Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cosign for openSUSE:Factory checked in at 2022-10-19 13:17:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cosign (Old) and /work/SRC/openSUSE:Factory/.cosign.new.2275 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cosign" Wed Oct 19 13:17:47 2022 rev:12 rq:1029810 version:1.13.1 Changes: -------- --- /work/SRC/openSUSE:Factory/cosign/cosign.changes 2022-09-27 20:14:41.805927749 +0200 +++ /work/SRC/openSUSE:Factory/.cosign.new.2275/cosign.changes 2022-10-19 13:18:18.593300802 +0200 @@ -1,0 +2,31 @@ +Tue Oct 18 12:37:41 UTC 2022 - Marcus Meissner <meiss...@suse.com> + +- update to 1.13.1: + * verify-blob-attestation: allow multiple subjects in in_toto attestation (#2341) + * Nits for #2337 (#2342) + * Add verify-blob-attestation command and tests (#2337) + * Update warning when users sign images by tag. (#2313) + * Remove experimental flags from attest-blob and refactor (#2338) + * Add --output-attestation flag to attest-blob and remove experimental signing (#2332) + * Add attest-blob command (#2286) + * Add '--cert-identity' flag to support subject alternate names for ver??? (#2278) + * Update Dockerfile section of README (#2323) + * Fix option description: "sign" --> "verify" (#2306) +- update to 1.13.0: + * feat: use stdin as an input for predicate by @developer-guy in https://github.com/sigstore/cosign/pull/2269 + * feat: improve the verification message by @developer-guy in https://github.com/sigstore/cosign/pull/2268 + * use scaffolding 0.4.8 for tests. by @vaikas in https://github.com/sigstore/cosign/pull/2280 + * fix pivtool generate key touch policy by @cpanato in https://github.com/sigstore/cosign/pull/2282 + * Check error on chain verification failure by @haydentherapper in https://github.com/sigstore/cosign/pull/2284 + * Fix: Remove an extra registry request from verification path. by @mattmoor in https://github.com/sigstore/cosign/pull/2285 + * Fix: Create a static copy of signatures as part of verification. by @mattmoor in https://github.com/sigstore/cosign/pull/2287 + * Data race in FetchSignaturesForReference by @RTann in https://github.com/sigstore/cosign/pull/2283 + * Add support for Fulcio username identity in SAN by @haydentherapper in https://github.com/sigstore/cosign/pull/2291 + * fix: make tlog entry lookups for online verification shard-aware by @asraa in https://github.com/sigstore/cosign/pull/2297 + * Better help text to sign and verify SBOM by @ChristianCiach in https://github.com/sigstore/cosign/pull/2308 + * Adding warning to pin to digest by @ChaosInTheCRD in https://github.com/sigstore/cosign/pull/2311 + * Add annotations for upload blob. by @cldmnky in https://github.com/sigstore/cosign/pull/2188 + * replace deprecate package by @cpanato in https://github.com/sigstore/cosign/pull/2314 + * update release images to use go1.19.2 and cosign v1.12.1 by @cpanato in https://github.com/sigstore/cosign/pull/2315 + +------------------------------------------------------------------- Old: ---- cosign-1.12.1.tar.gz New: ---- cosign-1.13.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cosign.spec ++++++ --- /var/tmp/diff_new_pack.go6qOD/_old 2022-10-19 13:18:19.549302784 +0200 +++ /var/tmp/diff_new_pack.go6qOD/_new 2022-10-19 13:18:19.553302792 +0200 @@ -17,9 +17,9 @@ Name: cosign -Version: 1.12.1 +Version: 1.13.1 Release: 0 -%define revision 0baa044bea61e7c16d56023be20ead3d9204b24a +%define revision d1c6336475b4be26bb7fb52d97f56ea0a1767f9f Summary: Container Signing, Verification and Storage in an OCI registry License: Apache-2.0 URL: https://github.com/sigstore/cosign ++++++ cosign-1.12.1.tar.gz -> cosign-1.13.1.tar.gz ++++++ /work/SRC/openSUSE:Factory/cosign/cosign-1.12.1.tar.gz /work/SRC/openSUSE:Factory/.cosign.new.2275/cosign-1.13.1.tar.gz differ: char 13, line 1 ++++++ vendor.tar.zst ++++++ Binary files /var/tmp/diff_new_pack.go6qOD/_old and /var/tmp/diff_new_pack.go6qOD/_new differ
