home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   linux.debian.changes      Debian changes... like the weather      791 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 488 of 791   
   Debian FTP Masters to All   
   Accepted swift 2.35.1-0+deb13u1 (source)   
   19 Nov 25 21:40:02   
   
   From: ftpmaster@ftp-master.debian.org   
      
   -----BEGIN PGP SIGNED MESSAGE-----   
   Hash: SHA512   
      
   Format: 1.8   
   Date: Fri, 31 Oct 2025 01:49:35 +0100   
   Source: swift   
   Architecture: source   
   Version: 2.35.1-0+deb13u1   
   Distribution: trixie-security   
   Urgency: medium   
   Maintainer: Debian OpenStack    
   Changed-By: Thomas Goirand    
   Closes: 1120057   
   Changes:   
    swift (2.35.1-0+deb13u1) trixie-security; urgency=medium   
    .   
      * New upstream point release:   
        This new point release adds the feature to allow the use of aws-chunked   
        transfer encoding. This is important because most S3 clients are using the   
        boto library that has dropped support for any other protocol. This   
        upstream point release contains only that change, which is minimal and   
        will not affect any deployment other than accepting aws-chunked transfer.   
      * Blacklist 2 unit tests that require isal lib to be installed:   
        - test_sig_v4_strm_unsgnd_pyld_trl_checksum_hdr_unsupported   
        - test_get_checksum_hasher   
      * OSSA-2025-002: kay reported a vulnerability in Keystone’s ec2tokens and   
        s3tokens APIs. By sending those endpoints a valid AWS Signature (e.g.,   
   from   
        a presigned S3 URL), an unauthenticated attacker may obtain Keystone   
        authorization (ec2tokens can yield a fully scoped token; s3tokens can   
        reveal scope accepted by some services), resulting in unauthorized access   
        and privilege escalation. Deployments where /v3/ec2tokens or /v3/s3tokens   
        are reachable by unauthenticated clients (e.g., exposed on a public API)   
        are affected.   
        Swift needs to be modified to accept the fix for Keystone, otherwise S3   
        authentication will stop working.   
        Deployers are advised to update Swift first, as the patched swift will   
   work   
        with unpatched keystone, while the opposite isn't true.   
        Applied upstream patch (Closes: #1120057):   
        Add bug-2119646-swift.patch, which offers swift side compatibility with   
   the   
        keystone fix.   
   Checksums-Sha1:   
    1ffa8390af692a32b0a3001e88f254f63ea96536 3165 swift_2.35.1-0+deb13u1.dsc   
    5dc7039ecfd608a05ec987bfe49cc2fb6f587148 2706568 swift_2.35.1.orig.tar.xz   
    8e763a049c892377e900ace91cd5ef562d189d80 32028 swift_2.35.1-0+d   
   b13u1.debian.tar.xz   
    5c56af8a38a9d9682f318ec0d5a5c48d885746c7 14603 swift_2.35.1-0+d   
   b13u1_amd64.buildinfo   
   Checksums-Sha256:   
    b7aef7b085aa0013b370e474a4a57e02484afd1edc755f4a45e575ec8cae7a3b 3165   
   swift_2.35.1-0+deb13u1.dsc   
    ee2bba0d77ce5bccc04db93d531ddd65ee092a1ce1070b0995f1ca8f7a3a5beb 2706568   
   swift_2.35.1.orig.tar.xz   
    29f473ee52bfce85239cf7b3dc7160ef3560a7253c391f14edd11865b1373104 32028   
   swift_2.35.1-0+deb13u1.debian.tar.xz   
    d2c5519a2a0e7599c7124b421f3e18caa55f001fe38464ba057e634596782cb1 14603   
   swift_2.35.1-0+deb13u1_amd64.buildinfo   
   Files:   
    ec0165efc0c28df1f3e7da4c76ae2df9 3165 net optional swift_2.35.1-0+deb13u1.dsc   
    0fe9e0f72d050292fb9182633c9462af 2706568 net optional swift_2.35.1.orig.tar.xz   
    fa77d063c2a6fe4860f3fec26e860e05 32028 net optional swift_2.35.   
   -0+deb13u1.debian.tar.xz   
    ad3f97cce58dfbf48baf00d5605476e9 14603 net optional swift_2.35.   
   -0+deb13u1_amd64.buildinfo   
      
   -----BEGIN PGP SIGNATURE-----   
      
   iQIzBAEBCgAdFiEEoLGp81CJVhMOekJc1BatFaxrQ/4FAmkS7bAACgkQ1BatFaxr   
   Q/7G+w//UOFZPHtZy2Q6mujhFbflwwe7JOdRBesJ+ahOsDm5jHqQZQSj40r/0aDz   
   axtqTE3QVWcgT63CDddA2AngiIjAMc4FWYOt39GAoOnvjz3u3dODAW6ExQkZLSDn   
   CBB+k+Slp+5s9NAlSY9nQIcvr8NBN0DB7RiyoyxV1HSWDFZD5XQZwq20c9heVkAw   
   XYtiuU82C34mni+Nnqc9EUpfxxhIERHB1fXyezRQf+j/Cdglh7hUhtM3BEBH9OxT   
   /BisMs0BuXD8M6Vs727CFu7YgXeRjECpIhOw/3Up8stkKmd5bcYXH4gRFY9RYC6s   
   oCPG6j2t1cAOMO1Y15V/M/XYq6vORzBF/HVwkwUVm8lBrOqGFuP6nMBz6uLsWZhm   
   4MbLSAwfnzJWf3+9htsvDiMjvqMIq5KxoDTYGyfNnfd89LKbGi2khOgL8QbFJ0la   
   b3EtVTg+wIhtek+zBT24bEmipNn7mrc7OYnRJ0RIkMLK8VZ2gMtuXcnLI9DhQs22   
   4mzhfEghwMS8rul9j7djgtBN2XdD0ttCBoqLWqFnfX/TS9oaHA5rei/yCOZ6w021   
   Gt8O63Aw0E82dCGKju6RebUldWg2NnwYxMtKrBtxaDtd+8758yQQwQNk9on5K5P2   
   ZQP9N/2625D+FeES2fE++bFC+UMoM5FBheaOWl4Cf98J9ldcmFc=   
   =oKCX   
   -----END PGP SIGNATURE-----   
      
      
   --==============r86606187632022874=Content-Type: application/pgp-signature   
      
   -----BEGIN PGP SIGNATURE-----   
      
   iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCaR4plQAKCRCb9qggYcy5   
   IX4aAP92pL38Q9b8BWeHCUv1or5bpzr/EuiyaDEYseLix2VxkAD+I6sqzow2q/yo   
   5D516O5Qoph+4ZrsGZe4GVYh1R56FQ8=qaz4   
   -----END PGP SIGNATURE-----   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca