-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 11 Nov 2025 09:06:52 +0100
Source: swift
Architecture: source
Version: 2.30.1-0+deb12u1
Distribution: bookworm-security
Urgency: medium
Maintainer: Debian OpenStack <team+openstack@tracker.debian.org>
Changed-By: Thomas Goirand <zigo@debian.org>
Changes:
swift (2.30.1-0+deb12u1) bookworm-security; urgency=medium
.
[ Thomas Goirand ]
* New upstream release.
* Removed CVE-2022-47950-stable-zed.patch applied upstream.
* Add swift-recon-only-query-object-servers-once.patch.
* Add drive-full-checker.patch.
* Blacklist tests:
- test_get_conns_hostname6
- test_get_conns_v6
- test_get_conns_v6_default
* Add kms_keymaster-allow-specifying-barbican_endpoint.patch.
* kay reported a vulnerability in Keystone’s ec2tokens and s3tokens APIs. By
sending those endpoints a valid AWS Signature (e.g., from a presigned S3
URL), an unauthenticated attacker may obtain Keystone authorization
(ec2tokens can yield a fully scoped token; s3tokens can reveal scope
accepted by some services), resulting in unauthorized access and privilege
escalation. Deployments where /v3/ec2tokens or /v3/s3tokens are reachable
by unauthenticated clients (e.g., exposed on a public API) are affected.
Add bug-2119646-swift.patch, which offers swift side compatibility with the
keystone fix.
* Blacklist non-deterministic tests:
- test_delete_partition_ssync_with_cleanup_failure
- test_cleanup_ondisk_files_commit_window
.
[ Philippe SÉRAPHIN ]
* Add Change_getting_major_minor_of_blkdev.patch.
Checksums-Sha1:
da5591355dde6a5b30ac92d413b99813b6aa9624 3425 swift_2.30.1-0+deb12u1.dsc
205218916663afee32c8535ef478e44c9669160d 2540964 swift_2.30.1.orig.tar.xz
8d065ffed61f9511310ff6efd13f04e2a42edebf 33260 swift_2.30.1-0+deb12u1.debian.tar.xz
fa56bdbd79dbc09550c8a3e893fbb1055a87f17c 15869 swift_2.30.1-0+deb12u1_amd64.buildinfo
Checksums-Sha256:
726e438d37f0c62ddcb24749d40cce4081867cc4e88841ea0b4f693c77d70e1e 3425 swift_2.30.1-0+deb12u1.dsc
56a8683a00f6a0803c0b71ffb9f7e6306b6f0d4cf673fa4e044bbefdf4bd5a8e 2540964 swift_2.30.1.orig.tar.xz
e1228eb69ae7a804f9ece1d07cec8b03d6a40941490cc1dc8d507096be0c555e 33260 swift_2.30.1-0+deb12u1.debian.tar.xz
f3af963bff1e61164f95284d6856d1aa92e94c2d0cc0f538c39d324ef1d903f4 15869 swift_2.30.1-0+deb12u1_amd64.buildinfo
Files:
76fae3ac835bbca01af24c0e389f43cd 3425 net optional swift_2.30.1-0+deb12u1.dsc
fcaa278f05eb9c8993b5d56189eaace3 2540964 net optional swift_2.30.1.orig.tar.xz
07e2dea795ff78bc462ccd4fb31cea26 33260 net optional swift_2.30.1-0+deb12u1.debian.tar.xz
a9f1b0b15f983a7095123baa6972d817 15869 net optional swift_2.30.1-0+deb12u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmkS8SkACgkQ1BatFaxr
Q/5vORAAhJHBoeRWiEB4v0/7SQoyYkdz51YDNg337JlgtfhmN+mcBhgg+Jw8FoZw
08+oVUdxm3gmoB8CoLiEYG3hJKlP/Ml3B45xC1wq2i82IsK3nQ2kH6GdwH8OVinv
HahrZFRIGduvYuNYb71grgOA3VLQbf6/uCJA49spffxifjyzSPxGfIPQUvuQIwea
JmdTC1VlDKvwyW6lirGhwSwJOSPQVl4QSu3MEtLNc+YJlFoGnvDw2DQovad52/8n
zN8If6brgGkKwt3TinTGdr+KXehrOhc7xlUh6v/SbmZhMNB8SVI2lJTCDQg1YgUZ
g8cU1gtWmhinruQTnD+qGi+J1VNzlC23rqYy65GoRSSSiFeD9z7SxawtHzRUtvXm
ZVXsrUZjA/DZJKDADVdZ9HCuoXGCzPJVbyU3ytwizYf3SWGzGJQYbzt4xTF87EJ9
NPpV/A8hrACJeZ0umlkSMAeOvdYuaDiwazKfySBIHOEI870YpbDiudJpQGOGeIaq
E4I/hsWWYvWM3l6Qax0A8e/Plf+kstQbFqT4WQmm9akaJHqSt/WLEuczWJHPh81y
zAsv59DayYRFHgfIlGPHza6MFDdrtG+JvaR4frZfycGwprLyE4lhIilJBRcVwi3Z
teH7x1/j/eB8qG4fq8WC22inz6qW/9zJaZ5jgheL6ZndijMObPM=
=RBfQ
-----END PGP SIGNATURE-----
Attachment:
pgph_hM2vVTL5.pgp
Description: PGP signature