Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package rekor for openSUSE:Factory checked in at 2023-05-30 22:02:53 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/rekor (Old) and /work/SRC/openSUSE:Factory/.rekor.new.1533 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "rekor" Tue May 30 22:02:53 2023 rev:17 rq:1089753 version:1.2.1 Changes: -------- --- /work/SRC/openSUSE:Factory/rekor/rekor.changes 2023-05-10 16:17:18.766544639 +0200 +++ /work/SRC/openSUSE:Factory/.rekor.new.1533/rekor.changes 2023-05-30 22:03:07.407251125 +0200 @@ -1,0 +2,33 @@ +Tue May 30 07:52:52 UTC 2023 - Marcus Meissner <meiss...@suse.com> + +- updated to rekor 1.2.1 (jsc#SLE-23476): + + Security fix: + + - CVE-2023-33199: Fixed that malformed proposed intoto v0.0.2 entries can cause a panic (bsc#1211790) + + Functional Enhancements + + - add client method to generate TLE struct (#1498) + - add dsse type (#1487) + - support other KMS providers (AWS, Azure, Hashicorp) in addition to GCP (#1488) + - Add concurrency to backfill-redis (#1504) + - omit informational message if machine-parseable output has been requested (#1486) + - Publish stable checkpoint periodically to Redis (#1461) + - Add intoto v0.0.2 to backfill script (#1500) + - add new method to test insertability of proposed entries into log (#1410) + + Quality Enhancements + + - use t.Skip() in fuzzers (#1506) + - improve fuzzing coverage (#1499) + - Remove watcher script (#1484) + + Bug Fixes + + - Merge pull request from GHSA-frqx-jfcm-6jjr (CVE-2023-33199) + - Remove requirement of PayloadHash for intoto 0.0.1 (#1490) + - fix lint errors, bump linter up to 1.52 (#1485) + - Remove dependencies from pkg/util (#1469) + +------------------------------------------------------------------- Old: ---- rekor-1.1.1.tar.gz New: ---- rekor-1.2.1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ rekor.spec ++++++ --- /var/tmp/diff_new_pack.wOwiqe/_old 2023-05-30 22:03:08.055254944 +0200 +++ /var/tmp/diff_new_pack.wOwiqe/_new 2023-05-30 22:03:08.059254967 +0200 @@ -19,9 +19,9 @@ %define apps cli server Name: rekor -Version: 1.1.1 +Version: 1.2.1 Release: 0 -%define revision 0c1914e5e955cb9f514e32b222cf61a13e91ab08 +%define revision 576458cb53269ed54dccf8a43271ee02a785c191 Summary: Supply Chain Transparency Log License: Apache-2.0 URL: https://github.com/sigstore/rekor ++++++ rekor-1.1.1.tar.gz -> rekor-1.2.1.tar.gz ++++++ ++++ 15128 lines of diff (skipped) ++++++ vendor.tar.xz ++++++ ++++ 186096 lines of diff (skipped)