File _patchinfo of Package patchinfo.36321

<patchinfo incident="36321">
  <issue tracker="jsc" id="SLE-23879"/>
  <packager>msmeissn</packager>
  <rating>moderate</rating>
  <category>recommended</category>
  <summary>Recommended update for cosign</summary>
  <description>This update for cosign fixes the following issues:

cosign was updated to 2.4.0 (jsc#SLE-23879)

  - Add new bundle support to verify-blob and verify-blob-attestation (#3796)
  - Adding protobuf bundle support to sign-blob and attest-blob (#3752)
  - Bump sigstore/sigstore to support email_verified as string or boolean (#3819)
  - Conformance testing for cosign (#3806)
  - move incremental builds per commit to GHCR instead of GCR (#3808)
  - Add support for recording creation timestamp for cosign attest (#3797)
  - Include SCT verification failure details in error message (#3799)

- Set CGO_ENABLED=1 for fixing s390x failed build

Update to 2.3.0 (jsc#SLE-23879):

  * Features

    - Add PayloadProvider interface to decouple AttestationToPayloadJSON from oci.Signature interface (#3693)
    - add registry options to cosign save (#3645)
    - Add debug providers command. (#3728)
    - Make config layers in ociremote mountable (#3741)
    - adds tsa cert chain check for env var or tuf targets. (#3600)
    - add --ca-roots and --ca-intermediates flags to 'cosign verify' (#3464)
    - add handling of keyless verification for all verify commands (#3761)

  * Bug Fixes

    - fix: close attestationFile (#3679)
    - Set bundleVerified to true after Rekor verification (Resolves #3740) (#3745)

  * Documentation

    - Document ImportKeyPair and LoadPrivateKey functions in pkg/cosign (#3776)

- add completion subpackages (bash, fish, zsh)
</description>
</patchinfo>