Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cosign for openSUSE:Factory checked in at 2024-04-15 20:18:42 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cosign (Old) and /work/SRC/openSUSE:Factory/.cosign.new.26366 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cosign" Mon Apr 15 20:18:42 2024 rev:20 rq:1167811 version:2.2.4 Changes: -------- --- /work/SRC/openSUSE:Factory/cosign/cosign.changes 2024-02-02 15:48:48.268008807 +0100 +++ /work/SRC/openSUSE:Factory/.cosign.new.26366/cosign.changes 2024-04-15 20:24:47.570613665 +0200 @@ -1,0 +2,24 @@ +Mon Apr 15 12:48:16 UTC 2024 - Marcus Meissner <meiss...@suse.com> + +- updated to 2.2.4 (jsc#SLE-23879) + * Bug Fixes + + * Fixes for GHSA-88jx-383q-w4qc and GHSA-95pr-fxf5-86gv (#3661) + - CVE-2024-29902: Malicious attachments can cause system-wide denial of service (bsc#1222835) + - CVE-2024-29903: Malicious artifects can cause machine-wide denial of service (bsc#1222837) + * ErrNoSignaturesFound should be used when there is no signature attached to an image. (#3526) + * fix semgrep issues for dgryski.semgrep-go ruleset (#3541) + * Honor creation timestamp for signatures again (#3549) + + * Features + + * Adds Support for Fulcio Client Credentials Flow, and Argument to Set Flow Explicitly (#3578) + + * Documentation + + * add oci bundle spec (#3622) + * Correct help text of triangulate cmd (#3551) + * Correct help text of verify-attestation policy argument (#3527) + * feat: add OVHcloud MPR registry tested with cosign (#3639) + +------------------------------------------------------------------- Old: ---- cosign-2.2.3.tar.gz New: ---- cosign-2.2.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cosign.spec ++++++ --- /var/tmp/diff_new_pack.zFTCPE/_old 2024-04-15 20:24:48.294640322 +0200 +++ /var/tmp/diff_new_pack.zFTCPE/_new 2024-04-15 20:24:48.298640469 +0200 @@ -16,9 +16,9 @@ # -%define revision 493e6e29e2ac830aaf05ec210b36d0a5a60c3b32 +%define revision fb651b4ddd8176bd81756fca2d988dd8611f514d Name: cosign -Version: 2.2.3 +Version: 2.2.4 Release: 0 Summary: Container Signing, Verification and Storage in an OCI registry License: Apache-2.0 ++++++ cosign-2.2.3.tar.gz -> cosign-2.2.4.tar.gz ++++++ ++++ 9157 lines of diff (skipped) ++++++ vendor.tar.zst ++++++ Binary files /var/tmp/diff_new_pack.zFTCPE/_old and /var/tmp/diff_new_pack.zFTCPE/_new differ
