diff --git a/.gitignore b/.gitignore index 6823769..40511aa 100644 --- a/.gitignore +++ b/.gitignore @@ -32,3 +32,6 @@ /AusweisApp-2.3.2.tar.gz /AusweisApp-2.3.2.tar.gz.asc /AusweisApp-2.3.2.tar.gz.sha256 +/AusweisApp-2.4.0.tar.gz +/AusweisApp-2.4.0.tar.gz.asc +/AusweisApp-2.4.0.tar.gz.sha256 diff --git a/AusweisApp2-2.0.1-use-legacy-openssl-api.patch b/0001-Use-legacy-OpenSSL-API.patch similarity index 94% rename from AusweisApp2-2.0.1-use-legacy-openssl-api.patch rename to 0001-Use-legacy-OpenSSL-API.patch index eb39945..c05c9b5 100644 --- a/AusweisApp2-2.0.1-use-legacy-openssl-api.patch +++ b/0001-Use-legacy-OpenSSL-API.patch @@ -1,20 +1,20 @@ -From 6e6b651288b477d554112d0f22084c8387e4ea4e Mon Sep 17 00:00:00 2001 +From f5d48a49ea7055b7d4edf5f1398557b475419fb9 Mon Sep 17 00:00:00 2001 From: rpm-build -Date: Thu, 6 Mar 2025 10:13:06 +0100 -Subject: [PATCH] AusweisApp2-2.0.1-use-legacy-openssl-api.patch +Date: Thu, 30 Oct 2025 13:51:15 +0100 +Subject: [PATCH] Use legacy OpenSSL API --- - src/card/base/asn1/EcdsaPublicKey.cpp | 39 ------ + src/card/base/asn1/EcdsaPublicKey.cpp | 39 ----- src/card/base/asn1/EcdsaPublicKey.h | 6 +- + src/card/base/pace/ec/EcUtil.cpp | 145 ------------------- + src/card/base/pace/ec/EcUtil.h | 12 -- src/card/base/pace/ec/EcdhGenericMapping.cpp | 5 - src/card/base/pace/ec/EcdhGenericMapping.h | 4 - - src/card/base/pace/ec/EcUtil.cpp | 140 ------------------- - src/card/base/pace/ec/EcUtil.h | 12 -- src/card/simulator/SimulatorCard.cpp | 37 ----- src/card/simulator/SimulatorCard.h | 4 - src/card/simulator/SimulatorFileSystem.cpp | 9 -- src/card/simulator/SimulatorFileSystem.h | 4 - - 10 files changed, 1 insertion(+), 259 deletions(-) + 10 files changed, 1 insertion(+), 264 deletions(-) diff --git a/src/card/base/asn1/EcdsaPublicKey.cpp b/src/card/base/asn1/EcdsaPublicKey.cpp index 7f54045..dc7e26b 100644 @@ -110,44 +110,11 @@ index 860bc74..c85e48b 100644 public: static int decodeCallback(int pOperation, ASN1_VALUE** pVal, const ASN1_ITEM* pIt, void* pExarg); -diff --git a/src/card/base/pace/ec/EcdhGenericMapping.cpp b/src/card/base/pace/ec/EcdhGenericMapping.cpp -index 04cee51..571c7a0 100644 ---- a/src/card/base/pace/ec/EcdhGenericMapping.cpp -+++ b/src/card/base/pace/ec/EcdhGenericMapping.cpp -@@ -49,12 +49,7 @@ bool EcdhGenericMapping::generateEphemeralDomainParameters(const QByteArray& pRe - return false; - } - --#if OPENSSL_VERSION_NUMBER >= 0x30000000L -- const QSharedPointer localPubKeyPtr = EcUtil::oct2point(mCurve, EcUtil::getEncodedPublicKey(mLocalKey)); -- const EC_POINT* localPubKey = localPubKeyPtr.data(); --#else - const EC_POINT* localPubKey = EC_KEY_get0_public_key(mLocalKey.data()); --#endif - if (!EC_POINT_cmp(mCurve.data(), localPubKey, remotePubKey.data(), nullptr)) - { - qCCritical(card) << "The exchanged public keys are equal."; -diff --git a/src/card/base/pace/ec/EcdhGenericMapping.h b/src/card/base/pace/ec/EcdhGenericMapping.h -index e9c9768..188befb 100644 ---- a/src/card/base/pace/ec/EcdhGenericMapping.h -+++ b/src/card/base/pace/ec/EcdhGenericMapping.h -@@ -22,11 +22,7 @@ class EcdhGenericMapping - - private: - const QSharedPointer mCurve; --#if OPENSSL_VERSION_NUMBER >= 0x30000000L -- QSharedPointer mLocalKey; --#else - QSharedPointer mLocalKey; --#endif - - QSharedPointer createNewGenerator(const QSharedPointer& pRemotePubKey, const QSharedPointer& pS); - diff --git a/src/card/base/pace/ec/EcUtil.cpp b/src/card/base/pace/ec/EcUtil.cpp -index 67e970e..546438f 100644 +index 069ad81..546438f 100644 --- a/src/card/base/pace/ec/EcUtil.cpp +++ b/src/card/base/pace/ec/EcUtil.cpp -@@ -103,143 +103,6 @@ QSharedPointer EcUtil::oct2point(const QSharedPointer& +@@ -103,148 +103,6 @@ QSharedPointer EcUtil::oct2point(const QSharedPointer& } @@ -197,8 +164,13 @@ index 67e970e..546438f 100644 - return nullptr; - } - -- if (OSSL_PARAM* params = nullptr; -- pFunc(bld) && (params = OSSL_PARAM_BLD_to_param(bld)) != nullptr) +- if (!pFunc(bld)) +- { +- qCCritical(card) << "Cannot initialize parameter builder"; +- return nullptr; +- } +- +- if (OSSL_PARAM* params = OSSL_PARAM_BLD_to_param(bld); params != nullptr) - { - static auto deleter = [](OSSL_PARAM* pParam) - { @@ -291,7 +263,7 @@ index 67e970e..546438f 100644 QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer& pKey, bool pCompressed) { if (pKey.isNull()) -@@ -288,6 +151,3 @@ QSharedPointer EcUtil::generateKey(const QSharedPointer& +@@ -293,6 +151,3 @@ QSharedPointer EcUtil::generateKey(const QSharedPointer& return key; } @@ -344,6 +316,39 @@ index 63eb16c..914c268 100644 inline QSharedPointer EcUtil::create(EC_POINT* pEcPoint) { static auto deleter = [](EC_POINT* ecPoint) +diff --git a/src/card/base/pace/ec/EcdhGenericMapping.cpp b/src/card/base/pace/ec/EcdhGenericMapping.cpp +index 04cee51..571c7a0 100644 +--- a/src/card/base/pace/ec/EcdhGenericMapping.cpp ++++ b/src/card/base/pace/ec/EcdhGenericMapping.cpp +@@ -49,12 +49,7 @@ bool EcdhGenericMapping::generateEphemeralDomainParameters(const QByteArray& pRe + return false; + } + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- const QSharedPointer localPubKeyPtr = EcUtil::oct2point(mCurve, EcUtil::getEncodedPublicKey(mLocalKey)); +- const EC_POINT* localPubKey = localPubKeyPtr.data(); +-#else + const EC_POINT* localPubKey = EC_KEY_get0_public_key(mLocalKey.data()); +-#endif + if (!EC_POINT_cmp(mCurve.data(), localPubKey, remotePubKey.data(), nullptr)) + { + qCCritical(card) << "The exchanged public keys are equal."; +diff --git a/src/card/base/pace/ec/EcdhGenericMapping.h b/src/card/base/pace/ec/EcdhGenericMapping.h +index e9c9768..188befb 100644 +--- a/src/card/base/pace/ec/EcdhGenericMapping.h ++++ b/src/card/base/pace/ec/EcdhGenericMapping.h +@@ -22,11 +22,7 @@ class EcdhGenericMapping + + private: + const QSharedPointer mCurve; +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- QSharedPointer mLocalKey; +-#else + QSharedPointer mLocalKey; +-#endif + + QSharedPointer createNewGenerator(const QSharedPointer& pRemotePubKey, const QSharedPointer& pS); + diff --git a/src/card/simulator/SimulatorCard.cpp b/src/card/simulator/SimulatorCard.cpp index 3c4e218..a39fb54 100644 --- a/src/card/simulator/SimulatorCard.cpp @@ -416,10 +421,10 @@ index fc9db00..7a881cb 100644 QByteArray mTaSigningData; QByteArray mTaAuxData; diff --git a/src/card/simulator/SimulatorFileSystem.cpp b/src/card/simulator/SimulatorFileSystem.cpp -index 3c0fb35..3f00ae8 100644 +index 5c01caa..4cbe60c 100644 --- a/src/card/simulator/SimulatorFileSystem.cpp +++ b/src/card/simulator/SimulatorFileSystem.cpp -@@ -357,11 +357,7 @@ QByteArray SimulatorFileSystem::getPassword(PacePasswordId pPasswordId) const +@@ -347,11 +347,7 @@ QByteArray SimulatorFileSystem::getPassword(PacePasswordId pPasswordId) const } @@ -431,7 +436,7 @@ index 3c0fb35..3f00ae8 100644 { if (!mKeys.contains(pKeyId)) { -@@ -377,13 +373,8 @@ QSharedPointer SimulatorFileSystem::getKey(int pKeyId) const +@@ -367,13 +363,8 @@ QSharedPointer SimulatorFileSystem::getKey(int pKeyId) const return nullptr; } @@ -462,5 +467,5 @@ index 7d8458f..57065db 100644 void setTrustPoint(const QSharedPointer& pTrustPoint); -- -2.48.1 +2.51.0 diff --git a/AusweisApp2.spec b/AusweisApp2.spec index 38afeed..cd964a5 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -24,10 +24,6 @@ fi \ %global build_fflags %(echo '%{build_fflags}' | sed -e 's!-ffat-lto-objects!-fno-fat-lto-objects!g') %global build_fcflags %(echo '%{build_fflags}' | sed -e 's!-ffat-lto-objects!-fno-fat-lto-objects!g') -# Build and package Doxygen documentation? -%bcond_without doxy - -# Do we build with Qt6? %if 0%{?fedora} || 0%{?rhel} >= 9 %global qt6_build 1 %else @@ -41,7 +37,7 @@ fi \ %global newname AusweisApp Name: AusweisApp2 -Version: 2.3.2 +Version: 2.4.0 Release: %autorelease Summary: %{pkg_sum} @@ -67,7 +63,7 @@ Patch01000: %{name}-1.24.1-use_Qt_TranslationsPath.patch # Needed because Fedora's openssl does not support elliptic curves using custom parameters. # Request to enable them was denied: https://bugzilla.redhat.com/show_bug.cgi?id=2259403 # It is currently not clear if the legacy API works by accident or by design. It does work as of March 2025. -Patch01001: %{name}-2.0.1-use-legacy-openssl-api.patch +Patch01001: 0001-Use-legacy-OpenSSL-API.patch BuildRequires: cmake BuildRequires: crypto-policies @@ -162,10 +158,6 @@ used by %{name}. Summary: User and API documentation for %{name} BuildArch: noarch -%if %{with doxy} -BuildRequires: doxygen -BuildRequires: graphviz -%endif BuildRequires: hardlink BuildRequires: python3-sphinx BuildRequires: python3-sphinx_rtd_theme @@ -173,11 +165,6 @@ BuildRequires: python3-sphinx_rtd_theme # Do not raise conflicts about shared license files. Requires: (%{name} = %{version}-%{release} if %{name}) -# The doc-api package is faded, since we can ship the -# Doxygen documentation noarch'ed as well now. -Obsoletes: %{name}-doc-api < 1.20.1-2 -Provides: %{name}-doc-api = %{version}-%{release} - %description doc This package contains the user and API documentation for %{name}. @@ -232,16 +219,10 @@ EOF %if (0%{?fedora} || 0%{?rhel} > 8) # Documentation. -%cmake_build --target installation_integration notes sdk -%if %{with doxy} -%cmake_build --target doxy -%endif +%cmake_build --target installation_integration_de installation_integration_en notes sdk %else # Documentation. -%ninja_build -C %{_vpath_builddir} installation_integration notes sdk -%if %{with doxy} -%ninja_build -C %{_vpath_builddir} doxy -%endif +%ninja_build -C %{_vpath_builddir} installation_integration_de installation_integration_en notes sdk %endif @@ -266,13 +247,10 @@ rm -fr %{buildroot}%{_datadir}/%{newname}/translations %endif # Excessive docs. -mkdir -p %{buildroot}%{_pkgdocdir}/{installation_integration,notes,sdk} +mkdir -p %{buildroot}%{_pkgdocdir}/{installation_integration_{de,en},notes,sdk} install -pm 0644 README.rst %{buildroot}%{_pkgdocdir} -%if %{with doxy} -mkdir -p %{buildroot}%{_pkgdocdir}/doxy -cp -a %{_vpath_builddir}/doc/html/* %{buildroot}%{_pkgdocdir}/doxy -%endif -cp -a %{_vpath_builddir}/docs/installation_integration/html/* %{buildroot}%{_pkgdocdir}/installation_integration +cp -a %{_vpath_builddir}/docs/installation_integration_de/html/* %{buildroot}%{_pkgdocdir}/installation_integration_de +cp -a %{_vpath_builddir}/docs/installation_integration_en/html/* %{buildroot}%{_pkgdocdir}/installation_integration_en cp -a %{_vpath_builddir}/docs/notes/html/* %{buildroot}%{_pkgdocdir}/notes cp -a %{_vpath_builddir}/docs/sdk/html/* %{buildroot}%{_pkgdocdir}/sdk find %{buildroot}%{_pkgdocdir} -type d -print0 | xargs -0 chmod -c 0755 diff --git a/sources b/sources index ce61b0a..7862543 100644 --- a/sources +++ b/sources @@ -1,4 +1,4 @@ -SHA512 (AusweisApp-2.3.2.tar.gz) = b342b024f6d05c9c5239d750499b3ef976e819bfde4990bc301095a71378fd2f026e4c70c79784c06c372545d6a35c07a62cfdb01625dcc022446a66cee658b4 -SHA512 (AusweisApp-2.3.2.tar.gz.asc) = a6e37ea068142162dc3386e19bd428b3fb652c43eaf719ec3f4e3d6e078281b95e5fa728677632441662da89f54a6e2c7b29b7efa6e40e1cd0e6a7df4ded8cc6 -SHA512 (AusweisApp-2.3.2.tar.gz.sha256) = 6158a7b838406c9e87e03eafb999312d5db37aa4a8a3ce5c4bb1be400169f047f440a3fb50092d57c318ac4951338cb50e30d791dda97b2a9b913226b59f710d +SHA512 (AusweisApp-2.4.0.tar.gz) = 6e0d89b30176f7722bebab01322363ee38ff43573167061d4a97d840b669f3e579ad9fb62345b97b75490690fd5e03f25994eaa1a77334171fcdd28d39ec3e4a +SHA512 (AusweisApp-2.4.0.tar.gz.asc) = ac8ffdb68d5847978bf639a8f32462053bddcace5d9c3d6cb16e788bb2dbe98ae3b7cafe089246fa786fa4b3e048b81b608cbe77e948a843b2dcd774796d2a56 +SHA512 (AusweisApp-2.4.0.tar.gz.sha256) = 257634437251fc22b3d85386a282ee4ce68d2f0db1112a912a54db9a6741ecb79b4180c490486d9ff8519246e62165b5953ed5739e9de0e180bb46decfeff16a SHA512 (AusweisApp2-pubring.gpg) = 3aae27b673f4eb2f7d3bda6c839b3d11829a730bde546e92abb889abb1c2453e786dc906154074485406692f5b9abbb3e1fb293e6b397696b6371016723621cd