Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cosign for openSUSE:Factory checked in at 2022-02-21 17:46:52 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cosign (Old) and /work/SRC/openSUSE:Factory/.cosign.new.1958 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cosign" Mon Feb 21 17:46:52 2022 rev:3 rq:956475 version:1.5.2 Changes: -------- --- /work/SRC/openSUSE:Factory/cosign/cosign.changes 2022-01-25 17:37:48.957612887 +0100 +++ /work/SRC/openSUSE:Factory/.cosign.new.1958/cosign.changes 2022-02-21 17:49:04.983638370 +0100 @@ -1,0 +2,21 @@ +Mon Feb 21 12:28:25 UTC 2022 - Marcus Meissner <[email protected]> + +- updated to 1.5.2: + - This release contains fixes for CVE-2022-23649, affecting signature + validations with Rekor. Only validation is affected, it is not necessary + to re-sign any artifacts. (bsc#1196239) +- updated to 1.5.1: + - Bump sigstore/sigstore to pick up oidc login for vault. (#1377) + - Bump google.golang.org/api from 0.65.0 to 0.66.0 (#1371) + - expose dafaults fulcio, rekor, oidc issuer urls (#1368) + - add check to make sure the go modules are in sync (#1369) + - README: fix link to race conditions (#1367) + - Bump cloud.google.com/go/storage from 1.18.2 to 1.19.0 (#1365) + - docs: verify-attestation cue and rego policy doc (#1362) + - Update verify-blob to support DSSEs (#1355) + - organize, update select deps (#1358) + - Bump go-containerregistry to pick up ACR keychain fix (#1357) + - Bump github.com/go-openapi/runtime from 0.21.0 to 0.21.1 (#1352) + - sync go modules (#1353) + +------------------------------------------------------------------- Old: ---- cosign-1.5.0.tar.gz New: ---- cosign-1.5.2.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cosign.spec ++++++ --- /var/tmp/diff_new_pack.m6rT3Z/_old 2022-02-21 17:49:05.679638578 +0100 +++ /var/tmp/diff_new_pack.m6rT3Z/_new 2022-02-21 17:49:05.687638580 +0100 @@ -17,9 +17,9 @@ Name: cosign -Version: 1.5.0 +Version: 1.5.2 Release: 0 -%define revision 757252063bf4724f11a52336ef13a724059a39b6 +%define revision 8ffcd1228c463e1ad26ccce68ae16deeca2960b4 Summary: Container Signing, Verification and Storage in an OCI registry License: Apache-2.0 URL: https://github.com/sigstore/cosign ++++++ cosign-1.5.0.tar.gz -> cosign-1.5.2.tar.gz ++++++ /work/SRC/openSUSE:Factory/cosign/cosign-1.5.0.tar.gz /work/SRC/openSUSE:Factory/.cosign.new.1958/cosign-1.5.2.tar.gz differ: char 41, line 2 ++++++ vendor.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/cosign/vendor.tar.bz2 /work/SRC/openSUSE:Factory/.cosign.new.1958/vendor.tar.bz2 differ: char 11, line 1
