Randomly set credentials written in cleartext to world-readable file

Bug #1918303 reported by Carl Pearson on 2021-03-09
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cloud-init
Critical
Dan Watkins
cloud-init (Ubuntu)
Undecided
Unassigned
Xenial
Undecided
Unassigned
Bionic
Undecided
Unassigned
Focal
Undecided
Unassigned
Groovy
Undecided
Unassigned

Bug Description

## Summary

cloud-init allows administrators to set passwords for user accounts via the chpasswd configuration module. Administrators can instruct cloud-init to set a random password generated at runtime using the 'R' or 'RANDOM' keywords.

However, cloud-init appears to write all randomly generated passwords in cleartext to stderr. Cloud-init's default logging configuration, in file /etc/cloud/cloud.cfg.d/05_logging.cfg, redirects both stdout and stderr to the log file /var/log/cloud-init-output.log. The file /var/log/cloud-init-output.log is world readable. Thus, any unprivileged account on the system can view the cleartext password for any account which had a random password generated at runtime. The credentials are not redacted in the log.

## Reproduction

Pre-requisites: A device with Ubuntu Server 20.04 installed. Ubuntu Server comes with cloud-init pre-installed out of the box, but the latest release of cloud-init as of this report (21.1) is not available in 20.04's apt repositories. You may need to install v21.1 manually. You will also need an exsiting admin account with root privileges.

1. Login as admin.
2. Create an unprivileged user account, bob, and set a password. We will use this account to demonstrate unprivileged account access to generated passwords.
sudo adduser bob
3. Create another unprivileged user account, alice, and set a password. We will change this account's password with cloud-init.
sudo adduser alice
4. Create and open configuration file /etc/cloud/cloud.cfg.d/95_chpasswd.cfg using vim or other editor of your choice.
sudo vim /etc/cloud/cloud.cfg.d/95_chpasswd.cfg
5. Add the following chpasswd configuration content to the file then save and exit.
chpasswd:
  list: |
    alice:RANDOM
6. cloud-init only runs the chpasswd function on first boot of the OS that cloud-init knows about. For proof of concept purposes, we need to simulate a new instance. Run:
sudo cloud-init clean
to reset cloud-init's state.
7. Reboot the system.
sudo reboot
8. Login as unprivileged user bob.
9. View the password by runnnig
cat /var/log/cloud-init-output.log | grep alice
10. Alice's temporary password should appear on terminal in the form alice:<password>
11. Logout and log back in to the system as alice using the temporary password. You should get access and prompted to set a new password, which confirms the password bob retrieved from the logs is the actual password for alice's account.

## Impact

Any unprivileged user on the system can retrieve all cloud-init randomly set credentials. These could potentially be used to access other accounts.

# Notes

If 'expire: false' is added to the chpasswd config, then leaked passwords remain valid until manually changed and increases the risk of unauthorized account access. Otherwise, the default behaviour prompts accounts to set a new password at next login, reducing the time window for unauthorized access.

Accounts not used for interactive login might not get passwords changed or accounts might get a password set but then not authenticate for some time. The precise impact and duration of valid exposed credentials appears dependent somewhat on each cloud-init customer's environment and how they use cloud-init to set credentials.

I'm not sure the best approach to patch this but perhaps the credentials could be written to cloud-init's protected directories or files which restrict access to root users only, such as /var/run/cloud-init/instance-data-sensitive.json?

Line 214 of https://github.com/canonical/cloud-init/blob/master/cloudinit/config/cc_set_passwords.py checks if any random passwords were set and if so prints each one to stderror. This might be the root cause.

Tested on Ubuntu Server 20.04.02, cloud-init latest release 21.1 as of report time. If I can provide any further information please let me know. Thanks!
-Carl

CVE References

Carl Pearson (wasp0x01) wrote :
Carl Pearson (wasp0x01) wrote :

My chpasswd config file

Dan Watkins (oddbloke) wrote :

Hi Carl,

Thanks for this detailed and thoughtful bug report, we really appreciate it. We've had some preliminary internal discussions, and we have a sync with our security team scheduled for tomorrow afternoon to discuss whether or not we think this issue warrants a coordinated release. Below is my initial analysis.

In order to allow people to access systems using these randomly generated passwords (without needing another access vector in order to know the passwords), cloud-init emits them to the serial console. In order to have log messages emitted to the console readily available within the system also, it writes that same content to /var/log/cloud-init-output.log. As a result, those passwords are written to that file, which is world-readable.

In the first instance, we should consider whether or not emitting these random passwords to the console is acceptable default behaviour. For users who are using this functionality as the only way they access the instance, it is: there's no other way for them to know what password to use. The question then becomes, I think, what proportion of users of this functionality use it in this way? If it's the majority, then perhaps emitting them by default is justifiable. If not (or if we think this behaviour is simply too dangerous to be the default), then we could consider toggling it with a new configuration option, defaulting to false: users are already passing in cloud-config to get into this situation, so working around this change in behaviour should be reasonably straightforward. (I don't think we can remove support for the emission altogether: that will break existing workflows, and in a way that is likely to move such folks to simply using hard-coded passwords: not exactly a security fix.)

Given my (parenthetical) conclusion, we clearly do also need to address how we are going to remove access to these passwords from unprivileged users within the system. Two obvious options present themselves: (a) we could make cloud-init-output.log only root-readable, or (b) we could modify the code which emits these messages to either redact them when going to cloud-init-output.log or omit them from there entirely. cloud-init-output.log and the serial console are tied together very tightly[0], so (b) could prove to be difficult: we'll perform some further analysis. (It's possible that the default config in [0] could be extended to omit the lines using grep, for example?)

(For (a), I also just noticed that the content in cloud-init-output.log is also present in the journal for the various cloud-init units. Whatever resolution we reach regarding cloud-init-output.log, we should confirm that the permissions that journalctl enforces for such access are acceptable to us.)

Thanks again for the report! Any comments, questions, or suggestions (either from you, Carl, or the other cloud-init folks with access to this report) are more than welcome!

Dan

[0] The default configuration should give you a sense of how thorough that link is: "output: {all: '| tee -a /var/log/cloud-init-output.log'}"

Download full text (7.8 KiB)

 Hi Dan,
Thank you for the update and the detailed analysis. I'm not as familiar with some of the cloud-init use cases so good to know what some of the constraints are. Yep, restricting read access to cloud-init-output.log or redacting the messages when sent to the log both sound like workable strategies to me, although as you noted both have some caveats to work around.
Thanks and have a great day,
Carl
   On Tuesday, March 9, 2021, 2:30:42 PM PST, Dan Watkins <email address hidden> wrote:

 Hi Carl,

Thanks for this detailed and thoughtful bug report, we really appreciate
it.  We've had some preliminary internal discussions, and we have a sync
with our security team scheduled for tomorrow afternoon to discuss
whether or not we think this issue warrants a coordinated release.
Below is my initial analysis.

In order to allow people to access systems using these randomly
generated passwords (without needing another access vector in order to
know the passwords), cloud-init emits them to the serial console.  In
order to have log messages emitted to the console readily available
within the system also, it writes that same content to /var/log/cloud-
init-output.log.  As a result, those passwords are written to that file,
which is world-readable.

In the first instance, we should consider whether or not emitting these
random passwords to the console is acceptable default behaviour.  For
users who are using this functionality as the only way they access the
instance, it is: there's no other way for them to know what password to
use.  The question then becomes, I think, what proportion of users of
this functionality use it in this way?  If it's the majority, then
perhaps emitting them by default is justifiable.  If not (or if we think
this behaviour is simply too dangerous to be the default), then we could
consider toggling it with a new configuration option, defaulting to
false: users are already passing in cloud-config to get into this
situation, so working around this change in behaviour should be
reasonably straightforward.  (I don't think we can remove support for
the emission altogether: that will break existing workflows, and in a
way that is likely to move such folks to simply using hard-coded
passwords: not exactly a security fix.)

Given my (parenthetical) conclusion, we clearly do also need to address
how we are going to remove access to these passwords from unprivileged
users within the system.  Two obvious options present themselves: (a) we
could make cloud-init-output.log only root-readable, or (b) we could
modify the code which emits these messages to either redact them when
going to cloud-init-output.log or omit them from there entirely.  cloud-
init-output.log and the serial console are tied together very
tightly[0], so (b) could prove to be difficult: we'll perform some
further analysis.  (It's possible that the default config in [0] could
be extended to omit the lines using grep, for example?)

(For (a), I also just noticed that the content in cloud-init-output.log
is also present in the journal for the various cloud-init units.
Whatever resolution we reach regarding cloud-init-output.log, we should
confirm that the permi...

Read more...

Seth Arnold (seth-arnold) wrote :

Hello Carl, thanks for the excellent report.

Please use CVE-2021-3429 for this issue.

Normally I'd say printing passwords to logs is a mistake but I can see how we got here. Probably we should make this configurable.

I think we should also change the permissions to match the systemd journal files.

On my 20.04 laptop, files in /var/log/journal/*/ are readable by group systemd-journal and group adm. adm is allowed to read many log files on Debian and derivatives, though normally passwords aren't included in logs.

Thanks

Dan Watkins (oddbloke) wrote :

We've identified two remediations here: we're going to stop writing the passwords to this file at all, and also remove its world-readable permissions. I have an implementation of this first part locally.

For the latter, we would ideally set the user/group and permissions to match other such log files. However, this presents a challenge: cloud-init's code doesn't directly create cloud-init-output.log. Rather, it is created by the `tee` process which we pipe all of our output in the default configuration[0]:

  output: {all: '| tee -a /var/log/cloud-init-output.log'}

The two other places that "cloud-init-output.log" is mentioned in the cloud-init codebase are in the `collect-logs` code and the cloudinit.apport module: both to read from the file in a booted system.

So from a code perspective, we don't really have a good place to put our permission handling logic. Doing it unconditionally would be incorrect: that would create a cloud-init-output.log file on systems which aren't configured to have such a file.

We could introspect the configured value (`if "cloud-init-output.log" in ...`) and pre-create the file if we find that string (the presence of which almost certainly indicates that `cloud-init-output.log` will be created. This would solve this specific issue, but leaves this class of bug open: if someone has configured a different log file to emit output to, our handling will not trigger, leaving that log file vulnerable.

Given the freeform nature of the configuration, I don't think we can fully solve the problem for non-default log settings: we can't know what log files will be created by a given setting (e.g. "| custom_logging_script" could write anywhere at all, depending on the implementation of `custom_logging_script`). However, we _can_ set the umask on the subprocess we start to pipe our output to: this will at least allow us to ensure that the file is not world-readable (though does not allow us to set the user/groups we would prefer).

So, my proposal for the permissions change is in two parts. Firstly, set the umask of the receiving process to 0x0026: this means that files it creates will not be world-readable. Secondly, add special-case handling for the default configuration: look for "/var/log/cloud-init-output.log" in the given configuration and, if present, create the file with 640 permissions and the appropriate user:group before launching the receiving process. (I think root:adm is probably what we want?)

[0] https://github.com/canonical/cloud-init/blob/master/config/cloud.cfg.d/05_logging.cfg#L71

Dan Watkins (oddbloke) wrote :

> Firstly, set the umask of the receiving process to 0x0026

Oops, forgot to update this after poking at it some more: I mean 0o037 (i.e. 000 011 111).

Dan Watkins (oddbloke) on 2021-03-16
Changed in cloud-init:
status: New → In Progress
importance: Undecided → Critical
assignee: nobody → Dan Watkins (oddbloke)
Dan Watkins (oddbloke) wrote :
Changed in cloud-init:
status: In Progress → Fix Released
status: Fix Released → Fix Committed
information type: Private Security → Public Security
Brian Murray (brian-murray) wrote :

cloud-init (21.1-19-gbad84ad4-0ubuntu1) hirsute; urgency=medium

  * d/cloud-init.postinst: Change output log permissions on upgrade
    (LP: #1918303)

Changed in cloud-init (Ubuntu):
status: New → Fix Released

Hello Carl, or anyone else affected,

Accepted cloud-init into groovy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cloud-init/21.1-19-gbad84ad4-0ubuntu1~20.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-groovy to verification-done-groovy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-groovy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in cloud-init (Ubuntu Groovy):
status: New → Fix Committed
tags: added: verification-needed verification-needed-groovy
Changed in cloud-init (Ubuntu Focal):
status: New → Fix Committed
tags: added: verification-needed-focal
Brian Murray (brian-murray) wrote :

Hello Carl, or anyone else affected,

Accepted cloud-init into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cloud-init/21.1-19-gbad84ad4-0ubuntu1~20.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Brian Murray (brian-murray) wrote :

Hello Carl, or anyone else affected,

Accepted cloud-init into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cloud-init/21.1-19-gbad84ad4-0ubuntu1~18.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in cloud-init (Ubuntu Bionic):
status: New → Fix Committed
tags: added: verification-needed-bionic
Brian Murray (brian-murray) wrote :

Hello Carl, or anyone else affected,

Accepted cloud-init into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cloud-init/21.1-19-gbad84ad4-0ubuntu1~16.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in cloud-init (Ubuntu Xenial):
status: New → Fix Committed
tags: added: verification-needed-xenial
Carl Pearson (wasp0x01) wrote :

Hello all,

I tested the focal-proposed package on a new install of Ubuntu Server and was unable to replicate the issue. The random passwords did not appear written in the cloud-init-output.log file and the output file's permissions were restricted. Near as I can tell it appears to be fixed.

James Falcon (falcojr) wrote :

xenial-proposed, bionic-proposed, focal-proposed, and groovy-proposed were all tested here:
https://github.com/cloud-init/ubuntu-sru/blob/main/bugs/lp-1918303.txt

tags: added: verification-done verification-done-bionic verification-done-focal verification-done-groovy verification-done-xenial
removed: verification-needed verification-needed-bionic verification-needed-focal verification-needed-groovy verification-needed-xenial
Launchpad Janitor (janitor) wrote :
Download full text (8.0 KiB)

This bug was fixed in the package cloud-init - 21.1-19-gbad84ad4-0ubuntu1~20.10.1

---------------
cloud-init (21.1-19-gbad84ad4-0ubuntu1~20.10.1) groovy; urgency=medium

  * d/cloud-init.postinst: Change output log permissions on upgrade
    (LP: #1918303)
  * d/cloud-init.manpages: include upstream manpages in package (LP: #1908548)
  * drop the following cherry-picks now included:
    + cpick-4f62ae8d-Fix-regression-with-handling-of-IMDS-ssh-keys-760
  * New upstream snapshot. (LP: #1920272)
    - .travis.yml: generate an SSH key before running tests (#848)
    - write passwords only to serial console, lock down cloud-init-output.log
      (#847)
    - Fix apt default integration test (#845)
    - integration_tests: bump pycloudlib dependency (#846)
    - commit f35181fa970453ba6c7c14575b12185533391b97 [eb3095]
    - archlinux: Fix broken locale logic (#841) [Kristian Klausen]
    - Integration test for #783 (#832)
    - integration_tests: mount more paths IN_PLACE (#838)
    - Fix requiring device-number on EC2 derivatives (#836)
    - Remove the vi comment from the part-handler example (#835)
    - net: exclude OVS internal interfaces in get_interfaces (#829)
    - tox.ini: pass OS_* environment variables to integration tests (#830)
    - integration_tests: add OpenStack as a platform (#804)
    - Add flexibility to IMDS api-version (#793) [Thomas Stringer]
    - Fix the TestApt tests using apt-key on Xenial and Hirsute (#823)
      [Paride Legovini]
    - doc: remove duplicate "it" from nocloud.rst (#825) [V.I. Wood]
    - archlinux: Use hostnamectl to set the transient hostname (#797)
      [Kristian Klausen]
    - cc_keys_to_console.py: Add documentation for recently added config key
      (#824) [dermotbradley]
    - Update cc_set_hostname documentation (#818) [Toshi Aoyama]
    - Release 21.1 (#820)
    - Azure: Support for VMs without ephemeral resource disks. (#800)
      [Johnson Shi]
    - cc_keys_to_console: add option to disable key emission (#811)
      [Michael Hudson-Doyle]
    - integration_tests: introduce lxd_use_exec mark (#802)
    - azure: case-insensitive UUID to avoid new IID during kernel upgrade
      (#798)
    - stale.yml: don't ask submitters to reopen PRs (#816)
    - integration_tests: fix use of SSH agent within tox (#815)
    - integration_tests: add UPGRADE CloudInitSource (#812)
    - integration_tests: use unique MAC addresses for tests (#813)
    - Update .gitignore (#814)
    - Port apt cloud_tests to integration tests (#808)
    - integration_tests: fix test_gh626 on LXD VMs (#809)
    - Fix attempting to decode binary data in test_seed_random_data test (#806)
    - Remove wait argument from tests with session_cloud calls (#805)
    - Datasource for UpCloud (#743) [Antti Myyrä]
    - test_gh668: fix failure on LXD VMs (#801)
    - openstack: read the dynamic metadata group vendor_data2.json (#777)
      [Andrew Bogott]
    - includedir in suoders can be prefixed by "arroba" (#783)
      [Jordi Massaguer Pla]
    - Merge upstream/20.4.1 into master
    - [VMware] change default max wait time to 15s (#774) [xiaofengw-vmware]
    - Revert integration test associated with reverted #586 (#784)
    - Add jo...

Read more...

Changed in cloud-init (Ubuntu Groovy):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for cloud-init has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Launchpad Janitor (janitor) wrote :
Download full text (8.0 KiB)

This bug was fixed in the package cloud-init - 21.1-19-gbad84ad4-0ubuntu1~20.04.1

---------------
cloud-init (21.1-19-gbad84ad4-0ubuntu1~20.04.1) focal; urgency=medium

  * d/cloud-init.postinst: Change output log permissions on upgrade
    (LP: #1918303)
  * d/cloud-init.manpages: include upstream manpages in package (LP: #1908548)
  * drop the following cherry-picks now included:
    + cpick-4f62ae8d-Fix-regression-with-handling-of-IMDS-ssh-keys-760
  * New upstream snapshot. (LP: #1920272)
    - .travis.yml: generate an SSH key before running tests (#848)
    - write passwords only to serial console, lock down cloud-init-output.log
      (#847)
    - Fix apt default integration test (#845)
    - integration_tests: bump pycloudlib dependency (#846)
    - commit f35181fa970453ba6c7c14575b12185533391b97 [eb3095]
    - archlinux: Fix broken locale logic (#841) [Kristian Klausen]
    - Integration test for #783 (#832)
    - integration_tests: mount more paths IN_PLACE (#838)
    - Fix requiring device-number on EC2 derivatives (#836)
    - Remove the vi comment from the part-handler example (#835)
    - net: exclude OVS internal interfaces in get_interfaces (#829)
    - tox.ini: pass OS_* environment variables to integration tests (#830)
    - integration_tests: add OpenStack as a platform (#804)
    - Add flexibility to IMDS api-version (#793) [Thomas Stringer]
    - Fix the TestApt tests using apt-key on Xenial and Hirsute (#823)
      [Paride Legovini]
    - doc: remove duplicate "it" from nocloud.rst (#825) [V.I. Wood]
    - archlinux: Use hostnamectl to set the transient hostname (#797)
      [Kristian Klausen]
    - cc_keys_to_console.py: Add documentation for recently added config key
      (#824) [dermotbradley]
    - Update cc_set_hostname documentation (#818) [Toshi Aoyama]
    - Release 21.1 (#820)
    - Azure: Support for VMs without ephemeral resource disks. (#800)
      [Johnson Shi]
    - cc_keys_to_console: add option to disable key emission (#811)
      [Michael Hudson-Doyle]
    - integration_tests: introduce lxd_use_exec mark (#802)
    - azure: case-insensitive UUID to avoid new IID during kernel upgrade
      (#798)
    - stale.yml: don't ask submitters to reopen PRs (#816)
    - integration_tests: fix use of SSH agent within tox (#815)
    - integration_tests: add UPGRADE CloudInitSource (#812)
    - integration_tests: use unique MAC addresses for tests (#813)
    - Update .gitignore (#814)
    - Port apt cloud_tests to integration tests (#808)
    - integration_tests: fix test_gh626 on LXD VMs (#809)
    - Fix attempting to decode binary data in test_seed_random_data test (#806)
    - Remove wait argument from tests with session_cloud calls (#805)
    - Datasource for UpCloud (#743) [Antti Myyrä]
    - test_gh668: fix failure on LXD VMs (#801)
    - openstack: read the dynamic metadata group vendor_data2.json (#777)
      [Andrew Bogott]
    - includedir in suoders can be prefixed by "arroba" (#783)
      [Jordi Massaguer Pla]
    - Merge upstream/20.4.1 into master
    - [VMware] change default max wait time to 15s (#774) [xiaofengw-vmware]
    - Revert integration test associated with reverted #586 (#784)
    - Add jor...

Read more...

Changed in cloud-init (Ubuntu Focal):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (8.0 KiB)

This bug was fixed in the package cloud-init - 21.1-19-gbad84ad4-0ubuntu1~18.04.1

---------------
cloud-init (21.1-19-gbad84ad4-0ubuntu1~18.04.1) bionic; urgency=medium

  * d/cloud-init.postinst: Change output log permissions on upgrade
    (LP: #1918303)
  * d/cloud-init.manpages: include upstream manpages in package (LP: #1908548)
  * drop the following cherry-picks now included:
    + cpick-4f62ae8d-Fix-regression-with-handling-of-IMDS-ssh-keys-760
  * refresh patches:
   + debian/patches/openstack-no-network-config.patch
  * New upstream snapshot. (LP: #1920272)
    - .travis.yml: generate an SSH key before running tests (#848)
    - write passwords only to serial console, lock down cloud-init-output.log
      (#847)
    - Fix apt default integration test (#845)
    - integration_tests: bump pycloudlib dependency (#846)
    - commit f35181fa970453ba6c7c14575b12185533391b97 [eb3095]
    - archlinux: Fix broken locale logic (#841) [Kristian Klausen]
    - Integration test for #783 (#832)
    - integration_tests: mount more paths IN_PLACE (#838)
    - Fix requiring device-number on EC2 derivatives (#836)
    - Remove the vi comment from the part-handler example (#835)
    - net: exclude OVS internal interfaces in get_interfaces (#829)
    - tox.ini: pass OS_* environment variables to integration tests (#830)
    - integration_tests: add OpenStack as a platform (#804)
    - Add flexibility to IMDS api-version (#793) [Thomas Stringer]
    - Fix the TestApt tests using apt-key on Xenial and Hirsute (#823)
      [Paride Legovini]
    - doc: remove duplicate "it" from nocloud.rst (#825) [V.I. Wood]
    - archlinux: Use hostnamectl to set the transient hostname (#797)
      [Kristian Klausen]
    - cc_keys_to_console.py: Add documentation for recently added config key
      (#824) [dermotbradley]
    - Update cc_set_hostname documentation (#818) [Toshi Aoyama]
    - Release 21.1 (#820)
    - Azure: Support for VMs without ephemeral resource disks. (#800)
      [Johnson Shi]
    - cc_keys_to_console: add option to disable key emission (#811)
      [Michael Hudson-Doyle]
    - integration_tests: introduce lxd_use_exec mark (#802)
    - azure: case-insensitive UUID to avoid new IID during kernel upgrade
      (#798)
    - stale.yml: don't ask submitters to reopen PRs (#816)
    - integration_tests: fix use of SSH agent within tox (#815)
    - integration_tests: add UPGRADE CloudInitSource (#812)
    - integration_tests: use unique MAC addresses for tests (#813)
    - Update .gitignore (#814)
    - Port apt cloud_tests to integration tests (#808)
    - integration_tests: fix test_gh626 on LXD VMs (#809)
    - Fix attempting to decode binary data in test_seed_random_data test (#806)
    - Remove wait argument from tests with session_cloud calls (#805)
    - Datasource for UpCloud (#743) [Antti Myyrä]
    - test_gh668: fix failure on LXD VMs (#801)
    - openstack: read the dynamic metadata group vendor_data2.json (#777)
      [Andrew Bogott]
    - includedir in suoders can be prefixed by "arroba" (#783)
      [Jordi Massaguer Pla]
    - Merge upstream/20.4.1 into master
    - [VMware] change default max wait time to 15s (#774) [xiaofengw-vmware]
    ...

Read more...

Changed in cloud-init (Ubuntu Bionic):
status: Fix Committed → Fix Released
Launchpad Janitor (janitor) wrote :
Download full text (8.1 KiB)

This bug was fixed in the package cloud-init - 21.1-19-gbad84ad4-0ubuntu1~16.04.1

---------------
cloud-init (21.1-19-gbad84ad4-0ubuntu1~16.04.1) xenial; urgency=medium

  * d/cloud-init.postinst: Change output log permissions on upgrade
    (LP: #1918303)
  * d/cloud-init.manpages: include upstream manpages in package (LP: #1908548)
  * drop the following cherry-picks now included:
    + cpick-4f62ae8d-Fix-regression-with-handling-of-IMDS-ssh-keys-760
  * refresh patches:
   + debian/patches/azure-apply-network-config-false.patch
   + debian/patches/openstack-no-network-config.patch
  * New upstream snapshot. (LP: #1920272)
    - .travis.yml: generate an SSH key before running tests (#848)
    - write passwords only to serial console, lock down cloud-init-output.log
      (#847)
    - Fix apt default integration test (#845)
    - integration_tests: bump pycloudlib dependency (#846)
    - commit f35181fa970453ba6c7c14575b12185533391b97 [eb3095]
    - archlinux: Fix broken locale logic (#841) [Kristian Klausen]
    - Integration test for #783 (#832)
    - integration_tests: mount more paths IN_PLACE (#838)
    - Fix requiring device-number on EC2 derivatives (#836)
    - Remove the vi comment from the part-handler example (#835)
    - net: exclude OVS internal interfaces in get_interfaces (#829)
    - tox.ini: pass OS_* environment variables to integration tests (#830)
    - integration_tests: add OpenStack as a platform (#804)
    - Add flexibility to IMDS api-version (#793) [Thomas Stringer]
    - Fix the TestApt tests using apt-key on Xenial and Hirsute (#823)
      [Paride Legovini]
    - doc: remove duplicate "it" from nocloud.rst (#825) [V.I. Wood]
    - archlinux: Use hostnamectl to set the transient hostname (#797)
      [Kristian Klausen]
    - cc_keys_to_console.py: Add documentation for recently added config key
      (#824) [dermotbradley]
    - Update cc_set_hostname documentation (#818) [Toshi Aoyama]
    - Release 21.1 (#820)
    - Azure: Support for VMs without ephemeral resource disks. (#800)
      [Johnson Shi]
    - cc_keys_to_console: add option to disable key emission (#811)
      [Michael Hudson-Doyle]
    - integration_tests: introduce lxd_use_exec mark (#802)
    - azure: case-insensitive UUID to avoid new IID during kernel upgrade
      (#798)
    - stale.yml: don't ask submitters to reopen PRs (#816)
    - integration_tests: fix use of SSH agent within tox (#815)
    - integration_tests: add UPGRADE CloudInitSource (#812)
    - integration_tests: use unique MAC addresses for tests (#813)
    - Update .gitignore (#814)
    - Port apt cloud_tests to integration tests (#808)
    - integration_tests: fix test_gh626 on LXD VMs (#809)
    - Fix attempting to decode binary data in test_seed_random_data test (#806)
    - Remove wait argument from tests with session_cloud calls (#805)
    - Datasource for UpCloud (#743) [Antti Myyrä]
    - test_gh668: fix failure on LXD VMs (#801)
    - openstack: read the dynamic metadata group vendor_data2.json (#777)
      [Andrew Bogott]
    - includedir in suoders can be prefixed by "arroba" (#783)
      [Jordi Massaguer Pla]
    - Merge upstream/20.4.1 into master
    - [VMware] change ...

Read more...

Changed in cloud-init (Ubuntu Xenial):
status: Fix Committed → Fix Released

This bug is believed to be fixed in cloud-init in version 21.2. If this is still a problem for you, please make a comment and set the state back to New

Thank you.

Changed in cloud-init:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers