diff --git a/.gitignore b/.gitignore index b4dc8e7..40511aa 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,37 @@ /AusweisApp2-*.tar.gz /AusweisApp2-pubring.gpg +/AusweisApp-2.0.1.tar.gz +/AusweisApp-pubring.gpg +/AusweisApp-2.0.2.tar.gz +/AusweisApp-2.0.2.tar.gz.asc +/AusweisApp-2.0.2.tar.gz.sha256 +/AusweisApp-2.0.3.tar.gz +/AusweisApp-2.0.3.tar.gz.asc +/AusweisApp-2.0.3.tar.gz.sha256 +/AusweisApp-2.1.0.tar.gz +/AusweisApp-2.1.0.tar.gz.asc +/AusweisApp-2.1.0.tar.gz.sha256 +/AusweisApp-2.1.1.tar.gz +/AusweisApp-2.1.1.tar.gz.asc +/AusweisApp-2.1.1.tar.gz.sha256 +/AusweisApp-2.2.0.tar.gz +/AusweisApp-2.2.0.tar.gz.asc +/AusweisApp-2.2.0.tar.gz.sha256 +/AusweisApp-2.2.1.tar.gz +/AusweisApp-2.2.1.tar.gz.asc +/AusweisApp-2.2.1.tar.gz.sha256 +/AusweisApp-2.2.2.tar.gz +/AusweisApp-2.2.2.tar.gz.asc +/AusweisApp-2.2.2.tar.gz.sha256 +/AusweisApp-2.3.0.tar.gz +/AusweisApp-2.3.0.tar.gz.asc +/AusweisApp-2.3.0.tar.gz.sha256 +/AusweisApp-2.3.1.tar.gz +/AusweisApp-2.3.1.tar.gz.asc +/AusweisApp-2.3.1.tar.gz.sha256 +/AusweisApp-2.3.2.tar.gz +/AusweisApp-2.3.2.tar.gz.asc +/AusweisApp-2.3.2.tar.gz.sha256 +/AusweisApp-2.4.0.tar.gz +/AusweisApp-2.4.0.tar.gz.asc +/AusweisApp-2.4.0.tar.gz.sha256 diff --git a/0001-Use-legacy-OpenSSL-API.patch b/0001-Use-legacy-OpenSSL-API.patch new file mode 100644 index 0000000..c05c9b5 --- /dev/null +++ b/0001-Use-legacy-OpenSSL-API.patch @@ -0,0 +1,471 @@ +From f5d48a49ea7055b7d4edf5f1398557b475419fb9 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Thu, 30 Oct 2025 13:51:15 +0100 +Subject: [PATCH] Use legacy OpenSSL API + +--- + src/card/base/asn1/EcdsaPublicKey.cpp | 39 ----- + src/card/base/asn1/EcdsaPublicKey.h | 6 +- + src/card/base/pace/ec/EcUtil.cpp | 145 ------------------- + src/card/base/pace/ec/EcUtil.h | 12 -- + src/card/base/pace/ec/EcdhGenericMapping.cpp | 5 - + src/card/base/pace/ec/EcdhGenericMapping.h | 4 - + src/card/simulator/SimulatorCard.cpp | 37 ----- + src/card/simulator/SimulatorCard.h | 4 - + src/card/simulator/SimulatorFileSystem.cpp | 9 -- + src/card/simulator/SimulatorFileSystem.h | 4 - + 10 files changed, 1 insertion(+), 264 deletions(-) + +diff --git a/src/card/base/asn1/EcdsaPublicKey.cpp b/src/card/base/asn1/EcdsaPublicKey.cpp +index 7f54045..dc7e26b 100644 +--- a/src/card/base/asn1/EcdsaPublicKey.cpp ++++ b/src/card/base/asn1/EcdsaPublicKey.cpp +@@ -182,7 +182,6 @@ QByteArray EcdsaPublicKey::getUncompressedPublicPoint() const + } + + +-#if OPENSSL_VERSION_NUMBER < 0x30000000L + QSharedPointer EcdsaPublicKey::createGroup(const CurveData& pData) const + { + QSharedPointer group = EcUtil::create(EC_GROUP_new_curve_GFp(pData.p.data(), pData.a.data(), pData.b.data(), nullptr)); +@@ -209,8 +208,6 @@ QSharedPointer EcdsaPublicKey::createGroup(const CurveData& pData) con + } + + +-#endif +- + QSharedPointer EcdsaPublicKey::createKey(const QByteArray& pPublicPoint) const + { + return createKey(reinterpret_cast(pPublicPoint.constData()), static_cast(pPublicPoint.size())); +@@ -239,7 +236,6 @@ QSharedPointer EcdsaPublicKey::createKey(const uchar* pPublicPoint, in + return nullptr; + } + +-#if OPENSSL_VERSION_NUMBER < 0x30000000L + const auto& group = createGroup(curveData); + if (group.isNull()) + { +@@ -275,39 +271,4 @@ QSharedPointer EcdsaPublicKey::createKey(const uchar* pPublicPoint, in + + return key; + +-#else +- const auto& params = EcUtil::create([&curveData, pPublicPoint, pPublicPointLength, this](OSSL_PARAM_BLD* pBuilder){ +- return OSSL_PARAM_BLD_push_BN(pBuilder, "p", curveData.p.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "a", curveData.a.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "b", curveData.b.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "order", curveData.order.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", curveData.cofactor.data()) +- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "pub", pPublicPoint, static_cast(pPublicPointLength)) +- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", mBasePoint->data, static_cast(mBasePoint->length)) +- && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12); +- }); +- +- if (params == nullptr) +- { +- qCCritical(card) << "Cannot set parameter"; +- return nullptr; +- } +- +- auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr)); +- if (!EVP_PKEY_fromdata_init(ctx.data())) +- { +- qCCritical(card) << "Cannot init pkey"; +- return nullptr; +- } +- +- EVP_PKEY* key = nullptr; +- if (!EVP_PKEY_fromdata(ctx.data(), &key, EVP_PKEY_PUBLIC_KEY, params.data())) +- { +- qCCritical(card) << "Cannot fetch data for pkey"; +- return nullptr; +- } +- +- return EcUtil::create(key); +- +-#endif + } +diff --git a/src/card/base/asn1/EcdsaPublicKey.h b/src/card/base/asn1/EcdsaPublicKey.h +index 860bc74..c85e48b 100644 +--- a/src/card/base/asn1/EcdsaPublicKey.h ++++ b/src/card/base/asn1/EcdsaPublicKey.h +@@ -13,9 +13,7 @@ + #include + #include + +-#if OPENSSL_VERSION_NUMBER < 0x30000000L +- #include +-#endif ++#include + + + namespace governikus +@@ -105,9 +103,7 @@ using EcdsaPublicKey = struct ecdsapublickey_st + + [[nodiscard]] CurveData createCurveData() const; + [[nodiscard]] QSharedPointer createKey(const uchar* pPublicPoint, int pPublicPointLength) const; +-#if OPENSSL_VERSION_NUMBER < 0x30000000L + [[nodiscard]] QSharedPointer createGroup(const CurveData& pData) const; +-#endif + + public: + static int decodeCallback(int pOperation, ASN1_VALUE** pVal, const ASN1_ITEM* pIt, void* pExarg); +diff --git a/src/card/base/pace/ec/EcUtil.cpp b/src/card/base/pace/ec/EcUtil.cpp +index 069ad81..546438f 100644 +--- a/src/card/base/pace/ec/EcUtil.cpp ++++ b/src/card/base/pace/ec/EcUtil.cpp +@@ -103,148 +103,6 @@ QSharedPointer EcUtil::oct2point(const QSharedPointer& + } + + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +-QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer& pKey, bool pCompressed) +-{ +- if (pKey.isNull()) +- { +- qCCritical(card) << "Cannot use undefined key"; +- return nullptr; +- } +- +- uchar* key = nullptr; +- const size_t length = EVP_PKEY_get1_encoded_public_key(pKey.data(), &key); +- const auto guard = qScopeGuard([key] { +- OPENSSL_free(key); +- }); +- +- if (length == 0) +- { +- return QByteArray(); +- } +- +- const QByteArray uncompressed(reinterpret_cast(key), static_cast(length)); +- return pCompressed ? EcUtil::compressPoint(uncompressed) : uncompressed; +-} +- +- +-QSharedPointer EcUtil::getPrivateKey(const QSharedPointer& pKey) +-{ +- BIGNUM* privKey = nullptr; +- EVP_PKEY_get_bn_param(pKey.data(), "priv", &privKey); +- return EcUtil::create(privKey); +-} +- +- +-QSharedPointer EcUtil::create(const std::function& pFunc) +-{ +- OSSL_PARAM_BLD* bld = OSSL_PARAM_BLD_new(); +- const auto guard = qScopeGuard([bld] { +- OSSL_PARAM_BLD_free(bld); +- }); +- +- if (bld == nullptr) +- { +- qCCritical(card) << "Cannot create parameter builder"; +- return nullptr; +- } +- +- if (!pFunc(bld)) +- { +- qCCritical(card) << "Cannot initialize parameter builder"; +- return nullptr; +- } +- +- if (OSSL_PARAM* params = OSSL_PARAM_BLD_to_param(bld); params != nullptr) +- { +- static auto deleter = [](OSSL_PARAM* pParam) +- { +- OSSL_PARAM_free(pParam); +- }; +- +- return QSharedPointer(params, deleter); +- } +- +- qCCritical(card) << "Cannot create parameter"; +- return nullptr; +-} +- +- +-QSharedPointer EcUtil::generateKey(const QSharedPointer& pCurve) +-{ +- if (pCurve.isNull()) +- { +- qCCritical(card) << "Curve is undefined"; +- return nullptr; +- } +- +- auto generator = EcUtil::point2oct(pCurve, EC_GROUP_get0_generator(pCurve.data())); +- +- auto order = EcUtil::create(BN_new()); +- if (!EC_GROUP_get_order(pCurve.data(), order.data(), nullptr)) +- { +- qCCritical(card) << "Cannot fetch order"; +- return nullptr; +- } +- +- auto cofactor = EcUtil::create(BN_new()); +- if (!EC_GROUP_get_cofactor(pCurve.data(), cofactor.data(), nullptr)) +- { +- qCCritical(card) << "Cannot fetch cofactor"; +- return nullptr; +- } +- +- auto p = EcUtil::create(BN_new()); +- auto a = EcUtil::create(BN_new()); +- auto b = EcUtil::create(BN_new()); +- if (!EC_GROUP_get_curve(pCurve.data(), p.data(), a.data(), b.data(), nullptr)) +- { +- qCCritical(card) << "Cannot fetch a, b or p"; +- return nullptr; +- } +- +- const auto& params = EcUtil::create([&p, &a, &b, &order, &cofactor, &generator](OSSL_PARAM_BLD* pBuilder){ +- return OSSL_PARAM_BLD_push_BN(pBuilder, "p", p.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "a", a.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "b", b.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "order", order.data()) +- && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", cofactor.data()) +- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", generator.data(), static_cast(generator.size())) +- && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12); +- }); +- +- if (params == nullptr) +- { +- qCCritical(card) << "Cannot set parameter"; +- return nullptr; +- } +- +- auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr)); +- if (!ctx) +- { +- qCCritical(card) << "Cannot create EVP_PKEY_CTX"; +- return nullptr; +- } +- EVP_PKEY_keygen_init(ctx.data()); +- +- if (!EVP_PKEY_CTX_set_params(ctx.data(), params.data())) +- { +- qCCritical(card) << "Cannot set params to EVP_PKEY_CTX"; +- return nullptr; +- } +- +- EVP_PKEY* key = nullptr; +- if (!EVP_PKEY_generate(ctx.data(), &key)) +- { +- qCCritical(card) << "Cannot create EVP_PKEY"; +- return nullptr; +- } +- +- return EcUtil::create(key); +-} +- +- +-#else + QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer& pKey, bool pCompressed) + { + if (pKey.isNull()) +@@ -293,6 +151,3 @@ QSharedPointer EcUtil::generateKey(const QSharedPointer& + + return key; + } +- +- +-#endif +diff --git a/src/card/base/pace/ec/EcUtil.h b/src/card/base/pace/ec/EcUtil.h +index 63eb16c..914c268 100644 +--- a/src/card/base/pace/ec/EcUtil.h ++++ b/src/card/base/pace/ec/EcUtil.h +@@ -26,24 +26,15 @@ class EcUtil + static QSharedPointer oct2point(const QSharedPointer& pCurve, const QByteArray& pCompressedData); + + static QSharedPointer create(EC_GROUP* pEcGroup); +-#if OPENSSL_VERSION_NUMBER < 0x30000000L + static QSharedPointer create(EC_KEY* pEcKey); +-#endif + static QSharedPointer create(EC_POINT* pEcPoint); + static QSharedPointer create(BIGNUM* pBigNum); + static QSharedPointer create(EVP_PKEY* pEcGroup); + static QSharedPointer create(EVP_PKEY_CTX* pEcGroup); + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- static QByteArray getEncodedPublicKey(const QSharedPointer& pKey, bool pCompressed = false); +- static QSharedPointer getPrivateKey(const QSharedPointer& pKey); +- static QSharedPointer create(const std::function& pFunc); +- static QSharedPointer generateKey(const QSharedPointer& pCurve); +-#else + static QByteArray getEncodedPublicKey(const QSharedPointer& pKey, bool pCompressed = false); + static QSharedPointer getPrivateKey(const QSharedPointer& pKey); + static QSharedPointer generateKey(const QSharedPointer& pCurve); +-#endif + + static QSharedPointer createCurve(int pNid); + }; +@@ -60,7 +51,6 @@ inline QSharedPointer EcUtil::create(EC_GROUP* pEcGroup) + } + + +-#if OPENSSL_VERSION_NUMBER < 0x30000000L + inline QSharedPointer EcUtil::create(EC_KEY* pEcKey) + { + static auto deleter = [](EC_KEY* ecKey) +@@ -72,8 +62,6 @@ inline QSharedPointer EcUtil::create(EC_KEY* pEcKey) + } + + +-#endif +- + inline QSharedPointer EcUtil::create(EC_POINT* pEcPoint) + { + static auto deleter = [](EC_POINT* ecPoint) +diff --git a/src/card/base/pace/ec/EcdhGenericMapping.cpp b/src/card/base/pace/ec/EcdhGenericMapping.cpp +index 04cee51..571c7a0 100644 +--- a/src/card/base/pace/ec/EcdhGenericMapping.cpp ++++ b/src/card/base/pace/ec/EcdhGenericMapping.cpp +@@ -49,12 +49,7 @@ bool EcdhGenericMapping::generateEphemeralDomainParameters(const QByteArray& pRe + return false; + } + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- const QSharedPointer localPubKeyPtr = EcUtil::oct2point(mCurve, EcUtil::getEncodedPublicKey(mLocalKey)); +- const EC_POINT* localPubKey = localPubKeyPtr.data(); +-#else + const EC_POINT* localPubKey = EC_KEY_get0_public_key(mLocalKey.data()); +-#endif + if (!EC_POINT_cmp(mCurve.data(), localPubKey, remotePubKey.data(), nullptr)) + { + qCCritical(card) << "The exchanged public keys are equal."; +diff --git a/src/card/base/pace/ec/EcdhGenericMapping.h b/src/card/base/pace/ec/EcdhGenericMapping.h +index e9c9768..188befb 100644 +--- a/src/card/base/pace/ec/EcdhGenericMapping.h ++++ b/src/card/base/pace/ec/EcdhGenericMapping.h +@@ -22,11 +22,7 @@ class EcdhGenericMapping + + private: + const QSharedPointer mCurve; +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- QSharedPointer mLocalKey; +-#else + QSharedPointer mLocalKey; +-#endif + + QSharedPointer createNewGenerator(const QSharedPointer& pRemotePubKey, const QSharedPointer& pS); + +diff --git a/src/card/simulator/SimulatorCard.cpp b/src/card/simulator/SimulatorCard.cpp +index 3c4e218..a39fb54 100644 +--- a/src/card/simulator/SimulatorCard.cpp ++++ b/src/card/simulator/SimulatorCard.cpp +@@ -661,42 +661,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const + return QByteArray(); + } + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- const auto& terminalKey = EcUtil::create(EVP_PKEY_new()); +- if (terminalKey.isNull() || EVP_PKEY_copy_parameters(terminalKey.data(), mCardKey.data()) == 0) +- { +- qCCritical(card_simulator) << "Initialization of the terminal key failed"; +- return QByteArray(); +- } +- if (!EVP_PKEY_set1_encoded_public_key( +- terminalKey.data(), +- reinterpret_cast(pPoint.data()), +- static_cast(pPoint.length()))) +- { +- qCCritical(card_simulator) << "Interpreting the terminal key failed"; +- return QByteArray(); +- } +- +- const auto& ctx = EcUtil::create(EVP_PKEY_CTX_new_from_pkey(nullptr, mCardKey.data(), nullptr)); +- size_t resultLen = 0; +- if (EVP_PKEY_derive_init(ctx.data()) <= 0 +- || EVP_PKEY_derive_set_peer(ctx.data(), terminalKey.data()) <= 0 +- || EVP_PKEY_derive(ctx.data(), nullptr, &resultLen) <= 0) +- { +- qCCritical(card_simulator) << "Initialization or calculation of the result failed"; +- return QByteArray(); +- } +- +- QByteArray result(static_cast(resultLen), '\0'); +- if (EVP_PKEY_derive(ctx.data(), reinterpret_cast(result.data()), &resultLen) <= 0) +- { +- qCCritical(card_simulator) << "Calculation of the result failed"; +- return QByteArray(); +- } +- +- return result; +- +-#else + const auto& curve = EcUtil::create(EC_GROUP_dup(EC_KEY_get0_group(mCardKey.data()))); + auto point = EcUtil::oct2point(curve, pPoint); + if (!point) +@@ -715,7 +679,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const + + return EcUtil::point2oct(curve, result.data(), true); + +-#endif + } + + +diff --git a/src/card/simulator/SimulatorCard.h b/src/card/simulator/SimulatorCard.h +index fc9db00..7a881cb 100644 +--- a/src/card/simulator/SimulatorCard.h ++++ b/src/card/simulator/SimulatorCard.h +@@ -39,11 +39,7 @@ class SimulatorCard + int mPaceKeyId; + QByteArray mPaceNonce; + QByteArray mPaceTerminalKey; +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- QSharedPointer mCardKey; +-#else + QSharedPointer mCardKey; +-#endif + QSharedPointer mTaCertificate; + QByteArray mTaSigningData; + QByteArray mTaAuxData; +diff --git a/src/card/simulator/SimulatorFileSystem.cpp b/src/card/simulator/SimulatorFileSystem.cpp +index 5c01caa..4cbe60c 100644 +--- a/src/card/simulator/SimulatorFileSystem.cpp ++++ b/src/card/simulator/SimulatorFileSystem.cpp +@@ -347,11 +347,7 @@ QByteArray SimulatorFileSystem::getPassword(PacePasswordId pPasswordId) const + } + + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +-QSharedPointer SimulatorFileSystem::getKey(int pKeyId) const +-#else + QSharedPointer SimulatorFileSystem::getKey(int pKeyId) const +-#endif + { + if (!mKeys.contains(pKeyId)) + { +@@ -367,13 +363,8 @@ QSharedPointer SimulatorFileSystem::getKey(int pKeyId) const + return nullptr; + } + +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- return privateKey; +- +-#else + return EcUtil::create(EVP_PKEY_get1_EC_KEY(privateKey.data())); + +-#endif + } + + +diff --git a/src/card/simulator/SimulatorFileSystem.h b/src/card/simulator/SimulatorFileSystem.h +index 7d8458f..57065db 100644 +--- a/src/card/simulator/SimulatorFileSystem.h ++++ b/src/card/simulator/SimulatorFileSystem.h +@@ -43,11 +43,7 @@ class SimulatorFileSystem + + [[nodiscard]] QByteArray getEfCardAccess() const; + [[nodiscard]] QByteArray getPassword(PacePasswordId pPasswordId) const; +-#if OPENSSL_VERSION_NUMBER >= 0x30000000L +- [[nodiscard]] QSharedPointer getKey(int pKeyId) const; +-#else + [[nodiscard]] QSharedPointer getKey(int pKeyId) const; +-#endif + [[nodiscard]] QSharedPointer getTrustPoint() const; + void setTrustPoint(const QSharedPointer& pTrustPoint); + +-- +2.51.0 + diff --git a/AusweisApp2-1.24.1-use_Qt_TranslationsPath.patch b/AusweisApp2-1.24.1-use_Qt_TranslationsPath.patch index 2cc4234..e4fcd01 100644 --- a/AusweisApp2-1.24.1-use_Qt_TranslationsPath.patch +++ b/AusweisApp2-1.24.1-use_Qt_TranslationsPath.patch @@ -1,8 +1,17 @@ -Index: AusweisApp2-1.24.1/src/global/FileDestination.h -=================================================================== ---- AusweisApp2-1.24.1.orig/src/global/FileDestination.h -+++ AusweisApp2-1.24.1/src/global/FileDestination.h -@@ -9,8 +9,10 @@ +From 056e560ed6432e99a297d1c1d2c89c89621bd825 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Thu, 6 Mar 2025 01:00:00 +0100 +Subject: [PATCH] AusweisApp2-1.24.1-use_Qt_TranslationsPath.patch + +--- + src/global/FileDestination.h | 9 +++++++++ + 1 file changed, 9 insertions(+) + +diff --git a/src/global/FileDestination.h b/src/global/FileDestination.h +index 2fd5826..781e9b9 100644 +--- a/src/global/FileDestination.h ++++ b/src/global/FileDestination.h +@@ -7,8 +7,10 @@ #include #include #include @@ -11,9 +20,9 @@ Index: AusweisApp2-1.24.1/src/global/FileDestination.h #include +#include + namespace governikus - { -@@ -52,6 +54,13 @@ class FileDestination +@@ -51,6 +53,13 @@ class FileDestination QStandardPaths::StandardLocation pStandard = QStandardPaths::AppDataLocation) { #if (defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)) || (defined(Q_OS_BSD4) && !defined(Q_OS_MACOS) && !defined(Q_OS_IOS)) @@ -27,3 +36,6 @@ Index: AusweisApp2-1.24.1/src/global/FileDestination.h if (const auto& match = QStandardPaths::locate(pStandard, pFilename, pOption); !match.isNull()) { return match; +-- +2.48.1 + diff --git a/AusweisApp2-1.26.7.tar.gz.asc b/AusweisApp2-1.26.7.tar.gz.asc deleted file mode 100644 index aa85480..0000000 --- a/AusweisApp2-1.26.7.tar.gz.asc +++ /dev/null @@ -1,16 +0,0 @@ ------BEGIN PGP SIGNATURE----- - -iQIzBAABCAAdFiEEaZvzBVsKSSJO/efHLXR5pTFFEIgFAmTDxJ8ACgkQLXR5pTFF -EIh9Dw//ZMA+HUaRMp9wUCbPxm9XfT2WmVSAdlQPFUcNlue9LTVRGQKzqm0aYHE1 -qDjBdg2u5icS+pcZiX8zgnSijsxUIOVlqEeOq3Ww+X4P5LGI9HugVYCUIGAKrSEr -vGNSnsGs7v7akKVjZea45G6hdGOSm1UrPMp36rSCXmEMzuhDVCg76Ue0rHy2uN9D -2rud1CuLSDEKQs3MqkU1E5lRVX2uuKPz8xgVZTxYixJGlfCa7lPlO1dhEJzAqEtN -r1CMDinjYzjTu3K9ecj5w0HuB/w6VNtAchZ6nT4oUNDUp4AzWYcJEhVVN9iqVRdF -FGijIvMdoe1Zb15b6/lLdzqU1jazJN24swvRzcLFPFsfV7trrIThzv+Mf+LfKEwb -qGUp6cm27y0KxXCuszRhwkAvBgPsOyPzlvcWMTUgoa5bLzOdCwB60iQ0ADCaz306 -GWLZER98OyLeHLP7E/nSv13GlMckqZkOwcR0Fv6yzY0KIZ86loHMeAbxmIcucnOV -bY8Wffe4wfQQhGY/fsgP5v3swwlv1vBtYfLF4CbcFBiW0WJbD3mkt3hJ24E+nrUl -6vhuoj1RJVkEhhF8gnleSxiH1EfsQcKOWKOO3UDFwUQxwtJJ6f8lQXUP+vB3NP/9 -q24xmU1XW4F+F72o2GD262aJn+HpbgWQzUEbMLQx5eAwrs+Dq08= -=Nkl8 ------END PGP SIGNATURE----- diff --git a/AusweisApp2-1.26.7.tar.gz.sha256 b/AusweisApp2-1.26.7.tar.gz.sha256 deleted file mode 100644 index 56fa5a3..0000000 --- a/AusweisApp2-1.26.7.tar.gz.sha256 +++ /dev/null @@ -1 +0,0 @@ -8062fe04332e9a7bee4c75fe3ef3efda6748c1a19a6fda8770f7914939c7bd28 AusweisApp2-1.26.7.tar.gz diff --git a/AusweisApp2.spec b/AusweisApp2.spec index 601ae1b..cd964a5 100644 --- a/AusweisApp2.spec +++ b/AusweisApp2.spec @@ -6,10 +6,10 @@ %{?__debug_package:%{__debug_install_post}} \ %{__arch_install_post} \ %{__os_install_post} \ -fipshmac %{buildroot}%{_bindir}/%{name} \\\ - %{buildroot}%{_libexecdir}/%{name} \\\ - %{buildroot}%{_datadir}/%{name}/openssl.cnf \ -c="%{buildroot}%{_datadir}/%{name}/config.json" \ +fipshmac %{buildroot}%{_bindir}/%{newname} \\\ + %{buildroot}%{_libexecdir}/%{newname} \\\ + %{buildroot}%{_datadir}/%{newname}/openssl.cnf \ +c="%{buildroot}%{_datadir}/%{newname}/config.json" \ if [[ -f ${c} ]]; then \ fipshmac ${c} \ fi \ @@ -24,10 +24,6 @@ fi \ %global build_fflags %(echo '%{build_fflags}' | sed -e 's!-ffat-lto-objects!-fno-fat-lto-objects!g') %global build_fcflags %(echo '%{build_fflags}' | sed -e 's!-ffat-lto-objects!-fno-fat-lto-objects!g') -# Build and package Doxygen documentation? -%bcond_without doxy - -# Do we build with Qt6? %if 0%{?fedora} || 0%{?rhel} >= 9 %global qt6_build 1 %else @@ -37,13 +33,15 @@ fi \ # Package summary. Gets overwritten by subpackages otherwise. %global pkg_sum Online identification with German ID card (Personalausweis) +# Upstream renamed to AusweisApp with 2.0 release +%global newname AusweisApp Name: AusweisApp2 -Version: 1.26.7 -Release: 3%{?dist} +Version: 2.4.0 +Release: %autorelease Summary: %{pkg_sum} -License: EUPL 1.2 +License: EUPL-1.2 URL: https://www.ausweisapp.bund.de/en # Url to releases on github. @@ -53,15 +51,19 @@ URL: https://www.ausweisapp.bund.de/en # gpg2 --keyserver keyserver.ubuntu.com --recv-keys 699BF3055B0A49224EFDE7C72D7479A531451088 # gpg2 --export --export-options export-minimal 699BF3055B0A49224EFDE7C72D7479A531451088 > %%{name}-pubring.gpg -Source0000: %{rel_url}/%{name}-%{version}.tar.gz -Source0001: %{rel_url}/%{name}-%{version}.tar.gz.asc +Source0000: %{rel_url}/%{newname}-%{version}.tar.gz +Source0001: %{rel_url}/%{newname}-%{version}.tar.gz.asc Source0002: %{name}-pubring.gpg -Source0003: %{rel_url}/%{name}-%{version}.tar.gz.sha256 +Source0003: %{rel_url}/%{newname}-%{version}.tar.gz.sha256 Source0004: https://joinup.ec.europa.eu/sites/default/files/custom-page/attachment/2020-03/EUPL-1.2%%20EN.txt#/EUPL-12_EN.txt Source1000: gen_openssl_cnf.py # Downstream. Patch01000: %{name}-1.24.1-use_Qt_TranslationsPath.patch +# Needed because Fedora's openssl does not support elliptic curves using custom parameters. +# Request to enable them was denied: https://bugzilla.redhat.com/show_bug.cgi?id=2259403 +# It is currently not clear if the legacy API works by accident or by design. It does work as of March 2025. +Patch01001: 0001-Use-legacy-OpenSSL-API.patch BuildRequires: cmake BuildRequires: crypto-policies @@ -124,6 +126,12 @@ Requires: openssl-libs%{?_isa} >= 3.0.8-2 # Needed for running fipscheck on application startup. # Requires: fipscheck +%if 0%{?qt6_build} +# Needed for GUI elements to be rendered +Requires: qt6-qtimageformats%{?_isa} +Requires: qt6-qtsvg%{?_isa} +%endif + %description The AusweisApp2 is a software to identify yourself online with your ID card (Personalausweis) or your electronic @@ -150,10 +158,6 @@ used by %{name}. Summary: User and API documentation for %{name} BuildArch: noarch -%if %{with doxy} -BuildRequires: doxygen -BuildRequires: graphviz -%endif BuildRequires: hardlink BuildRequires: python3-sphinx BuildRequires: python3-sphinx_rtd_theme @@ -161,11 +165,6 @@ BuildRequires: python3-sphinx_rtd_theme # Do not raise conflicts about shared license files. Requires: (%{name} = %{version}-%{release} if %{name}) -# The doc-api package is faded, since we can ship the -# Doxygen documentation noarch'ed as well now. -Obsoletes: %{name}-doc-api < 1.20.1-2 -Provides: %{name}-doc-api = %{version}-%{release} - %description doc This package contains the user and API documentation for %{name}. @@ -180,7 +179,7 @@ pushd %{_sourcedir} sha256sum -c %{SOURCE3} popd -%autosetup -p 1 +%autosetup -p 1 -n %{newname}-%{version} install -pm 0644 %{SOURCE4} LICENSE.en.txt # Generate application specific OpenSSL configuration. @@ -192,13 +191,13 @@ install -pm 0644 %{SOURCE4} LICENSE.en.txt cat << EOF > fedora_%{name}_wrapper.sh #!/bin/sh # /usr/bin/fipscheck \\ -# %{_bindir}/%{name} \\ -# %{_libexecdir}/%{name} \\ -# %{_datadir}/%{name}/config.json \\ -# %{_datadir}/%{name}/openssl.cnf \\ +# %{_bindir}/%{newname} \\ +# %{_libexecdir}/%{newname} \\ +# %{_datadir}/%{newname}/config.json \\ +# %{_datadir}/%{newname}/openssl.cnf \\ # || exit \$?; -OPENSSL_CONF=%{_datadir}/%{name}/openssl.cnf \\ -%{_libexecdir}/%{name} "\$@"; +OPENSSL_CONF=%{_datadir}/%{newname}/openssl.cnf \\ +%{_libexecdir}/%{newname} "\$@"; EOF @@ -220,16 +219,10 @@ EOF %if (0%{?fedora} || 0%{?rhel} > 8) # Documentation. -%cmake_build --target inst inte notes sdk -%if %{with doxy} -%cmake_build --target doxy -%endif +%cmake_build --target installation_integration_de installation_integration_en notes sdk %else # Documentation. -%ninja_build -C %{_vpath_builddir} inst inte notes sdk -%if %{with doxy} -%ninja_build -C %{_vpath_builddir} doxy -%endif +%ninja_build -C %{_vpath_builddir} installation_integration_de installation_integration_en notes sdk %endif @@ -239,29 +232,25 @@ EOF # Relocate the application binary so we can call it through # a shell wrapper and move installed files to proper locations. mkdir -p %{buildroot}{%{_libexecdir},%{_qt5_translationdir}} -mv %{buildroot}%{_bindir}/%{name} %{buildroot}%{_libexecdir}/%{name} +mv %{buildroot}%{_bindir}/%{newname} %{buildroot}%{_libexecdir}/%{newname} # Install the shell wrapper and custom OpenSSL configuration. -install -pm 0755 fedora_%{name}_wrapper.sh %{buildroot}%{_bindir}/%{name} +install -pm 0755 fedora_%{name}_wrapper.sh %{buildroot}%{_bindir}/%{newname} install -pm 0644 fedora_%{name}_openssl.cnf \ - %{buildroot}%{_datadir}/%{name}/openssl.cnf + %{buildroot}%{_datadir}/%{newname}/openssl.cnf # Move translation in proper location. %if !(0%{?qt6_build}) -mv %{buildroot}%{_datadir}/%{name}/translations/* \ +mv %{buildroot}%{_datadir}/%{newname}/translations/* \ %{buildroot}%{_qt5_translationdir} -rm -fr %{buildroot}%{_datadir}/%{name}/translations +rm -fr %{buildroot}%{_datadir}/%{newname}/translations %endif # Excessive docs. -mkdir -p %{buildroot}%{_pkgdocdir}/{installation,integration,notes,sdk} +mkdir -p %{buildroot}%{_pkgdocdir}/{installation_integration_{de,en},notes,sdk} install -pm 0644 README.rst %{buildroot}%{_pkgdocdir} -%if %{with doxy} -mkdir -p %{buildroot}%{_pkgdocdir}/doxy -cp -a %{_vpath_builddir}/doc/html/* %{buildroot}%{_pkgdocdir}/doxy -%endif -cp -a %{_vpath_builddir}/docs/inst/html/* %{buildroot}%{_pkgdocdir}/installation -cp -a %{_vpath_builddir}/docs/inte/html/* %{buildroot}%{_pkgdocdir}/integration +cp -a %{_vpath_builddir}/docs/installation_integration_de/html/* %{buildroot}%{_pkgdocdir}/installation_integration_de +cp -a %{_vpath_builddir}/docs/installation_integration_en/html/* %{buildroot}%{_pkgdocdir}/installation_integration_en cp -a %{_vpath_builddir}/docs/notes/html/* %{buildroot}%{_pkgdocdir}/notes cp -a %{_vpath_builddir}/docs/sdk/html/* %{buildroot}%{_pkgdocdir}/sdk find %{buildroot}%{_pkgdocdir} -type d -print0 | xargs -0 chmod -c 0755 @@ -291,12 +280,12 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/*.desktop %license AUTHORS %license LICENSE.en.txt %license LICENSE.txt -%{_bindir}/.%{name}.hmac -%{_bindir}/%{name} +%{_bindir}/.%{newname}.hmac +%{_bindir}/%{newname} %{_datadir}/applications/com.governikus.%{lc_name}.desktop -%{_libexecdir}/.%{name}.hmac -%{_libexecdir}/%{name} -%{_mandir}/man1/%{name}.1* +%{_libexecdir}/.%{newname}.hmac +%{_libexecdir}/%{newname} +%{_mandir}/man1/%{newname}.1* %{_metainfodir}/com.governikus.%{lc_name}.metainfo.xml @@ -305,7 +294,7 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/*.desktop %else %files data -f %{lc_name}.icons -f %{lc_name}.lang %endif -%{_datadir}/%{name} +%{_datadir}/%{newname} %files doc @@ -314,171 +303,4 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/*.desktop %changelog -* Fri Oct 13 2023 Jan Grulich - 1.26.7-3 -- Rebuild (qt6) - -* Thu Oct 05 2023 Jan Grulich - 1.26.7-2 -- Rebuild (qt6) - -* Fri Jul 28 2023 Björn Esser - 1.26.7-1 -- New upstream release - Fixes rhbz#2227358 - -* Fri Jul 28 2023 Björn Esser - 1.26.6-1 -- New upstream release - Fixes rhbz#2227095 - -* Wed Jul 26 2023 Björn Esser - 1.26.5-1 -- New upstream release - Fixes rhbz#2226708 - -* Wed Jul 19 2023 Fedora Release Engineering - 1.26.4-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild - -* Fri Jul 14 2023 Björn Esser - 1.26.4-4 -- Rebuild(Qt_6.5) - Fixes rhbz#2222625 - -* Sun Jun 04 2023 Björn Esser - 1.26.4-3 -- Rebuild(Qt_6.5) - -* Sun May 07 2023 Björn Esser - 1.26.4-2 -- Rebuild(Qt_6.5) - -* Mon May 01 2023 Björn Esser - 1.26.4-1 -- New upstream release - -* Thu Mar 23 2023 Björn Esser - 1.26.3-1 -- New upstream release -- Enable use of Brainpool ECC - -* Sat Jan 28 2023 Björn Esser - 1.26.2-2 -- Drop Qt6 version lock, as this is already ensured by symbol versioning - -* Sun Jan 22 2023 Björn Esser - 1.26.2-1 -- New upstream release - -* Wed Jan 18 2023 Fedora Release Engineering - 1.24.4-3 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild - -* Sun Nov 27 2022 Björn Esser - 1.24.4-2 -- Rebuild(qt6) - -* Sun Nov 06 2022 Björn Esser - 1.24.4-1 -- New upstream release - -* Fri Sep 02 2022 Björn Esser - 1.24.1-1 -- New upstream release - -* Wed Jul 20 2022 Fedora Release Engineering - 1.22.3-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild - -* Wed Jan 26 2022 Björn Esser - 1.22.3-1 -- New upstream release -- Explicitly BR '/usr/bin/fipshmac' instead of fipscheck package - -* Wed Jan 19 2022 Fedora Release Engineering - 1.22.2-5 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild - -* Tue Sep 14 2021 Sahana Prasad - 1.22.2-4 -- Rebuilt with OpenSSL 3.0.0 - -* Tue Aug 31 2021 Björn Esser - 1.22.2-3 -- Drop forge-macros and perform tarbal verification during %%prep - -* Tue Aug 31 2021 Björn Esser - 1.22.2-2 -- Add a patch to disable use of Brainpool Elliptic Curves - -* Sun Aug 22 2021 Björn Esser - 1.22.2-1 -- New upstream release -- Disable enforcing of FIPS mode for OpenSSL - -* Wed Jul 21 2021 Fedora Release Engineering - 1.20.2-12 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild - -* Mon Jan 25 2021 Fedora Release Engineering - 1.20.2-11 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild - -* Sun Nov 15 08:50:35 CET 2020 Björn Esser - 1.20.2-10 -- Add runtime dependency on qt5-qtquickcontrols2 - -* Sat Oct 3 12:51:03 CEST 2020 Björn Esser - 1.20.2-9 -- Disable fipscheck in shell wrapper as it does not work in Fedora 33+ - -* Sat Sep 26 2020 Björn Esser - 1.20.2-8 -- Make shell wrapper exit with the exit code of fipscheck on failure - -* Sat Sep 26 2020 Björn Esser - 1.20.2-7 -- Calculate fipshmac for config files and shell wrapper -- Run fipscheck in shell wrapper before application starts - -* Fri Sep 25 2020 Björn Esser - 1.20.2-6 -- Use a python script to generate a tailored OpenSSL configuration - -* Thu Sep 24 2020 Björn Esser - 1.20.2-5 -- Some small spec file optimizations - -* Thu Sep 24 2020 Björn Esser - 1.20.2-4 -- Use a more elaborate application specific OpenSSL configuration - This also re-enables SHA384 hashes in ciphers - -* Wed Sep 23 2020 Björn Esser - 1.20.2-3 -- Do not enable SHA384 ciphers in custom OpenSSL configuration - -* Wed Sep 23 2020 Björn Esser - 1.20.2-2 -- Use application specific OpenSSL config through a shell wrapper - -* Mon Sep 07 2020 Björn Esser - 1.20.2-1 -- New upstream release - -* Mon Aug 24 2020 Björn Esser - 1.20.1-3 -- Add a patch to load translations from Qt5 TranslationsPath -- Move translation files to proper location -- Drop invokation of ctest, as we cannot run the testsuite - from a release build -- Replace patch adding English license with the actual license file - -* Fri Aug 21 2020 Björn Esser - 1.20.1-2 -- Add a patch to exclude the build directory in the Doxyfile -- Merge doc-api package with the doc package, since the Doxygen - API documentation can be shipped noarch'ed as well now - -* Wed Aug 19 2020 Björn Esser - 1.20.1-1 -- Initial import (#1851205) - -* Fri Jul 17 2020 Björn Esser - 1.20.1-0.11 -- Use %%cmake_{build,install} macros on newer distributions - -* Sat Jul 04 2020 Björn Esser - 1.20.1-0.10 -- Add license text in English language - -* Fri Jun 26 2020 Björn Esser - 1.20.1-0.9 -- Also obsolete package with %%{name} previous to this package version - -* Fri Jun 26 2020 Björn Esser - 1.20.1-0.8 -- Ensure archful packages always require equal architecture - -* Fri Jun 26 2020 Björn Esser - 1.20.1-0.7 -- Make sure permissions of the documentation files are correct -- Remove hidden files in documentation -- Drop 'LICENSE.officially.txt', as it only applies to binary copies, - which are distributed on behalf of the federal government of Germany - -* Thu Jun 25 2020 Björn Esser - 1.20.1-0.6 -- Use '--help-all' option when generating man-page -- Split build of Doxygen API docs from building user docs - -* Thu Jun 25 2020 Björn Esser - 1.20.1-0.5 -- Add generated man-page - -* Thu Jun 25 2020 Björn Esser - 1.20.1-0.4 -- Use a macro for lowercase package name - -* Thu Jun 25 2020 Björn Esser - 1.20.1-0.3 -- Use ninja-build instead of GNU Make to speed up the build a bit - -* Thu Jun 25 2020 Björn Esser - 1.20.1-0.2 -- Adaptions for building on EPEL - -* Wed Jun 24 2020 Björn Esser - 1.20.1-0.1 -- Initial spec file for review +%autochangelog diff --git a/changelog b/changelog new file mode 100644 index 0000000..5347e01 --- /dev/null +++ b/changelog @@ -0,0 +1,175 @@ +* Thu Dec 28 2023 Julian Sikorski - 2.0.1-1 +- Update to 2.0.1 +- Fix up config.json.in section names + +* Wed Nov 29 2023 Jan Grulich - 1.26.7-4 +- Rebuild (qt6) + +* Fri Oct 13 2023 Jan Grulich - 1.26.7-3 +- Rebuild (qt6) + +* Thu Oct 05 2023 Jan Grulich - 1.26.7-2 +- Rebuild (qt6) + +* Fri Jul 28 2023 Björn Esser - 1.26.7-1 +- New upstream release + Fixes rhbz#2227358 + +* Fri Jul 28 2023 Björn Esser - 1.26.6-1 +- New upstream release + Fixes rhbz#2227095 + +* Wed Jul 26 2023 Björn Esser - 1.26.5-1 +- New upstream release + Fixes rhbz#2226708 + +* Wed Jul 19 2023 Fedora Release Engineering - 1.26.4-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild + +* Fri Jul 14 2023 Björn Esser - 1.26.4-4 +- Rebuild(Qt_6.5) + Fixes rhbz#2222625 + +* Sun Jun 04 2023 Björn Esser - 1.26.4-3 +- Rebuild(Qt_6.5) + +* Sun May 07 2023 Björn Esser - 1.26.4-2 +- Rebuild(Qt_6.5) + +* Mon May 01 2023 Björn Esser - 1.26.4-1 +- New upstream release + +* Thu Mar 23 2023 Björn Esser - 1.26.3-1 +- New upstream release +- Enable use of Brainpool ECC + +* Sat Jan 28 2023 Björn Esser - 1.26.2-2 +- Drop Qt6 version lock, as this is already ensured by symbol versioning + +* Sun Jan 22 2023 Björn Esser - 1.26.2-1 +- New upstream release + +* Wed Jan 18 2023 Fedora Release Engineering - 1.24.4-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild + +* Sun Nov 27 2022 Björn Esser - 1.24.4-2 +- Rebuild(qt6) + +* Sun Nov 06 2022 Björn Esser - 1.24.4-1 +- New upstream release + +* Fri Sep 02 2022 Björn Esser - 1.24.1-1 +- New upstream release + +* Wed Jul 20 2022 Fedora Release Engineering - 1.22.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild + +* Wed Jan 26 2022 Björn Esser - 1.22.3-1 +- New upstream release +- Explicitly BR '/usr/bin/fipshmac' instead of fipscheck package + +* Wed Jan 19 2022 Fedora Release Engineering - 1.22.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild + +* Tue Sep 14 2021 Sahana Prasad - 1.22.2-4 +- Rebuilt with OpenSSL 3.0.0 + +* Tue Aug 31 2021 Björn Esser - 1.22.2-3 +- Drop forge-macros and perform tarbal verification during %%prep + +* Tue Aug 31 2021 Björn Esser - 1.22.2-2 +- Add a patch to disable use of Brainpool Elliptic Curves + +* Sun Aug 22 2021 Björn Esser - 1.22.2-1 +- New upstream release +- Disable enforcing of FIPS mode for OpenSSL + +* Wed Jul 21 2021 Fedora Release Engineering - 1.20.2-12 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild + +* Mon Jan 25 2021 Fedora Release Engineering - 1.20.2-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Sun Nov 15 08:50:35 CET 2020 Björn Esser - 1.20.2-10 +- Add runtime dependency on qt5-qtquickcontrols2 + +* Sat Oct 3 12:51:03 CEST 2020 Björn Esser - 1.20.2-9 +- Disable fipscheck in shell wrapper as it does not work in Fedora 33+ + +* Sat Sep 26 2020 Björn Esser - 1.20.2-8 +- Make shell wrapper exit with the exit code of fipscheck on failure + +* Sat Sep 26 2020 Björn Esser - 1.20.2-7 +- Calculate fipshmac for config files and shell wrapper +- Run fipscheck in shell wrapper before application starts + +* Fri Sep 25 2020 Björn Esser - 1.20.2-6 +- Use a python script to generate a tailored OpenSSL configuration + +* Thu Sep 24 2020 Björn Esser - 1.20.2-5 +- Some small spec file optimizations + +* Thu Sep 24 2020 Björn Esser - 1.20.2-4 +- Use a more elaborate application specific OpenSSL configuration + This also re-enables SHA384 hashes in ciphers + +* Wed Sep 23 2020 Björn Esser - 1.20.2-3 +- Do not enable SHA384 ciphers in custom OpenSSL configuration + +* Wed Sep 23 2020 Björn Esser - 1.20.2-2 +- Use application specific OpenSSL config through a shell wrapper + +* Mon Sep 07 2020 Björn Esser - 1.20.2-1 +- New upstream release + +* Mon Aug 24 2020 Björn Esser - 1.20.1-3 +- Add a patch to load translations from Qt5 TranslationsPath +- Move translation files to proper location +- Drop invokation of ctest, as we cannot run the testsuite + from a release build +- Replace patch adding English license with the actual license file + +* Fri Aug 21 2020 Björn Esser - 1.20.1-2 +- Add a patch to exclude the build directory in the Doxyfile +- Merge doc-api package with the doc package, since the Doxygen + API documentation can be shipped noarch'ed as well now + +* Wed Aug 19 2020 Björn Esser - 1.20.1-1 +- Initial import (#1851205) + +* Fri Jul 17 2020 Björn Esser - 1.20.1-0.11 +- Use %%cmake_{build,install} macros on newer distributions + +* Sat Jul 04 2020 Björn Esser - 1.20.1-0.10 +- Add license text in English language + +* Fri Jun 26 2020 Björn Esser - 1.20.1-0.9 +- Also obsolete package with %%{name} previous to this package version + +* Fri Jun 26 2020 Björn Esser - 1.20.1-0.8 +- Ensure archful packages always require equal architecture + +* Fri Jun 26 2020 Björn Esser - 1.20.1-0.7 +- Make sure permissions of the documentation files are correct +- Remove hidden files in documentation +- Drop 'LICENSE.officially.txt', as it only applies to binary copies, + which are distributed on behalf of the federal government of Germany + +* Thu Jun 25 2020 Björn Esser - 1.20.1-0.6 +- Use '--help-all' option when generating man-page +- Split build of Doxygen API docs from building user docs + +* Thu Jun 25 2020 Björn Esser - 1.20.1-0.5 +- Add generated man-page + +* Thu Jun 25 2020 Björn Esser - 1.20.1-0.4 +- Use a macro for lowercase package name + +* Thu Jun 25 2020 Björn Esser - 1.20.1-0.3 +- Use ninja-build instead of GNU Make to speed up the build a bit + +* Thu Jun 25 2020 Björn Esser - 1.20.1-0.2 +- Adaptions for building on EPEL + +* Wed Jun 24 2020 Björn Esser - 1.20.1-0.1 +- Initial spec file for review diff --git a/gen_openssl_cnf.py b/gen_openssl_cnf.py index 531c0d4..25e7e5c 100644 --- a/gen_openssl_cnf.py +++ b/gen_openssl_cnf.py @@ -49,8 +49,9 @@ class _Const(object): return [ 'tlsSettings', 'tlsSettingsPsk', - 'tlsSettingsRemoteReader', - 'tlsSettingsRemoteReaderPairing', + 'tlsSettingsRemoteIfd', + 'tlsSettingsRemoteIfdPairing', + 'tlsSettingsLocalIfd', ] @constant @@ -75,10 +76,14 @@ class _Const(object): @constant def KEYSIZE_SECTIONS(): return [ - 'minStaticKeySizes', - 'minEphemeralKeySizes', + 'minKeySizes', + 'sizesIfd', ] + @constant + def KEYSIZE_MIN_SECTION(): + return 'min' + @constant def TLS_VERSIONS(): return { @@ -100,9 +105,15 @@ def get_min_ssl_sec_level(json_data): if option in json_data[section]: if min_keysize > json_data[section][option]: min_keysize = json_data[section][option] + elif option in json_data[section][CONST.KEYSIZE_MIN_SECTION]: + if min_keysize > json_data[section][CONST.KEYSIZE_MIN_SECTION][option]: + min_keysize = json_data[section][CONST.KEYSIZE_MIN_SECTION][option] if CONST.KEYSIZE_EC_OPTION in json_data[section]: if min_ecsize > json_data[section][CONST.KEYSIZE_EC_OPTION]: min_ecsize = json_data[section][CONST.KEYSIZE_EC_OPTION] + elif CONST.KEYSIZE_EC_OPTION in json_data[section][CONST.KEYSIZE_MIN_SECTION]: + if min_ecsize > json_data[section][CONST.KEYSIZE_MIN_SECTION][CONST.KEYSIZE_EC_OPTION]: + min_ecsize = json_data[section][CONST.KEYSIZE_MIN_SECTION][CONST.KEYSIZE_EC_OPTION] if min_keysize >= 1000 and min_ecsize >= 160: sec_level = 1 diff --git a/sources b/sources index dbcbd1d..7862543 100644 --- a/sources +++ b/sources @@ -1,2 +1,4 @@ -SHA512 (AusweisApp2-1.26.7.tar.gz) = 4a94042efc5f95e2df6518fcaf863ed6deebb160d35a5cdd7155a3b6aa6128b213408ce42310d942ee4e83e03cb2c3d898738846bb37995aa1ff03f660ac54b0 +SHA512 (AusweisApp-2.4.0.tar.gz) = 6e0d89b30176f7722bebab01322363ee38ff43573167061d4a97d840b669f3e579ad9fb62345b97b75490690fd5e03f25994eaa1a77334171fcdd28d39ec3e4a +SHA512 (AusweisApp-2.4.0.tar.gz.asc) = ac8ffdb68d5847978bf639a8f32462053bddcace5d9c3d6cb16e788bb2dbe98ae3b7cafe089246fa786fa4b3e048b81b608cbe77e948a843b2dcd774796d2a56 +SHA512 (AusweisApp-2.4.0.tar.gz.sha256) = 257634437251fc22b3d85386a282ee4ce68d2f0db1112a912a54db9a6741ecb79b4180c490486d9ff8519246e62165b5953ed5739e9de0e180bb46decfeff16a SHA512 (AusweisApp2-pubring.gpg) = 3aae27b673f4eb2f7d3bda6c839b3d11829a730bde546e92abb889abb1c2453e786dc906154074485406692f5b9abbb3e1fb293e6b397696b6371016723621cd