cyborg (16.0.0+git+2026.04.26.b8edfa06f1-1) unstable; urgency=medium * New upstream release based on top of stable branch. Includes CVE fixes: CVE-2026-40213: Cyborg uses rule:allow (check_str='@') as the default policy for multiple API endpoints. This unconditionally authorizes any request carrying a valid Keystone token regardless of roles, project membership, or scope. An authenticated user with zero role assignments can complete various actions such as reprogramming FPGA bitstreams on arbitrary compute nodes via agent RPC. CVE-2026-40214: The Accelerator Request (ARQ) API does not enforce project ownership at any layer. The project_id column in the database is never populated (NULL for every ARQ), database queries have no project filtering, and policy checks are self-referential (the authorize_wsgi decorator compares the caller's project_id with itself rather than the target resource). Any authenticated non-admin user can complete various actions such as deleting ARQs bound to other projects' instances, aka cross-tenant denial of service. -- Thomas Goirand Mon, 11 May 2026 10:36:13 +0200 cyborg (16.0.0-2) unstable; urgency=medium * Fix "su" parameters order. -- Thomas Goirand Mon, 13 Apr 2026 12:25:58 +0200 cyborg (16.0.0-1) unstable; urgency=medium * New upstream release. -- Thomas Goirand Wed, 01 Apr 2026 14:03:44 +0200 cyborg (16.0.0~rc2-1) unstable; urgency=medium * New upstream release. * Uploading to unstable. -- Thomas Goirand Fri, 27 Mar 2026 09:37:09 +0100 cyborg (16.0.0~rc1-2) experimental; urgency=medium * Set OS_OSLO_MESSAGING_RABBIT__PROCESSNAME in api init script. -- Thomas Goirand Wed, 18 Mar 2026 10:26:47 +0100 cyborg (16.0.0~rc1-1) experimental; urgency=medium * New upstream release. * Removed --format when building the policy yaml file. * Fixed (build-)depends for this release. -- Thomas Goirand Tue, 17 Mar 2026 22:12:33 +0100 cyborg (15.0.0-1) unstable; urgency=medium * New upstream release. -- Thomas Goirand Wed, 01 Oct 2025 21:47:52 +0200 cyborg (15.0.0~rc1-3) unstable; urgency=medium * Uploading to unstable. -- Thomas Goirand Mon, 29 Sep 2025 00:25:20 +0200 cyborg (15.0.0~rc1-2) experimental; urgency=medium * Fixed UWSGI_INI_APP= in api init script. -- Thomas Goirand Thu, 18 Sep 2025 22:04:28 +0200 cyborg (15.0.0~rc1-1) experimental; urgency=medium * New upstream release. * Switch API to use module=cyborg.wsgi.api:application instead of wsgi-file. -- Thomas Goirand Fri, 12 Sep 2025 08:28:24 +0200 cyborg (14.0.0-3) unstable; urgency=medium * Add export OS_OSLO_MESSAGING_RABBIT__PROCESSNAME in all daemons. -- Thomas Goirand Sat, 12 Jul 2025 10:23:11 +0200 cyborg (14.0.0-2) unstable; urgency=medium * Blacklist TestFPGADriver.test_program that is failing in Bookworm. -- Thomas Goirand Wed, 02 Apr 2025 15:36:04 +0200 cyborg (14.0.0-1) unstable; urgency=medium * New upstream release. -- Thomas Goirand Wed, 02 Apr 2025 13:21:15 +0200 cyborg (14.0.0~rc1-2) unstable; urgency=medium * Uploading to unstable. -- Thomas Goirand Fri, 28 Mar 2025 14:34:50 +0100 cyborg (14.0.0~rc1-1) experimental; urgency=medium * New upstream release. * Fixed version of oslo.utils (build-)depends. * Build-depends on openstack-pkg-tools >= 133~. -- Thomas Goirand Fri, 14 Mar 2025 08:55:22 +0100 cyborg (13.0.0-2) unstable; urgency=medium * Switch to pybuild (Closes: #1090407). -- Thomas Goirand Thu, 19 Dec 2024 17:14:11 +0100 cyborg (13.0.0-1) unstable; urgency=medium * New upstream release. -- Thomas Goirand Wed, 02 Oct 2024 15:54:14 +0200 cyborg (13.0.0~rc1-1) unstable; urgency=medium * New upstream release. -- Thomas Goirand Mon, 23 Sep 2024 11:52:35 +0200 cyborg (12.0.0-1) unstable; urgency=medium * Initial packaging (Closes: #1080389). -- Thomas Goirand Tue, 03 Sep 2024 11:52:23 +0200