Update to 2.1.1

Really fix OpenSSL config generation
Fix OpenSSL config generation
2024-04-11 20:31:12 +02:00 · 2024-03-02 19:51:50 +01:00 · 2024-03-02 19:35:40 +01:00 · 2024-03-02 19:35:40 +01:00 · 2024-03-01 09:49:11 +01:00 · 2024-01-20 12:46:39 +01:00
7 changed files with 403 additions and 526 deletions
--- a/.gitignore
+++ b/.gitignore
@ -14,24 +14,3 @@
 /AusweisApp-2.1.1.tar.gz
 /AusweisApp-2.1.1.tar.gz.asc
 /AusweisApp-2.1.1.tar.gz.sha256
-/AusweisApp-2.2.0.tar.gz
-/AusweisApp-2.2.0.tar.gz.asc
-/AusweisApp-2.2.0.tar.gz.sha256
-/AusweisApp-2.2.1.tar.gz
-/AusweisApp-2.2.1.tar.gz.asc
-/AusweisApp-2.2.1.tar.gz.sha256
-/AusweisApp-2.2.2.tar.gz
-/AusweisApp-2.2.2.tar.gz.asc
-/AusweisApp-2.2.2.tar.gz.sha256
-/AusweisApp-2.3.0.tar.gz
-/AusweisApp-2.3.0.tar.gz.asc
-/AusweisApp-2.3.0.tar.gz.sha256
-/AusweisApp-2.3.1.tar.gz
-/AusweisApp-2.3.1.tar.gz.asc
-/AusweisApp-2.3.1.tar.gz.sha256
-/AusweisApp-2.3.2.tar.gz
-/AusweisApp-2.3.2.tar.gz.asc
-/AusweisApp-2.3.2.tar.gz.sha256
-/AusweisApp-2.4.0.tar.gz
-/AusweisApp-2.4.0.tar.gz.asc
-/AusweisApp-2.4.0.tar.gz.sha256
--- a/0001-Use-legacy-OpenSSL-API.patch
+++ b/0001-Use-legacy-OpenSSL-API.patch
@ -1,471 +0,0 @@
-From f5d48a49ea7055b7d4edf5f1398557b475419fb9 Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Thu, 30 Oct 2025 13:51:15 +0100
-Subject: [PATCH] Use legacy OpenSSL API
-
---
- src/card/base/asn1/EcdsaPublicKey.cpp        |  39 -----
- src/card/base/asn1/EcdsaPublicKey.h          |   6 +-
- src/card/base/pace/ec/EcUtil.cpp             | 145 -------------------
- src/card/base/pace/ec/EcUtil.h               |  12 --
- src/card/base/pace/ec/EcdhGenericMapping.cpp |   5 -
- src/card/base/pace/ec/EcdhGenericMapping.h   |   4 -
- src/card/simulator/SimulatorCard.cpp         |  37 -----
- src/card/simulator/SimulatorCard.h           |   4 -
- src/card/simulator/SimulatorFileSystem.cpp   |   9 --
- src/card/simulator/SimulatorFileSystem.h     |   4 -
- 10 files changed, 1 insertion(+), 264 deletions(-)
-
-diff --git a/src/card/base/asn1/EcdsaPublicKey.cpp b/src/card/base/asn1/EcdsaPublicKey.cpp
-index 7f54045..dc7e26b 100644
--- a/src/card/base/asn1/EcdsaPublicKey.cpp
-+++ b/src/card/base/asn1/EcdsaPublicKey.cpp
-@@ -182,7 +182,6 @@ QByteArray EcdsaPublicKey::getUncompressedPublicPoint() const
- }
- 
- 
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
- QSharedPointer<EC_GROUP> EcdsaPublicKey::createGroup(const CurveData& pData) const
- {
- 	QSharedPointer<EC_GROUP> group = EcUtil::create(EC_GROUP_new_curve_GFp(pData.p.data(), pData.a.data(), pData.b.data(), nullptr));
-@@ -209,8 +208,6 @@ QSharedPointer<EC_GROUP> EcdsaPublicKey::createGroup(const CurveData& pData) con
- }
- 
- 
-#endif
-
- QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const QByteArray& pPublicPoint) const
- {
- 	return createKey(reinterpret_cast<const uchar*>(pPublicPoint.constData()), static_cast<int>(pPublicPoint.size()));
-@@ -239,7 +236,6 @@ QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const uchar* pPublicPoint, in
- 		return nullptr;
- 	}
- 
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
- 	const auto& group = createGroup(curveData);
- 	if (group.isNull())
- 	{
-@@ -275,39 +271,4 @@ QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const uchar* pPublicPoint, in
- 
- 	return key;
- 
-#else
-	const auto& params = EcUtil::create([&curveData, pPublicPoint, pPublicPointLength, this](OSSL_PARAM_BLD* pBuilder){
-				return OSSL_PARAM_BLD_push_BN(pBuilder, "p", curveData.p.data())
-					   && OSSL_PARAM_BLD_push_BN(pBuilder, "a", curveData.a.data())
-					   && OSSL_PARAM_BLD_push_BN(pBuilder, "b", curveData.b.data())
-					   && OSSL_PARAM_BLD_push_BN(pBuilder, "order", curveData.order.data())
-					   && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", curveData.cofactor.data())
-					   && OSSL_PARAM_BLD_push_octet_string(pBuilder, "pub", pPublicPoint, static_cast<size_t>(pPublicPointLength))
-					   && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", mBasePoint->data, static_cast<size_t>(mBasePoint->length))
-					   && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12);
-			});
-
-	if (params == nullptr)
-	{
-		qCCritical(card) << "Cannot set parameter";
-		return nullptr;
-	}
-
-	auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr));
-	if (!EVP_PKEY_fromdata_init(ctx.data()))
-	{
-		qCCritical(card) << "Cannot init pkey";
-		return nullptr;
-	}
-
-	EVP_PKEY* key = nullptr;
-	if (!EVP_PKEY_fromdata(ctx.data(), &key, EVP_PKEY_PUBLIC_KEY, params.data()))
-	{
-		qCCritical(card) << "Cannot fetch data for pkey";
-		return nullptr;
-	}
-
-	return EcUtil::create(key);
-
-#endif
- }
-diff --git a/src/card/base/asn1/EcdsaPublicKey.h b/src/card/base/asn1/EcdsaPublicKey.h
-index 860bc74..c85e48b 100644
--- a/src/card/base/asn1/EcdsaPublicKey.h
-+++ b/src/card/base/asn1/EcdsaPublicKey.h
-@@ -13,9 +13,7 @@
- #include <openssl/asn1t.h>
- #include <openssl/evp.h>
- 
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
-	#include <openssl/ec.h>
-#endif
-+#include <openssl/ec.h>
- 
- 
- namespace governikus
-@@ -105,9 +103,7 @@ using EcdsaPublicKey = struct ecdsapublickey_st
- 
- 		[[nodiscard]] CurveData createCurveData() const;
- 		[[nodiscard]] QSharedPointer<EVP_PKEY> createKey(const uchar* pPublicPoint, int pPublicPointLength) const;
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
- 		[[nodiscard]] QSharedPointer<EC_GROUP> createGroup(const CurveData& pData) const;
-#endif
- 
- 	public:
- 		static int decodeCallback(int pOperation, ASN1_VALUE** pVal, const ASN1_ITEM* pIt, void* pExarg);
-diff --git a/src/card/base/pace/ec/EcUtil.cpp b/src/card/base/pace/ec/EcUtil.cpp
-index 069ad81..546438f 100644
--- a/src/card/base/pace/ec/EcUtil.cpp
-+++ b/src/card/base/pace/ec/EcUtil.cpp
-@@ -103,148 +103,6 @@ QSharedPointer<EC_POINT> EcUtil::oct2point(const QSharedPointer<const EC_GROUP>&
- }
- 
- 
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer<EVP_PKEY>& pKey, bool pCompressed)
-{
-	if (pKey.isNull())
-	{
-		qCCritical(card) << "Cannot use undefined key";
-		return nullptr;
-	}
-
-	uchar* key = nullptr;
-	const size_t length = EVP_PKEY_get1_encoded_public_key(pKey.data(), &key);
-	const auto guard = qScopeGuard([key] {
-				OPENSSL_free(key);
-			});
-
-	if (length == 0)
-	{
-		return QByteArray();
-	}
-
-	const QByteArray uncompressed(reinterpret_cast<char*>(key), static_cast<int>(length));
-	return pCompressed ? EcUtil::compressPoint(uncompressed) : uncompressed;
-}
-
-
-QSharedPointer<BIGNUM> EcUtil::getPrivateKey(const QSharedPointer<const EVP_PKEY>& pKey)
-{
-	BIGNUM* privKey = nullptr;
-	EVP_PKEY_get_bn_param(pKey.data(), "priv", &privKey);
-	return EcUtil::create(privKey);
-}
-
-
-QSharedPointer<OSSL_PARAM> EcUtil::create(const std::function<bool(OSSL_PARAM_BLD* pBuilder)>& pFunc)
-{
-	OSSL_PARAM_BLD* bld = OSSL_PARAM_BLD_new();
-	const auto guard = qScopeGuard([bld] {
-				OSSL_PARAM_BLD_free(bld);
-			});
-
-	if (bld == nullptr)
-	{
-		qCCritical(card) << "Cannot create parameter builder";
-		return nullptr;
-	}
-
-	if (!pFunc(bld))
-	{
-		qCCritical(card) << "Cannot initialize parameter builder";
-		return nullptr;
-	}
-
-	if (OSSL_PARAM* params = OSSL_PARAM_BLD_to_param(bld); params != nullptr)
-	{
-		static auto deleter = [](OSSL_PARAM* pParam)
-				{
-					OSSL_PARAM_free(pParam);
-				};
-
-		return QSharedPointer<OSSL_PARAM>(params, deleter);
-	}
-
-	qCCritical(card) << "Cannot create parameter";
-	return nullptr;
-}
-
-
-QSharedPointer<EVP_PKEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>& pCurve)
-{
-	if (pCurve.isNull())
-	{
-		qCCritical(card) << "Curve is undefined";
-		return nullptr;
-	}
-
-	auto generator = EcUtil::point2oct(pCurve, EC_GROUP_get0_generator(pCurve.data()));
-
-	auto order = EcUtil::create(BN_new());
-	if (!EC_GROUP_get_order(pCurve.data(), order.data(), nullptr))
-	{
-		qCCritical(card) << "Cannot fetch order";
-		return nullptr;
-	}
-
-	auto cofactor = EcUtil::create(BN_new());
-	if (!EC_GROUP_get_cofactor(pCurve.data(), cofactor.data(), nullptr))
-	{
-		qCCritical(card) << "Cannot fetch cofactor";
-		return nullptr;
-	}
-
-	auto p = EcUtil::create(BN_new());
-	auto a = EcUtil::create(BN_new());
-	auto b = EcUtil::create(BN_new());
-	if (!EC_GROUP_get_curve(pCurve.data(), p.data(), a.data(), b.data(), nullptr))
-	{
-		qCCritical(card) << "Cannot fetch a, b or p";
-		return nullptr;
-	}
-
-	const auto& params = EcUtil::create([&p, &a, &b, &order, &cofactor, &generator](OSSL_PARAM_BLD* pBuilder){
-				return OSSL_PARAM_BLD_push_BN(pBuilder, "p", p.data())
-					   && OSSL_PARAM_BLD_push_BN(pBuilder, "a", a.data())
-					   && OSSL_PARAM_BLD_push_BN(pBuilder, "b", b.data())
-					   && OSSL_PARAM_BLD_push_BN(pBuilder, "order", order.data())
-					   && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", cofactor.data())
-					   && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", generator.data(), static_cast<size_t>(generator.size()))
-					   && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12);
-			});
-
-	if (params == nullptr)
-	{
-		qCCritical(card) << "Cannot set parameter";
-		return nullptr;
-	}
-
-	auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr));
-	if (!ctx)
-	{
-		qCCritical(card) << "Cannot create EVP_PKEY_CTX";
-		return nullptr;
-	}
-	EVP_PKEY_keygen_init(ctx.data());
-
-	if (!EVP_PKEY_CTX_set_params(ctx.data(), params.data()))
-	{
-		qCCritical(card) << "Cannot set params to EVP_PKEY_CTX";
-		return nullptr;
-	}
-
-	EVP_PKEY* key = nullptr;
-	if (!EVP_PKEY_generate(ctx.data(), &key))
-	{
-		qCCritical(card) << "Cannot create EVP_PKEY";
-		return nullptr;
-	}
-
-	return EcUtil::create(key);
-}
-
-
-#else
- QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer<EC_KEY>& pKey, bool pCompressed)
- {
- 	if (pKey.isNull())
-@@ -293,6 +151,3 @@ QSharedPointer<EC_KEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>&
- 
- 	return key;
- }
-
-
-#endif
-diff --git a/src/card/base/pace/ec/EcUtil.h b/src/card/base/pace/ec/EcUtil.h
-index 63eb16c..914c268 100644
--- a/src/card/base/pace/ec/EcUtil.h
-+++ b/src/card/base/pace/ec/EcUtil.h
-@@ -26,24 +26,15 @@ class EcUtil
- 		static QSharedPointer<EC_POINT> oct2point(const QSharedPointer<const EC_GROUP>& pCurve, const QByteArray& pCompressedData);
- 
- 		static QSharedPointer<EC_GROUP> create(EC_GROUP* pEcGroup);
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
- 		static QSharedPointer<EC_KEY> create(EC_KEY* pEcKey);
-#endif
- 		static QSharedPointer<EC_POINT> create(EC_POINT* pEcPoint);
- 		static QSharedPointer<BIGNUM> create(BIGNUM* pBigNum);
- 		static QSharedPointer<EVP_PKEY> create(EVP_PKEY* pEcGroup);
- 		static QSharedPointer<EVP_PKEY_CTX> create(EVP_PKEY_CTX* pEcGroup);
- 
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-		static QByteArray getEncodedPublicKey(const QSharedPointer<EVP_PKEY>& pKey, bool pCompressed = false);
-		static QSharedPointer<BIGNUM> getPrivateKey(const QSharedPointer<const EVP_PKEY>& pKey);
-		static QSharedPointer<OSSL_PARAM> create(const std::function<bool(OSSL_PARAM_BLD* pBuilder)>& pFunc);
-		static QSharedPointer<EVP_PKEY> generateKey(const QSharedPointer<const EC_GROUP>& pCurve);
-#else
- 		static QByteArray getEncodedPublicKey(const QSharedPointer<EC_KEY>& pKey, bool pCompressed = false);
- 		static QSharedPointer<BIGNUM> getPrivateKey(const QSharedPointer<const EC_KEY>& pKey);
- 		static QSharedPointer<EC_KEY> generateKey(const QSharedPointer<const EC_GROUP>& pCurve);
-#endif
- 
- 		static QSharedPointer<EC_GROUP> createCurve(int pNid);
- };
-@@ -60,7 +51,6 @@ inline QSharedPointer<EC_GROUP> EcUtil::create(EC_GROUP* pEcGroup)
- }
- 
- 
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
- inline QSharedPointer<EC_KEY> EcUtil::create(EC_KEY* pEcKey)
- {
- 	static auto deleter = [](EC_KEY* ecKey)
-@@ -72,8 +62,6 @@ inline QSharedPointer<EC_KEY> EcUtil::create(EC_KEY* pEcKey)
- }
- 
- 
-#endif
-
- inline QSharedPointer<EC_POINT> EcUtil::create(EC_POINT* pEcPoint)
- {
- 	static auto deleter = [](EC_POINT* ecPoint)
-diff --git a/src/card/base/pace/ec/EcdhGenericMapping.cpp b/src/card/base/pace/ec/EcdhGenericMapping.cpp
-index 04cee51..571c7a0 100644
--- a/src/card/base/pace/ec/EcdhGenericMapping.cpp
-+++ b/src/card/base/pace/ec/EcdhGenericMapping.cpp
-@@ -49,12 +49,7 @@ bool EcdhGenericMapping::generateEphemeralDomainParameters(const QByteArray& pRe
- 		return false;
- 	}
- 
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-	const QSharedPointer<const EC_POINT> localPubKeyPtr = EcUtil::oct2point(mCurve, EcUtil::getEncodedPublicKey(mLocalKey));
-	const EC_POINT* localPubKey = localPubKeyPtr.data();
-#else
- 	const EC_POINT* localPubKey = EC_KEY_get0_public_key(mLocalKey.data());
-#endif
- 	if (!EC_POINT_cmp(mCurve.data(), localPubKey, remotePubKey.data(), nullptr))
- 	{
- 		qCCritical(card) << "The exchanged public keys are equal.";
-diff --git a/src/card/base/pace/ec/EcdhGenericMapping.h b/src/card/base/pace/ec/EcdhGenericMapping.h
-index e9c9768..188befb 100644
--- a/src/card/base/pace/ec/EcdhGenericMapping.h
-+++ b/src/card/base/pace/ec/EcdhGenericMapping.h
-@@ -22,11 +22,7 @@ class EcdhGenericMapping
- 
- 	private:
- 		const QSharedPointer<EC_GROUP> mCurve;
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-		QSharedPointer<EVP_PKEY> mLocalKey;
-#else
- 		QSharedPointer<EC_KEY> mLocalKey;
-#endif
- 
- 		QSharedPointer<EC_POINT> createNewGenerator(const QSharedPointer<const EC_POINT>& pRemotePubKey, const QSharedPointer<const BIGNUM>& pS);
- 
-diff --git a/src/card/simulator/SimulatorCard.cpp b/src/card/simulator/SimulatorCard.cpp
-index 3c4e218..a39fb54 100644
--- a/src/card/simulator/SimulatorCard.cpp
-+++ b/src/card/simulator/SimulatorCard.cpp
-@@ -661,42 +661,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const
- 		return QByteArray();
- 	}
- 
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-	const auto& terminalKey = EcUtil::create(EVP_PKEY_new());
-	if (terminalKey.isNull() || EVP_PKEY_copy_parameters(terminalKey.data(), mCardKey.data()) == 0)
-	{
-		qCCritical(card_simulator) << "Initialization of the terminal key failed";
-		return QByteArray();
-	}
-	if (!EVP_PKEY_set1_encoded_public_key(
-			terminalKey.data(),
-			reinterpret_cast<const unsigned char*>(pPoint.data()),
-			static_cast<size_t>(pPoint.length())))
-	{
-		qCCritical(card_simulator) << "Interpreting the terminal key failed";
-		return QByteArray();
-	}
-
-	const auto& ctx = EcUtil::create(EVP_PKEY_CTX_new_from_pkey(nullptr, mCardKey.data(), nullptr));
-	size_t resultLen = 0;
-	if (EVP_PKEY_derive_init(ctx.data()) <= 0
-			|| EVP_PKEY_derive_set_peer(ctx.data(), terminalKey.data()) <= 0
-			|| EVP_PKEY_derive(ctx.data(), nullptr, &resultLen) <= 0)
-	{
-		qCCritical(card_simulator) << "Initialization or calculation of the result failed";
-		return QByteArray();
-	}
-
-	QByteArray result(static_cast<qsizetype>(resultLen), '\0');
-	if (EVP_PKEY_derive(ctx.data(), reinterpret_cast<uchar*>(result.data()), &resultLen) <= 0)
-	{
-		qCCritical(card_simulator) << "Calculation of the result failed";
-		return QByteArray();
-	}
-
-	return result;
-
-#else
- 	const auto& curve = EcUtil::create(EC_GROUP_dup(EC_KEY_get0_group(mCardKey.data())));
- 	auto point = EcUtil::oct2point(curve, pPoint);
- 	if (!point)
-@@ -715,7 +679,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const
- 
- 	return EcUtil::point2oct(curve, result.data(), true);
- 
-#endif
- }
- 
- 
-diff --git a/src/card/simulator/SimulatorCard.h b/src/card/simulator/SimulatorCard.h
-index fc9db00..7a881cb 100644
--- a/src/card/simulator/SimulatorCard.h
-+++ b/src/card/simulator/SimulatorCard.h
-@@ -39,11 +39,7 @@ class SimulatorCard
- 		int mPaceKeyId;
- 		QByteArray mPaceNonce;
- 		QByteArray mPaceTerminalKey;
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-		QSharedPointer<EVP_PKEY> mCardKey;
-#else
- 		QSharedPointer<EC_KEY> mCardKey;
-#endif
- 		QSharedPointer<const CVCertificate> mTaCertificate;
- 		QByteArray mTaSigningData;
- 		QByteArray mTaAuxData;
-diff --git a/src/card/simulator/SimulatorFileSystem.cpp b/src/card/simulator/SimulatorFileSystem.cpp
-index 5c01caa..4cbe60c 100644
--- a/src/card/simulator/SimulatorFileSystem.cpp
-+++ b/src/card/simulator/SimulatorFileSystem.cpp
-@@ -347,11 +347,7 @@ QByteArray SimulatorFileSystem::getPassword(PacePasswordId pPasswordId) const
- }
- 
- 
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-QSharedPointer<EVP_PKEY> SimulatorFileSystem::getKey(int pKeyId) const
-#else
- QSharedPointer<EC_KEY> SimulatorFileSystem::getKey(int pKeyId) const
-#endif
- {
- 	if (!mKeys.contains(pKeyId))
- 	{
-@@ -367,13 +363,8 @@ QSharedPointer<EC_KEY> SimulatorFileSystem::getKey(int pKeyId) const
- 		return nullptr;
- 	}
- 
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-	return privateKey;
-
-#else
- 	return EcUtil::create(EVP_PKEY_get1_EC_KEY(privateKey.data()));
- 
-#endif
- }
- 
- 
-diff --git a/src/card/simulator/SimulatorFileSystem.h b/src/card/simulator/SimulatorFileSystem.h
-index 7d8458f..57065db 100644
--- a/src/card/simulator/SimulatorFileSystem.h
-+++ b/src/card/simulator/SimulatorFileSystem.h
-@@ -43,11 +43,7 @@ class SimulatorFileSystem
- 
- 		[[nodiscard]] QByteArray getEfCardAccess() const;
- 		[[nodiscard]] QByteArray getPassword(PacePasswordId pPasswordId) const;
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-		[[nodiscard]] QSharedPointer<EVP_PKEY> getKey(int pKeyId) const;
-#else
- 		[[nodiscard]] QSharedPointer<EC_KEY> getKey(int pKeyId) const;
-#endif
- 		[[nodiscard]] QSharedPointer<const CVCertificate> getTrustPoint() const;
- 		void setTrustPoint(const QSharedPointer<const CVCertificate>& pTrustPoint);
- 
-- 
-2.51.0
-
--- a/AusweisApp2-1.24.1-use_Qt_TranslationsPath.patch
+++ b/AusweisApp2-1.24.1-use_Qt_TranslationsPath.patch
@ -1,17 +1,8 @@
-From 056e560ed6432e99a297d1c1d2c89c89621bd825 Mon Sep 17 00:00:00 2001
-From: rpm-build <rpm-build>
-Date: Thu, 6 Mar 2025 01:00:00 +0100
-Subject: [PATCH] AusweisApp2-1.24.1-use_Qt_TranslationsPath.patch
-
---
- src/global/FileDestination.h | 9 +++++++++
- 1 file changed, 9 insertions(+)
-
-diff --git a/src/global/FileDestination.h b/src/global/FileDestination.h
-index 2fd5826..781e9b9 100644
--- a/src/global/FileDestination.h
-+++ b/src/global/FileDestination.h
-@@ -7,8 +7,10 @@
+Index: AusweisApp2-1.24.1/src/global/FileDestination.h
+===================================================================
+--- AusweisApp2-1.24.1.orig/src/global/FileDestination.h
+++ AusweisApp2-1.24.1/src/global/FileDestination.h
+@@ -9,8 +9,10 @@
 #include <QCoreApplication>
 #include <QDebug>
 #include <QFile>
@ -20,9 +11,9 @@ index 2fd5826..781e9b9 100644
 #include <QStringBuilder>
 +#include <QtGlobal>
 
- 
 namespace governikus
-@@ -51,6 +53,13 @@ class FileDestination
+ {
+@@ -52,6 +54,13 @@ class FileDestination
 			QStandardPaths::StandardLocation pStandard = QStandardPaths::AppDataLocation)
 		{
 #if (defined(Q_OS_LINUX) && !defined(Q_OS_ANDROID)) || (defined(Q_OS_BSD4) && !defined(Q_OS_MACOS) && !defined(Q_OS_IOS))
@ -36,6 +27,3 @@ index 2fd5826..781e9b9 100644
 			if (const auto& match = QStandardPaths::locate(pStandard, pFilename, pOption); !match.isNull())
 			{
 				return match;
-- 
-2.48.1
-
--- a/AusweisApp2-2.0.1-use-legacy-openssl-api.patch
+++ b/AusweisApp2-2.0.1-use-legacy-openssl-api.patch
@ -0,0 +1,362 @@
+diff -up AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp.legacyapi AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp
+--- AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp.legacyapi	2023-11-08 16:55:33.000000000 +0100
+++ AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.cpp	2024-01-05 22:06:07.585023942 +0100
+@@ -182,7 +182,6 @@ QByteArray EcdsaPublicKey::getUncompress
+ }
+ 
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ QSharedPointer<EC_GROUP> EcdsaPublicKey::createGroup(const CurveData& pData) const
+ {
+ 	QSharedPointer<EC_GROUP> group = EcUtil::create(EC_GROUP_new_curve_GFp(pData.p.data(), pData.a.data(), pData.b.data(), nullptr));
+@@ -209,8 +208,6 @@ QSharedPointer<EC_GROUP> EcdsaPublicKey:
+ }
+ 
+ 
+-#endif
+-
+ QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const QByteArray& pPublicPoint) const
+ {
+ 	return createKey(reinterpret_cast<const uchar*>(pPublicPoint.constData()), static_cast<int>(pPublicPoint.size()));
+@@ -239,7 +236,6 @@ QSharedPointer<EVP_PKEY> EcdsaPublicKey:
+ 		return nullptr;
+ 	}
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ 	const auto& group = createGroup(curveData);
+ 	if (group.isNull())
+ 	{
+@@ -275,39 +271,4 @@ QSharedPointer<EVP_PKEY> EcdsaPublicKey:
+ 
+ 	return key;
+ 
+-#else
+-	const auto& params = EcUtil::create([&curveData, pPublicPoint, pPublicPointLength, this](OSSL_PARAM_BLD* pBuilder){
+-			return OSSL_PARAM_BLD_push_BN(pBuilder, "p", curveData.p.data())
+-				   && OSSL_PARAM_BLD_push_BN(pBuilder, "a", curveData.a.data())
+-				   && OSSL_PARAM_BLD_push_BN(pBuilder, "b", curveData.b.data())
+-				   && OSSL_PARAM_BLD_push_BN(pBuilder, "order", curveData.order.data())
+-				   && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", curveData.cofactor.data())
+-				   && OSSL_PARAM_BLD_push_octet_string(pBuilder, "pub", pPublicPoint, static_cast<size_t>(pPublicPointLength))
+-				   && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", mBasePoint->data, static_cast<size_t>(mBasePoint->length))
+-				   && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12);
+-		});
+-
+-	if (params == nullptr)
+-	{
+-		qCCritical(card) << "Cannot set parameter";
+-		return nullptr;
+-	}
+-
+-	auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr));
+-	if (!EVP_PKEY_fromdata_init(ctx.data()))
+-	{
+-		qCCritical(card) << "Cannot init pkey";
+-		return nullptr;
+-	}
+-
+-	EVP_PKEY* key = nullptr;
+-	if (!EVP_PKEY_fromdata(ctx.data(), &key, EVP_PKEY_PUBLIC_KEY, params.data()))
+-	{
+-		qCCritical(card) << "Cannot fetch data for pkey";
+-		return nullptr;
+-	}
+-
+-	return EcUtil::create(key);
+-
+-#endif
+ }
+diff -up AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h.legacyapi AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h
+--- AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h.legacyapi	2023-11-08 16:55:33.000000000 +0100
+++ AusweisApp-2.0.1/src/card/base/asn1/EcdsaPublicKey.h	2024-01-05 21:26:24.850152676 +0100
+@@ -13,9 +13,7 @@
+ #include <openssl/asn1t.h>
+ #include <openssl/evp.h>
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+-	#include <openssl/ec.h>
+-#endif
+#include <openssl/ec.h>
+ 
+ 
+ namespace governikus
+@@ -105,9 +103,7 @@ using EcdsaPublicKey = struct ecdsapubli
+ 
+ 		[[nodiscard]] CurveData createCurveData() const;
+ 		[[nodiscard]] QSharedPointer<EVP_PKEY> createKey(const uchar* pPublicPoint, int pPublicPointLength) const;
+-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ 		[[nodiscard]] QSharedPointer<EC_GROUP> createGroup(const CurveData& pData) const;
+-#endif
+ 
+ 	public:
+ 		static int decodeCallback(int pOperation, ASN1_VALUE** pVal, const ASN1_ITEM* pIt, void* pExarg);
+diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.cpp.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.cpp
+--- AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.cpp.legacyapi	2023-11-08 16:55:33.000000000 +0100
+++ AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.cpp	2024-01-05 21:51:28.494919678 +0100
+@@ -37,13 +37,8 @@ QByteArray EcdhGenericMapping::generateT
+ 
+ 	mTerminalKey = EcUtil::generateKey(mCurve);
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-	return EcUtil::getEncodedPublicKey(mTerminalKey);
+-
+-#else
+ 	return EcUtil::point2oct(mCurve, EC_KEY_get0_public_key(mTerminalKey.data()));
+ 
+-#endif
+ }
+ 
+ 
+@@ -56,12 +51,7 @@ bool EcdhGenericMapping::generateEphemer
+ 		return false;
+ 	}
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-	const QSharedPointer<const EC_POINT> terminalPubKeyPtr = EcUtil::oct2point(mCurve, EcUtil::getEncodedPublicKey(mTerminalKey));
+-	const EC_POINT* terminalPubKey = terminalPubKeyPtr.data();
+-#else
+ 	const EC_POINT* terminalPubKey = EC_KEY_get0_public_key(mTerminalKey.data());
+-#endif
+ 	if (!EC_POINT_cmp(mCurve.data(), terminalPubKey, cardPubKey.data(), nullptr))
+ 	{
+ 		qCCritical(card) << "The exchanged public keys are equal.";
+@@ -81,12 +71,7 @@ bool EcdhGenericMapping::generateEphemer
+ 
+ QSharedPointer<EC_POINT> EcdhGenericMapping::createNewGenerator(const QSharedPointer<const EC_POINT>& pCardPubKey, const QSharedPointer<const BIGNUM>& pS)
+ {
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-	const auto& privKeyPtr = EcUtil::getPrivateKey(mTerminalKey);
+-	const BIGNUM* privKey = privKeyPtr.data();
+-#else
+ 	const BIGNUM* privKey = EC_KEY_get0_private_key(mTerminalKey.data());
+-#endif
+ 
+ 	if (!privKey)
+ 	{
+diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.h.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.h
+--- AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.h.legacyapi	2023-11-08 16:55:33.000000000 +0100
+++ AusweisApp-2.0.1/src/card/base/pace/ec/EcdhGenericMapping.h	2024-01-05 21:52:19.801808499 +0100
+@@ -22,11 +22,7 @@ class EcdhGenericMapping
+ 
+ 	private:
+ 		const QSharedPointer<EC_GROUP> mCurve;
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-		QSharedPointer<EVP_PKEY> mTerminalKey;
+-#else
+ 		QSharedPointer<EC_KEY> mTerminalKey;
+-#endif
+ 
+ 		QSharedPointer<EC_POINT> createNewGenerator(const QSharedPointer<const EC_POINT>& pCardPubKey, const QSharedPointer<const BIGNUM>& pS);
+ 
+diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp
+--- AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp.legacyapi	2023-11-08 16:55:33.000000000 +0100
+++ AusweisApp-2.0.1/src/card/base/pace/ec/EcdhKeyAgreement.cpp	2024-01-05 21:37:17.920243239 +0100
+@@ -105,15 +105,8 @@ KeyAgreement::CardResult EcdhKeyAgreemen
+ 		return {CardReturnCode::PROTOCOL_ERROR};
+ 	}
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-	const QByteArray terminalEphemeralPublicKeyBytes = EcUtil::getEncodedPublicKey(terminalEphemeralKey);
+-
+-	const auto& privKeyPtr = EcUtil::getPrivateKey(terminalEphemeralKey);
+-	const BIGNUM* terminalEphemeralPrivateKey = privKeyPtr.data();
+-#else
+ 	const QByteArray terminalEphemeralPublicKeyBytes = EcUtil::point2oct(curve, EC_KEY_get0_public_key(terminalEphemeralKey.data()));
+ 	const BIGNUM* const terminalEphemeralPrivateKey = EC_KEY_get0_private_key(terminalEphemeralKey.data());
+-#endif
+ 
+ 	// Make a copy of the terminal public key for later mutual authentication.
+ 	mTerminalPublicKey = EcUtil::oct2point(curve, terminalEphemeralPublicKeyBytes);
+diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp
+--- AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp.legacyapi	2023-11-08 16:55:33.000000000 +0100
+++ AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.cpp	2024-01-05 20:33:28.156797843 +0100
+@@ -88,137 +88,6 @@ QSharedPointer<EC_POINT> EcUtil::oct2poi
+ }
+ 
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer<EVP_PKEY>& pKey)
+-{
+-	if (pKey.isNull())
+-	{
+-		qCCritical(card) << "Cannot use undefined key";
+-		return nullptr;
+-	}
+-
+-	uchar* key = nullptr;
+-	const size_t length = EVP_PKEY_get1_encoded_public_key(pKey.data(), &key);
+-	const auto guard = qScopeGuard([key] {
+-			OPENSSL_free(key);
+-		});
+-
+-	return length > 0 ? QByteArray(reinterpret_cast<char*>(key), static_cast<int>(length)) : QByteArray();
+-}
+-
+-
+-QSharedPointer<BIGNUM> EcUtil::getPrivateKey(const QSharedPointer<const EVP_PKEY>& pKey)
+-{
+-	BIGNUM* privKey = nullptr;
+-	EVP_PKEY_get_bn_param(pKey.data(), "priv", &privKey);
+-	return EcUtil::create(privKey);
+-}
+-
+-
+-QSharedPointer<OSSL_PARAM> EcUtil::create(const std::function<bool(OSSL_PARAM_BLD* pBuilder)>& pFunc)
+-{
+-	OSSL_PARAM_BLD* bld = OSSL_PARAM_BLD_new();
+-	const auto guard = qScopeGuard([bld] {
+-			OSSL_PARAM_BLD_free(bld);
+-		});
+-
+-	if (bld == nullptr)
+-	{
+-		qCCritical(card) << "Cannot create parameter builder";
+-		return nullptr;
+-	}
+-
+-	if (OSSL_PARAM* params = nullptr;
+-			pFunc(bld) && (params = OSSL_PARAM_BLD_to_param(bld)) != nullptr)
+-	{
+-		static auto deleter = [](OSSL_PARAM* pParam)
+-				{
+-					OSSL_PARAM_free(pParam);
+-				};
+-
+-		return QSharedPointer<OSSL_PARAM>(params, deleter);
+-	}
+-
+-	qCCritical(card) << "Cannot create parameter";
+-	return nullptr;
+-}
+-
+-
+-QSharedPointer<EVP_PKEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>& pCurve)
+-{
+-	if (pCurve.isNull())
+-	{
+-		qCCritical(card) << "Curve is undefined";
+-		return nullptr;
+-	}
+-
+-	auto generator = EcUtil::point2oct(pCurve, EC_GROUP_get0_generator(pCurve.data()));
+-
+-	auto order = EcUtil::create(BN_new());
+-	if (!EC_GROUP_get_order(pCurve.data(), order.data(), nullptr))
+-	{
+-		qCCritical(card) << "Cannot fetch order";
+-		return nullptr;
+-	}
+-
+-	auto cofactor = EcUtil::create(BN_new());
+-	if (!EC_GROUP_get_cofactor(pCurve.data(), cofactor.data(), nullptr))
+-	{
+-		qCCritical(card) << "Cannot fetch cofactor";
+-		return nullptr;
+-	}
+-
+-	auto p = EcUtil::create(BN_new());
+-	auto a = EcUtil::create(BN_new());
+-	auto b = EcUtil::create(BN_new());
+-	if (!EC_GROUP_get_curve(pCurve.data(), p.data(), a.data(), b.data(), nullptr))
+-	{
+-		qCCritical(card) << "Cannot fetch a, b or p";
+-		return nullptr;
+-	}
+-
+-	const auto& params = EcUtil::create([&p, &a, &b, &order, &cofactor, &generator](OSSL_PARAM_BLD* pBuilder){
+-			return OSSL_PARAM_BLD_push_BN(pBuilder, "p", p.data())
+-				   && OSSL_PARAM_BLD_push_BN(pBuilder, "a", a.data())
+-				   && OSSL_PARAM_BLD_push_BN(pBuilder, "b", b.data())
+-				   && OSSL_PARAM_BLD_push_BN(pBuilder, "order", order.data())
+-				   && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", cofactor.data())
+-				   && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", generator.data(), static_cast<size_t>(generator.size()))
+-				   && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12);
+-		});
+-
+-	if (params == nullptr)
+-	{
+-		qCCritical(card) << "Cannot set parameter";
+-		return nullptr;
+-	}
+-
+-	auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr));
+-	if (!ctx)
+-	{
+-		qCCritical(card) << "Cannot create EVP_PKEY_CTX";
+-		return nullptr;
+-	}
+-	EVP_PKEY_keygen_init(ctx.data());
+-
+-	if (!EVP_PKEY_CTX_set_params(ctx.data(), params.data()))
+-	{
+-		qCCritical(card) << "Cannot set params to EVP_PKEY_CTX";
+-		return nullptr;
+-	}
+-
+-	EVP_PKEY* key = nullptr;
+-	if (!EVP_PKEY_generate(ctx.data(), &key))
+-	{
+-		qCCritical(card) << "Cannot create EVP_PKEY";
+-		return nullptr;
+-	}
+-
+-	return EcUtil::create(key);
+-}
+-
+-
+-#else
+ QSharedPointer<EC_KEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>& pCurve)
+ {
+ 	if (pCurve.isNull())
+@@ -242,6 +111,3 @@ QSharedPointer<EC_KEY> EcUtil::generateK
+ 
+ 	return key;
+ }
+-
+-
+-#endif
+diff -up AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h.legacyapi AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h
+--- AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h.legacyapi	2023-11-08 16:55:33.000000000 +0100
+++ AusweisApp-2.0.1/src/card/base/pace/ec/EcUtil.h	2024-01-05 22:15:17.157430740 +0100
+@@ -30,9 +30,7 @@ class EcUtil
+ 
+ 		static QSharedPointer<EC_GROUP> create(EC_GROUP* pEcGroup);
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ 		static QSharedPointer<EC_KEY> create(EC_KEY* pEcKey);
+-#endif
+ 
+ 		static QSharedPointer<EC_POINT> create(EC_POINT* pEcPoint);
+ 
+@@ -42,14 +40,7 @@ class EcUtil
+ 
+ 		static QSharedPointer<EVP_PKEY_CTX> create(EVP_PKEY_CTX* pEcGroup);
+ 
+-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
+-		static QByteArray getEncodedPublicKey(const QSharedPointer<EVP_PKEY>& pKey);
+-		static QSharedPointer<BIGNUM> getPrivateKey(const QSharedPointer<const EVP_PKEY>& pKey);
+-		static QSharedPointer<OSSL_PARAM> create(const std::function<bool(OSSL_PARAM_BLD* pBuilder)>& pFunc);
+-		static QSharedPointer<EVP_PKEY> generateKey(const QSharedPointer<const EC_GROUP>& pCurve);
+-#else
+ 		static QSharedPointer<EC_KEY> generateKey(const QSharedPointer<const EC_GROUP>& pCurve);
+-#endif
+ 
+ 		static QSharedPointer<EC_GROUP> createCurve(int pNid);
+ };
+@@ -66,7 +57,6 @@ inline QSharedPointer<EC_GROUP> EcUtil::
+ }
+ 
+ 
+-#if OPENSSL_VERSION_NUMBER < 0x30000000L
+ inline QSharedPointer<EC_KEY> EcUtil::create(EC_KEY* pEcKey)
+ {
+ 	static auto deleter = [](EC_KEY* ecKey)
+@@ -78,8 +68,6 @@ inline QSharedPointer<EC_KEY> EcUtil::cr
+ }
+ 
+ 
+-#endif
+-
+ inline QSharedPointer<EC_POINT> EcUtil::create(EC_POINT* pEcPoint)
+ {
+ 	static auto deleter = [](EC_POINT* ecPoint)
--- a/AusweisApp2.spec
+++ b/AusweisApp2.spec
@ -24,6 +24,10 @@ fi                                               \
 %global build_fflags   %(echo '%{build_fflags}' | sed -e 's!-ffat-lto-objects!-fno-fat-lto-objects!g')
 %global build_fcflags  %(echo '%{build_fflags}' | sed -e 's!-ffat-lto-objects!-fno-fat-lto-objects!g')

+# Build and package Doxygen documentation?
+%bcond_without    doxy
+
+# Do we build with Qt6?
 %if 0%{?fedora} || 0%{?rhel} >= 9
 %global qt6_build 1
 %else
@ -37,11 +41,11 @@ fi                                               \
 %global newname   AusweisApp

 Name:             AusweisApp2
-Version:          2.4.0
+Version:          2.1.1
 Release:          %autorelease
 Summary:          %{pkg_sum}

-License:          EUPL-1.2
+License:          EUPL 1.2
 URL:              https://www.ausweisapp.bund.de/en

 # Url to releases on github.
@ -62,8 +66,8 @@ Source1000:       gen_openssl_cnf.py
 Patch01000:       %{name}-1.24.1-use_Qt_TranslationsPath.patch
 # Needed because Fedora's openssl does not support elliptic curves using custom parameters.
 # Request to enable them was denied: https://bugzilla.redhat.com/show_bug.cgi?id=2259403
-# It is currently not clear if the legacy API works by accident or by design. It does work as of March 2025.
-Patch01001:       0001-Use-legacy-OpenSSL-API.patch
+# It is currently not clear if the legacy API works by accident or by design. It does work as of January 2024.
+Patch01001:       %{name}-2.0.1-use-legacy-openssl-api.patch

 BuildRequires:    cmake
 BuildRequires:    crypto-policies
@ -158,6 +162,10 @@ used by %{name}.
 Summary:          User and API documentation for %{name}
 BuildArch:        noarch

+%if %{with doxy}
+BuildRequires:    doxygen
+BuildRequires:    graphviz
+%endif
 BuildRequires:    hardlink
 BuildRequires:    python3-sphinx
 BuildRequires:    python3-sphinx_rtd_theme
@ -165,6 +173,11 @@ BuildRequires:    python3-sphinx_rtd_theme
 # Do not raise conflicts about shared license files.
 Requires:         (%{name}               = %{version}-%{release} if %{name})

+# The doc-api package is faded, since we can ship the
+# Doxygen documentation noarch'ed as well now.
+Obsoletes:        %{name}-doc-api        < 1.20.1-2
+Provides:         %{name}-doc-api        = %{version}-%{release}
+
 %description doc
 This package contains the user and API documentation for %{name}.

@ -219,10 +232,16 @@ EOF

 %if (0%{?fedora} || 0%{?rhel} > 8)
 # Documentation.
-%cmake_build --target installation_integration_de installation_integration_en notes sdk
+%cmake_build --target installation_integration notes sdk
+%if %{with doxy}
+%cmake_build --target doxy
+%endif
 %else
 # Documentation.
-%ninja_build -C %{_vpath_builddir} installation_integration_de installation_integration_en notes sdk
+%ninja_build -C %{_vpath_builddir} installation_integration notes sdk
+%if %{with doxy}
+%ninja_build -C %{_vpath_builddir} doxy
+%endif
 %endif


@ -247,10 +266,13 @@ rm -fr %{buildroot}%{_datadir}/%{newname}/translations
 %endif

 # Excessive docs.
-mkdir -p %{buildroot}%{_pkgdocdir}/{installation_integration_{de,en},notes,sdk}
+mkdir -p %{buildroot}%{_pkgdocdir}/{installation_integration,notes,sdk}
 install -pm 0644 README.rst %{buildroot}%{_pkgdocdir}
-cp -a %{_vpath_builddir}/docs/installation_integration_de/html/* %{buildroot}%{_pkgdocdir}/installation_integration_de
-cp -a %{_vpath_builddir}/docs/installation_integration_en/html/* %{buildroot}%{_pkgdocdir}/installation_integration_en
+%if %{with doxy}
+mkdir -p %{buildroot}%{_pkgdocdir}/doxy
+cp -a %{_vpath_builddir}/doc/html/* %{buildroot}%{_pkgdocdir}/doxy
+%endif
+cp -a %{_vpath_builddir}/docs/installation_integration/html/* %{buildroot}%{_pkgdocdir}/installation_integration
 cp -a %{_vpath_builddir}/docs/notes/html/* %{buildroot}%{_pkgdocdir}/notes
 cp -a %{_vpath_builddir}/docs/sdk/html/* %{buildroot}%{_pkgdocdir}/sdk
 find %{buildroot}%{_pkgdocdir} -type d -print0 | xargs -0 chmod -c 0755
--- a/3
+++ b/3
@ -2,9 +2,6 @@
 - Update to 2.0.1
 - Fix up config.json.in section names

-* Wed Nov 29 2023 Jan Grulich <jgrulich@redhat.com> - 1.26.7-4
- Rebuild (qt6)
-
 * Fri Oct 13 2023 Jan Grulich <jgrulich@redhat.com> - 1.26.7-3
 - Rebuild (qt6)

--- a/6
+++ b/6
@ -1,4 +1,4 @@
-SHA512 (AusweisApp-2.4.0.tar.gz) = 6e0d89b30176f7722bebab01322363ee38ff43573167061d4a97d840b669f3e579ad9fb62345b97b75490690fd5e03f25994eaa1a77334171fcdd28d39ec3e4a
-SHA512 (AusweisApp-2.4.0.tar.gz.asc) = ac8ffdb68d5847978bf639a8f32462053bddcace5d9c3d6cb16e788bb2dbe98ae3b7cafe089246fa786fa4b3e048b81b608cbe77e948a843b2dcd774796d2a56
-SHA512 (AusweisApp-2.4.0.tar.gz.sha256) = 257634437251fc22b3d85386a282ee4ce68d2f0db1112a912a54db9a6741ecb79b4180c490486d9ff8519246e62165b5953ed5739e9de0e180bb46decfeff16a
+SHA512 (AusweisApp-2.1.1.tar.gz) = f2cc9de898c3b2e61eb9ac208a21d60708aceeeb79d73f0382bc4b68e4011178217594bd99ac24b07d0d3fbd80b46e5c3ddc6c76bb764e24dc473197f4e1d4c9
+SHA512 (AusweisApp-2.1.1.tar.gz.asc) = 560a7e53f1d991e03d584caf29e158d72b1ca654682a14b2507347deb761b9c333db54550124b380fd2d84a861ea120ef6548075ca76e4b9bf462d9d22ebc725
+SHA512 (AusweisApp-2.1.1.tar.gz.sha256) = 49296a1d54b014f74fbda708d3a428178223f476ceb352a781c6942e88a1a853d30bccaa3fafc325944becd4fe61b3036a4e3985d5b185aaf8579ea12c60a40f
 SHA512 (AusweisApp2-pubring.gpg) = 3aae27b673f4eb2f7d3bda6c839b3d11829a730bde546e92abb889abb1c2453e786dc906154074485406692f5b9abbb3e1fb293e6b397696b6371016723621cd
Author	SHA1	Message	Date
Julian Sikorski	016c08c942	Update to 2.1.1	2024-04-11 20:31:12 +02:00
Julian Sikorski	520d0a2bec	Really fix OpenSSL config generation	2024-03-02 19:51:50 +01:00
Julian Sikorski	956b0e586a	Fix OpenSSL config generation	2024-03-02 19:35:40 +01:00
Julian Sikorski	15d64f00d1	Add background information for the legacy openssl API patch	2024-03-02 19:35:40 +01:00
Julian Sikorski	3829033411	Update to 2.1.0	2024-03-01 09:49:11 +01:00
Julian Sikorski	c402d3daa3	Update to 2.0.3	2024-01-20 12:46:39 +01:00
Julian Sikorski	a56407eb95	Update to 2.0.2	2024-01-12 20:17:52 +01:00
Julian Sikorski	6234d9f3d5	Force the use of legacy OpenSSL API to fix issues with explicit EC curves	2024-01-05 22:55:10 +01:00
Julian Sikorski	4db057b8ac	Add dependencies needed to render the GUI properly	2024-01-02 13:33:31 +01:00
Julian Sikorski	daa75e1321	Convert to %autorelease and %autochangelog [skip changelog]	2024-01-02 13:33:24 +01:00
Julian Sikorski	5b8f5b0184	Update to 2.0.1 Fix up config.json.in section names	2023-12-28 16:15:02 +01:00