logs: + no longer redact secrets as logfile is root read-only + separate console log devel from logfile level + remove level from messages to the console - add subcommand to refresh all contract details - config: allow contract_url and sso_auth_url to have a trailing slash - docker: fix persisting generated uuid on images without machine-id files - environ: allow lowercase ua_ overrides - repo: un-comment ESM sources.list lines on repo disable - updated manpage and help docs * apt-hook: Add missing headers for APT 1.9 * Drop the self-test assert in the apt-hook, it's making the subiquity server install fail (LP: #1824523) * apt-hook: Do not crash/fail if we can't read /proc/self/status (LP: #1824523) * Ubuntu Advantage Tools rewrite in Python (LP: #1814157): - Allow attaching a system to a contract or account - More complete status output, dropping MOTD updates - Easily enable and disable services offered * Have ua status cope with the additional livepatch of running a kernel that is not supported for livepatches. * Have an option for enable-livepatch to install a compatible kernel if needed. [ Vineetha Kamath ] * Add support to common criteria EAL2 artifacts installation #144 * New upstream release - added enable-fips-updates command. This command enables the fips-updates repository to install updates to FIPS modules. The updated modules from fips-updates repository are non-certified. * d/t/update-motd-run: fix path to the esm motd (LP: #1757490) * Rename motd scripts so they are shown a bit earlier (LP: #1757171) * Move empty line placement in the livepatch motd to the beginning of the message to avoid double blank lines. * New upstream release: - repositories are only added after credentials are verified (LP: #1730361) - Livepatch MOTD script (LP: #1710976) - better "status" command output formatting (LP: #1719034) - sources.list.d files no longer contain credentials. The "auth.conf" facility is used instead. (LP: #1700611) - enabled Livepatch support for Bionic 18.04 LTS * New upstream release: - run tests during package build * New upstream release: - revert the latest name changes - instead of "advantage", add a "ua" symlink pointing at the ubuntu-advantage script. Likewise for its manpage. (LP: #1721272) * New upstream release: - rename the ubuntu-advantage script to advantage, including where it's mentioned in the documentation. Also provide symlinks pointing at the previous name. (LP: #1721272) - slightly reword some of the FIPS messages * New upstream release with FIPS support (LP: #1718291) * New upstream release: - call apt-get with the non-interactive frontend variable set, and tell dpkg to keep the old config file by default should there be any prompts about that. (LP: #1715012) - split the one big test file into multiple smaller files, for better maintainability. * Release to artful (LP: #1711369) * d/control: update package description * New release version 6. Main changes: - document return codes on the manpage (Fixes: #33) - new status command (Fixes: #40) - restrict esm to precise only (Fixes: #43) - drop the livepatch motd update, only esm has motd output now (Fixes: #44) - skip tests during package building (Fixes #49) * Only display apt output in the case of errors (Fixes #34). * Check running kernel version before enabling the Livepatch service (Fixes #30). * Add livepatch support: - New commands: + enable-livepatch + disable-livepatch + is-livepatch-enabled - new tests - new manpage - new help output - new README.md - new MOTD * ubuntu-advantage & /etc/update-motd.d/99-esm now build, run and are quiet on non-precise release. (LP: #1686183) * Add simple dep8 tests. * Also install ca-certificates (LP: #1690270) * Initial Release. LP: #1686183 -- [1] http://cloud-images.ubuntu.com/releases/focal/release-20210812/ [2] http://cloud-images.ubuntu.com/releases/focal/release-20210720/