Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild

Update to 2.4.0
Rebuild (qt6)
2026-01-16 02:27:52 +00:00 · 2025-10-30 14:32:23 +01:00 · 2025-09-30 06:47:04 +02:00 · 2025-07-23 15:41:34 +00:00 · 2025-06-26 21:48:52 +02:00 · 2025-03-25 15:28:58 +01:00
9 changed files with 764 additions and 247 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,2 +1,37 @@
 /AusweisApp2-*.tar.gz
 /AusweisApp2-pubring.gpg
+/AusweisApp-2.0.1.tar.gz
+/AusweisApp-pubring.gpg
+/AusweisApp-2.0.2.tar.gz
+/AusweisApp-2.0.2.tar.gz.asc
+/AusweisApp-2.0.2.tar.gz.sha256
+/AusweisApp-2.0.3.tar.gz
+/AusweisApp-2.0.3.tar.gz.asc
+/AusweisApp-2.0.3.tar.gz.sha256
+/AusweisApp-2.1.0.tar.gz
+/AusweisApp-2.1.0.tar.gz.asc
+/AusweisApp-2.1.0.tar.gz.sha256
+/AusweisApp-2.1.1.tar.gz
+/AusweisApp-2.1.1.tar.gz.asc
+/AusweisApp-2.1.1.tar.gz.sha256
+/AusweisApp-2.2.0.tar.gz
+/AusweisApp-2.2.0.tar.gz.asc
+/AusweisApp-2.2.0.tar.gz.sha256
+/AusweisApp-2.2.1.tar.gz
+/AusweisApp-2.2.1.tar.gz.asc
+/AusweisApp-2.2.1.tar.gz.sha256
+/AusweisApp-2.2.2.tar.gz
+/AusweisApp-2.2.2.tar.gz.asc
+/AusweisApp-2.2.2.tar.gz.sha256
+/AusweisApp-2.3.0.tar.gz
+/AusweisApp-2.3.0.tar.gz.asc
+/AusweisApp-2.3.0.tar.gz.sha256
+/AusweisApp-2.3.1.tar.gz
+/AusweisApp-2.3.1.tar.gz.asc
+/AusweisApp-2.3.1.tar.gz.sha256
+/AusweisApp-2.3.2.tar.gz
+/AusweisApp-2.3.2.tar.gz.asc
+/AusweisApp-2.3.2.tar.gz.sha256
+/AusweisApp-2.4.0.tar.gz
+/AusweisApp-2.4.0.tar.gz.asc
+/AusweisApp-2.4.0.tar.gz.sha256
--- a/0001-Use-legacy-OpenSSL-API.patch
+++ b/0001-Use-legacy-OpenSSL-API.patch
@ -0,0 +1,471 @@
+From f5d48a49ea7055b7d4edf5f1398557b475419fb9 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Thu, 30 Oct 2025 13:51:15 +0100
+Subject: [PATCH] Use legacy OpenSSL API
+
+---
+ src/card/base/asn1/EcdsaPublicKey.cpp        |  39 -----
+ src/card/base/asn1/EcdsaPublicKey.h          |   6 +-
+ src/card/base/pace/ec/EcUtil.cpp             | 145 -------------------
+ src/card/base/pace/ec/EcUtil.h               |  12 --
+ src/card/base/pace/ec/EcdhGenericMapping.cpp |   5 -
+ src/card/base/pace/ec/EcdhGenericMapping.h   |   4 -
+ src/card/simulator/SimulatorCard.cpp         |  37 -----
+ src/card/simulator/SimulatorCard.h           |   4 -
+ src/card/simulator/SimulatorFileSystem.cpp   |   9 --
+ src/card/simulator/SimulatorFileSystem.h     |   4 -
+ 10 files changed, 1 insertion(+), 264 deletions(-)
+
+diff --git a/src/card/base/asn1/EcdsaPublicKey.cpp b/src/card/base/asn1/EcdsaPublicKey.cpp
+index 7f54045..dc7e26b 100644
+--- a/src/card/base/asn1/EcdsaPublicKey.cpp
+++ b/src/card/base/asn1/EcdsaPublicKey.cpp
+@@ -182,7 +182,6 @@ QByteArray EcdsaPublicKey::getUncompressedPublicPoint() const
+ }
+ 
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ QSharedPointer<EC_GROUP> EcdsaPublicKey::createGroup(const CurveData& pData) const
+ {
+ 	QSharedPointer<EC_GROUP> group = EcUtil::create(EC_GROUP_new_curve_GFp(pData.p.data(), pData.a.data(), pData.b.data(), nullptr));
+@@ -209,8 +208,6 @@ QSharedPointer<EC_GROUP> EcdsaPublicKey::createGroup(const CurveData& pData) con
+ }
+ 
+ 
+-#endif
+-
+ QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const QByteArray& pPublicPoint) const
+ {
+ 	return createKey(reinterpret_cast<const uchar*>(pPublicPoint.constData()), static_cast<int>(pPublicPoint.size()));
+@@ -239,7 +236,6 @@ QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const uchar* pPublicPoint, in
+ 		return nullptr;
+ 	}
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ 	const auto& group = createGroup(curveData);
+ 	if (group.isNull())
+ 	{
+@@ -275,39 +271,4 @@ QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const uchar* pPublicPoint, in
+ 
+ 	return key;
+ 
+-#else
+-	const auto& params = EcUtil::create([&curveData, pPublicPoint, pPublicPointLength, this](OSSL_PARAM_BLD* pBuilder){
+-				return OSSL_PARAM_BLD_push_BN(pBuilder, "p", curveData.p.data())
+-					   && OSSL_PARAM_BLD_push_BN(pBuilder, "a", curveData.a.data())
+-					   && OSSL_PARAM_BLD_push_BN(pBuilder, "b", curveData.b.data())
+-					   && OSSL_PARAM_BLD_push_BN(pBuilder, "order", curveData.order.data())
+-					   && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", curveData.cofactor.data())
+-					   && OSSL_PARAM_BLD_push_octet_string(pBuilder, "pub", pPublicPoint, static_cast<size_t>(pPublicPointLength))
+-					   && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", mBasePoint->data, static_cast<size_t>(mBasePoint->length))
+-					   && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12);
+-			});
+-
+-	if (params == nullptr)
+-	{
+-		qCCritical(card) << "Cannot set parameter";
+-		return nullptr;
+-	}
+-
+-	auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr));
+-	if (!EVP_PKEY_fromdata_init(ctx.data()))
+-	{
+-		qCCritical(card) << "Cannot init pkey";
+-		return nullptr;
+-	}
+-
+-	EVP_PKEY* key = nullptr;
+-	if (!EVP_PKEY_fromdata(ctx.data(), &key, EVP_PKEY_PUBLIC_KEY, params.data()))
+-	{
+-		qCCritical(card) << "Cannot fetch data for pkey";
+-		return nullptr;
+-	}
+-
+-	return EcUtil::create(key);
+-
+-#endif
+ }
+diff --git a/src/card/base/asn1/EcdsaPublicKey.h b/src/card/base/asn1/EcdsaPublicKey.h
+index 860bc74..c85e48b 100644
+--- a/src/card/base/asn1/EcdsaPublicKey.h
+++ b/src/card/base/asn1/EcdsaPublicKey.h
+@@ -13,9 +13,7 @@
+ #include <openssl/asn1t.h>
+ #include <openssl/evp.h>
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+-	#include <openssl/ec.h>
+-#endif
+#include <openssl/ec.h>
+ 
+ 
+ namespace governikus
+@@ -105,9 +103,7 @@ using EcdsaPublicKey = struct ecdsapublickey_st
+ 
+ 		[[nodiscard]] CurveData createCurveData() const;
+ 		[[nodiscard]] QSharedPointer<EVP_PKEY> createKey(const uchar* pPublicPoint, int pPublicPointLength) const;
+-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ 		[[nodiscard]] QSharedPointer<EC_GROUP> createGroup(const CurveData& pData) const;
+-#endif
+ 
+ 	public:
+ 		static int decodeCallback(int pOperation, ASN1_VALUE** pVal, const ASN1_ITEM* pIt, void* pExarg);
+diff --git a/src/card/base/pace/ec/EcUtil.cpp b/src/card/base/pace/ec/EcUtil.cpp
+index 069ad81..546438f 100644
+--- a/src/card/base/pace/ec/EcUtil.cpp
+++ b/src/card/base/pace/ec/EcUtil.cpp
+@@ -103,148 +103,6 @@ QSharedPointer<EC_POINT> EcUtil::oct2point(const QSharedPointer<const EC_GROUP>&
+ }
+ 
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer<EVP_PKEY>& pKey, bool pCompressed)
+-{
+-	if (pKey.isNull())
+-	{
+-		qCCritical(card) << "Cannot use undefined key";
+-		return nullptr;
+-	}
+-
+-	uchar* key = nullptr;
+-	const size_t length = EVP_PKEY_get1_encoded_public_key(pKey.data(), &key);
+-	const auto guard = qScopeGuard([key] {
+-				OPENSSL_free(key);
+-			});
+-
+-	if (length == 0)
+-	{
+-		return QByteArray();
+-	}
+-
+-	const QByteArray uncompressed(reinterpret_cast<char*>(key), static_cast<int>(length));
+-	return pCompressed ? EcUtil::compressPoint(uncompressed) : uncompressed;
+-}
+-
+-
+-QSharedPointer<BIGNUM> EcUtil::getPrivateKey(const QSharedPointer<const EVP_PKEY>& pKey)
+-{
+-	BIGNUM* privKey = nullptr;
+-	EVP_PKEY_get_bn_param(pKey.data(), "priv", &privKey);
+-	return EcUtil::create(privKey);
+-}
+-
+-
+-QSharedPointer<OSSL_PARAM> EcUtil::create(const std::function<bool(OSSL_PARAM_BLD* pBuilder)>& pFunc)
+-{
+-	OSSL_PARAM_BLD* bld = OSSL_PARAM_BLD_new();
+-	const auto guard = qScopeGuard([bld] {
+-				OSSL_PARAM_BLD_free(bld);
+-			});
+-
+-	if (bld == nullptr)
+-	{
+-		qCCritical(card) << "Cannot create parameter builder";
+-		return nullptr;
+-	}
+-
+-	if (!pFunc(bld))
+-	{
+-		qCCritical(card) << "Cannot initialize parameter builder";
+-		return nullptr;
+-	}
+-
+-	if (OSSL_PARAM* params = OSSL_PARAM_BLD_to_param(bld); params != nullptr)
+-	{
+-		static auto deleter = [](OSSL_PARAM* pParam)
+-				{
+-					OSSL_PARAM_free(pParam);
+-				};
+-
+-		return QSharedPointer<OSSL_PARAM>(params, deleter);
+-	}
+-
+-	qCCritical(card) << "Cannot create parameter";
+-	return nullptr;
+-}
+-
+-
+-QSharedPointer<EVP_PKEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>& pCurve)
+-{
+-	if (pCurve.isNull())
+-	{
+-		qCCritical(card) << "Curve is undefined";
+-		return nullptr;
+-	}
+-
+-	auto generator = EcUtil::point2oct(pCurve, EC_GROUP_get0_generator(pCurve.data()));
+-
+-	auto order = EcUtil::create(BN_new());
+-	if (!EC_GROUP_get_order(pCurve.data(), order.data(), nullptr))
+-	{
+-		qCCritical(card) << "Cannot fetch order";
+-		return nullptr;
+-	}
+-
+-	auto cofactor = EcUtil::create(BN_new());
+-	if (!EC_GROUP_get_cofactor(pCurve.data(), cofactor.data(), nullptr))
+-	{
+-		qCCritical(card) << "Cannot fetch cofactor";
+-		return nullptr;
+-	}
+-
+-	auto p = EcUtil::create(BN_new());
+-	auto a = EcUtil::create(BN_new());
+-	auto b = EcUtil::create(BN_new());
+-	if (!EC_GROUP_get_curve(pCurve.data(), p.data(), a.data(), b.data(), nullptr))
+-	{
+-		qCCritical(card) << "Cannot fetch a, b or p";
+-		return nullptr;
+-	}
+-
+-	const auto& params = EcUtil::create([&p, &a, &b, &order, &cofactor, &generator](OSSL_PARAM_BLD* pBuilder){
+-				return OSSL_PARAM_BLD_push_BN(pBuilder, "p", p.data())
+-					   && OSSL_PARAM_BLD_push_BN(pBuilder, "a", a.data())
+-					   && OSSL_PARAM_BLD_push_BN(pBuilder, "b", b.data())
+-					   && OSSL_PARAM_BLD_push_BN(pBuilder, "order", order.data())
+-					   && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", cofactor.data())
+-					   && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", generator.data(), static_cast<size_t>(generator.size()))
+-					   && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12);
+-			});
+-
+-	if (params == nullptr)
+-	{
+-		qCCritical(card) << "Cannot set parameter";
+-		return nullptr;
+-	}
+-
+-	auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr));
+-	if (!ctx)
+-	{
+-		qCCritical(card) << "Cannot create EVP_PKEY_CTX";
+-		return nullptr;
+-	}
+-	EVP_PKEY_keygen_init(ctx.data());
+-
+-	if (!EVP_PKEY_CTX_set_params(ctx.data(), params.data()))
+-	{
+-		qCCritical(card) << "Cannot set params to EVP_PKEY_CTX";
+-		return nullptr;
+-	}
+-
+-	EVP_PKEY* key = nullptr;
+-	if (!EVP_PKEY_generate(ctx.data(), &key))
+-	{
+-		qCCritical(card) << "Cannot create EVP_PKEY";
+-		return nullptr;
+-	}
+-
+-	return EcUtil::create(key);
+-}
+-
+-
+-#else
+ QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer<EC_KEY>& pKey, bool pCompressed)
+ {
+ 	if (pKey.isNull())
+@@ -293,6 +151,3 @@ QSharedPointer<EC_KEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>&
+ 
+ 	return key;
+ }
+-
+-
+-#endif
+diff --git a/src/card/base/pace/ec/EcUtil.h b/src/card/base/pace/ec/EcUtil.h
+index 63eb16c..914c268 100644
+--- a/src/card/base/pace/ec/EcUtil.h
+++ b/src/card/base/pace/ec/EcUtil.h
+@@ -26,24 +26,15 @@ class EcUtil
+ 		static QSharedPointer<EC_POINT> oct2point(const QSharedPointer<const EC_GROUP>& pCurve, const QByteArray& pCompressedData);
+ 
+ 		static QSharedPointer<EC_GROUP> create(EC_GROUP* pEcGroup);
+-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ 		static QSharedPointer<EC_KEY> create(EC_KEY* pEcKey);
+-#endif
+ 		static QSharedPointer<EC_POINT> create(EC_POINT* pEcPoint);
+ 		static QSharedPointer<BIGNUM> create(BIGNUM* pBigNum);
+ 		static QSharedPointer<EVP_PKEY> create(EVP_PKEY* pEcGroup);
+ 		static QSharedPointer<EVP_PKEY_CTX> create(EVP_PKEY_CTX* pEcGroup);
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-		static QByteArray getEncodedPublicKey(const QSharedPointer<EVP_PKEY>& pKey, bool pCompressed = false);
+-		static QSharedPointer<BIGNUM> getPrivateKey(const QSharedPointer<const EVP_PKEY>& pKey);
+-		static QSharedPointer<OSSL_PARAM> create(const std::function<bool(OSSL_PARAM_BLD* pBuilder)>& pFunc);
+-		static QSharedPointer<EVP_PKEY> generateKey(const QSharedPointer<const EC_GROUP>& pCurve);
+-#else
+ 		static QByteArray getEncodedPublicKey(const QSharedPointer<EC_KEY>& pKey, bool pCompressed = false);
+ 		static QSharedPointer<BIGNUM> getPrivateKey(const QSharedPointer<const EC_KEY>& pKey);
+ 		static QSharedPointer<EC_KEY> generateKey(const QSharedPointer<const EC_GROUP>& pCurve);
+-#endif
+ 
+ 		static QSharedPointer<EC_GROUP> createCurve(int pNid);
+ };
+@@ -60,7 +51,6 @@ inline QSharedPointer<EC_GROUP> EcUtil::create(EC_GROUP* pEcGroup)
+ }
+ 
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ inline QSharedPointer<EC_KEY> EcUtil::create(EC_KEY* pEcKey)
+ {
+ 	static auto deleter = [](EC_KEY* ecKey)
+@@ -72,8 +62,6 @@ inline QSharedPointer<EC_KEY> EcUtil::create(EC_KEY* pEcKey)
+ }
+ 
+ 
+-#endif
+-
+ inline QSharedPointer<EC_POINT> EcUtil::create(EC_POINT* pEcPoint)
+ {
+ 	static auto deleter = [](EC_POINT* ecPoint)
+diff --git a/src/card/base/pace/ec/EcdhGenericMapping.cpp b/src/card/base/pace/ec/EcdhGenericMapping.cpp
+index 04cee51..571c7a0 100644
+--- a/src/card/base/pace/ec/EcdhGenericMapping.cpp
+++ b/src/card/base/pace/ec/EcdhGenericMapping.cpp
+@@ -49,12 +49,7 @@ bool EcdhGenericMapping::generateEphemeralDomainParameters(const QByteArray& pRe
+ 		return false;
+ 	}
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-	const QSharedPointer<const EC_POINT> localPubKeyPtr = EcUtil::oct2point(mCurve, EcUtil::getEncodedPublicKey(mLocalKey));
+-	const EC_POINT* localPubKey = localPubKeyPtr.data();
+-#else
+ 	const EC_POINT* localPubKey = EC_KEY_get0_public_key(mLocalKey.data());
+-#endif
+ 	if (!EC_POINT_cmp(mCurve.data(), localPubKey, remotePubKey.data(), nullptr))
+ 	{
+ 		qCCritical(card) << "The exchanged public keys are equal.";
+diff --git a/src/card/base/pace/ec/EcdhGenericMapping.h b/src/card/base/pace/ec/EcdhGenericMapping.h
+index e9c9768..188befb 100644
+--- a/src/card/base/pace/ec/EcdhGenericMapping.h
+++ b/src/card/base/pace/ec/EcdhGenericMapping.h
+@@ -22,11 +22,7 @@ class EcdhGenericMapping
+ 
+ 	private:
+ 		const QSharedPointer<EC_GROUP> mCurve;
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-		QSharedPointer<EVP_PKEY> mLocalKey;
+-#else
+ 		QSharedPointer<EC_KEY> mLocalKey;
+-#endif
+ 
+ 		QSharedPointer<EC_POINT> createNewGenerator(const QSharedPointer<const EC_POINT>& pRemotePubKey, const QSharedPointer<const BIGNUM>& pS);
+ 
+diff --git a/src/card/simulator/SimulatorCard.cpp b/src/card/simulator/SimulatorCard.cpp
+index 3c4e218..a39fb54 100644
+--- a/src/card/simulator/SimulatorCard.cpp
+++ b/src/card/simulator/SimulatorCard.cpp
+@@ -661,42 +661,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const
+ 		return QByteArray();
+ 	}
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-	const auto& terminalKey = EcUtil::create(EVP_PKEY_new());
+-	if (terminalKey.isNull() || EVP_PKEY_copy_parameters(terminalKey.data(), mCardKey.data()) == 0)
+-	{
+-		qCCritical(card_simulator) << "Initialization of the terminal key failed";
+-		return QByteArray();
+-	}
+-	if (!EVP_PKEY_set1_encoded_public_key(
+-			terminalKey.data(),
+-			reinterpret_cast<const unsigned char*>(pPoint.data()),
+-			static_cast<size_t>(pPoint.length())))
+-	{
+-		qCCritical(card_simulator) << "Interpreting the terminal key failed";
+-		return QByteArray();
+-	}
+-
+-	const auto& ctx = EcUtil::create(EVP_PKEY_CTX_new_from_pkey(nullptr, mCardKey.data(), nullptr));
+-	size_t resultLen = 0;
+-	if (EVP_PKEY_derive_init(ctx.data()) <= 0
+-			|| EVP_PKEY_derive_set_peer(ctx.data(), terminalKey.data()) <= 0
+-			|| EVP_PKEY_derive(ctx.data(), nullptr, &resultLen) <= 0)
+-	{
+-		qCCritical(card_simulator) << "Initialization or calculation of the result failed";
+-		return QByteArray();
+-	}
+-
+-	QByteArray result(static_cast<qsizetype>(resultLen), '\0');
+-	if (EVP_PKEY_derive(ctx.data(), reinterpret_cast<uchar*>(result.data()), &resultLen) <= 0)
+-	{
+-		qCCritical(card_simulator) << "Calculation of the result failed";
+-		return QByteArray();
+-	}
+-
+-	return result;
+-
+-#else
+ 	const auto& curve = EcUtil::create(EC_GROUP_dup(EC_KEY_get0_group(mCardKey.data())));
+ 	auto point = EcUtil::oct2point(curve, pPoint);
+ 	if (!point)
+@@ -715,7 +679,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const
+ 
+ 	return EcUtil::point2oct(curve, result.data(), true);
+ 
+-#endif
+ }
+ 
+ 
+diff --git a/src/card/simulator/SimulatorCard.h b/src/card/simulator/SimulatorCard.h
+index fc9db00..7a881cb 100644
+--- a/src/card/simulator/SimulatorCard.h
+++ b/src/card/simulator/SimulatorCard.h
+@@ -39,11 +39,7 @@ class SimulatorCard
+ 		int mPaceKeyId;
+ 		QByteArray mPaceNonce;
+ 		QByteArray mPaceTerminalKey;
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-		QSharedPointer<EVP_PKEY> mCardKey;
+-#else
+ 		QSharedPointer<EC_KEY> mCardKey;
+-#endif
+ 		QSharedPointer<const CVCertificate> mTaCertificate;
+ 		QByteArray mTaSigningData;
+ 		QByteArray mTaAuxData;
+diff --git a/src/card/simulator/SimulatorFileSystem.cpp b/src/card/simulator/SimulatorFileSystem.cpp
+index 5c01caa..4cbe60c 100644
+--- a/src/card/simulator/SimulatorFileSystem.cpp
+++ b/src/card/simulator/SimulatorFileSystem.cpp
+@@ -347,11 +347,7 @@ QByteArray SimulatorFileSystem::getPassword(PacePasswordId pPasswordId) const
+ }
+ 
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-QSharedPointer<EVP_PKEY> SimulatorFileSystem::getKey(int pKeyId) const
+-#else
+ QSharedPointer<EC_KEY> SimulatorFileSystem::getKey(int pKeyId) const
+-#endif
+ {
+ 	if (!mKeys.contains(pKeyId))
+ 	{
+@@ -367,13 +363,8 @@ QSharedPointer<EC_KEY> SimulatorFileSystem::getKey(int pKeyId) const
+ 		return nullptr;
+ 	}
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-	return privateKey;
+-
+-#else
+ 	return EcUtil::create(EVP_PKEY_get1_EC_KEY(privateKey.data()));
+ 
+-#endif
+ }
+ 
+ 
+diff --git a/src/card/simulator/SimulatorFileSystem.h b/src/card/simulator/SimulatorFileSystem.h
+index 7d8458f..57065db 100644
+--- a/src/card/simulator/SimulatorFileSystem.h
+++ b/src/card/simulator/SimulatorFileSystem.h
+@@ -43,11 +43,7 @@ class SimulatorFileSystem
+ 
+ 		[[nodiscard]] QByteArray getEfCardAccess() const;
+ 		[[nodiscard]] QByteArray getPassword(PacePasswordId pPasswordId) const;
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-		[[nodiscard]] QSharedPointer<EVP_PKEY> getKey(int pKeyId) const;
+-#else
+ 		[[nodiscard]] QSharedPointer<EC_KEY> getKey(int pKeyId) const;
+-#endif
+ 		[[nodiscard]] QSharedPointer<const CVCertificate> getTrustPoint() const;
+ 		void setTrustPoint(const QSharedPointer<const CVCertificate>& pTrustPoint);
+ 
+-- 
+2.51.0
+
--- a/AusweisApp2-1.24.1-use_Qt_TranslationsPath.patch
+++ b/AusweisApp2-1.24.1-use_Qt_TranslationsPath.patch
@ -1,8 +1,17 @@
-Index: AusweisApp2-1.24.1/src/global/FileDestination.h
-===================================================================
--- AusweisApp2-1.24.1.orig/src/global/FileDestination.h
-+++ AusweisApp2-1.24.1/src/global/FileDestination.h
-@@ -9,8 +9,10 @@
+From 056e560ed6432e99a297d1c1d2c89c89621bd825 Mon Sep 17 00:00:00 2001
+From: rpm-build <rpm-build>
+Date: Thu, 6 Mar 2025 01:00:00 +0100
+Subject: [PATCH] AusweisApp2-1.24.1-use_Qt_TranslationsPath.patch
+
+---
+ src/global/FileDestination.h | 9 +++++++++
+ 1 file changed, 9 insertions(+)
+
+diff --git a/src/global/FileDestination.h b/src/global/FileDestination.h
+index 2fd5826..781e9b9 100644
+--- a/src/global/FileDestination.h
+++ b/src/global/FileDestination.h
+@@ -7,8 +7,10 @@
 #include <QCoreApplication>
 #include <QDebug>
 #include <QFile>
@ -11,9 +20,9 @@ Index: AusweisApp2-1.24.1/src/global/FileDestination.h
 #include <QStringBuilder>
 +#include <QtGlobal>
 
+ 
 namespace governikus
- {
-@@ -52,6 +54,13 @@ class FileDestination
+@@ -51,6 +53,13 @@ class FileDestination
 			QStandardPaths::StandardLocation pStandard = QStandardPaths::AppDataLocation)
 		{
 #if (defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)) || (defined(Q_OS_BSD4) && !defined(Q_OS_MACOS) && !defined(Q_OS_IOS))
@ -27,3 +36,6 @@ Index: AusweisApp2-1.24.1/src/global/FileDestination.h
 			if (const auto& match = QStandardPaths::locate(pStandard, pFilename, pOption); !match.isNull())
 			{
 				return match;
+-- 
+2.48.1
+
--- a/AusweisApp2-1.26.7.tar.gz.asc
+++ b/AusweisApp2-1.26.7.tar.gz.asc
@ -1,16 +0,0 @@
-----BEGIN PGP SIGNATURE-----
-
-iQIzBAABCAAdFiEEaZvzBVsKSSJO/efHLXR5pTFFEIgFAmTDxJ8ACgkQLXR5pTFF
-EIh9Dw//ZMA+HUaRMp9wUCbPxm9XfT2WmVSAdlQPFUcNlue9LTVRGQKzqm0aYHE1
-qDjBdg2u5icS+pcZiX8zgnSijsxUIOVlqEeOq3Ww+X4P5LGI9HugVYCUIGAKrSEr
-vGNSnsGs7v7akKVjZea45G6hdGOSm1UrPMp36rSCXmEMzuhDVCg76Ue0rHy2uN9D
-2rud1CuLSDEKQs3MqkU1E5lRVX2uuKPz8xgVZTxYixJGlfCa7lPlO1dhEJzAqEtN
-r1CMDinjYzjTu3K9ecj5w0HuB/w6VNtAchZ6nT4oUNDUp4AzWYcJEhVVN9iqVRdF
-FGijIvMdoe1Zb15b6/lLdzqU1jazJN24swvRzcLFPFsfV7trrIThzv+Mf+LfKEwb
-qGUp6cm27y0KxXCuszRhwkAvBgPsOyPzlvcWMTUgoa5bLzOdCwB60iQ0ADCaz306
-GWLZER98OyLeHLP7E/nSv13GlMckqZkOwcR0Fv6yzY0KIZ86loHMeAbxmIcucnOV
-bY8Wffe4wfQQhGY/fsgP5v3swwlv1vBtYfLF4CbcFBiW0WJbD3mkt3hJ24E+nrUl
-6vhuoj1RJVkEhhF8gnleSxiH1EfsQcKOWKOO3UDFwUQxwtJJ6f8lQXUP+vB3NP/9
-q24xmU1XW4F+F72o2GD262aJn+HpbgWQzUEbMLQx5eAwrs+Dq08=
-=Nkl8
-----END PGP SIGNATURE-----
--- a/AusweisApp2-1.26.7.tar.gz.sha256
+++ b/AusweisApp2-1.26.7.tar.gz.sha256
@ -1 +0,0 @@
-8062fe04332e9a7bee4c75fe3ef3efda6748c1a19a6fda8770f7914939c7bd28  AusweisApp2-1.26.7.tar.gz
--- a/AusweisApp2.spec
+++ b/AusweisApp2.spec
@ -6,10 +6,10 @@
 %{?__debug_package:%{__debug_install_post}}      \
 %{__arch_install_post}                           \
 %{__os_install_post}                             \
-fipshmac %{buildroot}%{_bindir}/%{name}          \\\
-  %{buildroot}%{_libexecdir}/%{name}             \\\
-  %{buildroot}%{_datadir}/%{name}/openssl.cnf    \
-c="%{buildroot}%{_datadir}/%{name}/config.json"  \
+fipshmac %{buildroot}%{_bindir}/%{newname}          \\\
+  %{buildroot}%{_libexecdir}/%{newname}             \\\
+  %{buildroot}%{_datadir}/%{newname}/openssl.cnf    \
+c="%{buildroot}%{_datadir}/%{newname}/config.json"  \
 if [[ -f ${c} ]]; then                           \
  fipshmac ${c}                                  \
 fi                                               \
@ -24,10 +24,6 @@ fi                                               \
 %global build_fflags   %(echo '%{build_fflags}' | sed -e 's!-ffat-lto-objects!-fno-fat-lto-objects!g')
 %global build_fcflags  %(echo '%{build_fflags}' | sed -e 's!-ffat-lto-objects!-fno-fat-lto-objects!g')

-# Build and package Doxygen documentation?
-%bcond_without    doxy
-
-# Do we build with Qt6?
 %if 0%{?fedora} || 0%{?rhel} >= 9
 %global qt6_build 1
 %else
@ -37,13 +33,15 @@ fi                                               \
 # Package summary.  Gets overwritten by subpackages otherwise.
 %global pkg_sum   Online identification with German ID card (Personalausweis)

+# Upstream renamed to AusweisApp with 2.0 release
+%global newname   AusweisApp

 Name:             AusweisApp2
-Version:          1.26.7
-Release:          1%{?dist}
+Version:          2.4.0
+Release:          %autorelease
 Summary:          %{pkg_sum}

-License:          EUPL 1.2
+License:          EUPL-1.2
 URL:              https://www.ausweisapp.bund.de/en

 # Url to releases on github.
@ -53,15 +51,19 @@ URL:              https://www.ausweisapp.bund.de/en
 # gpg2 --keyserver keyserver.ubuntu.com --recv-keys 699BF3055B0A49224EFDE7C72D7479A531451088
 # gpg2 --export --export-options export-minimal 699BF3055B0A49224EFDE7C72D7479A531451088 > %%{name}-pubring.gpg

-Source0000:       %{rel_url}/%{name}-%{version}.tar.gz
-Source0001:       %{rel_url}/%{name}-%{version}.tar.gz.asc
+Source0000:       %{rel_url}/%{newname}-%{version}.tar.gz
+Source0001:       %{rel_url}/%{newname}-%{version}.tar.gz.asc
 Source0002:       %{name}-pubring.gpg
-Source0003:       %{rel_url}/%{name}-%{version}.tar.gz.sha256
+Source0003:       %{rel_url}/%{newname}-%{version}.tar.gz.sha256
 Source0004:       https://joinup.ec.europa.eu/sites/default/files/custom-page/attachment/2020-03/EUPL-1.2%%20EN.txt#/EUPL-12_EN.txt
 Source1000:       gen_openssl_cnf.py

 # Downstream.
 Patch01000:       %{name}-1.24.1-use_Qt_TranslationsPath.patch
+# Needed because Fedora's openssl does not support elliptic curves using custom parameters.
+# Request to enable them was denied: https://bugzilla.redhat.com/show_bug.cgi?id=2259403
+# It is currently not clear if the legacy API works by accident or by design. It does work as of March 2025.
+Patch01001:       0001-Use-legacy-OpenSSL-API.patch

 BuildRequires:    cmake
 BuildRequires:    crypto-policies
@ -124,6 +126,12 @@ Requires:         openssl-libs%{?_isa}  >= 3.0.8-2
 # Needed for running fipscheck on application startup.
 # Requires:         fipscheck

+%if 0%{?qt6_build}
+# Needed for GUI elements to be rendered
+Requires:         qt6-qtimageformats%{?_isa}
+Requires:         qt6-qtsvg%{?_isa}
+%endif
+
 %description
 The AusweisApp2 is a software to identify yourself online
 with your ID card (Personalausweis) or your electronic
@ -150,10 +158,6 @@ used by %{name}.
 Summary:          User and API documentation for %{name}
 BuildArch:        noarch

-%if %{with doxy}
-BuildRequires:    doxygen
-BuildRequires:    graphviz
-%endif
 BuildRequires:    hardlink
 BuildRequires:    python3-sphinx
 BuildRequires:    python3-sphinx_rtd_theme
@ -161,11 +165,6 @@ BuildRequires:    python3-sphinx_rtd_theme
 # Do not raise conflicts about shared license files.
 Requires:         (%{name}               = %{version}-%{release} if %{name})

-# The doc-api package is faded, since we can ship the
-# Doxygen documentation noarch'ed as well now.
-Obsoletes:        %{name}-doc-api        < 1.20.1-2
-Provides:         %{name}-doc-api        = %{version}-%{release}
-
 %description doc
 This package contains the user and API documentation for %{name}.

@ -180,7 +179,7 @@ pushd %{_sourcedir}
 sha256sum -c %{SOURCE3}
 popd

-%autosetup -p 1
+%autosetup -p 1 -n %{newname}-%{version}
 install -pm 0644 %{SOURCE4} LICENSE.en.txt

 # Generate application specific OpenSSL configuration.
@ -192,13 +191,13 @@ install -pm 0644 %{SOURCE4} LICENSE.en.txt
 cat << EOF > fedora_%{name}_wrapper.sh
 #!/bin/sh
 # /usr/bin/fipscheck                               \\
-#     %{_bindir}/%{name}                         \\
-#     %{_libexecdir}/%{name}                     \\
-#     %{_datadir}/%{name}/config.json           \\
-#     %{_datadir}/%{name}/openssl.cnf           \\
+#     %{_bindir}/%{newname}                         \\
+#     %{_libexecdir}/%{newname}                     \\
+#     %{_datadir}/%{newname}/config.json           \\
+#     %{_datadir}/%{newname}/openssl.cnf           \\
 # || exit \$?;
-OPENSSL_CONF=%{_datadir}/%{name}/openssl.cnf  \\
-%{_libexecdir}/%{name} "\$@";
+OPENSSL_CONF=%{_datadir}/%{newname}/openssl.cnf  \\
+%{_libexecdir}/%{newname} "\$@";
 EOF


@ -220,16 +219,10 @@ EOF

 %if (0%{?fedora} || 0%{?rhel} > 8)
 # Documentation.
-%cmake_build --target inst inte notes sdk
-%if %{with doxy}
-%cmake_build --target doxy
-%endif
+%cmake_build --target installation_integration_de installation_integration_en notes sdk
 %else
 # Documentation.
-%ninja_build -C %{_vpath_builddir} inst inte notes sdk
-%if %{with doxy}
-%ninja_build -C %{_vpath_builddir} doxy
-%endif
+%ninja_build -C %{_vpath_builddir} installation_integration_de installation_integration_en notes sdk
 %endif


@ -239,29 +232,25 @@ EOF
 # Relocate the application binary so we can call it through
 # a shell wrapper and move installed files to proper locations.
 mkdir -p %{buildroot}{%{_libexecdir},%{_qt5_translationdir}}
-mv %{buildroot}%{_bindir}/%{name} %{buildroot}%{_libexecdir}/%{name}
+mv %{buildroot}%{_bindir}/%{newname} %{buildroot}%{_libexecdir}/%{newname}

 # Install the shell wrapper and custom OpenSSL configuration.
-install -pm 0755 fedora_%{name}_wrapper.sh %{buildroot}%{_bindir}/%{name}
+install -pm 0755 fedora_%{name}_wrapper.sh %{buildroot}%{_bindir}/%{newname}
 install -pm 0644 fedora_%{name}_openssl.cnf   \
-  %{buildroot}%{_datadir}/%{name}/openssl.cnf
+  %{buildroot}%{_datadir}/%{newname}/openssl.cnf

 # Move translation in proper location.
 %if !(0%{?qt6_build})
-mv %{buildroot}%{_datadir}/%{name}/translations/* \
+mv %{buildroot}%{_datadir}/%{newname}/translations/* \
  %{buildroot}%{_qt5_translationdir}
-rm -fr %{buildroot}%{_datadir}/%{name}/translations
+rm -fr %{buildroot}%{_datadir}/%{newname}/translations
 %endif

 # Excessive docs.
-mkdir -p %{buildroot}%{_pkgdocdir}/{installation,integration,notes,sdk}
+mkdir -p %{buildroot}%{_pkgdocdir}/{installation_integration_{de,en},notes,sdk}
 install -pm 0644 README.rst %{buildroot}%{_pkgdocdir}
-%if %{with doxy}
-mkdir -p %{buildroot}%{_pkgdocdir}/doxy
-cp -a %{_vpath_builddir}/doc/html/* %{buildroot}%{_pkgdocdir}/doxy
-%endif
-cp -a %{_vpath_builddir}/docs/inst/html/* %{buildroot}%{_pkgdocdir}/installation
-cp -a %{_vpath_builddir}/docs/inte/html/* %{buildroot}%{_pkgdocdir}/integration
+cp -a %{_vpath_builddir}/docs/installation_integration_de/html/* %{buildroot}%{_pkgdocdir}/installation_integration_de
+cp -a %{_vpath_builddir}/docs/installation_integration_en/html/* %{buildroot}%{_pkgdocdir}/installation_integration_en
 cp -a %{_vpath_builddir}/docs/notes/html/* %{buildroot}%{_pkgdocdir}/notes
 cp -a %{_vpath_builddir}/docs/sdk/html/* %{buildroot}%{_pkgdocdir}/sdk
 find %{buildroot}%{_pkgdocdir} -type d -print0 | xargs -0 chmod -c 0755
@ -291,12 +280,12 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/*.desktop
 %license AUTHORS
 %license LICENSE.en.txt
 %license LICENSE.txt
-%{_bindir}/.%{name}.hmac
-%{_bindir}/%{name}
+%{_bindir}/.%{newname}.hmac
+%{_bindir}/%{newname}
 %{_datadir}/applications/com.governikus.%{lc_name}.desktop
-%{_libexecdir}/.%{name}.hmac
-%{_libexecdir}/%{name}
-%{_mandir}/man1/%{name}.1*
+%{_libexecdir}/.%{newname}.hmac
+%{_libexecdir}/%{newname}
+%{_mandir}/man1/%{newname}.1*
 %{_metainfodir}/com.governikus.%{lc_name}.metainfo.xml


@ -305,7 +294,7 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/*.desktop
 %else
 %files data -f %{lc_name}.icons -f %{lc_name}.lang
 %endif
-%{_datadir}/%{name}
+%{_datadir}/%{newname}


 %files doc
@ -314,165 +303,4 @@ desktop-file-validate %{buildroot}%{_datadir}/applications/*.desktop


 %changelog
-* Fri Jul 28 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.7-1
- New upstream release
-  Fixes rhbz#2227358
-
-* Fri Jul 28 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.6-1
- New upstream release
-  Fixes rhbz#2227095
-
-* Wed Jul 26 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.5-1
- New upstream release
-  Fixes rhbz#2226708
-
-* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.26.4-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
-
-* Fri Jul 14 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.4-4
- Rebuild(Qt_6.5)
-  Fixes rhbz#2222625
-
-* Sun Jun 04 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.4-3
- Rebuild(Qt_6.5)
-
-* Sun May 07 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.4-2
- Rebuild(Qt_6.5)
-
-* Mon May 01 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.4-1
- New upstream release
-
-* Thu Mar 23 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.3-1
- New upstream release
- Enable use of Brainpool ECC
-
-* Sat Jan 28 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.2-2
- Drop Qt6 version lock, as this is already ensured by symbol versioning
-
-* Sun Jan 22 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.2-1
- New upstream release
-
-* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.24.4-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
-
-* Sun Nov 27 2022 Björn Esser <besser82@fedoraproject.org> - 1.24.4-2
- Rebuild(qt6)
-
-* Sun Nov 06 2022 Björn Esser <besser82@fedoraproject.org> - 1.24.4-1
- New upstream release
-
-* Fri Sep 02 2022 Björn Esser <besser82@fedoraproject.org> - 1.24.1-1
- New upstream release
-
-* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.22.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
-
-* Wed Jan 26 2022 Björn Esser <besser82@fedoraproject.org> - 1.22.3-1
- New upstream release
- Explicitly BR '/usr/bin/fipshmac' instead of fipscheck package
-
-* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.22.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
-
-* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 1.22.2-4
- Rebuilt with OpenSSL 3.0.0
-
-* Tue Aug 31 2021 Björn Esser <besser82@fedoraproject.org> - 1.22.2-3
- Drop forge-macros and perform tarbal verification during %%prep
-
-* Tue Aug 31 2021 Björn Esser <besser82@fedoraproject.org> - 1.22.2-2
- Add a patch to disable use of Brainpool Elliptic Curves
-
-* Sun Aug 22 2021 Björn Esser <besser82@fedoraproject.org> - 1.22.2-1
- New upstream release
- Disable enforcing of FIPS mode for OpenSSL
-
-* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.20.2-12
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
-
-* Mon Jan 25 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.20.2-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
-
-* Sun Nov 15 08:50:35 CET 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-10
- Add runtime dependency on qt5-qtquickcontrols2
-
-* Sat Oct  3 12:51:03 CEST 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-9
- Disable fipscheck in shell wrapper as it does not work in Fedora 33+
-
-* Sat Sep 26 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-8
- Make shell wrapper exit with the exit code of fipscheck on failure
-
-* Sat Sep 26 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-7
- Calculate fipshmac for config files and shell wrapper
- Run fipscheck in shell wrapper before application starts
-
-* Fri Sep 25 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-6
- Use a python script to generate a tailored OpenSSL configuration
-
-* Thu Sep 24 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-5
- Some small spec file optimizations
-
-* Thu Sep 24 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-4
- Use a more elaborate application specific OpenSSL configuration
-  This also re-enables SHA384 hashes in ciphers
-
-* Wed Sep 23 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-3
- Do not enable SHA384 ciphers in custom OpenSSL configuration
-
-* Wed Sep 23 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-2
- Use application specific OpenSSL config through a shell wrapper
-
-* Mon Sep 07 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-1
- New upstream release
-
-* Mon Aug 24 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-3
- Add a patch to load translations from Qt5 TranslationsPath
- Move translation files to proper location
- Drop invokation of ctest, as we cannot run the testsuite
-  from a release build
- Replace patch adding English license with the actual license file
-
-* Fri Aug 21 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-2
- Add a patch to exclude the build directory in the Doxyfile
- Merge doc-api package with the doc package, since the Doxygen
-  API documentation can be shipped noarch'ed as well now
-
-* Wed Aug 19 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-1
- Initial import (#1851205)
-
-* Fri Jul 17 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.11
- Use %%cmake_{build,install} macros on newer distributions
-
-* Sat Jul 04 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.10
- Add license text in English language
-
-* Fri Jun 26 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.9
- Also obsolete package with %%{name} previous to this package version
-
-* Fri Jun 26 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.8
- Ensure archful packages always require equal architecture
-
-* Fri Jun 26 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.7
- Make sure permissions of the documentation files are correct
- Remove hidden files in documentation
- Drop 'LICENSE.officially.txt', as it only applies to binary copies,
-  which are distributed on behalf of the federal government of Germany
-
-* Thu Jun 25 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.6
- Use '--help-all' option when generating man-page
- Split build of Doxygen API docs from building user docs
-
-* Thu Jun 25 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.5
- Add generated man-page
-
-* Thu Jun 25 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.4
- Use a macro for lowercase package name
-
-* Thu Jun 25 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.3
- Use ninja-build instead of GNU Make to speed up the build a bit
-
-* Thu Jun 25 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.2
- Adaptions for building on EPEL
-
-* Wed Jun 24 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.1
- Initial spec file for review
+%autochangelog
--- a/175
+++ b/175
@ -0,0 +1,175 @@
+* Thu Dec 28 2023 Julian Sikorski <belegdol@fedoraproject.org> - 2.0.1-1
+- Update to 2.0.1
+- Fix up config.json.in section names
+
+* Wed Nov 29 2023 Jan Grulich <jgrulich@redhat.com> - 1.26.7-4
+- Rebuild (qt6)
+
+* Fri Oct 13 2023 Jan Grulich <jgrulich@redhat.com> - 1.26.7-3
+- Rebuild (qt6)
+
+* Thu Oct 05 2023 Jan Grulich <jgrulich@redhat.com> - 1.26.7-2
+- Rebuild (qt6)
+
+* Fri Jul 28 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.7-1
+- New upstream release
+  Fixes rhbz#2227358
+
+* Fri Jul 28 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.6-1
+- New upstream release
+  Fixes rhbz#2227095
+
+* Wed Jul 26 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.5-1
+- New upstream release
+  Fixes rhbz#2226708
+
+* Wed Jul 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.26.4-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
+
+* Fri Jul 14 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.4-4
+- Rebuild(Qt_6.5)
+  Fixes rhbz#2222625
+
+* Sun Jun 04 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.4-3
+- Rebuild(Qt_6.5)
+
+* Sun May 07 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.4-2
+- Rebuild(Qt_6.5)
+
+* Mon May 01 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.4-1
+- New upstream release
+
+* Thu Mar 23 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.3-1
+- New upstream release
+- Enable use of Brainpool ECC
+
+* Sat Jan 28 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.2-2
+- Drop Qt6 version lock, as this is already ensured by symbol versioning
+
+* Sun Jan 22 2023 Björn Esser <besser82@fedoraproject.org> - 1.26.2-1
+- New upstream release
+
+* Wed Jan 18 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.24.4-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
+
+* Sun Nov 27 2022 Björn Esser <besser82@fedoraproject.org> - 1.24.4-2
+- Rebuild(qt6)
+
+* Sun Nov 06 2022 Björn Esser <besser82@fedoraproject.org> - 1.24.4-1
+- New upstream release
+
+* Fri Sep 02 2022 Björn Esser <besser82@fedoraproject.org> - 1.24.1-1
+- New upstream release
+
+* Wed Jul 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.22.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
+
+* Wed Jan 26 2022 Björn Esser <besser82@fedoraproject.org> - 1.22.3-1
+- New upstream release
+- Explicitly BR '/usr/bin/fipshmac' instead of fipscheck package
+
+* Wed Jan 19 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.22.2-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
+
+* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 1.22.2-4
+- Rebuilt with OpenSSL 3.0.0
+
+* Tue Aug 31 2021 Björn Esser <besser82@fedoraproject.org> - 1.22.2-3
+- Drop forge-macros and perform tarbal verification during %%prep
+
+* Tue Aug 31 2021 Björn Esser <besser82@fedoraproject.org> - 1.22.2-2
+- Add a patch to disable use of Brainpool Elliptic Curves
+
+* Sun Aug 22 2021 Björn Esser <besser82@fedoraproject.org> - 1.22.2-1
+- New upstream release
+- Disable enforcing of FIPS mode for OpenSSL
+
+* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.20.2-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
+
+* Mon Jan 25 2021 Fedora Release Engineering <releng@fedoraproject.org> - 1.20.2-11
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
+
+* Sun Nov 15 08:50:35 CET 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-10
+- Add runtime dependency on qt5-qtquickcontrols2
+
+* Sat Oct  3 12:51:03 CEST 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-9
+- Disable fipscheck in shell wrapper as it does not work in Fedora 33+
+
+* Sat Sep 26 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-8
+- Make shell wrapper exit with the exit code of fipscheck on failure
+
+* Sat Sep 26 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-7
+- Calculate fipshmac for config files and shell wrapper
+- Run fipscheck in shell wrapper before application starts
+
+* Fri Sep 25 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-6
+- Use a python script to generate a tailored OpenSSL configuration
+
+* Thu Sep 24 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-5
+- Some small spec file optimizations
+
+* Thu Sep 24 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-4
+- Use a more elaborate application specific OpenSSL configuration
+  This also re-enables SHA384 hashes in ciphers
+
+* Wed Sep 23 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-3
+- Do not enable SHA384 ciphers in custom OpenSSL configuration
+
+* Wed Sep 23 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-2
+- Use application specific OpenSSL config through a shell wrapper
+
+* Mon Sep 07 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.2-1
+- New upstream release
+
+* Mon Aug 24 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-3
+- Add a patch to load translations from Qt5 TranslationsPath
+- Move translation files to proper location
+- Drop invokation of ctest, as we cannot run the testsuite
+  from a release build
+- Replace patch adding English license with the actual license file
+
+* Fri Aug 21 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-2
+- Add a patch to exclude the build directory in the Doxyfile
+- Merge doc-api package with the doc package, since the Doxygen
+  API documentation can be shipped noarch'ed as well now
+
+* Wed Aug 19 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-1
+- Initial import (#1851205)
+
+* Fri Jul 17 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.11
+- Use %%cmake_{build,install} macros on newer distributions
+
+* Sat Jul 04 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.10
+- Add license text in English language
+
+* Fri Jun 26 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.9
+- Also obsolete package with %%{name} previous to this package version
+
+* Fri Jun 26 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.8
+- Ensure archful packages always require equal architecture
+
+* Fri Jun 26 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.7
+- Make sure permissions of the documentation files are correct
+- Remove hidden files in documentation
+- Drop 'LICENSE.officially.txt', as it only applies to binary copies,
+  which are distributed on behalf of the federal government of Germany
+
+* Thu Jun 25 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.6
+- Use '--help-all' option when generating man-page
+- Split build of Doxygen API docs from building user docs
+
+* Thu Jun 25 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.5
+- Add generated man-page
+
+* Thu Jun 25 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.4
+- Use a macro for lowercase package name
+
+* Thu Jun 25 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.3
+- Use ninja-build instead of GNU Make to speed up the build a bit
+
+* Thu Jun 25 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.2
+- Adaptions for building on EPEL
+
+* Wed Jun 24 2020 Björn Esser <besser82@fedoraproject.org> - 1.20.1-0.1
+- Initial spec file for review
--- a/gen_openssl_cnf.py
+++ b/gen_openssl_cnf.py
@ -49,8 +49,9 @@ class _Const(object):
        return [
                   'tlsSettings',
                   'tlsSettingsPsk',
-                   'tlsSettingsRemoteReader',
-                   'tlsSettingsRemoteReaderPairing',
+                   'tlsSettingsRemoteIfd',
+                   'tlsSettingsRemoteIfdPairing',
+                   'tlsSettingsLocalIfd',
               ]

    @constant
@ -75,10 +76,14 @@ class _Const(object):
    @constant
    def KEYSIZE_SECTIONS():
        return [
-                   'minStaticKeySizes',
-                   'minEphemeralKeySizes',
+                   'minKeySizes',
+                   'sizesIfd',
               ]

+    @constant
+    def KEYSIZE_MIN_SECTION():
+        return 'min'
+
    @constant
    def TLS_VERSIONS():
        return {
@ -100,9 +105,15 @@ def get_min_ssl_sec_level(json_data):
                if option in json_data[section]:
                    if min_keysize > json_data[section][option]:
                        min_keysize = json_data[section][option]
+                elif option in json_data[section][CONST.KEYSIZE_MIN_SECTION]:
+                    if min_keysize > json_data[section][CONST.KEYSIZE_MIN_SECTION][option]:
+                        min_keysize = json_data[section][CONST.KEYSIZE_MIN_SECTION][option]
            if CONST.KEYSIZE_EC_OPTION in json_data[section]:
                    if min_ecsize > json_data[section][CONST.KEYSIZE_EC_OPTION]:
                        min_ecsize = json_data[section][CONST.KEYSIZE_EC_OPTION]
+            elif CONST.KEYSIZE_EC_OPTION in json_data[section][CONST.KEYSIZE_MIN_SECTION]:
+                    if min_ecsize > json_data[section][CONST.KEYSIZE_MIN_SECTION][CONST.KEYSIZE_EC_OPTION]:
+                        min_ecsize = json_data[section][CONST.KEYSIZE_MIN_SECTION][CONST.KEYSIZE_EC_OPTION]

    if min_keysize >=  1000 and min_ecsize >= 160:
        sec_level = 1
--- a/4
+++ b/4
@ -1,2 +1,4 @@
-SHA512 (AusweisApp2-1.26.7.tar.gz) = 4a94042efc5f95e2df6518fcaf863ed6deebb160d35a5cdd7155a3b6aa6128b213408ce42310d942ee4e83e03cb2c3d898738846bb37995aa1ff03f660ac54b0
+SHA512 (AusweisApp-2.4.0.tar.gz) = 6e0d89b30176f7722bebab01322363ee38ff43573167061d4a97d840b669f3e579ad9fb62345b97b75490690fd5e03f25994eaa1a77334171fcdd28d39ec3e4a
+SHA512 (AusweisApp-2.4.0.tar.gz.asc) = ac8ffdb68d5847978bf639a8f32462053bddcace5d9c3d6cb16e788bb2dbe98ae3b7cafe089246fa786fa4b3e048b81b608cbe77e948a843b2dcd774796d2a56
+SHA512 (AusweisApp-2.4.0.tar.gz.sha256) = 257634437251fc22b3d85386a282ee4ce68d2f0db1112a912a54db9a6741ecb79b4180c490486d9ff8519246e62165b5953ed5739e9de0e180bb46decfeff16a
 SHA512 (AusweisApp2-pubring.gpg) = 3aae27b673f4eb2f7d3bda6c839b3d11829a730bde546e92abb889abb1c2453e786dc906154074485406692f5b9abbb3e1fb293e6b397696b6371016723621cd
Author	SHA1	Message	Date
Fedora Release Engineering	4443aa4e38	Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild	2026-01-16 02:27:52 +00:00
Julian Sikorski	a34c28df59	Update to 2.4.0	2025-10-30 14:32:23 +01:00
Jan Grulich	212eb6a627	Rebuild (qt6)	2025-09-30 06:47:04 +02:00
Fedora Release Engineering	6e453af702	Rebuilt for https://fedoraproject.org/wiki/Fedora_43_Mass_Rebuild	2025-07-23 15:41:34 +00:00
Julian Sikorski	bf6ad06c43	Update to 2.3.2	2025-06-26 21:48:52 +02:00
Jan Grulich	8815791674	Rebuild (qt6)	2025-03-25 15:28:58 +01:00
Julian Sikorski	915f75ce55	Update to 2.3.1	2025-03-19 09:20:39 +01:00
Julian Sikorski	4125044006	Update to 2.3.0	2025-03-10 23:34:30 +01:00
Fedora Release Engineering	2ee96d4fe5	Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild	2025-01-20 07:20:53 +00:00
Fedora Release Engineering	e176df47e3	Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild	2025-01-16 08:24:36 +00:00
Julian Sikorski	4566f99dd1	Update to 2.2.2	2024-10-25 23:52:26 +02:00
Jan Grulich	3e840affd6	Rebuild (qt6)	2024-10-14 19:34:42 +02:00
Julian Sikorski	61ec27fc56	Update to 2.2.1	2024-09-11 14:49:37 +02:00
Julian Sikorski	24cd08da66	Merge branch 'rawhide' into f41	2024-09-11 14:41:37 +02:00
Julian Sikorski	312170c293	rebuild	2024-09-11 14:37:45 +02:00
Julian Sikorski	0f8befa255	Merge branch 'rawhide' into f41	2024-08-17 22:53:34 +02:00
Julian Sikorski	b3824d57b0	Fix QML error with Qt 6.6.3	2024-08-17 22:51:15 +02:00
Julian Sikorski	58c74e7a8d	Fix QML error with Qt 6.6.3	2024-08-17 22:45:25 +02:00
Fedora Release Engineering	66d0fb34a7	Rebuilt for https://fedoraproject.org/wiki/Fedora_41_Mass_Rebuild	2024-07-17 14:43:44 +00:00
Julian Sikorski	69de1bcfb4	Update to 2.2.0	2024-07-04 21:54:38 +02:00
Miroslav Suchý	89a6c44d60	convert EUPL 1.2 license to SPDX	2024-04-12 10:59:00 +02:00
Julian Sikorski	73e99cf9cb	Update to 2.1.1	2024-04-11 20:17:29 +02:00
Jan Grulich	11eb3e3e43	Rebuild (qt6)	2024-04-04 10:36:13 +02:00
Julian Sikorski	3d1d7b241c	Really fix OpenSSL config generation	2024-03-02 19:50:30 +01:00
Julian Sikorski	82fe16d719	Fix OpenSSL config generation	2024-03-02 19:32:41 +01:00
Julian Sikorski	4327a2fc20	Add background information for the legacy openssl API patch	2024-03-02 19:32:41 +01:00
Julian Sikorski	a33b79408d	Update to 2.1.0	2024-03-01 09:42:39 +01:00
Jan Grulich	fbaa75776b	Rebuild (qt6)	2024-02-16 14:46:20 +01:00
Fedora Release Engineering	2ad5846166	Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild	2024-01-22 20:44:21 +00:00
Julian Sikorski	a133d529e5	Update to 2.0.3	2024-01-20 12:44:36 +01:00
Fedora Release Engineering	6168bedb7a	Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild	2024-01-19 09:13:42 +00:00
Fedora Release Engineering	3d84f3e2c0	Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild	2024-01-18 12:07:42 +00:00
Julian Sikorski	567eec0588	Update to 2.0.2	2024-01-12 20:13:00 +01:00
Julian Sikorski	77260f4950	Force the use of legacy OpenSSL API to fix issues with explicit EC curves	2024-01-05 22:38:43 +01:00
Julian Sikorski	527054463e	Add dependencies needed to render the GUI properly	2024-01-02 13:31:51 +01:00
Julian Sikorski	2f1387d085	Convert to %autorelease and %autochangelog [skip changelog]	2024-01-02 13:17:40 +01:00
Julian Sikorski	c0bf3c33bf	Update to 2.0.1 Fix up config.json.in section names	2023-12-28 15:30:36 +01:00
Jan Grulich	95b0908294	Rebuild (qt6)	2023-11-29 14:30:22 +01:00
Jan Grulich	ebedf0a139	Rebuild (qt6)	2023-10-13 10:07:10 +02:00
Jan Grulich	f333be81e9	Rebuild (qt6)	2023-10-05 10:10:43 +02:00
				`@ -1 +0,0 @@`
				`8062fe04332e9a7bee4c75fe3ef3efda6748c1a19a6fda8770f7914939c7bd28 AusweisApp2-1.26.7.tar.gz`