swift (1.4.8-0ubuntu2.5) precise-security; urgency=medium

  [ Marc Deslauriers ]
  * SECURITY UPDATE: metadata constraint bypass via multiple requests
    - debian/patches/CVE-2014-7960.patch: add metadata checks to
      swift/account/server.py, swift/common/constraints.py,
      swift/common/db.py, swift/container/server.py, added tests to
      test/unit/common/test_db.py,
      test/functionalnosetests/test_account.py,
      test/functionalnosetests/test_container.py.
    - CVE-2014-7960

  [ Jamie Strandboge ]
  * debian/patches/CVE-2014-7960.patch:
    - adjust unittests since we use webob.exc and not the newer swob
    - adjust functional tests to properly skip if test environment is not
      specified and to not interfere with other functional tests
  * debian/control: Build-Depends on python-mock

 -- Jamie Strandboge <jamie@ubuntu.com>  Mon, 27 Jul 2015 10:48:47 -0500

swift (1.4.8-0ubuntu2.4) precise-security; urgency=medium

  * SECURITY UPDATE: timing side-channel attack in TempURL
    - debian/patches/CVE-2014-0006.patch: use constant time comparison in
      swift/common/middleware/tempurl.py.
    - CVE-2014-0006

 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Fri, 14 Mar 2014 14:22:18 -0400

swift (1.4.8-0ubuntu2.3) precise-security; urgency=low

  * SECURITY UPDATE: Fix handling of DELETE obj reqs with old timestamp
    - debian/patches/CVE-2013-4155.patch: don't create tombstone files when
      a file with a newer timestamp exists
    - CVE-2013-4155
    - LP: #1196932

 -- Jamie Strandboge <jamie@ubuntu.com>  Thu, 22 Aug 2013 15:40:33 -0500

swift (1.4.8-0ubuntu2.2) precise-security; urgency=low

  * SECURITY UPDATE: fix unchecked input in XML responses
    - debian/patches/CVE-2013-2161.patch: use saxutils.quoteattr() on account
      name
    - CVE-2013-2161
    - LP: #1183884
  * SECURITY UPDATE: optionally allow using secure json serialization instead
    of pickle.
    - debian/patches/CVE-2012-4406.patch: add memcache_serialization_support
      option and update man pages
    - debian/patches/memcache_serialization_support-default-to-zero.patch:
      default to insecure pickle configuration for people upgrading.
      Interested users can adjust this as desired
    - CVE-2012-4406
    - LP: #1006414

 -- Jamie Strandboge <jamie@ubuntu.com>  Mon, 17 Jun 2013 14:56:56 -0500

swift (1.4.8-0ubuntu2) precise; urgency=low

  * debian/patches/fix-ubuntu-unittests.patch: Refreshed
    to fix testsuite failures. 

 -- Chuck Short <zulcss@ubuntu.com>  Thu, 12 Apr 2012 12:05:29 -0400

swift (1.4.8-0ubuntu1) precise; urgency=low

  * New upstream release.
  * debian/patches/fix-ubuntu-unittests.patch: Refreshed. 
  * debian/patches/fix-doc-no-network.patch: Dont access network when
    trying to build docs.

 -- Chuck Short <zulcss@ubuntu.com>  Tue, 10 Apr 2012 09:23:54 -0400

swift (1.4.7-0ubuntu3) precise; urgency=low

  * debian/rules: Make the build fail if the testsuite doesnt pass. 
  * debian/patches/fix-ubuntu-unittests.patch: Various fixes to build
    swift in the buildds. (LP: #961871)

 -- Chuck Short <zulcss@ubuntu.com>  Mon, 26 Mar 2012 12:11:25 -0400

swift (1.4.7-0ubuntu2) precise; urgency=low

  * Fixup upstart configurations (LP: #954477):
    - d/rules: Correctly generate ALL upstart configurations when 
      building for Ubuntu.
    - d/*.upstart.in: Update upstart config's to use new conf file locations.

 -- James Page <james.page@ubuntu.com>  Thu, 15 Mar 2012 15:34:19 +0000

swift (1.4.7-0ubuntu1) precise; urgency=low

  [ Chuck Short ]
  * New upstream release.

  [ Thierry Carrez (ttx) ]
  * Remove swift-stats-populate, swift-stats-report and stats.conf-sample to
    match Swift 1.4.7 contents

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 09 Mar 2012 13:26:07 -0500

swift (1.4.7~20120302.1721-0ubuntu1) precise; urgency=low

  * New upstream release.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 02 Mar 2012 13:27:27 -0500

swift (1.4.7~20120224.1690-0ubuntu1) precise; urgency=low

  [ Chuck Short ]
  * New upstream release.

  [ Chmouel Boudjnah ]
  * Add more samples to packages (LP:#667935)

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 24 Feb 2012 09:10:12 -0500

swift (1.4.7~20120210.1686-0ubuntu1) precise; urgency=low

  * New upstream release. 
  * debian/control: Add python-paste.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 10 Feb 2012 09:41:51 -0500

swift (1.4.6~20120202.1676-0ubuntu1) precise; urgency=low

  * New upstream version.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 03 Feb 2012 09:35:18 -0500

swift (1.4.6~20120119.1666-0ubuntu2) precise; urgency=low

  * Update swift.install to reflect release. 

 -- Chuck Short <zulcss@ubuntu.com>  Thu, 26 Jan 2012 09:05:51 -0500

swift (1.4.6~20120119.1666-0ubuntu1) precise; urgency=low

  [Chuck Short]
  * New upstream release.

  [ Daniel T Chen ]
  * debian/control: Fix Vcs entries.
  * debian/swift.install: Add new scripts. Fixes FTBFS.

  [ Marc Cluet ]
  * Changed swift-proxy upstart script to watch /etc/swift/proxy-server.conf
    (LP:#917893)

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 20 Jan 2012 13:20:46 -0500

swift (1.4.6~20120112.1660-0ubuntu1) precise; urgency=low

  [Chuck Short]
  * New upstream release.
  * Merged changes from upstream packaging, thanks to Thierry Carrez.
  * debian/rules:
    + Remove egg-info on clean.

  [Thierry Carrez (ttx)]
  * Added usr/bin/swift-recon[-cron] to swift package.

 -- Chuck Short <zulcss@ubuntu.com>  Mon, 09 Jan 2012 11:26:25 -0500

swift (1.4.5~20111202.1634-0ubuntu3) precise; urgency=low

  * debian/swift.manpages: Remove swauth man pages.

 -- Matthias Klose <doko@ubuntu.com>  Wed, 21 Dec 2011 18:29:35 +0100

swift (1.4.5~20111202.1634-0ubuntu2) precise; urgency=low

  [ Chuck Short ]
  * Drop swauth man pages. (LP: #900888)
  * debian/control:
    - Clean up build depends.
    - Update VCS info to point to the right branches.
  * debian/rules: Run the swift testsuite.
  * debian/python-swift.postinst: Change user's shell to /bin/false.
  * Fix some lintian warnings.

  [ Thierry Carrez (ttx) ]
  * Ship swift-oldies and swift-orphans in swift package

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 16 Dec 2011 09:45:28 -0500

swift (1.4.5~20111202.1634-0ubuntu1) precise; urgency=low

  * New upstream release.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 02 Dec 2011 09:49:32 -0500

swift (1.4.5~20111117.1632-0ubuntu1) precise; urgency=low

  * New upstream release.
  * Convert init scripts to upstart.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 18 Nov 2011 13:25:16 -0500

swift (1.4.4~20111108.1612-0ubuntu1) precise; urgency=low

  * New upstream release.
  * debian/rules: Add --fail-missing.
  * Update .isntall files. (LP: #882679, #841853)

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 11 Nov 2011 10:49:12 -0500

swift (1.4.4~20111014.1599-0ubuntu1) precise; urgency=low

  * New upstream verison. 
  * Dropped:
    - debian/patches/backport-change-swift-ring-builder-exit-codes.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 21 Oct 2011 13:50:47 -0400

swift (1.4.3-0ubuntu2) oneiric; urgency=low

  [ Adam Gandelman ]
  * debian/patches/backport-change-swift-ring-builder-exit-codes: Standardize
    exit codes now to reduce hassles after future upgrades (LP: #836922)

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 30 Sep 2011 15:00:26 -0400

swift (1.4.3-0ubuntu1) oneiric; urgency=low

  [Chuck Short]
  * New upstream release.

  [Monty Taylor]
  * Work around dh_python2 for lucid. (LP: #848971)

 -- Monty Taylor <mordred@inaugust.com>  Fri, 16 Sep 2011 15:40:19 -0400

swift (1.4.3~20110902.354-0ubuntu1) oneiric; urgency=low

  * New upstream release.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 02 Sep 2011 14:10:27 -0400

swift (1.4.3~20110823.347-0ubuntu1) oneiric; urgency=low

  * New upstream release.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 26 Aug 2011 14:11:09 -0400

swift (1.4.3~20110811.341-0ubuntu1) oneiric; urgency=low

  * New upstream release. 

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 12 Aug 2011 05:33:16 -0400

swift (1.4.3~20110728.333-0ubuntu1) UNRELEASED; urgency=low

  [ Soren Hansen ]
  * New upstream snapshot.
  * Remove debian-changes patch file.
  * Remove SOURCES.txt in clean target to avoid gettings its changes in
    our diff.gz.
  * Add "status" support to all init scripts.
  * Use "shutdown" instead of "stop" as the action argument for swift-
    init. This shuts down the services gracefully (letting live requests
    finish).
  * Add swift-dispersion-{report,populate} to swift.install.

  [ Thomas Goirand ]
  * Added missing adduser and lsb-base dependency.
  * Made the long description longer (it was really minimalistic).
  * Reworked all Debian init.d scripts.
  * Added many missing manpages.
  * Added default container-server.conf & object-server.conf files.

  [ James Page ]
  * Added debian/python-swift.postrm:  Remove swift user when purging 
    package (LP: #825670).

 -- James Page <james.page@ubuntu.com>  Tue, 16 Aug 2011 10:33:00 +0100

swift (1.4.2-0ubuntu1) oneiric; urgency=low

  * New upstream release.
  * debian/control: 
    - Update vcs infomration.
    - Cleaned up build dependencies.
    - Bump standards to version 3.9.2.
  * debian/README.Source: Add doc to upload swift to the ubuntu archive.
  * dh_python2 transition.

 -- Chuck Short <zulcss@ubuntu.com>  Thu, 28 Jul 2011 10:39:51 -0400

swift (1.4.2~20110624.319-0ubuntu3) oneiric; urgency=low

  * Clean up missing files.

 -- Chuck Short <zulcss@ubuntu.com>  Mon, 27 Jun 2011 06:30:51 -0400

swift (1.4.2~20110624.319-0ubuntu2) oneiric; urgency=low

  * New upstream release.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 24 Jun 2011 14:00:18 -0400

swift (1.4.1-0ubuntu1) oneiric; urgency=low

  * New upstream release. 

 -- Chuck Short <zulcss@ubuntu.com>  Mon, 20 Jun 2011 13:08:04 -0400

swift (1.4.1~20110615.r304-0ubuntu1) oneiric; urgency=low

  [ Gregory Holt ]
  * Removed swauth references.

  [ Soren Hansen ]
  * st was renamed to swift.

  [ Chuck Short ]
  * New upstream release.

 -- Chuck Short <zulcss@ubuntu.com>  Thu, 16 Jun 2011 09:25:37 -0400

swift (1.4-dev+bzr300-0ubuntu1) oneiric; urgency=low

  * New upstream release.

 -- Chuck Short <zulcss@ubuntu.com>  Tue, 31 May 2011 14:29:10 -0400

swift (1.3.0-0ubuntu1) natty; urgency=low

  * New upstream release. 

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 15 Apr 2011 08:25:53 -0400

swift (1.3-rc+bzr266-0ubuntu1) UNRELEASED; urgency=low

  * New upstream release.

 -- Chuck Short <zulcss@ubuntu.com>  Thu, 14 Apr 2011 09:38:42 -0400

swift (1.2.0+bzr208-0ubuntu1) natty; urgency=low

  * New upstream release. 

 -- Chuck Short <zulcss@ubuntu.com>  Tue, 12 Apr 2011 10:32:30 -0400

swift (1.2.0-0ubuntu1) natty; urgency=low

  * New upstream release.
  * Updated VC locations in control file.
  * Set maintainer properly for Ubuntu.

 -- Monty Taylor <mordred@inaugust.com>  Wed, 16 Feb 2011 08:50:48 -0800

swift (1.1.0+bzr173-0ubuntu1) natty; urgency=low

  * Fresh snapshot.
  * Updated watch file to also know about the new tarballs place.
  * Update Maintainer to point to myself.
  * Add a get-orig-source target to debian/rules.

 -- Soren Hansen <soren@ubuntu.com>  Sat, 15 Jan 2011 00:19:38 +0100

swift (1.0.99+1.1.0rc1-1) unstable; urgency=low

  * New upstream release.
  * Updated to standards version 3.9.1.
  * Use jquery package to provide jquery.js.
  * Updated some of the control file to make lintian happy.

 -- Monty Taylor <mordred@inaugust.com>  Tue, 19 Oct 2010 14:32:17 -0700

swift (1.0.2-7) unstable; urgency=low

  * Added swift-bench to swift package.

 -- Monty Taylor <mordred@inaugust.com>  Mon, 18 Oct 2010 09:14:22 -0700

swift (1.0.2-6) unstable; urgency=low

  * swift-auth-create-account is now swift-auth-add-user.

 -- Greg Holt <gholt@rackspace.com>  Fri, 03 Sep 2010 13:32:20 +0000

swift (1.0.2-5) unstable; urgency=low

  * Add a step in debian/rules to create doc/build if it doesn't exist.

 -- Monty Taylor <mordred@inaugust.com>  Wed, 25 Aug 2010 08:55:45 -0700

swift (1.0.2-4) unstable; urgency=low

  * Fixed the depend on sphinx - it actually only needs to be >= 1.0.
  * Added paste-deploy as a depend.

 -- Monty Taylor <mordred@inaugust.com>  Tue, 24 Aug 2010 12:02:31 -0700

swift (1.0.2-3) unstable; urgency=low

  [ Greg Holt ]
  * Added a png to the docs.

  [ Monty Taylor ]
  * Add rsync and remove duplicate net-tools dependency.
  * Added Jay Payne to uploaders.
  * Added Greg Holt to uploaders.
  * Updated VCS location to use UDD locations. 
  * We actually depend on 1.0 of sphinx.

 -- Monty Taylor <mordred@inaugust.com>  Tue, 24 Aug 2010 00:02:00 -0700

swift (1.0.2-2) unstable; urgency=low

  * Created python-swift package and actually put the python files in it.
  * Added python build dep.
  * Added debhelper token to postinst script. Also removed the
    byte-compiling of the files, since python-support should do that for us.
  * Cleaned up control file - removed homepage entries in description,
    removed trailing periods.
  * Changed provides in swift-proxy to match policy.

 -- Monty Taylor <mordred@inaugust.com>  Wed, 28 Jul 2010 13:32:55 -0700

swift (1.0.2-1) unstable; urgency=low

  * New upstream release.
  * Added VCS info to control file.

 -- Monty Taylor <mordred@inaugust.com>  Thu, 22 Jul 2010 18:32:02 -0500

swift (1.0.1-1) unstable; urgency=low

  * New upstream release.

 -- Monty Taylor <mordred@inaugust.com>  Mon, 19 Jul 2010 11:22:41 -0500

swift (1.0.0-1) unstable; urgency=low

  [ Michael Barton ]
  * Initial release

  [ Monty Taylor ]
  * Added docs to doc system.

 -- Monty Taylor <mordred@inaugust.com>  Wed, 14 Jul 2010 10:41:11 -0500
