Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package rekor for openSUSE:Factory checked in at 2023-04-05 21:28:33 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rekor (Old) and /work/SRC/openSUSE:Factory/.rekor.new.19717 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rekor" Wed Apr 5 21:28:33 2023 rev:14 rq:1077494 version:1.1.0 Changes: -------- --- /work/SRC/openSUSE:Factory/rekor/rekor.changes 2022-12-05 18:01:52.276800532 +0100 +++ /work/SRC/openSUSE:Factory/.rekor.new.19717/rekor.changes 2023-04-05 21:35:58.442677700 +0200 @@ -1,0 +2,40 @@ +Wed Apr 5 08:27:23 UTC 2023 - Marcus Meissner <meiss...@suse.com> + +- updated to rekor 1.1.0 (jsc#SLE-23476): + Functional Enhancements + + - improve validation on intoto v0.0.2 type (#1351) + - add feature to limit HTTP request body length to process (#1334) + - add information about the file size limit (#1313) + - Add script to backfill Redis from Rekor (#1163) + - Feature: add search support for sha512 (#1142) + + Quality Enhancements + + - various fuzzing fixes + + Bug Fixes + + - remove goroutine usage from SearchLogQuery (#1407) + - drop log messages regarding attestation storage to debug (#1408) + - fix validation for proposed vs committed log entries for intoto v0.0.1 (#1309) + - fix: fix regex for multi-digit counts (#1321) + - return NotFound if treesize is 0 rather than calling trillian (#1311) + - enumerate slice to get sugared logs (#1312) + - put a reasonable size limit on ssh key reader (#1288) + - CLIENT: Fix Custom Host and Path Issue (#1306) + - do not persist local state if log is empty; fail consistency proofs from 0 size (#1290) + - correctly handle invalid or missing pki format (#1281) + - Add Verifier to get public key/cert and identities for entry type (#1210) + - fix goroutine leak in client; add insecure TLS option (#1238) + - Fix - Remove the force-recreate flag (#1179) + - trim whitespace around public keys before parsing (#1175) + - stop inserting envelope hash for intoto:0.0.2 types into index (#1171) + - Revert "remove double encoding of payload and signature fields for intoto (#1150)" (#1158) + - remove double encoding of payload and signature fields for intoto (#1150) + - fix SearchLogQuery behavior to conform to openapi spec (#1145) + - Remove pem-certificate-chain from client (#1138) + - fix flag type for operator in search (#1136) + - use sigstore/community dep review (#1132) + +------------------------------------------------------------------- Old: ---- rekor-1.0.1.tar.gz New: ---- rekor-1.1.0.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rekor.spec ++++++ --- /var/tmp/diff_new_pack.vKkESf/_old 2023-04-05 21:35:59.070681285 +0200 +++ /var/tmp/diff_new_pack.vKkESf/_new 2023-04-05 21:35:59.078681330 +0200 @@ -1,7 +1,7 @@ # # spec file for package rekor # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,9 +19,9 @@ %define apps cli server Name: rekor -Version: 1.0.1 +Version: 1.1.0 Release: 0 -%define revision d3162350e96098ca8a24adfdbee42057e43b5de6 +%define revision 4a6592612dc015f24d0700b6d274b3663d128ad8 Summary: Supply Chain Transparency Log License: Apache-2.0 URL: https://github.com/sigstore/rekor ++++++ rekor-1.0.1.tar.gz -> rekor-1.1.0.tar.gz ++++++ ++++ 19190 lines of diff (skipped) ++++++ vendor.tar.xz ++++++ ++++ 943257 lines of diff (skipped)