pool/AusweisApp
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- Add patch from Fedora to enforce use of legacy OpenSSL API

Browse Source 
+ 0001-use-legacy-openssl-api.patch (bsc#1231686)

OBS-URL: https://build.opensuse.org/package/show/security/AusweisApp?expand=0&rev=23
This commit is contained in:
John Paul Adrian Glaubitz 2024-11-01 08:19:57 +00:00 committed by Git OBS Bridge
commit 0001b2f845
9 changed files with 1480 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

51
0001-fix-qml-error-with-qt6.6.patch Normal file
View File

@ -0,0 +1,51 @@
From d01d6ee97b7e1fbb804e12614004f9c5eab7fee3 Mon Sep 17 00:00:00 2001
From: Lars Schmertmann <SmallLars@t-online.de>
Date: Thu, 11 Jul 2024 16:35:09 +0200
Subject: [PATCH] Fix QML error with Qt 6.6.3
Got QML warning: DetachedLogView.qml:16:2: Cannot override FINAL property
---
.../qml/modules/FeedbackView/+desktop/DetachedLogView.qml | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/ui/qml/modules/FeedbackView/+desktop/DetachedLogView.qml b/src/ui/qml/modules/FeedbackView/+desktop/DetachedLogView.qml
index 953a3766..db7e446a 100644
--- a/src/ui/qml/modules/FeedbackView/+desktop/DetachedLogView.qml
+++ b/src/ui/qml/modules/FeedbackView/+desktop/DetachedLogView.qml
@@ -12,8 +12,8 @@ import Governikus.View
Rectangle {
id: root
+ readonly property int controlRadius: 15
readonly property int horizontalPadding: 18
- readonly property int radius: 15
readonly property int spacing: 10
readonly property int verticalPadding: 6
@@ -55,7 +55,7 @@ Rectangle {
Layout.preferredWidth: 200
horizontalPadding: root.horizontalPadding
model: LogModel.logFileNames
- radius: root.radius
+ radius: root.controlRadius
textStyle: logTextStyle
verticalPadding: root.verticalPadding
@@ -64,7 +64,7 @@ Rectangle {
border.width: 1
color: Style.color.transparent
drawShadow: false
- radius: root.radius
+ radius: root.controlRadius
}
onCurrentIndexChanged: LogModel.setLogFile(currentIndex)
@@ -286,7 +286,7 @@ Rectangle {
Layout.minimumWidth: -1
borderWidth: 1
horizontalPadding: root.horizontalPadding
- radius: root.radius
+ radius: root.controlRadius
spacing: root.spacing
tintIcon: true
verticalPadding: root.verticalPadding

532
0001-use-legacy-openssl-api.patch Normal file
View File

@ -0,0 +1,532 @@
From 360d75e9ac2977a99b3e45e0e472a0abb02655cf Mon Sep 17 00:00:00 2001
From: rpm-build <rpm-build>
Date: Thu, 4 Jul 2024 20:10:17 +0200
Subject: [PATCH] AusweisApp2-2.0.1-use-legacy-openssl-api.patch
---
src/card/base/asn1/EcdsaPublicKey.cpp | 39 ------
src/card/base/asn1/EcdsaPublicKey.h | 6 +-
src/card/base/pace/ec/EcdhGenericMapping.cpp | 15 ---
src/card/base/pace/ec/EcdhGenericMapping.h | 4 -
src/card/base/pace/ec/EcdhKeyAgreement.cpp | 7 -
src/card/base/pace/ec/EcUtil.cpp | 134 -------------------
src/card/base/pace/ec/EcUtil.h | 12 --
src/card/simulator/SimulatorCard.cpp | 45 +------
src/card/simulator/SimulatorCard.h | 4 -
src/card/simulator/SimulatorFileSystem.cpp | 9 --
src/card/simulator/SimulatorFileSystem.h | 4 -
11 files changed, 2 insertions(+), 277 deletions(-)
diff --git a/src/card/base/asn1/EcdsaPublicKey.cpp b/src/card/base/asn1/EcdsaPublicKey.cpp
index ea07eda..0f19c11 100644
--- a/src/card/base/asn1/EcdsaPublicKey.cpp
+++ b/src/card/base/asn1/EcdsaPublicKey.cpp
@@ -182,7 +182,6 @@ QByteArray EcdsaPublicKey::getUncompressedPublicPoint() const
}
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
QSharedPointer<EC_GROUP> EcdsaPublicKey::createGroup(const CurveData& pData) const
{
QSharedPointer<EC_GROUP> group = EcUtil::create(EC_GROUP_new_curve_GFp(pData.p.data(), pData.a.data(), pData.b.data(), nullptr));
@@ -209,8 +208,6 @@ QSharedPointer<EC_GROUP> EcdsaPublicKey::createGroup(const CurveData& pData) con
}
-#endif
-
QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const QByteArray& pPublicPoint) const
{
return createKey(reinterpret_cast<const uchar*>(pPublicPoint.constData()), static_cast<int>(pPublicPoint.size()));
@@ -239,7 +236,6 @@ QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const uchar* pPublicPoint, in
return nullptr;
}
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
const auto& group = createGroup(curveData);
if (group.isNull())
{
@@ -275,39 +271,4 @@ QSharedPointer<EVP_PKEY> EcdsaPublicKey::createKey(const uchar* pPublicPoint, in
return key;
-#else
- const auto& params = EcUtil::create([&curveData, pPublicPoint, pPublicPointLength, this](OSSL_PARAM_BLD* pBuilder){
- return OSSL_PARAM_BLD_push_BN(pBuilder, "p", curveData.p.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "a", curveData.a.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "b", curveData.b.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "order", curveData.order.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", curveData.cofactor.data())
- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "pub", pPublicPoint, static_cast<size_t>(pPublicPointLength))
- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", mBasePoint->data, static_cast<size_t>(mBasePoint->length))
- && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12);
- });
-
- if (params == nullptr)
- {
- qCCritical(card) << "Cannot set parameter";
- return nullptr;
- }
-
- auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr));
- if (!EVP_PKEY_fromdata_init(ctx.data()))
- {
- qCCritical(card) << "Cannot init pkey";
- return nullptr;
- }
-
- EVP_PKEY* key = nullptr;
- if (!EVP_PKEY_fromdata(ctx.data(), &key, EVP_PKEY_PUBLIC_KEY, params.data()))
- {
- qCCritical(card) << "Cannot fetch data for pkey";
- return nullptr;
- }
-
- return EcUtil::create(key);
-
-#endif
}
diff --git a/src/card/base/asn1/EcdsaPublicKey.h b/src/card/base/asn1/EcdsaPublicKey.h
index 36f768e..45f78ec 100644
--- a/src/card/base/asn1/EcdsaPublicKey.h
+++ b/src/card/base/asn1/EcdsaPublicKey.h
@@ -13,9 +13,7 @@
#include <openssl/asn1t.h>
#include <openssl/evp.h>
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
- #include <openssl/ec.h>
-#endif
+#include <openssl/ec.h>
namespace governikus
@@ -105,9 +103,7 @@ using EcdsaPublicKey = struct ecdsapublickey_st
[[nodiscard]] CurveData createCurveData() const;
[[nodiscard]] QSharedPointer<EVP_PKEY> createKey(const uchar* pPublicPoint, int pPublicPointLength) const;
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
[[nodiscard]] QSharedPointer<EC_GROUP> createGroup(const CurveData& pData) const;
-#endif
public:
static int decodeCallback(int pOperation, ASN1_VALUE** pVal, const ASN1_ITEM* pIt, void* pExarg);
diff --git a/src/card/base/pace/ec/EcdhGenericMapping.cpp b/src/card/base/pace/ec/EcdhGenericMapping.cpp
index 3e2d1d4..1a8e6a2 100644
--- a/src/card/base/pace/ec/EcdhGenericMapping.cpp
+++ b/src/card/base/pace/ec/EcdhGenericMapping.cpp
@@ -37,13 +37,8 @@ QByteArray EcdhGenericMapping::generateLocalMappingData()
mLocalKey = EcUtil::generateKey(mCurve);
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- return EcUtil::getEncodedPublicKey(mLocalKey);
-
-#else
return EcUtil::point2oct(mCurve, EC_KEY_get0_public_key(mLocalKey.data()));
-#endif
}
@@ -56,12 +51,7 @@ bool EcdhGenericMapping::generateEphemeralDomainParameters(const QByteArray& pRe
return false;
}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- const QSharedPointer<const EC_POINT> localPubKeyPtr = EcUtil::oct2point(mCurve, EcUtil::getEncodedPublicKey(mLocalKey));
- const EC_POINT* localPubKey = localPubKeyPtr.data();
-#else
const EC_POINT* localPubKey = EC_KEY_get0_public_key(mLocalKey.data());
-#endif
if (!EC_POINT_cmp(mCurve.data(), localPubKey, remotePubKey.data(), nullptr))
{
qCCritical(card) << "The exchanged public keys are equal.";
@@ -81,12 +71,7 @@ bool EcdhGenericMapping::generateEphemeralDomainParameters(const QByteArray& pRe
QSharedPointer<EC_POINT> EcdhGenericMapping::createNewGenerator(const QSharedPointer<const EC_POINT>& pRemotePubKey, const QSharedPointer<const BIGNUM>& pS)
{
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- const auto& privKeyPtr = EcUtil::getPrivateKey(mLocalKey);
- const BIGNUM* privKey = privKeyPtr.data();
-#else
const BIGNUM* privKey = EC_KEY_get0_private_key(mLocalKey.data());
-#endif
if (!privKey)
{
diff --git a/src/card/base/pace/ec/EcdhGenericMapping.h b/src/card/base/pace/ec/EcdhGenericMapping.h
index bdfa5a8..dea4bf0 100644
--- a/src/card/base/pace/ec/EcdhGenericMapping.h
+++ b/src/card/base/pace/ec/EcdhGenericMapping.h
@@ -22,11 +22,7 @@ class EcdhGenericMapping
private:
const QSharedPointer<EC_GROUP> mCurve;
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- QSharedPointer<EVP_PKEY> mLocalKey;
-#else
QSharedPointer<EC_KEY> mLocalKey;
-#endif
QSharedPointer<EC_POINT> createNewGenerator(const QSharedPointer<const EC_POINT>& pRemotePubKey, const QSharedPointer<const BIGNUM>& pS);
diff --git a/src/card/base/pace/ec/EcdhKeyAgreement.cpp b/src/card/base/pace/ec/EcdhKeyAgreement.cpp
index 0f0ae09..45c8a76 100644
--- a/src/card/base/pace/ec/EcdhKeyAgreement.cpp
+++ b/src/card/base/pace/ec/EcdhKeyAgreement.cpp
@@ -96,15 +96,8 @@ KeyAgreement::CardResult EcdhKeyAgreement::performKeyExchange()
return {CardReturnCode::PROTOCOL_ERROR};
}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- const QByteArray terminalEphemeralPublicKeyBytes = EcUtil::getEncodedPublicKey(terminalEphemeralKey);
-
- const auto& privKeyPtr = EcUtil::getPrivateKey(terminalEphemeralKey);
- const BIGNUM* terminalEphemeralPrivateKey = privKeyPtr.data();
-#else
const QByteArray terminalEphemeralPublicKeyBytes = EcUtil::point2oct(curve, EC_KEY_get0_public_key(terminalEphemeralKey.data()));
const BIGNUM* const terminalEphemeralPrivateKey = EC_KEY_get0_private_key(terminalEphemeralKey.data());
-#endif
// Make a copy of the terminal public key for later mutual authentication.
mTerminalPublicKey = EcUtil::oct2point(curve, terminalEphemeralPublicKeyBytes);
diff --git a/src/card/base/pace/ec/EcUtil.cpp b/src/card/base/pace/ec/EcUtil.cpp
index 10db88f..5c0ff53 100644
--- a/src/card/base/pace/ec/EcUtil.cpp
+++ b/src/card/base/pace/ec/EcUtil.cpp
@@ -103,137 +103,6 @@ QSharedPointer<EC_POINT> EcUtil::oct2point(const QSharedPointer<const EC_GROUP>&
}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-QByteArray EcUtil::getEncodedPublicKey(const QSharedPointer<EVP_PKEY>& pKey)
-{
- if (pKey.isNull())
- {
- qCCritical(card) << "Cannot use undefined key";
- return nullptr;
- }
-
- uchar* key = nullptr;
- const size_t length = EVP_PKEY_get1_encoded_public_key(pKey.data(), &key);
- const auto guard = qScopeGuard([key] {
- OPENSSL_free(key);
- });
-
- return length > 0 ? QByteArray(reinterpret_cast<char*>(key), static_cast<int>(length)) : QByteArray();
-}
-
-
-QSharedPointer<BIGNUM> EcUtil::getPrivateKey(const QSharedPointer<const EVP_PKEY>& pKey)
-{
- BIGNUM* privKey = nullptr;
- EVP_PKEY_get_bn_param(pKey.data(), "priv", &privKey);
- return EcUtil::create(privKey);
-}
-
-
-QSharedPointer<OSSL_PARAM> EcUtil::create(const std::function<bool(OSSL_PARAM_BLD* pBuilder)>& pFunc)
-{
- OSSL_PARAM_BLD* bld = OSSL_PARAM_BLD_new();
- const auto guard = qScopeGuard([bld] {
- OSSL_PARAM_BLD_free(bld);
- });
-
- if (bld == nullptr)
- {
- qCCritical(card) << "Cannot create parameter builder";
- return nullptr;
- }
-
- if (OSSL_PARAM* params = nullptr;
- pFunc(bld) && (params = OSSL_PARAM_BLD_to_param(bld)) != nullptr)
- {
- static auto deleter = [](OSSL_PARAM* pParam)
- {
- OSSL_PARAM_free(pParam);
- };
-
- return QSharedPointer<OSSL_PARAM>(params, deleter);
- }
-
- qCCritical(card) << "Cannot create parameter";
- return nullptr;
-}
-
-
-QSharedPointer<EVP_PKEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>& pCurve)
-{
- if (pCurve.isNull())
- {
- qCCritical(card) << "Curve is undefined";
- return nullptr;
- }
-
- auto generator = EcUtil::point2oct(pCurve, EC_GROUP_get0_generator(pCurve.data()));
-
- auto order = EcUtil::create(BN_new());
- if (!EC_GROUP_get_order(pCurve.data(), order.data(), nullptr))
- {
- qCCritical(card) << "Cannot fetch order";
- return nullptr;
- }
-
- auto cofactor = EcUtil::create(BN_new());
- if (!EC_GROUP_get_cofactor(pCurve.data(), cofactor.data(), nullptr))
- {
- qCCritical(card) << "Cannot fetch cofactor";
- return nullptr;
- }
-
- auto p = EcUtil::create(BN_new());
- auto a = EcUtil::create(BN_new());
- auto b = EcUtil::create(BN_new());
- if (!EC_GROUP_get_curve(pCurve.data(), p.data(), a.data(), b.data(), nullptr))
- {
- qCCritical(card) << "Cannot fetch a, b or p";
- return nullptr;
- }
-
- const auto& params = EcUtil::create([&p, &a, &b, &order, &cofactor, &generator](OSSL_PARAM_BLD* pBuilder){
- return OSSL_PARAM_BLD_push_BN(pBuilder, "p", p.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "a", a.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "b", b.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "order", order.data())
- && OSSL_PARAM_BLD_push_BN(pBuilder, "cofactor", cofactor.data())
- && OSSL_PARAM_BLD_push_octet_string(pBuilder, "generator", generator.data(), static_cast<size_t>(generator.size()))
- && OSSL_PARAM_BLD_push_utf8_string(pBuilder, "field-type", "prime-field", 12);
- });
-
- if (params == nullptr)
- {
- qCCritical(card) << "Cannot set parameter";
- return nullptr;
- }
-
- auto ctx = EcUtil::create(EVP_PKEY_CTX_new_from_name(nullptr, "EC", nullptr));
- if (!ctx)
- {
- qCCritical(card) << "Cannot create EVP_PKEY_CTX";
- return nullptr;
- }
- EVP_PKEY_keygen_init(ctx.data());
-
- if (!EVP_PKEY_CTX_set_params(ctx.data(), params.data()))
- {
- qCCritical(card) << "Cannot set params to EVP_PKEY_CTX";
- return nullptr;
- }
-
- EVP_PKEY* key = nullptr;
- if (!EVP_PKEY_generate(ctx.data(), &key))
- {
- qCCritical(card) << "Cannot create EVP_PKEY";
- return nullptr;
- }
-
- return EcUtil::create(key);
-}
-
-
-#else
QSharedPointer<EC_KEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>& pCurve)
{
if (pCurve.isNull())
@@ -257,6 +126,3 @@ QSharedPointer<EC_KEY> EcUtil::generateKey(const QSharedPointer<const EC_GROUP>&
return key;
}
-
-
-#endif
diff --git a/src/card/base/pace/ec/EcUtil.h b/src/card/base/pace/ec/EcUtil.h
index b575341..f7db521 100644
--- a/src/card/base/pace/ec/EcUtil.h
+++ b/src/card/base/pace/ec/EcUtil.h
@@ -32,9 +32,7 @@ class EcUtil
static QSharedPointer<EC_GROUP> create(EC_GROUP* pEcGroup);
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
static QSharedPointer<EC_KEY> create(EC_KEY* pEcKey);
-#endif
static QSharedPointer<EC_POINT> create(EC_POINT* pEcPoint);
@@ -44,14 +42,7 @@ class EcUtil
static QSharedPointer<EVP_PKEY_CTX> create(EVP_PKEY_CTX* pEcGroup);
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- static QByteArray getEncodedPublicKey(const QSharedPointer<EVP_PKEY>& pKey);
- static QSharedPointer<BIGNUM> getPrivateKey(const QSharedPointer<const EVP_PKEY>& pKey);
- static QSharedPointer<OSSL_PARAM> create(const std::function<bool(OSSL_PARAM_BLD* pBuilder)>& pFunc);
- static QSharedPointer<EVP_PKEY> generateKey(const QSharedPointer<const EC_GROUP>& pCurve);
-#else
static QSharedPointer<EC_KEY> generateKey(const QSharedPointer<const EC_GROUP>& pCurve);
-#endif
static QSharedPointer<EC_GROUP> createCurve(int pNid);
};
@@ -68,7 +59,6 @@ inline QSharedPointer<EC_GROUP> EcUtil::create(EC_GROUP* pEcGroup)
}
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
inline QSharedPointer<EC_KEY> EcUtil::create(EC_KEY* pEcKey)
{
static auto deleter = [](EC_KEY* ecKey)
@@ -80,8 +70,6 @@ inline QSharedPointer<EC_KEY> EcUtil::create(EC_KEY* pEcKey)
}
-#endif
-
inline QSharedPointer<EC_POINT> EcUtil::create(EC_POINT* pEcPoint)
{
static auto deleter = [](EC_POINT* ecPoint)
diff --git a/src/card/simulator/SimulatorCard.cpp b/src/card/simulator/SimulatorCard.cpp
index 87491d7..2da83b1 100644
--- a/src/card/simulator/SimulatorCard.cpp
+++ b/src/card/simulator/SimulatorCard.cpp
@@ -22,9 +22,7 @@
#include <QScopeGuard>
#include <QThread>
#include <QtEndian>
-#if OPENSSL_VERSION_NUMBER < 0x30000000L
- #include <openssl/bn.h>
-#endif
+#include <openssl/bn.h>
using namespace governikus;
@@ -369,12 +367,8 @@ ResponseApduResult SimulatorCard::executeGeneralAuthenticate(const CommandApdu&
mPaceTerminalKey = cmdData.getData(V_ASN1_CONTEXT_SPECIFIC, ASN1Struct::PACE_EPHEMERAL_PUBLIC_KEY);
auto asn1KeyAgreement = newObject<GA_PERFORMKEYAGREEMENTDATA>();
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- const auto& encodedPublicKey = EcUtil::getEncodedPublicKey(mCardKey);
-#else
const auto& curve = EcUtil::create(EC_GROUP_dup(EC_KEY_get0_group(mCardKey.data())));
const auto& encodedPublicKey = EcUtil::point2oct(curve, EC_KEY_get0_public_key(mCardKey.data()));
-#endif
Asn1OctetStringUtil::setValue(encodedPublicKey, asn1KeyAgreement->mEphemeralPublicKey);
responseData = encodeObject(asn1KeyAgreement.data());
break;
@@ -461,42 +455,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const
return QByteArray();
}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- const auto& terminalKey = EcUtil::create(EVP_PKEY_new());
- if (terminalKey.isNull() || EVP_PKEY_copy_parameters(terminalKey.data(), mCardKey.data()) == 0)
- {
- qCCritical(card_simulator) << "Initialization of the terminal key failed";
- return QByteArray();
- }
- if (!EVP_PKEY_set1_encoded_public_key(
- terminalKey.data(),
- reinterpret_cast<const unsigned char*>(pPoint.data()),
- static_cast<size_t>(pPoint.length())))
- {
- qCCritical(card_simulator) << "Interpreting the terminal key failed";
- return QByteArray();
- }
-
- const auto& ctx = EcUtil::create(EVP_PKEY_CTX_new_from_pkey(nullptr, mCardKey.data(), nullptr));
- size_t resultLen = 0;
- if (EVP_PKEY_derive_init(ctx.data()) <= 0
- || EVP_PKEY_derive_set_peer(ctx.data(), terminalKey.data()) <= 0
- || EVP_PKEY_derive(ctx.data(), nullptr, &resultLen) <= 0)
- {
- qCCritical(card_simulator) << "Initialization or calculation of the result failed";
- return QByteArray();
- }
-
- QByteArray result(static_cast<qsizetype>(resultLen), '\0');
- if (EVP_PKEY_derive(ctx.data(), reinterpret_cast<uchar*>(result.data()), &resultLen) <= 0)
- {
- qCCritical(card_simulator) << "Calculation of the result failed";
- return QByteArray();
- }
-
- return result;
-
-#else
const auto& curve = EcUtil::create(EC_GROUP_dup(EC_KEY_get0_group(mCardKey.data())));
auto point = EcUtil::oct2point(curve, pPoint);
if (!point)
@@ -515,7 +473,6 @@ QByteArray SimulatorCard::ecMultiplication(const QByteArray& pPoint) const
return EcUtil::point2oct(curve, result.data(), true);
-#endif
}
diff --git a/src/card/simulator/SimulatorCard.h b/src/card/simulator/SimulatorCard.h
index b709d17..23f858b 100644
--- a/src/card/simulator/SimulatorCard.h
+++ b/src/card/simulator/SimulatorCard.h
@@ -35,11 +35,7 @@ class SimulatorCard
QSharedPointer<CHAT> mPaceChat;
QByteArray mPaceNonce;
QByteArray mPaceTerminalKey;
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- QSharedPointer<EVP_PKEY> mCardKey;
-#else
QSharedPointer<EC_KEY> mCardKey;
-#endif
QSharedPointer<AuthenticatedAuxiliaryData> mTaAuxData;
public:
diff --git a/src/card/simulator/SimulatorFileSystem.cpp b/src/card/simulator/SimulatorFileSystem.cpp
index 122ca4f..046d540 100644
--- a/src/card/simulator/SimulatorFileSystem.cpp
+++ b/src/card/simulator/SimulatorFileSystem.cpp
@@ -327,11 +327,7 @@ QByteArray SimulatorFileSystem::getEfCardAccess() const
}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
-QSharedPointer<EVP_PKEY> SimulatorFileSystem::getKey(int pKeyId) const
-#else
QSharedPointer<EC_KEY> SimulatorFileSystem::getKey(int pKeyId) const
-#endif
{
if (!mKeys.contains(pKeyId))
{
@@ -347,13 +343,8 @@ QSharedPointer<EC_KEY> SimulatorFileSystem::getKey(int pKeyId) const
return nullptr;
}
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- return privateKey;
-
-#else
return EcUtil::create(EVP_PKEY_get1_EC_KEY(privateKey.data()));
-#endif
}
diff --git a/src/card/simulator/SimulatorFileSystem.h b/src/card/simulator/SimulatorFileSystem.h
index cb9704b..44d4054 100644
--- a/src/card/simulator/SimulatorFileSystem.h
+++ b/src/card/simulator/SimulatorFileSystem.h
@@ -38,11 +38,7 @@ class SimulatorFileSystem
[[nodiscard]] StatusCode write(qsizetype pOffset, const QByteArray& pData);
[[nodiscard]] QByteArray getEfCardAccess() const;
-#if OPENSSL_VERSION_NUMBER >= 0x30000000L
- [[nodiscard]] QSharedPointer<EVP_PKEY> getKey(int pKeyId) const;
-#else
[[nodiscard]] QSharedPointer<EC_KEY> getKey(int pKeyId) const;
-#endif
[[nodiscard]] StatusCode verify(const Oid& pOid, const QSharedPointer<AuthenticatedAuxiliaryData>& pAuxiliaryData) const;
--
2.45.2

3
2.2.0.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:c68c710d4608aa73ff22e513298d7e05462eb6123ea083e029205599828175dd
size 5923990

3
2.2.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e2786f4818d77c364eb8a6305b9313411d984b6774d9a49564306f10d663f0fe
size 5929111

3
2.2.2.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:f8547d54dd10425a24b1390c54b0f5198a77166b4c8771078626d5b8a42f8f99
size 5943648

764
AusweisApp.changes Normal file
View File

@ -0,0 +1,764 @@
-------------------------------------------------------------------
Fri Nov 1 08:19:20 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Add patch from Fedora to enforce use of legacy OpenSSL API
+ 0001-use-legacy-openssl-api.patch (bsc#1231686)
-------------------------------------------------------------------
Wed Oct 23 13:41:45 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 2.2.2
- Visual adjustments and optimization of the graphical user interface.
- Optimization of accessibility and keyboard operability.
- Addition of the Android ABIs armeabi-v7a and x86_64 in addition to
arm64-v8a in the SDK.
-------------------------------------------------------------------
Wed Sep 11 10:20:37 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 2.2.1
- Visual adjustments and optimization of the graphical user interface.
- Optimization of accessibility and keyboard usability.
- Prevention of the display of external content in
the graphical user interface.
- Support for smartphones with Android 15 where
optimized memory management has been activated.
- Support for 16 KB page sizes on Android.
- Stabilization of the iOS SDK during fast restarts.
- Correction of the behavior when using Qt 6.6.3.
- Avoidance of a log file within the container in the container SDK.
- Update of the Android NDK to r27b (27.1.12297006).
- Update of the Android SDK Platform to Android 15 (API level 35).
- Update of OpenSSL to version 3.3.2.
- Drop patches for issues fixed upstream
+ 0001-fix-qml-error-with-qt6.6.patch
-------------------------------------------------------------------
Fri Jul 19 11:44:15 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Add missing libQt6Svg6 runtime dependency to Requires
-------------------------------------------------------------------
Fri Jul 12 13:24:10 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Cherry-pick upstream patch to fix QML error with Qt 6.6
+ 0001-fix-qml-error-with-qt6.6.patch
-------------------------------------------------------------------
Fri Jul 5 11:30:50 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 2.2.0
- Visual adjustments and optimization of the graphical user interface.
- Display of the old and new device name when using "Smartphone as card
reader" if the name of a device has changed.
- An information page has been added at the end of an authentication before
forwarding to the service provider.
- Increased the time allowed to respond to card commands on Android to support
badges that have switched to a safe slow mode after too many incorrect CAN entries.
- Improved accessibility options.
- Support for Android 8 has been discontinued.
- The "Smartphone as card reader" function now requires at least version 2.1.0.
- Support for ChromeOS has been added.
- Support for key lengths smaller than 3000 bits has been discontinued.
- Changelog added to the documentation for the SDK.
- Functional extension of the SDK (see changelog).
- Update of Qt to version 6.7.2.
- Update of OpenSSL to version 3.3.1.
-------------------------------------------------------------------
Thu Apr 11 08:16:20 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 2.1.1
- Visual adjustments and optimization of the graphical user interface.
- Fixed rarely occurring problems in connection with the browser used.
- Textual adjustments.
- Fixed READER messages in the SDK when using unknown cards or when
the connection to the card is unstable.
-------------------------------------------------------------------
Thu Feb 29 14:15:15 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 2.1.0
- Visual adjustments and optimization of the graphical user interface.
- Improved detection of system language on macOS.
- Removed the five minutes time limit for password
entry when the ID card is placed on the reader.
- Fixed display of changed device names when using "Smartphone as card reader".
- Add an option to disable animations.
- Fixed the behavior of "Smartphone as card reader"
with activated password entry when using a PUK.
- Fixed of the connection test with a password-protected
proxy in the diagnostics on desktop systems.
- Drop support for macOS 11 Big Sur.
- Fixed processing of certificates with CAv3 extension.
- Unified documentation for installation and integration.
- Update of OpenSSL to version 3.1.5.
-------------------------------------------------------------------
Fri Jan 19 10:44:24 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 2.0.3
- Fixed crash on macOS 11.
- Fixed missing German translation.
- Fixed display of release notes.
-------------------------------------------------------------------
Sat Jan 13 11:49:15 UTC 2024 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 2.0.2
- Avoid showing hints to the PIN reset service.
- Pass original source tree name to %setup macro
- Use original source tree name in %install section
-------------------------------------------------------------------
Wed Nov 15 07:45:17 UTC 2023 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 2.0.1
- Fixed an issue where settings were not saved on iOS and macOS.
- Fixed entitlements on macOS.
-------------------------------------------------------------------
Tue Nov 7 15:41:37 UTC 2023 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 2.0.0
- Renamed AusweisApp2 to AusweisApp.
- Completely revised graphical user interface.
- Dark mode is now supported on all platforms.
- The display in landscape mode has been
optimized and is now set automatically.
- System font and size are now honored by the app.
- Optimized usability of the title bar.
- Online help is no longer available.
- The provider list is no longer integrated in AusweisApp
but can now be accessed via the AusweisApp website.
- History of authentication processes has been removed.
- The PDF export function for personal data has been removed.
- macOS Catalina 10.15 is no longer supported.
- Android 7 is no longer supported.
- iOS 13 is no longer supported.
- Updated Qt to version 6.5.3.
- Updated OpenSSL to version 3.1.4.
- Pass adjusted source tree name to %setup macro
- Use adjusted source tree name in %install section
- Rename package from AusweisApp2 to AusweisApp
- Drop patches for issues fixed upstream
+ 0001-fix-ftbfs-with-qt6.6.patch
+ 0002-update-qml-for-qt6.6.patch
-------------------------------------------------------------------
Tue Oct 17 08:55:19 UTC 2023 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Add patch to fix FTBFS with Qt 6.6
+ 0001-fix-ftbfs-with-qt6.6.patch
- Add patch to update QML for Qt 6.6
+ 0002-update-qml-for-qt6.6.patch
-------------------------------------------------------------------
Tue Aug 1 11:45:15 UTC 2023 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 1.26.7
- Fixed possible crash during start-up on Android
+ from version 1.26.6
- Fixed possible crash during start-up on Android
-------------------------------------------------------------------
Wed Jul 26 11:37:46 UTC 2023 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 1.26.5
- Reworked the pairing process when using a smartphone as card reader.
Both devices involved in pairing must be updated to version 1.26.5.
Pairing AusweisApp 1.26.5 with older versions is not supported.
- Progress is now also shown on the smartphone when using it as a card reader.
- Enabled keyboard mode by default when using smartphone as a card reader.
- When using keyboard mode on a smartphone as a card reader, showing the
permissions can now be re-enabled in settings at any time.
- Added a monochrome icon on Android.
- Added handling for <Command> + <W> on macOS.
- Removed the update function on macOS in favor of the Mac App Store.
- Minor bug fixes and optimizations.
- Fixed documentation for installation in corporate networks
on macOS when configuring the setup wizard.
- Optimized the size of the Android SDK.
- Updated OpenSSL to version 3.0.9.
- Add qt6-core-private-devel to BuildRequires
-------------------------------------------------------------------
Sat Apr 29 09:03:40 UTC 2023 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 1.26.4
- Improved window management on macOS.
- Minor bug fixes and optimizations.
- Changed INTERRUPT to not always display an error icon.
- Enabled "Access-Control-Allow-Private-Network"
header to be set during status requests.
- Changed CHANGE_PIN to return a FailureCode.
- Fixed a crash with AirPlay in the iOS SDK.
- Fixed private icons in the iOS SDK.
- Added simulator support for explicit private keys as parameters.
- Fixed cancel button in the iOS scan dialog of
the SDK not cancelling the workflow.
-------------------------------------------------------------------
Thu Mar 9 23:31:05 UTC 2023 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 1.26.3
- Improvement of help and tutorial texts.
- Improvements in diagnostics.
- Fix an error in the NFC dialog on iOS.
- Improved accessibility when entering PIN, CAN and PUK.
- Introduction of unique FailureCodes in SDK.
- Added the environment variable AUSWEISAPP2_AUTOMATIC_DEVELOPERMODE
in the fully automated SDK.
- Fixed incorrect progress display in SDK for iOS.
- Added SECURESCREENKEYBOARD for corporate environments.
- Bumped TargetSDK to 33 in SDK for Android.
- Update of OpenSSL to version 3.0.8.
-------------------------------------------------------------------
Sun Feb 5 20:05:56 UTC 2023 - Marcus Meissner <meissner@suse.com>
- switch to generic openssl-devel to allow openssl-3
-------------------------------------------------------------------
Mon Jan 23 09:29:26 UTC 2023 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 1.26.2
- Fixed notification when another application is running on the port in use.
- Fixed crashes on Android.
- Optimization of forwarding to "CommunicationErrorAddress" on iOS.
- Improved installation of the proxy service for terminal server environments.
- Fixed the setting for the setup wizard when installing in corporate networks.
-------------------------------------------------------------------
Sun Dec 18 17:25:08 UTC 2022 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 1.26.1
- Fixed the loss of settings on Android.
- Fixed the use of non-public or deprecated APIs
on macOS to comply with App Store Guidelines.
+ from version 1.26.0
- Support for macOS 13.
- Support for Windows Server 2016 (version 1607).
- Support for Windows Server 2019.
- Support for Windows Server 2022.
- A proxy service is now available for multi-user operation in terminal
server environments. Details can be found in the document "Guide To
Installation In Corporate Networks".
- Fixed crashes on Android.
- The iOS SDK now supports the arm64 simulator.
- Updated OpenSSL to version 3.0.7.
- Updated Qt to version 6.4.1.
-------------------------------------------------------------------
Wed Nov 9 07:46:43 UTC 2022 - ecsos <ecsos@opensuse.org>
- Add BuildRequires, so it can also build for Leap >= 15.4.
-------------------------------------------------------------------
Wed Nov 2 20:53:59 UTC 2022 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 1.24.4
* Fixed potential crashes due to OpenSSL (denial of service).
* Updated OpenSSL to version 3.0.7.
-------------------------------------------------------------------
Sat Oct 29 23:27:58 UTC 2022 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 1.24.3
* Fixed crashes on Android.
* Disabled (cloud) backup on Android and iOS.
* Fixed the A11y display of the SaK pairing code on Android and iOS.
* Blocked installation on unsupported versions of Windows 10.
* Fixed compatibility with Qt 6.4.
* Enabled the simulator in the Android and iOS SDK.
- Upgrade Qt build and runtime dependencies for Qt6
+ Add Qt6 packages to BuildRequires
* qt6-concurrent-devel
* qt6-core-devel
* qt6-linguist-devel
* qt6-network-devel
* qt6-qml-devel
* qt6-qmlworkerscript-devel
* qt6-quick-devel
* qt6-quickcontrols2-devel
* qt6-shadertools-devel
* qt6-statemachine-devel
* qt6-svg-devel
* qt6-websockets-devel
+ Drop all Qt5 packages from BuildRequires and Requires
- Run spec-cleaner
-------------------------------------------------------------------
Wed Sep 7 07:39:34 UTC 2022 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 1.24.2
* Fixed crashes on Android.
* Fixed a bug with changing the transport PIN on desktop systems.
-------------------------------------------------------------------
Mon Sep 5 10:54:45 UTC 2022 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 1.24.1
* Support for the Russian and Ukrainian languages has been added.
* Fixed some issues with regards to PersoSim.
-------------------------------------------------------------------
Thu Aug 18 06:33:28 UTC 2022 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 1.24.0
* Technical overhaul of the "Smartphone as card reader" function.
The use of an ID card app2 older than 1.22.1 is no longer possible
in combination with 1.24.0.
* Various optimizations with regards to accessibility.
* Support for "IPv6 only" home networks.
* AusweisApp2 is now provided as a 64-bit application on Windows.
* Official support for Windows 11.
* Support for Windows 7 and Windows 8.1 has been discontinued.
* Support for macOS 10.13 and 10.14 has been discontinued.
* Support for Android 5 and 6 and has been discontinued.
* Added an integrated ID card simulator for testing.
* An automatic mode for authentication for tests is now possible.
* AusweisApp2 is now available as a container SDK or Docker image. This
can be controlled using WebSocket or the new automatic authentication.
* Command line parameters can now be passed in the iOS SDK.
* Support for SHA224 and SECP224 has been discontinued.
* The partially-embedded SDK on Android has been discontinued.
* The SDK now uses API level v2.
* Updated OpenSSL to version 3.0.5.
* Updated Qt to version 6.3.1.
-------------------------------------------------------------------
Sat May 28 07:37:37 UTC 2022 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 1.22.7
* Fixed a crash with the new system notifications on macOS 10.14+.
-------------------------------------------------------------------
Sat May 21 15:10:09 UTC 2022 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 1.22.6
* Problems with card communication when using the "Smartphone as
card reader" function in Comfort mode have been fixed.
* Starting with macOS 10.14, system notifications are now being used.
* On macOS, the tray icon is now disabled by default.
This can be re-enabled in the preferences.
* On iOS, a new NFC scan was not possible under certain
circumstances. This has been fixed.
* When canceling an authentication, the app sometimes crashed
on iOS. This has been fixed.
* Minor bug fixes and optimizations.
* Updated OpenSSL to version 1.1.1o.
-------------------------------------------------------------------
Fri Apr 15 19:45:41 UTC 2022 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 1.22.5
* Update of the release notes has been corrected.
* On Windows 10, the window size is no longer
changed after a language change.
* Minor bug fixes and optimizations.
* Under certain circumstances it was possible that
the SDK did not send an INSERT_CARD message.
* Update of OpenSSL to version 1.1.1n.
-------------------------------------------------------------------
Fri Feb 18 06:36:02 UTC 2022 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 1.22.4
* Fixed a random startup crash on Windows.
* The reminder to change the transport PIN is no longer
displayed for the PIN reset service or on-site readout.
* Fixed the "Report a bug" feature on Android 12.
* Fixed an issue where the iOS NFC dialog was displayed
longer than necessary.
* Under certain conditions it was possible that a workflow
could not be started because a previous workflow had not
been completed.
* Minor bug fixes and optimizations.
* If AusweisApp2 was started just as an SDK on Windows, the
path of the AutoStart entry in the registry was rewritten
nevertheless. This has been fixed.
* The libraries can now be built with MSVC 2022.
-------------------------------------------------------------------
Thu Jan 20 08:12:17 UTC 2022 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 1.22.3
* Added references to the PIN reset letter in suitable places.
* The expiration date is now shown in the self-identification dialog.
* Fixed Youtube links.
* Removed unneccessary Qt clipboard access on Android.
* Fixed some dialogs being shown in the language of the operating system
instead of the language set in the app's preferences on macOS.
* Fixed crashes and incorrect behavior on Android 11.
* More information is displayed on a queried password when using
one of the Reiner SCT "komfort" series of card readers.
* Add support for macOS 12.
* Small fixes and improved accessibility.
* Added the "developerMode" parameter to the RUN_AUTH variable.
* Fixed a crash when using the --no-logfile and --keep options.
* The ShowUI parameter is now displayed on mobile devices.
* Update of OpenSSL to version 1.1.1m.
-------------------------------------------------------------------
Wed Mar 31 18:57:29 UTC 2021 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 1.22.2
* CyberJack RFID basis reader is working again on Windows.
* Automatic start of the setup wizard when running AusweisApp2
for the first time on desktop systems is working again now.
* Fixed a bug in the self-idenfication dialog.
* Fixed some crashes.
* The Android SDK is now also made available on Maven Central
as JCenter has been discontinued.
* Support for authorization certificates with PIN management.
* Update of OpenSSL to version 1.1.1k.
-------------------------------------------------------------------
Tue Mar 16 12:18:46 UTC 2021 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 1.22.1
* The release notes are now displayed within the app.
* Improvements have been made to the display and reporting
of error messages within the mobile app.
* Fixed possible freezing of the app when checking the ID.
* The pairing of a smartphone can now be started directly.
* The mobile app now starts with the SaK view if this was
the last setting used.
* The smartphone function as a card reader can now always be
activated on iOS.
* Animations on iOS have been improved.
* Minor bug fixes.
* In the SDK for iOS, the handleInterrupt parameter was added to
RUN_AUTH and RUN_CHANGE_PIN. Like the associated INTERRUPT command.
* In the SDK for iOS, parameters have been added for RUN_AUTH and
RUN_CHANGE_PIN, which allow messages to be displayed in the system
scan dialog.
* The following error is now returned in the SDK for an expired ID
card: DocumentValidityVerificationFailed
* Added support for the new protocol version for smartphones as card
readers in accordance with the supplement to BSI TR-03112 Part 6.
* A crash on Windows when pairing PersoSim has been fixed.
* Added support for PersoSim for Android with host card emulation.
* A possible infinite loop in the SDK for Android has been fixed.
* Update of OpenSSL to version 1.1.1j.
- Drop patches for issues fixed upstream
+ 0001-fix-manpage-path.patch
-------------------------------------------------------------------
Wed Dec 2 18:09:47 UTC 2020 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 1.22.0
* PIN management has been revised.
* App navigation on iOS and Android harmonized. The sidebar on Android has
been removed and replaced with a bar at the bottom of the screen.
* The "Help" area has been revised and restructured on all platforms.
The software licenses can now be viewed within the application.
* A new start page has been added on Android and iOS.
* A function test can now be carried out on Android and iOS via the
entry "Check device and ID card" on the start page.
* Auxiliary animations have been added to Android and iOS to
clarify possible positions for placing the ID card.
* The one-off notice that the transport PIN must be changed
has been added to Android and iOS.
* Option entry and query for the permission "local network access" has been
added on iOS 14. This is necessary for using a smartphone as a card reader.
* AusweisAppp2 can now be installed on macOS via the App Store. Updates that
appear in the future can be obtained automatically through the store.
* The update mechanism on Windows has been revised. The download of the update
and the start of the installation are now carried out automatically when an
update is started.
* Support for the German eID card for Union citizens has been added.
* Support for macOS Sierra 10.12 has been discontinued.
* Support for Bluetooth card readers has been discontinued.
* Minor bug fixes.
* The SDK now supports changing the PIN.
* The SDK now supports displaying the permissions "PinManagement" and "CanAllowed".
* Update of OpenSSL to version 1.1.1h.
* Update of Qt to version 5.15.2.
- Add libQt5QuickTemplates2-devel to BuildRequires
- Add manpage to %files section
- Add patch to fix manpage installation path
+ 0001-fix-manpage-path.patch
-------------------------------------------------------------------
Thu Sep 3 11:31:04 UTC 2020 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 1.20.2
* It is now possible to paste a PIN/CAN/PUK using the common methods of
the operating system in use, enabling the use of password managers.
* Fixed an issue on Android 9 and older which prevented switching the
screen to the WiFi settings on some devices.
* Some help texts have been improved.
* A tooltip has been added to the Windows installer for the firewall settings.
* Search performance in the provider screen has been improved.
* Fixed an issue on Android where an error message was shown incorrectly when
the ID card was presented to the card reader before starting authentication.
* Display fonts have been improved on OnePlus devices.
* On macOS, the app will now use the integrated graphics adapter if possible.
* Small bug fixes.
* Support for Android NDK 21.3 and SDK cmdline-tools 2.1 has been added.
* Fixed a compatibility issue with Qt 5.10.
* Fixed an issue where an incorrect text was shown in comfort mode when using
a smartphone with the CAN-allowed function.
* Fixed an issue on Android where the feedback screen was incorrectly shown
after using the external SDK.
* Documentation for the integrated SDK on Android has been extended to include
logging facilities and App Bundles.
* Use of more inclusive terminology, the terms "blacklist" and "suppressions"
have been removed or renamed.
-------------------------------------------------------------------
Wed Jun 24 21:17:59 UTC 2020 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 1.20.1
* Password-protected proxy servers can now also be used from
the new user interface.
* A new option for mobile devices now allows switching between
portrait and landscape viewing mode.
* On Android, canceling the authentication process should now
be faster and the previously occurring crash was fixed.
* On Windows, a progress bar is now also shown during the
authentication process when using the new user interface.
* Small bug fixes.
* Enterprise installations using the MSI package have gained the possibility
to enable on-site-readout and providing a proxy configuration.
* The mobile app now allows enabling and disabling debug mode when retrieving
one's own personal ID data by tapping the magnifier icon ten times.
* Also in the mobile app, tapping the version number in the about dialog
ten times will now activate the advanced settings dialog which allows
one to enable the on-site-readout.
- Drop patches for issues fixed upstream
+ 0001-disable-vendor-name.patch
+ 0002-fix-desktop-icon-path.patch
-------------------------------------------------------------------
Sat Jan 18 06:19:08 UTC 2020 - Ismail Dönmez <idonmez@suse.com>
- Add Requires on libqt5-qtgraphicaleffects and libqt5-qtquickcontrols2
This is required for the new default QML interface to work.
-------------------------------------------------------------------
Wed Jan 15 22:57:12 UTC 2020 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 1.20.0
* Introduce new graphical user interface for Windows and macOS
* The DMG image for macOS is now signed
* Support for screen readers on Android and iOS
* Adjust color contrast for better readability
* Optimize menu layout and introduce settings
panel on iOS and Android
* Optimize the functionality to use the smartphone as card reader
* Support for macOS 10.11 was dropped
* Support for x86 architecture on Android was dropped
* Small bug fixes
* Update OpenSSL to version 1.1.1d
* Update Qt to version 5.12.5
- Add libqt5-qtdeclarative-devel and libQt5QuickControls2-devel
to BuildRequires, required for QML-based user interface
- Add patch to disable vendor name
+ 0001-disable-vendor-name.patch
- Add patch to fix path to desktop icon
+ 0002-fix-desktop-icon-path.patch
- Drop custom icon
+ AusweisApp2.png
- Drop patches for issues fixed upstream
+ 0001-fix-resource-file-path.patch
+ 0002-fix-translation-files-path.patch
+ 0003-disable-auto-updater.patch
+ 0004-set-config-path.patch
+ 0005-disable-qtquick.patch
- Improve grammar and semantics in Summary and %description
- Install npa_icon.png as desktop icon
-------------------------------------------------------------------
Thu Dec 19 16:10:16 UTC 2019 - Dominique Leuenberger <dimstar@opensuse.org>
- BuildRequire pkgconfig(libudev) instead of libudev-devel:
Allow OBS to shortcut through the -mini flavors.
-------------------------------------------------------------------
Mon Oct 28 14:41:20 UTC 2019 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Fix capitalization of URL field descriptor
- Remove unnecessary %defattr(-,root,root) from %files section
- Remove unnecessary %post and %postun targets
+ Drop %desktop_database_post and %icon_theme_cache_post invocations
+ Drop %desktop_database_postun and %icon_theme_cache_postun invocations
- Sort dependencies in BuildRequires
- Switch cmake builder to Ninja
+ Add ninja to BuildRequires
+ Define __builder as ninja in %build target
-------------------------------------------------------------------
Sun Oct 20 10:27:41 UTC 2019 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Use correct SPDX identifier in License field for EUPL-1.2
-------------------------------------------------------------------
Sun Oct 20 09:19:16 UTC 2019 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Fix incorrect package name in spec file header
- Update copyright year to 2019
- Use https connection in Bugzilla link
-------------------------------------------------------------------
Sun Oct 20 08:57:29 UTC 2019 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Remove extra LICENSE.txt from packaging source
-------------------------------------------------------------------
Sat Oct 19 21:07:19 UTC 2019 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 1.18.2
* Small bug fixes
* Updates to Info.plist file
+ Version 1.18.1
* Updates to Info.plist file
+ Version 1.18.0
* Enable NFC functionality for iOS 13
* Small bug fixes
* Updated OpenSSL version to 1.1.1c
* Updated Qt version to 5.12.4
* A compiler with C++17 support is now required
- Fix patch to set path to translation files
+ 0002-fix-translation-files-path.patch
- Refresh patches for new version
+ 0003-disable-auto-updater.patch
- Add patch to adjust path for config.json
+ 0004-set-config-path.patch
- Add patch to disable QtQuick as it's currently broken
+ 0005-disable-qtquick.patch
- Disable building shared libraries
+ Pass -DBUILD_SHARED_LIBS=off to cmake
+ Remove any references for *.so files from %install and %files sections
+ Remove generation of ld.conf.so configuration file
+ Remove invocations to /sbin/ldconfig from %postin and %postun sections
- Install config.json into data directory
- Remove libQt5QuickControls2-devel from BuildRequires
-------------------------------------------------------------------
Wed Jun 5 13:54:31 UTC 2019 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 1.16.2
* The cancel dialog is no longer shown when switching into PIN
changing mode while in identification mode
* On Android, old log files are now purged automatically
* Smartphones that have been paired as card readers (SaK) are now shown as
available if the connection has been established automatically by the app
* Explanatory texts in the mobile app have been improved
* The mobile app no longer performs a browser redirect when turning the transport
PIN into a 6-digit custom PIN when in identfication mode
* The error dialog has gained the possibility to send an email to the AusweisApp2
support team; it will ask the user now to include the application log and the
email automatically includes information about the system configuration as well
as the most recent critical error messages
* The integrated databases for supported cardreaders as well as online
services supporting the electronic personal ID card have been updated
* The version number of AusweisApp2 is no longer part of the installation
path on Windows to avoid issues with anti-virus software
* A bug that caused AusweisApp2 to crash in identification mode while
running in the background has been fixed
* Automatic detection of smartphones as card readers has been improved
* Automatic detection of card readers in diagnosis mode has been improved
* Other small bugs have been fixed
* The default logger can now be disabled with "no-loghandler"
* Instructions for "Installing in company networks" have been extended
-------------------------------------------------------------------
Wed Jan 9 21:04:52 UTC 2019 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- New upstream release
+ Version 1.16.1
* Deactivated automatic clean-up of old log files as
that could cause a crash in version 1.16.0
+ Version 1.16.0
* Small bug fixes
* Added a tutorial to aid usage on Android devices
* Dropped support for Android 4.3 and 4.4
* Dropped support for OS X 10.10
* Added support for macOS 10.14
* It's now possible to transmit data from an Android smartphone
anomynously after successful authentication
* Extended the diagnostics functionality
* Added popup question to rate app on Android
* Added possibility to view logs on Android
* On Android, the app now clearly differentiates
between 5- and 6-digit PIN codes
* Removing the ID card while entering PIN/CAN/PUK will no longer
terminate the authentication or PIN changing process
* Added support for corporate-wide deployments of the MSI
package on Windows (separate documenation)
* Added support for a WebSocket SDK on Windows and macOS
(separate documentation)
* Concurrent access from different applications to card readers
which are connected through PC/SC is now possible
* Updated OpenSSL version to 1.1.1
* Updated Qt version to 5.11.2
* Dropped support for TLS v1.1
* Dropped support for the following TLS ciphers:
- DHE-DSS-AES256-GCM-SHA384
- DHE-DSS-AES256-SHA256
- DHE-DSS-AES128-GCM-SHA256
- DHE-DSS-AES128-SHA256
- DHE-DSS-AES256-SHA
- DHE-DSS-AES128-SHA
- ECDHE-ECDSA-AES256-SHA
- ECDHE-RSA-AES256-SHA
- DHE-RSA-AES256-SHA
- ECDHE-ECDSA-AES128-SHA
- ECDHE-RSA-AES128-SHA
- DHE-RSA-AES128-SHA
- Drop patches merged upstream
+ 0001-fix-desktop-menu-category.patch
+ 0002-add-desktop-menu-generic-name.patch
- Refresh and renumber patches for new version
+ 0001-fix-resource-file-path.patch
+ 0002-fix-translation-files-path.patch
+ 0003-disable-auto-updater.patch
-------------------------------------------------------------------
Thu Dec 27 16:23:41 UTC 2018 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Add patch to disable auto updater
+ 0005-disable-auto-updater.patch
- Rewrite Summary and %description in English
-------------------------------------------------------------------
Sat Oct 27 13:46:27 UTC 2018 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>
- Initial build
+ Version 1.14.3

100
AusweisApp.spec Normal file
View File

@ -0,0 +1,100 @@
#
# spec file for package AusweisApp
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: AusweisApp
Version: 2.2.2
Release: 0
Summary: Official authentication app for German ID cards and residence permits
License: EUPL-1.2
Group: Productivity/Security
URL: https://www.ausweisapp.bund.de
Source0: https://github.com/Governikus/AusweisApp2/archive/%{version}.tar.gz
# PATCH-FIX-OPENSUSE - Enforce use of old OpenSSL API (bsc#1231686)
Patch0: 0001-use-legacy-openssl-api.patch
BuildRequires: cmake
%if 0%{?suse_version} > 1500
BuildRequires: gcc-c++
%else
BuildRequires: gcc11-c++
%endif
BuildRequires: fdupes
BuildRequires: hicolor-icon-theme
BuildRequires: libopenssl-devel
BuildRequires: ninja
BuildRequires: pcsc-lite-devel
BuildRequires: pkgconfig
BuildRequires: qt6-concurrent-devel
BuildRequires: qt6-core-devel
BuildRequires: qt6-core-private-devel
BuildRequires: qt6-linguist-devel
BuildRequires: qt6-network-devel
BuildRequires: qt6-qml-devel
BuildRequires: qt6-qmlworkerscript-devel
BuildRequires: qt6-quick-devel
BuildRequires: qt6-quickcontrols2-devel
BuildRequires: qt6-shadertools-devel
BuildRequires: qt6-statemachine-devel
BuildRequires: qt6-svg-devel
BuildRequires: qt6-websockets-devel
BuildRequires: update-desktop-files
BuildRequires: pkgconfig(libudev)
Requires: libQt6Svg6
Provides: AusweisApp2 = 2.0.0
Obsoletes: AusweisApp2 < 2.0.0
Requires: hicolor-icon-theme
%description
This app is developed and issued by the German government to be
used for online authentication with electronic German ID cards
and residence permits. To use this app, a supported RFID card
reader or compatible NFC smart phone is required.
%prep
%setup -q -n %{name}-%{version}
%patch -P0 -p1
%build
%if 0%{?suse_version} <= 1500
export CC=gcc-11
export CXX=g++-11
%endif
export CFLAGS="%{optflags} -fPIC"
export CXXFLAGS="%{optflags} -fPIC"
%define __builder ninja
%cmake -DBUILD_SHARED_LIBS=OFF
ninja
%install
%cmake_install
%suse_update_desktop_file com.governikus.ausweisapp2 X-SuSE-DesktopUtility
install -DTm644 %{_builddir}/%{name}-%{version}/resources/images/npa.png %{buildroot}/%{_datadir}/icons/hicolor/96x96/apps/AusweisApp.png
%fdupes -s %{buildroot}/%{_prefix}
%files
%doc README.rst
%license LICENSE.txt LICENSE.officially.txt
%{_bindir}/%{name}
%{_datadir}/%{name}
%{_datadir}/metainfo
%{_datadir}/applications/com.governikus.ausweisapp2.desktop
%{_datadir}/icons/hicolor
%{_mandir}/man1/%{name}.1%{?ext_man}
%changelog