Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package osslsigncode for openSUSE:Factory checked in at 2025-07-14 10:51:06 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/osslsigncode (Old) and /work/SRC/openSUSE:Factory/.osslsigncode.new.7373 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "osslsigncode" Mon Jul 14 10:51:06 2025 rev:10 rq:1292313 version:2.10 Changes: -------- --- /work/SRC/openSUSE:Factory/osslsigncode/osslsigncode.changes 2024-01-09 20:51:27.876171262 +0100 +++ /work/SRC/openSUSE:Factory/.osslsigncode.new.7373/osslsigncode.changes 2025-07-14 10:56:16.960025143 +0200 @@ -1,0 +2,58 @@ +Sat Jul 12 08:24:35 UTC 2025 - Dirk Müller <dmuel...@suse.com> + +- update to 2.10: + * added JavaScript signing + * added PKCS#11 provider support (requires OpenSSL 3.0+) + * added support for providers without specifying + "-pkcs11module" option + * (OpenSSL 3.0+, e.g., for the upcoming CNG provider) + * added compatibility with the CNG engine version 1.1 or later + * added the "-engineCtrl" option to control hardware and CNG + engines + * added the '-blobFile' option to specify a file containing the + blob content + * improved unauthenticated blob support (thanks to Asger Hautop + Drewsen) + * improved UTF-8 handling for certificate subjects and issuers + * fixed support for multiple signerInfo contentType OIDs (CTL + and Authenticode) + * fixed tests for python-cryptography >= 43.0.0 +- update to version 2.9: + * added a 64 bit long pseudo-random NONCE in the TSA request + * missing NID_pkcs9_signingTime is no longer an error + * added support for PEM-encoded CRLs + * fixed the APPX central directory sorting order + * added a special "-" file name to read the passphrase from + stdin + * used native HTTP client with OpenSSL 3.x, removing libcurl + dependency + * added '-login' option to force a login to PKCS11 engines + * added the "-ignore-crl" option to disable fetching and + verifying CRL Distribution Points + * changed error output to stderr instead of stdout + * various testing framework improvements + * various memory corruption fixes +- update to version 2.8: + * Microsoft PowerShell signing sponsored by Cisco Systems, Inc. + * fixed setting unauthenticated attributes (Countersignature, + Unauthenticated + * Data Blob) in a nested signature + * added the "-index" option to verify a specific signature or + modify its unauthenticated attributes + * added CAT file verification + * added listing the contents of a CAT file with the "-verbose" + option + * added the new "extract-data" command to extract a PKCS#7 data + content to be signed with "sign" and attached with "attach-signature" + * added PKCS9_SEQUENCE_NUMBER authenticated attribute support + * added the "-ignore-cdp" option to disable CRL Distribution + Points (CDP) online verification + * unsuccessful CRL retrieval and verification changed into a + critical error the "-p" option modified to also use to + configured proxy to connect CRL Distribution Points + * added implicit allowlisting of the Microsoft Root Authority + serial number 00C1008B3C3C8811D13EF663ECDF40 + * added listing of certificate chain retrieved from the + signature in case of verification failure + +------------------------------------------------------------------- Old: ---- osslsigncode-2.7.tar.gz New: ---- osslsigncode-2.10.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ osslsigncode.spec ++++++ --- /var/tmp/diff_new_pack.vVH2tN/_old 2025-07-14 10:56:17.604051813 +0200 +++ /var/tmp/diff_new_pack.vVH2tN/_new 2025-07-14 10:56:17.608051979 +0200 @@ -1,7 +1,7 @@ # # spec file for package osslsigncode # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2025 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: osslsigncode -Version: 2.7 +Version: 2.10 Release: 0 Summary: Platform-independent tool for Authenticode signing of EXE/CAB files License: GPL-3.0-only @@ -27,7 +27,6 @@ BuildRequires: cmake BuildRequires: pkgconfig BuildRequires: pkgconfig(libcrypto) >= 1.1 -BuildRequires: pkgconfig(libcurl) %description osslsigncode is a small utility for placing signatures on Microsoft cabinate ++++++ osslsigncode-2.7.tar.gz -> osslsigncode-2.10.tar.gz ++++++ ++++ 25948 lines of diff (skipped)
