modified AI patch

akhila-guruju · akhila-guruju · commit fb86177c0f23 · 2026-02-19T10:06:06.000Z
diff --git a/SPECS/skopeo/CVE-2026-24117.patch b/SPECS/skopeo/CVE-2026-24117.patch
@@ -1,4 +1,4 @@
-From 76eec943d72777d8a42234311e0201231a4fad1b Mon Sep 17 00:00:00 2001
+From 60ef2bceba192c5bf9327d003bceea8bf1f8275f Mon Sep 17 00:00:00 2001
 From: Hayden <8418760+Hayden-IO@users.noreply.github.com>
 Date: Wed, 21 Jan 2026 16:52:44 -0800
 Subject: [PATCH] Drop support for fetching public keys by URL in the search
@@ -11,12 +11,13 @@ of stability.
 Fixes GHSA-4c4x-jm2x-pf9j
 
 Signed-off-by: Hayden <8418760+Hayden-IO@users.noreply.github.com>
-Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
-Upstream-reference: https://github.com/sigstore/rekor/commit/60ef2bceba192c5bf9327d003bceea8bf1f8275f.patch
+
+Upstream Patch reference: https://github.com/sigstore/rekor/commit/60ef2bceba192c5bf9327d003bceea8bf1f8275f.patch
 ---
- .../pkg/generated/client/entries/entries_client.go     |  2 +-
- vendor/github.com/sigstore/rekor/pkg/util/fetch.go     | 10 +++++++---
- 2 files changed, 8 insertions(+), 4 deletions(-)
+ .../client/entries/entries_client.go          |  2 +-
+ .../pkg/generated/models/search_index.go      | 20 -------------------
+ .../sigstore/rekor/pkg/util/fetch.go          | 10 +++++++---
+ 3 files changed, 8 insertions(+), 24 deletions(-)
 
 diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/entries_client.go b/vendor/github.com/sigstore/rekor/pkg/generated/client/entries/entries_client.go
 index fe2630e..668ec29 100644
@@ -31,6 +32,51 @@ index fe2630e..668ec29 100644
  */
  func (a *Client) CreateLogEntry(params *CreateLogEntryParams, opts ...ClientOption) (*CreateLogEntryCreated, error) {
  	// TODO: Validate the params before sending
+diff --git a/vendor/github.com/sigstore/rekor/pkg/generated/models/search_index.go b/vendor/github.com/sigstore/rekor/pkg/generated/models/search_index.go
+index bb1cccc..e731a3b 100644
+--- a/vendor/github.com/sigstore/rekor/pkg/generated/models/search_index.go
++++ b/vendor/github.com/sigstore/rekor/pkg/generated/models/search_index.go
+@@ -229,10 +229,6 @@ type SearchIndexPublicKey struct {
+ 	// Required: true
+ 	// Enum: [pgp x509 minisign ssh tuf]
+ 	Format *string `json:"format"`
+-
+-	// url
+-	// Format: uri
+-	URL strfmt.URI `json:"url,omitempty"`
+ }
+ 
+ // Validate validates this search index public key
+@@ -243,10 +239,6 @@ func (m *SearchIndexPublicKey) Validate(formats strfmt.Registry) error {
+ 		res = append(res, err)
+ 	}
+ 
+-	if err := m.validateURL(formats); err != nil {
+-		res = append(res, err)
+-	}
+-
+ 	if len(res) > 0 {
+ 		return errors.CompositeValidationError(res...)
+ 	}
+@@ -305,18 +297,6 @@ func (m *SearchIndexPublicKey) validateFormat(formats strfmt.Registry) error {
+ 	return nil
+ }
+ 
+-func (m *SearchIndexPublicKey) validateURL(formats strfmt.Registry) error {
+-	if swag.IsZero(m.URL) { // not required
+-		return nil
+-	}
+-
+-	if err := validate.FormatOf("publicKey"+"."+"url", "body", "uri", m.URL.String(), formats); err != nil {
+-		return err
+-	}
+-
+-	return nil
+-}
+-
+ // ContextValidate validates this search index public key based on context it is used
+ func (m *SearchIndexPublicKey) ContextValidate(ctx context.Context, formats strfmt.Registry) error {
+ 	return nil
 diff --git a/vendor/github.com/sigstore/rekor/pkg/util/fetch.go b/vendor/github.com/sigstore/rekor/pkg/util/fetch.go
 index 7f8e93f..5c5c464 100644
 --- a/vendor/github.com/sigstore/rekor/pkg/util/fetch.go
@@ -58,5 +104,5 @@ index 7f8e93f..5c5c464 100644
  		if err != nil {
  			return nil, err
 -- 
-2.45.4
+2.43.0
 
