SHA256
1
0
forked from pool/rekor

Accepting request 1089753 from security

- updated to rekor 1.2.1 (jsc#SLE-23476):
  Security fix:
  - CVE-2023-33199: Fixed that malformed proposed intoto v0.0.2 entries can cause a panic (bsc#1211790)
  Functional Enhancements
  - add client method to generate TLE struct (#1498)
  - add dsse type (#1487)
  - support other KMS providers (AWS, Azure, Hashicorp) in addition to GCP (#1488)
  - Add concurrency to backfill-redis (#1504)
  - omit informational message if machine-parseable output has been requested (#1486)
  - Publish stable checkpoint periodically to Redis (#1461)
  - Add intoto v0.0.2 to backfill script (#1500)
  - add new method to test insertability of proposed entries into log (#1410)
  Quality Enhancements
  - use t.Skip() in fuzzers (#1506)
  - improve fuzzing coverage (#1499)
  - Remove watcher script (#1484)
  Bug Fixes
  - Merge pull request from GHSA-frqx-jfcm-6jjr (CVE-2023-33199)
  - Remove requirement of PayloadHash for intoto 0.0.1 (#1490)
  - fix lint errors, bump linter up to 1.52 (#1485)
  - Remove dependencies from pkg/util (#1469) (forwarded request 1089735 from msmeissn)

OBS-URL: https://build.opensuse.org/request/show/1089753
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rekor?expand=0&rev=17
This commit is contained in:
Dominique Leuenberger 2023-05-30 20:02:53 +00:00 committed by Git OBS Bridge
commit 44410421c8
5 changed files with 40 additions and 7 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:774a34cf4dbd126a30e510d8d4f36865fae4165f4a4c2d9625937cc2623bec9b
size 870643

3
rekor-1.2.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7c90f30a81c9107e3887c8393d30bcd9cd52de2cc46f311ac68fc1fcdfd5019d
size 934956

View File

@ -1,3 +1,36 @@
-------------------------------------------------------------------
Tue May 30 07:52:52 UTC 2023 - Marcus Meissner <meissner@suse.com>
- updated to rekor 1.2.1 (jsc#SLE-23476):
Security fix:
- CVE-2023-33199: Fixed that malformed proposed intoto v0.0.2 entries can cause a panic (bsc#1211790)
Functional Enhancements
- add client method to generate TLE struct (#1498)
- add dsse type (#1487)
- support other KMS providers (AWS, Azure, Hashicorp) in addition to GCP (#1488)
- Add concurrency to backfill-redis (#1504)
- omit informational message if machine-parseable output has been requested (#1486)
- Publish stable checkpoint periodically to Redis (#1461)
- Add intoto v0.0.2 to backfill script (#1500)
- add new method to test insertability of proposed entries into log (#1410)
Quality Enhancements
- use t.Skip() in fuzzers (#1506)
- improve fuzzing coverage (#1499)
- Remove watcher script (#1484)
Bug Fixes
- Merge pull request from GHSA-frqx-jfcm-6jjr (CVE-2023-33199)
- Remove requirement of PayloadHash for intoto 0.0.1 (#1490)
- fix lint errors, bump linter up to 1.52 (#1485)
- Remove dependencies from pkg/util (#1469)
-------------------------------------------------------------------
Wed May 3 12:23:27 UTC 2023 - Marcus Meissner <meissner@suse.com>

View File

@ -19,9 +19,9 @@
%define apps cli server
Name: rekor
Version: 1.1.1
Version: 1.2.1
Release: 0
%define revision 0c1914e5e955cb9f514e32b222cf61a13e91ab08
%define revision 576458cb53269ed54dccf8a43271ee02a785c191
Summary: Supply Chain Transparency Log
License: Apache-2.0
URL: https://github.com/sigstore/rekor

View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d4897ee6f6092ef597e670e560beed665e3559df94538c6faccb7e6b36065232
size 4343516
oid sha256:310fe439c2ada6b89a4340716a8b25497304c760f33cc9d6a26a2cca9e674838
size 5692644