-
swift (1.4.8-0ubuntu2.5) precise-security; urgency=medium
[ Marc Deslauriers ]
* SECURITY UPDATE: metadata constraint bypass via multiple requests
- debian/patches/CVE-2014-7960.patch: add metadata checks to
swift/account/server.py, swift/common/constraints.py,
swift/common/db.py, swift/container/server.py, added tests to
test/unit/common/test_db.py,
test/functionalnosetests/test_account.py,
test/functionalnosetests/test_container.py.
- CVE-2014-7960
[ Jamie Strandboge ]
* debian/patches/CVE-2014-7960.patch:
- adjust unittests since we use webob.exc and not the newer swob
- adjust functional tests to properly skip if test environment is not
specified and to not interfere with other functional tests
* debian/control: Build-Depends on python-mock
-- Jamie Strandboge <email address hidden> Mon, 27 Jul 2015 10:48:47 -0500
-
swift (1.4.8-0ubuntu2.4) precise-security; urgency=medium
* SECURITY UPDATE: timing side-channel attack in TempURL
- debian/patches/CVE-2014-0006.patch: use constant time comparison in
swift/common/middleware/tempurl.py.
- CVE-2014-0006
-- Marc Deslauriers <email address hidden> Fri, 14 Mar 2014 14:22:18 -0400
-
swift (1.4.8-0ubuntu2.3) precise-security; urgency=low
* SECURITY UPDATE: Fix handling of DELETE obj reqs with old timestamp
- debian/patches/CVE-2013-4155.patch: don't create tombstone files when
a file with a newer timestamp exists
- CVE-2013-4155
- LP: #1196932
-- Jamie Strandboge <email address hidden> Thu, 22 Aug 2013 15:40:33 -0500
-
swift (1.4.8-0ubuntu2.2) precise-security; urgency=low
* SECURITY UPDATE: fix unchecked input in XML responses
- debian/patches/CVE-2013-2161.patch: use saxutils.quoteattr() on account
name
- CVE-2013-2161
- LP: #1183884
* SECURITY UPDATE: optionally allow using secure json serialization instead
of pickle.
- debian/patches/CVE-2012-4406.patch: add memcache_serialization_support
option and update man pages
- debian/patches/memcache_serialization_support-default-to-zero.patch:
default to insecure pickle configuration for people upgrading.
Interested users can adjust this as desired
- CVE-2012-4406
- LP: #1006414
-- Jamie Strandboge <email address hidden> Mon, 17 Jun 2013 14:56:56 -0500
-
swift (1.4.8-0ubuntu2) precise; urgency=low
* debian/patches/fix-ubuntu-unittests.patch: Refreshed
to fix testsuite failures.
-- Chuck Short <email address hidden> Thu, 12 Apr 2012 12:05:29 -0400
-
swift (1.4.8-0ubuntu1) precise; urgency=low
* New upstream release.
* debian/patches/fix-ubuntu-unittests.patch: Refreshed.
* debian/patches/fix-doc-no-network.patch: Dont access network when
trying to build docs.
-- Chuck Short <email address hidden> Tue, 10 Apr 2012 09:23:54 -0400
-
swift (1.4.7-0ubuntu3) precise; urgency=low
* debian/rules: Make the build fail if the testsuite doesnt pass.
* debian/patches/fix-ubuntu-unittests.patch: Various fixes to build
swift in the buildds.
-- Chuck Short <email address hidden> Fri, 23 Mar 2012 13:58:37 -0400
-
swift (1.4.7-0ubuntu2) precise; urgency=low
* Fixup upstart configurations (LP: #954477):
- d/rules: Correctly generate ALL upstart configurations when
building for Ubuntu.
- d/*.upstart.in: Update upstart config's to use new conf file locations.
-- James Page <email address hidden> Thu, 15 Mar 2012 15:34:19 +0000
-
swift (1.4.7-0ubuntu1) precise; urgency=low
[ Chuck Short ]
* New upstream release.
[ Thierry Carrez (ttx) ]
* Remove swift-stats-populate, swift-stats-report and stats.conf-sample to
match Swift 1.4.7 contents
-- Chuck Short <email address hidden> Fri, 09 Mar 2012 13:26:07 -0500
-
swift (1.4.7~20120302.1721-0ubuntu1) precise; urgency=low
* New upstream release.
-- Chuck Short <email address hidden> Fri, 02 Mar 2012 13:27:27 -0500
-
swift (1.4.7~20120224.1690-0ubuntu1) precise; urgency=low
[ Chuck Short ]
* New upstream release.
[ Chmouel Boudjnah ]
* Add more samples to packages (LP:#667935)
-- Chuck Short <email address hidden> Fri, 24 Feb 2012 09:10:12 -0500
-
swift (1.4.7~20120217.1689-0ubuntu1) precise; urgency=low
* New upstream release.
* debian/copyright: Update to fix lintian warnings.
-- Chuck Short <email address hidden> Fri, 17 Feb 2012 09:38:15 -0500
-
swift (1.4.7~20120210.1686-0ubuntu1) precise; urgency=low
* New upstream release.
* debian/control: Add python-paste.
-- Chuck Short <email address hidden> Fri, 10 Feb 2012 09:41:51 -0500
-
swift (1.4.6~20120202.1676-0ubuntu1) precise; urgency=low
* New upstream version.
-- Chuck Short <email address hidden> Fri, 03 Feb 2012 09:35:18 -0500
-
swift (1.4.6~20120124.1668-0ubuntu1) precise; urgency=low
* New upstream release.
* debian/control: Add python-paste as a build dependency.
* Update swift.install to reflect release.
-- Chuck Short <email address hidden> Thu, 26 Jan 2012 09:06:49 -0500
-
swift (1.4.6~20120119.1666-0ubuntu1) precise; urgency=low
[Chuck Short]
* New upstream release.
[ Daniel T Chen ]
* debian/control: Fix Vcs entries.
* debian/swift.install: Add new scripts. Fixes FTBFS.
[ Marc Cluet ]
* Changed swift-proxy upstart script to watch /etc/swift/proxy-server.conf
(LP:#917893)
-- Chuck Short <email address hidden> Fri, 20 Jan 2012 13:20:46 -0500
-
swift (1.4.6~20120112.1660-0ubuntu2) precise; urgency=low
[ Daniel T Chen ]
* debian/control: Fix Vcs entries.
* debian/swift.install: Add new scripts. Fixes FTBFS.
[ Marc Cluet ]
* Changed swift-proxy upstart script to watch /etc/swift/proxy-server.conf
(LP:#917893)
-- Marc Deslauriers <email address hidden> Wed, 18 Jan 2012 11:17:33 -0500
-
swift (1.4.6~20120112.1660-0ubuntu1) precise; urgency=low
[Chuck Short]
* New upstream release.
* Merged changes from upstream packaging, thanks to Thierry Carrez.
* debian/rules:
+ Remove egg-info on clean.
[Thierry Carrez (ttx)]
* Added usr/bin/swift-recon[-cron] to swift package.
-- Chuck Short <email address hidden> Mon, 09 Jan 2012 11:26:25 -0500
-
swift (1.4.5-0ubuntu1) precise; urgency=low
[Chuck Short]
* New upstream release.
* Merged changes from upstream packaging, thanks to Thierry Carrez.
* debian/rules:
+ Remove egg-info on clean.
[Thierry Carrez (ttx)]
* Added usr/bin/swift-recon[-cron] to swift package.
-- Chuck Short <email address hidden> Mon, 09 Jan 2012 11:26:25 -0500
-
swift (1.4.5~20111202.1634-0ubuntu3) precise; urgency=low
* debian/swift.manpages: Remove swauth man pages.
-- Matthias Klose <email address hidden> Wed, 21 Dec 2011 18:29:35 +0100
-
swift (1.4.5~20111202.1634-0ubuntu2) precise; urgency=low
* Drop swauth man pages. (LP: #900888)
* debian/control:
- Clean up build depends.
- Update VCS info to point to the right branches.
* debian/rules: Run the swift testsuite.
* debian/python-swift.postinst: Change user's shell to /bin/false.
* Fix some lintian warnings.
-- Chuck Short <email address hidden> Fri, 16 Dec 2011 09:45:28 -0500
-
swift (1.4.5~20111202.1634-0ubuntu1) precise; urgency=low
* New upstream release.
-- Chuck Short <email address hidden> Fri, 02 Dec 2011 09:49:32 -0500
-
swift (1.4.5~20111117.1632-0ubuntu1) precise; urgency=low
* New upstream release.
* Convert init scripts to upstart.
-- Chuck Short <email address hidden> Fri, 18 Nov 2011 13:25:16 -0500
-
swift (1.4.4~20111108.1612-0ubuntu1) precise; urgency=low
* New upstream release.
* debian/rules: Add --fail-missing.
* Update .isntall files. (LP: #882679, #841853)
* Switch to python2.
-- Chuck Short <email address hidden> Fri, 11 Nov 2011 10:49:12 -0500
-
swift (1.4.4~20111014.1599-0ubuntu1) precise; urgency=low
* New upstream verison.
* Dropped:
- debian/patches/backport-change-swift-ring-builder-exit-codes.
-- Chuck Short <email address hidden> Fri, 21 Oct 2011 13:50:47 -0400
-
swift (1.4.3-0ubuntu2) oneiric; urgency=low
[ Adam Gandelman ]
* debian/patches/backport-change-swift-ring-builder-exit-codes: Standardize
exit codes now to reduce hassles after future upgrades (LP: #836922)
-- Chuck Short <email address hidden> Fri, 30 Sep 2011 15:00:26 -0400