Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cosign for openSUSE:Factory checked in at 2022-06-19 21:11:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cosign (Old) and /work/SRC/openSUSE:Factory/.cosign.new.1548 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cosign" Sun Jun 19 21:11:05 2022 rev:7 rq:983636 version:1.9.0 Changes: -------- --- /work/SRC/openSUSE:Factory/cosign/cosign.changes 2022-05-21 19:08:09.927471879 +0200 +++ /work/SRC/openSUSE:Factory/.cosign.new.1548/cosign.changes 2022-06-19 21:11:13.502158345 +0200 @@ -1,0 +2,50 @@ +Sat Jun 18 14:16:31 UTC 2022 - Marcus Meissner <meiss...@suse.com> + +- updated to 1.9.0 + - Check failure message of policy that fails with issuer mismatch by @vaikas in #1815 + - [Cosigned] Add signature pull secrets by @DennyHoang in #1805 + - feat: add rego policy support by @hectorj2f in #1817 + - Refactor fulcio signer to take in KeyOpts (take 2) by @wlynch in #1818 + - cosigned: Test unsupported KMS providers by @imjasonh in #1820 + - chore(deps): Included dependency review by @naveensrinivasan in #1792 + - Add auth flow option to KeyOpts. by @wlynch in #1827 + - Document Staging instance usage with Keyless by @k4leung4 in #1824 + - New flag --oidc-providers-disable to disable OIDC providers by @puerco in #1832 + - Validate tlog entry when verifying signature via public key. by @wlynch in #1833 + - Add function to explicitly request a certain provider by @priyawadhwa in #1837 + - cosigned: Fix podAntiAffinity labels by @elfotografo007 in #1841 + - remove exclude from go.mod by @cpanato in #1846 + - [Cosigned] Glob matching improvement by @DennyHoang in #1842 + - sget: Enable KMS providers for sget by @imjasonh in #1852 + - Fix piv-tool generate-key command in TOKENS doc by @nealmcb in #1850 + - Add IBM Cloud Container Registry to tested registry list by @bainsy88 in #1856 + - If SBOM ref has .json suffix, assume JSON mediatype by @jdolitsky in #1859 + - Add rekor.0.pub TUF target to unit tests by @priyawadhwa in #1860 + - Normalize certificate flag names by @haydentherapper in #1868 + - Check certificate policy flags with only a certificate by @haydentherapper in #1869 + - Update go to 1.17.10 / cosign image to 1.18.0 and actions setup go by @cpanato in #1861 + - Point git commmit FUN.md to gitsign! by @wlynch in #1874 + - [cosigned] remove regex from the image pattern fields by @hectorj2f in #1873 + - go.mod: format go.mod by @zchee in #1879 + - Remove dependency on deprecated github.com/pkg/errors by @zchee in #1887 + - tree: only report artifacts that are present by @ribbybibby in #1872 + - update README with ebpf modules by @EItanya in #1888 + - Update github.com/google/go-containerregistry/pkg/authn/k8schain module to f1b065c6cb3d by @vpnachev in #1889 + - v1beta1 API for cosigned by @vaikas in #1890 + - tree: support --attachment-tag-prefix by @ribbybibby in #1900 + - [cosigned] Remove undefined apiGroups from policy clusterrole by @vpnachev in #1896 + - GHSA-66x3-6cw3-v5gj: Update go-tuf to v0.3.0 by @janisz in #1894 + - The timeout arg in golangci-lint has been moved to the generic args p??? by @dlorenc in #1901 + - [cosigned] Rename cosigned references to policy-controller by @hectorj2f in #1893 + - Move deprecated dependency: google/trillian/merkle to transparency-dev by @cpanato in #1910 + - Add support for "**" in image glob matching by @imjasonh in #1914 + - Add privacy statement for PII storage by @haydentherapper in #1909 + - Do not push to public rekor. by @vaikas in #1931 + - fix: fix fetching updated targets from TUF root by @asraa in #1921 + - fix: fix #1930 for AWS KMS formats by @vaikas in #1946 + - update cross-builder image to use go1.17.11 by @cpanato in #1950 + - remove deprecation from goreleaser, go-fish is not supported anymore by @cpanato in #1952 + - add changelog for v1.9.0 by @cpanato in #1955 + - add parallelism for goreleaser by @cpanato in #1957 + +------------------------------------------------------------------- Old: ---- cosign-1.8.0.tar.gz New: ---- cosign-1.9.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cosign.spec ++++++ --- /var/tmp/diff_new_pack.YXCNWV/_old 2022-06-19 21:11:16.882163373 +0200 +++ /var/tmp/diff_new_pack.YXCNWV/_new 2022-06-19 21:11:16.886163379 +0200 @@ -17,9 +17,9 @@ Name: cosign -Version: 1.8.0 +Version: 1.9.0 Release: 0 -%define revision 9ef6b207218572b3257a5b4251418d75569baaae +%define revision a4cb262dc3d45a283a6a7513bb767a38a2d3f448 Summary: Container Signing, Verification and Storage in an OCI registry License: Apache-2.0 URL: https://github.com/sigstore/cosign ++++++ cosign-1.8.0.tar.gz -> cosign-1.9.0.tar.gz ++++++ /work/SRC/openSUSE:Factory/cosign/cosign-1.8.0.tar.gz /work/SRC/openSUSE:Factory/.cosign.new.1548/cosign-1.9.0.tar.gz differ: char 22, line 2 ++++++ vendor.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/cosign/vendor.tar.bz2 /work/SRC/openSUSE:Factory/.cosign.new.1548/vendor.tar.bz2 differ: char 1, line 1
