* added JavaScript signing
* added PKCS#11 provider support (requires OpenSSL 3.0+)
* added support for providers without specifying
"-pkcs11module" option
* (OpenSSL 3.0+, e.g., for the upcoming CNG provider)
* added compatibility with the CNG engine version 1.1 or later
* added the "-engineCtrl" option to control hardware and CNG
engines
* added the '-blobFile' option to specify a file containing the
blob content
* improved unauthenticated blob support (thanks to Asger Hautop
Drewsen)
* improved UTF-8 handling for certificate subjects and issuers
* fixed support for multiple signerInfo contentType OIDs (CTL
and Authenticode)
* fixed tests for python-cryptography >= 43.0.0
- update to version 2.9:
* added a 64 bit long pseudo-random NONCE in the TSA request
* missing NID_pkcs9_signingTime is no longer an error
* added support for PEM-encoded CRLs
* fixed the APPX central directory sorting order
* added a special "-" file name to read the passphrase from
stdin
* used native HTTP client with OpenSSL 3.x, removing libcurl
dependency
* added '-login' option to force a login to PKCS11 engines
* added the "-ignore-crl" option to disable fetching and
verifying CRL Distribution Points
* changed error output to stderr instead of stdout
OBS-URL: https://build.opensuse.org/package/show/Base:System/osslsigncode?expand=0&rev=19
- update to 2.7.0
* fixed signing CAB files (by Michael Brown)
* fixed handling of unsupported commands (by Maxim Bagryantsev)
* fixed writing DIFAT sectors
* added APPX support (by Maciej Panek and Małgorzata Olszówka)
* added a built-in TSA response generation (-TSA-certs, -TSA-key
and -TSA-time options)
* added verification of CRLs specified in the signing certificate
* added MSI DIFAT sectors support (by Max Bagryantsev)
* added the "-h" option to set the cryptographic hash function for the
"attach -signature" and "add" commands
* set the default hash function to "sha256"
* added the "attach-signature" option to compute and compare the leaf
certificate hash for the "add" command
* renamed the "-st" option "-time"
* updated the "-time" option to also set explicit verification time
* added the "-ignore-timestamp" option
* removed the "-timestamp-expiration" option
* numerous bugfixes
* documentation updates
- build system changed to cmake
- use source code tag instead of release artifact for source
- updated URL
- removed gpg check, signature no longer available from upstream
OBS-URL: https://build.opensuse.org/request/show/1137716
OBS-URL: https://build.opensuse.org/package/show/Base:System/osslsigncode?expand=0&rev=17
- update to 2.3.0:
* This release fixes several critical memory corruption vulnerabilities.
A malicious attacker could create a file, which, when processed with
osslsigncode, triggers arbitrary code execution. Any previous version
of osslsigncode should be immediately upgraded if the tool is used for
processing of untrusted files.
* fixed non-interactive PVK (MSBLOB) key decryption
* added a bash completion script
* added CA bundle path auto-detection
* CAT files support (thanks to James McKenzie)
* MSI support rewritten without libgsf dependency, which allows
* for handling of all the needed MSI metadata, such as dates
* "-untrusted" option renamed to "-TSA-CAfile"
* "-CRLuntrusted" option renamed to "-TSA-CRLfile"
* numerous bug fixes and improvements
* certificate chain verification support
* timestamp verification support
* CRL verification support ("-CRLfile" option)
* improved CAB signature support
* nested signatures support
* user-specified signing time ("-st" option) by vszakats
* added more tests
* fixed numerous bugs
* dropped OpenSSL 1.1.0 support
* orphaned project adopted by Michał Trojnara
* ported to OpenSSL 1.1.x
* ported to SoftHSM2
* add support for pkcs11-based hardware tokens
* improved error reporting of timestamping errors
- drop 0001-Make-code-work-with-OpenSSL-1.1.patch (obsolete)
OBS-URL: https://build.opensuse.org/request/show/968270
OBS-URL: https://build.opensuse.org/package/show/Base:System/osslsigncode?expand=0&rev=15
