A new release of the Ubuntu Cloud Images for stable Ubuntu release 20.04 LTS (Focal Fossa) is available at [1]. These new images superseded the existing images [2]. Images are available for download or immediate use on EC2 via publish AMI ids. Users who wish to update their existing installations can do so with: 'sudo apt-get update && sudo apt-get dist-upgrade && sudo reboot'. The following packages have been updated. Please see the full changelogs for a complete listing of changes: * cloud-init: 22.1-14-g2e17a0d6-0ubuntu1~20.04.3 => 22.2-0ubuntu1~20.04.1 * e2fsprogs: 1.45.5-2ubuntu1 => 1.45.5-2ubuntu1.1 * keyutils: 1.6-6ubuntu1 => 1.6-6ubuntu1.1 * linux-meta: 5.4.0.113.117 => 5.4.0.117.120 * linux-signed: 5.4.0-113.127 => 5.4.0-117.132 * ntfs-3g: 1:2017.3.23AR.3-3ubuntu1.1 => 1:2017.3.23AR.3-3ubuntu1.2 The following is a complete changelog for this image. new: {'linux-headers-5.4.0-117': '5.4.0-117.132', 'linux-headers-5.4.0-117-generic': '5.4.0-117.132', 'linux-modules-5.4.0-117-generic': '5.4.0-117.132'} removed: {'linux-headers-5.4.0-113-generic': '5.4.0-113.127', 'linux-headers-5.4.0-113': '5.4.0-113.127', 'linux-modules-5.4.0-113-generic': '5.4.0-113.127'} changed: ['cloud-init', 'e2fsprogs', 'libcom-err2:amd64', 'libext2fs2:amd64', 'libkeyutils1:amd64', 'libntfs-3g883', 'libss2:amd64', 'linux-headers-generic', 'linux-headers-virtual', 'linux-image-5.4.0-117-generic', 'linux-image-virtual', 'linux-virtual', 'logsave', 'ntfs-3g'] new snaps: {} removed snaps: {} changed snaps: [] ==== cloud-init: 22.1-14-g2e17a0d6-0ubuntu1~20.04.3 => 22.2-0ubuntu1~20.04.1 ==== ==== cloud-init * d/control: - Build-Depends: add python3-responses and python3-pytest-mock for unittests - Suggests: add openssh-server and ssh-import-id * refresh patches: + debian/patches/retain-apt-partner-pocket.patch * New upstream release. (LP: #1974235) - Release 22.2 (#1462) - Fix test due to caplog incompatibility (#1461) [Alberto Contreras] - Align rhel custom files with upstream (#1431) [Emanuele Giuseppe Esposito] - cc_write_files: Improve schema. (#1460) [Alberto Contreras] - cli: Redact files with permission errors in commands (#1440) [Alberto Contreras] - Improve cc_set_passwords. (#1456) [Alberto Contreras] - testing: make fake cloud-init wait actually wait (#1459) - Scaleway: Fix network configuration for netplan 0.102 and later (#1455) [Maxime Corbin] - Fix 'ephmeral' typos in disk names(#1452) [Mike Hucka] - schema: version schema-cloud-config-v1.json (#1424) - cc_modules: set default meta frequency value when no config available (#1457) - Log generic warning on non-systemd systems. (#1450) [Alberto Contreras] - cc_snap.maybe_install_squashfuse no longer needed in Bionic++. (#1448) [Alberto Contreras] - Drop support of *-sk keys in cc_ssh (#1451) [Alberto Contreras] - testing: Fix console_log tests (#1437) - tests: cc_set_passoword update for systemd, non-systemd distros (#1449) - Fix bug in url_helper/dual_stack() logging (#1426) - schema: render schema paths from _CustomSafeLoaderWithMarks (#1391) - testing: Make integration tests kinetic friendly (#1441) - Handle error if SSH service no present. (#1422) [Alberto Contreras] - Fix network-manager activator availability and order (#1438) - sources/azure: remove reprovisioning marker (#1414) [Chris Patterson] - upstart: drop vestigial support for upstart (#1421) - testing: Ensure NoCloud detected in test (#1439) - Update .github-cla-signers kallioli [Kevin Allioli] - Consistently strip top-level network key (#1417) - testing: Fix LXD VM metadata test (#1430) - testing: Add NoCloud setup for NoCloud test (#1425) - Update linters and adapt code for compatibility (#1434) [Paride Legovini] - run-container: add support for LXD VMs (#1428) [Paride Legovini] - integration-reqs: bump pycloudlib pinned commit (#1427) [Paride Legovini] - Fix NoCloud docs (#1423) - Docs fixes (#1406) - docs: Add docs for module creation (#1415) - Remove cheetah from templater (#1416) - tests: verify_ordered_items fallback to re.escape if needed (#1420) - Misc module cleanup (#1418) - docs: Fix doc warnings and enable errors (#1419) [Alberto Contreras] - Refactor cloudinit.sources.NetworkConfigSource to enum (#1413) [Alberto Contreras] - Don't fail if IB and Ethernet devices 'collide' (#1411) - Use cc_* module meta definition over hardcoded vars (SC-888) (#1385) - Fix cc_rsyslog.py initialization (#1404) [Alberto Contreras] - Promote cloud-init schema from devel to top level subcommand (#1402) - mypy: disable missing imports warning for httpretty (#1412) [Chris Patterson] - users: error when home should not be created AND ssh keys provided [Jeffrey 'jf' Lim] - Allow growpart to resize encrypted partitions (#1316) - Fix typo in integration_test.rst (#1405) [Alberto Contreras] - cloudinit.net refactor: apply_network_config_names (#1388) [Alberto Contreras] - tests/azure: add fixtures for hardcoded paths (markers and data_dir) (#1399) [Chris Patterson] - testing: Add responses workaround for focal/impish (#1403) - cc_ssh_import_id: fix is_key_in_nested_dict to avoid early False - Fix ds-identify not detecting NoCloud seed in config (#1381) - sources/azure: retry dhcp for failed processes (#1401) [Chris Patterson] - Move notes about refactorization out of CONTRIBUTING.rst (#1389) - Shave ~8ms off generator runtime (#1387) - Fix provisioning dhcp timeout to 20 minutes (#1394) [Chris Patterson] - schema: module example strict testing fix seed_random - cc_set_hostname: examples small typo (perserve vs preserve) [Wouter Schoot] - sources/azure: refactor http_with_retries to remove **kwargs (#1392) [Chris Patterson] - declare dependency on ssh-import-id (#1334) - drop references to old dependencies and old centos script - sources/azure: only wait for primary nic to be attached during restore (#1378) [Anh Vo] - cc_ntp: migrated legacy schema to cloud-init-schema.json (#1384) - Network functions refactor and bugfixes (#1383) - schema: add JSON defs for modules cc_users_groups (#1379) - Fix doc typo (#1382) [Alberto Contreras] - Add support for dual stack IPv6/IPv4 IMDS to Ec2 (#1160) - Fix KeyError when rendering sysconfig IPv6 routes (#1380) - Return a namedtuple from subp() (#1376) - Mypy stubs and other tox maintenance (SC-920) (#1374) - Distro Compatibility Fixes (#1375) - Pull in Gentoo patches (#1372) - schema: add json defs for modules U-Z (#1360) - util: atomically update sym links to avoid Suppress FileNotFoundError when reading status (#1298) [Adam Collard] - schema: add json defs for modules scripts-timezone (SC-801) (#1365) - docs: Add first tutorial (SC-900) (#1368) - BUG 1473527: module ssh-authkey-fingerprints fails Input/output error (#1340) [Andrew Lee] - add arch hosts template (#1371) - ds-identify: detect LXD for VMs launched from host with > 5.10 kernel (#1370) - Support EC2 tags in instance metadata (#1309) [Eduardo Dobay] - schema: add json defs for modules e-install (SC-651) (#1366) - Improve "(no_create_home|system): true" test (#1367) [Jeffrey 'jf' Lim] - Expose https_proxy env variable to ssh-import-id cmd (#1333) [Michael Rommel] - sources/azure: remove bind/unbind logic for hot attached nic (#1332) [Chris Patterson] - tox: add types-* packages to check_format env (#1362) - tests: python 3.10 is showing up in cloudimages (#1364) - testing: add additional mocks to test_net tests (#1356) [yangzz-97] - schema: add JSON schema for mcollective, migrator and mounts modules (#1358) - Honor system locale for RHEL (#1355) [Wei Shi] - doc: Fix typo in cloud-config-run-cmds.txt example (#1359) [Ali Shirvani] - ds-identify: also discover LXD by presence from DMI board_name = LXD (#1311) - black: bump pinned version to 22.3.0 to avoid click dependency issues (#1357) - Various doc fixes (#1330) - testing: Add missing is_FreeBSD mock to networking test (#1353) - Add --no-update to add-apt-repostory call (SC-880) (#1337) - schema: add json defs for modules K-L (#1321) - docs: Re-order readthedocs install (#1354) - Stop cc_ssh_authkey_fingerprints from ALWAYS creating home (#1343) [Jeffrey 'jf' Lim] - docs: add jinja2 pin (#1352) - Vultr: Use find_candidate_nics, use ipv6 dns (#1344) [eb3095] - sources/azure: move get_ip_from_lease_value out of shim (#1324) [Chris Patterson] - Fix cloud-init status --wait when no datasource found (#1349) - schema: add JSON defs for modules resize-salt (SC-654) (#1341) - Add myself as a future contributor (#1345) [Neal Gompa ()] - Update .github-cla-signers (#1342) [Jeffrey 'jf' Lim] - add Requires=cloud-init-hotplugd.socket in cloud-init-hotplugd.service file (#1335) [yangzz-97] - Fix sysconfig render when set-name is missing (#1327) [Andrew Kutz] - Refactoring helper funcs out of NetworkState (#1336) [Andrew Kutz] - url_helper: add tuple support for readurl timeout (#1328) [Chris Patterson] - Make fs labels match for ds-identify and docs (#1329) [Brett Holman] - Work around bug in LXD VM detection (#1325) [Brett Holman] - Remove redundant generator logs (#1318) [Brett Holman] - tox: set verbose flags for integration tests (#1323) [Chris Patterson] - net: introduce find_candidate_nics() (#1313) [Chris Patterson] - Revert "Ensure system_cfg read before ds net config on Oracle (#1174)" (#1326) - Add vendor_data2 support for ConfigDrive source (#1307) [cvstealth] - Make VMWare data source test host independent and expand testing (#1308) [Robert Schweikert] - Add json schemas for modules starting with P - sources/azure: remove lease file parsing (#1302) [Chris Patterson] - remove flaky test from ci (#1322) [Brett Holman] - ci: Switch to python 3.10 in Travis CI (#1320) [Brett Holman] - Better interface handling for Vultr, expect unexpected DHCP servers (#1297) [eb3095] - Remove unused init local artifact (#1315) [Brett Holman] - Doc cleanups (#1317) [Brett Holman] - docs improvements (#1312) [Brett Holman] - add support for jinja do statements, add unit test (#1314) [Paul Bruno] - sources/azure: prevent tight loops for DHCP retries (#1285) [Chris Patterson] - net/dhcp: surface type of DHCP lease failure to caller (#1276) [Chris Patterson] - Stop hardcoding systemctl location (#1278) [Robert Schweikert] - Remove python2 syntax from docs (#1310) [Brett Holman] - [tools/migrate-lp-user-to-github] Rename master branch to main (#1301) [Adam Collard] - redhat: Depend on "hostname" package (#1288) [Lubomir Rintel] - Add native NetworkManager support (#1224) [Lubomir Rintel] - Fix link in CLA check to point to contribution guide. (#1299) [Adam Collard] ==== e2fsprogs: 1.45.5-2ubuntu1 => 1.45.5-2ubuntu1.1 ==== ==== e2fsprogs libcom-err2:amd64 libext2fs2:amd64 libss2:amd64 logsave * SECURITY UPDATE: Out-of-bounds read/write vulnerability Issue leads to segmentation fault and possibly arbitrary code execution via a specially crafted filesystem. - debian/patches/CVE-2022-1304.patch: checks that all leaf nodes of file system contain at least one extent. - CVE-2022-1304 ==== keyutils: 1.6-6ubuntu1 => 1.6-6ubuntu1.1 ==== ==== libkeyutils1:amd64 * d/p/apply-default-ttl-to-records.patch: Add patch to apply default TTL to records obtained from getaddrinfo(). (LP: #1962453) ==== linux-meta: 5.4.0.113.117 => 5.4.0.117.120 ==== ==== linux-headers-generic linux-headers-virtual linux-image-virtual linux-virtual * Bump ABI 5.4.0-117 * Bump ABI 5.4.0-115 * Bump ABI 5.4.0-114 ==== linux-signed: 5.4.0-113.127 => 5.4.0-117.132 ==== ==== linux-image-5.4.0-117-generic * Master version: 5.4.0-117.132 * Master version: 5.4.0-115.129 * Master version: 5.4.0-114.128 ==== ntfs-3g: 1:2017.3.23AR.3-3ubuntu1.1 => 1:2017.3.23AR.3-3ubuntu1.2 ==== ==== libntfs-3g883 ntfs-3g * SECURITY UPDATE: heap buffer overflow in ntfsck - debian/patches/CVE-2021-46790.patch: properly handle error in ntfsprogs/ntfsck.c. - CVE-2021-46790 * SECURITY UPDATE: traffic interception via incorrect return code - debian/patches/CVE-2022-30783.patch: return proper error code in libfuse-lite/mount.c, src/ntfs-3g_common.c, src/ntfs-3g_common.h. - CVE-2022-30783 * SECURITY UPDATE: heap exhaustion via invalid NTFS image - debian/patches/CVE-2022-30784.patch: Avoid allocating and reading an attribute beyond its full size in libntfs-3g/attrib.c. - CVE-2022-30784 * SECURITY UPDATE: arbitrary memory access via fuse - debian/patches/CVE-2022-30785_30787.patch: check directory offset in libfuse-lite/fuse.c. - CVE-2022-30785 - CVE-2022-30787 * SECURITY UPDATE: heap overflow via ntfs attribute names - debian/patches/CVE-2022-30786-1.patch: make sure there is no null character in an attribute name in libntfs-3g/attrib.c. - debian/patches/CVE-2022-30786-2.patch: make sure there is no null character in an attribute name in libntfs-3g/attrib.c. - CVE-2022-30786 * SECURITY UPDATE: heap buffer overflow via crafted NTFS image - debian/patches/CVE-2022-30788-1.patch: use a default usn when the former one cannot be retrieved in libntfs-3g/mft.c. - debian/patches/CVE-2022-30788-2.patch: fix operation on little endian data in libntfs-3g/mft.c. - CVE-2022-30788 * SECURITY UPDATE: heap buffer overflow via crafted NTFS image - debian/patches/CVE-2022-30789.patch: make sure the client log data does not overflow from restart page in libntfs-3g/logfile.c. - CVE-2022-30789 -- [1] http://cloud-images.ubuntu.com/releases/focal/release-20220607/ [2] http://cloud-images.ubuntu.com/releases/focal/release-20220530/