Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package osslsigncode for openSUSE:Factory checked in at 2026-04-02 17:43:58 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/osslsigncode (Old) and /work/SRC/openSUSE:Factory/.osslsigncode.new.21863 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "osslsigncode" Thu Apr 2 17:43:58 2026 rev:11 rq:1344325 version:2.13 Changes: -------- --- /work/SRC/openSUSE:Factory/osslsigncode/osslsigncode.changes 2025-07-14 10:56:16.960025143 +0200 +++ /work/SRC/openSUSE:Factory/.osslsigncode.new.21863/osslsigncode.changes 2026-04-02 17:45:28.757993206 +0200 @@ -1,0 +2,21 @@ +Thu Apr 2 07:34:46 UTC 2026 - Frederic Crozat <[email protected]> + +- Update to 2.13 (bsc#1260680, CVE-2025-70888): + * fixed integer overflows when processing APPX compressed data + streams + * fixed double-free vulnerabilities in APPX file processing + * fixed multiple memory corruption issues in PE page hash + computation +- Changes from 2.12: + * fixed a buffer overflow while extracting message digests +- Changes from 2.11: + * added keyUsage validation for signer certificate + * added printing CRL details during signature verification + * implemented a workaround for CRL servers returning the + HTTP Content-Type header other than application/pkix-crl + * fixed HTTP keep-alive handling + * fixed macOS compiler and linker flags + * fixed undefined BIO_get_fp() behavior with + BIO_FLAGS_UPLINK_INTERNAL + +------------------------------------------------------------------- @@ -156 +176,0 @@ - Old: ---- osslsigncode-2.10.tar.gz New: ---- osslsigncode-2.13.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ osslsigncode.spec ++++++ --- /var/tmp/diff_new_pack.4gUd30/_old 2026-04-02 17:45:29.330016629 +0200 +++ /var/tmp/diff_new_pack.4gUd30/_new 2026-04-02 17:45:29.330016629 +0200 @@ -1,7 +1,7 @@ # # spec file for package osslsigncode # -# Copyright (c) 2025 SUSE LLC +# Copyright (c) 2026 SUSE LLC and contributors # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,13 +17,13 @@ Name: osslsigncode -Version: 2.10 +Version: 2.13 Release: 0 Summary: Platform-independent tool for Authenticode signing of EXE/CAB files License: GPL-3.0-only Group: Productivity/Security URL: https://github.com/mtrojnar/osslsigncode -Source0: https://github.com/mtrojnar/osslsigncode/archive/%{version}/osslsigncode-%{version}.tar.gz +Source0: https://github.com/mtrojnar/osslsigncode/archive/%{version}.tar.gz#/osslsigncode-%{version}.tar.gz BuildRequires: cmake BuildRequires: pkgconfig BuildRequires: pkgconfig(libcrypto) >= 1.1 ++++++ osslsigncode-2.10.tar.gz -> osslsigncode-2.13.tar.gz ++++++ ++++ 4045 lines of diff (skipped)
