Accepting request 1003863 from security

- updated to rekor 0.12.0 (jsc#SLE-23476): - check supportedVersions list rather than directly reading from version map by @bobcallaway in #1003 - enable blocking specific pluggable type versions from being inserted into the log by @bobcallaway in #1004 - api.SearchLogQueryHandler thread safety by @cdris in #1006 - 'docker compose' to 'docker-compose' by @bobcallaway in #1009 - Intoto v0.0.2 by @pxp928 in #973 - Add bounds on number of elements in api/v1/log/entries/retrieve by @priyawadhwa in #1011 - Change Checkpoint origin to be "Hostname - Tree ID" by @haydentherapper in #1013 - feat: add verification functions by @asraa in #986 - Validate tree ID on calls to /api/v1/log/entries/retrieve by @priyawadhwa in #1017 - Include checkpoint (STH) in entry upload and retrieve responses by @haydentherapper in #1015 - fix: use entry uuid uniformly in return responses by @asraa in #1012 - remove /api/v1/version endpoint by @bobcallaway in #1022 - Fix rekor-cli backwards incompatibility & run harness tests against HEAD by @priyawadhwa in #1030 - Fix harness tests @ main by @priyawadhwa in #1038 - Fetch all tags in harness tests by @priyawadhwa in #1039 - fix retrieve endpoint response code and add testing by @asraa in #1043 - updated to rekor 0.11.0: - Add rekor harness tests by @priyawadhwa in #945 - Persist and check attestations across harness tests by @priyawadhwa in #952 - Add harness test for getting all entries by UUID and EntryID by @priyawadhwa in #957 - api: fix inclusion proof verification flake by @asraa in #956 - change default value for rekor_server.hostname to server's hostname by @bobcallaway in #963 - fix nil-pointer error when artifact-hash is passed without artifact by @dsa0x in #965 - Add prometheus summary to track metric latency by @priyawadhwa in #966 - compute payload and envelope hashes upon validating intoto proposed entries by @bobcallaway in #967 - update field documentation on publicKey for hashedrekord by @bobcallaway in #969 - Allow sharding config to be written in yaml or json by @priyawadhwa in #974 - fix incorrect schema id for cose type by @bobcallaway in #979 - fix: make rekor verify work with sharded uuids by @asraa in #970 (forwarded request 1003862 from msmeissn) OBS-URL: https://build.opensuse.org/request/show/1003863 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/rekor?expand=0&rev=9
2022-09-15 21:00:05 +00:00 · 2022-09-15 21:00:05 +00:00 · df4aac75f6
commit df4aac75f6
parent e3becf26fd e704b23e12
5 changed files with 56 additions and 7 deletions
--- a/rekor-0.12.0.tar.gz
+++ b/rekor-0.12.0.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5008963b1a917928db014374194246122971cd10fb8d629d3123b33dbc419b38
+size 663986
--- a/rekor-0.9.1.tar.gz
+++ b/rekor-0.9.1.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:7a2653a6cbc21bd54858958ed7666f55963c0879b2eaed28d8a00a3e8814a696
-size 679191
--- a/rekor.changes
+++ b/rekor.changes
@ -1,3 +1,52 @@
+-------------------------------------------------------------------
+Thu Sep 15 12:33:21 UTC 2022 - Marcus Meissner <meissner@suse.com>
+
+- updated to rekor 0.12.0 (jsc#SLE-23476):
+  - check supportedVersions list rather than directly reading from version map by @bobcallaway in #1003
+  - enable blocking specific pluggable type versions from being inserted into the log by @bobcallaway in #1004
+  - api.SearchLogQueryHandler thread safety by @cdris in #1006
+  - 'docker compose' to 'docker-compose' by @bobcallaway in #1009
+  - Intoto v0.0.2 by @pxp928 in #973
+  - Add bounds on number of elements in api/v1/log/entries/retrieve by @priyawadhwa in #1011
+  - Change Checkpoint origin to be "Hostname - Tree ID" by @haydentherapper in #1013
+  - feat: add verification functions by @asraa in #986
+  - Validate tree ID on calls to /api/v1/log/entries/retrieve by @priyawadhwa in #1017
+  - Include checkpoint (STH) in entry upload and retrieve responses by @haydentherapper in #1015
+  - fix: use entry uuid uniformly in return responses by @asraa in #1012
+  - remove /api/v1/version endpoint by @bobcallaway in #1022
+  - Fix rekor-cli backwards incompatibility & run harness tests against HEAD by @priyawadhwa in #1030
+  - Fix harness tests @ main by @priyawadhwa in #1038
+  - Fetch all tags in harness tests by @priyawadhwa in #1039
+  - fix retrieve endpoint response code and add testing by @asraa in #1043
+- updated to rekor 0.11.0:
+  - Add rekor harness tests by @priyawadhwa in #945
+  - Persist and check attestations across harness tests by @priyawadhwa in #952
+  - Add harness test for getting all entries by UUID and EntryID by @priyawadhwa in #957
+  - api: fix inclusion proof verification flake by @asraa in #956
+  - change default value for rekor_server.hostname to server's hostname by @bobcallaway in #963
+  - fix nil-pointer error when artifact-hash is passed without artifact by @dsa0x in #965
+  - Add prometheus summary to track metric latency by @priyawadhwa in #966
+  - compute payload and envelope hashes upon validating intoto proposed entries by @bobcallaway in #967
+  - update field documentation on publicKey for hashedrekord by @bobcallaway in #969
+  - Allow sharding config to be written in yaml or json by @priyawadhwa in #974
+  - fix incorrect schema id for cose type by @bobcallaway in #979
+  - fix: make rekor verify work with sharded uuids by @asraa in #970
+  - update builder and cosign images by @cpanato in #981
+  - remove trailing slash on directories by @bobcallaway in #984
+  - add support for intersection & union in search operations by @dsa0x in #968
+  - Update scorecard-action to v2:alpha by @azeemshaikh38 in #987
+- updated to rekor 0.10.0:
+  - reuse DSSE signature wrappers instead of a local copy by @bobcallaway in #912
+  - Updates on the release job/makefile cleanup by @cpanato in #914
+  - Return 404 if entry isn't found in log by @priyawadhwa in #915
+  - Update cosign image in validate-release job by @priyawadhwa in #931
+  - update go builder and cosign image by @cpanato in #934
+  - Drop application/yaml content type by @haydentherapper in #933
+  - Add rekor test harness to presubmit tests by @priyawadhwa in #921
+  - sparkles Enable Scorecard badge by @azeemshaikh38 in #941
+  - update go mod in hack/tools to go1.18 by @cpanato in #935
+  - add ldflags back by @cpanato in #944
+
 -------------------------------------------------------------------
 Wed Jul 27 13:26:17 UTC 2022 - Marcus Meissner <meissner@suse.com>

--- a/rekor.spec
+++ b/rekor.spec
@ -19,9 +19,9 @@
 %define apps cli server

 Name:           rekor
-Version:        0.9.1
+Version:        0.12.0
 Release:        0
-%define revision fb4ed403d0ee6366a2a06c5703700af19864c90f
+%define revision e7dc6c558491c108ed109557fad5404a5bef2197
 Summary:        Supply Chain Transparency Log
 License:        Apache-2.0
 URL:            https://github.com/sigstore/rekor
--- a/vendor.tar.xz
+++ b/vendor.tar.xz
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:0aa2ef80151c489b9de5ec06730eae2e524ab29906ed4a6614dbd996b15524f0
-size 3970372
+oid sha256:003916cfc5a81901032d8133cc57e31ecd3c9df922a57cd25c0f7b3d8d5275b8
+size 4054160