osslsigncode.spec

#
# spec file for package osslsigncode
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#


Name:           osslsigncode
Version:        2.7
Release:        0
Summary:        Platform-independent tool for Authenticode signing of EXE/CAB files
License:        GPL-3.0-only
Group:          Productivity/Security
URL:            https://github.com/mtrojnar/osslsigncode
Source0:        https://github.com/mtrojnar/osslsigncode/archive/%{version}/osslsigncode-%{version}.tar.gz
BuildRequires:  cmake
BuildRequires:  pkgconfig
BuildRequires:  pkgconfig(libcrypto) >= 1.1
BuildRequires:  pkgconfig(libcurl)

%description
osslsigncode is a small utility for placing signatures on Microsoft cabinate
files and executables.

%prep
%setup -q

%build
%cmake
%cmake_build

%install
%cmake_install

%files
%license COPYING.txt LICENSE.txt
%{_bindir}/%{name}
%{_datadir}/bash-completion/completions/%{name}.bash

%changelog
Accepting request 149669 from home:fcrozat:branches:home:jejb1:UEFI new package, needed to sign .cab file (and submit them to UEFI Signing Service) OBS-URL: https://build.opensuse.org/request/show/149669 OBS-URL: https://build.opensuse.org/package/show/Base:System/osslsigncode?expand=0&rev=1 2013-01-23 12:13:27 +00:00			`#`
			`# spec file for package osslsigncode`
			`#`
Accepting request 1137716 from home:radolin:branches:Base:System - update to 2.7.0 * fixed signing CAB files (by Michael Brown) * fixed handling of unsupported commands (by Maxim Bagryantsev) * fixed writing DIFAT sectors * added APPX support (by Maciej Panek and Małgorzata Olszówka) * added a built-in TSA response generation (-TSA-certs, -TSA-key and -TSA-time options) * added verification of CRLs specified in the signing certificate * added MSI DIFAT sectors support (by Max Bagryantsev) * added the "-h" option to set the cryptographic hash function for the "attach -signature" and "add" commands * set the default hash function to "sha256" * added the "attach-signature" option to compute and compare the leaf certificate hash for the "add" command * renamed the "-st" option "-time" * updated the "-time" option to also set explicit verification time * added the "-ignore-timestamp" option * removed the "-timestamp-expiration" option * numerous bugfixes * documentation updates - build system changed to cmake - use source code tag instead of release artifact for source - updated URL - removed gpg check, signature no longer available from upstream OBS-URL: https://build.opensuse.org/request/show/1137716 OBS-URL: https://build.opensuse.org/package/show/Base:System/osslsigncode?expand=0&rev=17 2024-01-09 12:07:47 +00:00			`# Copyright (c) 2023 SUSE LLC`
Accepting request 149669 from home:fcrozat:branches:home:jejb1:UEFI new package, needed to sign .cab file (and submit them to UEFI Signing Service) OBS-URL: https://build.opensuse.org/request/show/149669 OBS-URL: https://build.opensuse.org/package/show/Base:System/osslsigncode?expand=0&rev=1 2013-01-23 12:13:27 +00:00			`#`
			`# All modifications and additions to the file contributed by third parties`
			`# remain the property of their copyright owners, unless otherwise agreed`
			`# upon. The license for this file, and modifications and additions to the`
			`# file, is the same license as for the pristine package itself (unless the`
			`# license for the pristine package is not an Open Source License, in which`
			`# case the license is the MIT License). An "Open Source License" is a`
			`# license that conforms to the Open Source Definition (Version 1.9)`
			`# published by the Open Source Initiative.`

Accepting request 968270 from home:dirkmueller:Factory - update to 2.3.0: * This release fixes several critical memory corruption vulnerabilities. A malicious attacker could create a file, which, when processed with osslsigncode, triggers arbitrary code execution. Any previous version of osslsigncode should be immediately upgraded if the tool is used for processing of untrusted files. * fixed non-interactive PVK (MSBLOB) key decryption * added a bash completion script * added CA bundle path auto-detection * CAT files support (thanks to James McKenzie) * MSI support rewritten without libgsf dependency, which allows * for handling of all the needed MSI metadata, such as dates * "-untrusted" option renamed to "-TSA-CAfile" * "-CRLuntrusted" option renamed to "-TSA-CRLfile" * numerous bug fixes and improvements * certificate chain verification support * timestamp verification support * CRL verification support ("-CRLfile" option) * improved CAB signature support * nested signatures support * user-specified signing time ("-st" option) by vszakats * added more tests * fixed numerous bugs * dropped OpenSSL 1.1.0 support * orphaned project adopted by Michał Trojnara * ported to OpenSSL 1.1.x * ported to SoftHSM2 * add support for pkcs11-based hardware tokens * improved error reporting of timestamping errors - drop 0001-Make-code-work-with-OpenSSL-1.1.patch (obsolete) OBS-URL: https://build.opensuse.org/request/show/968270 OBS-URL: https://build.opensuse.org/package/show/Base:System/osslsigncode?expand=0&rev=15 2022-04-14 09:43:12 +00:00			`# Please submit bugfixes or comments via https://bugs.opensuse.org/`
Accepting request 149669 from home:fcrozat:branches:home:jejb1:UEFI new package, needed to sign .cab file (and submit them to UEFI Signing Service) OBS-URL: https://build.opensuse.org/request/show/149669 OBS-URL: https://build.opensuse.org/package/show/Base:System/osslsigncode?expand=0&rev=1 2013-01-23 12:13:27 +00:00			`#`


use sourceurl OBS-URL: https://build.opensuse.org/package/show/Base:System/osslsigncode?expand=0&rev=2 2013-01-23 12:14:40 +00:00			`Name: osslsigncode`
Accepting request 1137716 from home:radolin:branches:Base:System - update to 2.7.0 * fixed signing CAB files (by Michael Brown) * fixed handling of unsupported commands (by Maxim Bagryantsev) * fixed writing DIFAT sectors * added APPX support (by Maciej Panek and Małgorzata Olszówka) * added a built-in TSA response generation (-TSA-certs, -TSA-key and -TSA-time options) * added verification of CRLs specified in the signing certificate * added MSI DIFAT sectors support (by Max Bagryantsev) * added the "-h" option to set the cryptographic hash function for the "attach -signature" and "add" commands * set the default hash function to "sha256" * added the "attach-signature" option to compute and compare the leaf certificate hash for the "add" command * renamed the "-st" option "-time" * updated the "-time" option to also set explicit verification time * added the "-ignore-timestamp" option * removed the "-timestamp-expiration" option * numerous bugfixes * documentation updates - build system changed to cmake - use source code tag instead of release artifact for source - updated URL - removed gpg check, signature no longer available from upstream OBS-URL: https://build.opensuse.org/request/show/1137716 OBS-URL: https://build.opensuse.org/package/show/Base:System/osslsigncode?expand=0&rev=17 2024-01-09 12:07:47 +00:00			`Version: 2.7`
use sourceurl OBS-URL: https://build.opensuse.org/package/show/Base:System/osslsigncode?expand=0&rev=2 2013-01-23 12:14:40 +00:00			`Release: 0`
Accepting request 968270 from home:dirkmueller:Factory - update to 2.3.0: * This release fixes several critical memory corruption vulnerabilities. A malicious attacker could create a file, which, when processed with osslsigncode, triggers arbitrary code execution. Any previous version of osslsigncode should be immediately upgraded if the tool is used for processing of untrusted files. * fixed non-interactive PVK (MSBLOB) key decryption * added a bash completion script * added CA bundle path auto-detection * CAT files support (thanks to James McKenzie) * MSI support rewritten without libgsf dependency, which allows * for handling of all the needed MSI metadata, such as dates * "-untrusted" option renamed to "-TSA-CAfile" * "-CRLuntrusted" option renamed to "-TSA-CRLfile" * numerous bug fixes and improvements * certificate chain verification support * timestamp verification support * CRL verification support ("-CRLfile" option) * improved CAB signature support * nested signatures support * user-specified signing time ("-st" option) by vszakats * added more tests * fixed numerous bugs * dropped OpenSSL 1.1.0 support * orphaned project adopted by Michał Trojnara * ported to OpenSSL 1.1.x * ported to SoftHSM2 * add support for pkcs11-based hardware tokens * improved error reporting of timestamping errors - drop 0001-Make-code-work-with-OpenSSL-1.1.patch (obsolete) OBS-URL: https://build.opensuse.org/request/show/968270 OBS-URL: https://build.opensuse.org/package/show/Base:System/osslsigncode?expand=0&rev=15 2022-04-14 09:43:12 +00:00			`Summary: Platform-independent tool for Authenticode signing of EXE/CAB files`
			`License: GPL-3.0-only`
			`Group: Productivity/Security`
Accepting request 1137716 from home:radolin:branches:Base:System - update to 2.7.0 * fixed signing CAB files (by Michael Brown) * fixed handling of unsupported commands (by Maxim Bagryantsev) * fixed writing DIFAT sectors * added APPX support (by Maciej Panek and Małgorzata Olszówka) * added a built-in TSA response generation (-TSA-certs, -TSA-key and -TSA-time options) * added verification of CRLs specified in the signing certificate * added MSI DIFAT sectors support (by Max Bagryantsev) * added the "-h" option to set the cryptographic hash function for the "attach -signature" and "add" commands * set the default hash function to "sha256" * added the "attach-signature" option to compute and compare the leaf certificate hash for the "add" command * renamed the "-st" option "-time" * updated the "-time" option to also set explicit verification time * added the "-ignore-timestamp" option * removed the "-timestamp-expiration" option * numerous bugfixes * documentation updates - build system changed to cmake - use source code tag instead of release artifact for source - updated URL - removed gpg check, signature no longer available from upstream OBS-URL: https://build.opensuse.org/request/show/1137716 OBS-URL: https://build.opensuse.org/package/show/Base:System/osslsigncode?expand=0&rev=17 2024-01-09 12:07:47 +00:00			`URL: https://github.com/mtrojnar/osslsigncode`
			`Source0: https://github.com/mtrojnar/osslsigncode/archive/%{version}/osslsigncode-%{version}.tar.gz`
			`BuildRequires: cmake`
Accepting request 968270 from home:dirkmueller:Factory - update to 2.3.0: * This release fixes several critical memory corruption vulnerabilities. A malicious attacker could create a file, which, when processed with osslsigncode, triggers arbitrary code execution. Any previous version of osslsigncode should be immediately upgraded if the tool is used for processing of untrusted files. * fixed non-interactive PVK (MSBLOB) key decryption * added a bash completion script * added CA bundle path auto-detection * CAT files support (thanks to James McKenzie) * MSI support rewritten without libgsf dependency, which allows * for handling of all the needed MSI metadata, such as dates * "-untrusted" option renamed to "-TSA-CAfile" * "-CRLuntrusted" option renamed to "-TSA-CRLfile" * numerous bug fixes and improvements * certificate chain verification support * timestamp verification support * CRL verification support ("-CRLfile" option) * improved CAB signature support * nested signatures support * user-specified signing time ("-st" option) by vszakats * added more tests * fixed numerous bugs * dropped OpenSSL 1.1.0 support * orphaned project adopted by Michał Trojnara * ported to OpenSSL 1.1.x * ported to SoftHSM2 * add support for pkcs11-based hardware tokens * improved error reporting of timestamping errors - drop 0001-Make-code-work-with-OpenSSL-1.1.patch (obsolete) OBS-URL: https://build.opensuse.org/request/show/968270 OBS-URL: https://build.opensuse.org/package/show/Base:System/osslsigncode?expand=0&rev=15 2022-04-14 09:43:12 +00:00			`BuildRequires: pkgconfig`
Accepting request 644321 from home:elvigia:branches:Base:System - 0001-Make-code-work-with-OpenSSL-1.1.patch: Build against openssl 1.1. OBS-URL: https://build.opensuse.org/request/show/644321 OBS-URL: https://build.opensuse.org/package/show/Base:System/osslsigncode?expand=0&rev=12 2018-11-07 07:47:02 +00:00			`BuildRequires: pkgconfig(libcrypto) >= 1.1`
Accepting request 289902 from home:posophe:branches:Base:System Update OBS-URL: https://build.opensuse.org/request/show/289902 OBS-URL: https://build.opensuse.org/package/show/Base:System/osslsigncode?expand=0&rev=6 2015-03-08 19:04:20 +00:00			`BuildRequires: pkgconfig(libcurl)`
Accepting request 149669 from home:fcrozat:branches:home:jejb1:UEFI new package, needed to sign .cab file (and submit them to UEFI Signing Service) OBS-URL: https://build.opensuse.org/request/show/149669 OBS-URL: https://build.opensuse.org/package/show/Base:System/osslsigncode?expand=0&rev=1 2013-01-23 12:13:27 +00:00
			`%description`
			`osslsigncode is a small utility for placing signatures on Microsoft cabinate`
			`files and executables.`

			`%prep`
			`%setup -q`
Accepting request 968270 from home:dirkmueller:Factory - update to 2.3.0: * This release fixes several critical memory corruption vulnerabilities. A malicious attacker could create a file, which, when processed with osslsigncode, triggers arbitrary code execution. Any previous version of osslsigncode should be immediately upgraded if the tool is used for processing of untrusted files. * fixed non-interactive PVK (MSBLOB) key decryption * added a bash completion script * added CA bundle path auto-detection * CAT files support (thanks to James McKenzie) * MSI support rewritten without libgsf dependency, which allows * for handling of all the needed MSI metadata, such as dates * "-untrusted" option renamed to "-TSA-CAfile" * "-CRLuntrusted" option renamed to "-TSA-CRLfile" * numerous bug fixes and improvements * certificate chain verification support * timestamp verification support * CRL verification support ("-CRLfile" option) * improved CAB signature support * nested signatures support * user-specified signing time ("-st" option) by vszakats * added more tests * fixed numerous bugs * dropped OpenSSL 1.1.0 support * orphaned project adopted by Michał Trojnara * ported to OpenSSL 1.1.x * ported to SoftHSM2 * add support for pkcs11-based hardware tokens * improved error reporting of timestamping errors - drop 0001-Make-code-work-with-OpenSSL-1.1.patch (obsolete) OBS-URL: https://build.opensuse.org/request/show/968270 OBS-URL: https://build.opensuse.org/package/show/Base:System/osslsigncode?expand=0&rev=15 2022-04-14 09:43:12 +00:00
Accepting request 149669 from home:fcrozat:branches:home:jejb1:UEFI new package, needed to sign .cab file (and submit them to UEFI Signing Service) OBS-URL: https://build.opensuse.org/request/show/149669 OBS-URL: https://build.opensuse.org/package/show/Base:System/osslsigncode?expand=0&rev=1 2013-01-23 12:13:27 +00:00			`%build`
Accepting request 1137716 from home:radolin:branches:Base:System - update to 2.7.0 * fixed signing CAB files (by Michael Brown) * fixed handling of unsupported commands (by Maxim Bagryantsev) * fixed writing DIFAT sectors * added APPX support (by Maciej Panek and Małgorzata Olszówka) * added a built-in TSA response generation (-TSA-certs, -TSA-key and -TSA-time options) * added verification of CRLs specified in the signing certificate * added MSI DIFAT sectors support (by Max Bagryantsev) * added the "-h" option to set the cryptographic hash function for the "attach -signature" and "add" commands * set the default hash function to "sha256" * added the "attach-signature" option to compute and compare the leaf certificate hash for the "add" command * renamed the "-st" option "-time" * updated the "-time" option to also set explicit verification time * added the "-ignore-timestamp" option * removed the "-timestamp-expiration" option * numerous bugfixes * documentation updates - build system changed to cmake - use source code tag instead of release artifact for source - updated URL - removed gpg check, signature no longer available from upstream OBS-URL: https://build.opensuse.org/request/show/1137716 OBS-URL: https://build.opensuse.org/package/show/Base:System/osslsigncode?expand=0&rev=17 2024-01-09 12:07:47 +00:00			`%cmake`
			`%cmake_build`
Accepting request 149669 from home:fcrozat:branches:home:jejb1:UEFI new package, needed to sign .cab file (and submit them to UEFI Signing Service) OBS-URL: https://build.opensuse.org/request/show/149669 OBS-URL: https://build.opensuse.org/package/show/Base:System/osslsigncode?expand=0&rev=1 2013-01-23 12:13:27 +00:00
			`%install`
Accepting request 1137716 from home:radolin:branches:Base:System - update to 2.7.0 * fixed signing CAB files (by Michael Brown) * fixed handling of unsupported commands (by Maxim Bagryantsev) * fixed writing DIFAT sectors * added APPX support (by Maciej Panek and Małgorzata Olszówka) * added a built-in TSA response generation (-TSA-certs, -TSA-key and -TSA-time options) * added verification of CRLs specified in the signing certificate * added MSI DIFAT sectors support (by Max Bagryantsev) * added the "-h" option to set the cryptographic hash function for the "attach -signature" and "add" commands * set the default hash function to "sha256" * added the "attach-signature" option to compute and compare the leaf certificate hash for the "add" command * renamed the "-st" option "-time" * updated the "-time" option to also set explicit verification time * added the "-ignore-timestamp" option * removed the "-timestamp-expiration" option * numerous bugfixes * documentation updates - build system changed to cmake - use source code tag instead of release artifact for source - updated URL - removed gpg check, signature no longer available from upstream OBS-URL: https://build.opensuse.org/request/show/1137716 OBS-URL: https://build.opensuse.org/package/show/Base:System/osslsigncode?expand=0&rev=17 2024-01-09 12:07:47 +00:00			`%cmake_install`
Accepting request 149669 from home:fcrozat:branches:home:jejb1:UEFI new package, needed to sign .cab file (and submit them to UEFI Signing Service) OBS-URL: https://build.opensuse.org/request/show/149669 OBS-URL: https://build.opensuse.org/package/show/Base:System/osslsigncode?expand=0&rev=1 2013-01-23 12:13:27 +00:00
			`%files`
Accepting request 968270 from home:dirkmueller:Factory - update to 2.3.0: * This release fixes several critical memory corruption vulnerabilities. A malicious attacker could create a file, which, when processed with osslsigncode, triggers arbitrary code execution. Any previous version of osslsigncode should be immediately upgraded if the tool is used for processing of untrusted files. * fixed non-interactive PVK (MSBLOB) key decryption * added a bash completion script * added CA bundle path auto-detection * CAT files support (thanks to James McKenzie) * MSI support rewritten without libgsf dependency, which allows * for handling of all the needed MSI metadata, such as dates * "-untrusted" option renamed to "-TSA-CAfile" * "-CRLuntrusted" option renamed to "-TSA-CRLfile" * numerous bug fixes and improvements * certificate chain verification support * timestamp verification support * CRL verification support ("-CRLfile" option) * improved CAB signature support * nested signatures support * user-specified signing time ("-st" option) by vszakats * added more tests * fixed numerous bugs * dropped OpenSSL 1.1.0 support * orphaned project adopted by Michał Trojnara * ported to OpenSSL 1.1.x * ported to SoftHSM2 * add support for pkcs11-based hardware tokens * improved error reporting of timestamping errors - drop 0001-Make-code-work-with-OpenSSL-1.1.patch (obsolete) OBS-URL: https://build.opensuse.org/request/show/968270 OBS-URL: https://build.opensuse.org/package/show/Base:System/osslsigncode?expand=0&rev=15 2022-04-14 09:43:12 +00:00			`%license COPYING.txt LICENSE.txt`
			`%{_bindir}/%{name}`
			`%{_datadir}/bash-completion/completions/%{name}.bash`
Accepting request 149669 from home:fcrozat:branches:home:jejb1:UEFI new package, needed to sign .cab file (and submit them to UEFI Signing Service) OBS-URL: https://build.opensuse.org/request/show/149669 OBS-URL: https://build.opensuse.org/package/show/Base:System/osslsigncode?expand=0&rev=1 2013-01-23 12:13:27 +00:00
			`%changelog`