Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package cosign for openSUSE:Factory checked
in at 2022-08-05 19:52:00
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cosign (Old)
and /work/SRC/openSUSE:Factory/.cosign.new.1521 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cosign"
Fri Aug 5 19:52:00 2022 rev:9 rq:993342 version:1.10.1
Changes:
--------
--- /work/SRC/openSUSE:Factory/cosign/cosign.changes 2022-07-28
20:59:38.631747437 +0200
+++ /work/SRC/openSUSE:Factory/.cosign.new.1521/cosign.changes 2022-08-05
19:52:47.501733106 +0200
@@ -1,0 +2,22 @@
+Fri Aug 5 14:03:51 UTC 2022 - Marcus Meissner <meiss...@suse.com>
+
+- updated to 1.10.1 (jsc#SLE-23879)
+ - CVE-2022-35929: Fixed that cosign verify-attestaton --type can
+ report a false positive if any attestation exists (GHSA-vjxv-45g9-9296
+ (bsc#1202157)
+
+- What else changed:
+ - add flag to allow skipping upload to transparency log by @k4leung4 in #2089
+ - Improve error message when no sigs/atts are found for an image by
@imjasonh in #2101
+ - Change Result in Vulnerability Attestation to interface{} by @knqyf263 in
#2096
+ - Fix field names in the vulnerability attestation by @otms61 in #2099
+ - remove style jobs and cleanup makefile gofmt and goimports are running
already with golangci-lint by @cpanato in #2105
+ - sparkles Enable Scorecard badge by @azeemshaikh38 in #2109
+ - Resolves #522 set Created date to time of execution by @Lerentis in #2108
+ - Introduce a custom error type to classify errors. by @mattmoor in #2114
+ - feat: attach: attestation: allow passing multiple payloads by @Dentrax in
#2085
+ - update cross-builder to go1.18.5 and cosign image to 1.10.0 by @cpanato in
#2119
+ - chore: fix documentation and warning on using untrusted rekor key by
@asraa in #2124
+ - Correct the type used for attest by @mattmoor in #2128
+
+-------------------------------------------------------------------
Old:
----
cosign-1.10.0.tar.gz
New:
----
cosign-1.10.1.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cosign.spec ++++++
--- /var/tmp/diff_new_pack.554Zxx/_old 2022-08-05 19:52:48.193734894 +0200
+++ /var/tmp/diff_new_pack.554Zxx/_new 2022-08-05 19:52:48.201734914 +0200
@@ -17,9 +17,9 @@
Name: cosign
-Version: 1.10.0
+Version: 1.10.1
Release: 0
-%define revision 3a6088d03d7c053f9b3bd61ed07fba92133579cf
+%define revision a39ce91fadc582e0efce3321744a79ccd3c8b39c
Summary: Container Signing, Verification and Storage in an OCI registry
License: Apache-2.0
URL: https://github.com/sigstore/cosign
++++++ cosign-1.10.0.tar.gz -> cosign-1.10.1.tar.gz ++++++
/work/SRC/openSUSE:Factory/cosign/cosign-1.10.0.tar.gz
/work/SRC/openSUSE:Factory/.cosign.new.1521/cosign-1.10.1.tar.gz differ: char
15, line 1
++++++ vendor.tar.bz2 ++++++
/work/SRC/openSUSE:Factory/cosign/vendor.tar.bz2
/work/SRC/openSUSE:Factory/.cosign.new.1521/vendor.tar.bz2 differ: char 11,
line 1
