pool/osslsigncode
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity
Files
factory
osslsigncode/osslsigncode.changes
Dirk Mueller 7410618c8b - update to 2.10: 
* added JavaScript signing
  * added PKCS#11 provider support (requires OpenSSL 3.0+)
  * added support for providers without specifying
    "-pkcs11module" option
  * (OpenSSL 3.0+, e.g., for the upcoming CNG provider)
  * added compatibility with the CNG engine version 1.1 or later
  * added the "-engineCtrl" option to control hardware and CNG
    engines
  * added the '-blobFile' option to specify a file containing the
    blob content
  * improved unauthenticated blob support (thanks to Asger Hautop
    Drewsen)
  * improved UTF-8 handling for certificate subjects and issuers
  * fixed support for multiple signerInfo contentType OIDs (CTL
    and Authenticode)
  * fixed tests for python-cryptography >= 43.0.0
- update to version 2.9:
  * added a 64 bit long pseudo-random NONCE in the TSA request
  * missing NID_pkcs9_signingTime is no longer an error
  * added support for PEM-encoded CRLs
  * fixed the APPX central directory sorting order
  * added a special "-" file name to read the passphrase from
    stdin
  * used native HTTP client with OpenSSL 3.x, removing libcurl
    dependency
  * added '-login' option to force a login to PKCS11 engines
  * added the "-ignore-crl" option to disable fetching and
    verifying CRL Distribution Points
  * changed error output to stderr instead of stdout

OBS-URL: https://build.opensuse.org/package/show/Base:System/osslsigncode?expand=0&rev=19
2025-07-12 08:27:03 +00:00

157 lines
6.6 KiB
Plaintext
Raw Permalink Blame History

-------------------------------------------------------------------
Sat Jul 12 08:24:35 UTC 2025 - Dirk Müller <dmueller@suse.com>
- update to 2.10:
* added JavaScript signing
* added PKCS#11 provider support (requires OpenSSL 3.0+)
* added support for providers without specifying
"-pkcs11module" option
* (OpenSSL 3.0+, e.g., for the upcoming CNG provider)
* added compatibility with the CNG engine version 1.1 or later
* added the "-engineCtrl" option to control hardware and CNG
engines
* added the '-blobFile' option to specify a file containing the
blob content
* improved unauthenticated blob support (thanks to Asger Hautop
Drewsen)
* improved UTF-8 handling for certificate subjects and issuers
* fixed support for multiple signerInfo contentType OIDs (CTL
and Authenticode)
* fixed tests for python-cryptography >= 43.0.0
- update to version 2.9:
* added a 64 bit long pseudo-random NONCE in the TSA request
* missing NID_pkcs9_signingTime is no longer an error
* added support for PEM-encoded CRLs
* fixed the APPX central directory sorting order
* added a special "-" file name to read the passphrase from
stdin
* used native HTTP client with OpenSSL 3.x, removing libcurl
dependency
* added '-login' option to force a login to PKCS11 engines
* added the "-ignore-crl" option to disable fetching and
verifying CRL Distribution Points
* changed error output to stderr instead of stdout
* various testing framework improvements
* various memory corruption fixes
- update to version 2.8:
* Microsoft PowerShell signing sponsored by Cisco Systems, Inc.
* fixed setting unauthenticated attributes (Countersignature,
Unauthenticated
* Data Blob) in a nested signature
* added the "-index" option to verify a specific signature or
modify its unauthenticated attributes
* added CAT file verification
* added listing the contents of a CAT file with the "-verbose"
option
* added the new "extract-data" command to extract a PKCS#7 data
content to be signed with "sign" and attached with "attach-signature"
* added PKCS9_SEQUENCE_NUMBER authenticated attribute support
* added the "-ignore-cdp" option to disable CRL Distribution
Points (CDP) online verification
* unsuccessful CRL retrieval and verification changed into a
critical error the "-p" option modified to also use to
configured proxy to connect CRL Distribution Points
* added implicit allowlisting of the Microsoft Root Authority
serial number 00C1008B3C3C8811D13EF663ECDF40
* added listing of certificate chain retrieved from the
signature in case of verification failure
-------------------------------------------------------------------
Wed Dec 20 09:35:53 UTC 2023 - Radoslav Kolev <radoslav.kolev@suse.com>
- update to 2.7.0
* fixed signing CAB files (by Michael Brown)
* fixed handling of unsupported commands (by Maxim Bagryantsev)
* fixed writing DIFAT sectors
* added APPX support (by Maciej Panek and Małgorzata Olszówka)
* added a built-in TSA response generation (-TSA-certs, -TSA-key
and -TSA-time options)
* added verification of CRLs specified in the signing certificate
* added MSI DIFAT sectors support (by Max Bagryantsev)
* added the "-h" option to set the cryptographic hash function for the
"attach -signature" and "add" commands
* set the default hash function to "sha256"
* added the "attach-signature" option to compute and compare the leaf
certificate hash for the "add" command
* renamed the "-st" option "-time"
* updated the "-time" option to also set explicit verification time
* added the "-ignore-timestamp" option
* removed the "-timestamp-expiration" option
* numerous bugfixes
* documentation updates
- build system changed to cmake
- use source code tag instead of release artifact for source
- updated URL
- removed gpg check, signature no longer available from upstream
-------------------------------------------------------------------
Sun Apr 10 15:30:02 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to 2.3.0:
* This release fixes several critical memory corruption vulnerabilities.
A malicious attacker could create a file, which, when processed with
osslsigncode, triggers arbitrary code execution. Any previous version
of osslsigncode should be immediately upgraded if the tool is used for
processing of untrusted files.
* fixed non-interactive PVK (MSBLOB) key decryption
* added a bash completion script
* added CA bundle path auto-detection
* CAT files support (thanks to James McKenzie)
* MSI support rewritten without libgsf dependency, which allows
* for handling of all the needed MSI metadata, such as dates
* "-untrusted" option renamed to "-TSA-CAfile"
* "-CRLuntrusted" option renamed to "-TSA-CRLfile"
* numerous bug fixes and improvements
* certificate chain verification support
* timestamp verification support
* CRL verification support ("-CRLfile" option)
* improved CAB signature support
* nested signatures support
* user-specified signing time ("-st" option) by vszakats
* added more tests
* fixed numerous bugs
* dropped OpenSSL 1.1.0 support
* orphaned project adopted by Michał Trojnara
* ported to OpenSSL 1.1.x
* ported to SoftHSM2
* add support for pkcs11-based hardware tokens
* improved error reporting of timestamping errors
- drop 0001-Make-code-work-with-OpenSSL-1.1.patch (obsolete)
- add gpg validation
-------------------------------------------------------------------
Mon Nov 12 09:25:56 UTC 2018 - meissner@suse.com
- license is now GPL 3.0
-------------------------------------------------------------------
Wed Oct 24 13:33:21 UTC 2018 - Cristian Rodríguez <crrodriguez@opensuse.org>
- 0001-Make-code-work-with-OpenSSL-1.1.patch: Build against
openssl 1.1.
-------------------------------------------------------------------
Wed Dec 20 14:28:54 UTC 2017 - fcrozat@suse.com
- Adapt BuildRequires to libopenssl-1_0_0-devel for SLE15 / TW.
-------------------------------------------------------------------
Mon Oct 5 09:57:22 UTC 2015 - idonmez@suse.com
- Add libgsf-devel dependency to enable MSI support.
-------------------------------------------------------------------
Sun Mar 8 17:33:10 UTC 2015 - p.drouand@gmail.com
- Update to version 1.7.1
* MSI: added -add-msi-dse option
* MSI: fix build when GSF_CAN_READ_MSI_METADATA defined
- Add autoconf, automake and pkg-config BuildRequire; new dependencies
- Move to pkg-config depend style
-------------------------------------------------------------------
Wed Jan 23 10:16:39 UTC 2013 - fcrozat@suse.com
- Initial package for openSUSE (based on James Bottomley package).
Reference in New Issue View Git Blame Copy Permalink