rpms/AusweisApp2
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update to 2.4.0

Browse source
This commit is contained in:
Julian Sikorski 2025-10-30 14:20:24 +01:00
commit cf035deeb6
4 changed files with 67 additions and 81 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.gitignore vendored
View file

@ -32,3 +32,6 @@
/AusweisApp-2.3.2.tar.gz
/AusweisApp-2.3.2.tar.gz.asc
/AusweisApp-2.3.2.tar.gz.sha256
/AusweisApp-2.4.0.tar.gz
/AusweisApp-2.4.0.tar.gz.asc
/AusweisApp-2.4.0.tar.gz.sha256

103
AusweisApp2-2.0.1-use-legacy-openssl-api.patch → 0001-Use-legacy-OpenSSL-API.patch
View file

@ -1,20 +1,20 @@
From 6e6b651288b477d554112d0f22084c8387e4ea4e Mon Sep 17 00:00:00 2001
From f5d48a49ea7055b7d4edf5f1398557b475419fb9 Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Thu, 6 Mar 2025 10:13:06 +0100
Subject: [PATCH] AusweisApp2-2.0.1-use-legacy-openssl-api.patch
Date: Thu, 30 Oct 2025 13:51:15 +0100
Subject: [PATCH] Use legacy OpenSSL API
---
src/card/base/asn1/EcdsaPublicKey.cpp | 39 ------
src/card/base/asn1/EcdsaPublicKey.cpp | 39 -----
src/card/base/asn1/EcdsaPublicKey.h | 6 +-
src/card/base/pace/ec/EcUtil.cpp | 145 -------------------
src/card/base/pace/ec/EcUtil.h | 12 --
src/card/base/pace/ec/EcdhGenericMapping.cpp | 5 -
src/card/base/pace/ec/EcdhGenericMapping.h | 4 -
src/card/base/pace/ec/EcUtil.cpp | 140 -------------------
src/card/base/pace/ec/EcUtil.h | 12 --
src/card/simulator/SimulatorCard.cpp | 37 -----
src/card/simulator/SimulatorCard.h | 4 -
src/card/simulator/SimulatorFileSystem.cpp | 9 --
src/card/simulator/SimulatorFileSystem.h | 4 -
10 files changed, 1 insertion(+), 259 deletions(-)
10 files changed, 1 insertion(+), 264 deletions(-)
diff --git a/src/card/base/asn1/EcdsaPublicKey.cpp b/src/card/base/asn1/EcdsaPublicKey.cpp
index 7f54045..dc7e26b 100644
@ -110,44 +110,11 @@ index 860bc74..c85e48b 100644
public:
static int decodeCallback(int pOperation, ASN1_VALUE** pVal, const ASN1_ITEM* pIt, void* pExarg);
diff --git a/src/card/base/pace/ec/EcdhGenericMapping.cpp b/src/card/base/pace/ec/EcdhGenericMapping.cpp
index 04cee51..571c7a0 100644
--- a/src/card/base/pace/ec/EcdhGenericMapping.cpp
+++ b/src/card/base/pace/ec/EcdhGenericMapping.cpp
@@ -49,12 +49,7 @@ bool EcdhGenericMapping::generateEphemeralDomainParameters(const QByteArray& pRe
return false;
}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- const QSharedPointer<const EC_POINT> localPubKeyPtr = EcUtil::oct2point(mCurve, EcUtil::getEncodedPublicKey(mLocalKey));
- const EC_POINT* localPubKey = localPubKeyPtr.data();
-#else
const EC_POINT* localPubKey = EC_KEY_get0_public_key(mLocalKey.data());
-#endif
if (!EC_POINT_cmp(mCurve.data(), localPubKey, remotePubKey.data(), nullptr))
{
qCCritical(card) << "The exchanged public keys are equal.";
diff --git a/src/card/base/pace/ec/EcdhGenericMapping.h b/src/card/base/pace/ec/EcdhGenericMapping.h
index e9c9768..188befb 100644
--- a/src/card/base/pace/ec/EcdhGenericMapping.h
+++ b/src/card/base/pace/ec/EcdhGenericMapping.h
@@ -22,11 +22,7 @@ class EcdhGenericMapping
private:
const QSharedPointer<EC_GROUP> mCurve;
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- QSharedPointer<EVP_PKEY> mLocalKey;
-#else
QSharedPointer<EC_KEY> mLocalKey;
-#endif
QSharedPointer<EC_POINT> createNewGenerator(const QSharedPointer<const EC_POINT>& pRemotePubKey, const QSharedPointer<const BIGNUM>& pS);
diff --git a/src/card/base/pace/ec/EcUtil.cpp b/src/card/base/pace/ec/EcUtil.cpp
index 67e970e..546438f 100644
index 069ad81..546438f 100644
--- a/src/card/base/pace/ec/EcUtil.cpp
+++ b/src/card/base/pace/ec/EcUtil.cpp
@@ -103,143 +103,6 @@ QSharedPointer<EC_POINT> EcUtil::oct2point(const QSharedPointer<const EC_GROUP>&
@@ -103,148 +103,6 @@ QSharedPointer<EC_POINT> EcUtil::oct2point(const QSharedPointer<const EC_GROUP>&
}
@ -197,8 +164,13 @@ index 67e970e..546438f 100644
- return nullptr;
- }
-
- if (OSSL_PARAM* params = nullptr;
- pFunc(bld) && (params = OSSL_PARAM_BLD_to_param(bld)) != nullptr)
- if (!pFunc(bld))
- {
- qCCritical(card) << "Cannot initialize parameter builder";
- return nullptr;
- }
-
- if (OSSL_PARAM* params = OSSL_PARAM_BLD_to_param(bld); params != nullptr)
- {
- static auto deleter = [](OSSL_PARAM* pParam)
- {
@ -291,7 +263,7 @@ index 67e970e..546438f 100644
QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer<EC_KEY>& pKey, bool pCompressed)
{
if (pKey.isNull())
@@ -288,6 +151,3 @@ QSharedPointer<EC_KEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>&
@@ -293,6 +151,3 @@ QSharedPointer<EC_KEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>&
return key;
}
@ -344,6 +316,39 @@ index 63eb16c..914c268 100644
inline QSharedPointer<EC_POINT> EcUtil::create(EC_POINT* pEcPoint)
{
static auto deleter = [](EC_POINT* ecPoint)
diff --git a/src/card/base/pace/ec/EcdhGenericMapping.cpp b/src/card/base/pace/ec/EcdhGenericMapping.cpp
index 04cee51..571c7a0 100644
--- a/src/card/base/pace/ec/EcdhGenericMapping.cpp
+++ b/src/card/base/pace/ec/EcdhGenericMapping.cpp
@@ -49,12 +49,7 @@ bool EcdhGenericMapping::generateEphemeralDomainParameters(const QByteArray& pRe
return false;
}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- const QSharedPointer<const EC_POINT> localPubKeyPtr = EcUtil::oct2point(mCurve, EcUtil::getEncodedPublicKey(mLocalKey));
- const EC_POINT* localPubKey = localPubKeyPtr.data();
-#else
const EC_POINT* localPubKey = EC_KEY_get0_public_key(mLocalKey.data());
-#endif
if (!EC_POINT_cmp(mCurve.data(), localPubKey, remotePubKey.data(), nullptr))
{
qCCritical(card) << "The exchanged public keys are equal.";
diff --git a/src/card/base/pace/ec/EcdhGenericMapping.h b/src/card/base/pace/ec/EcdhGenericMapping.h
index e9c9768..188befb 100644
--- a/src/card/base/pace/ec/EcdhGenericMapping.h
+++ b/src/card/base/pace/ec/EcdhGenericMapping.h
@@ -22,11 +22,7 @@ class EcdhGenericMapping
private:
const QSharedPointer<EC_GROUP> mCurve;
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- QSharedPointer<EVP_PKEY> mLocalKey;
-#else
QSharedPointer<EC_KEY> mLocalKey;
-#endif
QSharedPointer<EC_POINT> createNewGenerator(const QSharedPointer<const EC_POINT>& pRemotePubKey, const QSharedPointer<const BIGNUM>& pS);
diff --git a/src/card/simulator/SimulatorCard.cpp b/src/card/simulator/SimulatorCard.cpp
index 3c4e218..a39fb54 100644
--- a/src/card/simulator/SimulatorCard.cpp
@ -416,10 +421,10 @@ index fc9db00..7a881cb 100644
QByteArray mTaSigningData;
QByteArray mTaAuxData;
diff --git a/src/card/simulator/SimulatorFileSystem.cpp b/src/card/simulator/SimulatorFileSystem.cpp
index 3c0fb35..3f00ae8 100644
index 5c01caa..4cbe60c 100644
--- a/src/card/simulator/SimulatorFileSystem.cpp
+++ b/src/card/simulator/SimulatorFileSystem.cpp
@@ -357,11 +357,7 @@ QByteArray SimulatorFileSystem::getPassword(PacePasswordId pPasswordId) const
@@ -347,11 +347,7 @@ QByteArray SimulatorFileSystem::getPassword(PacePasswordId pPasswordId) const
}
@ -431,7 +436,7 @@ index 3c0fb35..3f00ae8 100644
{
if (!mKeys.contains(pKeyId))
{
@@ -377,13 +373,8 @@ QSharedPointer<EC_KEY> SimulatorFileSystem::getKey(int pKeyId) const
@@ -367,13 +363,8 @@ QSharedPointer<EC_KEY> SimulatorFileSystem::getKey(int pKeyId) const
return nullptr;
}
@ -462,5 +467,5 @@ index 7d8458f..57065db 100644
void setTrustPoint(const QSharedPointer<const CVCertificate>& pTrustPoint);
--
2.48.1
2.51.0

36
AusweisApp2.spec
View file

@ -24,10 +24,6 @@ fi \
%global build_fflags %(echo '%{build_fflags}' | sed -e 's!-ffat-lto-objects!-fno-fat-lto-objects!g')
%global build_fcflags %(echo '%{build_fflags}' | sed -e 's!-ffat-lto-objects!-fno-fat-lto-objects!g')
# Build and package Doxygen documentation?
%bcond_without doxy
# Do we build with Qt6?
%if 0%{?fedora} || 0%{?rhel} >= 9
%global qt6_build 1
%else
@ -41,7 +37,7 @@ fi \
%global newname AusweisApp
Name: AusweisApp2
Version: 2.3.2
Version: 2.4.0
Release: %autorelease
Summary: %{pkg_sum}
@ -67,7 +63,7 @@ Patch01000: %{name}-1.24.1-use_Qt_TranslationsPath.patch
# Needed because Fedora's openssl does not support elliptic curves using custom parameters.
# Request to enable them was denied: https://bugzilla.redhat.com/show_bug.cgi?id=2259403
# It is currently not clear if the legacy API works by accident or by design. It does work as of March 2025.
Patch01001: %{name}-2.0.1-use-legacy-openssl-api.patch
Patch01001: 0001-Use-legacy-OpenSSL-API.patch
BuildRequires: cmake
BuildRequires: crypto-policies
@ -162,10 +158,6 @@ used by %{name}.
Summary: User and API documentation for %{name}
BuildArch: noarch
%if %{with doxy}
BuildRequires: doxygen
BuildRequires: graphviz
%endif
BuildRequires: hardlink
BuildRequires: python3-sphinx
BuildRequires: python3-sphinx_rtd_theme
@ -173,11 +165,6 @@ BuildRequires: python3-sphinx_rtd_theme
# Do not raise conflicts about shared license files.
Requires: (%{name} = %{version}-%{release} if %{name})
# The doc-api package is faded, since we can ship the
# Doxygen documentation noarch'ed as well now.
Obsoletes: %{name}-doc-api < 1.20.1-2
Provides: %{name}-doc-api = %{version}-%{release}
%description doc
This package contains the user and API documentation for %{name}.
@ -232,16 +219,10 @@ EOF
%if (0%{?fedora} || 0%{?rhel} > 8)
# Documentation.
%cmake_build --target installation_integration notes sdk
%if %{with doxy}
%cmake_build --target doxy
%endif
%cmake_build --target installation_integration_de installation_integration_en notes sdk
%else
# Documentation.
%ninja_build -C %{_vpath_builddir} installation_integration notes sdk
%if %{with doxy}
%ninja_build -C %{_vpath_builddir} doxy
%endif
%ninja_build -C %{_vpath_builddir} installation_integration_de installation_integration_en notes sdk
%endif
@ -266,13 +247,10 @@ rm -fr %{buildroot}%{_datadir}/%{newname}/translations
%endif
# Excessive docs.
mkdir -p %{buildroot}%{_pkgdocdir}/{installation_integration,notes,sdk}
mkdir -p %{buildroot}%{_pkgdocdir}/{installation_integration_{de,en},notes,sdk}
install -pm 0644 README.rst %{buildroot}%{_pkgdocdir}
%if %{with doxy}
mkdir -p %{buildroot}%{_pkgdocdir}/doxy
cp -a %{_vpath_builddir}/doc/html/* %{buildroot}%{_pkgdocdir}/doxy
%endif
cp -a %{_vpath_builddir}/docs/installation_integration/html/* %{buildroot}%{_pkgdocdir}/installation_integration
cp -a %{_vpath_builddir}/docs/installation_integration_de/html/* %{buildroot}%{_pkgdocdir}/installation_integration_de
cp -a %{_vpath_builddir}/docs/installation_integration_en/html/* %{buildroot}%{_pkgdocdir}/installation_integration_en
cp -a %{_vpath_builddir}/docs/notes/html/* %{buildroot}%{_pkgdocdir}/notes
cp -a %{_vpath_builddir}/docs/sdk/html/* %{buildroot}%{_pkgdocdir}/sdk
find %{buildroot}%{_pkgdocdir} -type d -print0 | xargs -0 chmod -c 0755

6
sources
View file

@ -1,4 +1,4 @@
SHA512 (AusweisApp-2.3.2.tar.gz) = b342b024f6d05c9c5239d750499b3ef976e819bfde4990bc301095a71378fd2f026e4c70c79784c06c372545d6a35c07a62cfdb01625dcc022446a66cee658b4
SHA512 (AusweisApp-2.3.2.tar.gz.asc) = a6e37ea068142162dc3386e19bd428b3fb652c43eaf719ec3f4e3d6e078281b95e5fa728677632441662da89f54a6e2c7b29b7efa6e40e1cd0e6a7df4ded8cc6
SHA512 (AusweisApp-2.3.2.tar.gz.sha256) = 6158a7b838406c9e87e03eafb999312d5db37aa4a8a3ce5c4bb1be400169f047f440a3fb50092d57c318ac4951338cb50e30d791dda97b2a9b913226b59f710d
SHA512 (AusweisApp-2.4.0.tar.gz) = 6e0d89b30176f7722bebab01322363ee38ff43573167061d4a97d840b669f3e579ad9fb62345b97b75490690fd5e03f25994eaa1a77334171fcdd28d39ec3e4a
SHA512 (AusweisApp-2.4.0.tar.gz.asc) = ac8ffdb68d5847978bf639a8f32462053bddcace5d9c3d6cb16e788bb2dbe98ae3b7cafe089246fa786fa4b3e048b81b608cbe77e948a843b2dcd774796d2a56
SHA512 (AusweisApp-2.4.0.tar.gz.sha256) = 257634437251fc22b3d85386a282ee4ce68d2f0db1112a912a54db9a6741ecb79b4180c490486d9ff8519246e62165b5953ed5739e9de0e180bb46decfeff16a
SHA512 (AusweisApp2-pubring.gpg) = 3aae27b673f4eb2f7d3bda6c839b3d11829a730bde546e92abb889abb1c2453e786dc906154074485406692f5b9abbb3e1fb293e6b397696b6371016723621cd