Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cosign for openSUSE:Factory checked in at 2024-07-25 15:39:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cosign (Old) and /work/SRC/openSUSE:Factory/.cosign.new.1882 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cosign" Thu Jul 25 15:39:22 2024 rev:22 rq:1189439 version:2.3.0 Changes: -------- --- /work/SRC/openSUSE:Factory/cosign/cosign.changes 2024-06-03 17:43:47.511756715 +0200 +++ /work/SRC/openSUSE:Factory/.cosign.new.1882/cosign.changes 2024-07-25 16:21:44.585972306 +0200 @@ -1,0 +2,21 @@ +Wed Jul 24 15:22:12 UTC 2024 - Marcus Meissner <[email protected]> + +- update to 2.3.0 (jsc#SLE-23879) + * Features + - Add PayloadProvider interface to decouple AttestationToPayloadJSON from oci.Signature interface (#3693) + - add registry options to cosign save (#3645) + - Add debug providers command. (#3728) + - Make config layers in ociremote mountable (#3741) + - adds tsa cert chain check for env var or tuf targets. (#3600) + - add --ca-roots and --ca-intermediates flags to 'cosign verify' (#3464) + - add handling of keyless verification for all verify commands (#3761) + + * Bug Fixes + + - fix: close attestationFile (#3679) + - Set bundleVerified to true after Rekor verification (Resolves #3740) (#3745) + + * Documentation + - Document ImportKeyPair and LoadPrivateKey functions in pkg/cosign (#3776) + +------------------------------------------------------------------- Old: ---- cosign-2.2.4.tar.gz New: ---- cosign-2.3.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cosign.spec ++++++ --- /var/tmp/diff_new_pack.oyctta/_old 2024-07-25 16:21:45.209997458 +0200 +++ /var/tmp/diff_new_pack.oyctta/_new 2024-07-25 16:21:45.209997458 +0200 @@ -16,9 +16,9 @@ # -%define revision fb651b4ddd8176bd81756fca2d988dd8611f514d +%define revision deed3631520ddeb6cc7d81ace205a97342c8daab Name: cosign -Version: 2.2.4 +Version: 2.3.0 Release: 0 Summary: Container Signing, Verification and Storage in an OCI registry License: Apache-2.0 @@ -27,7 +27,7 @@ Source1: vendor.tar.zst BuildRequires: golang-packaging BuildRequires: zstd -BuildRequires: golang(API) = 1.21 +BuildRequires: golang(API) = 1.22 %description Cosign aims to make signatures invisible infrastructure. ++++++ cosign-2.2.4.tar.gz -> cosign-2.3.0.tar.gz ++++++ ++++ 6476 lines of diff (skipped) ++++++ vendor.tar.zst ++++++ /work/SRC/openSUSE:Factory/cosign/vendor.tar.zst /work/SRC/openSUSE:Factory/.cosign.new.1882/vendor.tar.zst differ: char 8, line 1
