-
swift (2.2.0-1+deb8u1) jessie-proposed-updates; urgency=medium
[ Thomas Goirand ]
* Fixed swift user creation (standardized on pkgos way).
* CVE-2015-1856 & OSSA 2015-006: Unauthorized delete of versioned Swift
object. Applied upstream patch: Prevent unauthorized delete in versioned
container (Closes: #783163).
[ Ondřej Nový ]
* Fixed service name of object-expirer.
* Added container-sync init script.
* CVE-2015-5223: Information leak via Swift tempurls.
Applied upstream patch: Disallow unsafe tempurl operations to point
to unauthorized data (Closes: #797032).
-- Thomas Goirand <email address hidden> Tue, 15 Sep 2015 21:28:14 +0200
-
swift (2.2.0-1) unstable; urgency=medium
* New upstream release.
* Removed the no intersphinx patch.
-- Thomas Goirand <email address hidden> Thu, 16 Oct 2014 12:44:38 +0000
-
swift (2.1.0-1) unstable; urgency=medium
* New upstream release.
* Removed CVE-2014-3497_properly_quote_www-authenticate_header_value.patch
applied upstream.
* Added new command lines into packages:
- usr/bin/swift-container-info
- usr/bin/swift-container-reconciler
- usr/bin/swift-reconciler-enqueue
- usr/bin/swift-account-info
* Added new package (+init script): swift-account-expirer (Closes: #760363).
-- Thomas Goirand <email address hidden> Tue, 01 Jul 2014 19:31:22 +0800
-
swift (1.13.1-1) unstable; urgency=high
* New upstream release.
* CVE-2014-3497: XSS in Swift requests through WWW-Authenticate header.
Appilied upstream patch properly_quote_www-authenticate_header_value.patch
(Closes: #752087).
* Also packaging usr/bin/swift-container-info and usr/bin/swift-account-info
which are new in this release.
-- Thomas Goirand <email address hidden> Sat, 12 Apr 2014 11:19:56 +0800
-
swift (1.12.0-1) unstable; urgency=medium
* New upstream release (Closes: #737638).
* Added new (build-)dependency: python-dnspython.
* Removed CVE-2014-0006 patch, applied upstream.
* Added PYTHONPATH=. when running unit tests.
-- Thomas Goirand <email address hidden> Tue, 04 Feb 2014 23:21:54 +0800
-
swift (1.11.0-2) unstable; urgency=high
* CVE-2014-0006: Use constant time comparison in tempURL. Applied upstream
patch (Closes: #735582).
* Fix sphinx doc building.
-- Thomas Goirand <email address hidden> Fri, 17 Jan 2014 00:31:56 +0800
-
swift (1.10.0-1) unstable; urgency=low
* New upstream release.
* Uploading to unstable.
-- Thomas Goirand <email address hidden> Fri, 18 Oct 2013 01:08:31 +0800
-
swift (1.8.0-7) unstable; urgency=high
* CVE-2013-4155: DoS using superfluous object tombstones. Upstream patch
fixes handling of DELETE obj reqs with old timestamp (Closes: #719008).
* Refreshed patches.
-- Thomas Goirand <email address hidden> Thu, 08 Aug 2013 12:05:45 +0000
-
swift (1.8.0-6) unstable; urgency=low
[ Thomas Goirand ]
* Renamed all init script with .init extension in the debian folder, so it is
more easy to list them with ls.
* Added upstart scripts.
* Added myself and Julien in debian/copyright for the packaging, plus
Canonical for the upstart jobs.
* Removes unwanted python-webob (build-)depends (Closes: #715452).
[ Julien Cristau ]
* CVE-2013-2161: Check user input in XML responses (closes: #712202)
-- Thomas Goirand <email address hidden> Fri, 28 Jun 2013 15:33:19 +0800
-
swift (1.8.0-5) unstable; urgency=low
* swift-account should be Breaks+Replaces: swift (<< 1.8.0-4~) to allow to
do backports.
* Added Fix-formpost-with-queries-without-user_agent.patch.
-- Thomas Goirand <email address hidden> Mon, 17 Jun 2013 15:14:15 +0800
-
swift (1.8.0-4) unstable; urgency=low
* Corrects a mistake with the location of the account-server.conf, which
should have been in swift-account and not the swift package. As a
consequence, adds Breaks+Replaces: swift (<< 1.8.0-4) (Closes: #710916).
-- Thomas Goirand <email address hidden> Tue, 04 Jun 2013 00:04:35 +0800
-
swift (1.8.0-2) unstable; urgency=low
* Upload to unstable.
* Updates the Allow-all-headers-requested-for-CORS.patch.
-- Thomas Goirand <email address hidden> Wed, 15 May 2013 22:32:52 +0800
-
swift (1.4.8-2) unstable; urgency=high
* CVE-2012-4406: Do not use pickle for serialization in memcache, but JSON
(Closes: #686812).
-- Thomas Goirand <email address hidden> Thu, 06 Sep 2012 08:40:18 +0000
