Accepting request 1144326 from security

- update to 1.3.5 (jsc#SLE-23476): - Additional unique index correction - Remove timestamp from checkpoint - Drop conditional when verifying entry checkpoint - Fix panic for DSSE canonicalization - Change Redis value for locking mechanism - give log timestamps nanosecond precision - output trace in slog and override correlation header name - bumped embedded golang.org/x/crypto/ssh to fix the Terrapin attack CVE-2023-48795 (bsc#1218207) (forwarded request 1144325 from msmeissn) OBS-URL: https://build.opensuse.org/request/show/1144326 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rekor?expand=0&rev=21
2024-02-05 21:02:38 +00:00 · 2024-02-05 21:02:38 +00:00 · 467015097a
commit 467015097a
parent 09ec3941cd 91a13d0d79
5 changed files with 20 additions and 7 deletions
--- a/rekor-1.3.4.tar.gz
+++ b/rekor-1.3.4.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:08e220b6fbc473ecd3561e88c4fde2ca259f9daa895a17bed1f458c33c33a2b9
-size 851698
--- a/rekor-1.3.5.tar.gz
+++ b/rekor-1.3.5.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bc82064bc32a83bd4d4d7f4fccb8579d3ebb9f64073ff000da99b01af508b40f
+size 830762
--- a/rekor.changes
+++ b/rekor.changes
@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Mon Feb  5 14:38:58 UTC 2024 - Marcus Meissner <meissner@suse.com>
+
+- update to 1.3.5 (jsc#SLE-23476):
+  - Additional unique index correction
+  - Remove timestamp from checkpoint
+  - Drop conditional when verifying entry checkpoint
+  - Fix panic for DSSE canonicalization
+  - Change Redis value for locking mechanism
+  - give log timestamps nanosecond precision
+  - output trace in slog and override correlation header name
+- bumped embedded golang.org/x/crypto/ssh to fix the Terrapin attack CVE-2023-48795 (bsc#1218207)
+
 -------------------------------------------------------------------
 Sun Jan 28 18:45:08 UTC 2024 - Dirk Müller <dmueller@suse.com>

--- a/rekor.spec
+++ b/rekor.spec
@ -19,9 +19,9 @@
 %define apps cli server

 Name:           rekor
-Version:        1.3.4
+Version:        1.3.5
 Release:        0
-%define revision 5072901241fc6370a78457219e7aa2da490f399f
+%define revision 488eb9782d8d95c83ac70bfb2f5049928504127e
 Summary:        Supply Chain Transparency Log
 License:        Apache-2.0
 URL:            https://github.com/sigstore/rekor
--- a/vendor.tar.zst
+++ b/vendor.tar.zst
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:88a539d9a7d1fb1a3c6a869a91049cce1831d25aaa78a508d7464bf9cf6e297a
-size 5956954
+oid sha256:ec9261ffeea3e9813b6d6b64fe6f17084a01465b2b4508143ba56786112f6af5
+size 8391086