File: NEWS.md

package info (click to toggle)
osslsigncode 2.2-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 656 kB
  • sloc: ansic: 5,953; sh: 2,362; python: 121; makefile: 25
file content (120 lines) | stat: -rw-r--r-- 3,824 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
### 2.2 (2021.08.15)

- CAT files support (thanks to James McKenzie)
- MSI support rewritten without libgsf dependency, which allows
  for handling of all the needed MSI metadata, such as dates
- "-untrusted" option renamed to "-TSA-CAfile"
- "-CRLuntrusted" option renamed to "-TSA-CRLfile"
- numerous bug fixes and improvements

### 2.1 (2020-10-11)

- certificate chain verification support
- timestamp verification support
- CRL verification support ("-CRLfile" option)
- improved CAB signature support
- nested signatures support
- user-specified signing time ("-st" option) by vszakats
- added more tests
- fixed numerous bugs
- dropped OpenSSL 1.1.0 support

### 2.0 (2018-12-04)

- orphaned project adopted by Michał Trojnara
- ported to OpenSSL 1.1.x
- ported to SoftHSM2
- add support for pkcs11-based hardware tokens
  (Patch from Leif Johansson)
- improved error reporting of timestamping errors
  (Patch from Carlo Teubner)

### 1.7.1 (2014-07-11)

- MSI: added -add-msi-dse option
  (Patch from Mikkel Krautz)
- MSI: fix build when GSF_CAN_READ_MSI_METADATA defined
  (Patch from Mikkel Krautz)

### 1.7 (2014-07-10)

- add support for nested signatures
  (Patch from Mikkel Krautz)
- fix compilation problem with OpenSSL < 1.0.0
- added OpenSSL linkage exception to license

### 1.6 (2014-01-21)

- add support for reading password from file
- add support for asking for password (on systems that
  provide support for it)
- add support for compiling and running on Windows
  (Patch from Heiko Hund)
- fix compilation without curl
  (Fix from Heiko Hund)
- added support for giving multiple timestamp servers
  as arguments (first one that succeeds will be used)
- signatures on hierarchical MSI files were broken
  (Fix from Mikkel Krautz)
- MSI: Add support for MsiDigitalSignatureEx signature
  (Patch from Mikkel Krautz)
- add support for adding additional/cross certificates
  through -ac option
  (Thanks to Lars Munch for idea + testing)
- MSI: Add support for signature extract/remove/verify
  (Patches from Mikkel Krautz)
- PE/MSI: Implement -require-leaf-hash for verify.
  (Patch from Mikkel Krautz)

### 1.5.2 (2013-03-13)

- added support for signing with SHA-384 and SHA-512
- added support for page hashing (-ph option)

### 1.5.1 (2013-03-12)

- forgot to bump version number...

### 1.5 (2013-03-12)

- added support for signing MSI files (patch from Marc-André Lureau)
- calculate correct PE checksum instead of setting it to 0
  (patch from Roland Schwingel)
- added support for RFC3161 timestamping (-ts option)
- added support for extracting/removing/verifying signature on PE files
- fixed problem with not being able to decode timestamps with no newlines
- added stricter checks for PE file validity
- added support for reading keys from PVK files (requires OpenSSL 1.0.0 or later)
- added support for reading certificates from PEM files
- renamed program option: -spc to -certs (old option name still valid)

### 1.4 (2011-08-12)

- improved build system (patch from Alon Bar-Lev)
- support reading cert+key from PKCS12 file (patch from Alon Bar-Lev)
- support reading key from PEM file
- added support for sha1/sha256 - default hash is now sha1
- added flag for commercial signing (default is individual)

### 1.3.1 (2009-08-07)

- support signing of 64-bit executables (fix  from Paul Kendall)

### 1.3 (2008-01-31)

- fixed padding problem (fix from Ryan Rubley)
- allow signing of already signed files (fix from Ryan Rubley)
- added Ryan Rubley's PVK-to-DER guide into the README

### 1.2 (2005-01-21)

- autoconf:ed (Thanks to Roy Keene)
- added documentation
- don't override PKCS7_get_signed_attribute, it wasn't
  actually needed, it was me being confused.
- compiles without curl, which means no timestamping
- version number output

### 1.1 (2005-01-19)

- Initial release