Accepting request 1292313 from Base:System

- update to 2.10:
  * added JavaScript signing
  * added PKCS#11 provider support (requires OpenSSL 3.0+)
  * added support for providers without specifying
    "-pkcs11module" option
  * (OpenSSL 3.0+, e.g., for the upcoming CNG provider)
  * added compatibility with the CNG engine version 1.1 or later
  * added the "-engineCtrl" option to control hardware and CNG
    engines
  * added the '-blobFile' option to specify a file containing the
    blob content
  * improved unauthenticated blob support (thanks to Asger Hautop
    Drewsen)
  * improved UTF-8 handling for certificate subjects and issuers
  * fixed support for multiple signerInfo contentType OIDs (CTL
    and Authenticode)
  * fixed tests for python-cryptography >= 43.0.0
- update to version 2.9:
  * added a 64 bit long pseudo-random NONCE in the TSA request
  * missing NID_pkcs9_signingTime is no longer an error
  * added support for PEM-encoded CRLs
  * fixed the APPX central directory sorting order
  * added a special "-" file name to read the passphrase from
    stdin
  * used native HTTP client with OpenSSL 3.x, removing libcurl
    dependency
  * added '-login' option to force a login to PKCS11 engines
  * added the "-ignore-crl" option to disable fetching and
    verifying CRL Distribution Points
  * changed error output to stderr instead of stdout

OBS-URL: https://build.opensuse.org/request/show/1292313
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/osslsigncode?expand=0&rev=10

osslsigncode-2.10.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:2a864e6127ee2350fb648070fa0d459c534ac6400ca0048886aeab7afb250f65
+size 1038769

osslsigncode-2.7.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:00fc2b43395d89a2d07ebbd4981e7a9dbc676c7115d122a1385441c0294239b8
-size 728429

osslsigncode.changes

@@ -1,3 +1,61 @@
+-------------------------------------------------------------------
+Sat Jul 12 08:24:35 UTC 2025 - Dirk Müller <dmueller@suse.com>
+
+- update to 2.10:
+  * added JavaScript signing
+  * added PKCS#11 provider support (requires OpenSSL 3.0+)
+  * added support for providers without specifying
+    "-pkcs11module" option
+  * (OpenSSL 3.0+, e.g., for the upcoming CNG provider)
+  * added compatibility with the CNG engine version 1.1 or later
+  * added the "-engineCtrl" option to control hardware and CNG
+    engines
+  * added the '-blobFile' option to specify a file containing the
+    blob content
+  * improved unauthenticated blob support (thanks to Asger Hautop
+    Drewsen)
+  * improved UTF-8 handling for certificate subjects and issuers
+  * fixed support for multiple signerInfo contentType OIDs (CTL
+    and Authenticode)
+  * fixed tests for python-cryptography >= 43.0.0
+- update to version 2.9:
+  * added a 64 bit long pseudo-random NONCE in the TSA request
+  * missing NID_pkcs9_signingTime is no longer an error
+  * added support for PEM-encoded CRLs
+  * fixed the APPX central directory sorting order
+  * added a special "-" file name to read the passphrase from
+    stdin
+  * used native HTTP client with OpenSSL 3.x, removing libcurl
+    dependency
+  * added '-login' option to force a login to PKCS11 engines
+  * added the "-ignore-crl" option to disable fetching and
+    verifying CRL Distribution Points
+  * changed error output to stderr instead of stdout
+  * various testing framework improvements
+  * various memory corruption fixes
+- update to version 2.8:
+  * Microsoft PowerShell signing sponsored by Cisco Systems, Inc.
+  * fixed setting unauthenticated attributes (Countersignature,
+    Unauthenticated
+  * Data Blob) in a nested signature
+  * added the "-index" option to verify a specific signature or
+    modify its unauthenticated attributes
+  * added CAT file verification
+  * added listing the contents of a CAT file with the "-verbose"
+    option
+  * added the new "extract-data" command to extract a PKCS#7 data
+    content to be signed with "sign" and attached with "attach-signature"
+  * added PKCS9_SEQUENCE_NUMBER authenticated attribute support
+  * added the "-ignore-cdp" option to disable CRL Distribution
+    Points (CDP) online verification
+  * unsuccessful CRL retrieval and verification changed into a
+    critical error the "-p" option modified to also use to
+    configured proxy to connect CRL Distribution Points
+  * added implicit allowlisting of the Microsoft Root Authority
+    serial number 00C1008B3C3C8811D13EF663ECDF40
+  * added listing of certificate chain retrieved from the
+    signature in case of verification failure
+
 -------------------------------------------------------------------
 Wed Dec 20 09:35:53 UTC 2023 - Radoslav Kolev <radoslav.kolev@suse.com>
 

osslsigncode.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package osslsigncode
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -17,7 +17,7 @@
 
 
 Name:           osslsigncode
-Version:        2.7
+Version:        2.10
 Release:        0
 Summary:        Platform-independent tool for Authenticode signing of EXE/CAB files
 License:        GPL-3.0-only
@@ -27,7 +27,6 @@ Source0:        https://github.com/mtrojnar/osslsigncode/archive/%{version}/ossl
 BuildRequires:  cmake
 BuildRequires:  pkgconfig
 BuildRequires:  pkgconfig(libcrypto) >= 1.1
-BuildRequires:  pkgconfig(libcurl)
 
 %description
 osslsigncode is a small utility for placing signatures on Microsoft cabinate