-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 11 Nov 2025 09:06:52 +0100 Source: swift Binary: python3-swift swift swift-account swift-container swift-doc swift-drive-audit swift-object swift-object-expirer swift-proxy Architecture: all Version: 2.30.1-0+deb12u1 Distribution: bookworm-security Urgency: medium Maintainer: all Build Daemon (x86-csail-02) Changed-By: Thomas Goirand Description: python3-swift - distributed virtual object store - Python 3 libraries swift - distributed virtual object store - common files swift-account - distributed virtual object store - account server swift-container - distributed virtual object store - container server swift-doc - distributed virtual object store - documentation swift-drive-audit - distributed virtual object store - drive audit swift-object - distributed virtual object store - object server swift-object-expirer - distributed virtual object store - object-expirer swift-proxy - distributed virtual object store - proxy server Changes: swift (2.30.1-0+deb12u1) bookworm-security; urgency=medium . [ Thomas Goirand ] * New upstream release. * Removed CVE-2022-47950-stable-zed.patch applied upstream. * Add swift-recon-only-query-object-servers-once.patch. * Add drive-full-checker.patch. * Blacklist tests: - test_get_conns_hostname6 - test_get_conns_v6 - test_get_conns_v6_default * Add kms_keymaster-allow-specifying-barbican_endpoint.patch. * kay reported a vulnerability in Keystone’s ec2tokens and s3tokens APIs. By sending those endpoints a valid AWS Signature (e.g., from a presigned S3 URL), an unauthenticated attacker may obtain Keystone authorization (ec2tokens can yield a fully scoped token; s3tokens can reveal scope accepted by some services), resulting in unauthorized access and privilege escalation. Deployments where /v3/ec2tokens or /v3/s3tokens are reachable by unauthenticated clients (e.g., exposed on a public API) are affected. Add bug-2119646-swift.patch, which offers swift side compatibility with the keystone fix. * Blacklist non-deterministic tests: - test_delete_partition_ssync_with_cleanup_failure - test_cleanup_ondisk_files_commit_window . [ Philippe SÉRAPHIN ] * Add Change_getting_major_minor_of_blkdev.patch. Checksums-Sha1: bd47bd8080c21bb7d0b01c1e70c9c1c91987b361 694428 python3-swift_2.30.1-0+deb12u1_all.deb c27d79308f4a1653f17450a28039174b4b53371a 92384 swift-account_2.30.1-0+deb12u1_all.deb 1591c075b5792139e3bc2463e92dffe9a5ada579 96364 swift-container_2.30.1-0+deb12u1_all.deb 927b2887ff5f94f1e823abeeb14b958eca2d7464 2293056 swift-doc_2.30.1-0+deb12u1_all.deb e5b9d802b4923f3e13860970646a469f1cb894a0 72652 swift-drive-audit_2.30.1-0+deb12u1_all.deb 25fc9912a47e6a1adcc8c3733e5700078a95ace3 74464 swift-object-expirer_2.30.1-0+deb12u1_all.deb 552de18a18223b6e8e39364345f507d77e53586e 103304 swift-object_2.30.1-0+deb12u1_all.deb 566a10479f14d746510e281a227fd775a13213ca 105220 swift-proxy_2.30.1-0+deb12u1_all.deb 8209d7ae488926b0e9b75b1541a561057bf1801b 15240 swift_2.30.1-0+deb12u1_all-buildd.buildinfo d69a60e05858bfe7f11e6bb0218805bbc2905871 100528 swift_2.30.1-0+deb12u1_all.deb Checksums-Sha256: a11e23bd4ae1f74309c350dc5ee785b9119bcf55ed47ca52808f593ef2a6195e 694428 python3-swift_2.30.1-0+deb12u1_all.deb cbe834f6408664ff6027e5c3736d6a700ac806c7daed13c118b9bbb72518fed7 92384 swift-account_2.30.1-0+deb12u1_all.deb 8c561139430817c02110a468f1731509744f592153881813b1e80bf4b3d191d0 96364 swift-container_2.30.1-0+deb12u1_all.deb 54c187ad2df2991f9550f9363b052f313aa3beb4008365a888c5e411a2259ee7 2293056 swift-doc_2.30.1-0+deb12u1_all.deb 4eb492dc23aeb2bc5f11758ba3002d36a81c1d5407231c44620427617de86c86 72652 swift-drive-audit_2.30.1-0+deb12u1_all.deb c79f3acb32d65f7046db271cfd198212d8e6a0f173780aa94c1d8fc50426cb9b 74464 swift-object-expirer_2.30.1-0+deb12u1_all.deb 1d2812349e90c0d1d5dc0e4ccde36e2d08e35f17756541ceef984183b64cf2b7 103304 swift-object_2.30.1-0+deb12u1_all.deb 967ecc041be2f462cae3abcf1250ca502bc242421ba268df882861b6184cfcbf 105220 swift-proxy_2.30.1-0+deb12u1_all.deb 099a82863bde82ce34a4b24b898a3dec583bac12de09d5d4204089b97e60ec81 15240 swift_2.30.1-0+deb12u1_all-buildd.buildinfo 96b1d18d102d874ce58eca90771818831180d6f6b61700ca7c6e9a118d0d2f68 100528 swift_2.30.1-0+deb12u1_all.deb Files: 8daa392cf53c4331521b81156222bbd6 694428 python optional python3-swift_2.30.1-0+deb12u1_all.deb e61676d0f735549f475fe27a7e950be4 92384 net optional swift-account_2.30.1-0+deb12u1_all.deb e9f2b85876ffb2279068cf6c2838d8f0 96364 net optional swift-container_2.30.1-0+deb12u1_all.deb 660a69baf6597479584d969f7b8a01e0 2293056 doc optional swift-doc_2.30.1-0+deb12u1_all.deb 7c7bf6d6f1e4a541e49e4504039638e2 72652 net optional swift-drive-audit_2.30.1-0+deb12u1_all.deb e7757189f36e9c8b3c7d22b0d154d7f2 74464 net optional swift-object-expirer_2.30.1-0+deb12u1_all.deb 5466bdb32fe9bd473c5cfcdb5a926f4a 103304 net optional swift-object_2.30.1-0+deb12u1_all.deb 7ece79adff6114e48b0810276e5ff400 105220 net optional swift-proxy_2.30.1-0+deb12u1_all.deb 47045ba248e5d441231397bdd38f031e 15240 net optional swift_2.30.1-0+deb12u1_all-buildd.buildinfo 463e624fd0e17b377fadf3cae94d18e7 100528 net optional swift_2.30.1-0+deb12u1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEELusn8jY95Sf7obGlx30Wh8LXl/YFAmkS+FoACgkQx30Wh8LX l/aePA/+KoFhw8zUzTX4xB0R+5rMr9Gw4SqMqffEG/r423lBdE3O0S2gOYcXeGYL Nn0a6pSa3gs5EiVotOEuqxIEYxt6ux0+1V4ZmhX25aekdOATE0CYTk50UJlfvIN9 KUzG/10dwCyBzHkEIqpdKcxPVdyKvY/HgPhzQ+3gbYyphT89ceBMZGzNNLRMZC21 abZg6xXmLVn2hv60P9jmKjCovNfSOAVZ+Sa6IU7IFYx81Mc5CrXL0qXuis4a/L14 hPhKEQs7/GorxvXHKHfacruAUWXCabvoCRnULhToeIcSwfdtWea4si1G9oc96lXT ayAtWigzmk4LDIg1Kvuj4ZYUZvUqDwvTSc1GZDfA7FxyAxuYxL78hrxm2IetcbI8 8gb3ZPBnDl54dIqduxPMnorY1T3Q6tXptNiKVnXEEEVYaJoap/nx3ysmodEUnbYy moodx+xlQ8qvYXycdH0aMVpZ5Y1MYxfqnNNRRwqZbKsHk8GfCbJ8VrVjoMDt9dAW Nk64oYVsoOtheUnnsM1fXBuUBoPebsl5jZJgYYubUBJblsZbeYmT1GkTMNxYTp0k 2mmFuv0QLJQsmYROvmoKpS5GJc8pTWh3HUk7QhFWtIOLWdYTGCilI6KG+gj8X2ks XMOu0TySP+C7g10/F61o2B6F1V6Mkfs1Mxp+jJuxxcL36JS3Wbo= =JM37 -----END PGP SIGNATURE-----