From 73d7cf011e660bcee98dcfe5f9128412ac97191d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20Trojnara?= <Michal.Trojnara@stunnel.org>
Date: Sun, 6 Mar 2022 20:11:25 +0100
Subject: [PATCH] release 2.3
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Michał Trojnara <Michal.Trojnara@stunnel.org>
---
 INSTALL.W32.md |  8 ++++----
 NEWS.md        | 17 +++++++++++++----
 configure.ac   |  2 +-
 3 files changed, 18 insertions(+), 9 deletions(-)

diff --git a/INSTALL.W32.md b/INSTALL.W32.md
index b7b032b9..3b9ab414 100644
--- a/INSTALL.W32.md
+++ b/INSTALL.W32.md
@@ -14,7 +14,7 @@
   cd osslsigncode-folder
   x86_64-w64-mingw32-gcc osslsigncode.c msi.c msi.h -o osslsigncode.exe \
     -lcrypto -lssl -lcurl \
-    -D 'PACKAGE_STRING="osslsigncode 2.2"' \
+    -D 'PACKAGE_STRING="osslsigncode 2.3"' \
     -D 'PACKAGE_BUGREPORT="Michal.Trojnara@stunnel.org"' \
     -D ENABLE_CURL
 ```
@@ -24,7 +24,7 @@
   path=%path%;c:\msys64\mingw64\bin
   cd osslsigncode-folder
   osslsigncode.exe -v
-  osslsigncode 2.2, using:
+  osslsigncode 2.3, using:
         OpenSSL 1.1.1g  21 Apr 2020 (Library: OpenSSL 1.1.1g  21 Apr 2020)
         libcurl/7.70.0 OpenSSL/1.1.1g (Schannel) zlib/1.2.11 brotli/1.0.7 libidn2/2.3.0
         libpsl/0.21.0 (+libidn2/2.3.0) libssh2/1.9.0 nghttp2/1.40.0
@@ -76,7 +76,7 @@
     -I 'C:/OpenSSL/include/' \
     -L 'C:/curl/lib' -lcurl \
     -I 'C:/curl/include' \
-    -D 'PACKAGE_STRING="osslsigncode 2.2"' \
+    -D 'PACKAGE_STRING="osslsigncode 2.3"' \
     -D 'PACKAGE_BUGREPORT="Michal.Trojnara@stunnel.org"' \
     -D ENABLE_CURL
 ```
@@ -90,7 +90,7 @@
   copy C:\msys64\mingw64\bin\zlib1.dll
 
   osslsigncode.exe -v
-  osslsigncode 2.2, using:
+  osslsigncode 2.3, using:
         OpenSSL 1.1.1k  25 Mar 2021 (Library: OpenSSL 1.1.1k  25 Mar 2021)
         libcurl/7.78.0 OpenSSL/1.1.1k zlib/1.2.11
 ```
diff --git a/NEWS.md b/NEWS.md
index 18b62671..9531a379 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -1,10 +1,19 @@
 # osslsigncode change log
 
-### 2.3 (unreleased)
+### 2.3 (2022.03.06)
 
-- fixed memory safety
-- added bash completion script
-- added CA bundle auto-detection
+**CRITICAL SECURITY VULNERABILITIES**
+
+This release fixes several critical memory corruption vulnerabilities.
+A malicious attacker could create a file, which, when processed with
+osslsigncode, triggers arbitrary code execution.  Any previous version
+of osslsigncode should be immediately upgraded if the tool is used for
+processing of untrusted files.
+
+- fixed several memory safety issues
+- fixed non-interactive PVK (MSBLOB) key decryption
+- added a bash completion script
+- added CA bundle path auto-detection
 
 ### 2.2 (2021.08.15)
 
diff --git a/configure.ac b/configure.ac
index 8c92f2be..cf3bdac7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,6 +1,6 @@
 AC_PREREQ(2.60)
 
-AC_INIT([osslsigncode], [2.2.0], [Michal.Trojnara@stunnel.org])
+AC_INIT([osslsigncode], [2.3.0], [Michal.Trojnara@stunnel.org])
 AC_CONFIG_AUX_DIR([.])
 AC_CONFIG_HEADERS([config.h])
 AM_INIT_AUTOMAKE