pool/python-sigstore
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity
Files
factory
python-sigstore/sigstore-4.2.0.tar.gz
Markéta Machová 520aed293b - Update to 4.2.0 (fixes CVE-2026-24408, bsc#1257303) 
* Add state validation to OIDC flow to prevent Cross-site request forgery
    during OIDC authorization (GHSA-hm8f-75xx-w2vr)
  * verification now ensures that artifact digest documented in bundle and the
    real digest match (this is a bundle consistency check: bundle signature was
    always verified over real digest)
  * Fix issue with Signed Certificate Timestamp parsing where extensions
    were not allowed by sigstore-python
  * Update supported public key algorithms
  * trust: Update embedded TUF root
  * Removed support for Python 3.9 as it is end-of-life
  * Removed unused nonce in Oauth flow
- drop fix-ecparam-testing.patch and nofail-neg-test.patch, merged upstream

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-sigstore?expand=0&rev=15
2026-01-27 10:31:02 +00:00

4 lines
131 BLFS
Plaintext
Raw Permalink Blame History

version https://git-lfs.github.com/spec/v1
oid sha256:8050a87da3a083766ce5cd5ad8925a5151a166ec92236afe35e86aa03c286075
size 300449
Reference in New Issue View Git Blame Copy Permalink