diff --git a/debian/changelog b/debian/changelog
index d0ff1e6a..35419e78 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,9 +1,47 @@
-livecd-rootfs (2.664.3) UNRELEASED; urgency=medium
+livecd-rootfs (2.664.6) focal; urgency=medium
 
+  [ Patrick Wu ]
+  * Fix xrdp support in hyper-v images.
+  * Use the linux-azure kernel in hyper-v images instead of linux-virtual.
+  * LP: #1890980.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Wed, 26 Aug 2020 14:06:31 -0700
+
+livecd-rootfs (2.664.5) focal; urgency=medium
+
+  [ Robert C Jennings ]
+  * Handle seeded lxd snap with channel name for ubuntu-cpc:minimized
+    (LP: #1889470)
+
+  [ Cody Shepherd ]
+  * Add dist-upgrade to bootable-buildd hook to ensure the built image
+    doesn't contain vulnerable kernels or other packages.  LP: #1891061.
+  * Don't explicitly install grub-efi-amd64-signed, it's a dependency of
+    shim-signed.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 04 Aug 2020 12:39:27 -0700
+
+livecd-rootfs (2.664.4) focal; urgency=medium
+
+  * snap_preseed: support channel specification with snap name (LP: #1882374)
+
+ -- Dimitri John Ledkov <xnox@ubuntu.com>  Thu, 23 Jul 2020 19:12:10 +0100
+
+livecd-rootfs (2.664.3) focal; urgency=medium
+
+  [ Łukasz 'sil2100' Zemczak ]
   * Enable overrides of UC20 grade dangerous channels - as this is possible.
     (LP: #1879350)
 
- -- Łukasz 'sil2100' Zemczak <lukasz.zemczak@ubuntu.com>  Mon, 25 May 2020 16:40:27 +0200
+  [ Iain Lane ]
+  * Hack seeding of linux kernel in ubuntustudio/focal
+    ubuntustudio-default-settings in focal release has a Recommends to this
+    kernel, which makes it impossible to update the kernel later on, since we
+    would install the -updates and release kernel, which isn't allowed and
+    causes FTBFS. Hack out the focal-release kernel and let the rest of the
+    build process pull in the right one. (LP: #1884915)
+
+ -- Iain Lane <iain.lane@canonical.com>  Tue, 21 Jul 2020 16:25:18 +0100
 
 livecd-rootfs (2.664.2) focal; urgency=medium
 
diff --git a/live-build/auto/config b/live-build/auto/config
index 7a7fe245..761dd429 100755
--- a/live-build/auto/config
+++ b/live-build/auto/config
@@ -688,6 +688,23 @@ case $PROJECT in
 
 	ubuntustudio-dvd)
 		add_task install minimal standard ubuntustudio-desktop ubuntustudio-audio ubuntustudio-fonts ubuntustudio-graphics ubuntustudio-video ubuntustudio-publishing ubuntustudio-photography
+		case $SUITE in
+			focal)
+				# ubuntustudio-default-settings in focal
+				# release has a Recommends to this kernel,
+				# which makes it impossible to update the
+				# kernel later on, since we would install the
+				# -updates and release kernel, which isn't
+				# allowed and causes the squashfs to fail to
+				# build.  Hack out the focal-release kernel and
+				# let the rest of the build process pull in the
+				# right one. (See right below.)
+				for package in linux-lowlatency linux-image-lowlatency linux-headers-lowlatency linux-image-5.4.0-26-lowlatency linux-headers-5.4.0-26-lowlatency; do
+					sed -i "s/$/ -a --not -XFPackage ${package}/" \
+						"config/package-lists/livecd-rootfs.list.chroot_install"
+				done
+				;;
+		esac
 		COMPONENTS='main restricted universe multiverse'
 		case $ARCH in
 			amd64|i386)	KERNEL_FLAVOURS=lowlatency ;;
@@ -877,7 +894,7 @@ if [ "$PROJECT:${SUBPROJECT:-}" = ubuntu-cpc:minimized ]; then
 	# build if we see such a snap.
 	for snap in `cat config/seeded-snaps`; do
 		case $snap in
-			lxd)
+			lxd | lxd=*)
 				;;
 			*)
 				echo "Unexpected seeded snap for ubuntu-cpc:minimized build: $snap"
diff --git a/live-build/buildd/hooks/02-disk-image-uefi.binary b/live-build/buildd/hooks/02-disk-image-uefi.binary
index 75d93aa5..18f74bae 100755
--- a/live-build/buildd/hooks/02-disk-image-uefi.binary
+++ b/live-build/buildd/hooks/02-disk-image-uefi.binary
@@ -84,8 +84,7 @@ install_grub() {
             efi_target=arm-efi
             ;;
         amd64)
-            chroot mountpoint apt-get install -qqy grub-pc
-            chroot mountpoint apt-get install -qqy grub-efi-amd64-signed shim-signed
+            chroot mountpoint apt-get install -qqy grub-pc shim-signed
             efi_target=x86_64-efi
             ;;
     esac
diff --git a/live-build/buildd/hooks/52-linux-virtual-image.binary b/live-build/buildd/hooks/52-linux-virtual-image.binary
index a0c64d75..d8efab84 100755
--- a/live-build/buildd/hooks/52-linux-virtual-image.binary
+++ b/live-build/buildd/hooks/52-linux-virtual-image.binary
@@ -39,6 +39,9 @@ trap cleanup_linux_virtual EXIT
 # Install dependencies
 env DEBIAN_FRONTEND=noninteractive chroot "$mount_d" apt-get \
     update --assume-yes
+# Perform a dist-upgrade to pull in package updates
+env DEBIAN_FRONTEND=noninteractive chroot "$mount_d" apt-get \
+    dist-upgrade --assume-yes
 env DEBIAN_FRONTEND=noninteractive chroot "$mount_d" apt-get \
     install -y lsb-release locales initramfs-tools busybox-initramfs \
                udev dbus netplan.io cloud-init openssh-server sudo snapd
diff --git a/live-build/functions b/live-build/functions
index d86f27d6..2e505949 100644
--- a/live-build/functions
+++ b/live-build/functions
@@ -626,11 +626,31 @@ snap_prepare() {
 snap_preseed() {
     # Preseed a snap in the image (snap_prepare must be called once prior)
     local CHROOT_ROOT=$1
+    # $2 can be in the form of snap_name/classic=track/risk/branch
     local SNAP=$2
+    # strip CHANNEL specification
+    SNAP=${SNAP%=*}
+    # strip /classic confinement
     local SNAP_NAME=${SNAP%/*}
-    # Per Ubuntu policy, all seeded snaps (with the exception of the core
-    # snap) must pull from stable/ubuntu-$(release_ver) as their channel.
-    local CHANNEL=${3:-"stable/ubuntu-$(release_ver)"}
+    # Seed from the specified channel (e.g. core18 latest/stable)
+    # Or Channel endcoded in the snap name (e.g. lxd=4.0/stable/ubuntu-20.04)
+    # Or Ubuntu policy default channel latest/stable/ubuntu-$(release_ver)
+    local CHANNEL=${3:-}
+    if [ -z "$CHANNEL" ]; then
+        case $2 in
+            *=*)
+                CHANNEL=${2#*=}
+                ;;
+            *)
+                CHANNEL="stable/ubuntu-$(release_ver)"
+                ;;
+        esac
+    fi
+
+    # At this point:
+    # SNAP_NAME is just the snap name
+    # SNAP is either $SNAP_NAME or $SNAP_NAME/classic for classic confined
+    # CHANNEL is the channel
 
     if [ ! -e "$CHROOT_ROOT/var/lib/snapd/seed/assertions/model" ]; then
         echo "ERROR: Snap model assertion not present, snap_prepare must be called"
diff --git a/live-build/ubuntu/hooks/040-hyperv-desktop-images.binary b/live-build/ubuntu/hooks/040-hyperv-desktop-images.binary
index 23697b8e..04446025 100644
--- a/live-build/ubuntu/hooks/040-hyperv-desktop-images.binary
+++ b/live-build/ubuntu/hooks/040-hyperv-desktop-images.binary
@@ -40,7 +40,7 @@ trap cleanup_hyperv EXIT
 # Perform customisations
 
 chroot "${scratch_d}" apt-get update -y
-chroot "${scratch_d}" apt-get -y install xrdp linux-tools-virtual linux-cloud-tools-virtual
+chroot "${scratch_d}" apt-get -y install xrdp linux-azure linux-tools-azure linux-cloud-tools-azure
 
 cat > ${scratch_d}/etc/modules-load.d/hyperv.conf << EOF
 ${IMAGE_STR}