diff -Nru gce-compute-image-packages-20201222.00/debian/changelog gce-compute-image-packages-20210629.00/debian/changelog
--- gce-compute-image-packages-20201222.00/debian/changelog	2021-01-13 22:12:30.000000000 +0000
+++ gce-compute-image-packages-20210629.00/debian/changelog	2021-08-26 12:56:36.000000000 +0000
@@ -1,8 +1,20 @@
-gce-compute-image-packages (20201222.00-0ubuntu2~20.04.0) focal; urgency=medium
+gce-compute-image-packages (20210629.00-0ubuntu1~20.04.0) focal; urgency=medium
 
-  * Backport to Focal.
+  * No-change rebuild for Focal. (LP: #1938440)
 
- -- Balint Reczey <rbalint@ubuntu.com>  Wed, 13 Jan 2021 23:12:30 +0100
+ -- Utkarsh Gupta <utkarsh.gupta@canonical.com>  Thu, 26 Aug 2021 18:26:36 +0530
+
+gce-compute-image-packages (20210629.00-0ubuntu1) impish; urgency=medium
+
+  * New upstream version 20210629.00. (LP: #1938440)
+    - dracut.conf wants spaces around values (#19).
+    - address set_hostname vuln (#22).
+  * d/p/0001-correct-udev-rule-syntax-15.patch: Drop patch
+    as it is included in this upstream release.
+  * d/lintian-overrides: Update lintian-overrides by dropping
+    the older ones and adding a new one.
+
+ -- Utkarsh Gupta <utkarsh.gupta@canonical.com>  Thu, 29 Jul 2021 17:20:54 +0530
 
 gce-compute-image-packages (20201222.00-0ubuntu2) hirsute; urgency=medium
 
@@ -51,23 +63,6 @@
 
   * Disable automatic adding of groups to all users (LP: #1878654)
     - d/p/0006-Remove-OS-Login-users-from-admin-groups.-29.patch: remove
-      adm, docker, and lxd groups
-    - d/p/0007-Remove-local-user-groups-for-OS-Login-users.-30.patch:
-      remove dip and plugdev groups
-
- -- Steve Beattie <sbeattie@ubuntu.com>  Thu, 14 May 2020 15:25:37 -0700
-
-gce-compute-image-packages (20190801-0ubuntu4.2) focal; urgency=medium
-
-  * Drop google-compute-engine-oslogin packaging (LP: #1899629)
-  * Fix running Python module tests
-
- -- Balint Reczey <rbalint@ubuntu.com>  Tue, 13 Oct 2020 16:27:04 +0200
-
-gce-compute-image-packages (20190801-0ubuntu4.1) focal; urgency=medium
-
-  * Disable automatic adding of groups to all users (LP: #1878654)
-    - d/p/0006-Remove-OS-Login-users-from-admin-groups.-29.patch: remove
       adm, docker, and lxd groups
     - d/p/0007-Remove-local-user-groups-for-OS-Login-users.-30.patch:
       remove dip and plugdev groups
diff -Nru gce-compute-image-packages-20201222.00/debian/lintian-overrides gce-compute-image-packages-20210629.00/debian/lintian-overrides
--- gce-compute-image-packages-20201222.00/debian/lintian-overrides	2021-01-13 22:12:30.000000000 +0000
+++ gce-compute-image-packages-20210629.00/debian/lintian-overrides	2021-07-29 12:35:12.000000000 +0000
@@ -1,13 +1,9 @@
 # preinst performs the transition from obsolete systemd services manually
 google-compute-engine: maintainer-script-calls-systemctl preinst
 # upstream does not provide manpages for those instrastructure scripts
-google-compute-engine: binary-without-manpage usr/bin/google_accounts_daemon
-google-compute-engine: binary-without-manpage usr/bin/google_clock_skew_daemon
-google-compute-engine: binary-without-manpage usr/bin/google_instance_setup
-google-compute-engine: binary-without-manpage usr/bin/google_metadata_script_runner
-google-compute-engine: binary-without-manpage usr/bin/google_network_daemon
 google-compute-engine: binary-without-manpage usr/bin/google_optimize_local_ssd
 google-compute-engine: binary-without-manpage usr/bin/google_set_multiqueue
+google-compute-engine: no-manual-page usr/bin/google_set_hostname
 # this is indeed unusual but also intentional
 google-compute-engine: systemd-service-file-refers-to-unusual-wantedby-target lib/systemd/system/google-instance-setup.service sshd.service
 # systemd services are cleaned up manually and this is how upstream does it
diff -Nru gce-compute-image-packages-20201222.00/debian/patches/0001-correct-udev-rule-syntax-15.patch gce-compute-image-packages-20210629.00/debian/patches/0001-correct-udev-rule-syntax-15.patch
--- gce-compute-image-packages-20201222.00/debian/patches/0001-correct-udev-rule-syntax-15.patch	2021-01-13 22:12:30.000000000 +0000
+++ gce-compute-image-packages-20210629.00/debian/patches/0001-correct-udev-rule-syntax-15.patch	1970-01-01 00:00:00.000000000 +0000
@@ -1,25 +0,0 @@
-From 9f8ec1c3da8916aec8470e10fc674b1f2306132e Mon Sep 17 00:00:00 2001
-From: Liam Hopkins <liamh@google.com>
-Date: Wed, 13 Jan 2021 14:03:58 -0800
-Subject: [PATCH] correct udev rule syntax (#15)
-
----
- src/lib/udev/rules.d/65-gce-disk-naming.rules | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/src/lib/udev/rules.d/65-gce-disk-naming.rules b/src/lib/udev/rules.d/65-gce-disk-naming.rules
-index 142b8d2..a8035d3 100644
---- a/src/lib/udev/rules.d/65-gce-disk-naming.rules
-+++ b/src/lib/udev/rules.d/65-gce-disk-naming.rules
-@@ -21,7 +21,7 @@ SUBSYSTEM!="block", GOTO="gce_disk_naming_end"
- KERNEL=="sd*|vd*", IMPORT{program}="scsi_id --export --whitelisted -d $tempnode"
- 
- # NVME Local SSD naming
--KERNEL=="nvme*n*", ATTRS{model}=="nvme_card", PROGRAM="/bin/sh -c 'echo $((%n-1))'", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-%c"
-+KERNEL=="nvme*n*", ATTRS{model}=="nvme_card", PROGRAM="/bin/sh -c 'echo $$((%n-1))'", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-%c"
- KERNEL=="nvme*", ATTRS{model}=="nvme_card", ENV{ID_SERIAL}="Google_EphemeralDisk_$env{ID_SERIAL_SHORT}"
- 
- # NVME Persistent Disk Naming
--- 
-2.25.1
-
diff -Nru gce-compute-image-packages-20201222.00/debian/patches/series gce-compute-image-packages-20210629.00/debian/patches/series
--- gce-compute-image-packages-20201222.00/debian/patches/series	2021-01-13 22:12:30.000000000 +0000
+++ gce-compute-image-packages-20210629.00/debian/patches/series	1970-01-01 00:00:00.000000000 +0000
@@ -1 +0,0 @@
-0001-correct-udev-rule-syntax-15.patch
diff -Nru gce-compute-image-packages-20201222.00/packaging/debian/install gce-compute-image-packages-20210629.00/packaging/debian/install
--- gce-compute-image-packages-20201222.00/packaging/debian/install	2020-12-07 19:55:14.000000000 +0000
+++ gce-compute-image-packages-20210629.00/packaging/debian/install	2021-06-29 17:08:45.000000000 +0000
@@ -3,4 +3,5 @@
 etc/rsyslog.d/*
 etc/sysctl.d/*
 lib/udev/rules.d/*
+lib/udev/*
 usr/bin/*
diff -Nru gce-compute-image-packages-20201222.00/packaging/google-compute-engine.spec gce-compute-image-packages-20210629.00/packaging/google-compute-engine.spec
--- gce-compute-image-packages-20201222.00/packaging/google-compute-engine.spec	2020-12-07 19:55:14.000000000 +0000
+++ gce-compute-image-packages-20210629.00/packaging/google-compute-engine.spec	2021-06-29 17:08:45.000000000 +0000
@@ -48,12 +48,14 @@
 cp -a src/{etc,usr} %{buildroot}
 install -d %{buildroot}/%{_udevrulesdir}
 cp -a src/lib/udev/rules.d/* %{buildroot}/%{_udevrulesdir}
+cp -a src/lib/udev/google_nvme_id %{buildroot}/%{_udevrulesdir}/../
 
 %files
 %defattr(0644,root,root,0755)
 %attr(0755,-,-) %{_bindir}/*
 %attr(0755,-,-) /etc/dhcp/dhclient.d/google_hostname.sh
 %{_udevrulesdir}/*
+%{_udevrulesdir}/../google_nvme_id
 %config /etc/dracut.conf.d/*
 %config /etc/modprobe.d/*
 %config /etc/rsyslog.d/*
diff -Nru gce-compute-image-packages-20201222.00/src/etc/dracut.conf.d/gce.conf gce-compute-image-packages-20210629.00/src/etc/dracut.conf.d/gce.conf
--- gce-compute-image-packages-20201222.00/src/etc/dracut.conf.d/gce.conf	2020-12-07 19:55:14.000000000 +0000
+++ gce-compute-image-packages-20210629.00/src/etc/dracut.conf.d/gce.conf	2021-06-29 17:08:45.000000000 +0000
@@ -1,2 +1,2 @@
 # Include NVMe driver in initrd to boot on NVMe devices.
-force_drivers+="nvme"
+force_drivers+=" nvme "
diff -Nru gce-compute-image-packages-20201222.00/src/lib/udev/rules.d/65-gce-disk-naming.rules gce-compute-image-packages-20210629.00/src/lib/udev/rules.d/65-gce-disk-naming.rules
--- gce-compute-image-packages-20201222.00/src/lib/udev/rules.d/65-gce-disk-naming.rules	2020-12-07 19:55:14.000000000 +0000
+++ gce-compute-image-packages-20210629.00/src/lib/udev/rules.d/65-gce-disk-naming.rules	2021-06-29 17:08:45.000000000 +0000
@@ -21,7 +21,7 @@
 KERNEL=="sd*|vd*", IMPORT{program}="scsi_id --export --whitelisted -d $tempnode"
 
 # NVME Local SSD naming
-KERNEL=="nvme*n*", ATTRS{model}=="nvme_card", PROGRAM="/bin/sh -c 'echo $((%n-1))'", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-%c"
+KERNEL=="nvme*n*", ATTRS{model}=="nvme_card", PROGRAM="/bin/sh -c 'echo $$((%n-1))'", ENV{ID_SERIAL_SHORT}="local-nvme-ssd-%c"
 KERNEL=="nvme*", ATTRS{model}=="nvme_card", ENV{ID_SERIAL}="Google_EphemeralDisk_$env{ID_SERIAL_SHORT}"
 
 # NVME Persistent Disk Naming
diff -Nru gce-compute-image-packages-20201222.00/src/usr/bin/google_set_hostname gce-compute-image-packages-20210629.00/src/usr/bin/google_set_hostname
--- gce-compute-image-packages-20201222.00/src/usr/bin/google_set_hostname	2020-12-07 19:55:14.000000000 +0000
+++ gce-compute-image-packages-20210629.00/src/usr/bin/google_set_hostname	2021-06-29 17:08:45.000000000 +0000
@@ -16,6 +16,13 @@
 # Deal with a new hostname assignment.
 
 if [ -n "$new_host_name" ] && [ -n "$new_ip_address" ]; then
+  # Don't allow DHCP responses with the MDS as the hostname.
+  # See: https://github.com/irsl/gcp-dhcp-takeover-code-exec
+  if [[ "$new_host_name" =~ "metadata.google.internal" ]]; then
+    echo 'not setting invalid hostname'
+    exit 0
+  fi
+
   # Delete entries with new_host_name or new_ip_address in /etc/hosts.
   sed -i"" '/Added by Google/d' /etc/hosts