From 95b09082941948539e685041f7f51680b7d0d296 Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Wed, 29 Nov 2023 14:30:22 +0100 Subject: [PATCH 01/47] Rebuild (qt6) --- AusweisApp2.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/AusweisApp2.spec b/AusweisApp2.spec index 601ae1b..134afc2 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -40,7 +40,7 @@ fi \ Name: AusweisApp2 Version: 1.26.7 -Release: 3%{?dist} +Release: 4%{?dist} Summary: %{pkg_sum} License: EUPL 1.2 @@ -314,6 +314,9 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/*.desktop %changelog +* Wed Nov 29 2023 Jan Grulich - 1.26.7-4 +- Rebuild (qt6) + * Fri Oct 13 2023 Jan Grulich - 1.26.7-3 - Rebuild (qt6) From c0bf3c33bf755f7b5482bdb2b1f08e2770740561 Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Thu, 23 Nov 2023 12:23:34 +0100 Subject: [PATCH 02/47] Update to 2.0.1 Fix up config.json.in section names --- .gitignore | 2 + AusweisApp-2.0.1.tar.gz.asc | 16 ++++++++ AusweisApp-2.0.1.tar.gz.sha256 | 1 + AusweisApp2-1.26.7.tar.gz.asc | 16 -------- AusweisApp2-1.26.7.tar.gz.sha256 | 1 - AusweisApp2.spec | 69 +++++++++++++++++--------------- gen_openssl_cnf.py | 5 ++- sources | 2 +- 8 files changed, 60 insertions(+), 52 deletions(-) create mode 100644 AusweisApp-2.0.1.tar.gz.asc create mode 100644 AusweisApp-2.0.1.tar.gz.sha256 delete mode 100644 AusweisApp2-1.26.7.tar.gz.asc delete mode 100644 AusweisApp2-1.26.7.tar.gz.sha256 diff --git a/.gitignore b/.gitignore index b4dc8e7..5ae286d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ /AusweisApp2-*.tar.gz /AusweisApp2-pubring.gpg +/AusweisApp-2.0.1.tar.gz +/AusweisApp-pubring.gpg diff --git a/AusweisApp-2.0.1.tar.gz.asc b/AusweisApp-2.0.1.tar.gz.asc new file mode 100644 index 0000000..14532fc --- /dev/null +++ b/AusweisApp-2.0.1.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEaZvzBVsKSSJO/efHLXR5pTFFEIgFAmVLsQYACgkQLXR5pTFF +EIjJCA//feGQo9BK6eT0hDSHd8k5zyRspQdPMPuw2VneeoFcnZyZpJSWdXsNe1DO +vbauUmuPRRt0e4vs1k5aB+DJ7J7JZ8XNmpLvaph9y7CQ/BQqM+SKVg3Qv/0dIyVv +iG/BpBtZ6tkdFafOvlAO2ed6NIU8sKnicGxeHTeIJg6+xr+KICwEI+scodftcqbl +QvDnoZT/EsCiiiz2+HwIGcrraJfBJ7DyLYW2Sdo0xlBnMSqXHManx84rw89i7Tvb +MZUaP1PROMbxF9RDHKvb/ZnMGgecB+wnAR6V2gWxQfPyg27lrXrxDEcm65zppOky +RIr5s+egnv+txHPdkdL/mwhKpAr5q8Hgc5tq1Bn2rC9/+ESi4HF/2TkRGlkEIez7 +eEAQl5lA2NpBi3EUK0kBJHihEjqMAzeNy8wGxMMM4aHMyvQrooI1BxEV84NEzOqZ +a5xoCdjySFt+NMqCOujiVIasBtuKzQg+2miQpNETuutZ+n+RGOtHspPps5SzQaDO +jLsLzkRKJ/Zcds42kP9adM/klDriD4UtgxfLBcpdC3lCJOA9dxjkB6LLmWcyWXXc +aGcn4I1sfgQz+5aNzpf8jH3fa5788xQ4it2XQYoPx1FBLuH63y+3V9SvYEoA0Tkf +lMa3GkHY1va7COAcrL9AK7hKUaex+FpkGPYxxoH5L7vIpsvOFsU= +=+E8h +-----END PGP SIGNATURE----- diff --git a/AusweisApp-2.0.1.tar.gz.sha256 b/AusweisApp-2.0.1.tar.gz.sha256 new file mode 100644 index 0000000..56734c6 --- /dev/null +++ b/AusweisApp-2.0.1.tar.gz.sha256 @@ -0,0 +1 @@ +cfb23fdb54e02af8a266388d11989d3f1606dfab48dd80a2f78ff58cb34cbb57 AusweisApp-2.0.1.tar.gz diff --git a/AusweisApp2-1.26.7.tar.gz.asc b/AusweisApp2-1.26.7.tar.gz.asc deleted file mode 100644 index aa85480..0000000 --- a/AusweisApp2-1.26.7.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEaZvzBVsKSSJO/efHLXR5pTFFEIgFAmTDxJ8ACgkQLXR5pTFF -EIh9Dw//ZMA+HUaRMp9wUCbPxm9XfT2WmVSAdlQPFUcNlue9LTVRGQKzqm0aYHE1 -qDjBdg2u5icS+pcZiX8zgnSijsxUIOVlqEeOq3Ww+X4P5LGI9HugVYCUIGAKrSEr -vGNSnsGs7v7akKVjZea45G6hdGOSm1UrPMp36rSCXmEMzuhDVCg76Ue0rHy2uN9D -2rud1CuLSDEKQs3MqkU1E5lRVX2uuKPz8xgVZTxYixJGlfCa7lPlO1dhEJzAqEtN -r1CMDinjYzjTu3K9ecj5w0HuB/w6VNtAchZ6nT4oUNDUp4AzWYcJEhVVN9iqVRdF -FGijIvMdoe1Zb15b6/lLdzqU1jazJN24swvRzcLFPFsfV7trrIThzv+Mf+LfKEwb -qGUp6cm27y0KxXCuszRhwkAvBgPsOyPzlvcWMTUgoa5bLzOdCwB60iQ0ADCaz306 -GWLZER98OyLeHLP7E/nSv13GlMckqZkOwcR0Fv6yzY0KIZ86loHMeAbxmIcucnOV -bY8Wffe4wfQQhGY/fsgP5v3swwlv1vBtYfLF4CbcFBiW0WJbD3mkt3hJ24E+nrUl -6vhuoj1RJVkEhhF8gnleSxiH1EfsQcKOWKOO3UDFwUQxwtJJ6f8lQXUP+vB3NP/9 -q24xmU1XW4F+F72o2GD262aJn+HpbgWQzUEbMLQx5eAwrs+Dq08= -=Nkl8 ------END PGP SIGNATURE----- diff --git a/AusweisApp2-1.26.7.tar.gz.sha256 b/AusweisApp2-1.26.7.tar.gz.sha256 deleted file mode 100644 index 56fa5a3..0000000 --- a/AusweisApp2-1.26.7.tar.gz.sha256 +++ /dev/null @@ -1 +0,0 @@ -8062fe04332e9a7bee4c75fe3ef3efda6748c1a19a6fda8770f7914939c7bd28 AusweisApp2-1.26.7.tar.gz diff --git a/AusweisApp2.spec b/AusweisApp2.spec index 134afc2..dd96ea5 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -6,10 +6,10 @@ %{?__debug_package:%{__debug_install_post}} \ %{__arch_install_post} \ %{__os_install_post} \ -fipshmac %{buildroot}%{_bindir}/%{name} \\\ - %{buildroot}%{_libexecdir}/%{name} \\\ - %{buildroot}%{_datadir}/%{name}/openssl.cnf \ -c="%{buildroot}%{_datadir}/%{name}/config.json" \ +fipshmac %{buildroot}%{_bindir}/%{newname} \\\ + %{buildroot}%{_libexecdir}/%{newname} \\\ + %{buildroot}%{_datadir}/%{newname}/openssl.cnf \ +c="%{buildroot}%{_datadir}/%{newname}/config.json" \ if [[ -f ${c} ]]; then \ fipshmac ${c} \ fi \ @@ -37,10 +37,12 @@ fi \ # Package summary. Gets overwritten by subpackages otherwise. %global pkg_sum Online identification with German ID card (Personalausweis) +# Upstream renamed to AusweisApp with 2.0 release +%global newname AusweisApp Name: AusweisApp2 -Version: 1.26.7 -Release: 4%{?dist} +Version: 2.0.1 +Release: 1%{?dist} Summary: %{pkg_sum} License: EUPL 1.2 @@ -53,10 +55,10 @@ URL: https://www.ausweisapp.bund.de/en # gpg2 --keyserver keyserver.ubuntu.com --recv-keys 699BF3055B0A49224EFDE7C72D7479A531451088 # gpg2 --export --export-options export-minimal 699BF3055B0A49224EFDE7C72D7479A531451088 > %%{name}-pubring.gpg -Source0000: %{rel_url}/%{name}-%{version}.tar.gz -Source0001: %{rel_url}/%{name}-%{version}.tar.gz.asc +Source0000: %{rel_url}/%{newname}-%{version}.tar.gz +Source0001: %{rel_url}/%{newname}-%{version}.tar.gz.asc Source0002: %{name}-pubring.gpg -Source0003: %{rel_url}/%{name}-%{version}.tar.gz.sha256 +Source0003: %{rel_url}/%{newname}-%{version}.tar.gz.sha256 Source0004: https://joinup.ec.europa.eu/sites/default/files/custom-page/attachment/2020-03/EUPL-1.2%%20EN.txt#/EUPL-12_EN.txt Source1000: gen_openssl_cnf.py @@ -180,7 +182,7 @@ pushd %{_sourcedir} sha256sum -c %{SOURCE3} popd -%autosetup -p 1 +%autosetup -p 1 -n %{newname}-%{version} install -pm 0644 %{SOURCE4} LICENSE.en.txt # Generate application specific OpenSSL configuration. @@ -192,13 +194,13 @@ install -pm 0644 %{SOURCE4} LICENSE.en.txt cat << EOF > fedora_%{name}_wrapper.sh #!/bin/sh # /usr/bin/fipscheck \\ -# %{_bindir}/%{name} \\ -# %{_libexecdir}/%{name} \\ -# %{_datadir}/%{name}/config.json \\ -# %{_datadir}/%{name}/openssl.cnf \\ +# %{_bindir}/%{newname} \\ +# %{_libexecdir}/%{newname} \\ +# %{_datadir}/%{newname}/config.json \\ +# %{_datadir}/%{newname}/openssl.cnf \\ # || exit \$?; -OPENSSL_CONF=%{_datadir}/%{name}/openssl.cnf \\ -%{_libexecdir}/%{name} "\$@"; +OPENSSL_CONF=%{_datadir}/%{newname}/openssl.cnf \\ +%{_libexecdir}/%{newname} "\$@"; EOF @@ -220,13 +222,13 @@ EOF %if (0%{?fedora} || 0%{?rhel} > 8) # Documentation. -%cmake_build --target inst inte notes sdk +%cmake_build --target installation_integration notes sdk %if %{with doxy} %cmake_build --target doxy %endif %else # Documentation. -%ninja_build -C %{_vpath_builddir} inst inte notes sdk +%ninja_build -C %{_vpath_builddir} installation_integration notes sdk %if %{with doxy} %ninja_build -C %{_vpath_builddir} doxy %endif @@ -239,29 +241,28 @@ EOF # Relocate the application binary so we can call it through # a shell wrapper and move installed files to proper locations. mkdir -p %{buildroot}{%{_libexecdir},%{_qt5_translationdir}} -mv %{buildroot}%{_bindir}/%{name} %{buildroot}%{_libexecdir}/%{name} +mv %{buildroot}%{_bindir}/%{newname} %{buildroot}%{_libexecdir}/%{newname} # Install the shell wrapper and custom OpenSSL configuration. -install -pm 0755 fedora_%{name}_wrapper.sh %{buildroot}%{_bindir}/%{name} +install -pm 0755 fedora_%{name}_wrapper.sh %{buildroot}%{_bindir}/%{newname} install -pm 0644 fedora_%{name}_openssl.cnf \ - %{buildroot}%{_datadir}/%{name}/openssl.cnf + %{buildroot}%{_datadir}/%{newname}/openssl.cnf # Move translation in proper location. %if !(0%{?qt6_build}) -mv %{buildroot}%{_datadir}/%{name}/translations/* \ +mv %{buildroot}%{_datadir}/%{newname}/translations/* \ %{buildroot}%{_qt5_translationdir} -rm -fr %{buildroot}%{_datadir}/%{name}/translations +rm -fr %{buildroot}%{_datadir}/%{newname}/translations %endif # Excessive docs. -mkdir -p %{buildroot}%{_pkgdocdir}/{installation,integration,notes,sdk} +mkdir -p %{buildroot}%{_pkgdocdir}/{installation_integration,notes,sdk} install -pm 0644 README.rst %{buildroot}%{_pkgdocdir} %if %{with doxy} mkdir -p %{buildroot}%{_pkgdocdir}/doxy cp -a %{_vpath_builddir}/doc/html/* %{buildroot}%{_pkgdocdir}/doxy %endif -cp -a %{_vpath_builddir}/docs/inst/html/* %{buildroot}%{_pkgdocdir}/installation -cp -a %{_vpath_builddir}/docs/inte/html/* %{buildroot}%{_pkgdocdir}/integration +cp -a %{_vpath_builddir}/docs/installation_integration/html/* %{buildroot}%{_pkgdocdir}/installation_integration cp -a %{_vpath_builddir}/docs/notes/html/* %{buildroot}%{_pkgdocdir}/notes cp -a %{_vpath_builddir}/docs/sdk/html/* %{buildroot}%{_pkgdocdir}/sdk find %{buildroot}%{_pkgdocdir} -type d -print0 | xargs -0 chmod -c 0755 @@ -291,12 +292,12 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/*.desktop %license AUTHORS %license LICENSE.en.txt %license LICENSE.txt -%{_bindir}/.%{name}.hmac -%{_bindir}/%{name} +%{_bindir}/.%{newname}.hmac +%{_bindir}/%{newname} %{_datadir}/applications/com.governikus.%{lc_name}.desktop -%{_libexecdir}/.%{name}.hmac -%{_libexecdir}/%{name} -%{_mandir}/man1/%{name}.1* +%{_libexecdir}/.%{newname}.hmac +%{_libexecdir}/%{newname} +%{_mandir}/man1/%{newname}.1* %{_metainfodir}/com.governikus.%{lc_name}.metainfo.xml @@ -305,7 +306,7 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/*.desktop %else %files data -f %{lc_name}.icons -f %{lc_name}.lang %endif -%{_datadir}/%{name} +%{_datadir}/%{newname} %files doc @@ -314,6 +315,10 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/*.desktop %changelog +* Thu Dec 28 2023 Julian Sikorski - 2.0.1-1 +- Update to 2.0.1 +- Fix up config.json.in section names + * Wed Nov 29 2023 Jan Grulich - 1.26.7-4 - Rebuild (qt6) diff --git a/gen_openssl_cnf.py b/gen_openssl_cnf.py index 531c0d4..340e8c4 100644 --- a/gen_openssl_cnf.py +++ b/gen_openssl_cnf.py @@ -49,8 +49,9 @@ class _Const(object): return [ 'tlsSettings', 'tlsSettingsPsk', - 'tlsSettingsRemoteReader', - 'tlsSettingsRemoteReaderPairing', + 'tlsSettingsRemoteIfd', + 'tlsSettingsRemoteIfdPairing', + 'tlsSettingsLocalIfd', ] @constant diff --git a/sources b/sources index dbcbd1d..a4d3ba8 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (AusweisApp2-1.26.7.tar.gz) = 4a94042efc5f95e2df6518fcaf863ed6deebb160d35a5cdd7155a3b6aa6128b213408ce42310d942ee4e83e03cb2c3d898738846bb37995aa1ff03f660ac54b0 +SHA512 (AusweisApp-2.0.1.tar.gz) = 8bbbc8af7a167c3e1e5f0d1829eddd143c54995fd3a8d325bcc7ec83d3778ba9b1de7e80e2171d247c8e8726acae8a8c9ddf63440b70aeb68cd01640cbd0d47b SHA512 (AusweisApp2-pubring.gpg) = 3aae27b673f4eb2f7d3bda6c839b3d11829a730bde546e92abb889abb1c2453e786dc906154074485406692f5b9abbb3e1fb293e6b397696b6371016723621cd From 5b8f5b01846627b51ad6c1f08f5ea18b966215e5 Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Thu, 28 Dec 2023 16:15:02 +0100 Subject: [PATCH 03/47] Update to 2.0.1 Fix up config.json.in section names --- .gitignore | 2 + AusweisApp-2.0.1.tar.gz.asc | 16 ++++++++ AusweisApp-2.0.1.tar.gz.sha256 | 1 + AusweisApp2-1.26.7.tar.gz.asc | 16 -------- AusweisApp2-1.26.7.tar.gz.sha256 | 1 - AusweisApp2.spec | 69 +++++++++++++++++--------------- gen_openssl_cnf.py | 5 ++- sources | 2 +- 8 files changed, 60 insertions(+), 52 deletions(-) create mode 100644 AusweisApp-2.0.1.tar.gz.asc create mode 100644 AusweisApp-2.0.1.tar.gz.sha256 delete mode 100644 AusweisApp2-1.26.7.tar.gz.asc delete mode 100644 AusweisApp2-1.26.7.tar.gz.sha256 diff --git a/.gitignore b/.gitignore index b4dc8e7..5ae286d 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,4 @@ /AusweisApp2-*.tar.gz /AusweisApp2-pubring.gpg +/AusweisApp-2.0.1.tar.gz +/AusweisApp-pubring.gpg diff --git a/AusweisApp-2.0.1.tar.gz.asc b/AusweisApp-2.0.1.tar.gz.asc new file mode 100644 index 0000000..14532fc --- /dev/null +++ b/AusweisApp-2.0.1.tar.gz.asc @@ -0,0 +1,16 @@ +-----BEGIN PGP SIGNATURE----- + +iQIzBAABCAAdFiEEaZvzBVsKSSJO/efHLXR5pTFFEIgFAmVLsQYACgkQLXR5pTFF +EIjJCA//feGQo9BK6eT0hDSHd8k5zyRspQdPMPuw2VneeoFcnZyZpJSWdXsNe1DO +vbauUmuPRRt0e4vs1k5aB+DJ7J7JZ8XNmpLvaph9y7CQ/BQqM+SKVg3Qv/0dIyVv +iG/BpBtZ6tkdFafOvlAO2ed6NIU8sKnicGxeHTeIJg6+xr+KICwEI+scodftcqbl +QvDnoZT/EsCiiiz2+HwIGcrraJfBJ7DyLYW2Sdo0xlBnMSqXHManx84rw89i7Tvb +MZUaP1PROMbxF9RDHKvb/ZnMGgecB+wnAR6V2gWxQfPyg27lrXrxDEcm65zppOky +RIr5s+egnv+txHPdkdL/mwhKpAr5q8Hgc5tq1Bn2rC9/+ESi4HF/2TkRGlkEIez7 +eEAQl5lA2NpBi3EUK0kBJHihEjqMAzeNy8wGxMMM4aHMyvQrooI1BxEV84NEzOqZ +a5xoCdjySFt+NMqCOujiVIasBtuKzQg+2miQpNETuutZ+n+RGOtHspPps5SzQaDO +jLsLzkRKJ/Zcds42kP9adM/klDriD4UtgxfLBcpdC3lCJOA9dxjkB6LLmWcyWXXc +aGcn4I1sfgQz+5aNzpf8jH3fa5788xQ4it2XQYoPx1FBLuH63y+3V9SvYEoA0Tkf +lMa3GkHY1va7COAcrL9AK7hKUaex+FpkGPYxxoH5L7vIpsvOFsU= +=+E8h +-----END PGP SIGNATURE----- diff --git a/AusweisApp-2.0.1.tar.gz.sha256 b/AusweisApp-2.0.1.tar.gz.sha256 new file mode 100644 index 0000000..56734c6 --- /dev/null +++ b/AusweisApp-2.0.1.tar.gz.sha256 @@ -0,0 +1 @@ +cfb23fdb54e02af8a266388d11989d3f1606dfab48dd80a2f78ff58cb34cbb57 AusweisApp-2.0.1.tar.gz diff --git a/AusweisApp2-1.26.7.tar.gz.asc b/AusweisApp2-1.26.7.tar.gz.asc deleted file mode 100644 index aa85480..0000000 --- a/AusweisApp2-1.26.7.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEaZvzBVsKSSJO/efHLXR5pTFFEIgFAmTDxJ8ACgkQLXR5pTFF -EIh9Dw//ZMA+HUaRMp9wUCbPxm9XfT2WmVSAdlQPFUcNlue9LTVRGQKzqm0aYHE1 -qDjBdg2u5icS+pcZiX8zgnSijsxUIOVlqEeOq3Ww+X4P5LGI9HugVYCUIGAKrSEr -vGNSnsGs7v7akKVjZea45G6hdGOSm1UrPMp36rSCXmEMzuhDVCg76Ue0rHy2uN9D -2rud1CuLSDEKQs3MqkU1E5lRVX2uuKPz8xgVZTxYixJGlfCa7lPlO1dhEJzAqEtN -r1CMDinjYzjTu3K9ecj5w0HuB/w6VNtAchZ6nT4oUNDUp4AzWYcJEhVVN9iqVRdF -FGijIvMdoe1Zb15b6/lLdzqU1jazJN24swvRzcLFPFsfV7trrIThzv+Mf+LfKEwb -qGUp6cm27y0KxXCuszRhwkAvBgPsOyPzlvcWMTUgoa5bLzOdCwB60iQ0ADCaz306 -GWLZER98OyLeHLP7E/nSv13GlMckqZkOwcR0Fv6yzY0KIZ86loHMeAbxmIcucnOV -bY8Wffe4wfQQhGY/fsgP5v3swwlv1vBtYfLF4CbcFBiW0WJbD3mkt3hJ24E+nrUl -6vhuoj1RJVkEhhF8gnleSxiH1EfsQcKOWKOO3UDFwUQxwtJJ6f8lQXUP+vB3NP/9 -q24xmU1XW4F+F72o2GD262aJn+HpbgWQzUEbMLQx5eAwrs+Dq08= -=Nkl8 ------END PGP SIGNATURE----- diff --git a/AusweisApp2-1.26.7.tar.gz.sha256 b/AusweisApp2-1.26.7.tar.gz.sha256 deleted file mode 100644 index 56fa5a3..0000000 --- a/AusweisApp2-1.26.7.tar.gz.sha256 +++ /dev/null @@ -1 +0,0 @@ -8062fe04332e9a7bee4c75fe3ef3efda6748c1a19a6fda8770f7914939c7bd28 AusweisApp2-1.26.7.tar.gz diff --git a/AusweisApp2.spec b/AusweisApp2.spec index 601ae1b..2927192 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -6,10 +6,10 @@ %{?__debug_package:%{__debug_install_post}} \ %{__arch_install_post} \ %{__os_install_post} \ -fipshmac %{buildroot}%{_bindir}/%{name} \\\ - %{buildroot}%{_libexecdir}/%{name} \\\ - %{buildroot}%{_datadir}/%{name}/openssl.cnf \ -c="%{buildroot}%{_datadir}/%{name}/config.json" \ +fipshmac %{buildroot}%{_bindir}/%{newname} \\\ + %{buildroot}%{_libexecdir}/%{newname} \\\ + %{buildroot}%{_datadir}/%{newname}/openssl.cnf \ +c="%{buildroot}%{_datadir}/%{newname}/config.json" \ if [[ -f ${c} ]]; then \ fipshmac ${c} \ fi \ @@ -37,10 +37,12 @@ fi \ # Package summary. Gets overwritten by subpackages otherwise. %global pkg_sum Online identification with German ID card (Personalausweis) +# Upstream renamed to AusweisApp with 2.0 release +%global newname AusweisApp Name: AusweisApp2 -Version: 1.26.7 -Release: 3%{?dist} +Version: 2.0.1 +Release: 1%{?dist} Summary: %{pkg_sum} License: EUPL 1.2 @@ -53,10 +55,10 @@ URL: https://www.ausweisapp.bund.de/en # gpg2 --keyserver keyserver.ubuntu.com --recv-keys 699BF3055B0A49224EFDE7C72D7479A531451088 # gpg2 --export --export-options export-minimal 699BF3055B0A49224EFDE7C72D7479A531451088 > %%{name}-pubring.gpg -Source0000: %{rel_url}/%{name}-%{version}.tar.gz -Source0001: %{rel_url}/%{name}-%{version}.tar.gz.asc +Source0000: %{rel_url}/%{newname}-%{version}.tar.gz +Source0001: %{rel_url}/%{newname}-%{version}.tar.gz.asc Source0002: %{name}-pubring.gpg -Source0003: %{rel_url}/%{name}-%{version}.tar.gz.sha256 +Source0003: %{rel_url}/%{newname}-%{version}.tar.gz.sha256 Source0004: https://joinup.ec.europa.eu/sites/default/files/custom-page/attachment/2020-03/EUPL-1.2%%20EN.txt#/EUPL-12_EN.txt Source1000: gen_openssl_cnf.py @@ -180,7 +182,7 @@ pushd %{_sourcedir} sha256sum -c %{SOURCE3} popd -%autosetup -p 1 +%autosetup -p 1 -n %{newname}-%{version} install -pm 0644 %{SOURCE4} LICENSE.en.txt # Generate application specific OpenSSL configuration. @@ -192,13 +194,13 @@ install -pm 0644 %{SOURCE4} LICENSE.en.txt cat << EOF > fedora_%{name}_wrapper.sh #!/bin/sh # /usr/bin/fipscheck \\ -# %{_bindir}/%{name} \\ -# %{_libexecdir}/%{name} \\ -# %{_datadir}/%{name}/config.json \\ -# %{_datadir}/%{name}/openssl.cnf \\ +# %{_bindir}/%{newname} \\ +# %{_libexecdir}/%{newname} \\ +# %{_datadir}/%{newname}/config.json \\ +# %{_datadir}/%{newname}/openssl.cnf \\ # || exit \$?; -OPENSSL_CONF=%{_datadir}/%{name}/openssl.cnf \\ -%{_libexecdir}/%{name} "\$@"; +OPENSSL_CONF=%{_datadir}/%{newname}/openssl.cnf \\ +%{_libexecdir}/%{newname} "\$@"; EOF @@ -220,13 +222,13 @@ EOF %if (0%{?fedora} || 0%{?rhel} > 8) # Documentation. -%cmake_build --target inst inte notes sdk +%cmake_build --target installation_integration notes sdk %if %{with doxy} %cmake_build --target doxy %endif %else # Documentation. -%ninja_build -C %{_vpath_builddir} inst inte notes sdk +%ninja_build -C %{_vpath_builddir} installation_integration notes sdk %if %{with doxy} %ninja_build -C %{_vpath_builddir} doxy %endif @@ -239,29 +241,28 @@ EOF # Relocate the application binary so we can call it through # a shell wrapper and move installed files to proper locations. mkdir -p %{buildroot}{%{_libexecdir},%{_qt5_translationdir}} -mv %{buildroot}%{_bindir}/%{name} %{buildroot}%{_libexecdir}/%{name} +mv %{buildroot}%{_bindir}/%{newname} %{buildroot}%{_libexecdir}/%{newname} # Install the shell wrapper and custom OpenSSL configuration. -install -pm 0755 fedora_%{name}_wrapper.sh %{buildroot}%{_bindir}/%{name} +install -pm 0755 fedora_%{name}_wrapper.sh %{buildroot}%{_bindir}/%{newname} install -pm 0644 fedora_%{name}_openssl.cnf \ - %{buildroot}%{_datadir}/%{name}/openssl.cnf + %{buildroot}%{_datadir}/%{newname}/openssl.cnf # Move translation in proper location. %if !(0%{?qt6_build}) -mv %{buildroot}%{_datadir}/%{name}/translations/* \ +mv %{buildroot}%{_datadir}/%{newname}/translations/* \ %{buildroot}%{_qt5_translationdir} -rm -fr %{buildroot}%{_datadir}/%{name}/translations +rm -fr %{buildroot}%{_datadir}/%{newname}/translations %endif # Excessive docs. -mkdir -p %{buildroot}%{_pkgdocdir}/{installation,integration,notes,sdk} +mkdir -p %{buildroot}%{_pkgdocdir}/{installation_integration,notes,sdk} install -pm 0644 README.rst %{buildroot}%{_pkgdocdir} %if %{with doxy} mkdir -p %{buildroot}%{_pkgdocdir}/doxy cp -a %{_vpath_builddir}/doc/html/* %{buildroot}%{_pkgdocdir}/doxy %endif -cp -a %{_vpath_builddir}/docs/inst/html/* %{buildroot}%{_pkgdocdir}/installation -cp -a %{_vpath_builddir}/docs/inte/html/* %{buildroot}%{_pkgdocdir}/integration +cp -a %{_vpath_builddir}/docs/installation_integration/html/* %{buildroot}%{_pkgdocdir}/installation_integration cp -a %{_vpath_builddir}/docs/notes/html/* %{buildroot}%{_pkgdocdir}/notes cp -a %{_vpath_builddir}/docs/sdk/html/* %{buildroot}%{_pkgdocdir}/sdk find %{buildroot}%{_pkgdocdir} -type d -print0 | xargs -0 chmod -c 0755 @@ -291,12 +292,12 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/*.desktop %license AUTHORS %license LICENSE.en.txt %license LICENSE.txt -%{_bindir}/.%{name}.hmac -%{_bindir}/%{name} +%{_bindir}/.%{newname}.hmac +%{_bindir}/%{newname} %{_datadir}/applications/com.governikus.%{lc_name}.desktop -%{_libexecdir}/.%{name}.hmac -%{_libexecdir}/%{name} -%{_mandir}/man1/%{name}.1* +%{_libexecdir}/.%{newname}.hmac +%{_libexecdir}/%{newname} +%{_mandir}/man1/%{newname}.1* %{_metainfodir}/com.governikus.%{lc_name}.metainfo.xml @@ -305,7 +306,7 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/*.desktop %else %files data -f %{lc_name}.icons -f %{lc_name}.lang %endif -%{_datadir}/%{name} +%{_datadir}/%{newname} %files doc @@ -314,6 +315,10 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/*.desktop %changelog +* Thu Dec 28 2023 Julian Sikorski - 2.0.1-1 +- Update to 2.0.1 +- Fix up config.json.in section names + * Fri Oct 13 2023 Jan Grulich - 1.26.7-3 - Rebuild (qt6) diff --git a/gen_openssl_cnf.py b/gen_openssl_cnf.py index 531c0d4..340e8c4 100644 --- a/gen_openssl_cnf.py +++ b/gen_openssl_cnf.py @@ -49,8 +49,9 @@ class _Const(object): return [ 'tlsSettings', 'tlsSettingsPsk', - 'tlsSettingsRemoteReader', - 'tlsSettingsRemoteReaderPairing', + 'tlsSettingsRemoteIfd', + 'tlsSettingsRemoteIfdPairing', + 'tlsSettingsLocalIfd', ] @constant diff --git a/sources b/sources index dbcbd1d..a4d3ba8 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (AusweisApp2-1.26.7.tar.gz) = 4a94042efc5f95e2df6518fcaf863ed6deebb160d35a5cdd7155a3b6aa6128b213408ce42310d942ee4e83e03cb2c3d898738846bb37995aa1ff03f660ac54b0 +SHA512 (AusweisApp-2.0.1.tar.gz) = 8bbbc8af7a167c3e1e5f0d1829eddd143c54995fd3a8d325bcc7ec83d3778ba9b1de7e80e2171d247c8e8726acae8a8c9ddf63440b70aeb68cd01640cbd0d47b SHA512 (AusweisApp2-pubring.gpg) = 3aae27b673f4eb2f7d3bda6c839b3d11829a730bde546e92abb889abb1c2453e786dc906154074485406692f5b9abbb3e1fb293e6b397696b6371016723621cd From 2f1387d085eab1940fa38edf13c3b1c4a3ce4ced Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Tue, 2 Jan 2024 13:17:40 +0100 Subject: [PATCH 04/47] Convert to %autorelease and %autochangelog [skip changelog] --- AusweisApp2.spec | 178 +---------------------------------------------- changelog | 175 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 177 insertions(+), 176 deletions(-) create mode 100644 changelog diff --git a/AusweisApp2.spec b/AusweisApp2.spec index dd96ea5..4adde17 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -42,7 +42,7 @@ fi \ Name: AusweisApp2 Version: 2.0.1 -Release: 1%{?dist} +Release: %autorelease Summary: %{pkg_sum} License: EUPL 1.2 @@ -315,178 +315,4 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/*.desktop %changelog -* Thu Dec 28 2023 Julian Sikorski - 2.0.1-1 -- Update to 2.0.1 -- Fix up config.json.in section names - -* Wed Nov 29 2023 Jan Grulich - 1.26.7-4 -- Rebuild (qt6) - -* Fri Oct 13 2023 Jan Grulich - 1.26.7-3 -- Rebuild (qt6) - -* Thu Oct 05 2023 Jan Grulich - 1.26.7-2 -- Rebuild (qt6) - -* Fri Jul 28 2023 Björn Esser - 1.26.7-1 -- New upstream release - Fixes rhbz#2227358 - -* Fri Jul 28 2023 Björn Esser - 1.26.6-1 -- New upstream release - Fixes rhbz#2227095 - -* Wed Jul 26 2023 Björn Esser - 1.26.5-1 -- New upstream release - Fixes rhbz#2226708 - -* Wed Jul 19 2023 Fedora Release Engineering - 1.26.4-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild - -* Fri Jul 14 2023 Björn Esser - 1.26.4-4 -- Rebuild(Qt_6.5) - Fixes rhbz#2222625 - -* Sun Jun 04 2023 Björn Esser - 1.26.4-3 -- Rebuild(Qt_6.5) - -* Sun May 07 2023 Björn Esser - 1.26.4-2 -- Rebuild(Qt_6.5) - -* Mon May 01 2023 Björn Esser - 1.26.4-1 -- New upstream release - -* Thu Mar 23 2023 Björn Esser - 1.26.3-1 -- New upstream release -- Enable use of Brainpool ECC - -* Sat Jan 28 2023 Björn Esser - 1.26.2-2 -- Drop Qt6 version lock, as this is already ensured by symbol versioning - -* Sun Jan 22 2023 Björn Esser - 1.26.2-1 -- New upstream release - -* Wed Jan 18 2023 Fedora Release Engineering - 1.24.4-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild - -* Sun Nov 27 2022 Björn Esser - 1.24.4-2 -- Rebuild(qt6) - -* Sun Nov 06 2022 Björn Esser - 1.24.4-1 -- New upstream release - -* Fri Sep 02 2022 Björn Esser - 1.24.1-1 -- New upstream release - -* Wed Jul 20 2022 Fedora Release Engineering - 1.22.3-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild - -* Wed Jan 26 2022 Björn Esser - 1.22.3-1 -- New upstream release -- Explicitly BR '/usr/bin/fipshmac' instead of fipscheck package - -* Wed Jan 19 2022 Fedora Release Engineering - 1.22.2-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild - -* Tue Sep 14 2021 Sahana Prasad - 1.22.2-4 -- Rebuilt with OpenSSL 3.0.0 - -* Tue Aug 31 2021 Björn Esser - 1.22.2-3 -- Drop forge-macros and perform tarbal verification during %%prep - -* Tue Aug 31 2021 Björn Esser - 1.22.2-2 -- Add a patch to disable use of Brainpool Elliptic Curves - -* Sun Aug 22 2021 Björn Esser - 1.22.2-1 -- New upstream release -- Disable enforcing of FIPS mode for OpenSSL - -* Wed Jul 21 2021 Fedora Release Engineering - 1.20.2-12 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - -* Mon Jan 25 2021 Fedora Release Engineering - 1.20.2-11 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - -* Sun Nov 15 08:50:35 CET 2020 Björn Esser - 1.20.2-10 -- Add runtime dependency on qt5-qtquickcontrols2 - -* Sat Oct 3 12:51:03 CEST 2020 Björn Esser - 1.20.2-9 -- Disable fipscheck in shell wrapper as it does not work in Fedora 33+ - -* Sat Sep 26 2020 Björn Esser - 1.20.2-8 -- Make shell wrapper exit with the exit code of fipscheck on failure - -* Sat Sep 26 2020 Björn Esser - 1.20.2-7 -- Calculate fipshmac for config files and shell wrapper -- Run fipscheck in shell wrapper before application starts - -* Fri Sep 25 2020 Björn Esser - 1.20.2-6 -- Use a python script to generate a tailored OpenSSL configuration - -* Thu Sep 24 2020 Björn Esser - 1.20.2-5 -- Some small spec file optimizations - -* Thu Sep 24 2020 Björn Esser - 1.20.2-4 -- Use a more elaborate application specific OpenSSL configuration - This also re-enables SHA384 hashes in ciphers - -* Wed Sep 23 2020 Björn Esser - 1.20.2-3 -- Do not enable SHA384 ciphers in custom OpenSSL configuration - -* Wed Sep 23 2020 Björn Esser - 1.20.2-2 -- Use application specific OpenSSL config through a shell wrapper - -* Mon Sep 07 2020 Björn Esser - 1.20.2-1 -- New upstream release - -* Mon Aug 24 2020 Björn Esser - 1.20.1-3 -- Add a patch to load translations from Qt5 TranslationsPath -- Move translation files to proper location -- Drop invokation of ctest, as we cannot run the testsuite - from a release build -- Replace patch adding English license with the actual license file - -* Fri Aug 21 2020 Björn Esser - 1.20.1-2 -- Add a patch to exclude the build directory in the Doxyfile -- Merge doc-api package with the doc package, since the Doxygen - API documentation can be shipped noarch'ed as well now - -* Wed Aug 19 2020 Björn Esser - 1.20.1-1 -- Initial import (#1851205) - -* Fri Jul 17 2020 Björn Esser - 1.20.1-0.11 -- Use %%cmake_{build,install} macros on newer distributions - -* Sat Jul 04 2020 Björn Esser - 1.20.1-0.10 -- Add license text in English language - -* Fri Jun 26 2020 Björn Esser - 1.20.1-0.9 -- Also obsolete package with %%{name} previous to this package version - -* Fri Jun 26 2020 Björn Esser - 1.20.1-0.8 -- Ensure archful packages always require equal architecture - -* Fri Jun 26 2020 Björn Esser - 1.20.1-0.7 -- Make sure permissions of the documentation files are correct -- Remove hidden files in documentation -- Drop 'LICENSE.officially.txt', as it only applies to binary copies, - which are distributed on behalf of the federal government of Germany - -* Thu Jun 25 2020 Björn Esser - 1.20.1-0.6 -- Use '--help-all' option when generating man-page -- Split build of Doxygen API docs from building user docs - -* Thu Jun 25 2020 Björn Esser - 1.20.1-0.5 -- Add generated man-page - -* Thu Jun 25 2020 Björn Esser - 1.20.1-0.4 -- Use a macro for lowercase package name - -* Thu Jun 25 2020 Björn Esser - 1.20.1-0.3 -- Use ninja-build instead of GNU Make to speed up the build a bit - -* Thu Jun 25 2020 Björn Esser - 1.20.1-0.2 -- Adaptions for building on EPEL - -* Wed Jun 24 2020 Björn Esser - 1.20.1-0.1 -- Initial spec file for review +%autochangelog diff --git a/changelog b/changelog new file mode 100644 index 0000000..5347e01 --- /dev/null +++ b/changelog @@ -0,0 +1,175 @@ +* Thu Dec 28 2023 Julian Sikorski - 2.0.1-1 +- Update to 2.0.1 +- Fix up config.json.in section names + +* Wed Nov 29 2023 Jan Grulich - 1.26.7-4 +- Rebuild (qt6) + +* Fri Oct 13 2023 Jan Grulich - 1.26.7-3 +- Rebuild (qt6) + +* Thu Oct 05 2023 Jan Grulich - 1.26.7-2 +- Rebuild (qt6) + +* Fri Jul 28 2023 Björn Esser - 1.26.7-1 +- New upstream release + Fixes rhbz#2227358 + +* Fri Jul 28 2023 Björn Esser - 1.26.6-1 +- New upstream release + Fixes rhbz#2227095 + +* Wed Jul 26 2023 Björn Esser - 1.26.5-1 +- New upstream release + Fixes rhbz#2226708 + +* Wed Jul 19 2023 Fedora Release Engineering - 1.26.4-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Fri Jul 14 2023 Björn Esser - 1.26.4-4 +- Rebuild(Qt_6.5) + Fixes rhbz#2222625 + +* Sun Jun 04 2023 Björn Esser - 1.26.4-3 +- Rebuild(Qt_6.5) + +* Sun May 07 2023 Björn Esser - 1.26.4-2 +- Rebuild(Qt_6.5) + +* Mon May 01 2023 Björn Esser - 1.26.4-1 +- New upstream release + +* Thu Mar 23 2023 Björn Esser - 1.26.3-1 +- New upstream release +- Enable use of Brainpool ECC + +* Sat Jan 28 2023 Björn Esser - 1.26.2-2 +- Drop Qt6 version lock, as this is already ensured by symbol versioning + +* Sun Jan 22 2023 Björn Esser - 1.26.2-1 +- New upstream release + +* Wed Jan 18 2023 Fedora Release Engineering - 1.24.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Sun Nov 27 2022 Björn Esser - 1.24.4-2 +- Rebuild(qt6) + +* Sun Nov 06 2022 Björn Esser - 1.24.4-1 +- New upstream release + +* Fri Sep 02 2022 Björn Esser - 1.24.1-1 +- New upstream release + +* Wed Jul 20 2022 Fedora Release Engineering - 1.22.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Wed Jan 26 2022 Björn Esser - 1.22.3-1 +- New upstream release +- Explicitly BR '/usr/bin/fipshmac' instead of fipscheck package + +* Wed Jan 19 2022 Fedora Release Engineering - 1.22.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Tue Sep 14 2021 Sahana Prasad - 1.22.2-4 +- Rebuilt with OpenSSL 3.0.0 + +* Tue Aug 31 2021 Björn Esser - 1.22.2-3 +- Drop forge-macros and perform tarbal verification during %%prep + +* Tue Aug 31 2021 Björn Esser - 1.22.2-2 +- Add a patch to disable use of Brainpool Elliptic Curves + +* Sun Aug 22 2021 Björn Esser - 1.22.2-1 +- New upstream release +- Disable enforcing of FIPS mode for OpenSSL + +* Wed Jul 21 2021 Fedora Release Engineering - 1.20.2-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Mon Jan 25 2021 Fedora Release Engineering - 1.20.2-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Sun Nov 15 08:50:35 CET 2020 Björn Esser - 1.20.2-10 +- Add runtime dependency on qt5-qtquickcontrols2 + +* Sat Oct 3 12:51:03 CEST 2020 Björn Esser - 1.20.2-9 +- Disable fipscheck in shell wrapper as it does not work in Fedora 33+ + +* Sat Sep 26 2020 Björn Esser - 1.20.2-8 +- Make shell wrapper exit with the exit code of fipscheck on failure + +* Sat Sep 26 2020 Björn Esser - 1.20.2-7 +- Calculate fipshmac for config files and shell wrapper +- Run fipscheck in shell wrapper before application starts + +* Fri Sep 25 2020 Björn Esser - 1.20.2-6 +- Use a python script to generate a tailored OpenSSL configuration + +* Thu Sep 24 2020 Björn Esser - 1.20.2-5 +- Some small spec file optimizations + +* Thu Sep 24 2020 Björn Esser - 1.20.2-4 +- Use a more elaborate application specific OpenSSL configuration + This also re-enables SHA384 hashes in ciphers + +* Wed Sep 23 2020 Björn Esser - 1.20.2-3 +- Do not enable SHA384 ciphers in custom OpenSSL configuration + +* Wed Sep 23 2020 Björn Esser - 1.20.2-2 +- Use application specific OpenSSL config through a shell wrapper + +* Mon Sep 07 2020 Björn Esser - 1.20.2-1 +- New upstream release + +* Mon Aug 24 2020 Björn Esser - 1.20.1-3 +- Add a patch to load translations from Qt5 TranslationsPath +- Move translation files to proper location +- Drop invokation of ctest, as we cannot run the testsuite + from a release build +- Replace patch adding English license with the actual license file + +* Fri Aug 21 2020 Björn Esser - 1.20.1-2 +- Add a patch to exclude the build directory in the Doxyfile +- Merge doc-api package with the doc package, since the Doxygen + API documentation can be shipped noarch'ed as well now + +* Wed Aug 19 2020 Björn Esser - 1.20.1-1 +- Initial import (#1851205) + +* Fri Jul 17 2020 Björn Esser - 1.20.1-0.11 +- Use %%cmake_{build,install} macros on newer distributions + +* Sat Jul 04 2020 Björn Esser - 1.20.1-0.10 +- Add license text in English language + +* Fri Jun 26 2020 Björn Esser - 1.20.1-0.9 +- Also obsolete package with %%{name} previous to this package version + +* Fri Jun 26 2020 Björn Esser - 1.20.1-0.8 +- Ensure archful packages always require equal architecture + +* Fri Jun 26 2020 Björn Esser - 1.20.1-0.7 +- Make sure permissions of the documentation files are correct +- Remove hidden files in documentation +- Drop 'LICENSE.officially.txt', as it only applies to binary copies, + which are distributed on behalf of the federal government of Germany + +* Thu Jun 25 2020 Björn Esser - 1.20.1-0.6 +- Use '--help-all' option when generating man-page +- Split build of Doxygen API docs from building user docs + +* Thu Jun 25 2020 Björn Esser - 1.20.1-0.5 +- Add generated man-page + +* Thu Jun 25 2020 Björn Esser - 1.20.1-0.4 +- Use a macro for lowercase package name + +* Thu Jun 25 2020 Björn Esser - 1.20.1-0.3 +- Use ninja-build instead of GNU Make to speed up the build a bit + +* Thu Jun 25 2020 Björn Esser - 1.20.1-0.2 +- Adaptions for building on EPEL + +* Wed Jun 24 2020 Björn Esser - 1.20.1-0.1 +- Initial spec file for review From 527054463ea20fbb13b370d7bc48ee38e0147d10 Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Tue, 2 Jan 2024 13:31:51 +0100 Subject: [PATCH 05/47] Add dependencies needed to render the GUI properly --- AusweisApp2.spec | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/AusweisApp2.spec b/AusweisApp2.spec index 4adde17..21ed0b7 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -126,6 +126,12 @@ Requires: openssl-libs%{?_isa} >= 3.0.8-2 # Needed for running fipscheck on application startup. # Requires: fipscheck +%if 0%{?qt6_build} +# Needed for GUI elements to be rendered +Requires: qt6-qtimageformats%{?_isa} +Requires: qt6-qtsvg%{?_isa} +%endif + %description The AusweisApp2 is a software to identify yourself online with your ID card (Personalausweis) or your electronic From daa75e1321003d612160d1d19d248fe81cfb4bf2 Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Tue, 2 Jan 2024 13:33:24 +0100 Subject: [PATCH 06/47] Convert to %autorelease and %autochangelog [skip changelog] --- AusweisApp2.spec | 175 +---------------------------------------------- changelog | 172 ++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 174 insertions(+), 173 deletions(-) create mode 100644 changelog diff --git a/AusweisApp2.spec b/AusweisApp2.spec index 2927192..4adde17 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -42,7 +42,7 @@ fi \ Name: AusweisApp2 Version: 2.0.1 -Release: 1%{?dist} +Release: %autorelease Summary: %{pkg_sum} License: EUPL 1.2 @@ -315,175 +315,4 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/*.desktop %changelog -* Thu Dec 28 2023 Julian Sikorski - 2.0.1-1 -- Update to 2.0.1 -- Fix up config.json.in section names - -* Fri Oct 13 2023 Jan Grulich - 1.26.7-3 -- Rebuild (qt6) - -* Thu Oct 05 2023 Jan Grulich - 1.26.7-2 -- Rebuild (qt6) - -* Fri Jul 28 2023 Björn Esser - 1.26.7-1 -- New upstream release - Fixes rhbz#2227358 - -* Fri Jul 28 2023 Björn Esser - 1.26.6-1 -- New upstream release - Fixes rhbz#2227095 - -* Wed Jul 26 2023 Björn Esser - 1.26.5-1 -- New upstream release - Fixes rhbz#2226708 - -* Wed Jul 19 2023 Fedora Release Engineering - 1.26.4-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild - -* Fri Jul 14 2023 Björn Esser - 1.26.4-4 -- Rebuild(Qt_6.5) - Fixes rhbz#2222625 - -* Sun Jun 04 2023 Björn Esser - 1.26.4-3 -- Rebuild(Qt_6.5) - -* Sun May 07 2023 Björn Esser - 1.26.4-2 -- Rebuild(Qt_6.5) - -* Mon May 01 2023 Björn Esser - 1.26.4-1 -- New upstream release - -* Thu Mar 23 2023 Björn Esser - 1.26.3-1 -- New upstream release -- Enable use of Brainpool ECC - -* Sat Jan 28 2023 Björn Esser - 1.26.2-2 -- Drop Qt6 version lock, as this is already ensured by symbol versioning - -* Sun Jan 22 2023 Björn Esser - 1.26.2-1 -- New upstream release - -* Wed Jan 18 2023 Fedora Release Engineering - 1.24.4-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild - -* Sun Nov 27 2022 Björn Esser - 1.24.4-2 -- Rebuild(qt6) - -* Sun Nov 06 2022 Björn Esser - 1.24.4-1 -- New upstream release - -* Fri Sep 02 2022 Björn Esser - 1.24.1-1 -- New upstream release - -* Wed Jul 20 2022 Fedora Release Engineering - 1.22.3-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild - -* Wed Jan 26 2022 Björn Esser - 1.22.3-1 -- New upstream release -- Explicitly BR '/usr/bin/fipshmac' instead of fipscheck package - -* Wed Jan 19 2022 Fedora Release Engineering - 1.22.2-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild - -* Tue Sep 14 2021 Sahana Prasad - 1.22.2-4 -- Rebuilt with OpenSSL 3.0.0 - -* Tue Aug 31 2021 Björn Esser - 1.22.2-3 -- Drop forge-macros and perform tarbal verification during %%prep - -* Tue Aug 31 2021 Björn Esser - 1.22.2-2 -- Add a patch to disable use of Brainpool Elliptic Curves - -* Sun Aug 22 2021 Björn Esser - 1.22.2-1 -- New upstream release -- Disable enforcing of FIPS mode for OpenSSL - -* Wed Jul 21 2021 Fedora Release Engineering - 1.20.2-12 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - -* Mon Jan 25 2021 Fedora Release Engineering - 1.20.2-11 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - -* Sun Nov 15 08:50:35 CET 2020 Björn Esser - 1.20.2-10 -- Add runtime dependency on qt5-qtquickcontrols2 - -* Sat Oct 3 12:51:03 CEST 2020 Björn Esser - 1.20.2-9 -- Disable fipscheck in shell wrapper as it does not work in Fedora 33+ - -* Sat Sep 26 2020 Björn Esser - 1.20.2-8 -- Make shell wrapper exit with the exit code of fipscheck on failure - -* Sat Sep 26 2020 Björn Esser - 1.20.2-7 -- Calculate fipshmac for config files and shell wrapper -- Run fipscheck in shell wrapper before application starts - -* Fri Sep 25 2020 Björn Esser - 1.20.2-6 -- Use a python script to generate a tailored OpenSSL configuration - -* Thu Sep 24 2020 Björn Esser - 1.20.2-5 -- Some small spec file optimizations - -* Thu Sep 24 2020 Björn Esser - 1.20.2-4 -- Use a more elaborate application specific OpenSSL configuration - This also re-enables SHA384 hashes in ciphers - -* Wed Sep 23 2020 Björn Esser - 1.20.2-3 -- Do not enable SHA384 ciphers in custom OpenSSL configuration - -* Wed Sep 23 2020 Björn Esser - 1.20.2-2 -- Use application specific OpenSSL config through a shell wrapper - -* Mon Sep 07 2020 Björn Esser - 1.20.2-1 -- New upstream release - -* Mon Aug 24 2020 Björn Esser - 1.20.1-3 -- Add a patch to load translations from Qt5 TranslationsPath -- Move translation files to proper location -- Drop invokation of ctest, as we cannot run the testsuite - from a release build -- Replace patch adding English license with the actual license file - -* Fri Aug 21 2020 Björn Esser - 1.20.1-2 -- Add a patch to exclude the build directory in the Doxyfile -- Merge doc-api package with the doc package, since the Doxygen - API documentation can be shipped noarch'ed as well now - -* Wed Aug 19 2020 Björn Esser - 1.20.1-1 -- Initial import (#1851205) - -* Fri Jul 17 2020 Björn Esser - 1.20.1-0.11 -- Use %%cmake_{build,install} macros on newer distributions - -* Sat Jul 04 2020 Björn Esser - 1.20.1-0.10 -- Add license text in English language - -* Fri Jun 26 2020 Björn Esser - 1.20.1-0.9 -- Also obsolete package with %%{name} previous to this package version - -* Fri Jun 26 2020 Björn Esser - 1.20.1-0.8 -- Ensure archful packages always require equal architecture - -* Fri Jun 26 2020 Björn Esser - 1.20.1-0.7 -- Make sure permissions of the documentation files are correct -- Remove hidden files in documentation -- Drop 'LICENSE.officially.txt', as it only applies to binary copies, - which are distributed on behalf of the federal government of Germany - -* Thu Jun 25 2020 Björn Esser - 1.20.1-0.6 -- Use '--help-all' option when generating man-page -- Split build of Doxygen API docs from building user docs - -* Thu Jun 25 2020 Björn Esser - 1.20.1-0.5 -- Add generated man-page - -* Thu Jun 25 2020 Björn Esser - 1.20.1-0.4 -- Use a macro for lowercase package name - -* Thu Jun 25 2020 Björn Esser - 1.20.1-0.3 -- Use ninja-build instead of GNU Make to speed up the build a bit - -* Thu Jun 25 2020 Björn Esser - 1.20.1-0.2 -- Adaptions for building on EPEL - -* Wed Jun 24 2020 Björn Esser - 1.20.1-0.1 -- Initial spec file for review +%autochangelog diff --git a/changelog b/changelog new file mode 100644 index 0000000..630945e --- /dev/null +++ b/changelog @@ -0,0 +1,172 @@ +* Thu Dec 28 2023 Julian Sikorski - 2.0.1-1 +- Update to 2.0.1 +- Fix up config.json.in section names + +* Fri Oct 13 2023 Jan Grulich - 1.26.7-3 +- Rebuild (qt6) + +* Thu Oct 05 2023 Jan Grulich - 1.26.7-2 +- Rebuild (qt6) + +* Fri Jul 28 2023 Björn Esser - 1.26.7-1 +- New upstream release + Fixes rhbz#2227358 + +* Fri Jul 28 2023 Björn Esser - 1.26.6-1 +- New upstream release + Fixes rhbz#2227095 + +* Wed Jul 26 2023 Björn Esser - 1.26.5-1 +- New upstream release + Fixes rhbz#2226708 + +* Wed Jul 19 2023 Fedora Release Engineering - 1.26.4-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Fri Jul 14 2023 Björn Esser - 1.26.4-4 +- Rebuild(Qt_6.5) + Fixes rhbz#2222625 + +* Sun Jun 04 2023 Björn Esser - 1.26.4-3 +- Rebuild(Qt_6.5) + +* Sun May 07 2023 Björn Esser - 1.26.4-2 +- Rebuild(Qt_6.5) + +* Mon May 01 2023 Björn Esser - 1.26.4-1 +- New upstream release + +* Thu Mar 23 2023 Björn Esser - 1.26.3-1 +- New upstream release +- Enable use of Brainpool ECC + +* Sat Jan 28 2023 Björn Esser - 1.26.2-2 +- Drop Qt6 version lock, as this is already ensured by symbol versioning + +* Sun Jan 22 2023 Björn Esser - 1.26.2-1 +- New upstream release + +* Wed Jan 18 2023 Fedora Release Engineering - 1.24.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Sun Nov 27 2022 Björn Esser - 1.24.4-2 +- Rebuild(qt6) + +* Sun Nov 06 2022 Björn Esser - 1.24.4-1 +- New upstream release + +* Fri Sep 02 2022 Björn Esser - 1.24.1-1 +- New upstream release + +* Wed Jul 20 2022 Fedora Release Engineering - 1.22.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Wed Jan 26 2022 Björn Esser - 1.22.3-1 +- New upstream release +- Explicitly BR '/usr/bin/fipshmac' instead of fipscheck package + +* Wed Jan 19 2022 Fedora Release Engineering - 1.22.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Tue Sep 14 2021 Sahana Prasad - 1.22.2-4 +- Rebuilt with OpenSSL 3.0.0 + +* Tue Aug 31 2021 Björn Esser - 1.22.2-3 +- Drop forge-macros and perform tarbal verification during %%prep + +* Tue Aug 31 2021 Björn Esser - 1.22.2-2 +- Add a patch to disable use of Brainpool Elliptic Curves + +* Sun Aug 22 2021 Björn Esser - 1.22.2-1 +- New upstream release +- Disable enforcing of FIPS mode for OpenSSL + +* Wed Jul 21 2021 Fedora Release Engineering - 1.20.2-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Mon Jan 25 2021 Fedora Release Engineering - 1.20.2-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Sun Nov 15 08:50:35 CET 2020 Björn Esser - 1.20.2-10 +- Add runtime dependency on qt5-qtquickcontrols2 + +* Sat Oct 3 12:51:03 CEST 2020 Björn Esser - 1.20.2-9 +- Disable fipscheck in shell wrapper as it does not work in Fedora 33+ + +* Sat Sep 26 2020 Björn Esser - 1.20.2-8 +- Make shell wrapper exit with the exit code of fipscheck on failure + +* Sat Sep 26 2020 Björn Esser - 1.20.2-7 +- Calculate fipshmac for config files and shell wrapper +- Run fipscheck in shell wrapper before application starts + +* Fri Sep 25 2020 Björn Esser - 1.20.2-6 +- Use a python script to generate a tailored OpenSSL configuration + +* Thu Sep 24 2020 Björn Esser - 1.20.2-5 +- Some small spec file optimizations + +* Thu Sep 24 2020 Björn Esser - 1.20.2-4 +- Use a more elaborate application specific OpenSSL configuration + This also re-enables SHA384 hashes in ciphers + +* Wed Sep 23 2020 Björn Esser - 1.20.2-3 +- Do not enable SHA384 ciphers in custom OpenSSL configuration + +* Wed Sep 23 2020 Björn Esser - 1.20.2-2 +- Use application specific OpenSSL config through a shell wrapper + +* Mon Sep 07 2020 Björn Esser - 1.20.2-1 +- New upstream release + +* Mon Aug 24 2020 Björn Esser - 1.20.1-3 +- Add a patch to load translations from Qt5 TranslationsPath +- Move translation files to proper location +- Drop invokation of ctest, as we cannot run the testsuite + from a release build +- Replace patch adding English license with the actual license file + +* Fri Aug 21 2020 Björn Esser - 1.20.1-2 +- Add a patch to exclude the build directory in the Doxyfile +- Merge doc-api package with the doc package, since the Doxygen + API documentation can be shipped noarch'ed as well now + +* Wed Aug 19 2020 Björn Esser - 1.20.1-1 +- Initial import (#1851205) + +* Fri Jul 17 2020 Björn Esser - 1.20.1-0.11 +- Use %%cmake_{build,install} macros on newer distributions + +* Sat Jul 04 2020 Björn Esser - 1.20.1-0.10 +- Add license text in English language + +* Fri Jun 26 2020 Björn Esser - 1.20.1-0.9 +- Also obsolete package with %%{name} previous to this package version + +* Fri Jun 26 2020 Björn Esser - 1.20.1-0.8 +- Ensure archful packages always require equal architecture + +* Fri Jun 26 2020 Björn Esser - 1.20.1-0.7 +- Make sure permissions of the documentation files are correct +- Remove hidden files in documentation +- Drop 'LICENSE.officially.txt', as it only applies to binary copies, + which are distributed on behalf of the federal government of Germany + +* Thu Jun 25 2020 Björn Esser - 1.20.1-0.6 +- Use '--help-all' option when generating man-page +- Split build of Doxygen API docs from building user docs + +* Thu Jun 25 2020 Björn Esser - 1.20.1-0.5 +- Add generated man-page + +* Thu Jun 25 2020 Björn Esser - 1.20.1-0.4 +- Use a macro for lowercase package name + +* Thu Jun 25 2020 Björn Esser - 1.20.1-0.3 +- Use ninja-build instead of GNU Make to speed up the build a bit + +* Thu Jun 25 2020 Björn Esser - 1.20.1-0.2 +- Adaptions for building on EPEL + +* Wed Jun 24 2020 Björn Esser - 1.20.1-0.1 +- Initial spec file for review From 4db057b8ace0e8c77106aa639baa3e7ba429ed68 Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Tue, 2 Jan 2024 13:31:51 +0100 Subject: [PATCH 07/47] Add dependencies needed to render the GUI properly --- AusweisApp2.spec | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/AusweisApp2.spec b/AusweisApp2.spec index 4adde17..21ed0b7 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -126,6 +126,12 @@ Requires: openssl-libs%{?_isa} >= 3.0.8-2 # Needed for running fipscheck on application startup. # Requires: fipscheck +%if 0%{?qt6_build} +# Needed for GUI elements to be rendered +Requires: qt6-qtimageformats%{?_isa} +Requires: qt6-qtsvg%{?_isa} +%endif + %description The AusweisApp2 is a software to identify yourself online with your ID card (Personalausweis) or your electronic From 77260f49503a10da97f530bc6102dba1901a26a0 Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Fri, 5 Jan 2024 22:38:43 +0100 Subject: [PATCH 08/47] Force the use of legacy OpenSSL API to fix issues with explicit EC curves --- ...eisApp2-2.0.1-use-legacy-openssl-api.patch | 362 ++++++++++++++++++ AusweisApp2.spec | 1 + 2 files changed, 363 insertions(+) create mode 100644 AusweisApp2-2.0.1-use-legacy-openssl-api.patch diff --git a/AusweisApp2-2.0.1-use-legacy-openssl-api.patch b/AusweisApp2-2.0.1-use-legacy-openssl-api.patch new file mode 100644 index 0000000..8f2dcee --- /dev/null +++ b/AusweisApp2-2.0.1-use-legacy-openssl-api.patch @@ -0,0 +1,362 @@ +diff -up AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp.legacyapi AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp +--- AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp.legacyapi 2023-11-08 16:55:33.000000000 +0100 ++++ AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp 2024-01-05 22:06:07.585023942 +0100 +@@ -182,7 +182,6 @@ QByteArray EcdsaPublicKey::getUncompress + } + + +-#if OPENSSL_VERSION_NUMBER < 0x30000000L + QSharedPointer EcdsaPublicKey::createGroup(const CurveData& pData) const + { + QSharedPointer group = EcUtil::create(EC_GROUP_new_curve_GFp(pData.p.data(), pData.a.data(), pData.b.data(), nullptr)); +@@ -209,8 +208,6 @@ QSharedPointer EcdsaPublicKey: + } + + +-#endif +- + QSharedPointer EcdsaPublicKey::createKey(const QByteArray& pPublicPoint) const + { + return createKey(reinterpret_cast(pPublicPoint.constData()), static_cast(pPublicPoint.size())); +@@ -239,7 +236,6 @@ QSharedPointer EcdsaPublicKey: + return nullptr; + } + +-#if OPENSSL_VERSION_NUMBER < 0x30000000L + const auto& group = createGroup(curveData); + if (group.isNull()) + { +@@ -275,39 +271,4 @@ QSharedPointer EcdsaPublicKey: + + return key; + +-#else +- const auto& params = EcUtil::create([&curveData, pPublicPoint, pPublicPointLength, this](OSSL_PARAM_BLD* pBuilder){ +- return OSSL_PARAM_BLD_push_BN(pBuilder, "p", curveData.p.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "a", curveData.a.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "b", curveData.b.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "order", curveData.order.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", curveData.cofactor.data()) +- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "pub", pPublicPoint, static_cast(pPublicPointLength)) +- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", mBasePoint->data, static_cast(mBasePoint->length)) +- && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12); +- }); +- +- if (params == nullptr) +- { +- qCCritical(card) << "Cannot set parameter"; +- return nullptr; +- } +- +- auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr)); +- if (!EVP_PKEY_fromdata_init(ctx.data())) +- { +- qCCritical(card) << "Cannot init pkey"; +- return nullptr; +- } +- +- EVP_PKEY* key = nullptr; +- if (!EVP_PKEY_fromdata(ctx.data(), &key, EVP_PKEY_PUBLIC_KEY, params.data())) +- { +- qCCritical(card) << "Cannot fetch data for pkey"; +- return nullptr; +- } +- +- return EcUtil::create(key); +- +-#endif + } +diff -up AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h.legacyapi AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h +--- AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h.legacyapi 2023-11-08 16:55:33.000000000 +0100 ++++ AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h 2024-01-05 21:26:24.850152676 +0100 +@@ -13,9 +13,7 @@ + #include + #include + +-#if OPENSSL_VERSION_NUMBER < 0x30000000L +- #include +-#endif ++#include + + + namespace governikus +@@ -105,9 +103,7 @@ using EcdsaPublicKey = struct ecdsapubli + + [[nodiscard]] CurveData createCurveData() const; + [[nodiscard]] QSharedPointer createKey(const uchar* pPublicPoint, int pPublicPointLength) const; +-#if OPENSSL_VERSION_NUMBER < 0x30000000L + [[nodiscard]] QSharedPointer createGroup(const CurveData& pData) const; +-#endif + + public: + static int decodeCallback(int pOperation, ASN1_VALUE** pVal, const ASN1_ITEM* pIt, void* pExarg); +diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.cpp.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.cpp +--- AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.cpp.legacyapi 2023-11-08 16:55:33.000000000 +0100 ++++ AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.cpp 2024-01-05 21:51:28.494919678 +0100 +@@ -37,13 +37,8 @@ QByteArray EcdhGenericMapping::generateT + + mTerminalKey = EcUtil::generateKey(mCurve); + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- return EcUtil::getEncodedPublicKey(mTerminalKey); +- +-#else + return EcUtil::point2oct(mCurve, EC_KEY_get0_public_key(mTerminalKey.data())); + +-#endif + } + + +@@ -56,12 +51,7 @@ bool EcdhGenericMapping::generateEphemer + return false; + } + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- const QSharedPointer terminalPubKeyPtr = EcUtil::oct2point(mCurve, EcUtil::getEncodedPublicKey(mTerminalKey)); +- const EC_POINT* terminalPubKey = terminalPubKeyPtr.data(); +-#else + const EC_POINT* terminalPubKey = EC_KEY_get0_public_key(mTerminalKey.data()); +-#endif + if (!EC_POINT_cmp(mCurve.data(), terminalPubKey, cardPubKey.data(), nullptr)) + { + qCCritical(card) << "The exchanged public keys are equal."; +@@ -81,12 +71,7 @@ bool EcdhGenericMapping::generateEphemer + + QSharedPointer EcdhGenericMapping::createNewGenerator(const QSharedPointer& pCardPubKey, const QSharedPointer& pS) + { +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- const auto& privKeyPtr = EcUtil::getPrivateKey(mTerminalKey); +- const BIGNUM* privKey = privKeyPtr.data(); +-#else + const BIGNUM* privKey = EC_KEY_get0_private_key(mTerminalKey.data()); +-#endif + + if (!privKey) + { +diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.h.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.h +--- AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.h.legacyapi 2023-11-08 16:55:33.000000000 +0100 ++++ AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.h 2024-01-05 21:52:19.801808499 +0100 +@@ -22,11 +22,7 @@ class EcdhGenericMapping + + private: + const QSharedPointer mCurve; +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- QSharedPointer mTerminalKey; +-#else + QSharedPointer mTerminalKey; +-#endif + + QSharedPointer createNewGenerator(const QSharedPointer& pCardPubKey, const QSharedPointer& pS); + +diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp +--- AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp.legacyapi 2023-11-08 16:55:33.000000000 +0100 ++++ AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp 2024-01-05 21:37:17.920243239 +0100 +@@ -105,15 +105,8 @@ KeyAgreement::CardResult EcdhKeyAgreemen + return {CardReturnCode::PROTOCOL_ERROR}; + } + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- const QByteArray terminalEphemeralPublicKeyBytes = EcUtil::getEncodedPublicKey(terminalEphemeralKey); +- +- const auto& privKeyPtr = EcUtil::getPrivateKey(terminalEphemeralKey); +- const BIGNUM* terminalEphemeralPrivateKey = privKeyPtr.data(); +-#else + const QByteArray terminalEphemeralPublicKeyBytes = EcUtil::point2oct(curve, EC_KEY_get0_public_key(terminalEphemeralKey.data())); + const BIGNUM* const terminalEphemeralPrivateKey = EC_KEY_get0_private_key(terminalEphemeralKey.data()); +-#endif + + // Make a copy of the terminal public key for later mutual authentication. + mTerminalPublicKey = EcUtil::oct2point(curve, terminalEphemeralPublicKeyBytes); +diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp +--- AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp.legacyapi 2023-11-08 16:55:33.000000000 +0100 ++++ AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp 2024-01-05 20:33:28.156797843 +0100 +@@ -88,137 +88,6 @@ QSharedPointer EcUtil::oct2poi + } + + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +-QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer& pKey) +-{ +- if (pKey.isNull()) +- { +- qCCritical(card) << "Cannot use undefined key"; +- return nullptr; +- } +- +- uchar* key = nullptr; +- const size_t length = EVP_PKEY_get1_encoded_public_key(pKey.data(), &key); +- const auto guard = qScopeGuard([key] { +- OPENSSL_free(key); +- }); +- +- return length > 0 ? QByteArray(reinterpret_cast(key), static_cast(length)) : QByteArray(); +-} +- +- +-QSharedPointer EcUtil::getPrivateKey(const QSharedPointer& pKey) +-{ +- BIGNUM* privKey = nullptr; +- EVP_PKEY_get_bn_param(pKey.data(), "priv", &privKey); +- return EcUtil::create(privKey); +-} +- +- +-QSharedPointer EcUtil::create(const std::function& pFunc) +-{ +- OSSL_PARAM_BLD* bld = OSSL_PARAM_BLD_new(); +- const auto guard = qScopeGuard([bld] { +- OSSL_PARAM_BLD_free(bld); +- }); +- +- if (bld == nullptr) +- { +- qCCritical(card) << "Cannot create parameter builder"; +- return nullptr; +- } +- +- if (OSSL_PARAM* params = nullptr; +- pFunc(bld) && (params = OSSL_PARAM_BLD_to_param(bld)) != nullptr) +- { +- static auto deleter = [](OSSL_PARAM* pParam) +- { +- OSSL_PARAM_free(pParam); +- }; +- +- return QSharedPointer(params, deleter); +- } +- +- qCCritical(card) << "Cannot create parameter"; +- return nullptr; +-} +- +- +-QSharedPointer EcUtil::generateKey(const QSharedPointer& pCurve) +-{ +- if (pCurve.isNull()) +- { +- qCCritical(card) << "Curve is undefined"; +- return nullptr; +- } +- +- auto generator = EcUtil::point2oct(pCurve, EC_GROUP_get0_generator(pCurve.data())); +- +- auto order = EcUtil::create(BN_new()); +- if (!EC_GROUP_get_order(pCurve.data(), order.data(), nullptr)) +- { +- qCCritical(card) << "Cannot fetch order"; +- return nullptr; +- } +- +- auto cofactor = EcUtil::create(BN_new()); +- if (!EC_GROUP_get_cofactor(pCurve.data(), cofactor.data(), nullptr)) +- { +- qCCritical(card) << "Cannot fetch cofactor"; +- return nullptr; +- } +- +- auto p = EcUtil::create(BN_new()); +- auto a = EcUtil::create(BN_new()); +- auto b = EcUtil::create(BN_new()); +- if (!EC_GROUP_get_curve(pCurve.data(), p.data(), a.data(), b.data(), nullptr)) +- { +- qCCritical(card) << "Cannot fetch a, b or p"; +- return nullptr; +- } +- +- const auto& params = EcUtil::create([&p, &a, &b, &order, &cofactor, &generator](OSSL_PARAM_BLD* pBuilder){ +- return OSSL_PARAM_BLD_push_BN(pBuilder, "p", p.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "a", a.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "b", b.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "order", order.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", cofactor.data()) +- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", generator.data(), static_cast(generator.size())) +- && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12); +- }); +- +- if (params == nullptr) +- { +- qCCritical(card) << "Cannot set parameter"; +- return nullptr; +- } +- +- auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr)); +- if (!ctx) +- { +- qCCritical(card) << "Cannot create EVP_PKEY_CTX"; +- return nullptr; +- } +- EVP_PKEY_keygen_init(ctx.data()); +- +- if (!EVP_PKEY_CTX_set_params(ctx.data(), params.data())) +- { +- qCCritical(card) << "Cannot set params to EVP_PKEY_CTX"; +- return nullptr; +- } +- +- EVP_PKEY* key = nullptr; +- if (!EVP_PKEY_generate(ctx.data(), &key)) +- { +- qCCritical(card) << "Cannot create EVP_PKEY"; +- return nullptr; +- } +- +- return EcUtil::create(key); +-} +- +- +-#else + QSharedPointer EcUtil::generateKey(const QSharedPointer& pCurve) + { + if (pCurve.isNull()) +@@ -242,6 +111,3 @@ QSharedPointer EcUtil::generateK + + return key; + } +- +- +-#endif +diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h +--- AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h.legacyapi 2023-11-08 16:55:33.000000000 +0100 ++++ AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h 2024-01-05 22:15:17.157430740 +0100 +@@ -30,9 +30,7 @@ class EcUtil + + static QSharedPointer create(EC_GROUP* pEcGroup); + +-#if OPENSSL_VERSION_NUMBER < 0x30000000L + static QSharedPointer create(EC_KEY* pEcKey); +-#endif + + static QSharedPointer create(EC_POINT* pEcPoint); + +@@ -42,14 +40,7 @@ class EcUtil + + static QSharedPointer create(EVP_PKEY_CTX* pEcGroup); + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- static QByteArray getEncodedPublicKey(const QSharedPointer& pKey); +- static QSharedPointer getPrivateKey(const QSharedPointer& pKey); +- static QSharedPointer create(const std::function& pFunc); +- static QSharedPointer generateKey(const QSharedPointer& pCurve); +-#else + static QSharedPointer generateKey(const QSharedPointer& pCurve); +-#endif + + static QSharedPointer createCurve(int pNid); + }; +@@ -66,7 +57,6 @@ inline QSharedPointer EcUtil:: + } + + +-#if OPENSSL_VERSION_NUMBER < 0x30000000L + inline QSharedPointer EcUtil::create(EC_KEY* pEcKey) + { + static auto deleter = [](EC_KEY* ecKey) +@@ -78,8 +68,6 @@ inline QSharedPointer EcUtil::cr + } + + +-#endif +- + inline QSharedPointer EcUtil::create(EC_POINT* pEcPoint) + { + static auto deleter = [](EC_POINT* ecPoint) diff --git a/AusweisApp2.spec b/AusweisApp2.spec index 21ed0b7..e2b21e5 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -64,6 +64,7 @@ Source1000: gen_openssl_cnf.py # Downstream. Patch01000: %{name}-1.24.1-use_Qt_TranslationsPath.patch +Patch01001: %{name}-2.0.1-use-legacy-openssl-api.patch BuildRequires: cmake BuildRequires: crypto-policies From 6234d9f3d5b1a088bb29e403dbdf9c1e218c816d Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Fri, 5 Jan 2024 22:38:43 +0100 Subject: [PATCH 09/47] Force the use of legacy OpenSSL API to fix issues with explicit EC curves --- ...eisApp2-2.0.1-use-legacy-openssl-api.patch | 362 ++++++++++++++++++ AusweisApp2.spec | 1 + 2 files changed, 363 insertions(+) create mode 100644 AusweisApp2-2.0.1-use-legacy-openssl-api.patch diff --git a/AusweisApp2-2.0.1-use-legacy-openssl-api.patch b/AusweisApp2-2.0.1-use-legacy-openssl-api.patch new file mode 100644 index 0000000..8f2dcee --- /dev/null +++ b/AusweisApp2-2.0.1-use-legacy-openssl-api.patch @@ -0,0 +1,362 @@ +diff -up AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp.legacyapi AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp +--- AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp.legacyapi 2023-11-08 16:55:33.000000000 +0100 ++++ AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp 2024-01-05 22:06:07.585023942 +0100 +@@ -182,7 +182,6 @@ QByteArray EcdsaPublicKey::getUncompress + } + + +-#if OPENSSL_VERSION_NUMBER < 0x30000000L + QSharedPointer EcdsaPublicKey::createGroup(const CurveData& pData) const + { + QSharedPointer group = EcUtil::create(EC_GROUP_new_curve_GFp(pData.p.data(), pData.a.data(), pData.b.data(), nullptr)); +@@ -209,8 +208,6 @@ QSharedPointer EcdsaPublicKey: + } + + +-#endif +- + QSharedPointer EcdsaPublicKey::createKey(const QByteArray& pPublicPoint) const + { + return createKey(reinterpret_cast(pPublicPoint.constData()), static_cast(pPublicPoint.size())); +@@ -239,7 +236,6 @@ QSharedPointer EcdsaPublicKey: + return nullptr; + } + +-#if OPENSSL_VERSION_NUMBER < 0x30000000L + const auto& group = createGroup(curveData); + if (group.isNull()) + { +@@ -275,39 +271,4 @@ QSharedPointer EcdsaPublicKey: + + return key; + +-#else +- const auto& params = EcUtil::create([&curveData, pPublicPoint, pPublicPointLength, this](OSSL_PARAM_BLD* pBuilder){ +- return OSSL_PARAM_BLD_push_BN(pBuilder, "p", curveData.p.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "a", curveData.a.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "b", curveData.b.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "order", curveData.order.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", curveData.cofactor.data()) +- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "pub", pPublicPoint, static_cast(pPublicPointLength)) +- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", mBasePoint->data, static_cast(mBasePoint->length)) +- && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12); +- }); +- +- if (params == nullptr) +- { +- qCCritical(card) << "Cannot set parameter"; +- return nullptr; +- } +- +- auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr)); +- if (!EVP_PKEY_fromdata_init(ctx.data())) +- { +- qCCritical(card) << "Cannot init pkey"; +- return nullptr; +- } +- +- EVP_PKEY* key = nullptr; +- if (!EVP_PKEY_fromdata(ctx.data(), &key, EVP_PKEY_PUBLIC_KEY, params.data())) +- { +- qCCritical(card) << "Cannot fetch data for pkey"; +- return nullptr; +- } +- +- return EcUtil::create(key); +- +-#endif + } +diff -up AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h.legacyapi AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h +--- AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h.legacyapi 2023-11-08 16:55:33.000000000 +0100 ++++ AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h 2024-01-05 21:26:24.850152676 +0100 +@@ -13,9 +13,7 @@ + #include + #include + +-#if OPENSSL_VERSION_NUMBER < 0x30000000L +- #include +-#endif ++#include + + + namespace governikus +@@ -105,9 +103,7 @@ using EcdsaPublicKey = struct ecdsapubli + + [[nodiscard]] CurveData createCurveData() const; + [[nodiscard]] QSharedPointer createKey(const uchar* pPublicPoint, int pPublicPointLength) const; +-#if OPENSSL_VERSION_NUMBER < 0x30000000L + [[nodiscard]] QSharedPointer createGroup(const CurveData& pData) const; +-#endif + + public: + static int decodeCallback(int pOperation, ASN1_VALUE** pVal, const ASN1_ITEM* pIt, void* pExarg); +diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.cpp.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.cpp +--- AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.cpp.legacyapi 2023-11-08 16:55:33.000000000 +0100 ++++ AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.cpp 2024-01-05 21:51:28.494919678 +0100 +@@ -37,13 +37,8 @@ QByteArray EcdhGenericMapping::generateT + + mTerminalKey = EcUtil::generateKey(mCurve); + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- return EcUtil::getEncodedPublicKey(mTerminalKey); +- +-#else + return EcUtil::point2oct(mCurve, EC_KEY_get0_public_key(mTerminalKey.data())); + +-#endif + } + + +@@ -56,12 +51,7 @@ bool EcdhGenericMapping::generateEphemer + return false; + } + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- const QSharedPointer terminalPubKeyPtr = EcUtil::oct2point(mCurve, EcUtil::getEncodedPublicKey(mTerminalKey)); +- const EC_POINT* terminalPubKey = terminalPubKeyPtr.data(); +-#else + const EC_POINT* terminalPubKey = EC_KEY_get0_public_key(mTerminalKey.data()); +-#endif + if (!EC_POINT_cmp(mCurve.data(), terminalPubKey, cardPubKey.data(), nullptr)) + { + qCCritical(card) << "The exchanged public keys are equal."; +@@ -81,12 +71,7 @@ bool EcdhGenericMapping::generateEphemer + + QSharedPointer EcdhGenericMapping::createNewGenerator(const QSharedPointer& pCardPubKey, const QSharedPointer& pS) + { +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- const auto& privKeyPtr = EcUtil::getPrivateKey(mTerminalKey); +- const BIGNUM* privKey = privKeyPtr.data(); +-#else + const BIGNUM* privKey = EC_KEY_get0_private_key(mTerminalKey.data()); +-#endif + + if (!privKey) + { +diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.h.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.h +--- AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.h.legacyapi 2023-11-08 16:55:33.000000000 +0100 ++++ AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.h 2024-01-05 21:52:19.801808499 +0100 +@@ -22,11 +22,7 @@ class EcdhGenericMapping + + private: + const QSharedPointer mCurve; +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- QSharedPointer mTerminalKey; +-#else + QSharedPointer mTerminalKey; +-#endif + + QSharedPointer createNewGenerator(const QSharedPointer& pCardPubKey, const QSharedPointer& pS); + +diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp +--- AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp.legacyapi 2023-11-08 16:55:33.000000000 +0100 ++++ AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp 2024-01-05 21:37:17.920243239 +0100 +@@ -105,15 +105,8 @@ KeyAgreement::CardResult EcdhKeyAgreemen + return {CardReturnCode::PROTOCOL_ERROR}; + } + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- const QByteArray terminalEphemeralPublicKeyBytes = EcUtil::getEncodedPublicKey(terminalEphemeralKey); +- +- const auto& privKeyPtr = EcUtil::getPrivateKey(terminalEphemeralKey); +- const BIGNUM* terminalEphemeralPrivateKey = privKeyPtr.data(); +-#else + const QByteArray terminalEphemeralPublicKeyBytes = EcUtil::point2oct(curve, EC_KEY_get0_public_key(terminalEphemeralKey.data())); + const BIGNUM* const terminalEphemeralPrivateKey = EC_KEY_get0_private_key(terminalEphemeralKey.data()); +-#endif + + // Make a copy of the terminal public key for later mutual authentication. + mTerminalPublicKey = EcUtil::oct2point(curve, terminalEphemeralPublicKeyBytes); +diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp +--- AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp.legacyapi 2023-11-08 16:55:33.000000000 +0100 ++++ AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp 2024-01-05 20:33:28.156797843 +0100 +@@ -88,137 +88,6 @@ QSharedPointer EcUtil::oct2poi + } + + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +-QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer& pKey) +-{ +- if (pKey.isNull()) +- { +- qCCritical(card) << "Cannot use undefined key"; +- return nullptr; +- } +- +- uchar* key = nullptr; +- const size_t length = EVP_PKEY_get1_encoded_public_key(pKey.data(), &key); +- const auto guard = qScopeGuard([key] { +- OPENSSL_free(key); +- }); +- +- return length > 0 ? QByteArray(reinterpret_cast(key), static_cast(length)) : QByteArray(); +-} +- +- +-QSharedPointer EcUtil::getPrivateKey(const QSharedPointer& pKey) +-{ +- BIGNUM* privKey = nullptr; +- EVP_PKEY_get_bn_param(pKey.data(), "priv", &privKey); +- return EcUtil::create(privKey); +-} +- +- +-QSharedPointer EcUtil::create(const std::function& pFunc) +-{ +- OSSL_PARAM_BLD* bld = OSSL_PARAM_BLD_new(); +- const auto guard = qScopeGuard([bld] { +- OSSL_PARAM_BLD_free(bld); +- }); +- +- if (bld == nullptr) +- { +- qCCritical(card) << "Cannot create parameter builder"; +- return nullptr; +- } +- +- if (OSSL_PARAM* params = nullptr; +- pFunc(bld) && (params = OSSL_PARAM_BLD_to_param(bld)) != nullptr) +- { +- static auto deleter = [](OSSL_PARAM* pParam) +- { +- OSSL_PARAM_free(pParam); +- }; +- +- return QSharedPointer(params, deleter); +- } +- +- qCCritical(card) << "Cannot create parameter"; +- return nullptr; +-} +- +- +-QSharedPointer EcUtil::generateKey(const QSharedPointer& pCurve) +-{ +- if (pCurve.isNull()) +- { +- qCCritical(card) << "Curve is undefined"; +- return nullptr; +- } +- +- auto generator = EcUtil::point2oct(pCurve, EC_GROUP_get0_generator(pCurve.data())); +- +- auto order = EcUtil::create(BN_new()); +- if (!EC_GROUP_get_order(pCurve.data(), order.data(), nullptr)) +- { +- qCCritical(card) << "Cannot fetch order"; +- return nullptr; +- } +- +- auto cofactor = EcUtil::create(BN_new()); +- if (!EC_GROUP_get_cofactor(pCurve.data(), cofactor.data(), nullptr)) +- { +- qCCritical(card) << "Cannot fetch cofactor"; +- return nullptr; +- } +- +- auto p = EcUtil::create(BN_new()); +- auto a = EcUtil::create(BN_new()); +- auto b = EcUtil::create(BN_new()); +- if (!EC_GROUP_get_curve(pCurve.data(), p.data(), a.data(), b.data(), nullptr)) +- { +- qCCritical(card) << "Cannot fetch a, b or p"; +- return nullptr; +- } +- +- const auto& params = EcUtil::create([&p, &a, &b, &order, &cofactor, &generator](OSSL_PARAM_BLD* pBuilder){ +- return OSSL_PARAM_BLD_push_BN(pBuilder, "p", p.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "a", a.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "b", b.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "order", order.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", cofactor.data()) +- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", generator.data(), static_cast(generator.size())) +- && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12); +- }); +- +- if (params == nullptr) +- { +- qCCritical(card) << "Cannot set parameter"; +- return nullptr; +- } +- +- auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr)); +- if (!ctx) +- { +- qCCritical(card) << "Cannot create EVP_PKEY_CTX"; +- return nullptr; +- } +- EVP_PKEY_keygen_init(ctx.data()); +- +- if (!EVP_PKEY_CTX_set_params(ctx.data(), params.data())) +- { +- qCCritical(card) << "Cannot set params to EVP_PKEY_CTX"; +- return nullptr; +- } +- +- EVP_PKEY* key = nullptr; +- if (!EVP_PKEY_generate(ctx.data(), &key)) +- { +- qCCritical(card) << "Cannot create EVP_PKEY"; +- return nullptr; +- } +- +- return EcUtil::create(key); +-} +- +- +-#else + QSharedPointer EcUtil::generateKey(const QSharedPointer& pCurve) + { + if (pCurve.isNull()) +@@ -242,6 +111,3 @@ QSharedPointer EcUtil::generateK + + return key; + } +- +- +-#endif +diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h +--- AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h.legacyapi 2023-11-08 16:55:33.000000000 +0100 ++++ AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h 2024-01-05 22:15:17.157430740 +0100 +@@ -30,9 +30,7 @@ class EcUtil + + static QSharedPointer create(EC_GROUP* pEcGroup); + +-#if OPENSSL_VERSION_NUMBER < 0x30000000L + static QSharedPointer create(EC_KEY* pEcKey); +-#endif + + static QSharedPointer create(EC_POINT* pEcPoint); + +@@ -42,14 +40,7 @@ class EcUtil + + static QSharedPointer create(EVP_PKEY_CTX* pEcGroup); + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- static QByteArray getEncodedPublicKey(const QSharedPointer& pKey); +- static QSharedPointer getPrivateKey(const QSharedPointer& pKey); +- static QSharedPointer create(const std::function& pFunc); +- static QSharedPointer generateKey(const QSharedPointer& pCurve); +-#else + static QSharedPointer generateKey(const QSharedPointer& pCurve); +-#endif + + static QSharedPointer createCurve(int pNid); + }; +@@ -66,7 +57,6 @@ inline QSharedPointer EcUtil:: + } + + +-#if OPENSSL_VERSION_NUMBER < 0x30000000L + inline QSharedPointer EcUtil::create(EC_KEY* pEcKey) + { + static auto deleter = [](EC_KEY* ecKey) +@@ -78,8 +68,6 @@ inline QSharedPointer EcUtil::cr + } + + +-#endif +- + inline QSharedPointer EcUtil::create(EC_POINT* pEcPoint) + { + static auto deleter = [](EC_POINT* ecPoint) diff --git a/AusweisApp2.spec b/AusweisApp2.spec index 21ed0b7..e2b21e5 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -64,6 +64,7 @@ Source1000: gen_openssl_cnf.py # Downstream. Patch01000: %{name}-1.24.1-use_Qt_TranslationsPath.patch +Patch01001: %{name}-2.0.1-use-legacy-openssl-api.patch BuildRequires: cmake BuildRequires: crypto-policies From 567eec0588fb2e974697ece1994978ec73eb1511 Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Fri, 12 Jan 2024 20:13:00 +0100 Subject: [PATCH 10/47] Update to 2.0.2 --- .gitignore | 3 +++ AusweisApp-2.0.1.tar.gz.asc | 16 ---------------- AusweisApp-2.0.1.tar.gz.sha256 | 1 - AusweisApp2.spec | 2 +- sources | 4 +++- 5 files changed, 7 insertions(+), 19 deletions(-) delete mode 100644 AusweisApp-2.0.1.tar.gz.asc delete mode 100644 AusweisApp-2.0.1.tar.gz.sha256 diff --git a/.gitignore b/.gitignore index 5ae286d..2613183 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,6 @@ /AusweisApp2-pubring.gpg /AusweisApp-2.0.1.tar.gz /AusweisApp-pubring.gpg +/AusweisApp-2.0.2.tar.gz +/AusweisApp-2.0.2.tar.gz.asc +/AusweisApp-2.0.2.tar.gz.sha256 diff --git a/AusweisApp-2.0.1.tar.gz.asc b/AusweisApp-2.0.1.tar.gz.asc deleted file mode 100644 index 14532fc..0000000 --- a/AusweisApp-2.0.1.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEaZvzBVsKSSJO/efHLXR5pTFFEIgFAmVLsQYACgkQLXR5pTFF -EIjJCA//feGQo9BK6eT0hDSHd8k5zyRspQdPMPuw2VneeoFcnZyZpJSWdXsNe1DO -vbauUmuPRRt0e4vs1k5aB+DJ7J7JZ8XNmpLvaph9y7CQ/BQqM+SKVg3Qv/0dIyVv -iG/BpBtZ6tkdFafOvlAO2ed6NIU8sKnicGxeHTeIJg6+xr+KICwEI+scodftcqbl -QvDnoZT/EsCiiiz2+HwIGcrraJfBJ7DyLYW2Sdo0xlBnMSqXHManx84rw89i7Tvb -MZUaP1PROMbxF9RDHKvb/ZnMGgecB+wnAR6V2gWxQfPyg27lrXrxDEcm65zppOky -RIr5s+egnv+txHPdkdL/mwhKpAr5q8Hgc5tq1Bn2rC9/+ESi4HF/2TkRGlkEIez7 -eEAQl5lA2NpBi3EUK0kBJHihEjqMAzeNy8wGxMMM4aHMyvQrooI1BxEV84NEzOqZ -a5xoCdjySFt+NMqCOujiVIasBtuKzQg+2miQpNETuutZ+n+RGOtHspPps5SzQaDO -jLsLzkRKJ/Zcds42kP9adM/klDriD4UtgxfLBcpdC3lCJOA9dxjkB6LLmWcyWXXc -aGcn4I1sfgQz+5aNzpf8jH3fa5788xQ4it2XQYoPx1FBLuH63y+3V9SvYEoA0Tkf -lMa3GkHY1va7COAcrL9AK7hKUaex+FpkGPYxxoH5L7vIpsvOFsU= -=+E8h ------END PGP SIGNATURE----- diff --git a/AusweisApp-2.0.1.tar.gz.sha256 b/AusweisApp-2.0.1.tar.gz.sha256 deleted file mode 100644 index 56734c6..0000000 --- a/AusweisApp-2.0.1.tar.gz.sha256 +++ /dev/null @@ -1 +0,0 @@ -cfb23fdb54e02af8a266388d11989d3f1606dfab48dd80a2f78ff58cb34cbb57 AusweisApp-2.0.1.tar.gz diff --git a/AusweisApp2.spec b/AusweisApp2.spec index e2b21e5..99b32c5 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -41,7 +41,7 @@ fi \ %global newname AusweisApp Name: AusweisApp2 -Version: 2.0.1 +Version: 2.0.2 Release: %autorelease Summary: %{pkg_sum} diff --git a/sources b/sources index a4d3ba8..c880254 100644 --- a/sources +++ b/sources @@ -1,2 +1,4 @@ -SHA512 (AusweisApp-2.0.1.tar.gz) = 8bbbc8af7a167c3e1e5f0d1829eddd143c54995fd3a8d325bcc7ec83d3778ba9b1de7e80e2171d247c8e8726acae8a8c9ddf63440b70aeb68cd01640cbd0d47b +SHA512 (AusweisApp-2.0.2.tar.gz) = 74d4e3d97fbc77efa1aae01c10e4352510c31972578752d6f71a019e883a38e5ee660b2a2ed1d2d8d2e035db1276424d8251c420ce24c48e55addf24a274c127 +SHA512 (AusweisApp-2.0.2.tar.gz.asc) = 5029ae5ea31c25047f4c9a7636acf36366ad514afa5e9db65d50709f8c0a76d7a783227c583c07b8a1e731e711a529357c7218e40dfa3be22cf6f99d89f7ec1f +SHA512 (AusweisApp-2.0.2.tar.gz.sha256) = bf3c83cd56d00b85d4b669ea8aee1c1dd91d2495ef30110471d667577d2d280b689cb95a7b4c51cabf79f56f116785c2f9443a40f612889ea35c9eb09e6c6b15 SHA512 (AusweisApp2-pubring.gpg) = 3aae27b673f4eb2f7d3bda6c839b3d11829a730bde546e92abb889abb1c2453e786dc906154074485406692f5b9abbb3e1fb293e6b397696b6371016723621cd From a56407eb9560aac5390a3ab1916da382964d09f7 Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Fri, 12 Jan 2024 20:13:00 +0100 Subject: [PATCH 11/47] Update to 2.0.2 --- .gitignore | 3 +++ AusweisApp-2.0.1.tar.gz.asc | 16 ---------------- AusweisApp-2.0.1.tar.gz.sha256 | 1 - AusweisApp2.spec | 2 +- sources | 4 +++- 5 files changed, 7 insertions(+), 19 deletions(-) delete mode 100644 AusweisApp-2.0.1.tar.gz.asc delete mode 100644 AusweisApp-2.0.1.tar.gz.sha256 diff --git a/.gitignore b/.gitignore index 5ae286d..2613183 100644 --- a/.gitignore +++ b/.gitignore @@ -2,3 +2,6 @@ /AusweisApp2-pubring.gpg /AusweisApp-2.0.1.tar.gz /AusweisApp-pubring.gpg +/AusweisApp-2.0.2.tar.gz +/AusweisApp-2.0.2.tar.gz.asc +/AusweisApp-2.0.2.tar.gz.sha256 diff --git a/AusweisApp-2.0.1.tar.gz.asc b/AusweisApp-2.0.1.tar.gz.asc deleted file mode 100644 index 14532fc..0000000 --- a/AusweisApp-2.0.1.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEaZvzBVsKSSJO/efHLXR5pTFFEIgFAmVLsQYACgkQLXR5pTFF -EIjJCA//feGQo9BK6eT0hDSHd8k5zyRspQdPMPuw2VneeoFcnZyZpJSWdXsNe1DO -vbauUmuPRRt0e4vs1k5aB+DJ7J7JZ8XNmpLvaph9y7CQ/BQqM+SKVg3Qv/0dIyVv -iG/BpBtZ6tkdFafOvlAO2ed6NIU8sKnicGxeHTeIJg6+xr+KICwEI+scodftcqbl -QvDnoZT/EsCiiiz2+HwIGcrraJfBJ7DyLYW2Sdo0xlBnMSqXHManx84rw89i7Tvb -MZUaP1PROMbxF9RDHKvb/ZnMGgecB+wnAR6V2gWxQfPyg27lrXrxDEcm65zppOky -RIr5s+egnv+txHPdkdL/mwhKpAr5q8Hgc5tq1Bn2rC9/+ESi4HF/2TkRGlkEIez7 -eEAQl5lA2NpBi3EUK0kBJHihEjqMAzeNy8wGxMMM4aHMyvQrooI1BxEV84NEzOqZ -a5xoCdjySFt+NMqCOujiVIasBtuKzQg+2miQpNETuutZ+n+RGOtHspPps5SzQaDO -jLsLzkRKJ/Zcds42kP9adM/klDriD4UtgxfLBcpdC3lCJOA9dxjkB6LLmWcyWXXc -aGcn4I1sfgQz+5aNzpf8jH3fa5788xQ4it2XQYoPx1FBLuH63y+3V9SvYEoA0Tkf -lMa3GkHY1va7COAcrL9AK7hKUaex+FpkGPYxxoH5L7vIpsvOFsU= -=+E8h ------END PGP SIGNATURE----- diff --git a/AusweisApp-2.0.1.tar.gz.sha256 b/AusweisApp-2.0.1.tar.gz.sha256 deleted file mode 100644 index 56734c6..0000000 --- a/AusweisApp-2.0.1.tar.gz.sha256 +++ /dev/null @@ -1 +0,0 @@ -cfb23fdb54e02af8a266388d11989d3f1606dfab48dd80a2f78ff58cb34cbb57 AusweisApp-2.0.1.tar.gz diff --git a/AusweisApp2.spec b/AusweisApp2.spec index e2b21e5..99b32c5 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -41,7 +41,7 @@ fi \ %global newname AusweisApp Name: AusweisApp2 -Version: 2.0.1 +Version: 2.0.2 Release: %autorelease Summary: %{pkg_sum} diff --git a/sources b/sources index a4d3ba8..c880254 100644 --- a/sources +++ b/sources @@ -1,2 +1,4 @@ -SHA512 (AusweisApp-2.0.1.tar.gz) = 8bbbc8af7a167c3e1e5f0d1829eddd143c54995fd3a8d325bcc7ec83d3778ba9b1de7e80e2171d247c8e8726acae8a8c9ddf63440b70aeb68cd01640cbd0d47b +SHA512 (AusweisApp-2.0.2.tar.gz) = 74d4e3d97fbc77efa1aae01c10e4352510c31972578752d6f71a019e883a38e5ee660b2a2ed1d2d8d2e035db1276424d8251c420ce24c48e55addf24a274c127 +SHA512 (AusweisApp-2.0.2.tar.gz.asc) = 5029ae5ea31c25047f4c9a7636acf36366ad514afa5e9db65d50709f8c0a76d7a783227c583c07b8a1e731e711a529357c7218e40dfa3be22cf6f99d89f7ec1f +SHA512 (AusweisApp-2.0.2.tar.gz.sha256) = bf3c83cd56d00b85d4b669ea8aee1c1dd91d2495ef30110471d667577d2d280b689cb95a7b4c51cabf79f56f116785c2f9443a40f612889ea35c9eb09e6c6b15 SHA512 (AusweisApp2-pubring.gpg) = 3aae27b673f4eb2f7d3bda6c839b3d11829a730bde546e92abb889abb1c2453e786dc906154074485406692f5b9abbb3e1fb293e6b397696b6371016723621cd From 3d84f3e2c024d500e878e69eaa44c0a0266387ff Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 18 Jan 2024 12:07:42 +0000 Subject: [PATCH 12/47] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild From 6168bedb7a0e6da6ab6d6626cb201f3f868b6bb5 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 19 Jan 2024 09:13:42 +0000 Subject: [PATCH 13/47] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild From a133d529e5c5a3fb8053867994c11964254b9bb4 Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Sat, 20 Jan 2024 12:44:36 +0100 Subject: [PATCH 14/47] Update to 2.0.3 --- .gitignore | 3 +++ AusweisApp2.spec | 2 +- sources | 6 +++--- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 2613183..6be2f76 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,6 @@ /AusweisApp-2.0.2.tar.gz /AusweisApp-2.0.2.tar.gz.asc /AusweisApp-2.0.2.tar.gz.sha256 +/AusweisApp-2.0.3.tar.gz +/AusweisApp-2.0.3.tar.gz.asc +/AusweisApp-2.0.3.tar.gz.sha256 diff --git a/AusweisApp2.spec b/AusweisApp2.spec index 99b32c5..691d9a0 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -41,7 +41,7 @@ fi \ %global newname AusweisApp Name: AusweisApp2 -Version: 2.0.2 +Version: 2.0.3 Release: %autorelease Summary: %{pkg_sum} diff --git a/sources b/sources index c880254..28492ab 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (AusweisApp-2.0.2.tar.gz) = 74d4e3d97fbc77efa1aae01c10e4352510c31972578752d6f71a019e883a38e5ee660b2a2ed1d2d8d2e035db1276424d8251c420ce24c48e55addf24a274c127 -SHA512 (AusweisApp-2.0.2.tar.gz.asc) = 5029ae5ea31c25047f4c9a7636acf36366ad514afa5e9db65d50709f8c0a76d7a783227c583c07b8a1e731e711a529357c7218e40dfa3be22cf6f99d89f7ec1f -SHA512 (AusweisApp-2.0.2.tar.gz.sha256) = bf3c83cd56d00b85d4b669ea8aee1c1dd91d2495ef30110471d667577d2d280b689cb95a7b4c51cabf79f56f116785c2f9443a40f612889ea35c9eb09e6c6b15 +SHA512 (AusweisApp-2.0.3.tar.gz) = 4843c1cc0e510a350ef99e5c3810a1ed526832894d269b3791ff55341ad781186396275168d7c82d1abaf06cfb825ae626dad0a9bde2baec4db4e72103252053 +SHA512 (AusweisApp-2.0.3.tar.gz.asc) = 6efb1afff620f557c8b17e698c273086ea9189fd8689ada6ea2aaa0f3c8a41f4871472e9f35a626e63668e787f056fb15964b0f860808a923413ead3ece76f4c +SHA512 (AusweisApp-2.0.3.tar.gz.sha256) = 5b349772a7bc456ff3912d2f9d885840ddb104bd4d45e77cf4b4e0d63650de3865a0fb6ade88983142f21b28165c366c2ca313e37979082c2d9b12559c20f828 SHA512 (AusweisApp2-pubring.gpg) = 3aae27b673f4eb2f7d3bda6c839b3d11829a730bde546e92abb889abb1c2453e786dc906154074485406692f5b9abbb3e1fb293e6b397696b6371016723621cd From c402d3daa3c3fa9a9c96e3633b6bbee8843e6a74 Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Sat, 20 Jan 2024 12:44:36 +0100 Subject: [PATCH 15/47] Update to 2.0.3 --- .gitignore | 3 +++ AusweisApp2.spec | 2 +- sources | 6 +++--- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 2613183..6be2f76 100644 --- a/.gitignore +++ b/.gitignore @@ -5,3 +5,6 @@ /AusweisApp-2.0.2.tar.gz /AusweisApp-2.0.2.tar.gz.asc /AusweisApp-2.0.2.tar.gz.sha256 +/AusweisApp-2.0.3.tar.gz +/AusweisApp-2.0.3.tar.gz.asc +/AusweisApp-2.0.3.tar.gz.sha256 diff --git a/AusweisApp2.spec b/AusweisApp2.spec index 99b32c5..691d9a0 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -41,7 +41,7 @@ fi \ %global newname AusweisApp Name: AusweisApp2 -Version: 2.0.2 +Version: 2.0.3 Release: %autorelease Summary: %{pkg_sum} diff --git a/sources b/sources index c880254..28492ab 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (AusweisApp-2.0.2.tar.gz) = 74d4e3d97fbc77efa1aae01c10e4352510c31972578752d6f71a019e883a38e5ee660b2a2ed1d2d8d2e035db1276424d8251c420ce24c48e55addf24a274c127 -SHA512 (AusweisApp-2.0.2.tar.gz.asc) = 5029ae5ea31c25047f4c9a7636acf36366ad514afa5e9db65d50709f8c0a76d7a783227c583c07b8a1e731e711a529357c7218e40dfa3be22cf6f99d89f7ec1f -SHA512 (AusweisApp-2.0.2.tar.gz.sha256) = bf3c83cd56d00b85d4b669ea8aee1c1dd91d2495ef30110471d667577d2d280b689cb95a7b4c51cabf79f56f116785c2f9443a40f612889ea35c9eb09e6c6b15 +SHA512 (AusweisApp-2.0.3.tar.gz) = 4843c1cc0e510a350ef99e5c3810a1ed526832894d269b3791ff55341ad781186396275168d7c82d1abaf06cfb825ae626dad0a9bde2baec4db4e72103252053 +SHA512 (AusweisApp-2.0.3.tar.gz.asc) = 6efb1afff620f557c8b17e698c273086ea9189fd8689ada6ea2aaa0f3c8a41f4871472e9f35a626e63668e787f056fb15964b0f860808a923413ead3ece76f4c +SHA512 (AusweisApp-2.0.3.tar.gz.sha256) = 5b349772a7bc456ff3912d2f9d885840ddb104bd4d45e77cf4b4e0d63650de3865a0fb6ade88983142f21b28165c366c2ca313e37979082c2d9b12559c20f828 SHA512 (AusweisApp2-pubring.gpg) = 3aae27b673f4eb2f7d3bda6c839b3d11829a730bde546e92abb889abb1c2453e786dc906154074485406692f5b9abbb3e1fb293e6b397696b6371016723621cd From 2ad5846166c5eedbee0c9e597758baefd0befbe4 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Mon, 22 Jan 2024 20:44:21 +0000 Subject: [PATCH 16/47] Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild From fbaa75776b75d63e2bc0890bb9d5f4a901619fd3 Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Fri, 16 Feb 2024 14:46:20 +0100 Subject: [PATCH 17/47] Rebuild (qt6) From a33b79408d4e39d9eba01a68abf75531495f542f Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Fri, 1 Mar 2024 09:42:39 +0100 Subject: [PATCH 18/47] Update to 2.1.0 --- .gitignore | 3 +++ AusweisApp2.spec | 2 +- sources | 6 +++--- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 6be2f76..a078b38 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,6 @@ /AusweisApp-2.0.3.tar.gz /AusweisApp-2.0.3.tar.gz.asc /AusweisApp-2.0.3.tar.gz.sha256 +/AusweisApp-2.1.0.tar.gz +/AusweisApp-2.1.0.tar.gz.asc +/AusweisApp-2.1.0.tar.gz.sha256 diff --git a/AusweisApp2.spec b/AusweisApp2.spec index 691d9a0..3e7f03b 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -41,7 +41,7 @@ fi \ %global newname AusweisApp Name: AusweisApp2 -Version: 2.0.3 +Version: 2.1.0 Release: %autorelease Summary: %{pkg_sum} diff --git a/sources b/sources index 28492ab..081e736 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (AusweisApp-2.0.3.tar.gz) = 4843c1cc0e510a350ef99e5c3810a1ed526832894d269b3791ff55341ad781186396275168d7c82d1abaf06cfb825ae626dad0a9bde2baec4db4e72103252053 -SHA512 (AusweisApp-2.0.3.tar.gz.asc) = 6efb1afff620f557c8b17e698c273086ea9189fd8689ada6ea2aaa0f3c8a41f4871472e9f35a626e63668e787f056fb15964b0f860808a923413ead3ece76f4c -SHA512 (AusweisApp-2.0.3.tar.gz.sha256) = 5b349772a7bc456ff3912d2f9d885840ddb104bd4d45e77cf4b4e0d63650de3865a0fb6ade88983142f21b28165c366c2ca313e37979082c2d9b12559c20f828 +SHA512 (AusweisApp-2.1.0.tar.gz) = d83b04da5a21c71106fecc1c6cc24caa34755334f7c0ffe2ba9fe38223a05a7dbaea6c2da4a209344770e816ae0206db9d071f994d920454d96145285e53f97b +SHA512 (AusweisApp-2.1.0.tar.gz.asc) = 243457505d32a1cc6363cf2f0d500d7d76f8fac071ff9ee23112933ddf10cfb746635f914a36d7f7f5cf2416597201ad9b962f73285de1604793a3b5a667ae12 +SHA512 (AusweisApp-2.1.0.tar.gz.sha256) = d2fab6efc3b0a1cdc532e860f4671d9e7bbf9ba3874c9911182f61d0ad887d4d9a936d311b49b9703bfa3f2cb8cf00657f5c14a56e80d174116be8f7550875f5 SHA512 (AusweisApp2-pubring.gpg) = 3aae27b673f4eb2f7d3bda6c839b3d11829a730bde546e92abb889abb1c2453e786dc906154074485406692f5b9abbb3e1fb293e6b397696b6371016723621cd From 3829033411fa9c2f75e96978f42b2ee936fea1e0 Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Fri, 1 Mar 2024 09:42:39 +0100 Subject: [PATCH 19/47] Update to 2.1.0 --- .gitignore | 3 +++ AusweisApp2.spec | 2 +- sources | 6 +++--- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 6be2f76..a078b38 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,6 @@ /AusweisApp-2.0.3.tar.gz /AusweisApp-2.0.3.tar.gz.asc /AusweisApp-2.0.3.tar.gz.sha256 +/AusweisApp-2.1.0.tar.gz +/AusweisApp-2.1.0.tar.gz.asc +/AusweisApp-2.1.0.tar.gz.sha256 diff --git a/AusweisApp2.spec b/AusweisApp2.spec index 691d9a0..3e7f03b 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -41,7 +41,7 @@ fi \ %global newname AusweisApp Name: AusweisApp2 -Version: 2.0.3 +Version: 2.1.0 Release: %autorelease Summary: %{pkg_sum} diff --git a/sources b/sources index 28492ab..081e736 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (AusweisApp-2.0.3.tar.gz) = 4843c1cc0e510a350ef99e5c3810a1ed526832894d269b3791ff55341ad781186396275168d7c82d1abaf06cfb825ae626dad0a9bde2baec4db4e72103252053 -SHA512 (AusweisApp-2.0.3.tar.gz.asc) = 6efb1afff620f557c8b17e698c273086ea9189fd8689ada6ea2aaa0f3c8a41f4871472e9f35a626e63668e787f056fb15964b0f860808a923413ead3ece76f4c -SHA512 (AusweisApp-2.0.3.tar.gz.sha256) = 5b349772a7bc456ff3912d2f9d885840ddb104bd4d45e77cf4b4e0d63650de3865a0fb6ade88983142f21b28165c366c2ca313e37979082c2d9b12559c20f828 +SHA512 (AusweisApp-2.1.0.tar.gz) = d83b04da5a21c71106fecc1c6cc24caa34755334f7c0ffe2ba9fe38223a05a7dbaea6c2da4a209344770e816ae0206db9d071f994d920454d96145285e53f97b +SHA512 (AusweisApp-2.1.0.tar.gz.asc) = 243457505d32a1cc6363cf2f0d500d7d76f8fac071ff9ee23112933ddf10cfb746635f914a36d7f7f5cf2416597201ad9b962f73285de1604793a3b5a667ae12 +SHA512 (AusweisApp-2.1.0.tar.gz.sha256) = d2fab6efc3b0a1cdc532e860f4671d9e7bbf9ba3874c9911182f61d0ad887d4d9a936d311b49b9703bfa3f2cb8cf00657f5c14a56e80d174116be8f7550875f5 SHA512 (AusweisApp2-pubring.gpg) = 3aae27b673f4eb2f7d3bda6c839b3d11829a730bde546e92abb889abb1c2453e786dc906154074485406692f5b9abbb3e1fb293e6b397696b6371016723621cd From 4327a2fc20ee6608b27ef3d34882686273306e21 Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Tue, 30 Jan 2024 18:16:18 +0100 Subject: [PATCH 20/47] Add background information for the legacy openssl API patch --- AusweisApp2.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/AusweisApp2.spec b/AusweisApp2.spec index 3e7f03b..a282814 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -64,6 +64,9 @@ Source1000: gen_openssl_cnf.py # Downstream. Patch01000: %{name}-1.24.1-use_Qt_TranslationsPath.patch +# Needed because Fedora's openssl does not support elliptic curves using custom parameters. +# Request to enable them was denied: https://bugzilla.redhat.com/show_bug.cgi?id=2259403 +# It is currently not clear if the legacy API works by accident or by design. It does work as of January 2024. Patch01001: %{name}-2.0.1-use-legacy-openssl-api.patch BuildRequires: cmake From 82fe16d7196672945d0129d7ba2ad040da429cdf Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Sat, 2 Mar 2024 19:32:26 +0100 Subject: [PATCH 21/47] Fix OpenSSL config generation --- gen_openssl_cnf.py | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/gen_openssl_cnf.py b/gen_openssl_cnf.py index 340e8c4..6ef6438 100644 --- a/gen_openssl_cnf.py +++ b/gen_openssl_cnf.py @@ -76,8 +76,14 @@ class _Const(object): @constant def KEYSIZE_SECTIONS(): return [ - 'minStaticKeySizes', - 'minEphemeralKeySizes', + 'minKeySizes', + 'sizesIfd', + ] + + @constant + def KEYSIZE_MIN_SECTION(): + return [ + 'min', ] @constant @@ -101,9 +107,15 @@ def get_min_ssl_sec_level(json_data): if option in json_data[section]: if min_keysize > json_data[section][option]: min_keysize = json_data[section][option] + elif option in json_data[section][CONST.KEYSIZE_MIN_SECTION]: + if min_keysize > json_data[section][CONST.KEYSIZE_MIN_SECTION][option]: + min_keysize = json_data[section][CONST.KEYSIZE_MIN_SECTION][option] if CONST.KEYSIZE_EC_OPTION in json_data[section]: if min_ecsize > json_data[section][CONST.KEYSIZE_EC_OPTION]: min_ecsize = json_data[section][CONST.KEYSIZE_EC_OPTION] + elif CONST.KEYSIZE_EC_OPTION in json_data[section][CONST.KEYSIZE_MIN_SECTION]: + if min_ecsize > json_data[section][CONST.KEYSIZE_MIN_SECTION][CONST.KEYSIZE_EC_OPTION]: + min_ecsize = json_data[section][CONST.KEYSIZE_MIN_SECTION][CONST.KEYSIZE_EC_OPTION] if min_keysize >= 1000 and min_ecsize >= 160: sec_level = 1 From 15d64f00d1feb21f0d0d2b3024045ada4982ce12 Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Tue, 30 Jan 2024 18:16:18 +0100 Subject: [PATCH 22/47] Add background information for the legacy openssl API patch --- AusweisApp2.spec | 3 +++ 1 file changed, 3 insertions(+) diff --git a/AusweisApp2.spec b/AusweisApp2.spec index 3e7f03b..a282814 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -64,6 +64,9 @@ Source1000: gen_openssl_cnf.py # Downstream. Patch01000: %{name}-1.24.1-use_Qt_TranslationsPath.patch +# Needed because Fedora's openssl does not support elliptic curves using custom parameters. +# Request to enable them was denied: https://bugzilla.redhat.com/show_bug.cgi?id=2259403 +# It is currently not clear if the legacy API works by accident or by design. It does work as of January 2024. Patch01001: %{name}-2.0.1-use-legacy-openssl-api.patch BuildRequires: cmake From 956b0e586a05a1d987bdb6b48de46939d1e182bd Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Sat, 2 Mar 2024 19:32:26 +0100 Subject: [PATCH 23/47] Fix OpenSSL config generation --- gen_openssl_cnf.py | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/gen_openssl_cnf.py b/gen_openssl_cnf.py index 340e8c4..6ef6438 100644 --- a/gen_openssl_cnf.py +++ b/gen_openssl_cnf.py @@ -76,8 +76,14 @@ class _Const(object): @constant def KEYSIZE_SECTIONS(): return [ - 'minStaticKeySizes', - 'minEphemeralKeySizes', + 'minKeySizes', + 'sizesIfd', + ] + + @constant + def KEYSIZE_MIN_SECTION(): + return [ + 'min', ] @constant @@ -101,9 +107,15 @@ def get_min_ssl_sec_level(json_data): if option in json_data[section]: if min_keysize > json_data[section][option]: min_keysize = json_data[section][option] + elif option in json_data[section][CONST.KEYSIZE_MIN_SECTION]: + if min_keysize > json_data[section][CONST.KEYSIZE_MIN_SECTION][option]: + min_keysize = json_data[section][CONST.KEYSIZE_MIN_SECTION][option] if CONST.KEYSIZE_EC_OPTION in json_data[section]: if min_ecsize > json_data[section][CONST.KEYSIZE_EC_OPTION]: min_ecsize = json_data[section][CONST.KEYSIZE_EC_OPTION] + elif CONST.KEYSIZE_EC_OPTION in json_data[section][CONST.KEYSIZE_MIN_SECTION]: + if min_ecsize > json_data[section][CONST.KEYSIZE_MIN_SECTION][CONST.KEYSIZE_EC_OPTION]: + min_ecsize = json_data[section][CONST.KEYSIZE_MIN_SECTION][CONST.KEYSIZE_EC_OPTION] if min_keysize >= 1000 and min_ecsize >= 160: sec_level = 1 From 3d1d7b241c9223fbcb91a7aedce5da93c7177d36 Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Sat, 2 Mar 2024 19:50:30 +0100 Subject: [PATCH 24/47] Really fix OpenSSL config generation --- gen_openssl_cnf.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/gen_openssl_cnf.py b/gen_openssl_cnf.py index 6ef6438..25e7e5c 100644 --- a/gen_openssl_cnf.py +++ b/gen_openssl_cnf.py @@ -82,9 +82,7 @@ class _Const(object): @constant def KEYSIZE_MIN_SECTION(): - return [ - 'min', - ] + return 'min' @constant def TLS_VERSIONS(): From 520d0a2bec922f09f2d0a478dfa3117f707da95a Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Sat, 2 Mar 2024 19:50:30 +0100 Subject: [PATCH 25/47] Really fix OpenSSL config generation --- gen_openssl_cnf.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/gen_openssl_cnf.py b/gen_openssl_cnf.py index 6ef6438..25e7e5c 100644 --- a/gen_openssl_cnf.py +++ b/gen_openssl_cnf.py @@ -82,9 +82,7 @@ class _Const(object): @constant def KEYSIZE_MIN_SECTION(): - return [ - 'min', - ] + return 'min' @constant def TLS_VERSIONS(): From 11eb3e3e4345d801a08a890c7a4a35bb3205006f Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Thu, 4 Apr 2024 10:36:13 +0200 Subject: [PATCH 26/47] Rebuild (qt6) From 73e99cf9cbf13f49186634be4910aa8951d246bf Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Thu, 11 Apr 2024 20:17:29 +0200 Subject: [PATCH 27/47] Update to 2.1.1 --- .gitignore | 3 +++ AusweisApp2.spec | 2 +- sources | 6 +++--- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index a078b38..fa9b918 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,6 @@ /AusweisApp-2.1.0.tar.gz /AusweisApp-2.1.0.tar.gz.asc /AusweisApp-2.1.0.tar.gz.sha256 +/AusweisApp-2.1.1.tar.gz +/AusweisApp-2.1.1.tar.gz.asc +/AusweisApp-2.1.1.tar.gz.sha256 diff --git a/AusweisApp2.spec b/AusweisApp2.spec index a282814..ec79e9d 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -41,7 +41,7 @@ fi \ %global newname AusweisApp Name: AusweisApp2 -Version: 2.1.0 +Version: 2.1.1 Release: %autorelease Summary: %{pkg_sum} diff --git a/sources b/sources index 081e736..07f74ad 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (AusweisApp-2.1.0.tar.gz) = d83b04da5a21c71106fecc1c6cc24caa34755334f7c0ffe2ba9fe38223a05a7dbaea6c2da4a209344770e816ae0206db9d071f994d920454d96145285e53f97b -SHA512 (AusweisApp-2.1.0.tar.gz.asc) = 243457505d32a1cc6363cf2f0d500d7d76f8fac071ff9ee23112933ddf10cfb746635f914a36d7f7f5cf2416597201ad9b962f73285de1604793a3b5a667ae12 -SHA512 (AusweisApp-2.1.0.tar.gz.sha256) = d2fab6efc3b0a1cdc532e860f4671d9e7bbf9ba3874c9911182f61d0ad887d4d9a936d311b49b9703bfa3f2cb8cf00657f5c14a56e80d174116be8f7550875f5 +SHA512 (AusweisApp-2.1.1.tar.gz) = f2cc9de898c3b2e61eb9ac208a21d60708aceeeb79d73f0382bc4b68e4011178217594bd99ac24b07d0d3fbd80b46e5c3ddc6c76bb764e24dc473197f4e1d4c9 +SHA512 (AusweisApp-2.1.1.tar.gz.asc) = 560a7e53f1d991e03d584caf29e158d72b1ca654682a14b2507347deb761b9c333db54550124b380fd2d84a861ea120ef6548075ca76e4b9bf462d9d22ebc725 +SHA512 (AusweisApp-2.1.1.tar.gz.sha256) = 49296a1d54b014f74fbda708d3a428178223f476ceb352a781c6942e88a1a853d30bccaa3fafc325944becd4fe61b3036a4e3985d5b185aaf8579ea12c60a40f SHA512 (AusweisApp2-pubring.gpg) = 3aae27b673f4eb2f7d3bda6c839b3d11829a730bde546e92abb889abb1c2453e786dc906154074485406692f5b9abbb3e1fb293e6b397696b6371016723621cd From 016c08c9429dc3b427ac40a7f5aa16c938de4d86 Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Thu, 11 Apr 2024 20:17:29 +0200 Subject: [PATCH 28/47] Update to 2.1.1 --- .gitignore | 3 +++ AusweisApp2.spec | 2 +- sources | 6 +++--- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index a078b38..fa9b918 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,6 @@ /AusweisApp-2.1.0.tar.gz /AusweisApp-2.1.0.tar.gz.asc /AusweisApp-2.1.0.tar.gz.sha256 +/AusweisApp-2.1.1.tar.gz +/AusweisApp-2.1.1.tar.gz.asc +/AusweisApp-2.1.1.tar.gz.sha256 diff --git a/AusweisApp2.spec b/AusweisApp2.spec index a282814..ec79e9d 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -41,7 +41,7 @@ fi \ %global newname AusweisApp Name: AusweisApp2 -Version: 2.1.0 +Version: 2.1.1 Release: %autorelease Summary: %{pkg_sum} diff --git a/sources b/sources index 081e736..07f74ad 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (AusweisApp-2.1.0.tar.gz) = d83b04da5a21c71106fecc1c6cc24caa34755334f7c0ffe2ba9fe38223a05a7dbaea6c2da4a209344770e816ae0206db9d071f994d920454d96145285e53f97b -SHA512 (AusweisApp-2.1.0.tar.gz.asc) = 243457505d32a1cc6363cf2f0d500d7d76f8fac071ff9ee23112933ddf10cfb746635f914a36d7f7f5cf2416597201ad9b962f73285de1604793a3b5a667ae12 -SHA512 (AusweisApp-2.1.0.tar.gz.sha256) = d2fab6efc3b0a1cdc532e860f4671d9e7bbf9ba3874c9911182f61d0ad887d4d9a936d311b49b9703bfa3f2cb8cf00657f5c14a56e80d174116be8f7550875f5 +SHA512 (AusweisApp-2.1.1.tar.gz) = f2cc9de898c3b2e61eb9ac208a21d60708aceeeb79d73f0382bc4b68e4011178217594bd99ac24b07d0d3fbd80b46e5c3ddc6c76bb764e24dc473197f4e1d4c9 +SHA512 (AusweisApp-2.1.1.tar.gz.asc) = 560a7e53f1d991e03d584caf29e158d72b1ca654682a14b2507347deb761b9c333db54550124b380fd2d84a861ea120ef6548075ca76e4b9bf462d9d22ebc725 +SHA512 (AusweisApp-2.1.1.tar.gz.sha256) = 49296a1d54b014f74fbda708d3a428178223f476ceb352a781c6942e88a1a853d30bccaa3fafc325944becd4fe61b3036a4e3985d5b185aaf8579ea12c60a40f SHA512 (AusweisApp2-pubring.gpg) = 3aae27b673f4eb2f7d3bda6c839b3d11829a730bde546e92abb889abb1c2453e786dc906154074485406692f5b9abbb3e1fb293e6b397696b6371016723621cd From 89a6c44d60e56d643ccb1c162e21e56f9f5cd194 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miroslav=20Such=C3=BD?= Date: Fri, 12 Apr 2024 10:59:00 +0200 Subject: [PATCH 29/47] convert EUPL 1.2 license to SPDX --- AusweisApp2.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/AusweisApp2.spec b/AusweisApp2.spec index ec79e9d..18ea35a 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -45,7 +45,7 @@ Version: 2.1.1 Release: %autorelease Summary: %{pkg_sum} -License: EUPL 1.2 +License: EUPL-1.2 URL: https://www.ausweisapp.bund.de/en # Url to releases on github. From 69de1bcfb441b8016e8dbaad171c75b98dc640fe Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Thu, 4 Jul 2024 20:50:58 +0200 Subject: [PATCH 30/47] Update to 2.2.0 --- .gitignore | 3 + ...eisApp2-2.0.1-use-legacy-openssl-api.patch | 268 ++++++++++++++---- AusweisApp2.spec | 2 +- sources | 6 +- 4 files changed, 226 insertions(+), 53 deletions(-) diff --git a/.gitignore b/.gitignore index fa9b918..9a11340 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,6 @@ /AusweisApp-2.1.1.tar.gz /AusweisApp-2.1.1.tar.gz.asc /AusweisApp-2.1.1.tar.gz.sha256 +/AusweisApp-2.2.0.tar.gz +/AusweisApp-2.2.0.tar.gz.asc +/AusweisApp-2.2.0.tar.gz.sha256 diff --git a/AusweisApp2-2.0.1-use-legacy-openssl-api.patch b/AusweisApp2-2.0.1-use-legacy-openssl-api.patch index 8f2dcee..aa752ff 100644 --- a/AusweisApp2-2.0.1-use-legacy-openssl-api.patch +++ b/AusweisApp2-2.0.1-use-legacy-openssl-api.patch @@ -1,7 +1,27 @@ -diff -up AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp.legacyapi AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp ---- AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp.legacyapi 2023-11-08 16:55:33.000000000 +0100 -+++ AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp 2024-01-05 22:06:07.585023942 +0100 -@@ -182,7 +182,6 @@ QByteArray EcdsaPublicKey::getUncompress +From 360d75e9ac2977a99b3e45e0e472a0abb02655cf Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Thu, 4 Jul 2024 20:10:17 +0200 +Subject: [PATCH] AusweisApp2-2.0.1-use-legacy-openssl-api.patch + +--- + src/card/base/asn1/EcdsaPublicKey.cpp | 39 ------ + src/card/base/asn1/EcdsaPublicKey.h | 6 +- + src/card/base/pace/ec/EcdhGenericMapping.cpp | 15 --- + src/card/base/pace/ec/EcdhGenericMapping.h | 4 - + src/card/base/pace/ec/EcdhKeyAgreement.cpp | 7 - + src/card/base/pace/ec/EcUtil.cpp | 134 ------------------- + src/card/base/pace/ec/EcUtil.h | 12 -- + src/card/simulator/SimulatorCard.cpp | 45 +------ + src/card/simulator/SimulatorCard.h | 4 - + src/card/simulator/SimulatorFileSystem.cpp | 9 -- + src/card/simulator/SimulatorFileSystem.h | 4 - + 11 files changed, 2 insertions(+), 277 deletions(-) + +diff --git a/src/card/base/asn1/EcdsaPublicKey.cpp b/src/card/base/asn1/EcdsaPublicKey.cpp +index ea07eda..0f19c11 100644 +--- a/src/card/base/asn1/EcdsaPublicKey.cpp ++++ b/src/card/base/asn1/EcdsaPublicKey.cpp +@@ -182,7 +182,6 @@ QByteArray EcdsaPublicKey::getUncompressedPublicPoint() const } @@ -9,7 +29,7 @@ diff -up AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp.legacyapi Auswei QSharedPointer EcdsaPublicKey::createGroup(const CurveData& pData) const { QSharedPointer group = EcUtil::create(EC_GROUP_new_curve_GFp(pData.p.data(), pData.a.data(), pData.b.data(), nullptr)); -@@ -209,8 +208,6 @@ QSharedPointer EcdsaPublicKey: +@@ -209,8 +208,6 @@ QSharedPointer EcdsaPublicKey::createGroup(const CurveData& pData) con } @@ -18,7 +38,7 @@ diff -up AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp.legacyapi Auswei QSharedPointer EcdsaPublicKey::createKey(const QByteArray& pPublicPoint) const { return createKey(reinterpret_cast(pPublicPoint.constData()), static_cast(pPublicPoint.size())); -@@ -239,7 +236,6 @@ QSharedPointer EcdsaPublicKey: +@@ -239,7 +236,6 @@ QSharedPointer EcdsaPublicKey::createKey(const uchar* pPublicPoint, in return nullptr; } @@ -26,7 +46,7 @@ diff -up AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp.legacyapi Auswei const auto& group = createGroup(curveData); if (group.isNull()) { -@@ -275,39 +271,4 @@ QSharedPointer EcdsaPublicKey: +@@ -275,39 +271,4 @@ QSharedPointer EcdsaPublicKey::createKey(const uchar* pPublicPoint, in return key; @@ -66,9 +86,10 @@ diff -up AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp.legacyapi Auswei - -#endif } -diff -up AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h.legacyapi AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h ---- AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h.legacyapi 2023-11-08 16:55:33.000000000 +0100 -+++ AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h 2024-01-05 21:26:24.850152676 +0100 +diff --git a/src/card/base/asn1/EcdsaPublicKey.h b/src/card/base/asn1/EcdsaPublicKey.h +index 36f768e..45f78ec 100644 +--- a/src/card/base/asn1/EcdsaPublicKey.h ++++ b/src/card/base/asn1/EcdsaPublicKey.h @@ -13,9 +13,7 @@ #include #include @@ -80,7 +101,7 @@ diff -up AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h.legacyapi AusweisA namespace governikus -@@ -105,9 +103,7 @@ using EcdsaPublicKey = struct ecdsapubli +@@ -105,9 +103,7 @@ using EcdsaPublicKey = struct ecdsapublickey_st [[nodiscard]] CurveData createCurveData() const; [[nodiscard]] QSharedPointer createKey(const uchar* pPublicPoint, int pPublicPointLength) const; @@ -90,68 +111,71 @@ diff -up AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h.legacyapi AusweisA public: static int decodeCallback(int pOperation, ASN1_VALUE** pVal, const ASN1_ITEM* pIt, void* pExarg); -diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.cpp.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.cpp ---- AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.cpp.legacyapi 2023-11-08 16:55:33.000000000 +0100 -+++ AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.cpp 2024-01-05 21:51:28.494919678 +0100 -@@ -37,13 +37,8 @@ QByteArray EcdhGenericMapping::generateT +diff --git a/src/card/base/pace/ec/EcdhGenericMapping.cpp b/src/card/base/pace/ec/EcdhGenericMapping.cpp +index 3e2d1d4..1a8e6a2 100644 +--- a/src/card/base/pace/ec/EcdhGenericMapping.cpp ++++ b/src/card/base/pace/ec/EcdhGenericMapping.cpp +@@ -37,13 +37,8 @@ QByteArray EcdhGenericMapping::generateLocalMappingData() - mTerminalKey = EcUtil::generateKey(mCurve); + mLocalKey = EcUtil::generateKey(mCurve); -#if OPENSSL_VERSION_NUMBER >= 0x30000000L -- return EcUtil::getEncodedPublicKey(mTerminalKey); +- return EcUtil::getEncodedPublicKey(mLocalKey); - -#else - return EcUtil::point2oct(mCurve, EC_KEY_get0_public_key(mTerminalKey.data())); + return EcUtil::point2oct(mCurve, EC_KEY_get0_public_key(mLocalKey.data())); -#endif } -@@ -56,12 +51,7 @@ bool EcdhGenericMapping::generateEphemer +@@ -56,12 +51,7 @@ bool EcdhGenericMapping::generateEphemeralDomainParameters(const QByteArray& pRe return false; } -#if OPENSSL_VERSION_NUMBER >= 0x30000000L -- const QSharedPointer terminalPubKeyPtr = EcUtil::oct2point(mCurve, EcUtil::getEncodedPublicKey(mTerminalKey)); -- const EC_POINT* terminalPubKey = terminalPubKeyPtr.data(); +- const QSharedPointer localPubKeyPtr = EcUtil::oct2point(mCurve, EcUtil::getEncodedPublicKey(mLocalKey)); +- const EC_POINT* localPubKey = localPubKeyPtr.data(); -#else - const EC_POINT* terminalPubKey = EC_KEY_get0_public_key(mTerminalKey.data()); + const EC_POINT* localPubKey = EC_KEY_get0_public_key(mLocalKey.data()); -#endif - if (!EC_POINT_cmp(mCurve.data(), terminalPubKey, cardPubKey.data(), nullptr)) + if (!EC_POINT_cmp(mCurve.data(), localPubKey, remotePubKey.data(), nullptr)) { qCCritical(card) << "The exchanged public keys are equal."; -@@ -81,12 +71,7 @@ bool EcdhGenericMapping::generateEphemer +@@ -81,12 +71,7 @@ bool EcdhGenericMapping::generateEphemeralDomainParameters(const QByteArray& pRe - QSharedPointer EcdhGenericMapping::createNewGenerator(const QSharedPointer& pCardPubKey, const QSharedPointer& pS) + QSharedPointer EcdhGenericMapping::createNewGenerator(const QSharedPointer& pRemotePubKey, const QSharedPointer& pS) { -#if OPENSSL_VERSION_NUMBER >= 0x30000000L -- const auto& privKeyPtr = EcUtil::getPrivateKey(mTerminalKey); +- const auto& privKeyPtr = EcUtil::getPrivateKey(mLocalKey); - const BIGNUM* privKey = privKeyPtr.data(); -#else - const BIGNUM* privKey = EC_KEY_get0_private_key(mTerminalKey.data()); + const BIGNUM* privKey = EC_KEY_get0_private_key(mLocalKey.data()); -#endif if (!privKey) { -diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.h.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.h ---- AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.h.legacyapi 2023-11-08 16:55:33.000000000 +0100 -+++ AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.h 2024-01-05 21:52:19.801808499 +0100 +diff --git a/src/card/base/pace/ec/EcdhGenericMapping.h b/src/card/base/pace/ec/EcdhGenericMapping.h +index bdfa5a8..dea4bf0 100644 +--- a/src/card/base/pace/ec/EcdhGenericMapping.h ++++ b/src/card/base/pace/ec/EcdhGenericMapping.h @@ -22,11 +22,7 @@ class EcdhGenericMapping private: const QSharedPointer mCurve; -#if OPENSSL_VERSION_NUMBER >= 0x30000000L -- QSharedPointer mTerminalKey; +- QSharedPointer mLocalKey; -#else - QSharedPointer mTerminalKey; + QSharedPointer mLocalKey; -#endif - QSharedPointer createNewGenerator(const QSharedPointer& pCardPubKey, const QSharedPointer& pS); + QSharedPointer createNewGenerator(const QSharedPointer& pRemotePubKey, const QSharedPointer& pS); -diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp ---- AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp.legacyapi 2023-11-08 16:55:33.000000000 +0100 -+++ AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp 2024-01-05 21:37:17.920243239 +0100 -@@ -105,15 +105,8 @@ KeyAgreement::CardResult EcdhKeyAgreemen +diff --git a/src/card/base/pace/ec/EcdhKeyAgreement.cpp b/src/card/base/pace/ec/EcdhKeyAgreement.cpp +index 0f0ae09..45c8a76 100644 +--- a/src/card/base/pace/ec/EcdhKeyAgreement.cpp ++++ b/src/card/base/pace/ec/EcdhKeyAgreement.cpp +@@ -96,15 +96,8 @@ KeyAgreement::CardResult EcdhKeyAgreement::performKeyExchange() return {CardReturnCode::PROTOCOL_ERROR}; } @@ -167,10 +191,11 @@ diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp.legacyapi A // Make a copy of the terminal public key for later mutual authentication. mTerminalPublicKey = EcUtil::oct2point(curve, terminalEphemeralPublicKeyBytes); -diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp ---- AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp.legacyapi 2023-11-08 16:55:33.000000000 +0100 -+++ AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp 2024-01-05 20:33:28.156797843 +0100 -@@ -88,137 +88,6 @@ QSharedPointer EcUtil::oct2poi +diff --git a/src/card/base/pace/ec/EcUtil.cpp b/src/card/base/pace/ec/EcUtil.cpp +index 10db88f..5c0ff53 100644 +--- a/src/card/base/pace/ec/EcUtil.cpp ++++ b/src/card/base/pace/ec/EcUtil.cpp +@@ -103,137 +103,6 @@ QSharedPointer EcUtil::oct2point(const QSharedPointer& } @@ -308,17 +333,18 @@ diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp.legacyapi AusweisApp- QSharedPointer EcUtil::generateKey(const QSharedPointer& pCurve) { if (pCurve.isNull()) -@@ -242,6 +111,3 @@ QSharedPointer EcUtil::generateK +@@ -257,6 +126,3 @@ QSharedPointer EcUtil::generateKey(const QSharedPointer& return key; } - - -#endif -diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h ---- AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h.legacyapi 2023-11-08 16:55:33.000000000 +0100 -+++ AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h 2024-01-05 22:15:17.157430740 +0100 -@@ -30,9 +30,7 @@ class EcUtil +diff --git a/src/card/base/pace/ec/EcUtil.h b/src/card/base/pace/ec/EcUtil.h +index b575341..f7db521 100644 +--- a/src/card/base/pace/ec/EcUtil.h ++++ b/src/card/base/pace/ec/EcUtil.h +@@ -32,9 +32,7 @@ class EcUtil static QSharedPointer create(EC_GROUP* pEcGroup); @@ -328,7 +354,7 @@ diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h.legacyapi AusweisApp-2. static QSharedPointer create(EC_POINT* pEcPoint); -@@ -42,14 +40,7 @@ class EcUtil +@@ -44,14 +42,7 @@ class EcUtil static QSharedPointer create(EVP_PKEY_CTX* pEcGroup); @@ -343,7 +369,7 @@ diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h.legacyapi AusweisApp-2. static QSharedPointer createCurve(int pNid); }; -@@ -66,7 +57,6 @@ inline QSharedPointer EcUtil:: +@@ -68,7 +59,6 @@ inline QSharedPointer EcUtil::create(EC_GROUP* pEcGroup) } @@ -351,7 +377,7 @@ diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h.legacyapi AusweisApp-2. inline QSharedPointer EcUtil::create(EC_KEY* pEcKey) { static auto deleter = [](EC_KEY* ecKey) -@@ -78,8 +68,6 @@ inline QSharedPointer EcUtil::cr +@@ -80,8 +70,6 @@ inline QSharedPointer EcUtil::create(EC_KEY* pEcKey) } @@ -360,3 +386,147 @@ diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h.legacyapi AusweisApp-2. inline QSharedPointer EcUtil::create(EC_POINT* pEcPoint) { static auto deleter = [](EC_POINT* ecPoint) +diff --git a/src/card/simulator/SimulatorCard.cpp b/src/card/simulator/SimulatorCard.cpp +index 87491d7..2da83b1 100644 +--- a/src/card/simulator/SimulatorCard.cpp ++++ b/src/card/simulator/SimulatorCard.cpp +@@ -22,9 +22,7 @@ + #include + #include + #include +-#if OPENSSL_VERSION_NUMBER < 0x30000000L +- #include +-#endif ++#include + + + using namespace governikus; +@@ -369,12 +367,8 @@ ResponseApduResult SimulatorCard::executeGeneralAuthenticate(const CommandApdu& + mPaceTerminalKey = cmdData.getData(V_ASN1_CONTEXT_SPECIFIC, ASN1Struct::PACE_EPHEMERAL_PUBLIC_KEY); + + auto asn1KeyAgreement = newObject(); +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- const auto& encodedPublicKey = EcUtil::getEncodedPublicKey(mCardKey); +-#else + const auto& curve = EcUtil::create(EC_GROUP_dup(EC_KEY_get0_group(mCardKey.data()))); + const auto& encodedPublicKey = EcUtil::point2oct(curve, EC_KEY_get0_public_key(mCardKey.data())); +-#endif + Asn1OctetStringUtil::setValue(encodedPublicKey, asn1KeyAgreement->mEphemeralPublicKey); + responseData = encodeObject(asn1KeyAgreement.data()); + break; +@@ -461,42 +455,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const + return QByteArray(); + } + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- const auto& terminalKey = EcUtil::create(EVP_PKEY_new()); +- if (terminalKey.isNull() || EVP_PKEY_copy_parameters(terminalKey.data(), mCardKey.data()) == 0) +- { +- qCCritical(card_simulator) << "Initialization of the terminal key failed"; +- return QByteArray(); +- } +- if (!EVP_PKEY_set1_encoded_public_key( +- terminalKey.data(), +- reinterpret_cast(pPoint.data()), +- static_cast(pPoint.length()))) +- { +- qCCritical(card_simulator) << "Interpreting the terminal key failed"; +- return QByteArray(); +- } +- +- const auto& ctx = EcUtil::create(EVP_PKEY_CTX_new_from_pkey(nullptr, mCardKey.data(), nullptr)); +- size_t resultLen = 0; +- if (EVP_PKEY_derive_init(ctx.data()) <= 0 +- || EVP_PKEY_derive_set_peer(ctx.data(), terminalKey.data()) <= 0 +- || EVP_PKEY_derive(ctx.data(), nullptr, &resultLen) <= 0) +- { +- qCCritical(card_simulator) << "Initialization or calculation of the result failed"; +- return QByteArray(); +- } +- +- QByteArray result(static_cast(resultLen), '\0'); +- if (EVP_PKEY_derive(ctx.data(), reinterpret_cast(result.data()), &resultLen) <= 0) +- { +- qCCritical(card_simulator) << "Calculation of the result failed"; +- return QByteArray(); +- } +- +- return result; +- +-#else + const auto& curve = EcUtil::create(EC_GROUP_dup(EC_KEY_get0_group(mCardKey.data()))); + auto point = EcUtil::oct2point(curve, pPoint); + if (!point) +@@ -515,7 +473,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const + + return EcUtil::point2oct(curve, result.data(), true); + +-#endif + } + + +diff --git a/src/card/simulator/SimulatorCard.h b/src/card/simulator/SimulatorCard.h +index b709d17..23f858b 100644 +--- a/src/card/simulator/SimulatorCard.h ++++ b/src/card/simulator/SimulatorCard.h +@@ -35,11 +35,7 @@ class SimulatorCard + QSharedPointer mPaceChat; + QByteArray mPaceNonce; + QByteArray mPaceTerminalKey; +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- QSharedPointer mCardKey; +-#else + QSharedPointer mCardKey; +-#endif + QSharedPointer mTaAuxData; + + public: +diff --git a/src/card/simulator/SimulatorFileSystem.cpp b/src/card/simulator/SimulatorFileSystem.cpp +index 122ca4f..046d540 100644 +--- a/src/card/simulator/SimulatorFileSystem.cpp ++++ b/src/card/simulator/SimulatorFileSystem.cpp +@@ -327,11 +327,7 @@ QByteArray SimulatorFileSystem::getEfCardAccess() const + } + + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +-QSharedPointer SimulatorFileSystem::getKey(int pKeyId) const +-#else + QSharedPointer SimulatorFileSystem::getKey(int pKeyId) const +-#endif + { + if (!mKeys.contains(pKeyId)) + { +@@ -347,13 +343,8 @@ QSharedPointer SimulatorFileSystem::getKey(int pKeyId) const + return nullptr; + } + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- return privateKey; +- +-#else + return EcUtil::create(EVP_PKEY_get1_EC_KEY(privateKey.data())); + +-#endif + } + + +diff --git a/src/card/simulator/SimulatorFileSystem.h b/src/card/simulator/SimulatorFileSystem.h +index cb9704b..44d4054 100644 +--- a/src/card/simulator/SimulatorFileSystem.h ++++ b/src/card/simulator/SimulatorFileSystem.h +@@ -38,11 +38,7 @@ class SimulatorFileSystem + [[nodiscard]] StatusCode write(qsizetype pOffset, const QByteArray& pData); + + [[nodiscard]] QByteArray getEfCardAccess() const; +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- [[nodiscard]] QSharedPointer getKey(int pKeyId) const; +-#else + [[nodiscard]] QSharedPointer getKey(int pKeyId) const; +-#endif + + [[nodiscard]] StatusCode verify(const Oid& pOid, const QSharedPointer& pAuxiliaryData) const; + +-- +2.45.2 + diff --git a/AusweisApp2.spec b/AusweisApp2.spec index 18ea35a..1c28161 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -41,7 +41,7 @@ fi \ %global newname AusweisApp Name: AusweisApp2 -Version: 2.1.1 +Version: 2.2.0 Release: %autorelease Summary: %{pkg_sum} diff --git a/sources b/sources index 07f74ad..1d0d261 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (AusweisApp-2.1.1.tar.gz) = f2cc9de898c3b2e61eb9ac208a21d60708aceeeb79d73f0382bc4b68e4011178217594bd99ac24b07d0d3fbd80b46e5c3ddc6c76bb764e24dc473197f4e1d4c9 -SHA512 (AusweisApp-2.1.1.tar.gz.asc) = 560a7e53f1d991e03d584caf29e158d72b1ca654682a14b2507347deb761b9c333db54550124b380fd2d84a861ea120ef6548075ca76e4b9bf462d9d22ebc725 -SHA512 (AusweisApp-2.1.1.tar.gz.sha256) = 49296a1d54b014f74fbda708d3a428178223f476ceb352a781c6942e88a1a853d30bccaa3fafc325944becd4fe61b3036a4e3985d5b185aaf8579ea12c60a40f +SHA512 (AusweisApp-2.2.0.tar.gz) = c90df976c1c6bedfc131e2962b8204c78af0af380f3860603f57bcb6ff72ce5a7bf1bd67903847bd9520d0306fea3e7ff74f169a792d5b11855e9a05c4a6b788 +SHA512 (AusweisApp-2.2.0.tar.gz.asc) = 9ab702ee095db8c30423a59232e710d60ddb34bcdd80a84a0fe52b65992fe48bdb83f71ee5e0bdc0584b717eee2d49ae11b13e7e507c3651bb406ae05cc239be +SHA512 (AusweisApp-2.2.0.tar.gz.sha256) = 9b7efd69338274d4afa6fc3d27a9696d12795c77af9b415feed0073680f49f68b262a06f7964c89ec6db2c96385cd34b77beae8ff7391984f452ed9db1536482 SHA512 (AusweisApp2-pubring.gpg) = 3aae27b673f4eb2f7d3bda6c839b3d11829a730bde546e92abb889abb1c2453e786dc906154074485406692f5b9abbb3e1fb293e6b397696b6371016723621cd From 66d0fb34a7b99f1d6f22711cd057615ece0894f6 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 17 Jul 2024 14:43:44 +0000 Subject: [PATCH 31/47] Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild From 58c74e7a8dfd02b09e4c304e2a513c6a08ad3fd2 Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Sat, 17 Aug 2024 22:45:25 +0200 Subject: [PATCH 32/47] Fix QML error with Qt 6.6.3 --- AusweisApp2.spec | 1 + ...25088876faaa0f38f86df230c1a85ba91659.patch | 51 +++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 b98925088876faaa0f38f86df230c1a85ba91659.patch diff --git a/AusweisApp2.spec b/AusweisApp2.spec index 1c28161..9072e0a 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -62,6 +62,7 @@ Source0003: %{rel_url}/%{newname}-%{version}.tar.gz.sha256 Source0004: https://joinup.ec.europa.eu/sites/default/files/custom-page/attachment/2020-03/EUPL-1.2%%20EN.txt#/EUPL-12_EN.txt Source1000: gen_openssl_cnf.py +Patch00001: https://github.com/Governikus/AusweisApp/commit/b98925088876faaa0f38f86df230c1a85ba91659.patch # Downstream. Patch01000: %{name}-1.24.1-use_Qt_TranslationsPath.patch # Needed because Fedora's openssl does not support elliptic curves using custom parameters. diff --git a/b98925088876faaa0f38f86df230c1a85ba91659.patch b/b98925088876faaa0f38f86df230c1a85ba91659.patch new file mode 100644 index 0000000..8c379d6 --- /dev/null +++ b/b98925088876faaa0f38f86df230c1a85ba91659.patch @@ -0,0 +1,51 @@ +From b98925088876faaa0f38f86df230c1a85ba91659 Mon Sep 17 00:00:00 2001 +From: Lars Schmertmann +Date: Thu, 11 Jul 2024 16:35:09 +0200 +Subject: [PATCH] Fix QML error with Qt 6.6.3 + +Got QML warning: DetachedLogView.qml:16:2: Cannot override FINAL property +--- + .../qml/modules/FeedbackView/+desktop/DetachedLogView.qml | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/ui/qml/modules/FeedbackView/+desktop/DetachedLogView.qml b/src/ui/qml/modules/FeedbackView/+desktop/DetachedLogView.qml +index 953a3766..db7e446a 100644 +--- a/src/ui/qml/modules/FeedbackView/+desktop/DetachedLogView.qml ++++ b/src/ui/qml/modules/FeedbackView/+desktop/DetachedLogView.qml +@@ -12,8 +12,8 @@ import Governikus.View + Rectangle { + id: root + ++ readonly property int controlRadius: 15 + readonly property int horizontalPadding: 18 +- readonly property int radius: 15 + readonly property int spacing: 10 + readonly property int verticalPadding: 6 + +@@ -55,7 +55,7 @@ Rectangle { + Layout.preferredWidth: 200 + horizontalPadding: root.horizontalPadding + model: LogModel.logFileNames +- radius: root.radius ++ radius: root.controlRadius + textStyle: logTextStyle + verticalPadding: root.verticalPadding + +@@ -64,7 +64,7 @@ Rectangle { + border.width: 1 + color: Style.color.transparent + drawShadow: false +- radius: root.radius ++ radius: root.controlRadius + } + + onCurrentIndexChanged: LogModel.setLogFile(currentIndex) +@@ -286,7 +286,7 @@ Rectangle { + Layout.minimumWidth: -1 + borderWidth: 1 + horizontalPadding: root.horizontalPadding +- radius: root.radius ++ radius: root.controlRadius + spacing: root.spacing + tintIcon: true + verticalPadding: root.verticalPadding From b3824d57b0814740dc6128761430696a3727d597 Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Sat, 17 Aug 2024 22:45:25 +0200 Subject: [PATCH 33/47] Fix QML error with Qt 6.6.3 --- AusweisApp2.spec | 1 + ...25088876faaa0f38f86df230c1a85ba91659.patch | 51 +++++++++++++++++++ 2 files changed, 52 insertions(+) create mode 100644 b98925088876faaa0f38f86df230c1a85ba91659.patch diff --git a/AusweisApp2.spec b/AusweisApp2.spec index 1c28161..9072e0a 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -62,6 +62,7 @@ Source0003: %{rel_url}/%{newname}-%{version}.tar.gz.sha256 Source0004: https://joinup.ec.europa.eu/sites/default/files/custom-page/attachment/2020-03/EUPL-1.2%%20EN.txt#/EUPL-12_EN.txt Source1000: gen_openssl_cnf.py +Patch00001: https://github.com/Governikus/AusweisApp/commit/b98925088876faaa0f38f86df230c1a85ba91659.patch # Downstream. Patch01000: %{name}-1.24.1-use_Qt_TranslationsPath.patch # Needed because Fedora's openssl does not support elliptic curves using custom parameters. diff --git a/b98925088876faaa0f38f86df230c1a85ba91659.patch b/b98925088876faaa0f38f86df230c1a85ba91659.patch new file mode 100644 index 0000000..8c379d6 --- /dev/null +++ b/b98925088876faaa0f38f86df230c1a85ba91659.patch @@ -0,0 +1,51 @@ +From b98925088876faaa0f38f86df230c1a85ba91659 Mon Sep 17 00:00:00 2001 +From: Lars Schmertmann +Date: Thu, 11 Jul 2024 16:35:09 +0200 +Subject: [PATCH] Fix QML error with Qt 6.6.3 + +Got QML warning: DetachedLogView.qml:16:2: Cannot override FINAL property +--- + .../qml/modules/FeedbackView/+desktop/DetachedLogView.qml | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/ui/qml/modules/FeedbackView/+desktop/DetachedLogView.qml b/src/ui/qml/modules/FeedbackView/+desktop/DetachedLogView.qml +index 953a3766..db7e446a 100644 +--- a/src/ui/qml/modules/FeedbackView/+desktop/DetachedLogView.qml ++++ b/src/ui/qml/modules/FeedbackView/+desktop/DetachedLogView.qml +@@ -12,8 +12,8 @@ import Governikus.View + Rectangle { + id: root + ++ readonly property int controlRadius: 15 + readonly property int horizontalPadding: 18 +- readonly property int radius: 15 + readonly property int spacing: 10 + readonly property int verticalPadding: 6 + +@@ -55,7 +55,7 @@ Rectangle { + Layout.preferredWidth: 200 + horizontalPadding: root.horizontalPadding + model: LogModel.logFileNames +- radius: root.radius ++ radius: root.controlRadius + textStyle: logTextStyle + verticalPadding: root.verticalPadding + +@@ -64,7 +64,7 @@ Rectangle { + border.width: 1 + color: Style.color.transparent + drawShadow: false +- radius: root.radius ++ radius: root.controlRadius + } + + onCurrentIndexChanged: LogModel.setLogFile(currentIndex) +@@ -286,7 +286,7 @@ Rectangle { + Layout.minimumWidth: -1 + borderWidth: 1 + horizontalPadding: root.horizontalPadding +- radius: root.radius ++ radius: root.controlRadius + spacing: root.spacing + tintIcon: true + verticalPadding: root.verticalPadding From 312170c2934fe82d31b5bf92e08ac85472a98e31 Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Fri, 5 Jul 2024 03:56:12 +0200 Subject: [PATCH 34/47] rebuild From 61ec27fc56cda308aa541958a65fa138dbc95f4a Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Wed, 11 Sep 2024 14:49:37 +0200 Subject: [PATCH 35/47] Update to 2.2.1 --- .gitignore | 3 ++ AusweisApp2.spec | 3 +- ...25088876faaa0f38f86df230c1a85ba91659.patch | 51 ------------------- sources | 6 +-- 4 files changed, 7 insertions(+), 56 deletions(-) delete mode 100644 b98925088876faaa0f38f86df230c1a85ba91659.patch diff --git a/.gitignore b/.gitignore index 9a11340..a3ad3d4 100644 --- a/.gitignore +++ b/.gitignore @@ -17,3 +17,6 @@ /AusweisApp-2.2.0.tar.gz /AusweisApp-2.2.0.tar.gz.asc /AusweisApp-2.2.0.tar.gz.sha256 +/AusweisApp-2.2.1.tar.gz +/AusweisApp-2.2.1.tar.gz.asc +/AusweisApp-2.2.1.tar.gz.sha256 diff --git a/AusweisApp2.spec b/AusweisApp2.spec index 9072e0a..794480c 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -41,7 +41,7 @@ fi \ %global newname AusweisApp Name: AusweisApp2 -Version: 2.2.0 +Version: 2.2.1 Release: %autorelease Summary: %{pkg_sum} @@ -62,7 +62,6 @@ Source0003: %{rel_url}/%{newname}-%{version}.tar.gz.sha256 Source0004: https://joinup.ec.europa.eu/sites/default/files/custom-page/attachment/2020-03/EUPL-1.2%%20EN.txt#/EUPL-12_EN.txt Source1000: gen_openssl_cnf.py -Patch00001: https://github.com/Governikus/AusweisApp/commit/b98925088876faaa0f38f86df230c1a85ba91659.patch # Downstream. Patch01000: %{name}-1.24.1-use_Qt_TranslationsPath.patch # Needed because Fedora's openssl does not support elliptic curves using custom parameters. diff --git a/b98925088876faaa0f38f86df230c1a85ba91659.patch b/b98925088876faaa0f38f86df230c1a85ba91659.patch deleted file mode 100644 index 8c379d6..0000000 --- a/b98925088876faaa0f38f86df230c1a85ba91659.patch +++ /dev/null @@ -1,51 +0,0 @@ -From b98925088876faaa0f38f86df230c1a85ba91659 Mon Sep 17 00:00:00 2001 -From: Lars Schmertmann -Date: Thu, 11 Jul 2024 16:35:09 +0200 -Subject: [PATCH] Fix QML error with Qt 6.6.3 - -Got QML warning: DetachedLogView.qml:16:2: Cannot override FINAL property ---- - .../qml/modules/FeedbackView/+desktop/DetachedLogView.qml | 8 ++++---- - 1 file changed, 4 insertions(+), 4 deletions(-) - -diff --git a/src/ui/qml/modules/FeedbackView/+desktop/DetachedLogView.qml b/src/ui/qml/modules/FeedbackView/+desktop/DetachedLogView.qml -index 953a3766..db7e446a 100644 ---- a/src/ui/qml/modules/FeedbackView/+desktop/DetachedLogView.qml -+++ b/src/ui/qml/modules/FeedbackView/+desktop/DetachedLogView.qml -@@ -12,8 +12,8 @@ import Governikus.View - Rectangle { - id: root - -+ readonly property int controlRadius: 15 - readonly property int horizontalPadding: 18 -- readonly property int radius: 15 - readonly property int spacing: 10 - readonly property int verticalPadding: 6 - -@@ -55,7 +55,7 @@ Rectangle { - Layout.preferredWidth: 200 - horizontalPadding: root.horizontalPadding - model: LogModel.logFileNames -- radius: root.radius -+ radius: root.controlRadius - textStyle: logTextStyle - verticalPadding: root.verticalPadding - -@@ -64,7 +64,7 @@ Rectangle { - border.width: 1 - color: Style.color.transparent - drawShadow: false -- radius: root.radius -+ radius: root.controlRadius - } - - onCurrentIndexChanged: LogModel.setLogFile(currentIndex) -@@ -286,7 +286,7 @@ Rectangle { - Layout.minimumWidth: -1 - borderWidth: 1 - horizontalPadding: root.horizontalPadding -- radius: root.radius -+ radius: root.controlRadius - spacing: root.spacing - tintIcon: true - verticalPadding: root.verticalPadding diff --git a/sources b/sources index 1d0d261..c4a49b5 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (AusweisApp-2.2.0.tar.gz) = c90df976c1c6bedfc131e2962b8204c78af0af380f3860603f57bcb6ff72ce5a7bf1bd67903847bd9520d0306fea3e7ff74f169a792d5b11855e9a05c4a6b788 -SHA512 (AusweisApp-2.2.0.tar.gz.asc) = 9ab702ee095db8c30423a59232e710d60ddb34bcdd80a84a0fe52b65992fe48bdb83f71ee5e0bdc0584b717eee2d49ae11b13e7e507c3651bb406ae05cc239be -SHA512 (AusweisApp-2.2.0.tar.gz.sha256) = 9b7efd69338274d4afa6fc3d27a9696d12795c77af9b415feed0073680f49f68b262a06f7964c89ec6db2c96385cd34b77beae8ff7391984f452ed9db1536482 +SHA512 (AusweisApp-2.2.1.tar.gz) = 44dc459df464e0068ac93c499d6a2f89a6a149eb8effee7a06ae67c2a48ff9b445645aaf15209c3ab3dde26a328cd76400a8f9e41ff37c79e56b8286983ce3c9 +SHA512 (AusweisApp-2.2.1.tar.gz.asc) = 32028f9d4074d9fcd9346b71427ae372547e49e9d9aee9ea17dc72029ed01488b75ead8a793978fc4b7032fdf20e3578fdda42cce6777f16998ebb9c1e53e7c9 +SHA512 (AusweisApp-2.2.1.tar.gz.sha256) = 43027390a311eb16d0497f1911e4179cabb7d0d6d67375f5eb56b3ab511c56c17a00f0ee6aaa26bd901b63d4fdc229e17ffda1daca331a433e5239131c516d99 SHA512 (AusweisApp2-pubring.gpg) = 3aae27b673f4eb2f7d3bda6c839b3d11829a730bde546e92abb889abb1c2453e786dc906154074485406692f5b9abbb3e1fb293e6b397696b6371016723621cd From 3e840affd668e910e13b8594ecdcd92aa7fb7c07 Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Mon, 14 Oct 2024 19:34:42 +0200 Subject: [PATCH 36/47] Rebuild (qt6) From 4566f99dd1fc6ddd8c1ad67c6751822aeac87633 Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Fri, 25 Oct 2024 23:52:26 +0200 Subject: [PATCH 37/47] Update to 2.2.2 --- .gitignore | 3 +++ AusweisApp2.spec | 2 +- sources | 6 +++--- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index a3ad3d4..4378dbb 100644 --- a/.gitignore +++ b/.gitignore @@ -20,3 +20,6 @@ /AusweisApp-2.2.1.tar.gz /AusweisApp-2.2.1.tar.gz.asc /AusweisApp-2.2.1.tar.gz.sha256 +/AusweisApp-2.2.2.tar.gz +/AusweisApp-2.2.2.tar.gz.asc +/AusweisApp-2.2.2.tar.gz.sha256 diff --git a/AusweisApp2.spec b/AusweisApp2.spec index 794480c..b84316a 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -41,7 +41,7 @@ fi \ %global newname AusweisApp Name: AusweisApp2 -Version: 2.2.1 +Version: 2.2.2 Release: %autorelease Summary: %{pkg_sum} diff --git a/sources b/sources index c4a49b5..09f9352 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (AusweisApp-2.2.1.tar.gz) = 44dc459df464e0068ac93c499d6a2f89a6a149eb8effee7a06ae67c2a48ff9b445645aaf15209c3ab3dde26a328cd76400a8f9e41ff37c79e56b8286983ce3c9 -SHA512 (AusweisApp-2.2.1.tar.gz.asc) = 32028f9d4074d9fcd9346b71427ae372547e49e9d9aee9ea17dc72029ed01488b75ead8a793978fc4b7032fdf20e3578fdda42cce6777f16998ebb9c1e53e7c9 -SHA512 (AusweisApp-2.2.1.tar.gz.sha256) = 43027390a311eb16d0497f1911e4179cabb7d0d6d67375f5eb56b3ab511c56c17a00f0ee6aaa26bd901b63d4fdc229e17ffda1daca331a433e5239131c516d99 +SHA512 (AusweisApp-2.2.2.tar.gz) = f86dabd4d7347e3986045407e0d2f94174552a676215292954d558d0b3c7df1ab5212b623a809bd36136ad79bd57541969e30783c46ddd01c786581ad01e727f +SHA512 (AusweisApp-2.2.2.tar.gz.asc) = 416cba597bd35a4688c516b6d6812d5750be167b633fc7e367567d7af66dc02c22684c866e2c0e42cdd712052cabe0811321e2937c36793967855275d773993e +SHA512 (AusweisApp-2.2.2.tar.gz.sha256) = 8dbc58f33a90eb05971bff008e3752bba55f5291be4269d970ec1a794c2295aa304ee32aba729ac22c9521edebce2a9c7420741fe35155ce18c6b91e9ec3e08b SHA512 (AusweisApp2-pubring.gpg) = 3aae27b673f4eb2f7d3bda6c839b3d11829a730bde546e92abb889abb1c2453e786dc906154074485406692f5b9abbb3e1fb293e6b397696b6371016723621cd From e176df47e3844ed0d164f66dac5c9708a1c27b83 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Thu, 16 Jan 2025 08:24:36 +0000 Subject: [PATCH 38/47] Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild From 2ee96d4fe5ca3d471f14fecb1edc8e89f71f7832 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Mon, 20 Jan 2025 07:20:53 +0000 Subject: [PATCH 39/47] Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild From 41250440067d85e9bfbd054efe7b327d86aeb992 Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Mon, 10 Mar 2025 23:34:30 +0100 Subject: [PATCH 40/47] Update to 2.3.0 --- .gitignore | 3 + ...sApp2-1.24.1-use_Qt_TranslationsPath.patch | 26 ++- ...eisApp2-2.0.1-use-legacy-openssl-api.patch | 212 ++++++------------ AusweisApp2.spec | 4 +- sources | 6 +- 5 files changed, 100 insertions(+), 151 deletions(-) diff --git a/.gitignore b/.gitignore index 4378dbb..7350079 100644 --- a/.gitignore +++ b/.gitignore @@ -23,3 +23,6 @@ /AusweisApp-2.2.2.tar.gz /AusweisApp-2.2.2.tar.gz.asc /AusweisApp-2.2.2.tar.gz.sha256 +/AusweisApp-2.3.0.tar.gz +/AusweisApp-2.3.0.tar.gz.asc +/AusweisApp-2.3.0.tar.gz.sha256 diff --git a/AusweisApp2-1.24.1-use_Qt_TranslationsPath.patch b/AusweisApp2-1.24.1-use_Qt_TranslationsPath.patch index 2cc4234..e4fcd01 100644 --- a/AusweisApp2-1.24.1-use_Qt_TranslationsPath.patch +++ b/AusweisApp2-1.24.1-use_Qt_TranslationsPath.patch @@ -1,8 +1,17 @@ -Index: AusweisApp2-1.24.1/src/global/FileDestination.h -=================================================================== ---- AusweisApp2-1.24.1.orig/src/global/FileDestination.h -+++ AusweisApp2-1.24.1/src/global/FileDestination.h -@@ -9,8 +9,10 @@ +From 056e560ed6432e99a297d1c1d2c89c89621bd825 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Thu, 6 Mar 2025 01:00:00 +0100 +Subject: [PATCH] AusweisApp2-1.24.1-use_Qt_TranslationsPath.patch + +--- + src/global/FileDestination.h | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/src/global/FileDestination.h b/src/global/FileDestination.h +index 2fd5826..781e9b9 100644 +--- a/src/global/FileDestination.h ++++ b/src/global/FileDestination.h +@@ -7,8 +7,10 @@ #include #include #include @@ -11,9 +20,9 @@ Index: AusweisApp2-1.24.1/src/global/FileDestination.h #include +#include + namespace governikus - { -@@ -52,6 +54,13 @@ class FileDestination +@@ -51,6 +53,13 @@ class FileDestination QStandardPaths::StandardLocation pStandard = QStandardPaths::AppDataLocation) { #if (defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)) || (defined(Q_OS_BSD4) && !defined(Q_OS_MACOS) && !defined(Q_OS_IOS)) @@ -27,3 +36,6 @@ Index: AusweisApp2-1.24.1/src/global/FileDestination.h if (const auto& match = QStandardPaths::locate(pStandard, pFilename, pOption); !match.isNull()) { return match; +-- +2.48.1 + diff --git a/AusweisApp2-2.0.1-use-legacy-openssl-api.patch b/AusweisApp2-2.0.1-use-legacy-openssl-api.patch index aa752ff..eb39945 100644 --- a/AusweisApp2-2.0.1-use-legacy-openssl-api.patch +++ b/AusweisApp2-2.0.1-use-legacy-openssl-api.patch @@ -1,24 +1,23 @@ -From 360d75e9ac2977a99b3e45e0e472a0abb02655cf Mon Sep 17 00:00:00 2001 +From 6e6b651288b477d554112d0f22084c8387e4ea4e Mon Sep 17 00:00:00 2001 From: rpm-build -Date: Thu, 4 Jul 2024 20:10:17 +0200 +Date: Thu, 6 Mar 2025 10:13:06 +0100 Subject: [PATCH] AusweisApp2-2.0.1-use-legacy-openssl-api.patch --- src/card/base/asn1/EcdsaPublicKey.cpp | 39 ------ src/card/base/asn1/EcdsaPublicKey.h | 6 +- - src/card/base/pace/ec/EcdhGenericMapping.cpp | 15 --- + src/card/base/pace/ec/EcdhGenericMapping.cpp | 5 - src/card/base/pace/ec/EcdhGenericMapping.h | 4 - - src/card/base/pace/ec/EcdhKeyAgreement.cpp | 7 - - src/card/base/pace/ec/EcUtil.cpp | 134 ------------------- + src/card/base/pace/ec/EcUtil.cpp | 140 ------------------- src/card/base/pace/ec/EcUtil.h | 12 -- - src/card/simulator/SimulatorCard.cpp | 45 +------ + src/card/simulator/SimulatorCard.cpp | 37 ----- src/card/simulator/SimulatorCard.h | 4 - src/card/simulator/SimulatorFileSystem.cpp | 9 -- src/card/simulator/SimulatorFileSystem.h | 4 - - 11 files changed, 2 insertions(+), 277 deletions(-) + 10 files changed, 1 insertion(+), 259 deletions(-) diff --git a/src/card/base/asn1/EcdsaPublicKey.cpp b/src/card/base/asn1/EcdsaPublicKey.cpp -index ea07eda..0f19c11 100644 +index 7f54045..dc7e26b 100644 --- a/src/card/base/asn1/EcdsaPublicKey.cpp +++ b/src/card/base/asn1/EcdsaPublicKey.cpp @@ -182,7 +182,6 @@ QByteArray EcdsaPublicKey::getUncompressedPublicPoint() const @@ -52,15 +51,15 @@ index ea07eda..0f19c11 100644 -#else - const auto& params = EcUtil::create([&curveData, pPublicPoint, pPublicPointLength, this](OSSL_PARAM_BLD* pBuilder){ -- return OSSL_PARAM_BLD_push_BN(pBuilder, "p", curveData.p.data()) -- && OSSL_PARAM_BLD_push_BN(pBuilder, "a", curveData.a.data()) -- && OSSL_PARAM_BLD_push_BN(pBuilder, "b", curveData.b.data()) -- && OSSL_PARAM_BLD_push_BN(pBuilder, "order", curveData.order.data()) -- && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", curveData.cofactor.data()) -- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "pub", pPublicPoint, static_cast(pPublicPointLength)) -- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", mBasePoint->data, static_cast(mBasePoint->length)) -- && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12); -- }); +- return OSSL_PARAM_BLD_push_BN(pBuilder, "p", curveData.p.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "a", curveData.a.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "b", curveData.b.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "order", curveData.order.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", curveData.cofactor.data()) +- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "pub", pPublicPoint, static_cast(pPublicPointLength)) +- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", mBasePoint->data, static_cast(mBasePoint->length)) +- && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12); +- }); - - if (params == nullptr) - { @@ -87,7 +86,7 @@ index ea07eda..0f19c11 100644 -#endif } diff --git a/src/card/base/asn1/EcdsaPublicKey.h b/src/card/base/asn1/EcdsaPublicKey.h -index 36f768e..45f78ec 100644 +index 860bc74..c85e48b 100644 --- a/src/card/base/asn1/EcdsaPublicKey.h +++ b/src/card/base/asn1/EcdsaPublicKey.h @@ -13,9 +13,7 @@ @@ -112,24 +111,10 @@ index 36f768e..45f78ec 100644 public: static int decodeCallback(int pOperation, ASN1_VALUE** pVal, const ASN1_ITEM* pIt, void* pExarg); diff --git a/src/card/base/pace/ec/EcdhGenericMapping.cpp b/src/card/base/pace/ec/EcdhGenericMapping.cpp -index 3e2d1d4..1a8e6a2 100644 +index 04cee51..571c7a0 100644 --- a/src/card/base/pace/ec/EcdhGenericMapping.cpp +++ b/src/card/base/pace/ec/EcdhGenericMapping.cpp -@@ -37,13 +37,8 @@ QByteArray EcdhGenericMapping::generateLocalMappingData() - - mLocalKey = EcUtil::generateKey(mCurve); - --#if OPENSSL_VERSION_NUMBER >= 0x30000000L -- return EcUtil::getEncodedPublicKey(mLocalKey); -- --#else - return EcUtil::point2oct(mCurve, EC_KEY_get0_public_key(mLocalKey.data())); - --#endif - } - - -@@ -56,12 +51,7 @@ bool EcdhGenericMapping::generateEphemeralDomainParameters(const QByteArray& pRe +@@ -49,12 +49,7 @@ bool EcdhGenericMapping::generateEphemeralDomainParameters(const QByteArray& pRe return false; } @@ -142,21 +127,8 @@ index 3e2d1d4..1a8e6a2 100644 if (!EC_POINT_cmp(mCurve.data(), localPubKey, remotePubKey.data(), nullptr)) { qCCritical(card) << "The exchanged public keys are equal."; -@@ -81,12 +71,7 @@ bool EcdhGenericMapping::generateEphemeralDomainParameters(const QByteArray& pRe - - QSharedPointer EcdhGenericMapping::createNewGenerator(const QSharedPointer& pRemotePubKey, const QSharedPointer& pS) - { --#if OPENSSL_VERSION_NUMBER >= 0x30000000L -- const auto& privKeyPtr = EcUtil::getPrivateKey(mLocalKey); -- const BIGNUM* privKey = privKeyPtr.data(); --#else - const BIGNUM* privKey = EC_KEY_get0_private_key(mLocalKey.data()); --#endif - - if (!privKey) - { diff --git a/src/card/base/pace/ec/EcdhGenericMapping.h b/src/card/base/pace/ec/EcdhGenericMapping.h -index bdfa5a8..dea4bf0 100644 +index e9c9768..188befb 100644 --- a/src/card/base/pace/ec/EcdhGenericMapping.h +++ b/src/card/base/pace/ec/EcdhGenericMapping.h @@ -22,11 +22,7 @@ class EcdhGenericMapping @@ -171,36 +143,16 @@ index bdfa5a8..dea4bf0 100644 QSharedPointer createNewGenerator(const QSharedPointer& pRemotePubKey, const QSharedPointer& pS); -diff --git a/src/card/base/pace/ec/EcdhKeyAgreement.cpp b/src/card/base/pace/ec/EcdhKeyAgreement.cpp -index 0f0ae09..45c8a76 100644 ---- a/src/card/base/pace/ec/EcdhKeyAgreement.cpp -+++ b/src/card/base/pace/ec/EcdhKeyAgreement.cpp -@@ -96,15 +96,8 @@ KeyAgreement::CardResult EcdhKeyAgreement::performKeyExchange() - return {CardReturnCode::PROTOCOL_ERROR}; - } - --#if OPENSSL_VERSION_NUMBER >= 0x30000000L -- const QByteArray terminalEphemeralPublicKeyBytes = EcUtil::getEncodedPublicKey(terminalEphemeralKey); -- -- const auto& privKeyPtr = EcUtil::getPrivateKey(terminalEphemeralKey); -- const BIGNUM* terminalEphemeralPrivateKey = privKeyPtr.data(); --#else - const QByteArray terminalEphemeralPublicKeyBytes = EcUtil::point2oct(curve, EC_KEY_get0_public_key(terminalEphemeralKey.data())); - const BIGNUM* const terminalEphemeralPrivateKey = EC_KEY_get0_private_key(terminalEphemeralKey.data()); --#endif - - // Make a copy of the terminal public key for later mutual authentication. - mTerminalPublicKey = EcUtil::oct2point(curve, terminalEphemeralPublicKeyBytes); diff --git a/src/card/base/pace/ec/EcUtil.cpp b/src/card/base/pace/ec/EcUtil.cpp -index 10db88f..5c0ff53 100644 +index 67e970e..546438f 100644 --- a/src/card/base/pace/ec/EcUtil.cpp +++ b/src/card/base/pace/ec/EcUtil.cpp -@@ -103,137 +103,6 @@ QSharedPointer EcUtil::oct2point(const QSharedPointer& +@@ -103,143 +103,6 @@ QSharedPointer EcUtil::oct2point(const QSharedPointer& } -#if OPENSSL_VERSION_NUMBER >= 0x30000000L --QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer& pKey) +-QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer& pKey, bool pCompressed) -{ - if (pKey.isNull()) - { @@ -211,10 +163,16 @@ index 10db88f..5c0ff53 100644 - uchar* key = nullptr; - const size_t length = EVP_PKEY_get1_encoded_public_key(pKey.data(), &key); - const auto guard = qScopeGuard([key] { -- OPENSSL_free(key); -- }); +- OPENSSL_free(key); +- }); - -- return length > 0 ? QByteArray(reinterpret_cast(key), static_cast(length)) : QByteArray(); +- if (length == 0) +- { +- return QByteArray(); +- } +- +- const QByteArray uncompressed(reinterpret_cast(key), static_cast(length)); +- return pCompressed ? EcUtil::compressPoint(uncompressed) : uncompressed; -} - - @@ -230,8 +188,8 @@ index 10db88f..5c0ff53 100644 -{ - OSSL_PARAM_BLD* bld = OSSL_PARAM_BLD_new(); - const auto guard = qScopeGuard([bld] { -- OSSL_PARAM_BLD_free(bld); -- }); +- OSSL_PARAM_BLD_free(bld); +- }); - - if (bld == nullptr) - { @@ -289,14 +247,14 @@ index 10db88f..5c0ff53 100644 - } - - const auto& params = EcUtil::create([&p, &a, &b, &order, &cofactor, &generator](OSSL_PARAM_BLD* pBuilder){ -- return OSSL_PARAM_BLD_push_BN(pBuilder, "p", p.data()) -- && OSSL_PARAM_BLD_push_BN(pBuilder, "a", a.data()) -- && OSSL_PARAM_BLD_push_BN(pBuilder, "b", b.data()) -- && OSSL_PARAM_BLD_push_BN(pBuilder, "order", order.data()) -- && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", cofactor.data()) -- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", generator.data(), static_cast(generator.size())) -- && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12); -- }); +- return OSSL_PARAM_BLD_push_BN(pBuilder, "p", p.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "a", a.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "b", b.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "order", order.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", cofactor.data()) +- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", generator.data(), static_cast(generator.size())) +- && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12); +- }); - - if (params == nullptr) - { @@ -330,10 +288,10 @@ index 10db88f..5c0ff53 100644 - - -#else - QSharedPointer EcUtil::generateKey(const QSharedPointer& pCurve) + QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer& pKey, bool pCompressed) { - if (pCurve.isNull()) -@@ -257,6 +126,3 @@ QSharedPointer EcUtil::generateKey(const QSharedPointer& + if (pKey.isNull()) +@@ -288,6 +151,3 @@ QSharedPointer EcUtil::generateKey(const QSharedPointer& return key; } @@ -341,35 +299,35 @@ index 10db88f..5c0ff53 100644 - -#endif diff --git a/src/card/base/pace/ec/EcUtil.h b/src/card/base/pace/ec/EcUtil.h -index b575341..f7db521 100644 +index 63eb16c..914c268 100644 --- a/src/card/base/pace/ec/EcUtil.h +++ b/src/card/base/pace/ec/EcUtil.h -@@ -32,9 +32,7 @@ class EcUtil +@@ -26,24 +26,15 @@ class EcUtil + static QSharedPointer oct2point(const QSharedPointer& pCurve, const QByteArray& pCompressedData); static QSharedPointer create(EC_GROUP* pEcGroup); - -#if OPENSSL_VERSION_NUMBER < 0x30000000L static QSharedPointer create(EC_KEY* pEcKey); -#endif - static QSharedPointer create(EC_POINT* pEcPoint); - -@@ -44,14 +42,7 @@ class EcUtil - + static QSharedPointer create(BIGNUM* pBigNum); + static QSharedPointer create(EVP_PKEY* pEcGroup); static QSharedPointer create(EVP_PKEY_CTX* pEcGroup); -#if OPENSSL_VERSION_NUMBER >= 0x30000000L -- static QByteArray getEncodedPublicKey(const QSharedPointer& pKey); +- static QByteArray getEncodedPublicKey(const QSharedPointer& pKey, bool pCompressed = false); - static QSharedPointer getPrivateKey(const QSharedPointer& pKey); - static QSharedPointer create(const std::function& pFunc); - static QSharedPointer generateKey(const QSharedPointer& pCurve); -#else + static QByteArray getEncodedPublicKey(const QSharedPointer& pKey, bool pCompressed = false); + static QSharedPointer getPrivateKey(const QSharedPointer& pKey); static QSharedPointer generateKey(const QSharedPointer& pCurve); -#endif static QSharedPointer createCurve(int pNid); }; -@@ -68,7 +59,6 @@ inline QSharedPointer EcUtil::create(EC_GROUP* pEcGroup) +@@ -60,7 +51,6 @@ inline QSharedPointer EcUtil::create(EC_GROUP* pEcGroup) } @@ -377,7 +335,7 @@ index b575341..f7db521 100644 inline QSharedPointer EcUtil::create(EC_KEY* pEcKey) { static auto deleter = [](EC_KEY* ecKey) -@@ -80,8 +70,6 @@ inline QSharedPointer EcUtil::create(EC_KEY* pEcKey) +@@ -72,8 +62,6 @@ inline QSharedPointer EcUtil::create(EC_KEY* pEcKey) } @@ -387,34 +345,10 @@ index b575341..f7db521 100644 { static auto deleter = [](EC_POINT* ecPoint) diff --git a/src/card/simulator/SimulatorCard.cpp b/src/card/simulator/SimulatorCard.cpp -index 87491d7..2da83b1 100644 +index 3c4e218..a39fb54 100644 --- a/src/card/simulator/SimulatorCard.cpp +++ b/src/card/simulator/SimulatorCard.cpp -@@ -22,9 +22,7 @@ - #include - #include - #include --#if OPENSSL_VERSION_NUMBER < 0x30000000L -- #include --#endif -+#include - - - using namespace governikus; -@@ -369,12 +367,8 @@ ResponseApduResult SimulatorCard::executeGeneralAuthenticate(const CommandApdu& - mPaceTerminalKey = cmdData.getData(V_ASN1_CONTEXT_SPECIFIC, ASN1Struct::PACE_EPHEMERAL_PUBLIC_KEY); - - auto asn1KeyAgreement = newObject(); --#if OPENSSL_VERSION_NUMBER >= 0x30000000L -- const auto& encodedPublicKey = EcUtil::getEncodedPublicKey(mCardKey); --#else - const auto& curve = EcUtil::create(EC_GROUP_dup(EC_KEY_get0_group(mCardKey.data()))); - const auto& encodedPublicKey = EcUtil::point2oct(curve, EC_KEY_get0_public_key(mCardKey.data())); --#endif - Asn1OctetStringUtil::setValue(encodedPublicKey, asn1KeyAgreement->mEphemeralPublicKey); - responseData = encodeObject(asn1KeyAgreement.data()); - break; -@@ -461,42 +455,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const +@@ -661,42 +661,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const return QByteArray(); } @@ -457,7 +391,7 @@ index 87491d7..2da83b1 100644 const auto& curve = EcUtil::create(EC_GROUP_dup(EC_KEY_get0_group(mCardKey.data()))); auto point = EcUtil::oct2point(curve, pPoint); if (!point) -@@ -515,7 +473,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const +@@ -715,7 +679,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const return EcUtil::point2oct(curve, result.data(), true); @@ -466,11 +400,11 @@ index 87491d7..2da83b1 100644 diff --git a/src/card/simulator/SimulatorCard.h b/src/card/simulator/SimulatorCard.h -index b709d17..23f858b 100644 +index fc9db00..7a881cb 100644 --- a/src/card/simulator/SimulatorCard.h +++ b/src/card/simulator/SimulatorCard.h -@@ -35,11 +35,7 @@ class SimulatorCard - QSharedPointer mPaceChat; +@@ -39,11 +39,7 @@ class SimulatorCard + int mPaceKeyId; QByteArray mPaceNonce; QByteArray mPaceTerminalKey; -#if OPENSSL_VERSION_NUMBER >= 0x30000000L @@ -478,14 +412,14 @@ index b709d17..23f858b 100644 -#else QSharedPointer mCardKey; -#endif - QSharedPointer mTaAuxData; - - public: + QSharedPointer mTaCertificate; + QByteArray mTaSigningData; + QByteArray mTaAuxData; diff --git a/src/card/simulator/SimulatorFileSystem.cpp b/src/card/simulator/SimulatorFileSystem.cpp -index 122ca4f..046d540 100644 +index 3c0fb35..3f00ae8 100644 --- a/src/card/simulator/SimulatorFileSystem.cpp +++ b/src/card/simulator/SimulatorFileSystem.cpp -@@ -327,11 +327,7 @@ QByteArray SimulatorFileSystem::getEfCardAccess() const +@@ -357,11 +357,7 @@ QByteArray SimulatorFileSystem::getPassword(PacePasswordId pPasswordId) const } @@ -497,7 +431,7 @@ index 122ca4f..046d540 100644 { if (!mKeys.contains(pKeyId)) { -@@ -347,13 +343,8 @@ QSharedPointer SimulatorFileSystem::getKey(int pKeyId) const +@@ -377,13 +373,8 @@ QSharedPointer SimulatorFileSystem::getKey(int pKeyId) const return nullptr; } @@ -512,21 +446,21 @@ index 122ca4f..046d540 100644 diff --git a/src/card/simulator/SimulatorFileSystem.h b/src/card/simulator/SimulatorFileSystem.h -index cb9704b..44d4054 100644 +index 7d8458f..57065db 100644 --- a/src/card/simulator/SimulatorFileSystem.h +++ b/src/card/simulator/SimulatorFileSystem.h -@@ -38,11 +38,7 @@ class SimulatorFileSystem - [[nodiscard]] StatusCode write(qsizetype pOffset, const QByteArray& pData); +@@ -43,11 +43,7 @@ class SimulatorFileSystem [[nodiscard]] QByteArray getEfCardAccess() const; + [[nodiscard]] QByteArray getPassword(PacePasswordId pPasswordId) const; -#if OPENSSL_VERSION_NUMBER >= 0x30000000L - [[nodiscard]] QSharedPointer getKey(int pKeyId) const; -#else [[nodiscard]] QSharedPointer getKey(int pKeyId) const; -#endif - - [[nodiscard]] StatusCode verify(const Oid& pOid, const QSharedPointer& pAuxiliaryData) const; + [[nodiscard]] QSharedPointer getTrustPoint() const; + void setTrustPoint(const QSharedPointer& pTrustPoint); -- -2.45.2 +2.48.1 diff --git a/AusweisApp2.spec b/AusweisApp2.spec index b84316a..fa1049d 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -41,7 +41,7 @@ fi \ %global newname AusweisApp Name: AusweisApp2 -Version: 2.2.2 +Version: 2.3.0 Release: %autorelease Summary: %{pkg_sum} @@ -66,7 +66,7 @@ Source1000: gen_openssl_cnf.py Patch01000: %{name}-1.24.1-use_Qt_TranslationsPath.patch # Needed because Fedora's openssl does not support elliptic curves using custom parameters. # Request to enable them was denied: https://bugzilla.redhat.com/show_bug.cgi?id=2259403 -# It is currently not clear if the legacy API works by accident or by design. It does work as of January 2024. +# It is currently not clear if the legacy API works by accident or by design. It does work as of March 2025. Patch01001: %{name}-2.0.1-use-legacy-openssl-api.patch BuildRequires: cmake diff --git a/sources b/sources index 09f9352..435c5fc 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (AusweisApp-2.2.2.tar.gz) = f86dabd4d7347e3986045407e0d2f94174552a676215292954d558d0b3c7df1ab5212b623a809bd36136ad79bd57541969e30783c46ddd01c786581ad01e727f -SHA512 (AusweisApp-2.2.2.tar.gz.asc) = 416cba597bd35a4688c516b6d6812d5750be167b633fc7e367567d7af66dc02c22684c866e2c0e42cdd712052cabe0811321e2937c36793967855275d773993e -SHA512 (AusweisApp-2.2.2.tar.gz.sha256) = 8dbc58f33a90eb05971bff008e3752bba55f5291be4269d970ec1a794c2295aa304ee32aba729ac22c9521edebce2a9c7420741fe35155ce18c6b91e9ec3e08b +SHA512 (AusweisApp-2.3.0.tar.gz) = c2dcdc8df73b643221e7a3f9e7a8c8a85ac41a3ce106e97c798f8f58f8863fd424f7ea428a9adf5dca63bdee61657363c210dde2a5d3e40097e50af7a09f4f51 +SHA512 (AusweisApp-2.3.0.tar.gz.asc) = 6b58c8c5be16b9b77d750502cb0acc8ec244ea2c933d1a5eeb03ded5dd055ee5ba629edb49db5c4cfb421550acb6fd0559902d76fb2ff9684b52c13ba2b58f04 +SHA512 (AusweisApp-2.3.0.tar.gz.sha256) = db419f7c8794ef7079d57baa8f47f93d7299b0383771f9ff68ebf5e00e5b4b84691fc9f8e35e383f1a1088b296c465ec1231f70d0e21a8532301130766db6570 SHA512 (AusweisApp2-pubring.gpg) = 3aae27b673f4eb2f7d3bda6c839b3d11829a730bde546e92abb889abb1c2453e786dc906154074485406692f5b9abbb3e1fb293e6b397696b6371016723621cd From 915f75ce559aeece1e5ecc7020c12058d7a469ef Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Wed, 19 Mar 2025 09:20:39 +0100 Subject: [PATCH 41/47] Update to 2.3.1 --- .gitignore | 3 +++ AusweisApp2.spec | 2 +- sources | 6 +++--- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index 7350079..b521c44 100644 --- a/.gitignore +++ b/.gitignore @@ -26,3 +26,6 @@ /AusweisApp-2.3.0.tar.gz /AusweisApp-2.3.0.tar.gz.asc /AusweisApp-2.3.0.tar.gz.sha256 +/AusweisApp-2.3.1.tar.gz +/AusweisApp-2.3.1.tar.gz.asc +/AusweisApp-2.3.1.tar.gz.sha256 diff --git a/AusweisApp2.spec b/AusweisApp2.spec index fa1049d..9ab6914 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -41,7 +41,7 @@ fi \ %global newname AusweisApp Name: AusweisApp2 -Version: 2.3.0 +Version: 2.3.1 Release: %autorelease Summary: %{pkg_sum} diff --git a/sources b/sources index 435c5fc..517d2b4 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (AusweisApp-2.3.0.tar.gz) = c2dcdc8df73b643221e7a3f9e7a8c8a85ac41a3ce106e97c798f8f58f8863fd424f7ea428a9adf5dca63bdee61657363c210dde2a5d3e40097e50af7a09f4f51 -SHA512 (AusweisApp-2.3.0.tar.gz.asc) = 6b58c8c5be16b9b77d750502cb0acc8ec244ea2c933d1a5eeb03ded5dd055ee5ba629edb49db5c4cfb421550acb6fd0559902d76fb2ff9684b52c13ba2b58f04 -SHA512 (AusweisApp-2.3.0.tar.gz.sha256) = db419f7c8794ef7079d57baa8f47f93d7299b0383771f9ff68ebf5e00e5b4b84691fc9f8e35e383f1a1088b296c465ec1231f70d0e21a8532301130766db6570 +SHA512 (AusweisApp-2.3.1.tar.gz) = 397437f5a8c197798f09353b0943c46163a1de77cb9d6edd57ccab67c51bb388c0b4542b35be8a3140350613ae265b615a7f5c2c907b5ad6995af6ad581f341d +SHA512 (AusweisApp-2.3.1.tar.gz.asc) = 7a84e000c7e4d62cf80d6dd39cac64abb26586380b06444f313e50431b45ef197281c2a55e9adabd56f56be635ca3957428e73e2f6a51b10fd21242259a1ffd7 +SHA512 (AusweisApp-2.3.1.tar.gz.sha256) = f6436798caceaf9d7585eff49dce063b1d6b6251546f2e496c24dcafd7e09bea5138f0926b0b9b53733048d9789973443f4ebda73aad7be93d100c305bcd3799 SHA512 (AusweisApp2-pubring.gpg) = 3aae27b673f4eb2f7d3bda6c839b3d11829a730bde546e92abb889abb1c2453e786dc906154074485406692f5b9abbb3e1fb293e6b397696b6371016723621cd From 88157916741695bcf9a0def174f094c071546407 Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Tue, 25 Mar 2025 15:28:58 +0100 Subject: [PATCH 42/47] Rebuild (qt6) From bf6ad06c43e827da0b731fdd660676691c8ad369 Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Thu, 26 Jun 2025 21:48:52 +0200 Subject: [PATCH 43/47] Update to 2.3.2 --- .gitignore | 3 +++ AusweisApp2.spec | 2 +- sources | 6 +++--- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/.gitignore b/.gitignore index b521c44..6823769 100644 --- a/.gitignore +++ b/.gitignore @@ -29,3 +29,6 @@ /AusweisApp-2.3.1.tar.gz /AusweisApp-2.3.1.tar.gz.asc /AusweisApp-2.3.1.tar.gz.sha256 +/AusweisApp-2.3.2.tar.gz +/AusweisApp-2.3.2.tar.gz.asc +/AusweisApp-2.3.2.tar.gz.sha256 diff --git a/AusweisApp2.spec b/AusweisApp2.spec index 9ab6914..38afeed 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -41,7 +41,7 @@ fi \ %global newname AusweisApp Name: AusweisApp2 -Version: 2.3.1 +Version: 2.3.2 Release: %autorelease Summary: %{pkg_sum} diff --git a/sources b/sources index 517d2b4..ce61b0a 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (AusweisApp-2.3.1.tar.gz) = 397437f5a8c197798f09353b0943c46163a1de77cb9d6edd57ccab67c51bb388c0b4542b35be8a3140350613ae265b615a7f5c2c907b5ad6995af6ad581f341d -SHA512 (AusweisApp-2.3.1.tar.gz.asc) = 7a84e000c7e4d62cf80d6dd39cac64abb26586380b06444f313e50431b45ef197281c2a55e9adabd56f56be635ca3957428e73e2f6a51b10fd21242259a1ffd7 -SHA512 (AusweisApp-2.3.1.tar.gz.sha256) = f6436798caceaf9d7585eff49dce063b1d6b6251546f2e496c24dcafd7e09bea5138f0926b0b9b53733048d9789973443f4ebda73aad7be93d100c305bcd3799 +SHA512 (AusweisApp-2.3.2.tar.gz) = b342b024f6d05c9c5239d750499b3ef976e819bfde4990bc301095a71378fd2f026e4c70c79784c06c372545d6a35c07a62cfdb01625dcc022446a66cee658b4 +SHA512 (AusweisApp-2.3.2.tar.gz.asc) = a6e37ea068142162dc3386e19bd428b3fb652c43eaf719ec3f4e3d6e078281b95e5fa728677632441662da89f54a6e2c7b29b7efa6e40e1cd0e6a7df4ded8cc6 +SHA512 (AusweisApp-2.3.2.tar.gz.sha256) = 6158a7b838406c9e87e03eafb999312d5db37aa4a8a3ce5c4bb1be400169f047f440a3fb50092d57c318ac4951338cb50e30d791dda97b2a9b913226b59f710d SHA512 (AusweisApp2-pubring.gpg) = 3aae27b673f4eb2f7d3bda6c839b3d11829a730bde546e92abb889abb1c2453e786dc906154074485406692f5b9abbb3e1fb293e6b397696b6371016723621cd From 6e453af702aa63a66ba43f060745f4c77f7c05f6 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Wed, 23 Jul 2025 15:41:34 +0000 Subject: [PATCH 44/47] Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild From 212eb6a62793a069e2574a608f9d152a1cccf443 Mon Sep 17 00:00:00 2001 From: Jan Grulich Date: Tue, 30 Sep 2025 06:47:04 +0200 Subject: [PATCH 45/47] Rebuild (qt6) From a34c28df593a98516451171c8ce0028c4902317d Mon Sep 17 00:00:00 2001 From: Julian Sikorski Date: Thu, 30 Oct 2025 14:20:24 +0100 Subject: [PATCH 46/47] Update to 2.4.0 --- .gitignore | 3 + ...patch => 0001-Use-legacy-OpenSSL-API.patch | 103 +++++++++--------- AusweisApp2.spec | 36 ++---- sources | 6 +- 4 files changed, 67 insertions(+), 81 deletions(-) rename AusweisApp2-2.0.1-use-legacy-openssl-api.patch => 0001-Use-legacy-OpenSSL-API.patch (94%) diff --git a/.gitignore b/.gitignore index 6823769..40511aa 100644 --- a/.gitignore +++ b/.gitignore @@ -32,3 +32,6 @@ /AusweisApp-2.3.2.tar.gz /AusweisApp-2.3.2.tar.gz.asc /AusweisApp-2.3.2.tar.gz.sha256 +/AusweisApp-2.4.0.tar.gz +/AusweisApp-2.4.0.tar.gz.asc +/AusweisApp-2.4.0.tar.gz.sha256 diff --git a/AusweisApp2-2.0.1-use-legacy-openssl-api.patch b/0001-Use-legacy-OpenSSL-API.patch similarity index 94% rename from AusweisApp2-2.0.1-use-legacy-openssl-api.patch rename to 0001-Use-legacy-OpenSSL-API.patch index eb39945..c05c9b5 100644 --- a/AusweisApp2-2.0.1-use-legacy-openssl-api.patch +++ b/0001-Use-legacy-OpenSSL-API.patch @@ -1,20 +1,20 @@ -From 6e6b651288b477d554112d0f22084c8387e4ea4e Mon Sep 17 00:00:00 2001 +From f5d48a49ea7055b7d4edf5f1398557b475419fb9 Mon Sep 17 00:00:00 2001 From: rpm-build -Date: Thu, 6 Mar 2025 10:13:06 +0100 -Subject: [PATCH] AusweisApp2-2.0.1-use-legacy-openssl-api.patch +Date: Thu, 30 Oct 2025 13:51:15 +0100 +Subject: [PATCH] Use legacy OpenSSL API --- - src/card/base/asn1/EcdsaPublicKey.cpp | 39 ------ + src/card/base/asn1/EcdsaPublicKey.cpp | 39 ----- src/card/base/asn1/EcdsaPublicKey.h | 6 +- + src/card/base/pace/ec/EcUtil.cpp | 145 ------------------- + src/card/base/pace/ec/EcUtil.h | 12 -- src/card/base/pace/ec/EcdhGenericMapping.cpp | 5 - src/card/base/pace/ec/EcdhGenericMapping.h | 4 - - src/card/base/pace/ec/EcUtil.cpp | 140 ------------------- - src/card/base/pace/ec/EcUtil.h | 12 -- src/card/simulator/SimulatorCard.cpp | 37 ----- src/card/simulator/SimulatorCard.h | 4 - src/card/simulator/SimulatorFileSystem.cpp | 9 -- src/card/simulator/SimulatorFileSystem.h | 4 - - 10 files changed, 1 insertion(+), 259 deletions(-) + 10 files changed, 1 insertion(+), 264 deletions(-) diff --git a/src/card/base/asn1/EcdsaPublicKey.cpp b/src/card/base/asn1/EcdsaPublicKey.cpp index 7f54045..dc7e26b 100644 @@ -110,44 +110,11 @@ index 860bc74..c85e48b 100644 public: static int decodeCallback(int pOperation, ASN1_VALUE** pVal, const ASN1_ITEM* pIt, void* pExarg); -diff --git a/src/card/base/pace/ec/EcdhGenericMapping.cpp b/src/card/base/pace/ec/EcdhGenericMapping.cpp -index 04cee51..571c7a0 100644 ---- a/src/card/base/pace/ec/EcdhGenericMapping.cpp -+++ b/src/card/base/pace/ec/EcdhGenericMapping.cpp -@@ -49,12 +49,7 @@ bool EcdhGenericMapping::generateEphemeralDomainParameters(const QByteArray& pRe - return false; - } - --#if OPENSSL_VERSION_NUMBER >= 0x30000000L -- const QSharedPointer localPubKeyPtr = EcUtil::oct2point(mCurve, EcUtil::getEncodedPublicKey(mLocalKey)); -- const EC_POINT* localPubKey = localPubKeyPtr.data(); --#else - const EC_POINT* localPubKey = EC_KEY_get0_public_key(mLocalKey.data()); --#endif - if (!EC_POINT_cmp(mCurve.data(), localPubKey, remotePubKey.data(), nullptr)) - { - qCCritical(card) << "The exchanged public keys are equal."; -diff --git a/src/card/base/pace/ec/EcdhGenericMapping.h b/src/card/base/pace/ec/EcdhGenericMapping.h -index e9c9768..188befb 100644 ---- a/src/card/base/pace/ec/EcdhGenericMapping.h -+++ b/src/card/base/pace/ec/EcdhGenericMapping.h -@@ -22,11 +22,7 @@ class EcdhGenericMapping - - private: - const QSharedPointer mCurve; --#if OPENSSL_VERSION_NUMBER >= 0x30000000L -- QSharedPointer mLocalKey; --#else - QSharedPointer mLocalKey; --#endif - - QSharedPointer createNewGenerator(const QSharedPointer& pRemotePubKey, const QSharedPointer& pS); - diff --git a/src/card/base/pace/ec/EcUtil.cpp b/src/card/base/pace/ec/EcUtil.cpp -index 67e970e..546438f 100644 +index 069ad81..546438f 100644 --- a/src/card/base/pace/ec/EcUtil.cpp +++ b/src/card/base/pace/ec/EcUtil.cpp -@@ -103,143 +103,6 @@ QSharedPointer EcUtil::oct2point(const QSharedPointer& +@@ -103,148 +103,6 @@ QSharedPointer EcUtil::oct2point(const QSharedPointer& } @@ -197,8 +164,13 @@ index 67e970e..546438f 100644 - return nullptr; - } - -- if (OSSL_PARAM* params = nullptr; -- pFunc(bld) && (params = OSSL_PARAM_BLD_to_param(bld)) != nullptr) +- if (!pFunc(bld)) +- { +- qCCritical(card) << "Cannot initialize parameter builder"; +- return nullptr; +- } +- +- if (OSSL_PARAM* params = OSSL_PARAM_BLD_to_param(bld); params != nullptr) - { - static auto deleter = [](OSSL_PARAM* pParam) - { @@ -291,7 +263,7 @@ index 67e970e..546438f 100644 QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer& pKey, bool pCompressed) { if (pKey.isNull()) -@@ -288,6 +151,3 @@ QSharedPointer EcUtil::generateKey(const QSharedPointer& +@@ -293,6 +151,3 @@ QSharedPointer EcUtil::generateKey(const QSharedPointer& return key; } @@ -344,6 +316,39 @@ index 63eb16c..914c268 100644 inline QSharedPointer EcUtil::create(EC_POINT* pEcPoint) { static auto deleter = [](EC_POINT* ecPoint) +diff --git a/src/card/base/pace/ec/EcdhGenericMapping.cpp b/src/card/base/pace/ec/EcdhGenericMapping.cpp +index 04cee51..571c7a0 100644 +--- a/src/card/base/pace/ec/EcdhGenericMapping.cpp ++++ b/src/card/base/pace/ec/EcdhGenericMapping.cpp +@@ -49,12 +49,7 @@ bool EcdhGenericMapping::generateEphemeralDomainParameters(const QByteArray& pRe + return false; + } + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- const QSharedPointer localPubKeyPtr = EcUtil::oct2point(mCurve, EcUtil::getEncodedPublicKey(mLocalKey)); +- const EC_POINT* localPubKey = localPubKeyPtr.data(); +-#else + const EC_POINT* localPubKey = EC_KEY_get0_public_key(mLocalKey.data()); +-#endif + if (!EC_POINT_cmp(mCurve.data(), localPubKey, remotePubKey.data(), nullptr)) + { + qCCritical(card) << "The exchanged public keys are equal."; +diff --git a/src/card/base/pace/ec/EcdhGenericMapping.h b/src/card/base/pace/ec/EcdhGenericMapping.h +index e9c9768..188befb 100644 +--- a/src/card/base/pace/ec/EcdhGenericMapping.h ++++ b/src/card/base/pace/ec/EcdhGenericMapping.h +@@ -22,11 +22,7 @@ class EcdhGenericMapping + + private: + const QSharedPointer mCurve; +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- QSharedPointer mLocalKey; +-#else + QSharedPointer mLocalKey; +-#endif + + QSharedPointer createNewGenerator(const QSharedPointer& pRemotePubKey, const QSharedPointer& pS); + diff --git a/src/card/simulator/SimulatorCard.cpp b/src/card/simulator/SimulatorCard.cpp index 3c4e218..a39fb54 100644 --- a/src/card/simulator/SimulatorCard.cpp @@ -416,10 +421,10 @@ index fc9db00..7a881cb 100644 QByteArray mTaSigningData; QByteArray mTaAuxData; diff --git a/src/card/simulator/SimulatorFileSystem.cpp b/src/card/simulator/SimulatorFileSystem.cpp -index 3c0fb35..3f00ae8 100644 +index 5c01caa..4cbe60c 100644 --- a/src/card/simulator/SimulatorFileSystem.cpp +++ b/src/card/simulator/SimulatorFileSystem.cpp -@@ -357,11 +357,7 @@ QByteArray SimulatorFileSystem::getPassword(PacePasswordId pPasswordId) const +@@ -347,11 +347,7 @@ QByteArray SimulatorFileSystem::getPassword(PacePasswordId pPasswordId) const } @@ -431,7 +436,7 @@ index 3c0fb35..3f00ae8 100644 { if (!mKeys.contains(pKeyId)) { -@@ -377,13 +373,8 @@ QSharedPointer SimulatorFileSystem::getKey(int pKeyId) const +@@ -367,13 +363,8 @@ QSharedPointer SimulatorFileSystem::getKey(int pKeyId) const return nullptr; } @@ -462,5 +467,5 @@ index 7d8458f..57065db 100644 void setTrustPoint(const QSharedPointer& pTrustPoint); -- -2.48.1 +2.51.0 diff --git a/AusweisApp2.spec b/AusweisApp2.spec index 38afeed..cd964a5 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -24,10 +24,6 @@ fi \ %global build_fflags %(echo '%{build_fflags}' | sed -e 's!-ffat-lto-objects!-fno-fat-lto-objects!g') %global build_fcflags %(echo '%{build_fflags}' | sed -e 's!-ffat-lto-objects!-fno-fat-lto-objects!g') -# Build and package Doxygen documentation? -%bcond_without doxy - -# Do we build with Qt6? %if 0%{?fedora} || 0%{?rhel} >= 9 %global qt6_build 1 %else @@ -41,7 +37,7 @@ fi \ %global newname AusweisApp Name: AusweisApp2 -Version: 2.3.2 +Version: 2.4.0 Release: %autorelease Summary: %{pkg_sum} @@ -67,7 +63,7 @@ Patch01000: %{name}-1.24.1-use_Qt_TranslationsPath.patch # Needed because Fedora's openssl does not support elliptic curves using custom parameters. # Request to enable them was denied: https://bugzilla.redhat.com/show_bug.cgi?id=2259403 # It is currently not clear if the legacy API works by accident or by design. It does work as of March 2025. -Patch01001: %{name}-2.0.1-use-legacy-openssl-api.patch +Patch01001: 0001-Use-legacy-OpenSSL-API.patch BuildRequires: cmake BuildRequires: crypto-policies @@ -162,10 +158,6 @@ used by %{name}. Summary: User and API documentation for %{name} BuildArch: noarch -%if %{with doxy} -BuildRequires: doxygen -BuildRequires: graphviz -%endif BuildRequires: hardlink BuildRequires: python3-sphinx BuildRequires: python3-sphinx_rtd_theme @@ -173,11 +165,6 @@ BuildRequires: python3-sphinx_rtd_theme # Do not raise conflicts about shared license files. Requires: (%{name} = %{version}-%{release} if %{name}) -# The doc-api package is faded, since we can ship the -# Doxygen documentation noarch'ed as well now. -Obsoletes: %{name}-doc-api < 1.20.1-2 -Provides: %{name}-doc-api = %{version}-%{release} - %description doc This package contains the user and API documentation for %{name}. @@ -232,16 +219,10 @@ EOF %if (0%{?fedora} || 0%{?rhel} > 8) # Documentation. -%cmake_build --target installation_integration notes sdk -%if %{with doxy} -%cmake_build --target doxy -%endif +%cmake_build --target installation_integration_de installation_integration_en notes sdk %else # Documentation. -%ninja_build -C %{_vpath_builddir} installation_integration notes sdk -%if %{with doxy} -%ninja_build -C %{_vpath_builddir} doxy -%endif +%ninja_build -C %{_vpath_builddir} installation_integration_de installation_integration_en notes sdk %endif @@ -266,13 +247,10 @@ rm -fr %{buildroot}%{_datadir}/%{newname}/translations %endif # Excessive docs. -mkdir -p %{buildroot}%{_pkgdocdir}/{installation_integration,notes,sdk} +mkdir -p %{buildroot}%{_pkgdocdir}/{installation_integration_{de,en},notes,sdk} install -pm 0644 README.rst %{buildroot}%{_pkgdocdir} -%if %{with doxy} -mkdir -p %{buildroot}%{_pkgdocdir}/doxy -cp -a %{_vpath_builddir}/doc/html/* %{buildroot}%{_pkgdocdir}/doxy -%endif -cp -a %{_vpath_builddir}/docs/installation_integration/html/* %{buildroot}%{_pkgdocdir}/installation_integration +cp -a %{_vpath_builddir}/docs/installation_integration_de/html/* %{buildroot}%{_pkgdocdir}/installation_integration_de +cp -a %{_vpath_builddir}/docs/installation_integration_en/html/* %{buildroot}%{_pkgdocdir}/installation_integration_en cp -a %{_vpath_builddir}/docs/notes/html/* %{buildroot}%{_pkgdocdir}/notes cp -a %{_vpath_builddir}/docs/sdk/html/* %{buildroot}%{_pkgdocdir}/sdk find %{buildroot}%{_pkgdocdir} -type d -print0 | xargs -0 chmod -c 0755 diff --git a/sources b/sources index ce61b0a..7862543 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (AusweisApp-2.3.2.tar.gz) = b342b024f6d05c9c5239d750499b3ef976e819bfde4990bc301095a71378fd2f026e4c70c79784c06c372545d6a35c07a62cfdb01625dcc022446a66cee658b4 -SHA512 (AusweisApp-2.3.2.tar.gz.asc) = a6e37ea068142162dc3386e19bd428b3fb652c43eaf719ec3f4e3d6e078281b95e5fa728677632441662da89f54a6e2c7b29b7efa6e40e1cd0e6a7df4ded8cc6 -SHA512 (AusweisApp-2.3.2.tar.gz.sha256) = 6158a7b838406c9e87e03eafb999312d5db37aa4a8a3ce5c4bb1be400169f047f440a3fb50092d57c318ac4951338cb50e30d791dda97b2a9b913226b59f710d +SHA512 (AusweisApp-2.4.0.tar.gz) = 6e0d89b30176f7722bebab01322363ee38ff43573167061d4a97d840b669f3e579ad9fb62345b97b75490690fd5e03f25994eaa1a77334171fcdd28d39ec3e4a +SHA512 (AusweisApp-2.4.0.tar.gz.asc) = ac8ffdb68d5847978bf639a8f32462053bddcace5d9c3d6cb16e788bb2dbe98ae3b7cafe089246fa786fa4b3e048b81b608cbe77e948a843b2dcd774796d2a56 +SHA512 (AusweisApp-2.4.0.tar.gz.sha256) = 257634437251fc22b3d85386a282ee4ce68d2f0db1112a912a54db9a6741ecb79b4180c490486d9ff8519246e62165b5953ed5739e9de0e180bb46decfeff16a SHA512 (AusweisApp2-pubring.gpg) = 3aae27b673f4eb2f7d3bda6c839b3d11829a730bde546e92abb889abb1c2453e786dc906154074485406692f5b9abbb3e1fb293e6b397696b6371016723621cd From 4443aa4e38a92940066b31e79e3c3ae3adfd70d4 Mon Sep 17 00:00:00 2001 From: Fedora Release Engineering Date: Fri, 16 Jan 2026 02:27:52 +0000 Subject: [PATCH 47/47] Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild