Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cherry pick vulnerability PRs to release-1.5 #1486

Merged
merged 3 commits into from Feb 18, 2022
Merged

Cherry pick vulnerability PRs to release-1.5 #1486

merged 3 commits into from Feb 18, 2022

Conversation

priyawadhwa
Copy link
Contributor

Cherry picks

#GHSA-ccxc-vr6p-4858
#1484

nsmith5 and others added 2 commits February 18, 2022 12:08
@nsmith5 @priyawadhwa
Merge pull request from GHSA-ccxc-vr6p-4858
04ad1a6 
* Make sure signature in Rekor bundle matches signature being verified

Signed-off-by: Priya Wadhwa <priya@chainguard.dev>

* Only print "fulcio verified" when using Fulcio

Currently we tell users that we've verified against the Fulcio root
trust when verifying but this isn't always true. This work ensures we
only say this when we actually use the Fulcio root cert for
verification.

Signed-off-by: Nathan Smith <nathan@chainguard.dev>

* Add e2e test

Signed-off-by: Nathan Smith <nathan@chainguard.dev>

Co-authored-by: Priya Wadhwa <priya@chainguard.dev>
@priyawadhwa
fix lint (sigstore#1484)
796db02 
Signed-off-by: Priya Wadhwa <priya@chainguard.dev>
@cpanato cpanato requested a review from dlorenc February 18, 2022 20:37
@dlorenc
Manual merge conflict resolution in e2e_test.
f84bcbe 
Signed-off-by: Dan Lorenc <lorenc.d@gmail.com>
@dlorenc dlorenc merged commit c09e04a into sigstore:release-1.5 Feb 18, 2022
@priyawadhwa priyawadhwa deleted the cps branch February 18, 2022 21:33
@cpanato cpanato added this to the v1.5.2 milestone Feb 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dekkagaijin dekkagaijin dekkagaijin approved these changes

@cpanato cpanato cpanato approved these changes

@dlorenc dlorenc Awaiting requested review from dlorenc

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.5.2
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@priyawadhwa @dekkagaijin @cpanato @dlorenc @nsmith5