nhyatt/osslsigncode
1
0
Fork 0
mirror of https://github.com/mtrojnar/osslsigncode.git synced 2025-04-04 17:00:11 -05:00
Code Issues Projects Releases Wiki Activity

release 2.3

Browse Source 
Signed-off-by: Michał Trojnara <Michal.Trojnara@stunnel.org>
This commit is contained in:
Michał Trojnara 2022-03-06 20:11:25 +01:00
parent 7affd85c46
commit 73d7cf011e
3 changed files with 18 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
INSTALL.W32.md
View File

@ -14,7 +14,7 @@
cd osslsigncode-folder
x86_64-w64-mingw32-gcc osslsigncode.c msi.c msi.h -o osslsigncode.exe \
-lcrypto -lssl -lcurl \
-D 'PACKAGE_STRING="osslsigncode 2.2"' \
-D 'PACKAGE_STRING="osslsigncode 2.3"' \
-D 'PACKAGE_BUGREPORT="Michal.Trojnara@stunnel.org"' \
-D ENABLE_CURL
```
@ -24,7 +24,7 @@
path=%path%;c:\msys64\mingw64\bin
cd osslsigncode-folder
osslsigncode.exe -v
osslsigncode 2.2, using:
osslsigncode 2.3, using:
OpenSSL 1.1.1g 21 Apr 2020 (Library: OpenSSL 1.1.1g 21 Apr 2020)
libcurl/7.70.0 OpenSSL/1.1.1g (Schannel) zlib/1.2.11 brotli/1.0.7 libidn2/2.3.0
libpsl/0.21.0 (+libidn2/2.3.0) libssh2/1.9.0 nghttp2/1.40.0
@ -76,7 +76,7 @@
-I 'C:/OpenSSL/include/' \
-L 'C:/curl/lib' -lcurl \
-I 'C:/curl/include' \
-D 'PACKAGE_STRING="osslsigncode 2.2"' \
-D 'PACKAGE_STRING="osslsigncode 2.3"' \
-D 'PACKAGE_BUGREPORT="Michal.Trojnara@stunnel.org"' \
-D ENABLE_CURL
```
@ -90,7 +90,7 @@
copy C:\msys64\mingw64\bin\zlib1.dll
osslsigncode.exe -v
osslsigncode 2.2, using:
osslsigncode 2.3, using:
OpenSSL 1.1.1k 25 Mar 2021 (Library: OpenSSL 1.1.1k 25 Mar 2021)
libcurl/7.78.0 OpenSSL/1.1.1k zlib/1.2.11
```

17
NEWS.md
View File

@ -1,10 +1,19 @@
# osslsigncode change log
### 2.3 (unreleased)
### 2.3 (2022.03.06)
- fixed memory safety
- added bash completion script
- added CA bundle auto-detection
**CRITICAL SECURITY VULNERABILITIES**
This release fixes several critical memory corruption vulnerabilities.
A malicious attacker could create a file, which, when processed with
osslsigncode, triggers arbitrary code execution. Any previous version
of osslsigncode should be immediately upgraded if the tool is used for
processing of untrusted files.
- fixed several memory safety issues
- fixed non-interactive PVK (MSBLOB) key decryption
- added a bash completion script
- added CA bundle path auto-detection
### 2.2 (2021.08.15)

2
configure.ac
View File

@ -1,6 +1,6 @@
AC_PREREQ(2.60)
AC_INIT([osslsigncode], [2.2.0], [Michal.Trojnara@stunnel.org])
AC_INIT([osslsigncode], [2.3.0], [Michal.Trojnara@stunnel.org])
AC_CONFIG_AUX_DIR([.])
AC_CONFIG_HEADERS([config.h])
AM_INIT_AUTOMAKE