factory
- update to 3.1.1 (bsc#1267044,
CVE-2026-25680,CVE-2026-42502,
CVE-2026-27136,CVE-2026-25681,CVE-2026-42506,
bsc#1266049, CVE-2026-39827, CVE-2026-39828, CVE-2026-39829,
CVE-2026-39830, CVE-2026-39831, CVE-2026-39832, CVE-2026-39833,
CVE-2026-39834, CVE-2026-39835, CVE-2026-42508, CVE-2026-46595,
CVE-2026-46597, CVE-2026-46598,
bsc#1261811, CVE-2026-33815):
* This release deprecates a number of flags related to
verification material input for trust root material, as well
as the bundle format, standardized across Sigstore SDKs,
which is now the default output and input for signing and
verifying respectively. You may continue to use the
deprecated flags with Cosign v3.x releases. The deprecated
flags will be removed in a future Cosign v4 release.
* This release also updates the signing path for logging to
Rekor v2. DSSE attestations will be logged as hashed entries,
using the DSSE's pre-auth encoding (PAE). This should unblock
developers who want to upload large signed DSSEs such as
SBOMs.
* Initialize PKCS11 slots Before Getting Token Info in
* Sign exclusively via sigstore-go in
* bundle create: Prevent IgnoreTlog when bundle contains SET in
* Require bundle output or registry upload in
* fix(load): pass NameOptions to name.ParseReference in
* fix: honor --digestAlg when hashing a blob in verify-blob-
attestation in https://github.com/sigstore/cosign/pull/4813
* Deprecate Flags for v4: Certificates in
* Deprecate flags signing config in
* Deprecate flags bundle in (forwarded request 1364241 from dirkmueller)
OBS-URL: https://build.opensuse.org/request/show/1364359
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/cosign?expand=0&rev=36
Description
No description provided
Languages
RPM Spec
100%