Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package rekor for openSUSE:Factory checked in at 2025-09-01 17:18:48 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rekor (Old) and /work/SRC/openSUSE:Factory/.rekor.new.1977 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rekor" Mon Sep 1 17:18:48 2025 rev:28 rq:1302197 version:1.4.1 Changes: -------- --- /work/SRC/openSUSE:Factory/rekor/rekor.changes 2025-08-04 15:24:56.694301465 +0200 +++ /work/SRC/openSUSE:Factory/.rekor.new.1977/rekor.changes 2025-09-01 17:19:34.238447318 +0200 @@ -1,0 +2,14 @@ +Mon Sep 01 11:06:50 UTC 2025 - Marcus Meissner <[email protected]> + +- Update to version 1.4.1 (jsc#SLE-23476):: + * build(deps): Bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14 (#2596) + CVE-2025-58058: rekor: github.com/ulikunitz/xz: github.com/ulikunitz/xz leaks memory: (bsc#1248910) + * build(deps): Bump github.com/redis/go-redis/v9 from 9.11.0 to 9.12.1 + CVE-2025-29923: rekor: github.com/redis/go-redis: potential out of order responses when `CLIENT SETINFO` times out during connection establishment (bsc#1241153) + * use less expensive gRPC call to implement GetLeafAndProofByHash (#2581) + * move to per-shard trillian client manager (#2564) + * use cheaper gRPC endpoint when we already have the inclusion proof (#2580) + * simplify hash and signature verification in rekord type (#2579) + * return correct error if GetLeafAndProofByHash fails (#2574) + +------------------------------------------------------------------- Old: ---- rekor-1.4.0.obscpio New: ---- rekor-1.4.1.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rekor.spec ++++++ --- /var/tmp/diff_new_pack.vfeHQ3/_old 2025-09-01 17:19:35.322493216 +0200 +++ /var/tmp/diff_new_pack.vfeHQ3/_new 2025-09-01 17:19:35.326493385 +0200 @@ -1,6 +1,7 @@ # # spec file for package rekor # +# Copyright (c) 2025 SUSE LLC # Copyright (c) 2025 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties @@ -19,7 +20,7 @@ %define apps cli server Name: rekor -Version: 1.4.0 +Version: 1.4.1 Release: 0 Summary: Supply Chain Transparency Log License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.vfeHQ3/_old 2025-09-01 17:19:35.358494740 +0200 +++ /var/tmp/diff_new_pack.vfeHQ3/_new 2025-09-01 17:19:35.362494910 +0200 @@ -3,7 +3,7 @@ <param name="url">https://github.com/sigstore/rekor</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v1.4.0</param> + <param name="revision">v1.4.1</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.vfeHQ3/_old 2025-09-01 17:19:35.382495756 +0200 +++ /var/tmp/diff_new_pack.vfeHQ3/_new 2025-09-01 17:19:35.386495926 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/sigstore/rekor</param> - <param name="changesrevision">d7d31f0250d4b98ce0be3837fef9510b59e57cb7</param></service></servicedata> + <param name="changesrevision">7c83add6b10b15d4665b1773ccb6144da95394b7</param></service></servicedata> (No newline at EOF) ++++++ rekor-1.4.0.obscpio -> rekor-1.4.1.obscpio ++++++ ++++ 2653 lines of diff (skipped) ++++++ rekor.obsinfo ++++++ --- /var/tmp/diff_new_pack.vfeHQ3/_old 2025-09-01 17:19:35.706509475 +0200 +++ /var/tmp/diff_new_pack.vfeHQ3/_new 2025-09-01 17:19:35.710509644 +0200 @@ -1,5 +1,5 @@ name: rekor -version: 1.4.0 -mtime: 1754064429 -commit: d7d31f0250d4b98ce0be3837fef9510b59e57cb7 +version: 1.4.1 +mtime: 1756478534 +commit: 7c83add6b10b15d4665b1773ccb6144da95394b7 ++++++ vendor.tar.zst ++++++ /work/SRC/openSUSE:Factory/rekor/vendor.tar.zst /work/SRC/openSUSE:Factory/.rekor.new.1977/vendor.tar.zst differ: char 7, line 1
