Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package cosign for openSUSE:Factory checked in at 2022-05-21 19:06:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/cosign (Old) and /work/SRC/openSUSE:Factory/.cosign.new.1538 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cosign" Sat May 21 19:06:44 2022 rev:6 rq:978429 version:1.8.0 Changes: -------- --- /work/SRC/openSUSE:Factory/cosign/cosign.changes 2022-04-26 20:17:42.800756676 +0200 +++ /work/SRC/openSUSE:Factory/.cosign.new.1538/cosign.changes 2022-05-21 19:08:09.927471879 +0200 @@ -1,0 +2,40 @@ +Sat May 21 13:07:53 UTC 2022 - Marcus Meissner <meiss...@suse.com> + +- updated to 1.8.0 + + - Move the KMS integration imports into the binary entrypoints by @mattmoor in #1744 + - [Cosigned] Convert functions for webhookCIP from v1alpha1 by @DennyHoang in #1736 + - Refactor policy related code, add support for vuln verify by @vaikas in #1747 + - Use bundle log ID to find verification key by @haydentherapper in #1748 + - [cosigned] The webhook name is now configurable via --webhook-name flag by @vpnachev in #1726 + - Add intermediate CA certificate pool for Fulcio by @haydentherapper in #1749 + - test: create fake TUF test root and create test SETs for verification by @asraa in #1750 + - Implement identities, fix bug in webhook validation. by @vaikas in #1759 + - Validate issuer/subject regexp in validate webhook. by @vaikas in #1761 + - chore: add warning when attaching sBOMs by @hectorj2f in #1756 + - Verify embedded SCTs by @haydentherapper in #1731 + - chore: add warning when downloading a sBOM by @hectorj2f in #1763 + - [policy-webhook] The webhooks name is now configurable via --(validating|mutating)-webhook-name flags by @vpnachev in #1757 + - Break the CIP action tests into a sh script. by @vaikas in #1767 + - tuf: add debug info if tuf update fails by @asraa in #1766 + - cosigned: add support for rsa keys by @hectorj2f in #1768 + - Cosigned validate against remote sig src by @DennyHoang in #1754 + - Add Fulcio intermediate CA certificate to intermediate pool by @haydentherapper in #1774 + - fix: more informative error by @ybelMekk in #1778 + - Run update-codegen. by @wlynch in #1789 + - Remove the dependency on v1alpha1.Identity which brings in unnecessary k8s deps. by @vaikas in #1790 + - Refactor fulcio signer to take in KeyOpts. by @wlynch in #1788 + - test: add cue unit tests by @hectorj2f in #1791 + - Attestations + policy in cip. by @vaikas in #1772 + - chore: add rego function to consume modules and evaluate them by @hectorj2f in #1787 + - Add parallelization for processing policies / authorities. by @vaikas in #1795 + - Allow passing keys via environment variables (env:// refs) by @znewman01 in #1794 + - Handle context cancelled properly + tests. by @vaikas in #1796 + - Fix a bug where an error would send duplicate results. by @vaikas in #1797 + - Revert "Refactor fulcio signer to take in KeyOpts. (#1788)" by @wlynch in #1798 + - cosigned: Unify cue data and policy before evaluating it by @hectorj2f in #1793 + - Don't fail open in VerifyBundle by @mtrmac in #1648 + - Load in intermediate cert pool from TUF by @haydentherapper in #1804 + - Support PKCS1 encoded and non-ECDSA CT log public keys by @haydentherapper in #1806 + +------------------------------------------------------------------- Old: ---- cosign-1.7.2.tar.gz New: ---- cosign-1.8.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ cosign.spec ++++++ --- /var/tmp/diff_new_pack.FtZ2Z8/_old 2022-05-21 19:08:11.531474239 +0200 +++ /var/tmp/diff_new_pack.FtZ2Z8/_new 2022-05-21 19:08:11.535474245 +0200 @@ -17,9 +17,9 @@ Name: cosign -Version: 1.7.2 +Version: 1.8.0 Release: 0 -%define revision 1b1bca3280994eebe38d35e03bbd66af6214f0f1 +%define revision 9ef6b207218572b3257a5b4251418d75569baaae Summary: Container Signing, Verification and Storage in an OCI registry License: Apache-2.0 URL: https://github.com/sigstore/cosign ++++++ cosign-1.7.2.tar.gz -> cosign-1.8.0.tar.gz ++++++ /work/SRC/openSUSE:Factory/cosign/cosign-1.7.2.tar.gz /work/SRC/openSUSE:Factory/.cosign.new.1538/cosign-1.8.0.tar.gz differ: char 115, line 3 ++++++ vendor.tar.bz2 ++++++ /work/SRC/openSUSE:Factory/cosign/vendor.tar.bz2 /work/SRC/openSUSE:Factory/.cosign.new.1538/vendor.tar.bz2 differ: char 11, line 1
