OpenSSL-based signcode utility is used for Authenticode signing of EXE/CAB files. It also supports timestamping.
Changes: An improved build system. Support for reading cert+key from a PKCS12 file. Support for reading a key from a PEM file. Support for SHA-1/SHA-256 (the default hash is now SHA-1). A flag for commercial signing (the default is individual).