-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 11 Nov 2025 09:06:52 +0100 Source: swift Architecture: source Version: 2.30.1-0+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: Debian OpenStack <team+openstack@tracker.debian.org> Changed-By: Thomas Goirand <zigo@debian.org> Changes: swift (2.30.1-0+deb12u1) bookworm-security; urgency=medium . [ Thomas Goirand ] * New upstream release. * Removed CVE-2022-47950-stable-zed.patch applied upstream. * Add swift-recon-only-query-object-servers-once.patch. * Add drive-full-checker.patch. * Blacklist tests: - test_get_conns_hostname6 - test_get_conns_v6 - test_get_conns_v6_default * Add kms_keymaster-allow-specifying-barbican_endpoint.patch. * kay reported a vulnerability in Keystone’s ec2tokens and s3tokens APIs. By sending those endpoints a valid AWS Signature (e.g., from a presigned S3 URL), an unauthenticated attacker may obtain Keystone authorization (ec2tokens can yield a fully scoped token; s3tokens can reveal scope accepted by some services), resulting in unauthorized access and privilege escalation. Deployments where /v3/ec2tokens or /v3/s3tokens are reachable by unauthenticated clients (e.g., exposed on a public API) are affected. Add bug-2119646-swift.patch, which offers swift side compatibility with the keystone fix. * Blacklist non-deterministic tests: - test_delete_partition_ssync_with_cleanup_failure - test_cleanup_ondisk_files_commit_window . [ Philippe SÉRAPHIN ] * Add Change_getting_major_minor_of_blkdev.patch. Checksums-Sha1: da5591355dde6a5b30ac92d413b99813b6aa9624 3425 swift_2.30.1-0+deb12u1.dsc 205218916663afee32c8535ef478e44c9669160d 2540964 swift_2.30.1.orig.tar.xz 8d065ffed61f9511310ff6efd13f04e2a42edebf 33260 swift_2.30.1-0+deb12u1.debian.tar.xz fa56bdbd79dbc09550c8a3e893fbb1055a87f17c 15869 swift_2.30.1-0+deb12u1_amd64.buildinfo Checksums-Sha256: 726e438d37f0c62ddcb24749d40cce4081867cc4e88841ea0b4f693c77d70e1e 3425 swift_2.30.1-0+deb12u1.dsc 56a8683a00f6a0803c0b71ffb9f7e6306b6f0d4cf673fa4e044bbefdf4bd5a8e 2540964 swift_2.30.1.orig.tar.xz e1228eb69ae7a804f9ece1d07cec8b03d6a40941490cc1dc8d507096be0c555e 33260 swift_2.30.1-0+deb12u1.debian.tar.xz f3af963bff1e61164f95284d6856d1aa92e94c2d0cc0f538c39d324ef1d903f4 15869 swift_2.30.1-0+deb12u1_amd64.buildinfo Files: 76fae3ac835bbca01af24c0e389f43cd 3425 net optional swift_2.30.1-0+deb12u1.dsc fcaa278f05eb9c8993b5d56189eaace3 2540964 net optional swift_2.30.1.orig.tar.xz 07e2dea795ff78bc462ccd4fb31cea26 33260 net optional swift_2.30.1-0+deb12u1.debian.tar.xz a9f1b0b15f983a7095123baa6972d817 15869 net optional swift_2.30.1-0+deb12u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmkS8SkACgkQ1BatFaxr Q/5vORAAhJHBoeRWiEB4v0/7SQoyYkdz51YDNg337JlgtfhmN+mcBhgg+Jw8FoZw 08+oVUdxm3gmoB8CoLiEYG3hJKlP/Ml3B45xC1wq2i82IsK3nQ2kH6GdwH8OVinv HahrZFRIGduvYuNYb71grgOA3VLQbf6/uCJA49spffxifjyzSPxGfIPQUvuQIwea JmdTC1VlDKvwyW6lirGhwSwJOSPQVl4QSu3MEtLNc+YJlFoGnvDw2DQovad52/8n zN8If6brgGkKwt3TinTGdr+KXehrOhc7xlUh6v/SbmZhMNB8SVI2lJTCDQg1YgUZ g8cU1gtWmhinruQTnD+qGi+J1VNzlC23rqYy65GoRSSSiFeD9z7SxawtHzRUtvXm ZVXsrUZjA/DZJKDADVdZ9HCuoXGCzPJVbyU3ytwizYf3SWGzGJQYbzt4xTF87EJ9 NPpV/A8hrACJeZ0umlkSMAeOvdYuaDiwazKfySBIHOEI870YpbDiudJpQGOGeIaq E4I/hsWWYvWM3l6Qax0A8e/Plf+kstQbFqT4WQmm9akaJHqSt/WLEuczWJHPh81y zAsv59DayYRFHgfIlGPHza6MFDdrtG+JvaR4frZfycGwprLyE4lhIilJBRcVwi3Z teH7x1/j/eB8qG4fq8WC22inz6qW/9zJaZ5jgheL6ZndijMObPM= =RBfQ -----END PGP SIGNATURE-----
