Add revision: v1.16.0

1.16 1.16.0
Governikus 2019-01-03 15:06:22 +01:00
parent 44f272b159
commit 34e33f4aa6
2342 changed files with 78821 additions and 54761 deletions

18
.clang-tidy 100644
View File

@ -0,0 +1,18 @@
---
Checks: '
,*,
,-cppcoreguidelines-pro-bounds-array-to-pointer-decay,
,-cppcoreguidelines-special-member-functions,
,-cppcoreguidelines-pro-type-union-access,
,-hicpp-special-member-functions,
,-hicpp-use-override,
,-google-build-using-namespace,
,-modernize-use-default-member-init,
,-modernize-use-override,
,-readability-redundant-member-init,
,-readability-implicit-bool-cast,
'
WarningsAsErrors: ''
HeaderFilterRegex: ''
AnalyzeTemporaryDtors: false

View File

@ -0,0 +1,12 @@
########################################
# Generate build dependency
#
# cmake --build . --target architecture
########################################
SET(GRAPHVIZ_IGNORE_TARGETS AusweisAppGlobal;AusweisAppExternal;AusweisAppUiCli;cvc;fuzz;OpenSsl;tlscheck;Test;Script)
SET(GRAPHVIZ_EXTERNAL_LIBS OFF)
SET(GRAPHVIZ_EXECUTABLES ON)
SET(GRAPHVIZ_GENERATE_PER_TARGET OFF)
SET(GRAPHVIZ_GENERATE_DEPENDERS OFF)
SET(GRAPHVIZ_GRAPH_NAME AusweisApp2)

View File

@ -24,6 +24,10 @@ IF(POLICY CMP0071)
CMAKE_POLICY(SET CMP0071 NEW)
ENDIF()
IF(POLICY CMP0074)
CMAKE_POLICY(SET CMP0074 NEW)
ENDIF()
# "tools.only" can be defined to disable the normal build and enable
# cmdline "tools" only. For example: "make format" or "make package_source"
IF(tools.only)
@ -33,7 +37,7 @@ ELSE()
ENDIF()
PROJECT(AusweisApp2 VERSION 1.14.3 LANGUAGES ${LANGUAGES})
PROJECT(AusweisApp2 VERSION 1.16.0 LANGUAGES ${LANGUAGES})
# Set TWEAK if not defined in PROJECT_VERSION above to
# have a valid tweak version without propagating it
@ -42,7 +46,7 @@ IF(NOT PROJECT_VERSION_TWEAK)
ENDIF()
IF(CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT OR ANDROID OR IOS)
IF(CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT)
SET(CMAKE_INSTALL_PREFIX "${CMAKE_BINARY_DIR}/dist" CACHE PATH "default install path" FORCE)
ENDIF()
SET(CMAKE_MODULE_PATH "${PROJECT_SOURCE_DIR}/cmake")
@ -86,7 +90,7 @@ IF(IOS)
MESSAGE(STATUS "USE_DISTRIBUTION_PROFILE: ${USE_DISTRIBUTION_PROFILE}")
ENDIF()
IF("${PROJECT_BINARY_DIR}" STREQUAL "${PROJECT_SOURCE_DIR}")
IF("${PROJECT_BINARY_DIR}" STREQUAL "${PROJECT_SOURCE_DIR}" AND NOT FORCE_SOURCE_BUILD)
MESSAGE(FATAL_ERROR "in tree building is not supported!")
ENDIF()
@ -96,20 +100,18 @@ ELSE()
SET(CMAKE_BUILD_TYPE "DEBUG" CACHE STRING "build type configuration" FORCE)
ENDIF()
IF(NOT ${CMAKE_BUILD_TYPE} STREQUAL "DEBUG" AND NOT ${CMAKE_BUILD_TYPE} STREQUAL "RELEASE")
MESSAGE(FATAL_ERROR "CMAKE_BUILD_TYPE is invalid! Available options: RELEASE, DEBUG")
IF(DESKTOP)
SET(CMAKE_AUTOUIC ON)
ENDIF()
SET(CMAKE_AUTOMOC ON)
SET(CMAKE_AUTOUIC ON)
SET(CMAKE_INCLUDE_CURRENT_DIR ON)
SET(SRC_DIR ${PROJECT_SOURCE_DIR}/src)
SET(TEST_DIR ${PROJECT_SOURCE_DIR}/test)
SET(RESOURCES_DIR ${PROJECT_SOURCE_DIR}/resources)
SET(PACKAGING_DIR ${RESOURCES_DIR}/packaging)
SET(EXECUTABLE_BASE_NAME AusweisApp2)
SET(EXECUTABLE_NAME ${EXECUTABLE_BASE_NAME}${CMAKE_EXECUTABLE_SUFFIX})
SET(COPYRIGHT_TEXT "&#9400\; 2014-2018 ${VENDOR}")
STRING(REPLACE " \& " " \& " COPYRIGHT_TEXT ${COPYRIGHT_TEXT})
INCLUDE(Tools)
INCLUDE(DVCS)
@ -131,13 +133,16 @@ ADD_SUBDIRECTORY(src)
IF("${CMAKE_BUILD_TYPE}" STREQUAL "DEBUG")
INCLUDE(CTest)
CONFIGURE_FILE("${CMAKE_MODULE_PATH}/CTestCustom.cmake.in" "${CMAKE_BINARY_DIR}/CTestCustom.cmake" COPYONLY)
CONFIGURE_FILE("${CMAKE_MODULE_PATH}/CTestCustom.cmake.in" "${CMAKE_BINARY_DIR}/CTestCustom.cmake" @ONLY)
CONFIGURE_FILE("${RESOURCES_DIR}/sonar-project.properties.in" "${CMAKE_BINARY_DIR}/sonar-project.properties" @ONLY)
ENDIF()
IF(BUILD_TESTING)
ADD_SUBDIRECTORY(test)
ENDIF()
ADD_SUBDIRECTORY(utils)
IF(EXISTS "${CMAKE_CURRENT_SOURCE_DIR}/utils")
ADD_SUBDIRECTORY(utils)
ENDIF()
INCLUDE(Packaging)

View File

@ -466,14 +466,19 @@ Die verwendeten OpenSource-Bibliotheken unterliegen den folgenden Nutzungsbeding
Qt
Lizenz: LGPL v3
Version: 5.9.3
Version: 5.11.2
Adresse: https://www.qt.io/
http_parser
Lizenz: MIT
Version: 2.7.1
Version: 2.8.1
Adresse: https://github.com/nodejs/http-parser/
Android Support Library V4
Lizenz: Apache 2.0
Version: 21.0.3
Adresse: https://developer.android.com/topic/libraries/support-library/
Die Lizenztexte lauten in ihrer originalen Fassung wie folgt:
@ -680,3 +685,210 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
IN THE SOFTWARE.
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

View File

@ -416,14 +416,19 @@ Die verwendeten OpenSource-Bibliotheken unterliegen den folgenden Nutzungsbeding
Qt
Lizenz: LGPL v3
Version: 5.9.3
Version: 5.11.2
Adresse: https://www.qt.io/
http_parser
Lizenz: MIT
Version: 2.7.1
Version: 2.8.1
Adresse: https://github.com/nodejs/http-parser/
Android Support Library V4
Lizenz: Apache 2.0
Version: 21.0.3
Adresse: https://developer.android.com/topic/libraries/support-library/
Die Lizenztexte lauten in ihrer originalen Fassung wie folgt:
@ -630,3 +635,210 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
IN THE SOFTWARE.
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

View File

@ -4,7 +4,7 @@ AusweisApp2
Kontakt
-------
| Governikus GmbH & Co. KG
| Am Fallturm 9
| Hochschulring 4
| 28359 Bremen
| ausweisapp2@governikus.de
@ -27,15 +27,6 @@ Die separate README und das Skript unter "libs" dienen dem Aufzusetzen
der notwendigen Build-Umgebung und dem automatisierten Bauen der
notwendigen Bibliotheken mit den entsprechenden Patches.
Derzeit ist es leider noch nicht möglich, die AusweisApp2 ohne Patches
an OpenSSL und Qt voll funktionsfähig auszuliefern.
Dies liegt unter anderem an dem notwendigen RSA-PSK-Patch für
OpenSSL 1.0.2, welcher mit OpenSSL 1.1.0 nicht mehr notwendig ist.
Diese OpenSSL-Version wird allerdings erst mit Qt 5.10 unterstützt.
(siehe https://bugreports.qt.io/browse/QTBUG-52905)
OpenSSL 1.1.0 wird mit der AusweisApp2 1.14.0 unterstützt.
LibreSSL wird auf Grund des fehlenden RSA-PSK nicht unterstützt.
Build

View File

@ -23,8 +23,8 @@ Tag bauen
---------
Die Release-Jobs müssen nach dem Tag manuell gestartet werden!
Jenkins erstellt das Release anhand des Bookmarks "release" oder des tags/changesets,
welcher als Parameter übergeben wird.
Jenkins erstellt das Release anhand des Parameters 'changeset'. Dort sollte der angebrachte
Tag oder die jeweilige Revision übergeben werden.
Nachdem die notwendigen Jobs (Windows/macOS/Docs/...) durchgelaufen sind, muss der Job
für den AppCast gestartet werden.

View File

@ -4,24 +4,28 @@ environment:
matrix:
- PlatformToolset: mingw-w64
APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2015
QTPath: C:\Qt\5.9\mingw53_32
QTPath: C:\Qt\5.11\mingw53_32
OPENSSLPath: C:\OpenSSL-v11-Win32
- PlatformToolset: v140
platform: x64
APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2015
QTPath: C:\Qt\5.9\msvc2015_64
QTPath: C:\Qt\5.11\msvc2015_64
OPENSSLPath: C:\OpenSSL-v11-Win64
ARCHI: amd64
- PlatformToolset: v140
platform: Win32
APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2015
QTPath: C:\Qt\5.9\msvc2015
APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2017
QTPath: C:\Qt\5.11\msvc2015
OPENSSLPath: C:\OpenSSL-v11-Win32
ARCHI: x86
- PlatformToolset: v141
platform: x64
APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2017
QTPath: C:\Qt\5.9\msvc2017_64
QTPath: C:\Qt\5.11\msvc2017_64
OPENSSLPath: C:\OpenSSL-v11-Win64
ARCHI: amd64
configuration:
@ -29,7 +33,7 @@ configuration:
#- Debug
install:
- if "%PlatformToolset%"=="mingw-w64" set PATH=C:\mingw-w64\i686-5.3.0-posix-dwarf-rt_v4-rev0\mingw32\bin;%PATH:C:\Program Files\Git\usr\bin;=%
- if "%PlatformToolset%"=="mingw-w64" set PATH=C:\mingw-w64\i686-6.3.0-posix-dwarf-rt_v5-rev1\mingw32\bin;%PATH:C:\Program Files\Git\usr\bin;=%
- if "%PlatformToolset%"=="v140" call "C:\Program Files (x86)\Microsoft Visual Studio 14.0\VC\vcvarsall.bat" %archi%
- if "%PlatformToolset%"=="v141" call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvarsall.bat" %archi%
@ -53,15 +57,15 @@ before_build:
build_script:
- cd "%APPVEYOR_BUILD_FOLDER%"
- set PATH=%QTPATH%;%QTPATH%/bin;%PATH%
- set OPENSSL_ROOT=%OPENSSLPath%
- set PATH=%QTPATH%;%QTPATH%/bin;%OPENSSLPath%;%PATH%
- echo %PATH%
- echo %OPENSSL_ROOT%
- mkdir _build
- cd _build
- ps: |
# Use -DFORCE_LEGACY_OPENSSL=ON to build with the available openssl 1.0.2 of the appveyor build image
# otherwise openssl 1.1.x is required with an additional download and build step
cmake -G "$generator" -DCMAKE_BUILD_TYPE="$env:CONFIGURATION" -DFORCE_LEGACY_OPENSSL=ON ..
cmake -G "$generator" -DCMAKE_BUILD_TYPE="$env:CONFIGURATION" ..
if ($LastExitCode -ne 0) {
throw "Exec: $ErrorMessage"
}
@ -74,7 +78,7 @@ test_script:
- cd "%APPVEYOR_BUILD_FOLDER%"/_build
- set PATH=%QTPATH%;%QTPATH%/bin;%PATH%
- echo %PATH%
- ctest -VV -C "%CONFIGURATION%"
- ctest --output-on-failure -C "%CONFIGURATION%"
on_finish:
- cd "%APPVEYOR_BUILD_FOLDER%"

View File

@ -1,4 +1,15 @@
LIST(APPEND CTEST_CUSTOM_COVERAGE_EXCLUDE "/test/")
LIST(APPEND CTEST_CUSTOM_COVERAGE_EXCLUDE "/external/")
LIST(APPEND CTEST_CUSTOM_COVERAGE_EXCLUDE "/utils/")
LIST(APPEND CTEST_CUSTOM_COVERAGE_EXCLUDE \\.moc moc_ qrc_ ui_ _ui)
LIST(APPEND CTEST_EXTRA_COVERAGE_GLOB *.cpp *.h)
SET(CTEST_SOURCE_DIRECTORY "@PROJECT_SOURCE_DIR@")
SET(CTEST_BINARY_DIRECTORY "@PROJECT_BINARY_DIR@")
SET(CTEST_CMAKE_GENERATOR "@CMAKE_GENERATOR@")
SET(CTEST_COMMAND @CMAKE_CTEST_COMMAND@)
IF(CMAKE_SCRIPT_MODE_FILE)
INCLUDE(CTestCoverageCollectGCOV)
ctest_coverage_collect_gcov(TARBALL ${CTEST_BINARY_DIRECTORY}/gcov.tar GCOV_COMMAND @COVERAGE_COMMAND@)
ENDIF()

View File

@ -2,11 +2,17 @@ ADD_DEFINITIONS(-DUNICODE)
ADD_DEFINITIONS(-DQT_MESSAGELOGCONTEXT)
ADD_DEFINITIONS(-DQT_NO_CAST_FROM_BYTEARRAY)
ADD_DEFINITIONS(-DQT_NO_CAST_TO_ASCII)
ADD_DEFINITIONS(-DQT_RESTRICTED_CAST_FROM_ASCII)
ADD_DEFINITIONS(-DQT_NO_FOREACH)
ADD_DEFINITIONS(-DQT_NO_KEYWORDS)
ADD_DEFINITIONS(-DQT_NO_EXCEPTIONS)
IF(CMAKE_VERSION VERSION_LESS "3.12")
ADD_DEFINITIONS(-DQT_RESTRICTED_CAST_FROM_ASCII)
ELSE()
ADD_COMPILE_DEFINITIONS($<$<CONFIG:Debug>:QT_RESTRICTED_CAST_FROM_ASCII>)
ADD_COMPILE_DEFINITIONS($<$<CONFIG:Release>:QT_NO_CAST_FROM_ASCII>)
ENDIF()
IF(QT_VENDOR STREQUAL "Governikus")
ADD_DEFINITIONS(-DGOVERNIKUS_QT)
ADD_DEFINITIONS(-DQT_DEPRECATED_WARNINGS)
@ -31,13 +37,22 @@ ELSE()
ADD_DEFINITIONS(-DQT_STRICT_ITERATORS)
STRING(REPLACE "-fexceptions" "" CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}")
STRING(REPLACE "-frtti" "" CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}")
SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wall -Wextra -Wcast-qual -Wshadow")
SET(CMAKE_CXX_FLAGS_MINSIZEREL "${CMAKE_CXX_FLAGS_MINSIZEREL} -g")
IF(ANDROID AND CMAKE_ANDROID_ARCH_ABI STREQUAL "arm64-v8a")
SET(USE_LD bfd)
ELSE()
SET(USE_LD gold)
ENDIF()
ADD_FLAG(-fuse-ld=${USE_LD} VAR CMAKE_EXE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS LINK -fuse-ld=${USE_LD})
ADD_FLAG(-flto VAR CMAKE_EXE_LINKER_FLAGS_RELEASE CMAKE_SHARED_LINKER_FLAGS_RELEASE LINK -flto)
ADD_FLAG(-fno-rtti VAR CMAKE_CXX_FLAGS_RELEASE CMAKE_CXX_FLAGS_RELWITHDEBINFO CMAKE_CXX_FLAGS_MINSIZEREL)
ADD_FLAG(-fno-exceptions)
ADD_FLAG(-fstack-protector-strong -fstack-protector)
ADD_FLAG(-fuse-ld=gold VAR CMAKE_EXE_LINKER_FLAGS CMAKE_SHARED_LINKER_FLAGS LINK -fuse-ld=gold)
ADD_FLAG(-Wold-style-cast)
ADD_FLAG(-Wmost)
ADD_FLAG(-Wpedantic)
@ -58,6 +73,7 @@ ELSE()
ADD_FLAG(-Winitializer-overrides)
ADD_FLAG(-Wunreachable-code-aggressive)
ADD_FLAG(-Wnewline-eof)
ADD_FLAG(-Wdate-time)
ADD_FLAG(-Wno-gnu-zero-variadic-macro-arguments) # Qt (qDebug) is not compatible
@ -66,6 +82,8 @@ ELSE()
SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -ffunction-sections -fdata-sections")
IF(CMAKE_COMPILER_IS_GNUCXX)
SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -finline-limit=64")
ELSEIF(CMAKE_VERSION VERSION_LESS "3.13" AND CMAKE_VERSION VERSION_GREATER_EQUAL "3.12")
LIST(APPEND CMAKE_CXX_COMPILER_PREDEFINES_COMMAND "--target=${ANDROID_TOOLCHAIN_MACHINE_NAME}")
ENDIF()
SET(CMAKE_CXX_VISIBILITY_PRESET hidden)
ENDIF()
@ -80,7 +98,7 @@ ELSE()
ENDIF()
IF(APPLE AND NOT CMAKE_SYSTEM_VERSION VERSION_LESS 14)
# Allow warning for LSSharedFileListItemResolve since we support OSX 10.9, too!
# Allow warning for SMCopyAllJobDictionaries, Apple will provide an alternative, until then we are stuck with this deprecated method
SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wno-error=deprecated-declarations")
ENDIF()
@ -96,12 +114,12 @@ ELSE()
ENDIF()
IF(CMAKE_CXX_COMPILER_ID STREQUAL Intel)
SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -wd1875,1682,2259,654,177")
SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -wd1875,1682,2259,654,177,1599")
ENDIF()
ENDIF()
IF(APPLE AND NOT IOS)
SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -ObjC++ -mmacosx-version-min=10.9")
SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -ObjC++ -mmacosx-version-min=10.11")
ENDIF()

View File

@ -121,7 +121,7 @@ FUNCTION(GET_FILE_EXTENSIONS _result)
cmake_parse_arguments(_PARAM "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
SET(FILE_EXTENSIONS *.cpp)
IF(IOS)
IF(APPLE)
LIST(APPEND FILE_EXTENSIONS *.m *.mm)
ENDIF()
@ -244,7 +244,7 @@ FUNCTION(GET_ANDROID_TOOLCHAIN_VARS _prefix _machine)
GET_FILENAME_COMPONENT(ANDROID_TOOLCHAIN_MACHINE_NAME "${CMAKE_CXX_ANDROID_TOOLCHAIN_PREFIX}" NAME)
STRING(REGEX REPLACE "-$" "" ANDROID_TOOLCHAIN_MACHINE_NAME "${ANDROID_TOOLCHAIN_MACHINE_NAME}")
STRING(REGEX MATCH "/toolchains/(.*)/prebuilt/" _unused "${CMAKE_CXX_ANDROID_TOOLCHAIN_PREFIX}")
STRING(REGEX REPLACE "-${CMAKE_ANDROID_NDK_TOOLCHAIN_VERSION}$" "" ANDROID_TOOLCHAIN_PREFIX "${CMAKE_MATCH_1}")
STRING(REGEX REPLACE "-${ANDROID_NDK_TOOLCHAIN_VERSION}$" "" ANDROID_TOOLCHAIN_PREFIX "${CMAKE_MATCH_1}")
SET(${_prefix} ${ANDROID_TOOLCHAIN_PREFIX} PARENT_SCOPE)
SET(${_machine} ${ANDROID_TOOLCHAIN_MACHINE_NAME} PARENT_SCOPE)
ENDFUNCTION()
@ -299,16 +299,14 @@ FUNCTION(FETCH_TARGET_LOCATION _destination _target)
SET(multiValueArgs)
cmake_parse_arguments(_PARAM "${options}" "${oneValueArgs}" "${multiValueArgs}" ${ARGN})
GET_TARGET_PROPERTY(tmp "${_target}" IMPORTED_LOCATION_${CMAKE_BUILD_TYPE})
IF(NOT tmp)
IF("${CMAKE_BUILD_TYPE}" STREQUAL "DEBUG")
GET_TARGET_PROPERTY(tmp "${_target}" IMPORTED_LOCATION_RELEASE)
ELSEIF("${CMAKE_BUILD_TYPE}" STREQUAL "RELEASE")
GET_TARGET_PROPERTY(tmp "${_target}" IMPORTED_LOCATION_DEBUG)
ENDIF()
IF(CMAKE_BUILD_TYPE STREQUAL "MINSIZEREL" OR CMAKE_BUILD_TYPE STREQUAL "RELWITHDEBINFO")
SET(BUILD_TYPE RELEASE)
ELSE()
SET(BUILD_TYPE ${CMAKE_BUILD_TYPE})
ENDIF()
GET_TARGET_PROPERTY(tmp "${_target}" IMPORTED_LOCATION_${BUILD_TYPE})
IF(NOT tmp)
GET_TARGET_PROPERTY(tmp "${_target}" IMPORTED_LOCATION)
ENDIF()

View File

@ -19,6 +19,25 @@ SET(SEARCH_ADDITIONAL_DIRS "
DIRLIST_OF_FILES(ADDITIONAL_DIRS ${CMAKE_BINARY_DIR}/src/*${CMAKE_SHARED_LIBRARY_SUFFIX})
")
SET(DEPENDENCY_CHECK "
FUNCTION(gp_resolved_file_type_override file type)
MESSAGE(STATUS \"Collect dependency: \${file}\")
IF(file MATCHES \"libstdc.+\.dll\"
OR file MATCHES \"libwinpthread-.+\.dll\"
OR file MATCHES \"libgcc_s_.+\.dll\"
OR file MATCHES \"libssp-.+\.dll\")
get_filename_component(path \"${CMAKE_CXX_COMPILER}\" DIRECTORY)
get_filename_component(pathDest \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}\" DIRECTORY)
IF(NOT file MATCHES \"\${path}\" AND NOT file MATCHES \"\${pathDest}\")
MESSAGE(FATAL_ERROR \"Wrong source path detected: \${file} | Should be: \${path} or \${pathDest}\")
ENDIF()
ENDIF()
ENDFUNCTION()
")
IF(WIN32)
IF(MSVC)
@ -29,6 +48,10 @@ IF(WIN32)
INCLUDE(InstallRequiredSystemLibraries)
ENDIF()
IF(TARGET Qt5::Qml)
FETCH_TARGET_LOCATION(libQuickControls2 "Qt5::QuickControls2")
INSTALL(FILES ${libQuickControls2} DESTINATION . COMPONENT Runtime)
ENDIF()
FETCH_TARGET_LOCATION(libSvg "Qt5::Svg")
FETCH_TARGET_LOCATION(pluginSvg "Qt5::QSvgPlugin")
FETCH_TARGET_LOCATION(pluginGif "Qt5::QGifPlugin")
@ -38,6 +61,7 @@ IF(WIN32)
ELSE()
FETCH_TARGET_LOCATION(platformWin "Qt5::QWindowsIntegrationPlugin")
ENDIF()
FETCH_TARGET_LOCATION(styleVista "Qt5::QWindowsVistaStylePlugin")
INSTALL(TARGETS AusweisApp DESTINATION . COMPONENT Application)
INSTALL(FILES ${libSvg} DESTINATION . COMPONENT Runtime)
@ -45,20 +69,24 @@ IF(WIN32)
INSTALL(FILES ${pluginGif} DESTINATION imageformats COMPONENT Runtime)
INSTALL(FILES ${pluginJpeg} DESTINATION imageformats COMPONENT Runtime)
INSTALL(FILES ${platformWin} DESTINATION platforms COMPONENT Runtime)
INSTALL(FILES ${styleVista} DESTINATION styles COMPONENT Runtime)
INSTALL(CODE
"
${DEPENDENCY_CHECK}
${SEARCH_ADDITIONAL_DIRS}
INCLUDE(BundleUtilities)
FIXUP_BUNDLE(\"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/${EXECUTABLE_NAME}\" \"\" \"${TOOLCHAIN_BIN_PATH};\${ADDITIONAL_DIRS}\")
FIXUP_BUNDLE(\"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/${PROJECT_NAME}${CMAKE_EXECUTABLE_SUFFIX}\" \"${libQuickControls2}\" \"${TOOLCHAIN_BIN_PATH};\${ADDITIONAL_DIRS}\")
" COMPONENT Runtime)
ELSEIF(APPLE AND NOT IOS)
SET(MACOS_BUNDLE_MACOS_DIR ../MacOS)
SET(MACOS_BUNDLE_PLUGINS_DIR ../PlugIns)
SET(MACOS_BUNDLE_FRAMEWORKS_DIR ../Frameworks)
SET(MACOS_BUNDLE_RESOURCES_DIR ../Resources)
SET(MACOS_BUNDLE_LOGIN_ITEMS_DIR ../Library/LoginItems)
# We need to include the following (i.e. all) image format plug-ins,
# since those seem to be loaded upon program start-up. Not including
@ -67,38 +95,71 @@ ELSEIF(APPLE AND NOT IOS)
# depend on to be loaded as well, thus resulting in two sets of Qt
# libraries being loaded (ours from the bundle and the ones from the
# installation) and the program misbehaving (crashing).
FETCH_TARGET_LOCATION(platformMac "Qt5::QCocoaIntegrationPlugin")
FOREACH (qtComponent QtCore Qt5Gui Qt5Network Qt5Svg Qt5Widgets)
FOREACH(plugin ${${qtComponent}_PLUGINS})
GET_TARGET_PROPERTY(pluginPath ${plugin} LOCATION)
GET_FILENAME_COMPONENT(pluginDir ${pluginPath} DIRECTORY)
GET_FILENAME_COMPONENT(pluginName ${pluginPath} NAME)
GET_FILENAME_COMPONENT(pluginDirName ${pluginDir} NAME)
IF(pluginDirName STREQUAL "platforms" AND NOT plugin STREQUAL "Qt5::QCocoaIntegrationPlugin")
CONTINUE()
ENDIF()
INSTALL(FILES ${pluginPath} DESTINATION ${MACOS_BUNDLE_PLUGINS_DIR}/${pluginDirName} COMPONENT Runtime)
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/PlugIns/${pluginDirName}/${pluginName}")
ENDFOREACH()
ENDFOREACH()
INSTALL(TARGETS AusweisApp DESTINATION . COMPONENT Application)
INSTALL(FILES ${platformMac} DESTINATION ${MACOS_BUNDLE_PLUGINS_DIR}/platforms COMPONENT Runtime)
IF(TARGET Qt5::Qml)
FOREACH(entry QtQuick QtQuick.2 QtQml QtGraphicalEffects Qt)
SET(_dir "${QT_HOST_PREFIX}/qml")
FILE(GLOB_RECURSE DYLIB "${_dir}/${entry}/*.dylib")
FOREACH(_lib ${DYLIB})
FILE(RELATIVE_PATH _lib_dest "${_dir}" "${_lib}")
IF(NOT _lib_dest MATCHES "XmlListModel|Particles.2|LocalStorage") # blacklist not needed stuff
GET_FILENAME_COMPONENT(_lib_dest_dir ${_lib_dest} DIRECTORY)
INSTALL(FILES ${_lib} DESTINATION ${MACOS_BUNDLE_RESOURCES_DIR}/qml/${_lib_dest_dir} COMPONENT Runtime)
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/Resources/qml/${_lib_dest}")
ENDIF()
ENDFOREACH()
ENDFOREACH()
ENDIF()
INSTALL(TARGETS AusweisApp DESTINATION ${MACOS_BUNDLE_MACOS_DIR} COMPONENT Application)
INSTALL(TARGETS AusweisApp2AutostartHelper DESTINATION ${MACOS_BUNDLE_LOGIN_ITEMS_DIR} COMPONENT Application)
INSTALL(CODE
"
${DEPENDENCY_CHECK}
${SEARCH_ADDITIONAL_DIRS}
file(GLOB_RECURSE QTPLUGINS \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/${MACOS_BUNDLE_PLUGINS_DIR}/*${CMAKE_SHARED_LIBRARY_SUFFIX}\")
file(GLOB_RECURSE QtQuickPLUGINS \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/${MACOS_BUNDLE_RESOURCES_DIR}/*${CMAKE_SHARED_LIBRARY_SUFFIX}\")
INCLUDE(BundleUtilities)
FIXUP_BUNDLE(\"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/${EXECUTABLE_NAME}\" \"\${QTPLUGINS}\" \"${TOOLCHAIN_LIB_PATH};\${ADDITIONAL_DIRS}\")
FIXUP_BUNDLE(\"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/${MACOS_BUNDLE_MACOS_DIR}/${PROJECT_NAME}\" \"\${QTPLUGINS};\${QtQuickPLUGINS}\" \"${TOOLCHAIN_LIB_PATH};\${ADDITIONAL_DIRS}\")
" COMPONENT Runtime)
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/Library/LoginItems/AusweisApp2AutostartHelper.app/Contents/MacOS/AusweisApp2AutostartHelper")
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/Library/LoginItems/AusweisApp2AutostartHelper.app")
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/Frameworks/QtCore.framework")
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/Frameworks/QtGui.framework")
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/Frameworks/QtXml.framework")
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/Frameworks/QtNetwork.framework")
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/Frameworks/QtSvg.framework")
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/Frameworks/QtWidgets.framework")
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/Frameworks/QtPrintSupport.framework") # remove if disabled in Qt
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/Frameworks/QtWebSockets.framework")
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/Frameworks/QtConcurrent.framework")
IF(TARGET Qt5::Qml)
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/Frameworks/QtQml.framework")
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/Frameworks/QtQuick.framework")
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/Frameworks/QtQuickControls2.framework")
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/Frameworks/QtQuickTemplates2.framework")
ENDIF()
IF(TARGET Qt5::Bluetooth)
LIST(APPEND ADDITIONAL_BUNDLE_FILES_TO_SIGN "/Contents/Frameworks/QtBluetooth.framework")
ENDIF()
FETCH_TARGET_LOCATION(opensslCryptoName "OpenSSL::Crypto" NAME)
FETCH_TARGET_LOCATION(opensslSslName "OpenSSL::SSL" NAME)
@ -131,13 +192,27 @@ ELSEIF(ANDROID)
SET(ANDROID_PACKAGE_NAME "com.governikus.ausweisapp2")
ENDIF()
FOREACH(entry ldpi mdpi hdpi xhdpi xxhdpi xxxhdpi)
INSTALL(FILES ${RESOURCES_IMG_ANDROID_DIR}/${entry}/${ANDROID_LAUNCHER_ICON} DESTINATION ${ANDROID_PACKAGE_SRC_DIR}/res/drawable-${entry} COMPONENT Runtime RENAME npa.png)
ENDFOREACH()
IF(ANDROID_BUILD_AAR)
SET(ANDROID_MANIFEST AndroidManifest.xml.aar.in)
FOREACH(entry network/WifiInfo ui/aidl/AidlBinder activation/intent/AusweisApp2Service)
SET(_java_file "${SRC_DIR}/${entry}.java")
IF(NOT EXISTS "${_java_file}")
MESSAGE(FATAL_ERROR "Cannot find file: ${_java_file}")
ENDIF()
LIST(APPEND JAVA_FILES "${_java_file}")
ENDFOREACH()
ELSE()
SET(ANDROID_MANIFEST AndroidManifest.xml.apk.in)
INSTALL(FILES ${PACKAGING_DIR}/android/styles.xml DESTINATION ${ANDROID_PACKAGE_SRC_DIR}/res/values COMPONENT Runtime)
FOREACH(entry ldpi mdpi hdpi xhdpi xxhdpi xxxhdpi)
INSTALL(FILES ${RESOURCES_IMG_ANDROID_DIR}/${entry}/${ANDROID_LAUNCHER_ICON} DESTINATION ${ANDROID_PACKAGE_SRC_DIR}/res/drawable-${entry} COMPONENT Runtime RENAME npa.png)
ENDFOREACH()
INSTALL(FILES ${PACKAGING_DIR}/android/styles.xml DESTINATION ${ANDROID_PACKAGE_SRC_DIR}/res/values COMPONENT Runtime)
FILE(GLOB_RECURSE JAVA_FILES "${SRC_DIR}/*.java")
ENDIF()
FILE(GLOB_RECURSE JAVA_FILES "${SRC_DIR}/*.java")
INSTALL(FILES ${JAVA_FILES} DESTINATION ${ANDROID_PACKAGE_SRC_DIR}/src COMPONENT Runtime)
INSTALL(FILES ${PACKAGING_DIR}/android/IAusweisApp2Sdk.aidl DESTINATION ${ANDROID_PACKAGE_SRC_DIR}/src/com/governikus/ausweisapp2/ COMPONENT Runtime)
INSTALL(FILES ${PACKAGING_DIR}/android/IAusweisApp2SdkCallback.aidl DESTINATION ${ANDROID_PACKAGE_SRC_DIR}/src/com/governikus/ausweisapp2/ COMPONENT Runtime)
@ -147,10 +222,26 @@ ELSEIF(ANDROID)
ELSE()
SET(ANDROID_VERSION_NAME ${PROJECT_VERSION})
ENDIF()
CONFIGURE_FILE(${PACKAGING_DIR}/android/AndroidManifest.xml.in ${ANDROID_PACKAGE_SRC_DIR}/AndroidManifest.xml @ONLY)
CONFIGURE_FILE(${PACKAGING_DIR}/android/${ANDROID_MANIFEST} ${ANDROID_PACKAGE_SRC_DIR}/AndroidManifest.xml @ONLY)
CONFIGURE_FILE(${PACKAGING_DIR}/android/fileprovider.xml ${ANDROID_PACKAGE_SRC_DIR}/res/xml/fileprovider.xml COPYONLY)
SET(ANDROID_APP_BINARY "${CMAKE_INSTALL_PREFIX}/${ANDROID_DEST}/libAusweisApp2.so")
SET(SYMBOL_FOLDER "${CMAKE_BINARY_DIR}/debug.symbols/${CMAKE_ANDROID_ARCH_ABI}")
SET(ANDROID_APP_SYMBOLS "${SYMBOL_FOLDER}/libAusweisApp2.so")
INSTALL(CODE
"
EXECUTE_PROCESS(COMMAND \"${CMAKE_COMMAND}\" -E make_directory \"${SYMBOL_FOLDER}\")
EXECUTE_PROCESS(COMMAND \"${CMAKE_OBJCOPY}\" \"--only-keep-debug\" \"${ANDROID_APP_BINARY}\" \"${ANDROID_APP_SYMBOLS}\")
" COMPONENT Runtime CONFIGURATIONS RelWithDebInfo)
IF(CMAKE_COMPILER_IS_GNUCXX)
SET(ANDROID_STL_PATH gnu-libstdc++/${CMAKE_ANDROID_NDK_TOOLCHAIN_VERSION})
ELSE()
SET(ANDROID_STL_PATH llvm-libc++)
ENDIF()
SET(ANDROID_DEPLOYMENT_SETTINGS ${PROJECT_BINARY_DIR}/libAusweisApp2.so-deployment-settings.json CACHE INTERNAL "apk deployment" FORCE)
SET(ANDROID_APP_BINARY "${CMAKE_INSTALL_PREFIX}/${ANDROID_DEST}/libAusweisApp2.so")
CONFIGURE_FILE(${PACKAGING_DIR}/android/libAusweisApp2.so-deployment-settings.json.in ${ANDROID_DEPLOYMENT_SETTINGS} @ONLY)
SET(TRANSLATION_DESTINATION ${ANDROID_PACKAGE_SRC_DIR}/assets/translations)
@ -165,9 +256,10 @@ ELSEIF(UNIX)
INSTALL(TARGETS AusweisApp DESTINATION ${DEFAULT_FILE_DESTINATION} COMPONENT Application)
INSTALL(CODE
"
${DEPENDENCY_CHECK}
${SEARCH_ADDITIONAL_DIRS}
INCLUDE(BundleUtilities)
FIXUP_BUNDLE(\"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/${DEFAULT_FILE_DESTINATION}/${EXECUTABLE_NAME}\" \"\" \"\${ADDITIONAL_DIRS}\")
FIXUP_BUNDLE(\"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/${DEFAULT_FILE_DESTINATION}/${PROJECT_NAME}\" \"\" \"\${ADDITIONAL_DIRS}\")
" COMPONENT Runtime)
CONFIGURE_FILE(${PACKAGING_DIR}/linux/AusweisApp2.desktop.in ${CMAKE_CURRENT_BINARY_DIR}/AusweisApp2.desktop @ONLY)
@ -191,7 +283,7 @@ IF(LINUX OR WIN32 OR MAC)
INSTALL(CODE
"
EXECUTE_PROCESS(COMMAND
${SELF_PACKER_FOR_EXECUTABLE} ${SELF_PACKER_FOR_EXECUTABLE_FLAGS} \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/${DEFAULT_FILE_DESTINATION}/${EXECUTABLE_NAME}\")
${SELF_PACKER_FOR_EXECUTABLE} ${SELF_PACKER_FOR_EXECUTABLE_FLAGS} \"\$ENV{DESTDIR}\${CMAKE_INSTALL_PREFIX}/${DEFAULT_FILE_DESTINATION}/${PROJECT_NAME}${CMAKE_EXECUTABLE_SUFFIX}\")
" COMPONENT Application)
ENDIF()
ENDIF()
@ -210,16 +302,26 @@ ENDIF()
IF(LINUX)
INSTALL(FILES ${QM_FILES} DESTINATION ${TRANSLATION_DESTINATION} COMPONENT Translations)
ELSE()
ELSEIF(NOT ANDROID_BUILD_AAR)
INSTALL(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/translations/ DESTINATION ${TRANSLATION_DESTINATION} COMPONENT Translations)
ENDIF()
# resources file
INSTALL(FILES ${RCC} DESTINATION ${DEFAULT_FILE_DESTINATION} COMPONENT Runtime)
IF(NOT ANDROID_BUILD_AAR)
# resources file
INSTALL(FILES ${RCC} DESTINATION ${DEFAULT_FILE_DESTINATION} COMPONENT Runtime)
ENDIF()
IF(NOT ANDROID AND NOT IOS)
# qtlogging.ini
INSTALL(FILES ${RESOURCES_DIR}/qtlogging.ini DESTINATION ${DEFAULT_FILE_DESTINATION} COMPONENT Runtime)
ENDIF()
# qt qml plugins
IF(DESKTOP AND TARGET Qt5::Qml)
FOREACH(entry QtQuick QtQuick.2 QtQml QtGraphicalEffects Qt)
INSTALL(DIRECTORY ${QT_HOST_PREFIX}/qml/${entry} DESTINATION ${DEFAULT_FILE_DESTINATION}/qml COMPONENT Runtime PATTERN "*.dylib" EXCLUDE)
ENDFOREACH()
ENDIF()
# secure storage file
INSTALL(FILES ${CMAKE_CURRENT_BINARY_DIR}/config.json DESTINATION ${DEFAULT_FILE_DESTINATION} COMPONENT Runtime)
# qtlogging.ini
INSTALL(FILES ${RESOURCES_DIR}/qtlogging.ini DESTINATION ${DEFAULT_FILE_DESTINATION} COMPONENT Runtime)

View File

@ -5,14 +5,20 @@ IF(MINGW)
SET(CMAKE_FIND_LIBRARY_SUFFIXES ".dll.a" ".a" ".lib")
ENDIF()
SET(MIN_QT_VERSION 5.9)
SET(MIN_QT_VERSION 5.10)
FIND_PACKAGE(Qt5Core ${MIN_QT_VERSION} REQUIRED)
FIND_PACKAGE(Qt5Concurrent ${MIN_QT_VERSION} REQUIRED)
FIND_PACKAGE(Qt5Network ${MIN_QT_VERSION} REQUIRED)
FIND_PACKAGE(Qt5Xml ${MIN_QT_VERSION} REQUIRED)
FIND_PACKAGE(Qt5Svg ${MIN_QT_VERSION} REQUIRED)
FIND_PACKAGE(Qt5LinguistTools ${MIN_QT_VERSION} REQUIRED)
FIND_PACKAGE(Qt5WebSockets ${MIN_QT_VERSION} REQUIRED)
IF(NOT DESKTOP AND NOT ANDROID_BUILD_AAR OR "${CMAKE_BUILD_TYPE}" STREQUAL "DEBUG")
FIND_PACKAGE(Qt5Qml ${MIN_QT_VERSION} REQUIRED)
FIND_PACKAGE(Qt5Quick ${MIN_QT_VERSION} REQUIRED)
FIND_PACKAGE(Qt5QuickControls2 ${MIN_QT_VERSION} REQUIRED)
ENDIF()
IF(DESKTOP)
FIND_PACKAGE(Qt5Widgets ${MIN_QT_VERSION} REQUIRED)
@ -24,9 +30,6 @@ ENDIF()
IF(ANDROID OR IOS OR WINDOWS_STORE OR "${CMAKE_BUILD_TYPE}" STREQUAL "DEBUG")
FIND_PACKAGE(Qt5Bluetooth ${MIN_QT_VERSION} REQUIRED)
FIND_PACKAGE(Qt5Nfc ${MIN_QT_VERSION} REQUIRED)
FIND_PACKAGE(Qt5Qml ${MIN_QT_VERSION} REQUIRED)
FIND_PACKAGE(Qt5Quick ${MIN_QT_VERSION} REQUIRED)
FIND_PACKAGE(Qt5QuickControls2 ${MIN_QT_VERSION} REQUIRED)
ENDIF()
IF(ANDROID)
@ -71,13 +74,6 @@ IF(tmp_crosscompile_enabled)
SET(CMAKE_CROSSCOMPILING OFF)
ENDIF()
IF(ANDROID)
GET_TARGET_PROPERTY(CryptoLib OpenSSL::Crypto IMPORTED_LOCATION)
STRING(REPLACE "libcrypto.so" "libgovcrypto.so" CryptoLib "${CryptoLib}")
MESSAGE(STATUS "Rewrite OpenSSL::Crypto: ${CryptoLib}")
SET_TARGET_PROPERTIES(OpenSSL::Crypto PROPERTIES IMPORTED_LOCATION "${CryptoLib}")
ENDIF()
IF(MINGW)
SET(PCSC_LIBRARIES -lwinscard)
@ -101,6 +97,7 @@ ELSEIF(IOS)
FIND_LIBRARY(IOS_SECURITY Security)
FIND_LIBRARY(IOS_SYSTEMCONFIGURATION SystemConfiguration)
FIND_LIBRARY(IOS_AUDIOTOOLBOX AudioToolbox)
FIND_LIBRARY(IOS_IMAGEIO ImageIO)
ELSEIF(MAC)
FIND_PATH(PCSC_INCLUDE_DIRS WinSCard.h)
FIND_LIBRARY(PCSC_LIBRARIES NAMES PCSC WinSCard)
@ -108,6 +105,8 @@ ELSEIF(MAC)
FIND_LIBRARY(OSX_APPKIT AppKit)
FIND_LIBRARY(IOKIT NAMES IOKit)
FIND_LIBRARY(OSX_SECURITY Security)
FIND_LIBRARY(OSX_FOUNDATION Foundation)
FIND_LIBRARY(OSX_SERVICEMANAGEMENT ServiceManagement)
ELSEIF(UNIX)
IF(LINUX)
FIND_LIBRARY(LIBUDEV NAMES udev ludev libudev)
@ -122,8 +121,4 @@ ENDIF()
IF("${CMAKE_BUILD_TYPE}" STREQUAL "DEBUG")
FIND_PACKAGE(Qt5Test ${MIN_QT_VERSION} REQUIRED)
FIND_PACKAGE(Qt5QuickTest ${MIN_QT_VERSION} REQUIRED)
IF(DESKTOP AND NOT APPLE)
FIND_PACKAGE(Qt5UiPlugin ${MIN_QT_VERSION})
ENDIF()
ENDIF()

View File

@ -12,14 +12,6 @@ MESSAGE(STATUS "CMAKE_SYSROOT_COMPILE: ${CMAKE_SYSROOT_COMPILE}")
MESSAGE(STATUS "CMAKE_SYSTEM_PROCESSOR: ${CMAKE_SYSTEM_PROCESSOR}")
IF(ANDROID)
FUNCTION(READ_REVISION _var _regex _file)
IF(EXISTS "${_file}")
FILE(READ "${_file}" content)
STRING(REGEX MATCH "${_regex}" _unused "${content}")
SET(${_var} ${CMAKE_MATCH_1} PARENT_SCOPE)
ENDIF()
ENDFUNCTION()
MESSAGE(STATUS "CMAKE_ANDROID_NDK: ${CMAKE_ANDROID_NDK}")
MESSAGE(STATUS "CMAKE_ANDROID_NDK_TOOLCHAIN_HOST_TAG: ${CMAKE_ANDROID_NDK_TOOLCHAIN_HOST_TAG}")
MESSAGE(STATUS "CMAKE_ANDROID_ARCH_ABI: ${CMAKE_ANDROID_ARCH_ABI}")
@ -31,10 +23,7 @@ IF(ANDROID)
MESSAGE(STATUS "ANDROID_SDK: ${ANDROID_SDK}")
MESSAGE(STATUS "ANDROID_BUILD_TOOLS_REVISION: ${ANDROID_BUILD_TOOLS_REVISION}")
READ_REVISION(ANDROID_NDK_REVISION ".*Revision = ([0-9|\\.]+)" "${CMAKE_ANDROID_NDK}/source.properties")
MESSAGE(STATUS "ANDROID_NDK_REVISION: ${ANDROID_NDK_REVISION}")
READ_REVISION(ANDROID_SDK_REVISION ".*Revision=([0-9|\\.]+)" "${ANDROID_SDK}/tools/source.properties")
MESSAGE(STATUS "ANDROID_SDK_REVISION: ${ANDROID_SDK_REVISION}")
ELSEIF(IOS)

View File

@ -3,7 +3,10 @@
SET(FILENAME ${PROJECT_NAME}-${PROJECT_VERSION})
IF(ANDROID)
IF(ANDROID_BUILD_AAR)
STRING(TOLOWER "${FILENAME}" FILENAME)
STRING(REGEX REPLACE "[0-9]*-" "-" FILENAME "${FILENAME}")
ELSEIF(ANDROID)
SET(FILENAME ${FILENAME}-${CMAKE_ANDROID_ARCH_ABI})
ENDIF()
@ -52,7 +55,7 @@ IF(APPLE AND NOT IOS)
SET(CPACK_RESOURCE_FILE_LICENSE "${PROJECT_BINARY_DIR}/LICENSE.txt")
ENDIF()
IF(${CMAKE_BUILD_TYPE} STREQUAL "RELEASE")
IF(${CMAKE_BUILD_TYPE} STREQUAL "RELEASE" OR ${CMAKE_BUILD_TYPE} STREQUAL "MINSIZEREL")
SET(CPACK_STRIP_FILES TRUE)
ENDIF()
@ -69,16 +72,12 @@ LIST(APPEND CPACK_SOURCE_IGNORE_FILES "CMakeLists\\\\.txt\\\\.user")
LIST(APPEND CPACK_SOURCE_IGNORE_FILES "\\\\.project")
LIST(APPEND CPACK_SOURCE_IGNORE_FILES "\\\\.cproject")
LIST(APPEND CPACK_SOURCE_IGNORE_FILES "\\\\.reviewboardrc")
LIST(APPEND CPACK_SOURCE_IGNORE_FILES "utils/tlscheck")
LIST(APPEND CPACK_SOURCE_IGNORE_FILES "utils/testbedtool")
LIST(APPEND CPACK_SOURCE_IGNORE_FILES "utils/fuzzing")
LIST(APPEND CPACK_SOURCE_IGNORE_FILES "utils")
SET(CPACK_MONOLITHIC_INSTALL true)
IF(WIN32)
SET(CPACK_PACKAGE_EXECUTABLES "AusweisApp2;AusweisApp2")
SET(CPACK_GENERATOR WIX)
SET(CPACK_WIX_UPGRADE_GUID 4EE0E467-EAB7-483E-AB45-87BD1DB6B037)
SET(CPACK_WIX_PRODUCT_ICON ${RESOURCES_DIR}/images/npa.ico)
@ -86,6 +85,7 @@ IF(WIN32)
# disable above line, enable beneath line to build MSI for english
# SET(CPACK_WIX_CULTURES en-US)
SET(CPACK_WIX_TEMPLATE ${PACKAGING_DIR}/win/WIX.template.in)
SET(CPACK_WIX_EXTRA_SOURCES ${PACKAGING_DIR}/win/install_settings.wxs ${PACKAGING_DIR}/win/runtime_settings.wxs)
SET(CPACK_WIX_UI_BANNER ${RESOURCES_DIR}/images/wix_banner.jpg)
SET(CPACK_WIX_UI_DIALOG ${RESOURCES_DIR}/images/wix_dialog.jpg)
SET(CPACK_WIX_EXTENSIONS WixUtilExtension)
@ -126,6 +126,7 @@ ELSEIF(APPLE)
SET(CPACK_GENERATOR Bundle)
SET(CPACK_INSTALL_CMAKE_PROJECTS ${CMAKE_BINARY_DIR};${PROJECT_NAME};ALL;/)
SET(CPACK_BUNDLE_NAME ${PROJECT_NAME})
SET(CPACK_BUNDLE_COPYRIGHT ${COPYRIGHT_TEXT})
SET(CPACK_BUNDLE_ICON ${RESOURCES_DIR}/images/bundle_icons.icns)
SET(CPACK_BUNDLE_APPLE_CERT_APP "Developer ID Application: Governikus GmbH & Co. KG (G7EQCJU4BR)")
@ -153,10 +154,6 @@ ELSEIF(APPLE)
CONFIGURE_FILE(${MACOS_PACKAGING_DIR}/${INFO_PLIST_FILE_NAME} ${INFO_PLIST_FILE_NAME} @ONLY)
SET(CPACK_BUNDLE_PLIST ${INFO_PLIST_FILE_NAME})
SET(STARTUP_FILE_NAME start-ausweisapp2.sh)
CONFIGURE_FILE(${MACOS_PACKAGING_DIR}/${STARTUP_FILE_NAME} ${STARTUP_FILE_NAME} @ONLY)
SET(CPACK_BUNDLE_STARTUP_COMMAND ${STARTUP_FILE_NAME})
ELSEIF(ANDROID)
FIND_PROGRAM(androiddeployqt androiddeployqt CMAKE_FIND_ROOT_PATH_BOTH)
IF(NOT androiddeployqt)
@ -164,16 +161,40 @@ ELSEIF(ANDROID)
ENDIF()
MESSAGE(STATUS "Using androiddeployqt: ${androiddeployqt}")
OPTION(ANDROID_USE_GRADLE "Use gradle for androiddeployqt" OFF)
OPTION(ANDROID_USE_GRADLE "Use gradle for androiddeployqt" ON)
IF(${CMAKE_BUILD_TYPE} STREQUAL "RELEASE")
IF(APK_SIGN_KEYSTORE AND APK_SIGN_KEYSTORE_ALIAS AND APK_SIGN_KEYSTORE_PSW)
IF(ANDROID_USE_GRADLE)
FILE(READ "${QT_HOST_PREFIX}/src/android/templates/build.gradle" BUILD_GRADLE)
IF(ANDROID_BUILD_AAR)
STRING(REPLACE "apply plugin: 'com.android.application'" "apply plugin: 'com.android.library'" BUILD_GRADLE "${BUILD_GRADLE}")
ENDIF()
FILE(WRITE "${CMAKE_INSTALL_PREFIX}/build.gradle" "${BUILD_GRADLE}")
FILE(READ "${PACKAGING_DIR}/android/build.gradle.append" BUILD_GRADLE)
FILE(APPEND "${CMAKE_INSTALL_PREFIX}/build.gradle" "${BUILD_GRADLE}")
ENDIF()
IF(ANDROID_BUILD_AAR)
SET(ANDROID_FILE_EXT aar)
CONFIGURE_FILE(${PACKAGING_DIR}/android/pom.xml.in ${CMAKE_INSTALL_PREFIX}/${CPACK_PACKAGE_FILE_NAME}.pom @ONLY)
ELSE()
SET(ANDROID_FILE_EXT apk)
ENDIF()
MESSAGE(STATUS "Prepare ${ANDROID_FILE_EXT} file generation")
IF(${CMAKE_BUILD_TYPE} STREQUAL "RELEASE" OR ${CMAKE_BUILD_TYPE} STREQUAL "RELWITHDEBINFO" OR ${CMAKE_BUILD_TYPE} STREQUAL "MINSIZEREL")
IF(ANDROID_BUILD_AAR)
SET(ANDROID_FILE dist-release.aar)
SET(DEPLOY_CMD_SIGN --release)
ELSEIF(APK_SIGN_KEYSTORE AND APK_SIGN_KEYSTORE_ALIAS AND APK_SIGN_KEYSTORE_PSW)
MESSAGE(STATUS "Release build will be signed using: ${APK_SIGN_KEYSTORE} | Alias: ${APK_SIGN_KEYSTORE_ALIAS}")
SET(DEPLOY_CMD_SIGN --sign ${APK_SIGN_KEYSTORE} ${APK_SIGN_KEYSTORE_ALIAS} --storepass ${APK_SIGN_KEYSTORE_PSW} --digestalg SHA-256 --sigalg SHA256WithRSA)
IF(ANDROID_USE_GRADLE)
SET(APK_FILE dist-release-signed.apk)
SET(ANDROID_FILE dist-release-signed.apk)
ELSE()
SET(APK_FILE QtApp-release-signed.apk)
SET(ANDROID_FILE QtApp-release-signed.apk)
ENDIF()
ELSE()
MESSAGE(FATAL_ERROR "Cannot sign release build! Set APK_SIGN_KEYSTORE, APK_SIGN_KEYSTORE_ALIAS and APK_SIGN_KEYSTORE_PSW!")
@ -181,9 +202,9 @@ ELSEIF(ANDROID)
ELSE()
IF(ANDROID_USE_GRADLE)
SET(APK_FILE dist-debug.apk)
SET(ANDROID_FILE dist-debug.${ANDROID_FILE_EXT})
ELSE()
SET(APK_FILE QtApp-debug.apk)
SET(ANDROID_FILE QtApp-debug.apk)
ENDIF()
ENDIF()
@ -191,21 +212,43 @@ ELSEIF(ANDROID)
IF(ANDROID_USE_GRADLE)
SET(DEPLOY_CMD ${DEPLOY_CMD} --gradle)
SET(SOURCE_APK_FILE ${CMAKE_INSTALL_PREFIX}/build/outputs/apk/${APK_FILE})
SET(SOURCE_ANDROID_FILE ${CMAKE_INSTALL_PREFIX}/build/outputs/${ANDROID_FILE_EXT})
IF("${Qt5Core_VERSION}" VERSION_GREATER_EQUAL "5.12.0" AND NOT ANDROID_BUILD_AAR)
IF(${CMAKE_BUILD_TYPE} STREQUAL "DEBUG")
SET(SOURCE_ANDROID_FILE ${SOURCE_ANDROID_FILE}/debug)
ELSE()
SET(SOURCE_ANDROID_FILE ${SOURCE_ANDROID_FILE}/release)
ENDIF()
ENDIF()
SET(SOURCE_ANDROID_FILE ${SOURCE_ANDROID_FILE}/${ANDROID_FILE})
ELSE()
SET(SOURCE_APK_FILE ${CMAKE_INSTALL_PREFIX}/bin/${APK_FILE})
IF(ANDROID_BUILD_AAR)
MESSAGE(FATAL_ERROR "Use gradle to build an AAR")
ENDIF()
SET(SOURCE_ANDROID_FILE ${CMAKE_INSTALL_PREFIX}/bin/${ANDROID_FILE})
ENDIF()
SET(DESTINATION_APK_FILE ${CMAKE_INSTALL_PREFIX}/${CPACK_PACKAGE_FILE_NAME}.apk)
SET(DESTINATION_ANDROID_FILE ${CMAKE_INSTALL_PREFIX}/${CPACK_PACKAGE_FILE_NAME}.${ANDROID_FILE_EXT})
# Add DEPENDS install someday
# http://public.kitware.com/Bug/view.php?id=8438
ADD_CUSTOM_TARGET(apk
ADD_CUSTOM_TARGET(${ANDROID_FILE_EXT}
COMMAND ${DEPLOY_CMD}
COMMAND ${CMAKE_COMMAND} -E copy ${SOURCE_APK_FILE} ${DESTINATION_APK_FILE})
COMMAND ${CMAKE_COMMAND} -E copy ${SOURCE_ANDROID_FILE} ${DESTINATION_ANDROID_FILE})
FIND_PROGRAM(apksigner apksigner HINTS ${ANDROID_SDK}/build-tools/${ANDROID_BUILD_TOOLS_REVISION} CMAKE_FIND_ROOT_PATH_BOTH)
IF(apksigner)
ADD_CUSTOM_TARGET(verify.signature COMMAND ${apksigner} verify --verbose --print-certs -Werr ${DESTINATION_APK_FILE})
IF(ANDROID_USE_GRADLE)
ADD_CUSTOM_COMMAND(TARGET ${ANDROID_FILE_EXT} POST_BUILD
COMMAND ${CMAKE_INSTALL_PREFIX}/gradlew sourcesJar lint
COMMAND ${CMAKE_COMMAND} -E copy build/libs/dist-sources.jar ${CPACK_PACKAGE_FILE_NAME}-sources.jar
WORKING_DIRECTORY ${CMAKE_INSTALL_PREFIX})
ENDIF()
IF(NOT ANDROID_BUILD_AAR)
FIND_PROGRAM(apksigner apksigner HINTS ${ANDROID_SDK}/build-tools/${ANDROID_BUILD_TOOLS_REVISION} CMAKE_FIND_ROOT_PATH_BOTH)
IF(apksigner)
ADD_CUSTOM_TARGET(verify.signature COMMAND ${apksigner} verify --verbose --print-certs -Werr ${DESTINATION_ANDROID_FILE})
ENDIF()
ENDIF()
ELSEIF(UNIX)

View File

@ -43,7 +43,7 @@ IF(COVERAGE)
FIND_PROGRAM(GCOVR_BIN gcovr CMAKE_FIND_ROOT_PATH_BOTH)
IF(GCOVR_BIN)
SET(GCOVR_FILE "${PROJECT_BINARY_DIR}/gcovr.xml")
SET(GCOVR_CMD ${GCOVR_BIN} -x -o ${GCOVR_FILE} --exclude="src/external" --exclude="test" -r ${PROJECT_SOURCE_DIR} ${PROJECT_BINARY_DIR})
SET(GCOVR_CMD ${GCOVR_BIN} -x -o ${GCOVR_FILE} --exclude="utils" --exclude="src/external" --exclude="test" -r ${PROJECT_SOURCE_DIR} ${PROJECT_BINARY_DIR})
ADD_CUSTOM_COMMAND(OUTPUT ${GCOVR_FILE} COMMAND ${GCOVR_CMD} WORKING_DIRECTORY ${PROJECT_SOURCE_DIR})
ADD_CUSTOM_TARGET(gcovr DEPENDS ${GCOVR_FILE})
@ -151,14 +151,11 @@ ENDIF()
FIND_PROGRAM(QMLLINT_BIN qmllint CMAKE_FIND_ROOT_PATH_BOTH)
IF(QMLLINT_BIN)
FILE(GLOB_RECURSE TEST_FILES_QML ${TEST_DIR}/qml/*.qml)
FILE(GLOB_RECURSE TEST_FILES_QML_STATIONARY ${TEST_DIR}/qml_stationary/*.qml)
FILE(GLOB_RECURSE FILES_QML ${RESOURCES_DIR}/qml/*.qml)
FILE(GLOB_RECURSE FILES_QML_STATIONARY ${RESOURCES_DIR}/qml_stationary/*.qml)
FILE(GLOB_RECURSE FILES_JS ${RESOURCES_DIR}/qml/*.js)
FILE(GLOB_RECURSE FILES_JS_STATIONARY ${RESOURCES_DIR}/qml_stationary/*.js)
SET(QMLLINT_CMD ${QMLLINT_BIN} ${FILES_QML} ${FILES_QML_STATIONARY} ${FILES_JS})
SET(QMLLINT_CMD ${QMLLINT_BIN} ${FILES_QML} ${FILES_JS})
ADD_CUSTOM_TARGET(qmllint COMMAND ${QMLLINT_CMD} SOURCES ${TEST_FILES_QML} ${TEST_FILES_QML_STATIONARY} ${FILES_QML} ${FILES_QML_STATIONARY} ${FILES_JS} ${FILES_JS_STATIONARY})
ADD_CUSTOM_TARGET(qmllint COMMAND ${QMLLINT_CMD} SOURCES ${TEST_FILES_QML} ${FILES_QML} ${FILES_JS})
ENDIF()
# doc8 (https://pypi.python.org/pypi/doc8)
@ -175,8 +172,13 @@ ENDFUNCTION()
FIND_PROGRAM(CONVERT convert CMAKE_FIND_ROOT_PATH_BOTH)
IF(CONVERT)
SET(CONVERT_CMD convert)
SET(BACKGROUND_COLOR "transparent")
IF(IOS)
SET(CONVERT_CMD convert -alpha off)
SET(BACKGROUND_COLOR "#5489c2")
ELSE()
SET(CONVERT_CMD convert)
SET(BACKGROUND_COLOR "transparent")
ENDIF()
ADD_CUSTOM_TARGET(npaicons.win
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -define icon:auto-resize=256,96,64,48,40,32,24,20,16 npa.svg npa.ico
@ -184,29 +186,29 @@ IF(CONVERT)
ADD_CUSTOM_TARGET(npaicons.android.preview
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -resize 36x36 npa_preview.svg android/ldpi/npa_preview.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -resize 48x48 npa_preview.svg android/mdpi/npa_preview.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -resize 72x72 npa_preview.svg android/hdpi/npa_preview.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -resize 96x96 npa_preview.svg android/xhdpi/npa_preview.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -resize 144x144 npa_preview.svg android/xxhdpi/npa_preview.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -resize 192x192 npa_preview.svg android/xxxhdpi/npa_preview.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -units PixelsPerInch -resample 160 -resize 48x48 npa_preview.svg android/mdpi/npa_preview.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -units PixelsPerInch -resample 240 -resize 72x72 npa_preview.svg android/hdpi/npa_preview.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -units PixelsPerInch -resample 320 -resize 96x96 npa_preview.svg android/xhdpi/npa_preview.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -units PixelsPerInch -resample 480 -resize 144x144 npa_preview.svg android/xxhdpi/npa_preview.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -units PixelsPerInch -resample 640 -resize 192x192 npa_preview.svg android/xxxhdpi/npa_preview.png
WORKING_DIRECTORY ${RESOURCES_DIR}/images)
ADD_CUSTOM_TARGET(npaicons.android.beta
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -resize 36x36 npa_beta.svg android/ldpi/npa_beta.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -resize 48x48 npa_beta.svg android/mdpi/npa_beta.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -resize 72x72 npa_beta.svg android/hdpi/npa_beta.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -resize 96x96 npa_beta.svg android/xhdpi/npa_beta.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -resize 144x144 npa_beta.svg android/xxhdpi/npa_beta.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -resize 192x192 npa_beta.svg android/xxxhdpi/npa_beta.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -units PixelsPerInch -resample 160 -resize 48x48 npa_beta.svg android/mdpi/npa_beta.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -units PixelsPerInch -resample 240 -resize 72x72 npa_beta.svg android/hdpi/npa_beta.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -units PixelsPerInch -resample 320 -resize 96x96 npa_beta.svg android/xhdpi/npa_beta.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -units PixelsPerInch -resample 480 -resize 144x144 npa_beta.svg android/xxhdpi/npa_beta.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -units PixelsPerInch -resample 640 -resize 192x192 npa_beta.svg android/xxxhdpi/npa_beta.png
WORKING_DIRECTORY ${RESOURCES_DIR}/images)
ADD_CUSTOM_TARGET(npaicons.android
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -resize 36x36 npa.svg android/ldpi/npa.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -resize 48x48 npa.svg android/mdpi/npa.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -resize 72x72 npa.svg android/hdpi/npa.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -resize 96x96 npa.svg android/xhdpi/npa.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -resize 144x144 npa.svg android/xxhdpi/npa.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -resize 192x192 npa.svg android/xxxhdpi/npa.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -units PixelsPerInch -resample 160 -resize 48x48 npa.svg android/mdpi/npa.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -units PixelsPerInch -resample 240 -resize 72x72 npa.svg android/hdpi/npa.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -units PixelsPerInch -resample 320 -resize 96x96 npa.svg android/xhdpi/npa.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -units PixelsPerInch -resample 480 -resize 144x144 npa.svg android/xxhdpi/npa.png
COMMAND ${CONVERT_CMD} -background '${BACKGROUND_COLOR}' -units PixelsPerInch -resample 640 -resize 192x192 npa.svg android/xxxhdpi/npa.png
WORKING_DIRECTORY ${RESOURCES_DIR}/images)
ADD_CUSTOM_TARGET(npaicons.ios.beta
@ -291,6 +293,9 @@ SET(PNGQUANT_CMD pngquant -f -o)
WORKING_DIRECTORY ${RESOURCES_DIR}/images)
ADD_CUSTOM_TARGET(pngquant.ios
COMMAND ${PNGQUANT_CMD} iOS/appIcons/Images.xcassets/AppIcon.appiconset/icon20.png -- iOS/appIcons/Images.xcassets/AppIcon.appiconset/icon20.png
COMMAND ${PNGQUANT_CMD} iOS/appIcons/Images.xcassets/AppIcon.appiconset/icon20@2x.png -- iOS/appIcons/Images.xcassets/AppIcon.appiconset/icon20@2x.png
COMMAND ${PNGQUANT_CMD} iOS/appIcons/Images.xcassets/AppIcon.appiconset/icon20@3x.png -- iOS/appIcons/Images.xcassets/AppIcon.appiconset/icon20@3x.png
COMMAND ${PNGQUANT_CMD} iOS/appIcons/Images.xcassets/AppIcon.appiconset/iconSmall.png -- iOS/appIcons/Images.xcassets/AppIcon.appiconset/iconSmall.png
COMMAND ${PNGQUANT_CMD} iOS/appIcons/Images.xcassets/AppIcon.appiconset/iconSmall@2x.png -- iOS/appIcons/Images.xcassets/AppIcon.appiconset/iconSmall@2x.png
COMMAND ${PNGQUANT_CMD} iOS/appIcons/Images.xcassets/AppIcon.appiconset/iconSmall@3x.png -- iOS/appIcons/Images.xcassets/AppIcon.appiconset/iconSmall@3x.png
@ -302,6 +307,7 @@ SET(PNGQUANT_CMD pngquant -f -o)
COMMAND ${PNGQUANT_CMD} iOS/appIcons/Images.xcassets/AppIcon.appiconset/icon76.png -- iOS/appIcons/Images.xcassets/AppIcon.appiconset/icon76.png
COMMAND ${PNGQUANT_CMD} iOS/appIcons/Images.xcassets/AppIcon.appiconset/icon76@2x.png -- iOS/appIcons/Images.xcassets/AppIcon.appiconset/icon76@2x.png
COMMAND ${PNGQUANT_CMD} iOS/appIcons/Images.xcassets/AppIcon.appiconset/icon83.5@2x.png -- iOS/appIcons/Images.xcassets/AppIcon.appiconset/icon83.5@2x.png
COMMAND ${PNGQUANT_CMD} iOS/appIcons/Images.xcassets/AppIcon.appiconset/icon1024.png -- iOS/appIcons/Images.xcassets/AppIcon.appiconset/icon1024.png
COMMAND ${PNGQUANT_CMD} iOS/launchImages/Default-568h@2x.png -- iOS/launchImages/Default-568h@2x.png
WORKING_DIRECTORY ${RESOURCES_DIR}/images)
@ -368,4 +374,55 @@ IF(JAVA_EXECUTABLE)
ENDIF()
ENDIF()
FIND_PROGRAM(DOT dot CMAKE_FIND_ROOT_PATH_BOTH)
IF(DOT)
SET(architecture_file Architecture)
SET(ARCHI_PDF_DEPENDS)
ADD_CUSTOM_TARGET(architecture.graphviz ${CMAKE_COMMAND} --graphviz=${architecture_file} . WORKING_DIRECTORY ${PROJECT_BINARY_DIR})
LIST(APPEND ARCHI_PDF_DEPENDS architecture.graphviz)
FIND_PROGRAM(SED sed CMAKE_FIND_ROOT_PATH_BOTH)
IF(SED)
# 1. Strip line of plugins as it is misleading
# 2. Strip "AusweisApp" prefix
ADD_CUSTOM_TARGET(architecture.sed
COMMAND ${SED} -i -E '/AusweisApp -> AusweisApp\(Ui|Card|Activation\).+/d' ${architecture_file}
COMMAND ${SED} -i'' -e 's/"AusweisApp"/"AusweisApp2"/' ${architecture_file}
COMMAND ${SED} -i'' -e 's/"AusweisApp2"/"REPLACE"/' ${architecture_file}
COMMAND ${SED} -i'' -e 's/AusweisApp//' ${architecture_file}
COMMAND ${SED} -i'' -e 's/"REPLACE"/"AusweisApp2"/' ${architecture_file}
COMMAND ${SED} -i'' -e 's/diamond/box/' ${architecture_file}
DEPENDS ${ARCHI_PDF_DEPENDS}
WORKING_DIRECTORY ${PROJECT_BINARY_DIR})
LIST(APPEND ARCHI_PDF_DEPENDS architecture.sed)
ENDIF()
ADD_CUSTOM_TARGET(architecture
${DOT} -O -Tpdf ${architecture_file}
DEPENDS ${ARCHI_PDF_DEPENDS}
WORKING_DIRECTORY ${PROJECT_BINARY_DIR})
ENDIF()
FIND_PACKAGE(PythonInterp 2.7)
IF(PYTHONINTERP_FOUND)
ADD_CUSTOM_TARGET(checkproviderurls
COMMAND ${PYTHON_EXECUTABLE} "${PROJECT_SOURCE_DIR}/utils/providercheck/check-urls.py" "${PROJECT_SOURCE_DIR}/resources/updatable-files/supported-providers.json")
ENDIF()
FIND_PROGRAM(SED sed CMAKE_FIND_ROOT_PATH_BOTH)
IF(SED)
FILE(GLOB FILES_TO_GENERATE ${RESOURCES_DIR}/images/tutorial/src/*.svg)
SET(TARGET_DIR ${RESOURCES_DIR}/images/tutorial/generated)
ADD_CUSTOM_TARGET(generate_composite_images.sed)
FOREACH(SRC ${FILES_TO_GENERATE})
GET_FILENAME_COMPONENT(SRC_NAME ${SRC} NAME)
ADD_CUSTOM_COMMAND(TARGET generate_composite_images.sed PRE_BUILD
COMMAND ${SED} -E 's/xlink:href=\\"[\\.\\/]+/xlink:href=\\":\\//' ${SRC} > ${TARGET_DIR}/${SRC_NAME})
ENDFOREACH(SRC)
ENDIF()
INCLUDE(Sphinx)

View File

@ -1,5 +1,17 @@
CMAKE_MINIMUM_REQUIRED(VERSION 3.7.1)
FUNCTION(READ_REVISION _var _regex _file)
IF(EXISTS "${_file}")
FILE(READ "${_file}" content)
STRING(REGEX MATCH "${_regex}" _unused "${content}")
SET(${_var} ${CMAKE_MATCH_1} PARENT_SCOPE)
ENDIF()
ENDFUNCTION()
IF(NOT CMAKE_ANDROID_NDK)
SET(CMAKE_ANDROID_NDK $ENV{ANDROID_NDK})
ENDIF()
SET(ANDROID_SDK $ENV{ANDROID_HOME})
SET(ANDROID_BUILD_TOOLS_REVISION $ENV{ANDROID_BUILD_TOOLS_REVISION})
@ -18,19 +30,30 @@ IF(NOT ANDROID_BUILD_TOOLS_REVISION)
GET_FILENAME_COMPONENT(ANDROID_BUILD_TOOLS_REVISION "${build_tools}" NAME)
ENDIF()
READ_REVISION(ANDROID_NDK_REVISION ".*Revision = ([0-9|\\.]+)" "${CMAKE_ANDROID_NDK}/source.properties")
READ_REVISION(ANDROID_SDK_REVISION ".*Revision=([0-9|\\.]+)" "${ANDROID_SDK}/tools/source.properties")
IF(NOT CMAKE_ANDROID_NDK_TOOLCHAIN_VERSION AND ANDROID_NDK_REVISION VERSION_GREATER_EQUAL "11")
SET(CMAKE_ANDROID_NDK_TOOLCHAIN_VERSION clang)
ENDIF()
SET(ANDROID_NDK_TOOLCHAIN_VERSION 4.9)
SET(CMAKE_SYSTEM_NAME Android)
SET(CMAKE_ANDROID_STL_TYPE gnustl_shared)
SET(CMAKE_SYSTEM_VERSION 21)
IF(CMAKE_ANDROID_NDK_TOOLCHAIN_VERSION MATCHES "clang")
SET(CMAKE_ANDROID_STL_TYPE c++_shared)
ELSE()
SET(CMAKE_ANDROID_STL_TYPE gnustl_shared)
ENDIF()
IF(NOT CMAKE_ANDROID_ARCH_ABI)
SET(CMAKE_ANDROID_ARCH_ABI armeabi-v7a)
ENDIF()
IF(CMAKE_ANDROID_ARCH_ABI MATCHES "arm64-v8a")
SET(CMAKE_SYSTEM_VERSION 21)
ELSE()
SET(CMAKE_SYSTEM_VERSION 18)
ENDIF()
SET(CMAKE_FIND_ROOT_PATH ${CMAKE_PREFIX_PATH} CACHE string "android find search path root")
OPTION(ANDROID_BUILD_AAR "Build AAR file instead of APK" OFF)
SET(CMAKE_FIND_ROOT_PATH ${CMAKE_PREFIX_PATH} CACHE string "android find search path root")
SET(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY)
SET(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY)

View File

@ -35,6 +35,19 @@ FUNCTION(CREATE_HASH)
ENDFOREACH()
ENDFUNCTION()
FUNCTION(CHECK_WIX_WARNING)
FILE(STRINGS "${FILE}" WIX_WARNINGS REGEX "warning")
LIST(LENGTH WIX_WARNINGS WARNING_COUNT)
IF(WARNING_COUNT GREATER 0)
FOREACH(m ${WIX_WARNINGS})
MESSAGE(STATUS "${m}\n")
ENDFOREACH()
MESSAGE(FATAL_ERROR "Found ${WARNING_COUNT} new WIX warnings")
ELSE()
MESSAGE(STATUS "No WIX warnings found")
ENDIF()
ENDFUNCTION()
@ -47,6 +60,8 @@ ENDIF()
IF(CMD STREQUAL "HASH")
CREATE_HASH()
ELSEIF(CMD STREQUAL "CHECK_WIX_WARNING")
CHECK_WIX_WARNING()
ELSE()
MESSAGE(FATAL_ERROR "Unknown CMD: ${CMD}")
ENDIF()

View File

@ -2,6 +2,8 @@ IF(SPHINX_FOUND)
SPHINX_GEN("${CMAKE_CURRENT_SOURCE_DIR}/releasenotes" "notes" BUILDER singlehtml html latex)
SPHINX_GEN("${CMAKE_CURRENT_SOURCE_DIR}/sdk" "sdk" BUILDER changes html latex DEFAULT_LANG en)
SPHINX_GEN("${CMAKE_CURRENT_SOURCE_DIR}/installation" "inst" BUILDER changes html latex)
ELSE()
MESSAGE(STATUS "No documentation will be generated")
ENDIF()

View File

@ -0,0 +1,147 @@
Deutsch
=======
Windows
-------
Der Installer der AusweisApp2 kann über die Kommandozeile gestartet werden, um
den Installationsprozess zu konfigurieren und systemweite Standardeinstellungen
vorzugeben. Neben den üblichen Parametern [1]_ enthält das folgende Kommando
alle unterstützten Parameter, die im Anschluss erläutert werden.
.. code-block:: winbatch
msiexec /i AusweisApp2-X.YY.Z.msi /quiet INSTALL_ROOT="C:\AusweisApp2" SYSTEMSETTINGS=false DESKTOPSHORTCUT=false AUTOSTART=false AUTOHIDE=false REMINDTOCLOSE=false ASSISTANT=false TRANSPORTPINREMINDER=false UPDATECHECK=false ONSCREENKEYBOARD=true HISTORY=false
INSTALL_ROOT
Gibt das Installationsverzeichnis an. Ohne Angabe wird der Ordner
"C:\\Programme (x86)\\AusweisApp2 X.YY.Z" genutzt.
SYSTEMSETTINGS
Betrifft die Erstellung von Firewall-Regeln der Windows Firewall. Ohne Angabe
des Parameters werden die Firewall-Regeln erstellt (true). Durch Angabe von
SYSTEMSETTINGS=false werden keine Firewall-Regeln erstellt.
DESKTOPSHORTCUT
Durch Angabe von DESKTOPSHORTCUT=false kann die Erstellung einer
Desktop-Verknüpfung vermieden werden. Ohne Angabe des Parameters wird eine
Desktop-Verknüpfung für alle Benutzer erstellt (true).
AUTOSTART
Durch Angabe von AUTOSTART=true wird ein Autostart-Eintrag für alle Benutzer
erstellt. Die Deaktivierung des Autostarts ist den Benutzern in der AusweisApp2
dadurch nicht möglich. Ohne Angabe wird der Autostart-Eintrag nicht erstellt
(false). In diesem Fall ist es jedoch jedem Benutzer möglich, die Autostart-
Funktion innerhalb der AusweisApp2 für sich zu aktivieren.
AUTOHIDE
Betrifft die automatische Minimierung nach Abschluss einer erfolgreichen
Authentisierung. Ohne Angabe ist diese aktiviert (true). Durch AUTOHIDE=false
wird diese deaktiviert. Der Benutzer kann diese Einstellung anpassen.
REMINDTOCLOSE
Wenn der Benutzer die AusweisApp2 per Klick auf das X schließt, wird er darauf
hingewiesen, dass nur die Benutzeroberfläche geschlossen wird und die
AusweisApp2 weiterhin im Infobereich zur Verfügung steht. Zu diesem Zeitpunkt
ist es möglich, den Hinweis zukünftig zu unterdrücken. Durch REMINDTOCLOSE=false
kann dieser Hinweis von vornherein deaktiviert werden. Ohne Angabe ist er
aktiviert (true).
ASSISTANT
Startet der Benutzer die AusweisApp2 zum ersten Mal, wird die Benutzeroberfläche
geöffnet und ein Einrichtungsassistent angezeigt. Bei jedem weiteren Start wird
die AusweisApp2 im Hintergrund gestartet und der Einrichtungsassistent erscheint
nicht. Durch ASSISTANT=false wird die AusweisApp2 auch beim ersten Start im
Hintergrund ohne Einrichtungsassistenten gestartet. Ohne Angabe ist der
Einrichtungsassistent aktiviert (true).
TRANSPORTPINREMINDER
Zu Beginn einer Selbstauskunft oder Authentisierung wird der Benutzer einmalig
danach gefragt, ob er die Transport-PIN schon geändert hat. Durch
TRANSPORTPINREMINDER=false kann diese Abfrage deaktiviert werden. Ohne Angabe
ist die Abfrage aktiviert (true).
UPDATECHECK
Wird die Benutzeroberfläche der AusweisApp2 geöffnet, wird eine Überprüfung auf
eine neue Version der AusweisApp2 gestartet, falls seit der letzten Überprüfung
mindestens 24 Stunden vergangen sind. Liegt eine neue Version vor, wird der
Benutzer darüber in einem Dialog informiert. Durch Setzen von UPDATECHECK auf
false oder true kann diese Überprüfung deaktiviert bzw. aktiviert werden.
Die Einstellung kann dann durch den Benutzer in der AusweisApp2 nicht geändert
werden. Ohne Angabe ist die Überprüfung aktiviert, der Benutzer kann die
Einstellung jedoch ändern.
ONSCREENKEYBOARD
Für die Eingabe von PIN, CAN und PUK kann eine Bildschirmtastatur verwendet
werden. Durch Setzen von ONSCREENKEYBOARD auf false oder true kann diese
deaktiviert bzw. aktiviert werden. Der Benutzer kann diese Einstellung anpassen.
HISTORY
Jede Selbstauskunft oder Authentisierung wird im Verlauf gespeichert. Dabei
werden jedoch keine persönlichen Daten gespeichert, sondern nur der Zeitpunkt,
der Diensteanbieter und die ausgelesenen Datenfelder (ohne Inhalt). Durch Setzen
von HISTORY auf false oder true kann der Verlauf deaktiviert bzw. aktiviert
werden. Der Benutzer kann diese Einstellung anpassen.
Alternativ kann mit Orca [2]_ eine MST-Datei erzeugt werden, die die oben
genannten Parameter definiert. Die Parameter sind in den Tabellen "Directory"
und "Property" verfügbar. Übergeben lässt sich die MST-Datei mit dem folgenden
Kommando:
.. code-block:: winbatch
msiexec /i AusweisApp2-X.YY.Z.msi /quiet TRANSFORMS=file.mst
macOS
-----
Unter macOS ist keine Installation per Kommandozeile vorgesehen. Jedoch können
einige der oben genannten Einstellung durch eine plist-Datei im Verzeichnis
/Library/Preferences systemweit vorgegeben werden. Diese plist-Datei muss dabei
manuell durch den Administrator des Systems hinterlegt werden und wird von allen
(zukünftigen) Installationen der AusweisApp2 verwendet. Alle nicht genannten
Einstellungen werden auf macOS nicht unterstützt. Der Name der Datei muss
"com.governikus.AusweisApp2.plist" lauten. Der Inhalt wird im folgenden
dargestellt:
.. code-block:: xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>autoCloseWindow</key>
<false/>
<key>remindToClose</key>
<false/>
<key>showSetupAssistant</key>
<false/>
<key>transportPinReminder</key>
<false/>
<key>common.autoUpdateCheck</key>
<false/>
<key>common.keylessPassword</key>
<true/>
<key>history.enable</key>
<false/>
</dict>
</plist>
Für die einzelnen Werte gelten die gleichen Beschreibungen wie für die
Windows-Version wobei die Bennennung der Attribute der folgenden Tabelle zu
entnehmen ist.
====================== ====================
macOS Windows
====================== ====================
autoCloseWindow AUTOHIDE
remindToClose REMINDTOCLOSE
showSetupAssistant ASSISTANT
transportPinReminder TRANSPORTPINREMINDER
common.autoUpdateCheck UPDATECHECK
common.keylessPassword ONSCREENKEYBOARD
history.enable HISTORY
====================== ====================
.. [1] https://docs.microsoft.com/de-de/windows/desktop/msi/standard-installer-command-line-options
.. [2] https://docs.microsoft.com/de-de/windows/desktop/Msi/orca-exe

View File

@ -0,0 +1,136 @@
English
=======
Windows
-------
Start the installer of AusweisApp2 using the command line to configure the
installation process and preset system-wide default settings. In addition to the
usual arguments [1]_, the following command contains all supported arguments,
which are explained below.
.. code-block:: winbatch
msiexec /i AusweisApp2-X.YY.Z.msi /quiet INSTALL_ROOT="C:\AusweisApp2" SYSTEMSETTINGS=false DESKTOPSHORTCUT=false AUTOSTART=false AUTOHIDE=false REMINDTOCLOSE=false ASSISTANT=false TRANSPORTPINREMINDER=false UPDATECHECK=false ONSCREENKEYBOARD=true HISTORY=false
INSTALL_ROOT
States the installation directory. If not specified, the folder
"C:\\Program Files (x86)\\AusweisApp2 X.YY.Z" is used.
SYSTEMSETTINGS
Concerns the settings of firewall rules of the Windows Firewall. When not
specifying the argument, firewall rules are created (true). By indicating
SYSTEMSETTINGS=false, no firewall rules are created.
DESKTOPSHORTCUT
By specifying DESKTOPSHORTCUT=false, no desktop shortcut is created. Without
specifying the argument, the desktop shortcut is created for all users (true).
AUTOSTART
Setting AUTOSTART=true creates autostart entry for all users. Users are unable
to deactivate the autostart function in the AusweisApp2. Not specified, no
autostart entry is created (false). In that case, users are able to activate the
autostart function in the AusweisApp2.
AUTOHIDE
Concerns the automatic minimization after a successful authentication. Not
specified, it is activated (true). Setting AUTOHIDE=false, it is deactivated.
Users can adjust this setting to their preferences.
REMINDTOCLOSE
Closing the AusweisApp2 by clicking on the X, the user is notified that only the
user interface is closed and that the AusweisApp2 is still available in the info
tray. At this point, it is possible to prevent future notifications. Setting
REMINDTOCLOSE=false deactivates this notification from the outset. Not
specified, it is activated (true).
ASSISTANT
Starting the AusweisApp2 for the first time, the user interface is displayed and
the installation wizard is shown. With each subsequent start, the AusweisApp2
is started in the background, without the installation wizard being shown. By
indicating ASSISTANT=false, the AusweisApp2 is started in the background without
the installation wizard from the outset. Not specified, the installation
wizard is activated (true).
TRANSPORTPINREMINDER
Prior to the first authentication, the user is asked once whether they have
changed their transport PIN. Setting TRANSPORTPINREMINDER=false deactivates this
reminder. Not specified, the reminder is activated (true).
UPDATECHECK
Upon opening the user interface of the AusweisApp2, an update check is started,
provided that at least 24 hours have elapsed since the last update check. If a
newer version is available, the user is notified accordingly. Setting
UPDATECHECK to false or true deactivates or activates the update check
respectively. Users are unable to change this setting in the AusweisApp2. Not
specified, the update check is activated, but users can adjust the settings.
ONSCREENKEYBOARD
An on-screen keyboard is available to enter PIN, CAN or PUK. It is deactivated or
activated by setting ONSCREENKEYBOARD to false or true. Users are able to adjust
the settings.
HISTORY
Each authentication is saved in the history. No personal data is saved, only the
time of authentication, the service provider and the selected fields (without
content). Indicating HISTORY as false or true, the history function is
deactivated or activated. Users are able to adjust the settings.
Alternatively, Orca [2]_ can be used to create an MST file that defines the
above arguments. The arguments are available in the "Directory" and "Property"
tables. The MST file can be transferred with the following command:
.. code-block:: winbatch
msiexec /i AusweisApp2-X.YY.Z.msi /quiet TRANSFORMS=file.mst
macOS
-----
MacOS does not provide a command line installation. However, some of the above
settings can be specified system-wide by a plist file in the
/Library/Preferences directory. This plist file must be manually stored by the
administrator of the system and will be used by all (future) installations of
AusweisApp2. All not mentioned settings are not supported on macOS. The name of
the file must be "com.governikus.AusweisApp2.plist". The content is shown below:
.. code-block:: xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>autoCloseWindow</key>
<false/>
<key>remindToClose</key>
<false/>
<key>showSetupAssistant</key>
<false/>
<key>transportPinReminder</key>
<false/>
<key>common.autoUpdateCheck</key>
<false/>
<key>common.keylessPassword</key>
<true/>
<key>history.enable</key>
<false/>
</dict>
</plist>
The description for each value is applicable for both Windows and macOS,
although the naming of the attributes differs, as shown in the following table:
====================== ====================
macOS Windows
====================== ====================
autoCloseWindow AUTOHIDE
remindToClose REMINDTOCLOSE
showSetupAssistant ASSISTANT
transportPinReminder TRANSPORTPINREMINDER
common.autoUpdateCheck UPDATECHECK
common.keylessPassword ONSCREENKEYBOARD
history.enable HISTORY
====================== ====================
.. [1] https://docs.microsoft.com/en-us/windows/desktop/msi/standard-installer-command-line-options
.. [2] https://docs.microsoft.com/en-us/windows/desktop/Msi/orca-exe

View File

@ -0,0 +1,170 @@
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import sys
import os
import shlex
# -- General configuration ------------------------------------------------
# If your documentation needs a minimal Sphinx version, state it here.
needs_sphinx = '1.4'
# If true, figures, tables and code-blocks are automatically numbered
# if they has caption. For now, it works only with the HTML builder.
# Default is False.
numfig = True
# Add any Sphinx extension module names here, as strings. They can be
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
# ones.
extensions = []
locale_dirs = ['@SPHINX_DOCS_DIR@/locales/']
gettext_additional_targets = ['image']
gettext_location = False
gettext_compact = True
# Add any paths that contain templates here, relative to this directory.
#templates_path = ['@SPHINX_DOCS_DIR@/_templates']
# The suffix(es) of source filenames.
# You can specify multiple suffix as a list of string:
# source_suffix = ['.rst', '.md']
source_suffix = '.rst'
# The encoding of source files.
#source_encoding = 'utf-8-sig'
# The master toctree document.
master_doc = 'index'
# General information about the project.
project = 'AusweisApp2 Installation'
copyright = '2018, Governikus GmbH & Co. KG'
author = 'Governikus GmbH & Co. KG'
# The version info for the project you're documenting, acts as replacement for
# |version| and |release|, also used in various other places throughout the
# built documents.
#
# The short X.Y version.
version = '@PROJECT_VERSION@'
# The full version, including alpha/beta/rc tags.
release = '@VERSION_DVCS@'
today = ' '
# The language for content autogenerated by Sphinx. Refer to documentation
# for a list of supported languages.
#
# This is also used if you do content translation via gettext catalogs.
# Usually you set "language" from the command line for these cases.
language = 'en'
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
#exclude_patterns = ['']
# The name of the Pygments (syntax highlighting) style to use.
pygments_style = 'sphinx'
# The name of an image file (within the static path) to use as favicon of the
# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
# pixels large.
html_favicon = '@SPHINX_DOCS_DIR@/../../resources/images/npa.ico'
#html_theme_path = ['@SPHINX_DOCS_DIR@/_themes']
#html_theme = 'appcast'
html_theme = 'sphinx_rtd_theme'
# If false, no module index is generated.
html_domain_indices = True
# If false, no index is generated.
html_use_index = True
# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
html_show_sphinx = False
# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
html_show_copyright = True
html_scaled_image_link = False
# Output file base name for HTML help builder.
htmlhelp_basename = 'AusweisApp2Installation'
html_context = {
'display_github': False,
'display_bitbucket': False,
'show_source': False,
'html_show_sourcelink': False,
}
html_add_permalinks = ""
# -- Options for LaTeX output ---------------------------------------------
latex_elements = {
# The paper size ('letterpaper' or 'a4paper').
'papersize': 'a4paper',
# The font size ('10pt', '11pt' or '12pt').
'pointsize': '11pt',
# Additional stuff for the LaTeX preamble.
'preamble': '''
\hypersetup{pdfauthor={Governikus GmbH \& Co. KG},
pdftitle={AusweisApp2},
pdfsubject={Installation},
pdfkeywords={installation},
pdfproducer={LaTeX},
pdfcreator={Sphinx}
}
''',
# Override tableofcontents
'tableofcontents': '''
\\tableofcontents
\\newpage
\\pagestyle{plain}
\\pagenumbering{arabic}
''',
# Latex figure (float) alignment
'figure_align': 'H',
}
# Grouping the document tree into LaTeX files. List of tuples
# (source start file, target name, title,
# author, documentclass [howto, manual, or own class]).
latex_documents = [
(master_doc, 'AusweisApp2-@VERSION_DVCS@-NetInstallation.tex', 'AusweisApp2 Installation',
'Governikus GmbH \& Co. KG', 'howto'),
]
# The name of an image file (relative to this directory) to place at the top of
# the title page.
latex_logo = '@SPHINX_DOCS_DIR@/../../resources/images/android/xhdpi/npa.png'
# For "manual" documents, if this is true, then toplevel headings are parts,
# not chapters.
#latex_use_parts = False
# If true, show page references after internal links.
latex_show_pagerefs = True
# If true, show URL addresses after external links.
latex_show_urls = 'footnote'
# Documents to append as an appendix to all manuals.
#latex_appendices = []
# If false, no module index is generated.
#latex_domain_indices = True

View File

@ -0,0 +1,13 @@
Table of contents
-----------------
.. raw:: latex
\clearpage
.. toctree::
:maxdepth: 2
:caption: Installation
README.de
README.en

View File

@ -0,0 +1,70 @@
AusweisApp2 1.16.0
^^^^^^^^^^^^^^^^^^
**Releasedatum:** 20. Dezember 2018
Anwender
""""""""
- Kleinere Fehlerbehebungen.
- Hinzufügen eines Tutorials um Hilfestellung bei der
Verwendung unter Android zu geben.
- Unterstützung von Android 4.3 und 4.4 wurde eingestellt.
- Unterstützung von OS X 10.10 wurde eingestellt.
- Unterstützung von macOS 10.14.
- Es ist nun möglich nach einer erfolgreichen Authentisierung
Daten eines verwendeten Android Smartphones anonym zu
übermitteln.
- Erweiterung der Diagnosefunktion.
- Bewertungsnachfrage unter Android hinzugefügt.
- Möglichkeit zur Log-Anzeige unter Android hinzugefügt.
- Unter Android wird nun eindeutiger zwischen 5 und 6-stelliger
PIN unterschieden.
- Das Entfernen des Ausweisdokumentes während der Eingabe von
PIN/CAN/PUK löst nicht mehr den Abbruch der Authentisierung
oder der PIN-Änderung aus.
Entwickler
""""""""""
- Unterstützung von firmenweiten Installationen des MSI-Paketes
(separate Dokumentation).
- Unterstützung eines SDKs mittels WebSockets unter Windows und
macOS (separate Dokumentation).
- Konkurrierende Zugriffe von verschiedenen Anwendungen auf
Kartenlesegeräte, die über PC/SC angeschlossen sind, sind
nun möglich.
- Aktualisierung von OpenSSL auf die Version 1.1.1.
- Aktualisierung von Qt auf die Version 5.11.2.
- Unterstützung von TLS v1.1 wurde eingestellt.
- Unterstützung folgender TLS-Cipher wurde eingestellt:
- DHE-DSS-AES256-GCM-SHA384
- DHE-DSS-AES256-SHA256
- DHE-DSS-AES128-GCM-SHA256
- DHE-DSS-AES128-SHA256
- DHE-DSS-AES256-SHA
- DHE-DSS-AES128-SHA
- ECDHE-ECDSA-AES256-SHA
- ECDHE-RSA-AES256-SHA
- DHE-RSA-AES256-SHA
- ECDHE-ECDSA-AES128-SHA
- ECDHE-RSA-AES128-SHA
- DHE-RSA-AES128-SHA

View File

@ -1,10 +1,18 @@
Abkündigungen
=============
Mit der Version 1.18.0 der AusweisApp2 wird die Unterstützung
folgender Systeme eingestellt.
- x86-Architektur unter Android
Mit der Version 1.16.0 der AusweisApp2 wird die Unterstützung
folgender Systeme eingestellt.
- OS X 10.10
- Android 4.3
- Android 4.4
Mit der Version 1.16.0 der AusweisApp2 wird die Unterstützung
@ -13,7 +21,7 @@ folgender TLS-Cipher eingestellt.
- DHE-DSS-AES256-GCM-SHA384
- DHE-DSS-AES256-SHA256
- DHE-DSS-AES128-GCM-SHA256
- DHE-DSS-AES128-SHA256"
- DHE-DSS-AES128-SHA256
- DHE-DSS-AES256-SHA
- DHE-DSS-AES128-SHA
- ECDHE-ECDSA-AES256-SHA

View File

@ -4,9 +4,6 @@ Release Notes
.. toctree::
:maxdepth: 1
1.14.3
1.14.2
1.14.1
1.14.0
1.16.0
announce
issues

View File

@ -24,3 +24,19 @@ Die nachfolgende Liste bezieht sich auf die aktuelle Version der AusweisApp2.
- Unter Umständen kommt es zu Stabilitätsproblemen der NFC-Schnittstelle
auf Android.
- Längere Texte können unter Android u.U. bei kleinen Bildschirmgrößen
abgeschnitten sein.
- Unter macOS wird der Hinweis bei falscher PIN-Bestätigung während der
PIN-Änderung nur sehr kurz angezeigt.
- Bei der Nutzung eines entfernten Kartenlesegeräts mit aktiviertem
Tastaturmodus kann bei einer Authentisierung nicht in die PIN-Änderung
gewechselt werden, wenn nur eine 5-stellige PIN vorhanden ist.
- Bei der Nutzung eines entfernten Kartenlesegeräts mit aktiviertem
Tastaturmodus merkt sich das entfernte Kartenlesegerät fälschlicherweise
die zuletzt ausgewählte Länge der PIN (5/6 Stellen). Ein Neustart des
Fernzugriffs auf dem entfernten Kartenlesegerät setzt die Länge auf
6 Stellen zurück.

View File

@ -42,7 +42,7 @@ master_doc = 'appcast'
# General information about the project.
project = 'AusweisApp2'
copyright = '2016-2017, Governikus GmbH & Co. KG'
copyright = '2016-2018, Governikus GmbH & Co. KG'
author = 'Governikus GmbH & Co. KG'
# The version info for the project you're documenting, acts as replacement for

View File

@ -8,27 +8,27 @@ der AusweisApp2 unterstützt.
Betriebssysteme
"""""""""""""""
- OS X 10.10
- OS X 10.11
- macOS 10.12
- macOS 10.13
- macOS 10.14
- Windows 7 SP1 (32bit / 64bit)
- Windows 8.1 (64bit)
- Windows 10 (64bit)
- Android 4.3 und höher (x86, armeabi-v7a, arm64-v8a)
- Android 5.0 und höher (x86, armeabi-v7a)
Karten
""""""
- Neuer Personalausweis
- Personalausweis
- Elektronischer Aufenthaltstitel
@ -48,13 +48,15 @@ und sollte daher mit allen marktüblichen Browsern verwendet werden können.
Im Rahmen der Qualitätssicherung werden die folgenden Browserversionen
getestet.
- Firefox 61
- Firefox 64
- Chrome 67
- Chrome 71
- Internet Explorer 11
- Safari 11.1.1
- Safari 12
- Edge 44
@ -112,11 +114,11 @@ Im mobilen Umfeld ist die Funktionalität jedoch abhängig von der vom
Diensteanbieter umgesetzten Aktivierung. Daher empfehlen wir einen der
folgenden Browser zu verwenden.
- Firefox Klar 5.2
- Firefox Klar 8
- Chrome 67
- Chrome 71
- Android System WebView 67
- Android System WebView 70

View File

@ -1,6 +1,14 @@
Versionen
=========
Versionszweig 1.16
------------------
.. toctree::
:maxdepth: 1
1.16.0
Versionszweig 1.14
------------------
.. toctree::

View File

@ -5,15 +5,70 @@ The AusweisApp2 core is encapsulated into an **Android service** which is
running in the background without a user interface. This service is interfaced
via an Android specific interprocess communication (IPC) mechanism. The basics
of this mechanism - the **Android Interface Definition Language** (AIDL) -
are introduced in the following section. The following section deals with the
cryptographic verification of the SDKs authenticity. This step is necessary to
ensure that the SDK has not been modified in a malicious way. Subsequent
sections deal with the SDK interface itself and explain which steps are
necessary in order to talk to the AusweisApp2 SDK.
are introduced in the following section. Subsequent sections deal with the
SDK interface itself and explain which steps are necessary in order to talk
to the AusweisApp2 SDK.
The AusweisApp2 is available as an integrated and as an external variant.
The integrated version is provided as an AAR package that can automatically
be fetched by Android's default build system **gradle**. The external variant
is available as an APK in Google's PlayStore. It is required that the user
has manually installed the AusweisApp2 like any other app to connect to the
external variant.
.. important::
The integrated variant is available in jcenter for free.
If you need enterprise support feel free to contact us.
Integrated
----------
The integrated SDK is distributed as an AAR package that contains
native **arm64-v8a** libraries only.
The AAR package is available in the default repository of Android.
The following listing shows the required **jcenter** in **build.gradle**.
.. code-block:: groovy
buildscript {
repositories {
jcenter()
}
}
The integrated AusweisApp2 will be fetched automatically as a dependency by
your **app/build.gradle** file.
It is recommended to always use the latest version by **1.+** of AusweisApp2.
But you are free to add a concrete version like **1.16.0**.
.. code-block:: groovy
dependencies {
implementation 'com.governikus:ausweisapp:1.16.+'
}
.. seealso::
The AAR package provides an **AndroidManifest.xml** to register required
permissions and the background service. If your own AndroidManifest has
conflicts with our provided file you can add some attributes to resolve
those conflicts.
https://developer.android.com/studio/build/manifest-merge.html
External
--------
The APK is available in Google's PlayStore and needs to be installed by
the user. The external SDK is distributed as 32-bit and 64-bit.
Security
--------
^^^^^^^^
The following listing provides information about the solution to provide a
secure connection to AusweisApp2.
@ -39,82 +94,15 @@ secure connection to AusweisApp2.
.. _android_import_aidl:
Import the AIDL files
---------------------
Android provides an interprocess communication (IPC) mechanism which is based on
messages consisting of primitive types.
In order to abstract from this very basic mechanism, there is the Android
Interface Definition Language (AIDL).
It allows the definition of Java like interfaces.
The Android SDK generates the necessary interface implementations from supplied
AIDL files in order to perform IPC, as if this function had been called directly
in the current process.
In order to interact with the AusweisApp2 SDK there are two AIDL interfaces.
The first one is given to the client application by the SDK and allows the
client to establish a session with the SDK,
to send JSON commands to the SDK and to pass discovered NFC tags to the SDK.
The second AIDL interface is given to the SDK by the client application. It
enables the client to receive the intial session parameters as well as
JSON messages from the SDK. Furthermore it has a function which is called
when an existing connection with the SDK is dropped by the SDK. Both interfaces
are listed below and you need to import them into your build environment.
.. important::
It is required that you place the AIDL files under subdirectory
"aidl/com.governikus.ausweisapp2". Also the interface methods
names must be exactly the same.
.. seealso::
https://developer.android.com/guide/components/aidl.html
Interface
^^^^^^^^^
.. code-block:: java
package com.governikus.ausweisapp2;
import com.governikus.ausweisapp2.IAusweisApp2SdkCallback;
import android.nfc.Tag;
interface IAusweisApp2Sdk
{
boolean connectSdk(IAusweisApp2SdkCallback pCallback);
boolean send(String pSessionId, String pMessageFromClient);
boolean updateNfcTag(String pSessionId, in Tag pTag);
}
Callback
^^^^^^^^
.. code-block:: java
package com.governikus.ausweisapp2;
interface IAusweisApp2SdkCallback
{
void sessionIdGenerated(String pSessionId, boolean pIsSecureSessionId);
void receive(String pJson);
void sdkDisconnected();
}
Verify the authenticity of AusweisApp2
--------------------------------------
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
The following section deals with the cryptographic verification of the SDK's
authenticity. This step is necessary to ensure that the SDK has not been
modified in a malicious way.
Fingerprint
^^^^^^^^^^^
"""""""""""
In order to verify that the AusweisApp2 SDK is authentic and has not been
modified in a malicious way, it is required to verify its authenticity
before establishing a connection with it.
@ -133,7 +121,7 @@ fingerprint of the authentic SDK certificate is the following:
Example
^^^^^^^
"""""""
The following example code demonstrates how the certificate
hash value of a signed application on Android can be verified.
@ -167,19 +155,101 @@ hash value of a signed application on Android can be verified.
}
.. _android_import_aidl:
Import the AIDL files
^^^^^^^^^^^^^^^^^^^^^
Android provides an interprocess communication (IPC) mechanism which is based on
messages consisting of primitive types.
In order to abstract from this very basic mechanism, there is the Android
Interface Definition Language (AIDL).
It allows the definition of Java like interfaces.
The Android SDK generates the necessary interface implementations from supplied
AIDL files in order to perform IPC, as if this function had been called directly
in the current process.
In order to interact with the AusweisApp2 SDK there are two AIDL interfaces.
The first one is given to the client application by the SDK and allows the
client to establish a session with the SDK,
to send JSON commands to the SDK and to pass discovered NFC tags to the SDK.
The second AIDL interface is given to the SDK by the client application. It
enables the client to receive the intial session parameters as well as
JSON messages from the SDK. Furthermore it has a function which is called
when an existing connection with the SDK is dropped by the SDK. Both interfaces
are listed below and you need to import them into your build environment.
.. important::
It is required that you place the AIDL files under subdirectory
"aidl/com.governikus.ausweisapp2". Also the interface methods
names must be exactly the same.
.. seealso::
https://developer.android.com/guide/components/aidl.html
.. note::
If you implement the integrated variant beside the external variant you do
**not** need to manually add AIDL files as the AAR package already provides
those interfaces.
Interface
"""""""""
.. code-block:: java
package com.governikus.ausweisapp2;
import com.governikus.ausweisapp2.IAusweisApp2SdkCallback;
import android.nfc.Tag;
interface IAusweisApp2Sdk
{
boolean connectSdk(IAusweisApp2SdkCallback pCallback);
boolean send(String pSessionId, String pMessageFromClient);
boolean updateNfcTag(String pSessionId, in Tag pTag);
}
Callback
""""""""
.. code-block:: java
package com.governikus.ausweisapp2;
interface IAusweisApp2SdkCallback
{
void sessionIdGenerated(String pSessionId, boolean pIsSecureSessionId);
void receive(String pJson);
void sdkDisconnected();
}
Background service
------------------
The integrated and external variants use the same method to establish
a connection to the AusweisApp2 SDK. The AusweisApp2 SDK is a background
service in the external AusweisApp2 or an embedded background service
in your own application.
.. _android_binding_service:
Binding to the service
----------------------
^^^^^^^^^^^^^^^^^^^^^^
In order to start the AusweisApp2 SDK it is necessary to bind to the
Android service supplied by the SDK.
This binding fulfils two purposes:
- First it starts the SDK.
- Second it enables the client to establish an IPC connection as mentioned above.
- Second it enables the client to establish an IPC connection as
mentioned above.
Due to the nature of an Android service, there can be only one instance of
@ -194,12 +264,11 @@ section, section :ref:`android_create_session`.
Create connection
^^^^^^^^^^^^^^^^^
"""""""""""""""""
First of all, in order to bind to the service, one needs to instantiate an
Android ServiceConnection.
Subsequently, the object is passed to the Android API and the contained
methods are invoked
by Android on service connection and disconnection.
methods are invoked by Android on service connection and disconnection.
.. code-block:: java
@ -225,15 +294,20 @@ by Android on service connection and disconnection.
.. _android_raw_connection:
Bind service to raw connection
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
""""""""""""""""""""""""""""""
In order to perform the actual binding a directed Intent, which identifies
the AusweisApp2 SDK, is created.
This Intent is send to
the Android API along with the ServiceConnection created above.
This API call either starts up the SDK if it is the first client,
or connects to the running SDK instance
if there is already another client bound.
This Intent is sent to the Android API along with the ServiceConnection
created above. This API call either starts up the SDK if it is the
first client, or connects to the running SDK instance if there is already
another client bound.
If you use the external variant of AusweisApp2 you need to pass the package
name of Governikus. Otherwise you need to pass your own package name
as the integrated variant is a background service of your application.
.. code-block:: java
@ -244,9 +318,15 @@ if there is already another client bound.
// [...]
String pkg = "com.governikus.ausweisapp2";
boolean useIntegrated = true; // use external or integrated
if (useIntegrated)
pkg = getApplicationContext().getPackageName();
String name = "com.governikus.ausweisapp2.START_SERVICE";
Intent serviceIntent = new Intent(name);
serviceIntent.setPackage("com.governikus.ausweisapp2");
serviceIntent.setPackage(pkg);
bindService(serviceIntent, mConnection, Context.BIND_AUTO_CREATE);
.. seealso::
@ -258,8 +338,8 @@ if there is already another client bound.
Redirect to Play Store
^^^^^^^^^^^^^^^^^^^^^^
It is necessary that AusweisApp2 is installed in order to use the SDK.
""""""""""""""""""""""
It is necessary that AusweisApp2 is installed in order to use the external SDK.
It is recommended to check and display a message in case the user needs
to install AusweisApp2 first. Also, the user should be redirected to
the Play Store entry to find the app.
@ -286,13 +366,15 @@ the Play Store entry to find the app.
}
}
.. note::
This is not necessary if you use the integrated variant.
.. _android_init_aidl:
Initializing the AIDL connection
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
""""""""""""""""""""""""""""""""
Once the Android service of the AusweisApp2 SDK is successfully started
and bound to by the client,
the Android system calls the onServiceConnected method of the ServiceConnection
@ -348,7 +430,7 @@ The example below stores this instance in the member variable mSdk.
.. _android_create_session:
Create session to AusweisApp2
-----------------------------
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Once your client is bound to the AusweisApp2 SDK service and you have initialized
the AIDL IPC mechanism, you are ready to use the actual SDK API.
@ -437,7 +519,7 @@ and establishing a session.
Send command
^^^^^^^^^^^^
""""""""""""
In order to send a JSON command to the AusweisApp2 SDK, you need to invoke
the **send** function of your instance of **IAusweisApp2Sdk**. For this command
to be processed by the SDK you need to supply the session ID which you have
@ -464,7 +546,7 @@ previously received. The listing below shows an example.
Receive message
^^^^^^^^^^^^^^^
"""""""""""""""
Messages from the AusweisApp2 SDK are passed to you via the same instance of
**IAusweisApp2SdkCallback** in which you have received the session ID.
The **receive** method is called each time the SDK sends a message.
@ -477,7 +559,7 @@ The **receive** method is called each time the SDK sends a message.
.. _android_disconnect_sdk:
Disconnect from SDK
-------------------
^^^^^^^^^^^^^^^^^^^
In order to disconnect from the AusweisApp2 SDK you need to invalidate your
instance of **IBinder**. There are two possibilities to do this. The first
one is to unbind from the SDK Android service to undo your binding, like
@ -500,7 +582,7 @@ shown in the code listing below. The second one is to return false in the
.. _android_nfc_tags:
Passing NFC tags to the SDK
---------------------------
^^^^^^^^^^^^^^^^^^^^^^^^^^^
NFC tags can only be detected by applications which have a foreground window
on the Android platform. A common workaround for this problem is
to equip background services with a transparent window which is shown
@ -521,7 +603,7 @@ Android displaying an App Chooser.
Permissions in AndroidManifest.xml
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
""""""""""""""""""""""""""""""""""
The client applications needs to register the NFC permission as shown in the
listing below in order to access the NFC reader hardware.
@ -534,11 +616,14 @@ listing below in order to access the NFC reader hardware.
https://developer.android.com/guide/topics/security/permissions.html
.. note::
The integrated variant already provides an **AndroidManifest.xml** with
prepared permissions.
Intent-Filter in AndroidManifest.xml
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
""""""""""""""""""""""""""""""""""""
In order to be informed about attached NFC tags by Android, the client
application is required to register an intent filter. The appropriate
filter is shown in the listing below.
@ -556,7 +641,7 @@ filter is shown in the listing below.
NFC Technology Filter
^^^^^^^^^^^^^^^^^^^^^
"""""""""""""""""""""
Since there are many different kinds of NFC tags, Android requires the
application to register a technology filter for the kind of tags the application
wants to receive. The proper filter for the German eID card is shown
@ -573,7 +658,7 @@ in the listing below.
Implementation
^^^^^^^^^^^^^^
""""""""""""""
As it is common on the Android platform, information is send to applications
encapsulated in instances of the **Intent** class. In order to process newly
discovered NFC tags, Intents which are given to the application need to be
@ -614,7 +699,7 @@ The listing below shows an example for the described process.
Dispatching NFC tags in foreground
----------------------------------
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
As already mentioned under :ref:`android_nfc_tags`, an App Chooser is displayed
for discovered NFC tags by Android if multiple applications which are able to
dispatch NFC tags are installed. An application can suppress this App Chooser

View File

@ -294,9 +294,14 @@ If the last attempt to enter the PIN failed, AusweisApp2
will send the message :ref:`enter_puk` as the retryCounter
is decreased to **0**.
.. versionchanged:: 1.16.0
The parameter "value" must be omitted if the used :ref:`reader` has a
keypad.
- **value**: The personal identification number (PIN) of the card.
This must be 6 digits.
This must be 6 digits if the :ref:`reader` has no keypad, otherwise
this parameter must be omitted.
.. code-block:: json
@ -325,9 +330,14 @@ to send this command to unblock the last retry of :ref:`set_pin`.
The AusweisApp2 will send an :ref:`enter_can` message on error.
Otherwise the workflow will continue with :ref:`enter_pin`.
.. versionchanged:: 1.16.0
The parameter "value" must be omitted if the used :ref:`reader` has a
keypad.
- **value**: The card access number (CAN) of the card.
This must be 6 digits.
This must be 6 digits if the :ref:`reader` has no keypad, otherwise
this parameter must be omitted.
.. code-block:: json
@ -358,8 +368,14 @@ or if the PUK is operative.
Otherwise the workflow will continue with :ref:`enter_pin`.
For detailed information see message :ref:`enter_puk`.
.. versionchanged:: 1.16.0
The parameter "value" must be omitted if the used :ref:`reader` has a
keypad.
- **value**: The personal unblocking key (PUK) of the card.
This must be 10 digits.
This must be 10 digits if the :ref:`reader` has no keypad, otherwise
this parameter must be omitted.
.. code-block:: json

View File

@ -0,0 +1,104 @@
Desktop
=======
This chapter deals with the desktop specific properties of the AusweisApp2 SDK.
The AusweisApp2 core is reachable over a **WebSocket** which is running by
default since AusweisApp2 1.16.0. Subsequent sections deal with the SDK
interface itself and explain which steps are necessary in order to talk to
the AusweisApp2 SDK.
WebSocket
---------
The AusweisApp2 uses the same default port as defined in TR-03124-1.
Your application can connect to ``ws://localhost:24727/eID-Kernel`` to
establish a bidirectional connection.
You can check the version of AusweisApp2 by the ``Server`` header of the HTTP
response or by an additional query to get the :ref:`status`.
If the WebSocket handshake was succesful your application can send :doc:`commands`
and receive :doc:`messages`.
The AusweisApp2 will send an HTTP error 503 "Service Unavailable" if the WebSocket
is disabled.
.. seealso::
https://tools.ietf.org/html/rfc6455
User installed
^^^^^^^^^^^^^^
Your application can connect to a user installed AusweisApp2. If the
user already has an active workflow your request will be refused by
an HTTP error 409 "Conflict". Also it is not possible to connect
multiple times to the WebSocket as only one connection is allowed and
will be refused by an HTTP error 429 "Too Many Requests". Once an
application is connected to the WebSocket the graphical user interface
of the AusweisApp2 will be blocked and shows a hint that another
application uses the AusweisApp2.
.. important::
Please provide a ``User-Agent`` in your HTTP upgrade request! The AusweisApp2
will show the content to the user as a hint which application uses the AusweisApp2.
Integrated
^^^^^^^^^^
You can deliver separate AusweisApp2 binaries inside your own application or
start an already installed AusweisApp2.
If your application spawns a separate process you should provide the cmdline
parameter ``--port 0`` to avoid conflicts with a user started AusweisApp2 and
other processes that uses a specified port.
The AusweisApp2 will create a text file in the system temporary directory to provide
the selected port. The port filename contains the PID of the running process to allow
multiple instances at the same time.
Example: **$TMPDIR/AusweisApp2.12345.port**
Your application can avoid the graphical interface of AusweisApp2 by providing the
cmdline parameter ``--ui websocket``.
.. _status:
Status
------
TR-03124-1 defined a query for status information. This is useful to fetch current
version of installed AusweisApp2 to check if the version supports the WebSocket-API.
You can get this by a HTTP GET query to ``http://localhost:24727/eID-Client?Status``.
If you prefer the JSON syntax you can add it to the parameter ``?Status=json`` to get
the following information.
.. code-block:: json
{
"Implementation-Title": "AusweisApp2",
"Implementation-Vendor": "Governikus GmbH & Co. KG",
"Implementation-Version": "1.16.0",
"Name": "AusweisApp2",
"Specification-Title": "TR-03124",
"Specification-Vendor": "Federal Office for Information Security",
"Specification-Version": "1.3"
}
.. seealso::
The AusweisApp2 SDK provides a :ref:`get_info` command and an :ref:`info` message
to fetch the same information to check the compatibility of used AusweisApp2.
Reader
------
The AusweisApp2 SDK uses PC/SC and paired Smartphones as card reader. If the
user wants to use the "smartphone as card reader" feature it is necessary
to pair the devices by the graphical interface of AusweisApp2. The AusweisApp2 SDK
provides no API to pair those devices.

View File

@ -1,6 +1,6 @@
.. only:: html
.. image:: ../../resources/images/AppLogo_AutentApp2_2014.png
.. image:: ../../resources/images/Logo_AusweisApp2.png
:alt: AusweisApp2
:align: center
:width: 200pt
@ -27,12 +27,14 @@ Table of contents
.. _connection:
.. toctree::
:maxdepth: 3
:caption: Connection
android
desktop
.. raw:: latex
@ -42,6 +44,7 @@ Table of contents
.. _protocol:
.. toctree::
:maxdepth: 2

View File

@ -5,12 +5,12 @@ the AusweisApp2 as an additional service. It distinguishes between
a connection to the application and the communication between your
application and AusweisApp2.
The section "Connection" will show you what you need to do to
The section :ref:`connection` will show you what you need to do to
set up a connection to AusweisApp2. Once you have established
a connection you can send and receive JSON documents in a
bi-directional manner.
There are different commands and messages. These are listed
and described in the section "Protocol". The protocol
and described in the section :ref:`protocol`. The protocol
is split up in :doc:`commands` and :doc:`messages`. Commands
will be sent by your application to control AusweisApp2.
Messages contain additional information to your command

View File

@ -364,6 +364,7 @@ again but without an error parameter.
{
"name": "NFC",
"attached": true,
"keypad": false,
"card":
{
"inoperative": false,
@ -424,6 +425,7 @@ AusweisApp2 will send an :ref:`enter_pin` again with a retryCounter of **3**.
{
"name": "NFC",
"attached": true,
"keypad": false,
"card":
{
"inoperative": false,
@ -482,6 +484,7 @@ Please see the note for more information.
{
"name": "NFC",
"attached": true,
"keypad": false,
"card":
{
"inoperative": false,
@ -642,10 +645,16 @@ If a workflow is in progress and a card with disabled eID functionality was
inserted, this message will still be sent, but the workflow will be paused
until a card with enabled eID functionality is inserted.
.. versionadded:: 1.16.0
Parameter **keypad** added.
- **name**: Identifier of card reader.
- **attached**: Indicates if a card reader is connected or disconnected.
- **attached**: Indicates whether a card reader is connected or disconnected.
- **keypad**: Indicates whether a card reader has a keypad. The parameter
is only shown when a reader is attached.
- **card**: Provides information about inserted card, otherwise null.
@ -665,6 +674,7 @@ until a card with enabled eID functionality is inserted.
"msg": "READER",
"name": "NFC",
"attached": true,
"keypad": false,
"card":
{
"inoperative": false,
@ -695,12 +705,14 @@ Provides information about all connected card readers.
{
"name": "Example reader 1 [SmartCard] (1234567) 01 00",
"attached": true,
"keypad": true,
"card": null
},
{
"name": "NFC",
"attached": true,
"keypad": false,
"card":
{
"inoperative": false,

View File

@ -32,7 +32,7 @@ into the connected card reader.
{"cmd": "ACCEPT"}
{"msg": "ENTER_PIN", "reader": {"attached":true,"card":{"inoperative":false,"deactivated":false,"inserted":true,"retryCounter":3},"name":"NFC"}}
{"msg": "ENTER_PIN", "reader": {"attached":true,"card":{"inoperative":false,"deactivated":false,"retryCounter":3},"keypad":false,"name":"NFC"}}
{"cmd": "SET_PIN", "value": "123456"}
@ -62,23 +62,23 @@ into the connected card reader.
{"msg": "INSERT_CARD"}
{"msg": "ENTER_PIN", "reader": {"attached":true,"card":{"inoperative":false,"deactivated":false,"inserted":true,"retryCounter":3},"name":"NFC"}}
{"msg": "ENTER_PIN", "reader": {"attached":true,"card":{"inoperative":false,"deactivated":false,"retryCounter":3},"keypad":false,"name":"NFC"}}
{"cmd": "SET_PIN", "value": "000000"}
{"msg": "ENTER_PIN", "reader": {"attached":true,"card":{"inoperative":false,"deactivated":false,"inserted":true,"retryCounter":2},"name":"NFC"}}
{"msg": "ENTER_PIN", "reader": {"attached":true,"card":{"inoperative":false,"deactivated":false,"retryCounter":2},"keypad":false,"name":"NFC"}}
{"cmd": "SET_PIN", "value": "000001"}
{"msg": "ENTER_CAN", "reader": {"attached":true,"card":{"inoperative":false,"deactivated":false,"inserted":true,"retryCounter":1},"name":"NFC"}}
{"msg": "ENTER_CAN", "reader": {"attached":true,"card":{"inoperative":false,"deactivated":false,"retryCounter":1},"keypad":false,"name":"NFC"}}
{"cmd": "SET_CAN", "value": "000000"}
{"msg": "ENTER_CAN", "reader": {"attached":true,"card":{"inoperative":false,"deactivated":false,"inserted":true,"retryCounter":1},"name":"NFC"}}
{"msg": "ENTER_CAN", "reader": {"attached":true,"card":{"inoperative":false,"deactivated":false,"retryCounter":1},"keypad":false,"name":"NFC"}}
{"cmd": "SET_CAN", "value": "654321"}
{"msg": "ENTER_PIN", "reader": {"attached":true,"card":{"inoperative":false,"deactivated":false,"inserted":true,"retryCounter":1},"name":"NFC"}}
{"msg": "ENTER_PIN", "reader": {"attached":true,"card":{"inoperative":false,"deactivated":false,"retryCounter":1},"keypad":false,"name":"NFC"}}
{"cmd": "SET_PIN", "value": "123456"}

View File

@ -26,8 +26,6 @@ IF(ANDROID)
ENDIF()
ENDIF()
ADD_FLAG(-fstack-protector-strong -fstack-protector NOQUOTES VAR COMPILER_FLAGS)
IF(MSVC)
FIND_PROGRAM(MAKE nmake CMAKE_FIND_ROOT_PATH_BOTH)
@ -61,11 +59,15 @@ ELSE()
SET(CMAKE_BUILD_TYPE "DEBUG" CACHE STRING "build type configuration" FORCE)
ENDIF()
IF(NOT ${CMAKE_BUILD_TYPE} STREQUAL "DEBUG" AND NOT ${CMAKE_BUILD_TYPE} STREQUAL "RELEASE")
MESSAGE(FATAL_ERROR "CMAKE_BUILD_TYPE is invalid! Available options: RELEASE, DEBUG")
IF(NOT ${CMAKE_BUILD_TYPE} STREQUAL "DEBUG" AND NOT ${CMAKE_BUILD_TYPE} STREQUAL "RELEASE" AND NOT ${CMAKE_BUILD_TYPE} STREQUAL "RELWITHDEBINFO")
MESSAGE(FATAL_ERROR "CMAKE_BUILD_TYPE is invalid! Available options: RELEASE, RELWITHDEBINFO, DEBUG")
ENDIF()
FIND_HOST_PACKAGE(Perl REQUIRED)
IF(MSVC)
FIND_HOST_PACKAGE(Perl REQUIRED)
ELSE()
SET(PERL_EXECUTABLE perl)
ENDIF()
FIND_HOST_PACKAGE(PythonInterp 2.7 REQUIRED)
IF(NOT "${PYTHON_VERSION_MAJOR}" STREQUAL "2")
@ -84,9 +86,6 @@ ENDIF()
IF(NOT DESTINATION_DIR)
SET(DESTINATION_DIR ${PROJECT_BINARY_DIR}/dist)
ENDIF()
IF(MSYS)
STRING(REPLACE "C:/msys/1.0" "" DESTINATION_DIR ${DESTINATION_DIR})
ENDIF()
SET(PATCHES_DIR ${PROJECT_SOURCE_DIR}/../patches)
@ -103,15 +102,15 @@ SET_DIRECTORY_PROPERTIES(PROPERTIES EP_PREFIX ${CMAKE_CURRENT_BINARY_DIR}/b)
INCLUDE(Messages)
################################## Versionen
SET(QT 5.9.3)
SET(QT_HASH 57acd8f03f830c2d7dc29fbe28aaa96781b2b9bdddce94196e6761a0f88c6046)
################################## Versions
SET(QT 5.11.2)
SET(QT_HASH c6104b840b6caee596fa9a35bc5f57f67ed5a99d6a36497b6fe66f990a53ca81)
SET(OPENSSL 1.0.2o)
SET(OPENSSL_HASH ec3f5c9714ba0fd45cb4e087301eb1336c317e0d20b575a125050470e8089e4d)
SET(OPENSSL 1.1.1)
SET(OPENSSL_HASH 2836875a0f89c03d0fdf483941512613a50cfb421d6fd94b9f41d7279d586a3d)
################################## Files
SET(QT_FILE qt-everywhere-opensource-src-${QT}.tar.xz)
SET(QT_FILE qt-everywhere-src-${QT}.tar.xz)
SET(OPENSSL_FILE openssl-${OPENSSL}.tar.gz)
################################## Downloads
@ -120,61 +119,64 @@ IF("${QT}" MATCHES "alpha|beta|rc")
ELSE()
SET(QT_DEST_DIR official_releases)
ENDIF()
STRING(SUBSTRING ${QT} 0 3 QT_SUBVERSION)
STRING(SUBSTRING ${QT} 0 4 QT_SUBVERSION)
SET(QT_URL https://download.qt.io/${QT_DEST_DIR}/qt/${QT_SUBVERSION}/${QT}/single)
SET(OPENSSL_URL https://www.openssl.org/source)
IF(ANDROID OR APPLE)
FIND_PROGRAM(SH_CMD sh CMAKE_FIND_ROOT_PATH_BOTH)
IF(SH_CMD)
MESSAGE(STATUS "Using 'sh' command... ${SH_CMD}")
ELSE()
MESSAGE(FATAL_ERROR "Cannot find 'sh' command")
ENDIF()
ENDIF()
SET(ENABLED_TARGETS)
################################## OpenSSL
#########################################################################
LIST(APPEND ENABLED_TARGETS openssl)
SET(OPENSSL_CONFIGURE_FLAGS no-ssl2 no-ssl3 no-ssl3-method no-dtls no-srp no-idea no-mdc2 no-rc5 no-hw no-engine no-dso -DOPENSSL_NO_HEARTBEATS shared)
SET(OPENSSL_CONFIGURE_FLAGS no-camellia no-bf no-aria no-seed no-poly1305 no-srp no-gost no-ocsp no-idea no-mdc2 no-rc2 no-rc4 no-rc5 no-srtp no-hw no-sm2 no-sm3 no-sm4)
SET(OPENSSL_CONFIGURE_FLAGS ${OPENSSL_CONFIGURE_FLAGS} no-cast no-chacha no-blake2 no-rmd160 no-scrypt no-siphash no-whirlpool no-md4 no-des)
SET(OPENSSL_CONFIGURE_FLAGS ${OPENSSL_CONFIGURE_FLAGS} no-tls1 no-tls1-method no-tls1_1 no-tls1_1-method no-tls1_3 no-ssl3 no-ssl3-method no-dtls no-dtls1-method no-dtls1_2-method)
SET(OPENSSL_CONFIGURE_FLAGS ${OPENSSL_CONFIGURE_FLAGS} no-deprecated no-engine no-async no-dso no-comp no-ts no-makedepend no-tests shared)
IF(${CMAKE_BUILD_TYPE} STREQUAL "DEBUG")
SET(OPENSSL_CONFIGURE_FLAGS --debug ${OPENSSL_CONFIGURE_FLAGS})
ELSE()
ADD_FLAG(-Os NOQUOTES VAR OPENSSL_COMPILER_FLAGS)
ENDIF()
ADD_FLAG(-fstack-protector-strong -fstack-protector NOQUOTES VAR OPENSSL_COMPILER_FLAGS)
IF(IOS)
SET(OPENSSL_PATCH_COMMAND ${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/openssl_iOS.patch && )
SET(OPENSSL_CONFIGURE_FLAGS ${OPENSSL_CONFIGURE_FLAGS} iphoneos-cross)
SET(OPENSSL_CONFIGURE_FLAGS ${OPENSSL_CONFIGURE_FLAGS} ios64-cross)
SET(OPENSSL_ENV export CROSS_TOP=${CMAKE_IOS_DEVELOPER_ROOT} && export CROSS_SDK=iPhoneOS.sdk &&)
SET(OPENSSL_COMPILER_FLAGS "-arch arm64")
ELSEIF(APPLE)
SET(OPENSSL_CONFIGURE_FLAGS ${OPENSSL_CONFIGURE_FLAGS} darwin64-x86_64-cc)
SET(COMPILER_FLAGS "${COMPILER_FLAGS} -mmacosx-version-min=10.9")
SET(OPENSSL_COMPILER_FLAGS ${OPENSSL_COMPILER_FLAGS} -mmacosx-version-min=10.11)
ELSEIF(MINGW)
SET(OPENSSL_CONFIGURE_FLAGS ${OPENSSL_CONFIGURE_FLAGS} mingw)
ELSEIF(MSVC)
SET(OPENSSL_PREBUILD ms\\do_ms.bat)
SET(OPENSSL_CONFIGURE_FLAGS ${OPENSSL_CONFIGURE_FLAGS} no-asm VC-WIN32)
SET(OPENSSL_ADDITIONAL_MAKE -f ms/ntdll.mak)
SET(OPENSSL_INSTALL_TARGET install)
ELSEIF(ANDROID)
IF(CMAKE_ANDROID_ARCH_ABI STREQUAL "armeabi-v7a")
SET(OPENSSL_ARCH android-armv7)
SET(OPENSSL_COMPILER_FLAGS "-mfloat-abi=softfp")
SET(OPENSSL_ARCH android-arm)
SET(OPENSSL_COMPILER_FLAGS ${OPENSSL_COMPILER_FLAGS} -mfloat-abi=softfp)
ELSEIF(CMAKE_ANDROID_ARCH_ABI STREQUAL "x86")
SET(OPENSSL_ARCH android-x86)
ELSEIF(CMAKE_ANDROID_ARCH_ABI STREQUAL "arm64-v8a")
SET(OPENSSL_ARCH android)
SET(OPENSSL_ARCH android-arm64)
ELSE()
MESSAGE(FATAL_ERROR "CMAKE_ANDROID_ARCH_ABI not supported by openssl")
ENDIF()
SET(OPENSSL_CONFIGURE_FLAGS ${OPENSSL_CONFIGURE_FLAGS} no-stdio ${OPENSSL_ARCH})
SET(OPENSSL_ENV export ANDROID_DEV=${CMAKE_SYSROOT}/usr &&)
IF(UNIFIED_INCLUDE)
SET(OPENSSL_CONFIGURE_FLAGS ${OPENSSL_CONFIGURE_FLAGS} -D__ANDROID_API__=${CMAKE_SYSTEM_VERSION} -isystem${UNIFIED_INCLUDE} -isystem${UNIFIED_INCLUDE}/${ANDROID_TOOLCHAIN_MACHINE_NAME})
GET_FILENAME_COMPONENT(toolchain_bin "${CMAKE_C_COMPILER}" DIRECTORY)
SET(OPENSSL_ENV export PATH=${toolchain_bin}/:$ENV{PATH} &&)
IF(NOT CMAKE_COMPILER_IS_GNUCXX)
SET(OPENSSL_ENV ${OPENSSL_ENV} export CC=clang && export CXX=clang++ &&)
ENDIF()
SET(OPENSSL_CONFIGURE_FLAGS ${OPENSSL_CONFIGURE_FLAGS} --cross-compile-prefix=${CMAKE_C_ANDROID_TOOLCHAIN_PREFIX} ${OPENSSL_ARCH})
IF(UNIFIED_INCLUDE)
SET(OPENSSL_COMPILER_FLAGS ${OPENSSL_COMPILER_FLAGS} -isystem${UNIFIED_INCLUDE} -isystem${UNIFIED_INCLUDE}/${ANDROID_TOOLCHAIN_MACHINE_NAME})
ENDIF()
SET(OPENSSL_COMPILER_FLAGS ${OPENSSL_COMPILER_FLAGS} -D__ANDROID_API__=${CMAKE_SYSTEM_VERSION})
ELSEIF(BSD)
SET(OPENSSL_CONFIGURE_FLAGS ${OPENSSL_CONFIGURE_FLAGS} BSD-x86_64)
ELSEIF(LINUX)
@ -188,56 +190,45 @@ ELSE()
MESSAGE(FATAL_ERROR "Unsupported system")
ENDIF()
IF(NOT OPENSSL_PREBUILD)
SET(OPENSSL_PREBUILD ${MAKE} depend)
ENDIF()
IF(NOT OPENSSL_INSTALL_TARGET)
SET(OPENSSL_INSTALL_TARGET install_sw)
ENDIF()
# OpenSSL does not support multiple make jobs!
ExternalProject_Add(openssl
URL ${OPENSSL_URL}/${OPENSSL_FILE}
URL_HASH SHA256=${OPENSSL_HASH}
DOWNLOAD_DIR ${PACKAGES_DIR}
PATCH_COMMAND
${OPENSSL_PATCH_COMMAND}
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/openssl-fix-no-engine-build.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/openssl-Revert-Configure-use-a-better-method-to-identify-gcc.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/openssl-RSA-key-generation-ensure-BN_mod_inverse-and-BN_mod_.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/openssl-Reject-excessively-large-primes-in-DH-key-generation.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/openssl_rsa_psk.patch
CONFIGURE_COMMAND ${OPENSSL_ENV} ${PERL_EXECUTABLE} Configure --prefix=${DESTINATION_DIR} ${OPENSSL_CONFIGURE_FLAGS} "${COMPILER_FLAGS}" "${OPENSSL_COMPILER_FLAGS}"
BUILD_COMMAND ${OPENSSL_ENV} ${MAKE} ${OPENSSL_ADDITIONAL_MAKE}
PATCH_COMMAND ${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/openssl-android-shlib_variant.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/openssl-Ignore-disabled-ciphers.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/openssl-DSA-mod-inverse-fix.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/openssl-Timing-vulnerability-in-DSA-signature-generation-CVE.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/openssl-Timing-vulnerability-in-ECDSA-signature-generation-C.patch
CONFIGURE_COMMAND ${OPENSSL_ENV} ${PERL_EXECUTABLE} Configure --prefix=${DESTINATION_DIR} ${OPENSSL_CONFIGURE_FLAGS} "${OPENSSL_COMPILER_FLAGS}"
BUILD_COMMAND ${OPENSSL_ENV} ${MAKE} ${MAKE_JOBS}
BUILD_IN_SOURCE 1
INSTALL_COMMAND ${MAKE} ${OPENSSL_ADDITIONAL_MAKE} ${OPENSSL_INSTALL_TARGET}
INSTALL_COMMAND ${OPENSSL_ENV} ${MAKE} ${MAKE_JOBS} install_sw
)
ExternalProject_Add_Step(openssl prebuild
COMMAND ${OPENSSL_ENV} ${OPENSSL_PREBUILD}
ExternalProject_Add_Step(openssl configdata
COMMAND ${PERL_EXECUTABLE} configdata.pm --dump
DEPENDEES configure
DEPENDERS build
WORKING_DIRECTORY <BINARY_DIR>)
IF(UNIX)
ADD_CUSTOM_COMMAND(TARGET openssl POST_BUILD COMMAND chmod 755 ${DESTINATION_DIR}/lib/libssl*${CMAKE_SHARED_LIBRARY_SUFFIX} ${DESTINATION_DIR}/lib/libcrypto*${CMAKE_SHARED_LIBRARY_SUFFIX})
ENDIF()
IF(ANDROID)
ADD_CUSTOM_COMMAND(TARGET openssl POST_BUILD
COMMAND ${CMAKE_C_COMPILER} --sysroot ${CMAKE_SYSROOT} -o ${DESTINATION_DIR}/lib/libgovcrypto${CMAKE_SHARED_LIBRARY_SUFFIX} -shared -Wl,-soname=libgovcrypto${CMAKE_SHARED_LIBRARY_SUFFIX} -Wl,--whole-archive ${DESTINATION_DIR}/lib/libcrypto${CMAKE_STATIC_LIBRARY_SUFFIX} -Wl,--no-whole-archive
COMMAND ${CMAKE_C_COMPILER} --sysroot ${CMAKE_SYSROOT} -o ${DESTINATION_DIR}/lib/libgovssl${CMAKE_SHARED_LIBRARY_SUFFIX} -shared -Wl,-soname=libgovssl${CMAKE_SHARED_LIBRARY_SUFFIX} -Wl,--whole-archive ${DESTINATION_DIR}/lib/libssl${CMAKE_STATIC_LIBRARY_SUFFIX} -Wl,--no-whole-archive ${DESTINATION_DIR}/lib/libgovcrypto${CMAKE_SHARED_LIBRARY_SUFFIX})
ELSEIF(MAC)
SET(OPENSSL_FILE_VERSION 1.0.0)
IF(MAC)
SET(OPENSSL_FILE_VERSION 1.1)
ADD_CUSTOM_COMMAND(TARGET openssl POST_BUILD
COMMAND install_name_tool -id libcrypto.${OPENSSL_FILE_VERSION}${CMAKE_SHARED_LIBRARY_SUFFIX} ${DESTINATION_DIR}/lib/libcrypto.${OPENSSL_FILE_VERSION}${CMAKE_SHARED_LIBRARY_SUFFIX}
COMMAND install_name_tool -id libssl.${OPENSSL_FILE_VERSION}${CMAKE_SHARED_LIBRARY_SUFFIX} ${DESTINATION_DIR}/lib/libssl.${OPENSSL_FILE_VERSION}${CMAKE_SHARED_LIBRARY_SUFFIX}
COMMAND install_name_tool -change ${DESTINATION_DIR}/lib/libcrypto.${OPENSSL_FILE_VERSION}${CMAKE_SHARED_LIBRARY_SUFFIX} libcrypto.${OPENSSL_FILE_VERSION}${CMAKE_SHARED_LIBRARY_SUFFIX} ${DESTINATION_DIR}/lib/libssl.${OPENSSL_FILE_VERSION}${CMAKE_SHARED_LIBRARY_SUFFIX})
ENDIF()
IF(IOS)
# Remove this work-around! Do not build any .dylib or be able to use .dylib
# Globbing is not supported by cmake command mode! This will work if executed with unix shell only.
ADD_CUSTOM_COMMAND(TARGET openssl POST_BUILD COMMAND ${CMAKE_COMMAND} -E remove ${DESTINATION_DIR}/lib/*.dylib)
ELSEIF(ANDROID)
ADD_CUSTOM_COMMAND(TARGET openssl POST_BUILD COMMAND ${CMAKE_COMMAND} -E remove ${DESTINATION_DIR}/lib/*.a)
ENDIF()
################################## Qt
#########################################################################
LIST(APPEND ENABLED_TARGETS qt)
@ -246,21 +237,29 @@ IF(${CMAKE_BUILD_TYPE} STREQUAL "DEBUG")
SET(QT_CONFIGURE_FLAGS -debug -qml-debug)
SET(QT_PATCH_COMMAND ${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-Enable-debug-output-for-OpenSSL.patch &&)
ELSE()
SET(QT_CONFIGURE_FLAGS -release -no-qml-debug)
SET(QT_CONFIGURE_FLAGS -release -optimize-size -no-qml-debug)
SET(QT_CONFIGURE_FLAGS ${QT_CONFIGURE_FLAGS} $<$<CONFIG:RelWithDebInfo>:-force-debug-info>)
ENDIF()
SET(QT_CONFIGURE_FLAGS ${QT_CONFIGURE_FLAGS} -prefix ${DESTINATION_DIR} -opensource -confirm-license -c++std c++11 -qt-zlib -no-mtdev -qt-libpng -qt-libjpeg -no-dbus -no-harfbuzz -qt-pcre -system-proxies -no-compile-examples -nomake examples -nomake tests -no-sql-sqlite -openssl-linked -I ${DESTINATION_DIR}/include -L ${DESTINATION_DIR}/lib)
SET(QT_CONFIGURE_FLAGS ${QT_CONFIGURE_FLAGS} -prefix ${DESTINATION_DIR} -opensource -confirm-license -c++std c++11 -qt-zlib -no-mtdev -qt-libpng -qt-libjpeg -no-harfbuzz -qt-pcre -system-proxies -no-compile-examples -nomake examples -nomake tests -no-sql-sqlite -openssl-linked -I ${DESTINATION_DIR}/include -L ${DESTINATION_DIR}/lib)
IF(NOT ANDROID)
LIST(APPEND NO_FEATURES bearermanagement)
ENDIF()
LIST(APPEND NO_FEATURES bearermanagement ftp paint_debug)
LIST(APPEND NO_FEATURES ftp paint_debug lcdnumber mdiarea)
LIST(APPEND NO_FEATURES calendarwidget colordialog cups dial fontcombobox fontdialog)
LIST(APPEND NO_FEATURES imageformat_bmp imageformat_ppm imageformat_xbm)
LIST(APPEND NO_FEATURES sharedmemory textodfwriter)
LIST(APPEND NO_FEATURES sharedmemory textodfwriter filesystemwatcher)
LIST(APPEND NO_FEATURES undocommand undogroup undostack undoview)
LIST(APPEND NO_FEATURES printer printdialog printpreviewdialog printpreviewwidget)
LIST(APPEND NO_FEATURES splashscreen syntaxhighlighter dom sql)
FOREACH(feature ${NO_FEATURES})
SET(QT_CONFIGURE_FLAGS ${QT_CONFIGURE_FLAGS} -no-feature-${feature})
ENDFOREACH()
SET(QT_CONFIGURE_FLAGS_OTHER -no-journald -no-dbus -no-directfb -no-linuxfb)
SET(QT_CONFIGURE_FLAGS_SKIP_MODULES -skip qtscxml -skip qtxmlpatterns -skip qtwebchannel -skip qtwebengine -skip qtscript -skip qtactiveqt -skip qtlocation -skip qtserialbus -skip qtserialport -skip qtgamepad -skip qtvirtualkeyboard -skip qtcanvas3d -skip qtcharts -skip qtdatavis3d -skip qt3d -skip qtpurchasing -skip qtwayland -skip qtremoteobjects -skip qtspeech -skip qtwebview)
SET(QT_CONFIGURE_FLAGS_OTHER -no-journald -no-directfb -no-linuxfb)
SET(QT_CONFIGURE_FLAGS_SKIP_MODULES -skip qtwebglplugin -skip qtscxml -skip qtxmlpatterns -skip qtwebchannel -skip qtwebengine -skip qtscript -skip qtactiveqt -skip qtlocation -skip qtserialbus -skip qtserialport -skip qtgamepad -skip qtvirtualkeyboard -skip qtcanvas3d -skip qtcharts -skip qtdatavis3d -skip qt3d -skip qtpurchasing -skip qtwayland -skip qtremoteobjects -skip qtspeech -skip qtwebview -skip multimedia -skip qtquickcontrols)
SET(QT_CONFIGURE ./configure)
IF(IOS)
@ -280,20 +279,30 @@ ELSEIF(APPLE)
ELSEIF(WIN32)
IF(MSVC)
SET(QT_PLATFORM win32-msvc2015)
SET(QT_OPENSSL OPENSSL_LIBS=-llibeay32\ -lssleay32)
SET(QT_OPENSSL OPENSSL_LIBS=-llibcrypto\ -llibssl)
ELSE()
SET(QT_PLATFORM win32-g++)
SET(QT_OPENSSL OPENSSL_LIBS=-lcrypto\ -lssl)
ENDIF()
SET(QT_CONFIGURE_FLAGS ${QT_CONFIGURE_FLAGS} ${QT_OPENSSL} -opengl desktop -no-icu -no-sql-odbc -platform ${QT_PLATFORM})
SET(QT_CONFIGURE_FLAGS ${QT_CONFIGURE_FLAGS} ${QT_OPENSSL} -opengl dynamic -no-icu -no-sql-odbc -platform ${QT_PLATFORM})
SET(QT_CONFIGURE configure.bat)
ELSEIF(ANDROID)
IF(CMAKE_COMPILER_IS_GNUCXX)
SET(ANDROID_XPLATFORM android-g++)
ELSE()
SET(ANDROID_XPLATFORM android-clang)
ENDIF()
SET(QT_CONFIGURE_FLAGS ${QT_CONFIGURE_FLAGS} ${QT_CONFIGURE_FLAGS_OTHER}
-android-sdk ${ANDROID_SDK} -android-ndk ${CMAKE_ANDROID_NDK} -android-ndk-platform android-${CMAKE_SYSTEM_VERSION} -android-ndk-host ${CMAKE_ANDROID_NDK_TOOLCHAIN_HOST_TAG}
-android-arch ${CMAKE_ANDROID_ARCH_ABI} -android-toolchain-version ${CMAKE_ANDROID_NDK_TOOLCHAIN_VERSION}
-xplatform android-g++)
SET(QT_ENV export OPENSSL_LIBS=-lgovcrypto\ -lgovssl &&)
-android-arch ${CMAKE_ANDROID_ARCH_ABI} -android-toolchain-version ${ANDROID_NDK_TOOLCHAIN_VERSION}
-xplatform ${ANDROID_XPLATFORM})
IF(CMAKE_ANDROID_ARCH_ABI STREQUAL "arm64-v8a")
SET(QT_CONFIGURE_FLAGS ${QT_CONFIGURE_FLAGS} -no-use-gold-linker)
ENDIF()
SET(QT_ENV export OPENSSL_LIBS=-lcrypto-gov\ -lssl-gov &&)
ELSE()
SET(QT_CONFIGURE_FLAGS ${QT_CONFIGURE_FLAGS} ${QT_CONFIGURE_FLAGS_OTHER} -no-libproxy)
ENDIF()
@ -309,21 +318,28 @@ ExternalProject_Add(qt
DOWNLOAD_DIR ${PACKAGES_DIR}
PATCH_COMMAND ${QT_PATCH_COMMAND}
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-Make-server-side-signature-algorithms-configurable.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-Register-additional-meta-types.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-Change-build-configuration-for-Qt-on-iOS.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-Disable-unused-imageformats.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-Avoid-using-deprecated-APIs-on-iOS-10.0.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-Add-IsoDep-to-the-techList-on-Android.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-macOS-iOS-Fix-garbled-text-under-some-conditions.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-QCoreTextFontEngine-Fix-build-with-Xcode-9.3.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-Introduce-reportError-to-fix-QMetaObject-invokeMethod.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-Add-work-around-for-freebsd-build.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-Remove-Qt-Labs-specific-plugins-from-the-build.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-configure-refactor-directx-checks.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-configure-detect-fxc.exe-more-thoroughly.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-disable-designer.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-fix-macOS-no-printer.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-Use-QUrl-toString-when-forming-the-Host-header.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-QUrl-Support-IPv6-addresses-with-zone-id.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-Android-fix-compile-with-NDK-r18.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-Android-Fix-crash.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-QObject-Fix-isSignalConnected-when-signals-have-been.patch &&
${PATCH_CMD} -p1 ${PATCH_OPTIONS} ${PATCHES_DIR}/qt-Use-user-provided-session-data-if-available.patch &&
${CMAKE_COMMAND} -E touch qtbase/.gitignore
CONFIGURE_COMMAND ${QT_ENV} ${QT_CONFIGURE} ${QT_CONFIGURE_FLAGS} ${QT_CONFIGURE_FLAGS_SKIP_MODULES}
BUILD_COMMAND ${MAKE} ${MAKE_JOBS}
BUILD_IN_SOURCE 1
)
ADD_CUSTOM_COMMAND(TARGET qt POST_BUILD COMMAND cmake -E touch ${DESTINATION_DIR}/mkspecs/qt_vendor_governikus)
ADD_CUSTOM_COMMAND(TARGET qt POST_BUILD COMMAND ${CMAKE_COMMAND} -E touch ${DESTINATION_DIR}/mkspecs/qt_vendor_governikus)
#########################################################################
@ -354,9 +370,6 @@ ENDIF()
IF(IOS)
SET(SYSTEM_NAME iOS)
# Remove this work-around! Do not build any .dylib or be able to use .dylib
# Globbing is not supported by cmake command mode! This will work if executed with unix shell only.
SET(CLEANUP_FILES ${CMAKE_COMMAND} -E remove ${DESTINATION_DIR}/lib/*.dylib)
ELSEIF(ANDROID)
SET(SYSTEM_NAME ${CMAKE_SYSTEM_NAME}_${CMAKE_CXX_COMPILER_ID}_${CMAKE_ANDROID_ARCH_ABI})
ELSE()
@ -373,9 +386,7 @@ ENDIF()
SET(COMPRESSION cfJ)
SET(COMPRESSION_FILENDING tar.xz)
ADD_CUSTOM_TARGET(compress.pre ${compressed_filename}
COMMAND ${CLEANUP_FILES}
COMMAND ${CMAKE_COMMAND} -E remove_directory "${DESTINATION_DIR}/doc"
COMMAND ${CMAKE_COMMAND} -E remove_directory "${DESTINATION_DIR}/lib/engines"
COMMAND ${CMAKE_COMMAND} -E remove_directory "${DESTINATION_DIR}/share"
COMMAND ${SIGN_COMMAND}
DEPENDS ${COMPRESS_TARGETS}

View File

@ -17,7 +17,7 @@ Unterstützte Compiler:
Notwendige Bibliotheken:
- Qt >= 5.9
- Qt >= 5.10
- http://www.qt.io/download/
@ -25,11 +25,7 @@ Notwendige Bibliotheken:
- https://www.openssl.org/source/
- Aus dem Ordner "patches" müssen die folgenden Patches angewandt werden.
(Sofern der automatische Build mittels CMake gestartet wird, werden
die Patches automatisch angewandt.)
- openssl_rsa_psk.patch
- LibreSSL wird auf Grund des fehlenden RSA-PSK nicht unterstützt.
- pcsclite >= 1.8 (nur Linux/FreeBSD)
@ -97,8 +93,8 @@ Beispiel: Innerhalb von /Users/governikus/AusweisApp2 befindet sich der Quellcod
Windows MinGW
^^^^^^^^^^^^^
Unter Windows ist es derzeit empfohlen einen Teil der Toolchain mittels MSYS zu bauen.
Perl muss dafür ebenfalls installiert sein.
Unter Windows ist es derzeit empfohlen einen Teil der Toolchain mittels MSYS2 zu bauen.
Perl muss dafür in MSYS2 nachinstalliert werden. Außerdem ist das Windows SDK notwendig.
MinGW
"""""
@ -109,20 +105,28 @@ MinGW
https://sourceforge.net/projects/mingw-w64/files/Toolchains%20targetting%20Win32/Personal%20Builds/mingw-builds/5.3.0/threads-posix/dwarf/i686-5.3.0-release-posix-dwarf-rt_v4-rev0.7z/download
MSYS
""""
MSYS2
"""""
- http://www.mingw.org/wiki/msys
- https://sourceforge.net/projects/msys2/files/Base/x86_64/
- Getestet: 1.0.11
- Getestet: msys2-base-x86_64-20180531.tar.xz
Perl
""""
Windows SDK
"""""""""""
- http://www.activestate.com/activeperl/downloads
- https://developer.microsoft.com/de-de/windows/downloads/windows-10-sdk
- Getestet: 5.24.0
- Getestet: 10.0.14393.795 und 10.0.16299.0
Python 2
""""""""
- https://www.python.org/downloads/
- Getestet: python-2.7.15.amd64.msi
Vorbereitung
@ -131,46 +135,72 @@ Vorbereitung
#. Eintragen des Ordners "bin" von der MinGW-Installation in %PATH%.
#. Installation von MSYS, welche sich auf die MinGW-Installation bezieht.
#. Entpacken von MSYS2.
#. Der Ordner von Perl muss sich in %PATH% befinden.
#. Start von "msys2_shell.cmd -use-full-path".
#. In der Datei "fstab" unter C:\msys\1.0\etc folgende Einträge mit den jeweiligen Pfaden:
#. System aktualisieren mittels "pacman -Syu" (danach MSYS2 neustarten).
#. Perl nachinstallieren mittels "pacman -S perl".
#. Installation des Windows SDK und setzen einer Systemvariable:
::
C:/mingw32/i686-5.3.0-release-posix-dwarf-rt_v4-rev0 /mingw
C:/Perl /perl
Für das Windows SDK 10.0.15063.0 und neuer:
WindowsSdkVerBinPath = C:\Program Files (x86)\Windows Kits\10\bin\%VERSION%
Für alle älteren Versionen:
WindowsSdkDir = C:\Program Files (x86)\Windows Kits\10
Durch einige Probleme mit Unix-Shell-Skripten ist es derzeit leider
notwendig die Toolchain in zwei Schritten aufzubauen.
notwendig die Toolchain in zwei Schritten zu bauen.
Hierzu muss OpenSSL und Qt separat gebaut werden.
#. Download und Start der Installation von Python.
#. Sicherstellen, dass die python.exe während der Installation zum PATH hinzugefügt wird.
Eventuell muss für MinGW folgende Option gesetzt werden (QTBUG-16443):
#. Windows --> gpedit.msc --> Enter (als Administrator)
#. Richtlinien für Lokaler Computer
#. Computerkonfiguration
#. Administrative Vorlagen
#. System
#. Dateisystem
#. Lange Win32-Pfade aktivieren
openssl / Qt
""""""""""""
Da Qt mittels Batchskript gebaut werden muss, ist es leider nicht möglich dies innerhalb
von MSYS zu bauen [2]. Daher wird OpenSSL und Qt mittels Windows-CLI konfiguriert.
Dabei wird Qt über Windows-CLI und OpenSSL unter MSYS gebaut.
von MSYS2 zu bauen [2]. Daher wird OpenSSL und Qt mittels Windows-CLI konfiguriert.
Dabei wird Qt über Windows-CLI und OpenSSL unter MSYS2 gebaut.
#. cmd.exe von Windows starten
#. mkdir c:\msys\1.0\home\user\qt ("user" ist der Benutzer, der unter MSYS verwendet wird)
#. mkdir c:\msys64\home\user\qt ("user" ist der Benutzer, der unter MSYS2 verwendet wird)
#. cd c:\msys\1.0\home\user\qt
#. cd c:\msys64\home\user\qt
#. cmake -DCMAKE_BUILD_TYPE=release -DPACKAGES_DIR=C:/packages C:/AusweisApp2/libs -G "MinGW Makefiles"
#. MSYS Shell starten
#. MSYS2 Shell starten ("msys2_shell.cmd -use-full-path")
#. cd qt
#. mingw32-make openssl
#. MSYS Shell verlassen
#. MSYS2 Shell verlassen
#. In der cmd.exe: c:\msys\1.0\home\user\qt
#. In der cmd.exe: c:\msys64\home\user\qt
#. mingw32-make qt
@ -182,7 +212,7 @@ iOS
"""
Die Toolchain für iOS kann nur auf MacOS gebaut werden. Dabei müssen XCode und
die Command Line Tools (siehe "xcode-select -p" bzw. "xcode-select --install")
auf dem Mac vorhanden sein. Die folgende Anleitung wurde unter MacOS 10.9 und 10.11 getestet.
auf dem Mac vorhanden sein. Die folgende Anleitung wurde unter macOS 10.12 getestet.
Ebenfalls muss für den Build-Vorgang von Qt ein iOS Developer-Zertifikat mit Wildcard (*)
im Keystore von MacOS hinterlegt sein.
@ -207,30 +237,33 @@ Komponenten vorhanden sein:
- https://developer.android.com/tools/sdk/ndk/index.html
- Getestet: r10e (https://wiki.qt.io/Qt_for_Android_known_issues)
- Getestet: r18 (https://wiki.qt.io/Qt_for_Android_known_issues)
- Android SDK mit gesetztem ANDROID_HOME
- https://developer.android.com/studio/releases/sdk-tools.html
- Getestet: 25.2.5
- Getestet: 26.1.1
- Qt ist derzeit nicht mit aktuelleren kompatibel: https://bugreports.qt.io/browse/QTBUG-61988
- SDK build tools
- Unter bestimmten Umständen kann es vorkommen, dass die Build-Tools-Version nicht erkannt
wird. Dies kann mittels der Umgebungsvariable ANDROID_BUILD_TOOLS_REVISION behoben werden.
Die genaue Version ist im Android Manager vom Android SDK (./tools/android) hinterlegt.
- https://developer.android.com/studio/releases/build-tools
- Getestet: 27.0.1
- Getestet: 28.0.3
- Um Qt erfolgreich zu bauen, sind verschiedene API Level von Android notwendig.
Diese sollten mindestens Level 18 und 21 sein. Nähere Informationen dazu
- SDK platform tools
- https://developer.android.com/studio/releases/platform-tools
- Getestet: 28.0.1
- Um Qt erfolgreich zu bauen, ist mindestens ein API-Levelpaket von Android notwendig.
Dieses sollte mindestens Level 21 sein. Nähere Informationen dazu
sind im Wiki von Qt enthalten: http://wiki.qt.io/Android
Die Plattformen können mittels Android Manager nachinstalliert werden.
- JDK mit gesetztem JAVA_HOME
- Apache Ant mit gesetztem ANT_HOME
Beispiel: Innerhalb von /home/governikus/AusweisApp2 befindet sich der Quellcode.

View File

@ -0,0 +1,78 @@
From f1b12b8713a739f27d74e6911580b2e70aea2fa4 Mon Sep 17 00:00:00 2001
From: Pauli <paul.dale@oracle.com>
Date: Mon, 29 Oct 2018 06:50:51 +1000
Subject: [PATCH 1/3] DSA mod inverse fix
There is a side channel attack against the division used to calculate one of
the modulo inverses in the DSA algorithm. This change takes advantage of the
primality of the modulo and Fermat's little theorem to calculate the inverse
without leaking information.
Thanks to Samuel Weiser for finding and reporting this.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7487)
(cherry picked from commit 415c33563528667868c3c653a612e6fc8736fd79)
---
crypto/dsa/dsa_ossl.c | 32 +++++++++++++++++++++++++++++++-
1 file changed, 31 insertions(+), 1 deletion(-)
diff --git x/crypto/dsa/dsa_ossl.c y/crypto/dsa/dsa_ossl.c
index ac1f65a51a..ca20811200 100644
--- x/crypto/dsa/dsa_ossl.c
+++ y/crypto/dsa/dsa_ossl.c
@@ -23,6 +23,8 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len,
DSA_SIG *sig, DSA *dsa);
static int dsa_init(DSA *dsa);
static int dsa_finish(DSA *dsa);
+static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q,
+ BN_CTX *ctx);
static DSA_METHOD openssl_dsa_meth = {
"OpenSSL DSA method",
@@ -259,7 +261,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
goto err;
/* Compute part of 's = inv(k) (m + xr) mod q' */
- if ((kinv = BN_mod_inverse(NULL, k, dsa->q, ctx)) == NULL)
+ if ((kinv = dsa_mod_inverse_fermat(k, dsa->q, ctx)) == NULL)
goto err;
BN_clear_free(*kinvp);
@@ -393,3 +395,31 @@ static int dsa_finish(DSA *dsa)
BN_MONT_CTX_free(dsa->method_mont_p);
return 1;
}
+
+/*
+ * Compute the inverse of k modulo q.
+ * Since q is prime, Fermat's Little Theorem applies, which reduces this to
+ * mod-exp operation. Both the exponent and modulus are public information
+ * so a mod-exp that doesn't leak the base is sufficient. A newly allocated
+ * BIGNUM is returned which the caller must free.
+ */
+static BIGNUM *dsa_mod_inverse_fermat(const BIGNUM *k, const BIGNUM *q,
+ BN_CTX *ctx)
+{
+ BIGNUM *res = NULL;
+ BIGNUM *r, *e;
+
+ if ((r = BN_new()) == NULL)
+ return NULL;
+
+ BN_CTX_start(ctx);
+ if ((e = BN_CTX_get(ctx)) != NULL
+ && BN_set_word(r, 2)
+ && BN_sub(e, q, r)
+ && BN_mod_exp_mont(r, k, e, q, ctx, NULL))
+ res = r;
+ else
+ BN_free(r);
+ BN_CTX_end(ctx);
+ return res;
+}
--
2.19.1

View File

@ -0,0 +1,30 @@
From 2bcd8e6e1fe62ef5667c1bb8ad1bfe54a0aeaa99 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Wed, 24 Oct 2018 10:11:00 +0100
Subject: [PATCH] Ignore disabled ciphers when deciding if we are using ECC
use_ecc() was always returning 1 because there are default (TLSv1.3)
ciphersuites that use ECC - even if those ciphersuites are disabled by
other options.
Fixes #7471
---
ssl/statem/extensions_clnt.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git x/ssl/statem/extensions_clnt.c y/ssl/statem/extensions_clnt.c
index 4b5e6fe2b87..dcadc2a3231 100644
--- x/ssl/statem/extensions_clnt.c
+++ y/ssl/statem/extensions_clnt.c
@@ -128,6 +128,10 @@ static int use_ecc(SSL *s)
for (i = 0; i < end; i++) {
const SSL_CIPHER *c = sk_SSL_CIPHER_value(cipher_stack, i);
+ /* Skip disabled ciphers */
+ if (ssl_cipher_disabled(s, c, SSL_SECOP_CIPHER_SUPPORTED, 0))
+ continue;
+
alg_k = c->algorithm_mkey;
alg_a = c->algorithm_auth;
if ((alg_k & (SSL_kECDHE | SSL_kECDHEPSK))

View File

@ -1,31 +0,0 @@
From 349a41da1ad88ad87825414752a8ff5fdd6a6c3f Mon Sep 17 00:00:00 2001
From: Billy Brumley <bbrumley@gmail.com>
Date: Wed, 11 Apr 2018 10:10:58 +0300
Subject: [PATCH] RSA key generation: ensure BN_mod_inverse and BN_mod_exp_mont
both get called with BN_FLG_CONSTTIME flag set.
CVE-2018-0737
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(cherry picked from commit 6939eab03a6e23d2bd2c3f5e34fe1d48e542e787)
---
crypto/rsa/rsa_gen.c | 2 ++
1 file changed, 2 insertions(+)
diff --git x/crypto/rsa/rsa_gen.c y/crypto/rsa/rsa_gen.c
index 9ca5dfefb7..42b89a8dfa 100644
--- x/crypto/rsa/rsa_gen.c
+++ y/crypto/rsa/rsa_gen.c
@@ -156,6 +156,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
if (BN_copy(rsa->e, e_value) == NULL)
goto err;
+ BN_set_flags(rsa->p, BN_FLG_CONSTTIME);
+ BN_set_flags(rsa->q, BN_FLG_CONSTTIME);
BN_set_flags(r2, BN_FLG_CONSTTIME);
/* generate p and q */
for (;;) {
--
2.17.0

View File

@ -1,42 +0,0 @@
From 3984ef0b72831da8b3ece4745cac4f8575b19098 Mon Sep 17 00:00:00 2001
From: Guido Vranken <guidovranken@gmail.com>
Date: Mon, 11 Jun 2018 19:38:54 +0200
Subject: [PATCH] Reject excessively large primes in DH key generation.
CVE-2018-0732
Signed-off-by: Guido Vranken <guidovranken@gmail.com>
(cherry picked from commit 91f7361f47b082ae61ffe1a7b17bb2adf213c7fe)
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6457)
---
crypto/dh/dh_key.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git x/crypto/dh/dh_key.c y/crypto/dh/dh_key.c
index 387558f146..f235e0d682 100644
--- x/crypto/dh/dh_key.c
+++ y/crypto/dh/dh_key.c
@@ -130,10 +130,15 @@ static int generate_key(DH *dh)
int ok = 0;
int generate_new_key = 0;
unsigned l;
- BN_CTX *ctx;
+ BN_CTX *ctx = NULL;
BN_MONT_CTX *mont = NULL;
BIGNUM *pub_key = NULL, *priv_key = NULL;
+ if (BN_num_bits(dh->p) > OPENSSL_DH_MAX_MODULUS_BITS) {
+ DHerr(DH_F_GENERATE_KEY, DH_R_MODULUS_TOO_LARGE);
+ return 0;
+ }
+
ctx = BN_CTX_new();
if (ctx == NULL)
goto err;
--
2.18.0

View File

@ -1,75 +0,0 @@
From 2a33b07d56c7e30a18dda5760111af267271c236 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Klitzing?= <aklitzing@gmail.com>
Date: Tue, 24 Apr 2018 16:13:56 +0200
Subject: [PATCH] Revert "Configure: use a better method to identify gcc and
derivates"
This reverts commit 78e9e3f945935c91d8dfe0e832a95d6ea8d05f34.
---
Configure | 22 ++++++++--------------
1 file changed, 8 insertions(+), 14 deletions(-)
diff --git x/Configure y/Configure
index 744b493b96..fe7565ebd9 100755
--- x/Configure
+++ y/Configure
@@ -1269,7 +1269,7 @@ my ($prelflags,$postlflags)=split('%',$lflags);
if (defined($postlflags)) { $lflags=$postlflags; }
else { $lflags=$prelflags; undef $prelflags; }
-if ($target =~ /^mingw/ && `$cross_compile_prefix$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m)
+if ($target =~ /^mingw/ && `$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m)
{
$cflags =~ s/\-mno\-cygwin\s*//;
$shared_ldflag =~ s/\-mno\-cygwin\s*//;
@@ -1661,25 +1661,18 @@ if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
$shlib_minor=$2;
}
-my %predefined;
-
-# collect compiler pre-defines from gcc or gcc-alike...
-open(PIPE, "$cross_compile_prefix$cc -dM -E -x c /dev/null 2>&1 |");
-while (<PIPE>) {
- m/^#define\s+(\w+(?:\(\w+\))?)(?:\s+(.+))?/ or last;
- $predefined{$1} = defined($2) ? $2 : "";
-}
-close(PIPE);
+my $ecc = $cc;
+$ecc = "clang" if `$cc --version 2>&1` =~ /clang/;
if ($strict_warnings)
{
my $wopt;
- die "ERROR --strict-warnings requires gcc or clang" unless defined($predefined{__GNUC__});
+ die "ERROR --strict-warnings requires gcc or clang" unless ($ecc =~ /gcc$/ or $ecc =~ /clang$/);
foreach $wopt (split /\s+/, $gcc_devteam_warn)
{
$cflags .= " $wopt" unless ($cflags =~ /(^|\s)$wopt(\s|$)/)
}
- if (defined($predefined{__clang__}))
+ if ($ecc eq "clang")
{
foreach $wopt (split /\s+/, $clang_devteam_warn)
{
@@ -1730,14 +1723,15 @@ while (<IN>)
s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
s/^RC=\s*/RC= \$\(CROSS_COMPILE\)/;
- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $predefined{__GNUC__} >= 3;
+ s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc";
}
else {
s/^CC=.*$/CC= $cc/;
s/^AR=\s*ar/AR= $ar/;
s/^RANLIB=.*/RANLIB= $ranlib/;
s/^RC=.*/RC= $windres/;
- s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $predefined{__GNUC__} >= 3;
+ s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
+ s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $ecc eq "gcc" || $ecc eq "clang";
}
s/^CFLAG=.*$/CFLAG= $cflags/;
s/^DEPFLAG=.*$/DEPFLAG=$depflags/;
--
2.17.0

View File

@ -0,0 +1,109 @@
From 8abfe72e8c1de1b95f50aa0d9134803b4d00070f Mon Sep 17 00:00:00 2001
From: Pauli <paul.dale@oracle.com>
Date: Wed, 24 Oct 2018 07:42:46 +1000
Subject: [PATCH 2/3] Timing vulnerability in DSA signature generation
(CVE-2018-0734).
Avoid a timing attack that leaks information via a side channel that
triggers when a BN is resized. Increasing the size of the BNs
prior to doing anything with them suppresses the attack.
Thanks due to Samuel Weiser for finding and locating this.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7486)
(cherry picked from commit a9cfb8c2aa7254a4aa6a1716909e3f8cb78049b6)
---
crypto/dsa/dsa_ossl.c | 28 +++++++++++++++-------------
1 file changed, 15 insertions(+), 13 deletions(-)
diff --git x/crypto/dsa/dsa_ossl.c y/crypto/dsa/dsa_ossl.c
index ca20811200..2dd2d7489a 100644
--- x/crypto/dsa/dsa_ossl.c
+++ y/crypto/dsa/dsa_ossl.c
@@ -9,6 +9,7 @@
#include <stdio.h>
#include "internal/cryptlib.h"
+#include "internal/bn_int.h"
#include <openssl/bn.h>
#include <openssl/sha.h>
#include "dsa_locl.h"
@@ -180,9 +181,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
{
BN_CTX *ctx = NULL;
BIGNUM *k, *kinv = NULL, *r = *rp;
- BIGNUM *l, *m;
+ BIGNUM *l;
int ret = 0;
- int q_bits;
+ int q_bits, q_words;
if (!dsa->p || !dsa->q || !dsa->g) {
DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_MISSING_PARAMETERS);
@@ -191,8 +192,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
k = BN_new();
l = BN_new();
- m = BN_new();
- if (k == NULL || l == NULL || m == NULL)
+ if (k == NULL || l == NULL)
goto err;
if (ctx_in == NULL) {
@@ -203,9 +203,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
/* Preallocate space */
q_bits = BN_num_bits(dsa->q);
- if (!BN_set_bit(k, q_bits)
- || !BN_set_bit(l, q_bits)
- || !BN_set_bit(m, q_bits))
+ q_words = bn_get_top(dsa->q);
+ if (!bn_wexpand(k, q_words + 2)
+ || !bn_wexpand(l, q_words + 2))
goto err;
/* Get random k */
@@ -240,14 +240,17 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
* small timing information leakage. We then choose the sum that is
* one bit longer than the modulus.
*
- * TODO: revisit the BN_copy aiming for a memory access agnostic
- * conditional copy.
+ * There are some concerns about the efficacy of doing this. More
+ * specificly refer to the discussion starting with:
+ * https://github.com/openssl/openssl/pull/7486#discussion_r228323705
+ * The fix is to rework BN so these gymnastics aren't required.
*/
if (!BN_add(l, k, dsa->q)
- || !BN_add(m, l, dsa->q)
- || !BN_copy(k, BN_num_bits(l) > q_bits ? l : m))
+ || !BN_add(k, l, dsa->q))
goto err;
+ BN_consttime_swap(BN_is_bit_set(l, q_bits), k, l, q_words + 2);
+
if ((dsa)->meth->bn_mod_exp != NULL) {
if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx,
dsa->method_mont_p))
@@ -260,7 +263,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
if (!BN_mod(r, r, dsa->q, ctx))
goto err;
- /* Compute part of 's = inv(k) (m + xr) mod q' */
+ /* Compute part of 's = inv(k) (m + xr) mod q' */
if ((kinv = dsa_mod_inverse_fermat(k, dsa->q, ctx)) == NULL)
goto err;
@@ -275,7 +278,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
BN_CTX_free(ctx);
BN_clear_free(k);
BN_clear_free(l);
- BN_clear_free(m);
return ret;
}
--
2.19.1

View File

@ -0,0 +1,44 @@
From b1d6d55ece1c26fa2829e2b819b038d7b6d692b4 Mon Sep 17 00:00:00 2001
From: Pauli <paul.dale@oracle.com>
Date: Fri, 26 Oct 2018 10:54:58 +1000
Subject: [PATCH 3/3] Timing vulnerability in ECDSA signature generation
(CVE-2018-0735)
Preallocate an extra limb for some of the big numbers to avoid a reallocation
that can potentially provide a side channel.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/7486)
(cherry picked from commit 99540ec79491f59ed8b46b4edf130e17dc907f52)
---
crypto/ec/ec_mult.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git x/crypto/ec/ec_mult.c y/crypto/ec/ec_mult.c
index 7e1b3650e7..0e0a5e1394 100644
--- x/crypto/ec/ec_mult.c
+++ y/crypto/ec/ec_mult.c
@@ -206,8 +206,8 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r,
*/
cardinality_bits = BN_num_bits(cardinality);
group_top = bn_get_top(cardinality);
- if ((bn_wexpand(k, group_top + 1) == NULL)
- || (bn_wexpand(lambda, group_top + 1) == NULL)) {
+ if ((bn_wexpand(k, group_top + 2) == NULL)
+ || (bn_wexpand(lambda, group_top + 2) == NULL)) {
ECerr(EC_F_EC_SCALAR_MUL_LADDER, ERR_R_BN_LIB);
goto err;
}
@@ -244,7 +244,7 @@ int ec_scalar_mul_ladder(const EC_GROUP *group, EC_POINT *r,
* k := scalar + 2*cardinality
*/
kbit = BN_is_bit_set(lambda, cardinality_bits);
- BN_consttime_swap(kbit, k, lambda, group_top + 1);
+ BN_consttime_swap(kbit, k, lambda, group_top + 2);
group_top = bn_get_top(group->field);
if ((bn_wexpand(s->X, group_top) == NULL)
--
2.19.1

View File

@ -0,0 +1,11 @@
--- x/Configurations/15-android.conf
+++ y/Configurations/15-android.conf
@@ -136,6 +136,8 @@
bn_ops => sub { android_ndk()->{bn_ops} },
bin_cflags => "-pie",
enable => [ ],
+ shlib_variant => '-gov',
+ shared_extension => '.so',
},
"android-arm" => {
################################################################

View File

@ -1,75 +0,0 @@
From aeae7469061c1675d651224789fc664d6809b0d9 Mon Sep 17 00:00:00 2001
From: "Dr. Stephen Henson" <steve@openssl.org>
Date: Sat, 16 Jan 2016 16:11:34 +0000
Subject: [PATCH] fix no-engine build
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
---
crypto/ts/ts.h | 2 ++
util/libeay.num | 4 ++--
util/mk1mf.pl | 3 +--
3 files changed, 5 insertions(+), 4 deletions(-)
diff --git x/crypto/ts/ts.h y/crypto/ts/ts.h
index 2daa1b2fb5..fc8c14b2d0 100644
--- x/crypto/ts/ts.h
+++ y/crypto/ts/ts.h
@@ -737,9 +737,11 @@ EVP_PKEY *TS_CONF_load_key(const char *file, const char *pass);
const char *TS_CONF_get_tsa_section(CONF *conf, const char *section);
int TS_CONF_set_serial(CONF *conf, const char *section, TS_serial_cb cb,
TS_RESP_CTX *ctx);
+#ifndef OPENSSL_NO_ENGINE
int TS_CONF_set_crypto_device(CONF *conf, const char *section,
const char *device);
int TS_CONF_set_default_engine(const char *name);
+#endif
int TS_CONF_set_signer_cert(CONF *conf, const char *section,
const char *cert, TS_RESP_CTX *ctx);
int TS_CONF_set_certs(CONF *conf, const char *section, const char *certs,
diff --git x/util/libeay.num y/util/libeay.num
index fddfe1cbb2..a76424ceab 100755
--- x/util/libeay.num
+++ y/util/libeay.num
@@ -3874,7 +3874,7 @@ b2i_PVK_bio 4250 EXIST::FUNCTION:RC4
ASN1_UTCTIME_adj 4251 EXIST::FUNCTION:
TS_TST_INFO_new 4252 EXIST::FUNCTION:
EVP_MD_do_all_sorted 4253 EXIST::FUNCTION:
-TS_CONF_set_default_engine 4254 EXIST::FUNCTION:
+TS_CONF_set_default_engine 4254 EXIST::FUNCTION:ENGINE
TS_ACCURACY_set_seconds 4255 EXIST::FUNCTION:
TS_TST_INFO_get_time 4256 EXIST::FUNCTION:
PKCS8_pkey_get0 4257 EXIST::FUNCTION:
@@ -4099,7 +4099,7 @@ EVP_PKEY_meth_find 4469 EXIST::FUNCTION:
EVP_PKEY_id 4470 EXIST::FUNCTION:
TS_TST_INFO_set_serial 4471 EXIST::FUNCTION:
a2i_GENERAL_NAME 4472 EXIST::FUNCTION:
-TS_CONF_set_crypto_device 4473 EXIST::FUNCTION:
+TS_CONF_set_crypto_device 4473 EXIST::FUNCTION:ENGINE
EVP_PKEY_verify_init 4474 EXIST::FUNCTION:
TS_CONF_set_policies 4475 EXIST::FUNCTION:
ASN1_PCTX_new 4476 EXIST::FUNCTION:
diff --git x/util/mk1mf.pl y/util/mk1mf.pl
index 6b31496ed1..ccfb24ca55 100755
--- x/util/mk1mf.pl
+++ y/util/mk1mf.pl
@@ -428,7 +428,6 @@ EOF
{
$extra_install .= <<"EOF"
\$(MKDIR) \"\$(INSTALLTOP)${o}lib${o}engines\"
- \$(CP) \$(E_SHLIB) \"\$(INSTALLTOP)${o}lib${o}engines\"
EOF
}
}
@@ -597,7 +596,7 @@ init: \$(TMP_D) \$(LIB_D) \$(INC_D) \$(INCO_D) \$(BIN_D) \$(TEST_D) headers
headers: \$(HEADER) \$(EXHEADER)
-lib: \$(LIBS_DEP) \$(E_SHLIB)
+lib: \$(LIBS_DEP)
exe: \$(T_EXE) \$(BIN_D)$o\$(E_EXE)$exep
--
2.15.0

View File

@ -1,12 +0,0 @@
diff -ruN openssl-1.0.1j.orig/crypto/ui/ui_openssl.c openssl-1.0.1j/crypto/ui/ui_openssl.c
--- openssl-1.0.1j.orig/crypto/ui/ui_openssl.c 2014-10-15 14:53:39.000000000 +0200
+++ openssl-1.0.1j/crypto/ui/ui_openssl.c 2014-11-05 13:10:13.574510723 +0100
@@ -410,7 +410,7 @@
return 1;
}
-static volatile sig_atomic_t intr_signal;
+static volatile int intr_signal;
#endif
static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)

View File

@ -1,917 +0,0 @@
From e681bc2125a396ff34aab4c3f629683dd0ce28bb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Klitzing?= <aklitzing@gmail.com>
Date: Thu, 23 Apr 2015 20:59:30 +0200
Subject: [PATCH] Introduce TLS-RSA-PSK support
Build on the existing PSK support and introduce RSA-PSK
(cf. RFC 4279, 5487).
Based on the original patch by Christian J. Dietrich.
This work has been sponsored by Governikus GmbH & Co. KG.
PR: 2464
---
doc/apps/ciphers.pod | 12 +++
ssl/s3_clnt.c | 106 ++++++++++++++++++++----
ssl/s3_lib.c | 206 +++++++++++++++++++++++++++++++++++++++++++++-
ssl/s3_srvr.c | 226 ++++++++++++++++++++++++++++++++++++++++++++++++---
ssl/ssl.h | 2 +
ssl/ssl_ciph.c | 9 +-
ssl/ssl_lib.c | 6 ++
ssl/ssl_locl.h | 2 +
ssl/tls1.h | 36 ++++++++
9 files changed, 572 insertions(+), 33 deletions(-)
diff --git x/doc/apps/ciphers.pod y/doc/apps/ciphers.pod
index fa16124d08..45db06c168 100644
--- x/doc/apps/ciphers.pod
+++ y/doc/apps/ciphers.pod
@@ -585,10 +585,22 @@ Note: these ciphers can also be used in SSL v3.
=head2 Pre shared keying (PSK) cipheruites
+ TLS_RSA_PSK_WITH_RC4_128_SHA RSA-PSK-RC4-SHA
+ TLS_RSA_PSK_WITH_3DES_EDE_CBC_SHA RSA-PSK-3DES-EDE-CBC-SHA
+ TLS_RSA_PSK_WITH_AES_128_CBC_SHA RSA-PSK-AES128-CBC-SHA
+ TLS_RSA_PSK_WITH_AES_256_CBC_SHA RSA-PSK-AES256-CBC-SHA
+ TLS_RSA_PSK_WITH_AES_128_CBC_SHA256 RSA-PSK-AES128-CBC-SHA256
+ TLS_RSA_PSK_WITH_AES_256_CBC_SHA384 RSA-PSK-AES256-CBC-SHA384
+ TLS_RSA_PSK_WITH_AES_128_GCM_SHA256 RSA-PSK-AES128-GCM-SHA256
+ TLS_RSA_PSK_WITH_AES_256_GCM_SHA384 RSA-PSK-AES256-GCM-SHA384
TLS_PSK_WITH_RC4_128_SHA PSK-RC4-SHA
TLS_PSK_WITH_3DES_EDE_CBC_SHA PSK-3DES-EDE-CBC-SHA
TLS_PSK_WITH_AES_128_CBC_SHA PSK-AES128-CBC-SHA
TLS_PSK_WITH_AES_256_CBC_SHA PSK-AES256-CBC-SHA
+ TLS_PSK_WITH_AES_128_CBC_SHA256 PSK-AES128-CBC-SHA256
+ TLS_PSK_WITH_AES_256_CBC_SHA384 PSK-AES256-CBC-SHA384
+ TLS_PSK_WITH_AES_128_GCM_SHA256 PSK-AES128-GCM-SHA256
+ TLS_PSK_WITH_AES_256_GCM_SHA384 PSK-AES256-GCM-SHA384
=head2 Deprecated SSL v2.0 cipher suites.
diff --git x/ssl/s3_clnt.c y/ssl/s3_clnt.c
index 5b8b2da59f..ae0d4d840c 100644
--- x/ssl/s3_clnt.c
+++ y/ssl/s3_clnt.c
@@ -342,7 +342,7 @@ int ssl3_connect(SSL *s)
}
#endif
/* Check if it is anon DH/ECDH, SRP auth */
- /* or PSK */
+ /* or plain PSK */
if (!
(s->s3->tmp.
new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
@@ -1424,9 +1424,9 @@ int ssl3_get_key_exchange(SSL *s)
}
#ifndef OPENSSL_NO_PSK
/*
- * In plain PSK ciphersuite, ServerKeyExchange can be omitted if no
- * identity hint is sent. Set session->sess_cert anyway to avoid
- * problems later.
+ * In PSK ciphersuites, ServerKeyExchange can be omitted if no
+ * identity hint is sent. Set session->sess_cert for plain PSK
+ * anyway to avoid problems later.
*/
if (alg_k & SSL_kPSK) {
s->session->sess_cert = ssl_sess_cert_new();
@@ -1471,7 +1471,12 @@ int ssl3_get_key_exchange(SSL *s)
al = SSL_AD_DECODE_ERROR;
#ifndef OPENSSL_NO_PSK
- if (alg_k & SSL_kPSK) {
+ /* handle PSK identity hint */
+ if (alg_k & SSL_kPSK
+#ifndef OPENSSL_NO_RSA
+ || alg_k & SSL_kRSAPSK
+#endif
+ ) {
param_len = 2;
if (param_len > n) {
SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE, SSL_R_LENGTH_TOO_SHORT);
@@ -2041,7 +2046,7 @@ int ssl3_get_key_exchange(SSL *s)
}
} else {
/* aNULL, aSRP or kPSK do not need public keys */
- if (!(alg_a & (SSL_aNULL | SSL_aSRP)) && !(alg_k & SSL_kPSK)) {
+ if (!(alg_a & (SSL_aNULL | SSL_aSRP)) && !(alg_k & SSL_kPSK) && !(alg_k & SSL_kRSAPSK)) {
/* Might be wrong key type, check it */
if (ssl3_check_cert_and_algorithm(s))
/* Otherwise this shouldn't happen */
@@ -3130,7 +3135,11 @@ int ssl3_send_client_key_exchange(SSL *s)
}
#endif
#ifndef OPENSSL_NO_PSK
- else if (alg_k & SSL_kPSK) {
+ else if (alg_k & SSL_kPSK
+#ifndef OPENSSL_NO_RSA
+ || alg_k & SSL_kRSAPSK
+#endif
+ ) {
/*
* The callback needs PSK_MAX_IDENTITY_LEN + 1 bytes to return a
* \0-terminated identity. The last byte is for us for simulating
@@ -3138,8 +3147,8 @@ int ssl3_send_client_key_exchange(SSL *s)
*/
char identity[PSK_MAX_IDENTITY_LEN + 2];
size_t identity_len;
- unsigned char *t = NULL;
unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN * 2 + 4];
+ unsigned char *t = psk_or_pre_ms;
unsigned int pre_ms_len = 0, psk_len = 0;
int psk_err = 1;
@@ -3171,14 +3180,34 @@ int ssl3_send_client_key_exchange(SSL *s)
ERR_R_INTERNAL_ERROR);
goto psk_err;
}
- /* create PSK pre_master_secret */
- pre_ms_len = 2 + psk_len + 2 + psk_len;
- t = psk_or_pre_ms;
- memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len);
- s2n(psk_len, t);
- memset(t, 0, psk_len);
- t += psk_len;
- s2n(psk_len, t);
+
+ if (alg_k & SSL_kPSK) {
+ /* create PSK pre_master_secret */
+ pre_ms_len = 2 + psk_len + 2 + psk_len;
+ memmove(psk_or_pre_ms + psk_len + 4, psk_or_pre_ms, psk_len);
+ s2n(psk_len, t);
+ memset(t, 0, psk_len);
+ t += psk_len;
+ s2n(psk_len, t);
+ }
+#ifndef OPENSSL_NO_RSA
+ else if (alg_k & SSL_kRSAPSK) {
+ const unsigned int pre_ms_prefix = 48;
+
+ pre_ms_len = 2 + 2 + 46 + 2 + psk_len;
+ memmove(psk_or_pre_ms + 52, psk_or_pre_ms, psk_len);
+ s2n(pre_ms_prefix, t);
+
+ psk_or_pre_ms[2] = s->client_version >> 8;
+ psk_or_pre_ms[3] = s->client_version & 0xff;
+ t += 2;
+
+ if (RAND_bytes(psk_or_pre_ms + 4, 46) <= 0)
+ goto psk_err;
+ t += 46;
+ s2n(psk_len, t);
+ }
+#endif
if (s->session->psk_identity_hint != NULL)
OPENSSL_free(s->session->psk_identity_hint);
@@ -3208,8 +3237,41 @@ int ssl3_send_client_key_exchange(SSL *s)
pre_ms_len);
s2n(identity_len, p);
memcpy(p, identity, identity_len);
+ p += identity_len;
n = 2 + identity_len;
+
+#ifndef OPENSSL_NO_RSA
+ if (alg_k & SSL_kRSAPSK) {
+ RSA *rsa;
+ int enc_n;
+
+ if (s->session->sess_cert->peer_rsa_tmp != NULL) {
+ rsa = s->session->sess_cert->peer_rsa_tmp;
+ } else {
+ pkey = X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509);
+ if ((pkey == NULL) || (pkey->type != EVP_PKEY_RSA) || (pkey->pkey.rsa == NULL)) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR);
+ goto psk_err;
+ }
+ rsa = pkey->pkey.rsa;
+ EVP_PKEY_free(pkey);
+ }
+
+ enc_n = RSA_public_encrypt(48, psk_or_pre_ms + 2, p + 2, rsa, RSA_PKCS1_PADDING);
+ if (enc_n <= 0) {
+ SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, SSL_R_BAD_RSA_ENCRYPT);
+ goto psk_err;
+ }
+
+ n += enc_n;
+
+ s2n(enc_n, p);
+ n += 2;
+ }
+#endif
+
psk_err = 0;
+
psk_err:
OPENSSL_cleanse(identity, sizeof(identity));
OPENSSL_cleanse(psk_or_pre_ms, sizeof(psk_or_pre_ms));
@@ -3580,7 +3642,11 @@ int ssl3_check_cert_and_algorithm(SSL *s)
}
#endif
#ifndef OPENSSL_NO_RSA
- if (alg_k & SSL_kRSA) {
+ if (alg_k & SSL_kRSA
+#ifndef OPENSSL_NO_PSK
+ || alg_k & SSL_kRSAPSK
+#endif
+ ) {
if (!SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
!has_bits(i, EVP_PK_RSA | EVP_PKT_ENC)) {
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
@@ -3647,7 +3713,11 @@ int ssl3_check_cert_and_algorithm(SSL *s)
if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) &&
pkey_bits > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) {
#ifndef OPENSSL_NO_RSA
- if (alg_k & SSL_kRSA) {
+ if (alg_k & SSL_kRSA
+#ifndef OPENSSL_NO_PSK
+ || alg_k & SSL_kRSAPSK
+#endif
+ ) {
if (rsa == NULL) {
SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,
SSL_R_MISSING_EXPORT_TMP_RSA_KEY);
diff --git x/ssl/s3_lib.c y/ssl/s3_lib.c
index 1014a3fce1..0187d508a1 100644
--- x/ssl/s3_lib.c
+++ y/ssl/s3_lib.c
@@ -1765,6 +1765,74 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
256,
256,
},
+
+
+#ifndef OPENSSL_NO_RSA
+ /* RSA-PSK ciphersuites from RFC4279 */
+ /* Cipher 92 */
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA,
+ TLS1_CK_RSA_PSK_WITH_RC4_128_SHA,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_RC4,
+ SSL_SHA1,
+ SSL_TLSV1,
+ SSL_NOT_EXP|SSL_MEDIUM,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ 128,
+ 128,
+ },
+
+ /* Cipher 93 */
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
+ TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_3DES,
+ SSL_SHA1,
+ SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ 112,
+ 168,
+ },
+
+ /* Cipher 94 */
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA,
+ TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_AES128,
+ SSL_SHA1,
+ SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ 128,
+ 128,
+ },
+
+ /* Cipher 95 */
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA,
+ TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_AES256,
+ SSL_SHA1,
+ SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_DEFAULT|TLS1_PRF,
+ 256,
+ 256,
+ },
+#endif /* OPENSSL_NO_RSA */
#endif /* OPENSSL_NO_PSK */
#ifndef OPENSSL_NO_SEED
@@ -2077,6 +2145,142 @@ OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[] = {
0},
#endif
+#ifndef OPENSSL_NO_PSK
+ /* PSK ciphersuites from RFC5487 */
+
+ /* Cipher A8 */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256,
+ TLS1_CK_PSK_WITH_AES_128_GCM_SHA256,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES128GCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher A9 */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384,
+ TLS1_CK_PSK_WITH_AES_256_GCM_SHA384,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES256GCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+ 256,
+ 256,
+ },
+
+ #ifndef OPENSSL_NO_RSA
+ /* Cipher AC */
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256,
+ TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_AES128GCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher AD */
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384,
+ TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_AES256GCM,
+ SSL_AEAD,
+ SSL_TLSV1_2,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+ 256,
+ 256,
+ },
+#endif /* OPENSSL_NO_RSA */
+
+ /* Cipher AE */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256,
+ TLS1_CK_PSK_WITH_AES_128_CBC_SHA256,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES128,
+ SSL_SHA256,
+ SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher AF */
+ {
+ 1,
+ TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384,
+ TLS1_CK_PSK_WITH_AES_256_CBC_SHA384,
+ SSL_kPSK,
+ SSL_aPSK,
+ SSL_AES256,
+ SSL_SHA384,
+ SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+ 256,
+ 256,
+ },
+
+ #ifndef OPENSSL_NO_RSA
+ /* Cipher B6 */
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256,
+ TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_AES128,
+ SSL_SHA256,
+ SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA256|TLS1_PRF_SHA256,
+ 128,
+ 128,
+ },
+
+ /* Cipher B7 */
+ {
+ 1,
+ TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384,
+ TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384,
+ SSL_kRSAPSK,
+ SSL_aRSA,
+ SSL_AES256,
+ SSL_SHA384,
+ SSL_TLSV1,
+ SSL_NOT_EXP|SSL_HIGH,
+ SSL_HANDSHAKE_MAC_SHA384|TLS1_PRF_SHA384,
+ 256,
+ 256,
+ },
+#endif /* OPENSSL_NO_RSA */
+#endif /* OPENSSL_NO_PSK */
+
#ifndef OPENSSL_NO_ECDH
/* Cipher C001 */
{
@@ -4169,7 +4373,7 @@ SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt,
#endif /* OPENSSL_NO_KRB5 */
#ifndef OPENSSL_NO_PSK
/* with PSK there must be server callback set */
- if ((alg_k & SSL_kPSK) && s->psk_server_callback == NULL)
+ if ((alg_k & SSL_kPSK || alg_k & SSL_kRSAPSK) && s->psk_server_callback == NULL)
continue;
#endif /* OPENSSL_NO_PSK */
diff --git x/ssl/s3_srvr.c y/ssl/s3_srvr.c
index 0fb4845d44..3498836e7d 100644
--- x/ssl/s3_srvr.c
+++ y/ssl/s3_srvr.c
@@ -467,19 +467,22 @@ int ssl3_accept(SSL *s)
/*
* only send if a DH key exchange, fortezza or RSA but we have a
- * sign only certificate PSK: may send PSK identity hints For
- * ECC ciphersuites, we send a serverKeyExchange message only if
+ * sign only certificate
+ *
+ * PSK|RSAPSK: may send PSK identity hints.
+ * Send ServerKeyExchange if PSK identity hint is provided.
+ *
+ * For ECC ciphersuites, we send a serverKeyExchange message only if
* the cipher suite is either ECDH-anon or ECDHE. In other cases,
* the server certificate contains the server's public key for
* key exchange.
*/
if (0
- /*
- * PSK: send ServerKeyExchange if PSK identity hint if
- * provided
- */
#ifndef OPENSSL_NO_PSK
- || ((alg_k & SSL_kPSK) && s->ctx->psk_identity_hint)
+ || (alg_k & SSL_kPSK && s->ctx->psk_identity_hint)
+#ifndef OPENSSL_NO_RSA
+ || (alg_k & SSL_kRSAPSK && s->ctx->psk_identity_hint)
+#endif
#endif
#ifndef OPENSSL_NO_SRP
/* SRP: send ServerKeyExchange */
@@ -535,11 +538,14 @@ int ssl3_accept(SSL *s)
(s->s3->tmp.new_cipher->algorithm_auth & SSL_aKRB5) ||
/* don't request certificate for SRP auth */
(s->s3->tmp.new_cipher->algorithm_auth & SSL_aSRP)
+#ifndef OPENSSL_NO_PSK
/*
- * With normal PSK Certificates and Certificate Requests
+ * With normal PSK, Certificates and Certificate Requests
* are omitted
*/
- || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
+ || (s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)
+#endif
+ ) {
/* no cert request */
skip = 1;
s->s3->tmp.cert_request = 0;
@@ -1835,7 +1841,11 @@ int ssl3_send_server_key_exchange(SSL *s)
} else
#endif /* !OPENSSL_NO_ECDH */
#ifndef OPENSSL_NO_PSK
- if (type & SSL_kPSK) {
+ if (type & SSL_kPSK
+#ifndef OPENSSL_NO_RSA
+ || type & SSL_kRSAPSK
+#endif
+ ) {
/*
* reserve size for record length and PSK identity hint
*/
@@ -1884,7 +1894,8 @@ int ssl3_send_server_key_exchange(SSL *s)
}
if (!(s->s3->tmp.new_cipher->algorithm_auth & (SSL_aNULL | SSL_aSRP))
- && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)) {
+ && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kPSK)
+ && !(s->s3->tmp.new_cipher->algorithm_mkey & SSL_kRSAPSK)) {
if ((pkey = ssl_get_sign_pkey(s, s->s3->tmp.new_cipher, &md))
== NULL) {
al = SSL_AD_DECODE_ERROR;
@@ -1899,6 +1910,12 @@ int ssl3_send_server_key_exchange(SSL *s)
} else {
pkey = NULL;
kn = 0;
+ /* Allow space for signature algorithm */
+ if (SSL_USE_SIGALGS(s)) {
+ kn += 4;
+ const unsigned char *sig;
+ kn += tls12_get_psigalgs(s, 1, &sig);
+ }
}
if (!BUF_MEM_grow_clean(buf, n + SSL_HM_HEADER_LENGTH(s) + kn)) {
@@ -1958,7 +1975,11 @@ int ssl3_send_server_key_exchange(SSL *s)
#endif
#ifndef OPENSSL_NO_PSK
- if (type & SSL_kPSK) {
+ if (type & SSL_kPSK
+#ifndef OPENSSL_NO_RSA
+ || type & SSL_kRSAPSK
+#endif
+ ) {
/* copy PSK identity hint */
s2n(strlen(s->ctx->psk_identity_hint), p);
strncpy((char *)p, s->ctx->psk_identity_hint,
@@ -1974,7 +1995,11 @@ int ssl3_send_server_key_exchange(SSL *s)
* points to the space at the end.
*/
#ifndef OPENSSL_NO_RSA
- if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)) {
+ if (pkey->type == EVP_PKEY_RSA && !SSL_USE_SIGALGS(s)
+#ifndef OPENSSL_NO_PSK
+ && !(type & SSL_kRSAPSK)
+#endif
+ ) {
q = md_buf;
j = 0;
for (num = 2; num > 0; num--) {
@@ -2870,6 +2895,181 @@ int ssl3_get_client_key_exchange(SSL *s)
goto f_err;
} else
#endif
+#ifndef OPENSSL_NO_RSA
+#ifndef OPENSSL_NO_PSK
+ if (alg_k & SSL_kRSAPSK) {
+ unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
+ int decrypt_len;
+ unsigned char decrypt_good, version_good;
+ unsigned char *orig_p = p;
+
+ unsigned int psk_len;
+
+ const unsigned int pre_master_secret_prefix = 48;
+ unsigned char psk_or_pre_ms[PSK_MAX_PSK_LEN * 2 + 4];
+ unsigned int pre_ms_len;
+ unsigned char *t = psk_or_pre_ms;
+
+ char identity[PSK_MAX_IDENTITY_LEN + 1];
+ int identity_len;
+
+ int epms_len;
+ int psk_err = 1;
+
+ /* No server callback? Bail out */
+ if (s->psk_server_callback == NULL) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, SSL_R_PSK_NO_SERVER_CB);
+ goto f_err;
+ }
+
+ /* FIX THIS UP EAY EAY EAY EAY */
+ if (s->s3->tmp.use_rsa_tmp) {
+ if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL))
+ rsa=s->cert->rsa_tmp;
+ /*
+ * Don't do a callback because rsa_tmp should be sent already
+ */
+ if (rsa == NULL) {
+ al=SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_MISSING_TMP_RSA_PKEY);
+ goto f_err;
+ }
+ } else {
+ pkey=s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey;
+ if ((pkey == NULL) ||
+ (pkey->type != EVP_PKEY_RSA) || (pkey->pkey.rsa == NULL)) {
+ al=SSL_AD_HANDSHAKE_FAILURE;
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_MISSING_RSA_CERTIFICATE);
+ goto f_err;
+ }
+ rsa = pkey->pkey.rsa;
+ }
+
+ /* Extract the PSK identity */
+ if (n < (2 + 2)) { /* 2 bytes for the identity len, 2 bytes for the epms len */
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+
+ n2s(p, identity_len);
+
+ if (identity_len > PSK_MAX_IDENTITY_LEN) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_DATA_LENGTH_TOO_LONG);
+ goto f_err;
+ }
+
+ if (n < (2 + identity_len + 2)) { /* as above, plus the identity len */
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_LENGTH_MISMATCH);
+ goto f_err;
+ }
+
+ memset(identity, 0, sizeof(identity));
+ memcpy(identity, p, identity_len);
+ p += identity_len;
+
+ /* fill the pre master secret with random bytes */
+ if (RAND_pseudo_bytes(psk_or_pre_ms, sizeof(psk_or_pre_ms)) <= 0)
+ goto err;
+
+ /* read the psk (into the beginning of the psk_or_pre_ms buffer */
+ psk_len = s->psk_server_callback(s, identity, psk_or_pre_ms, sizeof(psk_or_pre_ms));
+
+ if (psk_len > PSK_MAX_PSK_LEN) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ ERR_R_INTERNAL_ERROR);
+ goto rsapsk_err;
+ } else if (psk_len == 0) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_PSK_IDENTITY_NOT_FOUND);
+ al=SSL_AD_UNKNOWN_PSK_IDENTITY;
+ goto rsapsk_err;
+ }
+
+ /* move on onto decoding the 48 encrypted bytes */
+
+ /* how many bytes to decode? */
+ n2s(p, epms_len);
+
+ if (n != (2 + identity_len + 2 + epms_len)) { /* as above */
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,
+ SSL_R_LENGTH_MISMATCH);
+ goto rsapsk_err;
+ }
+
+ /* decode in place into p */
+ decrypt_len = RSA_private_decrypt(epms_len, p, p, rsa, RSA_PKCS1_PADDING);
+ decrypt_good = constant_time_eq_int_8(decrypt_len, 48);
+
+ /* check the version sent by the client */
+ version_good = constant_time_eq_8(p[0], (unsigned)(s->client_version>>8));
+ version_good &= constant_time_eq_8(p[1], (unsigned)(s->client_version&0xff));
+
+ decrypt_good &= version_good;
+
+ for (i = 0; i < (int) sizeof(rand_premaster_secret); i++)
+ p[i] = constant_time_select_8(decrypt_good, p[i], rand_premaster_secret[i]);
+
+ /*
+ * build the pre master secret. it should look like this:
+ * 48 (2b) + version (2b) + random (46b) + psk_len (2b) + psk
+ */
+ pre_ms_len = 2 + 2 + 46 + 2 + psk_len;
+
+ /* the PSK is at the beginning of psk_or_pre_ms, move at the end */
+ memmove(psk_or_pre_ms + 52, psk_or_pre_ms, psk_len);
+
+ /* fill the "48" in */
+ s2n(pre_master_secret_prefix, t);
+
+ /* fill the 2 bytes version + the 46 random bytes (decrypted earlier with RSA) */
+ memcpy(t, p, 48);
+ t += 48;
+
+ /* fill the psk_len */
+ s2n(psk_len, t);
+
+ /* psk_or_pre_ms now contains the pre master secret */
+
+ /* set the identity in the session */
+ if (s->session->psk_identity != NULL)
+ OPENSSL_free(s->session->psk_identity);
+
+ s->session->psk_identity = BUF_strdup(identity);
+ OPENSSL_cleanse(identity, sizeof(identity));
+
+ if (s->session->psk_identity == NULL) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+ goto rsapsk_err;
+ }
+
+ /* set the identity hint in the session */
+ if (s->session->psk_identity_hint != NULL)
+ OPENSSL_free(s->session->psk_identity_hint);
+ s->session->psk_identity_hint = BUF_strdup(s->ctx->psk_identity_hint);
+ if (s->ctx->psk_identity_hint != NULL && s->session->psk_identity_hint == NULL) {
+ SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, ERR_R_MALLOC_FAILURE);
+ goto rsapsk_err;
+ }
+
+ /* set the premaster key */
+ s->session->master_key_length =
+ s->method->ssl3_enc->generate_master_secret(s,
+ s->session->master_key,
+ psk_or_pre_ms, pre_ms_len);
+
+ psk_err = 0;
+ rsapsk_err:
+ OPENSSL_cleanse(orig_p, n); /* clear the whole payload area */
+ if (psk_err != 0)
+ goto f_err;
+ } else
+#endif
+#endif
#ifndef OPENSSL_NO_SRP
if (alg_k & SSL_kSRP) {
int param_len;
diff --git x/ssl/ssl.h y/ssl/ssl.h
index 90aeb0ce4e..78cf2212ed 100644
--- x/ssl/ssl.h
+++ y/ssl/ssl.h
@@ -254,6 +254,7 @@ extern "C" {
# define SSL_TXT_kEECDH "kEECDH"
# define SSL_TXT_kECDHE "kECDHE"/* alias for kEECDH */
# define SSL_TXT_kPSK "kPSK"
+# define SSL_TXT_kRSAPSK "kRSAPSK"
# define SSL_TXT_kGOST "kGOST"
# define SSL_TXT_kSRP "kSRP"
@@ -282,6 +283,7 @@ extern "C" {
# define SSL_TXT_ECDSA "ECDSA"
# define SSL_TXT_KRB5 "KRB5"
# define SSL_TXT_PSK "PSK"
+# define SSL_TXT_RSAPSK "RSAPSK"
# define SSL_TXT_SRP "SRP"
# define SSL_TXT_DES "DES"
diff --git x/ssl/ssl_ciph.c y/ssl/ssl_ciph.c
index ccdf00fa1b..19c4ac0656 100644
--- x/ssl/ssl_ciph.c
+++ y/ssl/ssl_ciph.c
@@ -263,6 +263,7 @@ static const SSL_CIPHER cipher_aliases[] = {
0, 0, 0},
{0, SSL_TXT_kPSK, 0, SSL_kPSK, 0, 0, 0, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_kRSAPSK, 0, SSL_kRSAPSK, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_kSRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_kGOST, 0, SSL_kGOST, 0, 0, 0, 0, 0, 0, 0, 0},
@@ -294,6 +295,7 @@ static const SSL_CIPHER cipher_aliases[] = {
{0, SSL_TXT_ADH, 0, SSL_kEDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_AECDH, 0, SSL_kEECDH, SSL_aNULL, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_PSK, 0, SSL_kPSK, SSL_aPSK, 0, 0, 0, 0, 0, 0, 0},
+ {0, SSL_TXT_RSAPSK, 0, SSL_kRSAPSK, SSL_aRSA, 0, 0, 0, 0, 0, 0, 0},
{0, SSL_TXT_SRP, 0, SSL_kSRP, 0, 0, 0, 0, 0, 0, 0, 0},
/* symmetric encryption aliases */
@@ -756,7 +758,7 @@ static void ssl_cipher_get_disabled(unsigned long *mkey, unsigned long *auth,
*auth |= SSL_aECDH;
#endif
#ifdef OPENSSL_NO_PSK
- *mkey |= SSL_kPSK;
+ *mkey |= SSL_kPSK | SSL_kRSAPSK;
*auth |= SSL_aPSK;
#endif
#ifdef OPENSSL_NO_SRP
@@ -1555,6 +1557,8 @@ STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, STACK
*/
ssl_cipher_apply_rule(0, SSL_kRSA, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
&tail);
+ ssl_cipher_apply_rule(0, SSL_kRSAPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
+ &tail);
ssl_cipher_apply_rule(0, SSL_kPSK, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
&tail);
ssl_cipher_apply_rule(0, SSL_kKRB5, 0, 0, 0, 0, 0, CIPHER_ORD, -1, &head,
@@ -1731,6 +1735,9 @@ char *SSL_CIPHER_description(const SSL_CIPHER *cipher, char *buf, int len)
case SSL_kPSK:
kx = "PSK";
break;
+ case SSL_kRSAPSK:
+ kx = "RSAPSK";
+ break;
case SSL_kSRP:
kx = "SRP";
break;
diff --git x/ssl/ssl_lib.c y/ssl/ssl_lib.c
index 3539f4b8d2..df6a45bdc4 100644
--- x/ssl/ssl_lib.c
+++ y/ssl/ssl_lib.c
@@ -2442,8 +2442,14 @@ void ssl_set_cert_masks(CERT *c, const SSL_CIPHER *cipher)
#ifndef OPENSSL_NO_PSK
mask_k |= SSL_kPSK;
+#ifndef OPENSSL_NO_RSA
+ mask_k |= SSL_kRSAPSK;
+#endif
mask_a |= SSL_aPSK;
emask_k |= SSL_kPSK;
+#ifndef OPENSSL_NO_RSA
+ emask_k |= SSL_kRSAPSK;
+#endif
emask_a |= SSL_aPSK;
#endif
diff --git x/ssl/ssl_locl.h y/ssl/ssl_locl.h
index aeffc00634..25b9f1d5b1 100644
--- x/ssl/ssl_locl.h
+++ y/ssl/ssl_locl.h
@@ -314,6 +314,8 @@
# define SSL_kGOST 0x00000200L
/* SRP */
# define SSL_kSRP 0x00000400L
+/* RSA PSK */
+# define SSL_kRSAPSK 0x00000800L
/* Bits for algorithm_auth (server authentication) */
/* RSA auth */
diff --git x/ssl/tls1.h y/ssl/tls1.h
index dd1d8c109e..e04e7ddabc 100644
--- x/ssl/tls1.h
+++ y/ssl/tls1.h
@@ -410,6 +410,24 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA 0x0300008C
# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA 0x0300008D
+/* PSK ciphersuites from 5487 */
+# define TLS1_CK_PSK_WITH_AES_128_GCM_SHA256 0x030000A8
+# define TLS1_CK_PSK_WITH_AES_256_GCM_SHA384 0x030000A9
+# define TLS1_CK_PSK_WITH_AES_128_CBC_SHA256 0x030000AE
+# define TLS1_CK_PSK_WITH_AES_256_CBC_SHA384 0x030000AF
+
+/* RSA-PSK ciphersuites from 4279 */
+# define TLS1_CK_RSA_PSK_WITH_RC4_128_SHA 0x03000092
+# define TLS1_CK_RSA_PSK_WITH_3DES_EDE_CBC_SHA 0x03000093
+# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA 0x03000094
+# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA 0x03000095
+
+/* RSA-PSK ciphersuites from 5487 */
+# define TLS1_CK_RSA_PSK_WITH_AES_128_GCM_SHA256 0x030000AC
+# define TLS1_CK_RSA_PSK_WITH_AES_256_GCM_SHA384 0x030000AD
+# define TLS1_CK_RSA_PSK_WITH_AES_128_CBC_SHA256 0x030000B6
+# define TLS1_CK_RSA_PSK_WITH_AES_256_CBC_SHA384 0x030000B7
+
/*
* Additional TLS ciphersuites from expired Internet Draft
* draft-ietf-tls-56-bit-ciphersuites-01.txt (available if
@@ -629,6 +647,24 @@ SSL_CTX_callback_ctrl(ssl,SSL_CTRL_SET_TLSEXT_TICKET_KEY_CB,(void (*)(void))cb)
# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA "PSK-AES128-CBC-SHA"
# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA "PSK-AES256-CBC-SHA"
+/* PSK ciphersuites from RFC 5487 */
+# define TLS1_TXT_PSK_WITH_AES_128_GCM_SHA256 "PSK-AES128-GCM-SHA256"
+# define TLS1_TXT_PSK_WITH_AES_256_GCM_SHA384 "PSK-AES256-GCM-SHA384"
+# define TLS1_TXT_PSK_WITH_AES_128_CBC_SHA256 "PSK-AES128-CBC-SHA256"
+# define TLS1_TXT_PSK_WITH_AES_256_CBC_SHA384 "PSK-AES256-CBC-SHA384"
+
+/* RSA-PSK ciphersuites from RFC 4279 */
+# define TLS1_TXT_RSA_PSK_WITH_RC4_128_SHA "RSA-PSK-RC4-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_3DES_EDE_CBC_SHA "RSA-PSK-3DES-EDE-CBC-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA "RSA-PSK-AES128-CBC-SHA"
+# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA "RSA-PSK-AES256-CBC-SHA"
+
+/* RSA-PSK ciphersuites from RFC 5487 */
+# define TLS1_TXT_RSA_PSK_WITH_AES_128_GCM_SHA256 "RSA-PSK-AES128-GCM-SHA256"
+# define TLS1_TXT_RSA_PSK_WITH_AES_256_GCM_SHA384 "RSA-PSK-AES256-GCM-SHA384"
+# define TLS1_TXT_RSA_PSK_WITH_AES_128_CBC_SHA256 "RSA-PSK-AES128-CBC-SHA256"
+# define TLS1_TXT_RSA_PSK_WITH_AES_256_CBC_SHA384 "RSA-PSK-AES256-CBC-SHA384"
+
/* SRP ciphersuite from RFC 5054 */
# define TLS1_TXT_SRP_SHA_WITH_3DES_EDE_CBC_SHA "SRP-3DES-EDE-CBC-SHA"
# define TLS1_TXT_SRP_SHA_RSA_WITH_3DES_EDE_CBC_SHA "SRP-RSA-3DES-EDE-CBC-SHA"
--
2.15.0

View File

@ -1,4 +1,4 @@
From e06d2d0d163501fdb0926175d7c539c7bb413d70 Mon Sep 17 00:00:00 2001
From 1d9b03157657e398a99f3f183bb7399b8905eb55 Mon Sep 17 00:00:00 2001
From: Lars Schmertmann <Lars.Schmertmann@governikus.de>
Date: Wed, 22 Nov 2017 07:35:56 +0100
Subject: Add IsoDep to the techList on Android
@ -21,5 +21,5 @@ index 345b87d3..a1ae5c37 100644
{"android.nfc.tech.NdefFormatable"}
};
--
2.14.2
2.18.0

View File

@ -0,0 +1,27 @@
From 9e482ce286ad39677e64392e0ca18afc4cf5396c Mon Sep 17 00:00:00 2001
From: Lars Schmertmann <Lars.Schmertmann@governikus.de>
Date: Fri, 13 Apr 2018 08:22:18 +0200
Subject: [PATCH] Add work-around for freebsd build
Change-Id: I14e66e072f9667479815693e3dbbac71385797e7
Task-number: QTBUG-65425
---
qmake/Makefile.unix | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git x/qtbase/qmake/Makefile.unix y/qtbase/qmake/Makefile.unix
index 426387f0c2..b785127ed2 100644
--- x/qtbase/qmake/Makefile.unix
+++ y/qtbase/qmake/Makefile.unix
@@ -269,7 +269,7 @@ qlibraryinfo.o: $(SOURCE_PATH)/src/corelib/global/qlibraryinfo.cpp
$(CXX) -c -o $@ $(CXXFLAGS) -DQT_BUILD_QMAKE_BOOTSTRAP $<
qlibraryinfo_final.o: $(SOURCE_PATH)/src/corelib/global/qlibraryinfo.cpp $(BUILD_PATH)/src/corelib/global/qconfig.cpp
- $(CXX) -c -o $@ $(CXXFLAGS) $<
+ $(CXX) -c -o $@ $(CXXFLAGS) $(SOURCE_PATH)/src/corelib/global/qlibraryinfo.cpp
qnumeric.o: $(SOURCE_PATH)/src/corelib/global/qnumeric.cpp
$(CXX) -c -o $@ $(CXXFLAGS) $<
--
2.17.0

View File

@ -0,0 +1,30 @@
From ca8779363fd30a1b8fd80ce4ebacc4741b041c76 Mon Sep 17 00:00:00 2001
From: BogDan Vatra <bogdan@kdab.com>
Date: Tue, 20 Mar 2018 10:36:43 +0200
Subject: [PATCH] Android: Fix crash
Android doesn't like nor use RTLD_NODELETE
Tasnk-number: QTBUG-64654
Change-Id: I2d884bbf22a681cca592942eba84ba97327ba974
Reviewed-by: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
---
src/corelib/plugin/qlibrary_unix.cpp | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git x/qtbase/src/corelib/plugin/qlibrary_unix.cpp y/qtbase/src/corelib/plugin/qlibrary_unix.cpp
index 23b9ad6434..296af9da7a 100644
--- x/qtbase/src/corelib/plugin/qlibrary_unix.cpp
+++ y/qtbase/src/corelib/plugin/qlibrary_unix.cpp
@@ -155,7 +155,7 @@ bool QLibraryPrivate::load_sys()
// Do not unload the library during dlclose(). Consequently, the
// library's specific static variables are not reinitialized if the
// library is reloaded with dlopen() at a later time.
-#ifdef RTLD_NODELETE
+#if defined(RTLD_NODELETE) && !defined(Q_OS_ANDROID)
if (loadHints & QLibrary::PreventUnloadHint) {
dlFlags |= RTLD_NODELETE;
}
--
2.19.1

View File

@ -0,0 +1,37 @@
From 48789f354ffe99aa28c08f55240e0b0a4deaa377 Mon Sep 17 00:00:00 2001
From: BogDan Vatra <bogdan@kdab.com>
Date: Mon, 1 Oct 2018 15:46:46 +0300
Subject: [PATCH] Android: fix compile with NDK r18+
In NDK r18, libc++.so was renamed to libc++.so.XX where XX is the Android
API level.
[ChangeLog][Android] Fixed build issue with NDK r18+.
Task-number: QTBUG-70631
Task-number: QTBUG-70779
Change-Id: Id0d2955648197e3054e3c69263b5a90d57964f6c
---
mkspecs/android-clang/qmake.conf | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git x/qtbase/mkspecs/android-clang/qmake.conf y/qtbase/mkspecs/android-clang/qmake.conf
index b665000d00..1f5e690329 100644
--- x/qtbase/mkspecs/android-clang/qmake.conf
+++ y/qtbase/mkspecs/android-clang/qmake.conf
@@ -40,7 +40,11 @@ QMAKE_CFLAGS += -DANDROID_HAS_WSTRING --sysroot=$$NDK_ROOT/sysroot \
ANDROID_SOURCES_CXX_STL_LIBDIR = $$NDK_ROOT/sources/cxx-stl/llvm-libc++/libs/$$ANDROID_TARGET_ARCH
ANDROID_STDCPP_PATH = $$ANDROID_SOURCES_CXX_STL_LIBDIR/libc++_shared.so
-ANDROID_CXX_STL_LIBS = -lc++
+
+exists($$ANDROID_SOURCES_CXX_STL_LIBDIR/libc++.so): \
+ ANDROID_CXX_STL_LIBS = -lc++
+else: \
+ ANDROID_CXX_STL_LIBS = $$ANDROID_SOURCES_CXX_STL_LIBDIR/libc++.so.$$replace(ANDROID_PLATFORM, "android-", "")
QMAKE_CFLAGS_OPTIMIZE_SIZE = -Oz
--
2.19.0

View File

@ -1,73 +0,0 @@
From 26383dba15ceed74b36dd71e5b1837c63aade927 Mon Sep 17 00:00:00 2001
From: Lars Schmertmann <Lars.Schmertmann@governikus.de>
Date: Thu, 14 Sep 2017 12:47:11 +0200
Subject: Avoid using deprecated APIs on iOS 10.0+
Change-Id: Ic9dc6a24ef793a29c2652ad37bc11120e2e6ceef
---
src/gui/util/qdesktopservices.cpp | 13 +++++++++++++
src/plugins/platforms/ios/qiosservices.mm | 14 ++++++++++++--
2 files changed, 25 insertions(+), 2 deletions(-)
diff --git x/qtbase/src/gui/util/qdesktopservices.cpp y/qtbase/src/gui/util/qdesktopservices.cpp
index c9747877f7..77ccc02aa5 100644
--- x/qtbase/src/gui/util/qdesktopservices.cpp
+++ y/qtbase/src/gui/util/qdesktopservices.cpp
@@ -177,6 +177,19 @@ void QOpenUrlHandlerRegistry::handlerDestroyed(QObject *handler)
still fail to launch or fail to open the requested URL. This result will not be reported back
to the application.
+ \warning URLs passed to this function on iOS will not load unless their schemes are
+ listed in the \c LSApplicationQueriesSchemes key of the application's Info.plist file.
+ For more information, see the Apple Developer Documentation for
+ \l{https://developer.apple.com/documentation/uikit/uiapplication/1622952-canopenurl}{canOpenURL(_:)}.
+ For example, the following lines enable URLs with the HTTPS scheme:
+
+ \code
+ <key>LSApplicationQueriesSchemes</key>
+ <array>
+ <string>https</string>
+ </array>
+ \endcode
+
\sa setUrlHandler()
*/
bool QDesktopServices::openUrl(const QUrl &url)
diff --git x/qtbase/src/plugins/platforms/ios/qiosservices.mm y/qtbase/src/plugins/platforms/ios/qiosservices.mm
index 0ecc8e123f..a963a5c05d 100644
--- x/qtbase/src/plugins/platforms/ios/qiosservices.mm
+++ y/qtbase/src/plugins/platforms/ios/qiosservices.mm
@@ -41,6 +41,7 @@
#include <QtCore/qurl.h>
#include <QtGui/qdesktopservices.h>
+#include <QOperatingSystemVersion>
#import <UIKit/UIApplication.h>
@@ -55,11 +56,20 @@ bool QIOSServices::openUrl(const QUrl &url)
return openDocument(url);
NSURL *nsUrl = url.toNSURL();
+ UIApplication *application = [UIApplication sharedApplication];
- if (![[UIApplication sharedApplication] canOpenURL:nsUrl])
+ if (![application canOpenURL:nsUrl])
return false;
- return [[UIApplication sharedApplication] openURL:nsUrl];
+#if QT_DARWIN_PLATFORM_SDK_EQUAL_OR_ABOVE(__MAC_NA, 100000, 100000, __WATCHOS_NA)
+ if (QOperatingSystemVersion::current() >= QOperatingSystemVersion(QOperatingSystemVersion::IOS, 10)) {
+ [application openURL:nsUrl options:@{} completionHandler:nil];
+ return true;
+ } else
+#endif
+ {
+ return [application openURL:nsUrl];
+ }
}
bool QIOSServices::openDocument(const QUrl &url)
--
2.14.1

View File

@ -1,32 +0,0 @@
From 1f505127d1dba4b755fc00360a5bffff8163acb7 Mon Sep 17 00:00:00 2001
From: Lars Schmertmann <Lars.Schmertmann@governikus.de>
Date: Wed, 19 Jul 2017 09:44:01 +0200
Subject: Change build configuration for Qt on iOS
---
mkspecs/macx-ios-clang/qmake.conf | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git x/qtbase/mkspecs/macx-ios-clang/qmake.conf y/qtbase/mkspecs/macx-ios-clang/qmake.conf
index 825e03aa85..fe783faee3 100644
--- x/qtbase/mkspecs/macx-ios-clang/qmake.conf
+++ y/qtbase/mkspecs/macx-ios-clang/qmake.conf
@@ -2,13 +2,13 @@
# qmake configuration for macx-ios-clang
#
-QMAKE_IOS_DEPLOYMENT_TARGET = 8.0
+QMAKE_IOS_DEPLOYMENT_TARGET = 10.0
# Universal target (iPhone and iPad)
QMAKE_APPLE_TARGETED_DEVICE_FAMILY = 1,2
-QMAKE_APPLE_DEVICE_ARCHS = armv7 arm64
-QMAKE_APPLE_SIMULATOR_ARCHS = i386 x86_64
+QMAKE_APPLE_DEVICE_ARCHS = arm64
+QMAKE_APPLE_SIMULATOR_ARCHS = x86_64
include(../common/ios.conf)
include(../common/gcc-base-mac.conf)
--
2.13.2

View File

@ -1,4 +1,4 @@
From 978caa044d4e1c52c90a87490defbac387db58d6 Mon Sep 17 00:00:00 2001
From e1c05843ae1609075807d5a789fc4e6cd8154520 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Klitzing?= <aklitzing@gmail.com>
Date: Mon, 25 Sep 2017 14:10:56 +0200
Subject: [PATCH] Disable unused imageformats
@ -8,10 +8,10 @@ Subject: [PATCH] Disable unused imageformats
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git x/qtimageformats/src/plugins/imageformats/imageformats.pro y/qtimageformats/src/plugins/imageformats/imageformats.pro
index 8c79379..2aa80f5 100644
index d6c59ee..f1fb6d0 100644
--- x/qtimageformats/src/plugins/imageformats/imageformats.pro
+++ y/qtimageformats/src/plugins/imageformats/imageformats.pro
@@ -16,8 +16,7 @@ config_jasper {
@@ -18,8 +18,7 @@ config_jasper {
SUBDIRS += macjp2
}
@ -22,5 +22,5 @@ index 8c79379..2aa80f5 100644
webp
-}
--
2.14.1
2.16.2

View File

@ -1,16 +1,17 @@
From 5cad7717db911f113355b353a6eeb3687f6fbf9a Mon Sep 17 00:00:00 2001
From fc591411928c982f763c2fee060c0665a5b6b8b8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Klitzing?= <aklitzing@gmail.com>
Date: Thu, 23 Jul 2015 12:16:01 +0200
Date: Tue, 10 Oct 2017 13:44:48 +0200
Subject: [PATCH] Enable debug output for OpenSSL
---
src/network/ssl/qsslsocket.cpp | 2 +-
src/network/ssl/qsslsocket_mac.cpp | 1 +
src/network/ssl/qsslsocket_openssl.cpp | 4 ++--
3 files changed, 4 insertions(+), 3 deletions(-)
src/network/ssl/qsslsocket.cpp | 2 +-
src/network/ssl/qsslsocket_mac.cpp | 1 +
src/network/ssl/qsslsocket_mac_shared.cpp | 4 ++--
src/network/ssl/qsslsocket_openssl.cpp | 2 +-
4 files changed, 5 insertions(+), 4 deletions(-)
diff --git x/qtbase/src/network/ssl/qsslsocket.cpp y/qtbase/src/network/ssl/qsslsocket.cpp
index 3e7a30a..61ff7a1 100644
index 5c9ebac283..b843191e89 100644
--- x/qtbase/src/network/ssl/qsslsocket.cpp
+++ y/qtbase/src/network/ssl/qsslsocket.cpp
@@ -39,7 +39,7 @@
@ -23,7 +24,7 @@ index 3e7a30a..61ff7a1 100644
/*!
\class QSslSocket
diff --git x/qtbase/src/network/ssl/qsslsocket_mac.cpp y/qtbase/src/network/ssl/qsslsocket_mac.cpp
index 99ae792..13339c8 100644
index 68c8ccff89..15d887c1f9 100644
--- x/qtbase/src/network/ssl/qsslsocket_mac.cpp
+++ y/qtbase/src/network/ssl/qsslsocket_mac.cpp
@@ -37,6 +37,7 @@
@ -34,11 +35,11 @@ index 99ae792..13339c8 100644
#include "qsslsocket.h"
#include "qssl_p.h"
diff --git x/qtbase/src/network/ssl/qsslsocket_openssl.cpp y/qtbase/src/network/ssl/qsslsocket_openssl.cpp
index 4f62f53..f8d8174 100644
--- x/qtbase/src/network/ssl/qsslsocket_openssl.cpp
+++ y/qtbase/src/network/ssl/qsslsocket_openssl.cpp
@@ -53,8 +53,8 @@
diff --git x/qtbase/src/network/ssl/qsslsocket_mac_shared.cpp y/qtbase/src/network/ssl/qsslsocket_mac_shared.cpp
index d239fe23dd..59436ca276 100644
--- x/qtbase/src/network/ssl/qsslsocket_mac_shared.cpp
+++ y/qtbase/src/network/ssl/qsslsocket_mac_shared.cpp
@@ -38,8 +38,8 @@
**
****************************************************************************/
@ -47,8 +48,21 @@ index 4f62f53..f8d8174 100644
+#define QSSLSOCKET_DEBUG
+#define QT_DECRYPT_SSL_TRAFFIC
#include "qssl_p.h"
#include "qsslsocket.h"
diff --git x/qtbase/src/network/ssl/qsslsocket_openssl.cpp y/qtbase/src/network/ssl/qsslsocket_openssl.cpp
index 2d771b5637..beb361d744 100644
--- x/qtbase/src/network/ssl/qsslsocket_openssl.cpp
+++ y/qtbase/src/network/ssl/qsslsocket_openssl.cpp
@@ -53,7 +53,7 @@
**
****************************************************************************/
-//#define QSSLSOCKET_DEBUG
+#define QSSLSOCKET_DEBUG
#include "qssl_p.h"
#include "qsslsocket_openssl_p.h"
--
2.8.0
2.14.2

View File

@ -0,0 +1,262 @@
From 9f00179a95ef729fa7871b4d408c76bc50e4eb4e Mon Sep 17 00:00:00 2001
From: Lars Schmertmann <Lars.Schmertmann@governikus.de>
Date: Wed, 20 Jun 2018 11:56:19 +0200
Subject: Introduce reportError to fix "QMetaObject::invokeMethod: No such method"
Task-number: QTBUG-67958
Change-Id: Ia5a21cb19f0318844ac436adcc3f0fff9a3185b5
Reviewed-by: Alex Blasche <alexander.blasche@qt.io>
---
src/nfc/qnearfieldtagtype1.cpp | 8 ++----
src/nfc/qnearfieldtarget.cpp | 13 ++++++++++
src/nfc/qnearfieldtarget.h | 2 ++
src/nfc/qnearfieldtarget_android.cpp | 36 +++++++--------------------
src/nfc/qnearfieldtarget_emulator.cpp | 20 ++++-----------
src/nfc/qnearfieldtarget_neard_p.h | 8 ++----
6 files changed, 33 insertions(+), 54 deletions(-)
diff --git x/qtconnectivity/src/nfc/qnearfieldtagtype1.cpp y/qtconnectivity/src/nfc/qnearfieldtagtype1.cpp
index 34f2c8b8..7f27fbe9 100644
--- x/qtconnectivity/src/nfc/qnearfieldtagtype1.cpp
+++ y/qtconnectivity/src/nfc/qnearfieldtagtype1.cpp
@@ -440,9 +440,7 @@ QNearFieldTarget::RequestId QNearFieldTagType1::readNdefMessages()
if (d->m_readNdefMessageState == QNearFieldTagType1Private::NotReadingNdefMessage) {
d->progressToNextNdefReadMessageState();
} else {
- QMetaObject::invokeMethod(this, "error", Qt::QueuedConnection,
- Q_ARG(QNearFieldTarget::Error, NdefReadError),
- Q_ARG(QNearFieldTarget::RequestId, d->m_readNdefRequestId));
+ reportError(QNearFieldTarget::NdefReadError, d->m_readNdefRequestId);
}
return d->m_readNdefRequestId;
@@ -462,9 +460,7 @@ QNearFieldTarget::RequestId QNearFieldTagType1::writeNdefMessages(const QList<QN
d->m_ndefWriteMessages = messages;
d->progressToNextNdefWriteMessageState();
} else {
- QMetaObject::invokeMethod(this, "error", Qt::QueuedConnection,
- Q_ARG(QNearFieldTarget::Error, NdefWriteError),
- Q_ARG(QNearFieldTarget::RequestId, d->m_readNdefRequestId));
+ reportError(QNearFieldTarget::NdefWriteError, d->m_readNdefRequestId);
}
return d->m_writeNdefRequestId;
diff --git x/qtconnectivity/src/nfc/qnearfieldtarget.cpp y/qtconnectivity/src/nfc/qnearfieldtarget.cpp
index e642824b..e9a6fa11 100644
--- x/qtconnectivity/src/nfc/qnearfieldtarget.cpp
+++ y/qtconnectivity/src/nfc/qnearfieldtarget.cpp
@@ -530,4 +530,17 @@ bool QNearFieldTarget::handleResponse(const QNearFieldTarget::RequestId &id,
return true;
}
+/*!
+ \since 5.12
+
+ Reports the \a error for the request \a id by appending the signal emission to the event queue.
+*/
+void QNearFieldTarget::reportError(QNearFieldTarget::Error error,
+ const QNearFieldTarget::RequestId &id)
+{
+ QMetaObject::invokeMethod(this, [this, error, id]() {
+ Q_EMIT this->error(error, id);
+ }, Qt::QueuedConnection);
+}
+
QT_END_NAMESPACE
diff --git x/qtconnectivity/src/nfc/qnearfieldtarget.h y/qtconnectivity/src/nfc/qnearfieldtarget.h
index e51960f7..868b52d5 100644
--- x/qtconnectivity/src/nfc/qnearfieldtarget.h
+++ y/qtconnectivity/src/nfc/qnearfieldtarget.h
@@ -153,6 +153,8 @@ protected:
Q_INVOKABLE virtual bool handleResponse(const QNearFieldTarget::RequestId &id,
const QByteArray &response);
+ void reportError(QNearFieldTarget::Error error, const QNearFieldTarget::RequestId &id);
+
Q_SIGNALS:
void disconnected();
diff --git x/qtconnectivity/src/nfc/qnearfieldtarget_android.cpp y/qtconnectivity/src/nfc/qnearfieldtarget_android.cpp
index e656996e..78da6ac2 100644
--- x/qtconnectivity/src/nfc/qnearfieldtarget_android.cpp
+++ y/qtconnectivity/src/nfc/qnearfieldtarget_android.cpp
@@ -147,25 +147,19 @@ QNearFieldTarget::RequestId NearFieldTarget::readNdefMessages()
// Making sure that target is still in range
QNearFieldTarget::RequestId requestId(new QNearFieldTarget::RequestIdPrivate);
if (!m_intent.isValid()) {
- QMetaObject::invokeMethod(this, "error", Qt::QueuedConnection,
- Q_ARG(QNearFieldTarget::Error, QNearFieldTarget::TargetOutOfRangeError),
- Q_ARG(QNearFieldTarget::RequestId&, requestId));
+ reportError(QNearFieldTarget::TargetOutOfRangeError, requestId);
return requestId;
}
// Getting Ndef technology object
if (!setTagTechnology({NDEFTECHNOLOGY})) {
- QMetaObject::invokeMethod(this, "error", Qt::QueuedConnection,
- Q_ARG(QNearFieldTarget::Error, QNearFieldTarget::UnsupportedError),
- Q_ARG(QNearFieldTarget::RequestId&, requestId));
+ reportError(QNearFieldTarget::UnsupportedError, requestId);
return requestId;
}
// Connect
if (!connect()) {
- QMetaObject::invokeMethod(this, "error", Qt::QueuedConnection,
- Q_ARG(QNearFieldTarget::Error, QNearFieldTarget::TargetOutOfRangeError),
- Q_ARG(QNearFieldTarget::RequestId&, requestId));
+ reportError(QNearFieldTarget::TargetOutOfRangeError, requestId);
return requestId;
}
@@ -174,9 +168,7 @@ QNearFieldTarget::RequestId NearFieldTarget::readNdefMessages()
if (catchJavaExceptions())
ndefMessage = QAndroidJniObject();
if (!ndefMessage.isValid()) {
- QMetaObject::invokeMethod(this, "error", Qt::QueuedConnection,
- Q_ARG(QNearFieldTarget::Error, QNearFieldTarget::NdefReadError),
- Q_ARG(QNearFieldTarget::RequestId&, requestId));
+ reportError(QNearFieldTarget::NdefReadError, requestId);
return requestId;
}
@@ -249,9 +241,7 @@ QNearFieldTarget::RequestId NearFieldTarget::sendCommand(const QByteArray &comma
// Connecting
QNearFieldTarget::RequestId requestId = QNearFieldTarget::RequestId(new QNearFieldTarget::RequestIdPrivate());
if (!connect()) {
- QMetaObject::invokeMethod(this, "error", Qt::QueuedConnection,
- Q_ARG(QNearFieldTarget::Error, QNearFieldTarget::TargetOutOfRangeError),
- Q_ARG(QNearFieldTarget::RequestId&, requestId));
+ reportError(QNearFieldTarget::TargetOutOfRangeError, requestId);
return requestId;
}
@@ -263,9 +253,7 @@ QNearFieldTarget::RequestId NearFieldTarget::sendCommand(const QByteArray &comma
// Writing
QAndroidJniObject myNewVal = m_tagTech.callObjectMethod("transceive", "([B)[B", jba);
if (catchJavaExceptions()) {
- QMetaObject::invokeMethod(this, "error", Qt::QueuedConnection,
- Q_ARG(QNearFieldTarget::Error, QNearFieldTarget::CommandError),
- Q_ARG(QNearFieldTarget::RequestId&, requestId));
+ reportError(QNearFieldTarget::CommandError, requestId);
return requestId;
}
QByteArray result = jbyteArrayToQByteArray(myNewVal.object<jbyteArray>());
@@ -315,9 +303,7 @@ QNearFieldTarget::RequestId NearFieldTarget::writeNdefMessages(const QList<QNdef
// Connecting
QNearFieldTarget::RequestId requestId = QNearFieldTarget::RequestId(new QNearFieldTarget::RequestIdPrivate());
if (!connect()) {
- QMetaObject::invokeMethod(this, "error", Qt::QueuedConnection,
- Q_ARG(QNearFieldTarget::Error, QNearFieldTarget::TargetOutOfRangeError),
- Q_ARG(QNearFieldTarget::RequestId&, requestId));
+ reportError(QNearFieldTarget::TargetOutOfRangeError, requestId);
return requestId;
}
@@ -328,18 +314,14 @@ QNearFieldTarget::RequestId NearFieldTarget::writeNdefMessages(const QList<QNdef
env->SetByteArrayRegion(jba.object<jbyteArray>(), 0, ba.size(), reinterpret_cast<jbyte*>(ba.data()));
QAndroidJniObject jmessage = QAndroidJniObject("android/nfc/NdefMessage", "([B)V", jba.object<jbyteArray>());
if (catchJavaExceptions()) {
- QMetaObject::invokeMethod(this, "error", Qt::QueuedConnection,
- Q_ARG(QNearFieldTarget::Error, QNearFieldTarget::UnknownError),
- Q_ARG(QNearFieldTarget::RequestId&, requestId));
+ reportError(QNearFieldTarget::UnknownError, requestId);
return requestId;
}
// Writing
m_tagTech.callMethod<void>(writeMethod, "(Landroid/nfc/NdefMessage;)V", jmessage.object<jobject>());
if (catchJavaExceptions()) {
- QMetaObject::invokeMethod(this, "error", Qt::QueuedConnection,
- Q_ARG(QNearFieldTarget::Error, QNearFieldTarget::NdefWriteError),
- Q_ARG(QNearFieldTarget::RequestId&, requestId));
+ reportError(QNearFieldTarget::NdefWriteError, requestId);
return requestId;
}
diff --git x/qtconnectivity/src/nfc/qnearfieldtarget_emulator.cpp y/qtconnectivity/src/nfc/qnearfieldtarget_emulator.cpp
index 29b1f74d..030718cc 100644
--- x/qtconnectivity/src/nfc/qnearfieldtarget_emulator.cpp
+++ y/qtconnectivity/src/nfc/qnearfieldtarget_emulator.cpp
@@ -82,9 +82,7 @@ QNearFieldTarget::RequestId TagType1::sendCommand(const QByteArray &command)
// tag not in proximity
if (!tagMap.value(m_tag)) {
- QMetaObject::invokeMethod(this, "error", Qt::QueuedConnection,
- Q_ARG(QNearFieldTarget::Error, TargetOutOfRangeError),
- Q_ARG(QNearFieldTarget::RequestId, id));
+ reportError(QNearFieldTarget::TargetOutOfRangeError, id);
return id;
}
@@ -93,17 +91,13 @@ QNearFieldTarget::RequestId TagType1::sendCommand(const QByteArray &command)
QByteArray response = m_tag->processCommand(command + char(crc & 0xff) + char(crc >> 8));
if (response.isEmpty()) {
- QMetaObject::invokeMethod(this, "error", Qt::QueuedConnection,
- Q_ARG(QNearFieldTarget::Error, NoResponseError),
- Q_ARG(QNearFieldTarget::RequestId, id));
+ reportError(QNearFieldTarget::NoResponseError, id);
return id;
}
// check crc
if (qChecksum(response.constData(), response.length(), Qt::ChecksumItuV41) != 0) {
- QMetaObject::invokeMethod(this, "error", Qt::QueuedConnection,
- Q_ARG(QNearFieldTarget::Error, ChecksumMismatchError),
- Q_ARG(QNearFieldTarget::RequestId, id));
+ reportError(QNearFieldTarget::ChecksumMismatchError, id);
return id;
}
@@ -152,9 +146,7 @@ QNearFieldTarget::RequestId TagType2::sendCommand(const QByteArray &command)
// tag not in proximity
if (!tagMap.value(m_tag)) {
- QMetaObject::invokeMethod(this, "error", Qt::QueuedConnection,
- Q_ARG(QNearFieldTarget::Error, TargetOutOfRangeError),
- Q_ARG(QNearFieldTarget::RequestId, id));
+ reportError(QNearFieldTarget::TargetOutOfRangeError, id);
return id;
}
@@ -168,9 +160,7 @@ QNearFieldTarget::RequestId TagType2::sendCommand(const QByteArray &command)
if (response.length() > 1) {
// check crc
if (qChecksum(response.constData(), response.length(), Qt::ChecksumItuV41) != 0) {
- QMetaObject::invokeMethod(this, "error", Qt::QueuedConnection,
- Q_ARG(QNearFieldTarget::Error, ChecksumMismatchError),
- Q_ARG(QNearFieldTarget::RequestId, id));
+ reportError(QNearFieldTarget::ChecksumMismatchError, id);
return id;
}
diff --git x/qtconnectivity/src/nfc/qnearfieldtarget_neard_p.h y/qtconnectivity/src/nfc/qnearfieldtarget_neard_p.h
index 053df141..625cee67 100644
--- x/qtconnectivity/src/nfc/qnearfieldtarget_neard_p.h
+++ y/qtconnectivity/src/nfc/qnearfieldtarget_neard_p.h
@@ -359,9 +359,7 @@ private:
Q_EMIT this->requestCompleted(this->m_currentReadRequestId);
}, Qt::QueuedConnection);
} else {
- QMetaObject::invokeMethod(this, "error", Qt::QueuedConnection,
- Q_ARG(QNearFieldTarget::Error, QNearFieldTarget::UnknownError),
- Q_ARG(QNearFieldTarget::RequestId, m_currentReadRequestId));
+ this->reportError(QNearFieldTarget::UnknownError, m_currentReadRequestId);
}
m_readRequested = false;
@@ -389,9 +387,7 @@ private:
reply.waitForFinished();
if (reply.isError()) {
qCWarning(QT_NFC_NEARD) << "Error writing to NFC tag" << reply.error();
- QMetaObject::invokeMethod(this, "error", Qt::QueuedConnection,
- Q_ARG(QNearFieldTarget::Error, QNearFieldTarget::UnknownError),
- Q_ARG(QNearFieldTarget::RequestId, m_currentWriteRequestId));
+ this->reportError(QNearFieldTarget::UnknownError, m_currentWriteRequestId);
}
QMetaObject::invokeMethod(this, "ndefMessagesWritten", Qt::QueuedConnection);
--
2.19.1

View File

@ -1,261 +0,0 @@
From b0404383ab573d7550a6564405bb9b1316ff193a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sebastian=20L=C3=B6sch?= <Sebastian.Loesch@governikus.de>
Date: Thu, 21 Apr 2016 09:19:19 +0200
Subject: [PATCH] Make server side signature algorithms configurable
Signature algorithms are used during the TLS handshake phase to protect
transferred security parameters, e.g the message ServerKeyExchange.
This patch enables the configuration of allowed algorithms used by the
server side.
Change-Id: Ia178efd4778b91863fcc919bf50219115b300d77
---
src/network/ssl/qsslconfiguration.cpp | 42 ++++++++++++++++++++++++
src/network/ssl/qsslconfiguration.h | 8 ++++-
src/network/ssl/qsslconfiguration_p.h | 5 +++
src/network/ssl/qsslcontext_openssl.cpp | 45 ++++++++++++++++++++++++++
src/network/ssl/qsslcontext_openssl_p.h | 1 +
src/network/ssl/qsslsocket.cpp | 2 ++
src/network/ssl/qsslsocket_openssl_symbols_p.h | 5 +++
7 files changed, 107 insertions(+), 1 deletion(-)
diff --git x/qtbase/src/network/ssl/qsslconfiguration.cpp y/qtbase/src/network/ssl/qsslconfiguration.cpp
index 75a880f115..37f99feef1 100644
--- x/qtbase/src/network/ssl/qsslconfiguration.cpp
+++ y/qtbase/src/network/ssl/qsslconfiguration.cpp
@@ -221,6 +221,7 @@ bool QSslConfiguration::operator==(const QSslConfiguration &other) const
d->peerVerifyMode == other.d->peerVerifyMode &&
d->peerVerifyDepth == other.d->peerVerifyDepth &&
d->allowRootCertOnDemandLoading == other.d->allowRootCertOnDemandLoading &&
+ d->signatureAndHashAlgorithms == other.d->signatureAndHashAlgorithms &&
d->sslOptions == other.d->sslOptions &&
d->sslSession == other.d->sslSession &&
d->sslSessionTicketLifeTimeHint == other.d->sslSessionTicketLifeTimeHint &&
@@ -263,6 +264,7 @@ bool QSslConfiguration::isNull() const
d->privateKey.isNull() &&
d->peerCertificate.isNull() &&
d->peerCertificateChain.count() == 0 &&
+ d->signatureAndHashAlgorithms.isEmpty() &&
d->sslOptions == QSslConfigurationPrivate::defaultSslOptions &&
d->sslSession.isNull() &&
d->sslSessionTicketLifeTimeHint == -1 &&
@@ -869,6 +871,46 @@ void QSslConfiguration::setDiffieHellmanParameters(const QSslDiffieHellmanParame
d->dhParams = dhparams;
}
+/*!
+ \since 5.9
+
+ Returns the connection's current list of supported signature
+ algorithms if enabled. Enable it by calling
+ setSignatureAndHashAlgorithms().
+
+ \sa setSignatureAndHashAlgorithms()
+ */
+QVector<QPair<QSsl::KeyAlgorithm, QCryptographicHash::Algorithm> > QSslConfiguration::signatureAndHashAlgorithms() const
+{
+ return d->signatureAndHashAlgorithms;
+}
+
+/*!
+ \since 5.9
+
+ Sets the list of signature algorithms to be used for the current
+ connection. The algorithms are expected to be ordered by descending
+ preference (i.e., the first algorithm is the most preferred one).
+ Notice that this restricts the list of supported ciphers (e.g.
+ configuring the signature algorithm RSA+SHA1 will restrict the ciphers
+ to RSA ciphers).
+
+ When configuring the client side this are the algorithms set in the
+ Signature Algorithms TLS extension, see RFC 5246 for details. Although
+ this extension will be ignored for TLS protocol versions prior 1.2
+ this still restricts the supported ciphers as mentioned above.
+
+ By default, the handshake phase can choose any of the algorithms
+ supported by this system's SSL libraries, which may vary from
+ system to system.
+
+ \sa signatureAndHashAlgorithms()
+ */
+void QSslConfiguration::setSignatureAndHashAlgorithms(const QVector<QPair<QSsl::KeyAlgorithm, QCryptographicHash::Algorithm> > &algorithms)
+{
+ d->signatureAndHashAlgorithms = algorithms;
+}
+
/*!
\since 5.3
diff --git x/qtbase/src/network/ssl/qsslconfiguration.h y/qtbase/src/network/ssl/qsslconfiguration.h
index 1c57bebd65..4d3e5129d5 100644
--- x/qtbase/src/network/ssl/qsslconfiguration.h
+++ y/qtbase/src/network/ssl/qsslconfiguration.h
@@ -56,10 +56,13 @@
#ifndef QSSLCONFIGURATION_H
#define QSSLCONFIGURATION_H
-#include <QtNetwork/qtnetworkglobal.h>
+#include <QtCore/qcryptographichash.h>
+#include <QtCore/qpair.h>
#include <QtCore/qshareddata.h>
+#include <QtCore/qvector.h>
#include <QtNetwork/qsslsocket.h>
#include <QtNetwork/qssl.h>
+#include <QtNetwork/qtnetworkglobal.h>
#ifndef QT_NO_SSL
@@ -149,6 +152,9 @@ public:
QSslDiffieHellmanParameters diffieHellmanParameters() const;
void setDiffieHellmanParameters(const QSslDiffieHellmanParameters &dhparams);
+ QVector<QPair<QSsl::KeyAlgorithm, QCryptographicHash::Algorithm> > signatureAndHashAlgorithms() const;
+ void setSignatureAndHashAlgorithms(const QVector<QPair<QSsl::KeyAlgorithm, QCryptographicHash::Algorithm> > &algorithms);
+
static QSslConfiguration defaultConfiguration();
static void setDefaultConfiguration(const QSslConfiguration &configuration);
diff --git x/qtbase/src/network/ssl/qsslconfiguration_p.h y/qtbase/src/network/ssl/qsslconfiguration_p.h
index 6adf2c9b54..7be253973b 100644
--- x/qtbase/src/network/ssl/qsslconfiguration_p.h
+++ y/qtbase/src/network/ssl/qsslconfiguration_p.h
@@ -75,6 +75,9 @@
#include "qsslkey.h"
#include "qsslellipticcurve.h"
#include "qssldiffiehellmanparameters.h"
+#include <QtCore/qcryptographichash.h>
+#include <QtCore/qpair.h>
+#include <QtCore/qvector.h>
QT_BEGIN_NAMESPACE
@@ -123,6 +126,8 @@ public:
QSslDiffieHellmanParameters dhParams;
+ QVector<QPair<QSsl::KeyAlgorithm, QCryptographicHash::Algorithm> > signatureAndHashAlgorithms;
+
QByteArray sslSession;
int sslSessionTicketLifeTimeHint;
diff --git x/qtbase/src/network/ssl/qsslcontext_openssl.cpp y/qtbase/src/network/ssl/qsslcontext_openssl.cpp
index c92d8fc3f8..29df53abc0 100644
--- x/qtbase/src/network/ssl/qsslcontext_openssl.cpp
+++ y/qtbase/src/network/ssl/qsslcontext_openssl.cpp
@@ -42,6 +42,7 @@
#include <QtNetwork/qsslsocket.h>
#include <QtNetwork/qssldiffiehellmanparameters.h>
+#include <QtCore/qmetaobject.h>
#include <QtCore/qmutex.h>
#include "private/qssl_p.h"
@@ -78,6 +79,11 @@ QSslContext::~QSslContext()
q_SSL_SESSION_free(session);
}
+static inline QString msgErrorSettingSignatureAlgorithms(const QString &why)
+{
+ return QSslSocket::tr("Error when setting the signature algorithms (%1)").arg(why);
+}
+
static inline QString msgErrorSettingEllipticCurves(const QString &why)
{
return QSslSocket::tr("Error when setting the elliptic curves (%1)").arg(why);
@@ -371,6 +377,45 @@ init_context:
sslContext->errorCode = QSslError::UnspecifiedError;
}
}
+
+ const auto& sigAndHashAlgorithms = sslContext->sslConfiguration.signatureAndHashAlgorithms();
+ if (!sigAndHashAlgorithms.isEmpty()) {
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+ if (q_SSLeay() >= 0x10002000L) {
+ QMetaEnum hashMetaEnum = QMetaEnum::fromType<QCryptographicHash::Algorithm>();
+ QByteArrayList algorithmList;
+ for (int i=0; i < sigAndHashAlgorithms.size(); ++i) {
+ QByteArray sig;
+ switch (sigAndHashAlgorithms[i].first) {
+ case QSsl::KeyAlgorithm::Rsa:
+ sig = QByteArrayLiteral("RSA");
+ break;
+ case QSsl::KeyAlgorithm::Dsa:
+ sig = QByteArrayLiteral("DSA");
+ break;
+ case QSsl::KeyAlgorithm::Ec:
+ sig = QByteArrayLiteral("ECDSA");
+ break;
+ case QSsl::KeyAlgorithm::Opaque:
+ qCWarning(lcSsl, "Invalid value KeyAlgorithm::Opaque will be ignored");
+ continue;
+ }
+ QByteArray hash = QByteArray(hashMetaEnum.valueToKey(sigAndHashAlgorithms[i].second)).toUpper();
+ algorithmList += sig + QByteArrayLiteral("+") + hash;
+ }
+ QByteArray algorithms = algorithmList.join(':');
+ if (!q_SSL_CTX_set1_sigalgs_list(sslContext->ctx, algorithms.data())) {
+ sslContext->errorStr = msgErrorSettingSignatureAlgorithms(QSslSocketBackendPrivate::getErrorsFromOpenSsl());
+ sslContext->errorCode = QSslError::UnspecifiedError;
+ }
+ } else
+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
+ {
+ // specific algorithms requested, but not possible to set -> error
+ sslContext->errorStr = msgErrorSettingSignatureAlgorithms(QSslSocket::tr("OpenSSL version too old, need at least v1.0.2"));
+ sslContext->errorCode = QSslError::UnspecifiedError;
+ }
+ }
}
QSslContext* QSslContext::fromConfiguration(QSslSocket::SslMode mode, const QSslConfiguration &configuration, bool allowRootCertOnDemandLoading)
diff --git x/qtbase/src/network/ssl/qsslcontext_openssl_p.h y/qtbase/src/network/ssl/qsslcontext_openssl_p.h
index 06a31af5e5..c8c8e1941b 100644
--- x/qtbase/src/network/ssl/qsslcontext_openssl_p.h
+++ y/qtbase/src/network/ssl/qsslcontext_openssl_p.h
@@ -54,6 +54,7 @@
//
#include <QtNetwork/private/qtnetworkglobal_p.h>
+#include <QtCore/qobjectdefs.h>
#include <QtCore/qvariant.h>
#include <QtNetwork/qsslcertificate.h>
#include <QtNetwork/qsslconfiguration.h>
diff --git x/qtbase/src/network/ssl/qsslsocket.cpp y/qtbase/src/network/ssl/qsslsocket.cpp
index 8eba5db9fe..c0aa8b9bdf 100644
--- x/qtbase/src/network/ssl/qsslsocket.cpp
+++ y/qtbase/src/network/ssl/qsslsocket.cpp
@@ -922,6 +922,7 @@ void QSslSocket::setSslConfiguration(const QSslConfiguration &configuration)
d->configuration.peerVerifyDepth = configuration.peerVerifyDepth();
d->configuration.peerVerifyMode = configuration.peerVerifyMode();
d->configuration.protocol = configuration.protocol();
+ d->configuration.signatureAndHashAlgorithms = configuration.signatureAndHashAlgorithms();
d->configuration.sslOptions = configuration.d->sslOptions;
d->configuration.sslSession = configuration.sessionTicket();
d->configuration.sslSessionTicketLifeTimeHint = configuration.sessionTicketLifeTimeHint();
@@ -2249,6 +2250,7 @@ void QSslConfigurationPrivate::deepCopyDefaultConfiguration(QSslConfigurationPri
ptr->peerVerifyDepth = global->peerVerifyDepth;
ptr->sslOptions = global->sslOptions;
ptr->ellipticCurves = global->ellipticCurves;
+ ptr->signatureAndHashAlgorithms = global->signatureAndHashAlgorithms;
}
/*!
diff --git x/qtbase/src/network/ssl/qsslsocket_openssl_symbols_p.h y/qtbase/src/network/ssl/qsslsocket_openssl_symbols_p.h
index b35a895d38..d4cd493c45 100644
--- x/qtbase/src/network/ssl/qsslsocket_openssl_symbols_p.h
+++ y/qtbase/src/network/ssl/qsslsocket_openssl_symbols_p.h
@@ -517,6 +517,11 @@ int q_EC_curve_nist2nid(const char *name);
#define q_SSL_get_server_tmp_key(ssl, key) q_SSL_ctrl((ssl), SSL_CTRL_GET_SERVER_TMP_KEY, 0, (char *)key)
#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
+// Signature algorithm extension
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+#define q_SSL_CTX_set1_sigalgs_list(ctx, s) q_SSL_CTX_ctrl((ctx), SSL_CTRL_SET_SIGALGS_LIST, 0, (char *)s)
+#endif // OPENSSL_VERSION_NUMBER >= 0x10002000L
+
// PKCS#12 support
int q_PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca);
PKCS12 *q_d2i_PKCS12_bio(BIO *bio, PKCS12 **pkcs12);
--
2.15.0

View File

@ -1,35 +0,0 @@
From 05eed1cd4505bf9912b84ed39ab1ad22846e7d09 Mon Sep 17 00:00:00 2001
From: Gabriel de Dietrich <gabriel.dedietrich@qt.io>
Date: Fri, 30 Mar 2018 11:58:16 -0700
Subject: QCoreTextFontEngine: Fix build with Xcode 9.3
Apple LLVM version 9.1.0 (clang-902.0.39.1)
Error message:
.../qfontengine_coretext.mm:827:20: error: qualified reference to
'QFixed' is a constructor name rather than a type in this context
return QFixed::QFixed(int(CTFontGetUnitsPerEm(ctfont)));
Change-Id: Iebe26b3b087a16b10664208fc8851cbddb47f043
Reviewed-by: Konstantin Ritt <ritt.ks@gmail.com>
---
src/platformsupport/fontdatabases/mac/qfontengine_coretext.mm | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git x/qtbase/src/platformsupport/fontdatabases/mac/qfontengine_coretext.mm y/qtbase/src/platformsupport/fontdatabases/mac/qfontengine_coretext.mm
index 66baf162d9..89794ef109 100644
--- x/qtbase/src/platformsupport/fontdatabases/mac/qfontengine_coretext.mm
+++ y/qtbase/src/platformsupport/fontdatabases/mac/qfontengine_coretext.mm
@@ -830,7 +830,7 @@ void QCoreTextFontEngine::getUnscaledGlyph(glyph_t glyph, QPainterPath *path, gl
QFixed QCoreTextFontEngine::emSquareSize() const
{
- return QFixed::QFixed(int(CTFontGetUnitsPerEm(ctfont)));
+ return QFixed(int(CTFontGetUnitsPerEm(ctfont)));
}
QFontEngine *QCoreTextFontEngine::cloneWithSize(qreal pixelSize) const
--
2.16.2

View File

@ -0,0 +1,185 @@
From 78ab3263caae535a3bd31fa35c733ae2a28ca8ba Mon Sep 17 00:00:00 2001
From: Kari Oikarinen <kari.oikarinen@qt.io>
Date: Wed, 26 Sep 2018 10:29:14 +0300
Subject: [PATCH] QObject: Fix isSignalConnected() when signals have been
disconnected
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The bitmap cache for the first 64 signals being connected was only set when the
connection is added. It was never unset when the connection was removed.
Internal use of the connectedSignals bitmap is not hurt by it occasionally
saying a signal is connected even though it is not, since the purpose of those
checks is avoiding expensive operations that are not necessary if nothing is
connected to the signal.
However, the public API using this cache meant that it also never spotted
signals being disconnected. This was not documented. Fix the behavior by only
using the cache if it is up to date. If it is not, use a slower path that gives
the correct answer.
To avoid making disconnections and QObject destructions slower, the cache is
only updated to unset disconnected signals when new signal connections are
added. No extra work is done in the common case where signals are only
removed in the end of the QObject's lifetime.
Fixes: QTBUG-32340
Change-Id: Ieb6e498060157153cec60d9c8f1c33056993fda1
Reviewed-by: Ville Voutilainen <ville.voutilainen@qt.io>
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Olivier Goffart (Woboq GmbH) <ogoffart@woboq.com>
Reviewed-by: Jędrzej Nowacki <jedrzej.nowacki@qt.io>
---
src/corelib/kernel/qobject.cpp | 34 ++++++++----
.../corelib/kernel/qobject/tst_qobject.cpp | 53 +++++++++++++++++++
2 files changed, 76 insertions(+), 11 deletions(-)
diff --git x/qtbase/src/corelib/kernel/qobject.cpp y/qtbase/src/corelib/kernel/qobject.cpp
index c6fe787e03..4532eacf0c 100644
--- x/qtbase/src/corelib/kernel/qobject.cpp
+++ y/qtbase/src/corelib/kernel/qobject.cpp
@@ -418,6 +418,7 @@ void QObjectPrivate::cleanConnectionLists()
{
if (connectionLists->dirty && !connectionLists->inUse) {
// remove broken connections
+ bool allConnected = false;
for (int signal = -1; signal < connectionLists->count(); ++signal) {
QObjectPrivate::ConnectionList &connectionList =
(*connectionLists)[signal];
@@ -429,11 +430,13 @@ void QObjectPrivate::cleanConnectionLists()
QObjectPrivate::Connection **prev = &connectionList.first;
QObjectPrivate::Connection *c = *prev;
+ bool connected = false; // whether the signal is still connected somewhere
while (c) {
if (c->receiver) {
last = c;
prev = &c->nextConnectionList;
c = *prev;
+ connected = true;
} else {
QObjectPrivate::Connection *next = c->nextConnectionList;
*prev = next;
@@ -445,6 +448,14 @@ void QObjectPrivate::cleanConnectionLists()
// Correct the connection list's last pointer.
// As conectionList.last could equal last, this could be a noop
connectionList.last = last;
+
+ if (!allConnected && !connected && signal >= 0
+ && size_t(signal) < sizeof(connectedSignals) * 8) {
+ // This signal is no longer connected
+ connectedSignals[signal >> 5] &= ~(1 << (signal & 0x1f));
+ } else if (signal == -1) {
+ allConnected = connected;
+ }
}
connectionLists->dirty = false;
}
@@ -2503,19 +2514,20 @@ bool QObject::isSignalConnected(const QMetaMethod &signal) const
signalIndex += QMetaObjectPrivate::signalOffset(signal.mobj);
- if (signalIndex < sizeof(d->connectedSignals) * 8)
+ QMutexLocker locker(signalSlotLock(this));
+ if (!d->connectionLists)
+ return false;
+
+ if (signalIndex < sizeof(d->connectedSignals) * 8 && !d->connectionLists->dirty)
return d->isSignalConnected(signalIndex);
- QMutexLocker locker(signalSlotLock(this));
- if (d->connectionLists) {
- if (signalIndex < uint(d->connectionLists->count())) {
- const QObjectPrivate::Connection *c =
- d->connectionLists->at(signalIndex).first;
- while (c) {
- if (c->receiver)
- return true;
- c = c->nextConnectionList;
- }
+ if (signalIndex < uint(d->connectionLists->count())) {
+ const QObjectPrivate::Connection *c =
+ d->connectionLists->at(signalIndex).first;
+ while (c) {
+ if (c->receiver)
+ return true;
+ c = c->nextConnectionList;
}
}
return false;
diff --git x/qtbase/tests/auto/corelib/kernel/qobject/tst_qobject.cpp y/qtbase/tests/auto/corelib/kernel/qobject/tst_qobject.cpp
index ec57522f48..20ce905265 100644
--- x/qtbase/tests/auto/corelib/kernel/qobject/tst_qobject.cpp
+++ y/qtbase/tests/auto/corelib/kernel/qobject/tst_qobject.cpp
@@ -104,6 +104,7 @@ private slots:
void deleteQObjectWhenDeletingEvent();
void overloads();
void isSignalConnected();
+ void isSignalConnectedAfterDisconnection();
void qMetaObjectConnect();
void qMetaObjectDisconnectOne();
void sameName();
@@ -3843,6 +3844,58 @@ void tst_QObject::isSignalConnected()
QVERIFY(!o.isSignalConnected(QMetaMethod()));
}
+void tst_QObject::isSignalConnectedAfterDisconnection()
+{
+ ManySignals o;
+ const QMetaObject *meta = o.metaObject();
+
+ const QMetaMethod sig00 = meta->method(meta->indexOfSignal("sig00()"));
+ QVERIFY(!o.isSignalConnected(sig00));
+ QObject::connect(&o, &ManySignals::sig00, qt_noop);
+ QVERIFY(o.isSignalConnected(sig00));
+ QVERIFY(QObject::disconnect(&o, &ManySignals::sig00, 0, 0));
+ QVERIFY(!o.isSignalConnected(sig00));
+
+ const QMetaMethod sig69 = meta->method(meta->indexOfSignal("sig69()"));
+ QVERIFY(!o.isSignalConnected(sig69));
+ QObject::connect(&o, &ManySignals::sig69, qt_noop);
+ QVERIFY(o.isSignalConnected(sig69));
+ QVERIFY(QObject::disconnect(&o, &ManySignals::sig69, 0, 0));
+ QVERIFY(!o.isSignalConnected(sig69));
+
+ {
+ ManySignals o2;
+ QObject::connect(&o, &ManySignals::sig00, &o2, &ManySignals::sig00);
+ QVERIFY(o.isSignalConnected(sig00));
+ // o2 is destructed
+ }
+ QVERIFY(!o.isSignalConnected(sig00));
+
+ const QMetaMethod sig01 = meta->method(meta->indexOfSignal("sig01()"));
+ QObject::connect(&o, &ManySignals::sig00, qt_noop);
+ QObject::connect(&o, &ManySignals::sig01, qt_noop);
+ QObject::connect(&o, &ManySignals::sig69, qt_noop);
+ QVERIFY(o.isSignalConnected(sig00));
+ QVERIFY(o.isSignalConnected(sig01));
+ QVERIFY(o.isSignalConnected(sig69));
+ QVERIFY(QObject::disconnect(&o, &ManySignals::sig69, 0, 0));
+ QVERIFY(o.isSignalConnected(sig00));
+ QVERIFY(o.isSignalConnected(sig01));
+ QVERIFY(!o.isSignalConnected(sig69));
+ QVERIFY(QObject::disconnect(&o, &ManySignals::sig00, 0, 0));
+ QVERIFY(!o.isSignalConnected(sig00));
+ QVERIFY(o.isSignalConnected(sig01));
+ QVERIFY(!o.isSignalConnected(sig69));
+ QObject::connect(&o, &ManySignals::sig69, qt_noop);
+ QVERIFY(!o.isSignalConnected(sig00));
+ QVERIFY(o.isSignalConnected(sig01));
+ QVERIFY(o.isSignalConnected(sig69));
+ QVERIFY(QObject::disconnect(&o, &ManySignals::sig01, 0, 0));
+ QVERIFY(!o.isSignalConnected(sig00));
+ QVERIFY(!o.isSignalConnected(sig01));
+ QVERIFY(o.isSignalConnected(sig69));
+}
+
void tst_QObject::qMetaObjectConnect()
{
SenderObject *s = new SenderObject;
--
2.19.1

View File

@ -0,0 +1,108 @@
From 2e492dc6a6cf9e73a04f65e133ea4e97324a68da Mon Sep 17 00:00:00 2001
From: Robbert Proost <robbert.proost@outlook.com>
Date: Thu, 18 Jan 2018 09:52:49 +0100
Subject: [PATCH] QUrl: Support IPv6 addresses with zone id
Task-number: QTBUG-25550
Change-Id: I37ec02b655abe2779aa11945e20550ce00e43723
---
src/corelib/io/qurl.cpp | 63 ++++++++++++++++---------
tests/auto/corelib/io/qurl/tst_qurl.cpp | 52 ++++++++++++++++++++
2 files changed, 92 insertions(+), 23 deletions(-)
diff --git x/qtbase/src/corelib/io/qurl.cpp y/qtbase/src/corelib/io/qurl.cpp
index 4587b9fcd6..e2a66c8459 100644
--- x/qtbase/src/corelib/io/qurl.cpp
+++ y/qtbase/src/corelib/io/qurl.cpp
@@ -1203,16 +1203,18 @@ inline void QUrlPrivate::setQuery(const QString &value, int from, int iend)
inline void QUrlPrivate::appendHost(QString &appendTo, QUrl::FormattingOptions options) const
{
- // EncodeUnicode is the only flag that matters
- if ((options & QUrl::FullyDecoded) == QUrl::FullyDecoded)
- options = 0;
- else
- options &= QUrl::EncodeUnicode;
if (host.isEmpty())
return;
if (host.at(0).unicode() == '[') {
- // IPv6Address and IPvFuture address never require any transformation
- appendTo += host;
+ // IPv6 addresses might contain a zone-id which needs to be recoded
+ QString hostInCorrectFormat;
+ if (options != 0)
+ qt_urlRecode(hostInCorrectFormat, host.constBegin(), host.constEnd(), options, 0);
+
+ if (hostInCorrectFormat.isEmpty())
+ hostInCorrectFormat = host;
+
+ appendTo += hostInCorrectFormat;
} else {
// this is either an IPv4Address or a reg-name
// if it is a reg-name, it is already stored in Unicode form
@@ -1278,31 +1280,46 @@ static const QChar *parseIpFuture(QString &host, const QChar *begin, const QChar
// ONLY the IPv6 address is parsed here, WITHOUT the brackets
static const QChar *parseIp6(QString &host, const QChar *begin, const QChar *end, QUrl::ParsingMode mode)
{
- QIPAddressUtils::IPv6Address address;
- const QChar *ret = QIPAddressUtils::parseIp6(address, begin, end);
- if (ret) {
- // this struct is kept in automatic storage because it's only 4 bytes
+ QString decoded;
+ if (mode == QUrl::TolerantMode) {
const ushort decodeColon[] = { decode(':'), 0 };
+ if (qt_urlRecode(decoded, begin, end, QUrl::ComponentFormattingOption::PrettyDecoded, decodeColon) == 0) {
+ decoded = QString(begin, end-begin);
+ }
+ }
+ else {
+ decoded = QString(begin, end-begin);
+ }
- // IPv6 failed parsing, check if it was a percent-encoded character in
- // the middle and try again
- QString decoded;
- if (mode == QUrl::TolerantMode && qt_urlRecode(decoded, begin, end, 0, decodeColon)) {
- // recurse
- // if the parsing fails again, the qt_urlRecode above will return 0
- ret = parseIp6(host, decoded.constBegin(), decoded.constEnd(), mode);
+ const QLatin1String zoneIdIdentifier("%25");
+ QIPAddressUtils::IPv6Address address;
+ QString zoneId;
+
+ const QChar *endBeforeZoneId = decoded.constEnd();
+
+ int zoneIdPosition = decoded.indexOf(zoneIdIdentifier);
+ if ((zoneIdPosition != -1) && (decoded.lastIndexOf(zoneIdIdentifier) == zoneIdPosition)) {
+ zoneId = decoded.mid(zoneIdPosition + zoneIdIdentifier.size());
+ endBeforeZoneId = decoded.constBegin() + zoneIdPosition;
- // we can't return ret, otherwise it would be dangling
- return ret ? end : 0;
+ if (zoneId.isEmpty() == true) {
+ return end;
}
+ }
- // no transformation, nothing to re-parse
- return ret;
+ const QChar *ret = QIPAddressUtils::parseIp6(address, decoded.constBegin(), endBeforeZoneId);
+ if (ret) {
+ return begin + (ret - decoded.constBegin());
}
- host.reserve(host.size() + (end - begin));
+ host.reserve(host.size() + (decoded.constEnd() - decoded.constBegin()));
host += QLatin1Char('[');
QIPAddressUtils::toString(host, address);
+
+ if (zoneId.isEmpty() == false) {
+ host += zoneIdIdentifier;
+ host += zoneId;
+ }
host += QLatin1Char(']');
return 0;
}
--
2.18.0

View File

@ -1,123 +0,0 @@
From 3885257e655cefd1f8b18247aff76020c75379e1 Mon Sep 17 00:00:00 2001
From: Lars Schmertmann <Lars.Schmertmann@governikus.de>
Date: Fri, 24 Mar 2017 11:20:14 +0100
Subject: [PATCH] Register additional meta types
Register QLowEnergyCharacteristic and QLowEnergyDescriptor
as meta types because they are used in signals.
[ChangeLog][QtBluetooth] Register QLowEnergyCharacteristic
and QLowEnergyDescriptor as meta types. It is therefore
necessary to declare them as meta types in the header files.
This commit will cause conflicts with existing meta type
declarations in applications using Qt. These declarations
need to be removed.
Change-Id: I18f33b1b2f159cffd6efbacc37178286b86a06e0
Reviewed-by: Alex Blasche <alexander.blasche@qt.io>
---
src/bluetooth/osx/osxbtcentralmanager.mm | 2 --
src/bluetooth/qlowenergycharacteristic.h | 2 ++
src/bluetooth/qlowenergycontroller_p.h | 5 -----
src/bluetooth/qlowenergydescriptor.h | 2 ++
src/bluetooth/qlowenergyservice.cpp | 2 ++
.../test/tst_qlowenergycontroller-gattserver.cpp | 4 ----
tests/auto/qlowenergycontroller/tst_qlowenergycontroller.cpp | 3 ---
7 files changed, 6 insertions(+), 14 deletions(-)
diff --git x/qtconnectivity/src/bluetooth/osx/osxbtcentralmanager.mm y/qtconnectivity/src/bluetooth/osx/osxbtcentralmanager.mm
index ec046d1b..70473f1f 100644
--- x/qtconnectivity/src/bluetooth/osx/osxbtcentralmanager.mm
+++ y/qtconnectivity/src/bluetooth/osx/osxbtcentralmanager.mm
@@ -48,8 +48,6 @@
#include <algorithm>
#include <limits>
-Q_DECLARE_METATYPE(QLowEnergyCharacteristic)
-Q_DECLARE_METATYPE(QLowEnergyDescriptor)
Q_DECLARE_METATYPE(QLowEnergyHandle)
QT_BEGIN_NAMESPACE
diff --git x/qtconnectivity/src/bluetooth/qlowenergycharacteristic.h y/qtconnectivity/src/bluetooth/qlowenergycharacteristic.h
index b991e9a2..154c9936 100644
--- x/qtconnectivity/src/bluetooth/qlowenergycharacteristic.h
+++ y/qtconnectivity/src/bluetooth/qlowenergycharacteristic.h
@@ -107,4 +107,6 @@ Q_DECLARE_OPERATORS_FOR_FLAGS(QLowEnergyCharacteristic::PropertyTypes)
QT_END_NAMESPACE
+Q_DECLARE_METATYPE(QLowEnergyCharacteristic)
+
#endif // QLOWENERGYCHARACTERISTIC_H
diff --git x/qtconnectivity/src/bluetooth/qlowenergycontroller_p.h y/qtconnectivity/src/bluetooth/qlowenergycontroller_p.h
index b92716e9..6e866144 100644
--- x/qtconnectivity/src/bluetooth/qlowenergycontroller_p.h
+++ y/qtconnectivity/src/bluetooth/qlowenergycontroller_p.h
@@ -497,11 +497,6 @@ Q_DECLARE_TYPEINFO(QLowEnergyControllerPrivate::Attribute, Q_MOVABLE_TYPE);
QT_END_NAMESPACE
-#ifdef QT_WINRT_BLUETOOTH
-Q_DECLARE_METATYPE(QLowEnergyCharacteristic)
-Q_DECLARE_METATYPE(QLowEnergyDescriptor)
-#endif // QT_WINRT_BLUETOOTH
-
#endif // QT_OSX_BLUETOOTH || QT_IOS_BLUETOOTH
#endif // QLOWENERGYCONTROLLERPRIVATE_P_H
diff --git x/qtconnectivity/src/bluetooth/qlowenergydescriptor.h y/qtconnectivity/src/bluetooth/qlowenergydescriptor.h
index 1dfe1c35..9e71fc56 100644
--- x/qtconnectivity/src/bluetooth/qlowenergydescriptor.h
+++ y/qtconnectivity/src/bluetooth/qlowenergydescriptor.h
@@ -89,4 +89,6 @@ protected:
QT_END_NAMESPACE
+Q_DECLARE_METATYPE(QLowEnergyDescriptor)
+
#endif // QLOWENERGYDESCRIPTOR_H
diff --git x/qtconnectivity/src/bluetooth/qlowenergyservice.cpp y/qtconnectivity/src/bluetooth/qlowenergyservice.cpp
index 6e33c565..9d3129fd 100644
--- x/qtconnectivity/src/bluetooth/qlowenergyservice.cpp
+++ y/qtconnectivity/src/bluetooth/qlowenergyservice.cpp
@@ -380,6 +380,8 @@ QLowEnergyService::QLowEnergyService(QSharedPointer<QLowEnergyServicePrivate> p,
qRegisterMetaType<QLowEnergyService::ServiceError>();
qRegisterMetaType<QLowEnergyService::ServiceType>();
qRegisterMetaType<QLowEnergyService::WriteMode>();
+ qRegisterMetaType<QLowEnergyCharacteristic>();
+ qRegisterMetaType<QLowEnergyDescriptor>();
connect(p.data(), SIGNAL(error(QLowEnergyService::ServiceError)),
this, SIGNAL(error(QLowEnergyService::ServiceError)));
diff --git x/qtconnectivity/tests/auto/qlowenergycontroller-gattserver/test/tst_qlowenergycontroller-gattserver.cpp y/qtconnectivity/tests/auto/qlowenergycontroller-gattserver/test/tst_qlowenergycontroller-gattserver.cpp
index 3df27d92..e01457eb 100644
--- x/qtconnectivity/tests/auto/qlowenergycontroller-gattserver/test/tst_qlowenergycontroller-gattserver.cpp
+++ y/qtconnectivity/tests/auto/qlowenergycontroller-gattserver/test/tst_qlowenergycontroller-gattserver.cpp
@@ -243,10 +243,6 @@ void TestQLowEnergyControllerGattServer::advertisedData()
QVERIFY(m_serverInfo.serviceUuids().contains(QBluetoothUuid(quint16(0x2000))));
}
-// TODO: Why on earth is this not in the library???
-Q_DECLARE_METATYPE(QLowEnergyCharacteristic)
-Q_DECLARE_METATYPE(QLowEnergyDescriptor)
-
void TestQLowEnergyControllerGattServer::serverCommunication()
{
qRegisterMetaType<QLowEnergyCharacteristic>();
diff --git x/qtconnectivity/tests/auto/qlowenergycontroller/tst_qlowenergycontroller.cpp y/qtconnectivity/tests/auto/qlowenergycontroller/tst_qlowenergycontroller.cpp
index 7b02dbcd..c6fd83e6 100644
--- x/qtconnectivity/tests/auto/qlowenergycontroller/tst_qlowenergycontroller.cpp
+++ y/qtconnectivity/tests/auto/qlowenergycontroller/tst_qlowenergycontroller.cpp
@@ -91,9 +91,6 @@ private:
QList<QBluetoothUuid> foundServices;
};
-Q_DECLARE_METATYPE(QLowEnergyCharacteristic)
-Q_DECLARE_METATYPE(QLowEnergyDescriptor)
-
tst_QLowEnergyController::tst_QLowEnergyController()
{
qRegisterMetaType<QLowEnergyCharacteristic>();
--
2.14.2

View File

@ -0,0 +1,52 @@
From 2e80dec588c21cfeb086912cf6c6a011c6b6b896 Mon Sep 17 00:00:00 2001
From f3e9a6e63740d922577d331f6cbe57fd43888472 Mon Sep 17 00:00:00 2001
From: Lars Schmertmann <Lars.Schmertmann@governikus.de>
Date: Mon, 16 Apr 2018 08:34:42 +0200
Subject: Remove Qt Labs specific plugins from the build
---
qtquickcontrols2/src/imports/imports.pro | 2 --
qtdeclarative/src/imports/imports.pro | 4 ----
2 file changed, 6 deletions(-)
diff --git x/qtquickcontrols2/src/imports/imports.pro y/qtquickcontrols2/src/imports/imports.pro
index e32bded7..944c9292 100644
--- x/qtquickcontrols2/src/imports/imports.pro
+++ y/qtquickcontrols2/src/imports/imports.pro
@@ -1,8 +1,6 @@
TEMPLATE = subdirs
SUBDIRS += \
controls \
- calendar \
- platform \
templates
SUBDIRS += \
diff --git x/qtdeclarative/src/imports/imports.pro y/qtdeclarative/src/imports/imports.pro
index 5d7e43488..33390bc42 100644
--- x/qtdeclarative/src/imports/imports.pro
+++ y/qtdeclarative/src/imports/imports.pro
@@ -5,7 +5,6 @@
SUBDIRS += \
builtins \
qtqml \
- folderlistmodel \
models
qtHaveModule(sql): SUBDIRS += localstorage
@@ -14,13 +13,11 @@
qtHaveModule(quick) {
SUBDIRS += \
- handlers \
layouts \
qtquick2 \
window
qtHaveModule(testlib): SUBDIRS += testlib
- qtConfig(systemsemaphore): SUBDIRS += sharedimage
qtConfig(quick-particles): \
SUBDIRS += particles
--
2.16.2

View File

@ -0,0 +1,55 @@
From 4ab766863d88a491f91fa81731dbde75d0122d89 Mon Sep 17 00:00:00 2001
From: Timur Pocheptsov <timur.pocheptsov@qt.io>
Date: Mon, 14 May 2018 12:41:23 +0200
Subject: [PATCH] Use QUrl::toString() when forming the 'Host' header
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This allows to correctly use IPv6 literals and also
deals (correctly) with a port (if it's set at all).
Task-number: QTBUG-68245
Change-Id: I6d29543887c4ab58d70f0970a6f0a1b822c301df
Reviewed-by: Thiago Macieira <thiago.macieira@intel.com>
Reviewed-by: Mårten Nordheim <marten.nordheim@qt.io>
---
src/websockets/qwebsocket_p.cpp | 22 ++++++++++++----------
1 file changed, 12 insertions(+), 10 deletions(-)
diff --git x/qtwebsockets/src/websockets/qwebsocket_p.cpp y/qtwebsockets/src/websockets/qwebsocket_p.cpp
index d233b66..9b27ad2 100644
--- x/qtwebsockets/src/websockets/qwebsocket_p.cpp
+++ y/qtwebsockets/src/websockets/qwebsocket_p.cpp
@@ -1108,16 +1108,18 @@ void QWebSocketPrivate::processStateChanged(QAbstractSocket::SocketState socketS
headers << qMakePair(QString::fromLatin1(key),
QString::fromLatin1(m_request.rawHeader(key)));
- const QString handshake =
- createHandShakeRequest(m_resourceName,
- m_request.url().host()
- % QStringLiteral(":")
- % QString::number(m_request.url().port(port)),
- origin(),
- QString(),
- QString(),
- m_key,
- headers);
+ const auto format = QUrl::RemoveScheme | QUrl::RemoveUserInfo
+ | QUrl::RemovePath | QUrl::RemoveQuery
+ | QUrl::RemoveFragment | QUrl::RemovePort;
+ const QString host = m_request.url().toString(format).mid(2);
+ const QString handshake = createHandShakeRequest(m_resourceName,
+ host % QStringLiteral(":")
+ % QString::number(m_request.url().port(port)),
+ origin(),
+ QString(),
+ QString(),
+ m_key,
+ headers);
if (handshake.isEmpty()) {
m_pSocket->abort();
Q_EMIT q->error(QAbstractSocket::ConnectionRefusedError);
--
2.19.0

View File

@ -0,0 +1,33 @@
From bbd5c6feea8632c8321d3cd7a16a262d90f856e8 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Klitzing?= <aklitzing@gmail.com>
Date: Thu, 22 Nov 2018 11:44:39 +0100
Subject: [PATCH] Use user provided session data if available
If a user uses persistent sessions and provide the session to
Qt again with setSessionTicket it should be used with a higher
priority.
This is also a work-around for QTBUG-71967.
Change-Id: I7351b669b6de2863136d6106dc4f73fa5c7b8c51
---
src/network/ssl/qsslcontext_openssl.cpp | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git x/qtbase/src/network/ssl/qsslcontext_openssl.cpp y/qtbase/src/network/ssl/qsslcontext_openssl.cpp
index 41b759364b..24dbc9ecbc 100644
--- x/qtbase/src/network/ssl/qsslcontext_openssl.cpp
+++ y/qtbase/src/network/ssl/qsslcontext_openssl.cpp
@@ -134,8 +134,9 @@ SSL* QSslContext::createSsl()
SSL* ssl = q_SSL_new(ctx);
q_SSL_clear(ssl);
- if (!session && !sessionASN1().isEmpty()
+ if (!m_sessionASN1.isEmpty()
&& !sslConfiguration.testSslOption(QSsl::SslOptionDisableSessionPersistence)) {
+ q_SSL_SESSION_free(session);
const unsigned char *data = reinterpret_cast<const unsigned char *>(m_sessionASN1.constData());
session = q_d2i_SSL_SESSION(0, &data, m_sessionASN1.size()); // refcount is 1 already, set by function above
}
--
2.19.1

View File

@ -0,0 +1,132 @@
From d64ee0c6be7e9ce672382709d8ea38e30d1d5e0d Mon Sep 17 00:00:00 2001
From: Oliver Wolff <oliver.wolff@qt.io>
Date: Tue, 12 Dec 2017 20:02:55 +0100
Subject: configure: detect fxc.exe more thoroughly
When building ANGLE, we need the shader compiler (fxc.exe), which is not
shipped with MinGW. Previously, we required an installed DirectX SDK.
For Windows versions >= 8, the DX SDK is also part of the Windows Kit,
so we also allow the user to specify the location of the Windows Kit.
We also detect fxc on 64-bit hosts now, and in newer SDK versions which
version the binary directory.
The detected binary is now exported by configure, so the ANGLE project
file does not need to duplicate the logic anymore.
Task-number: QTBUG-52487
Change-Id: I41a17992909041dd84291b69498195cc8b8fab8a
---
src/angle/src/common/common.pri | 16 +---------------
src/gui/configure.json | 11 +++--------
src/gui/configure.pri | 31 +++++++++++++++++++++++++++----
3 files changed, 31 insertions(+), 27 deletions(-)
diff --git x/qtbase/src/angle/src/common/common.pri y/qtbase/src/angle/src/common/common.pri
index c1fad14951..2c0af02b58 100644
--- x/qtbase/src/angle/src/common/common.pri
+++ y/qtbase/src/angle/src/common/common.pri
@@ -21,20 +21,6 @@ lib_replace.replace = \$\$\$\$[QT_INSTALL_LIBS]
lib_replace.CONFIG = path
QMAKE_PRL_INSTALL_REPLACE += lib_replace
-# DirectX is included in the Windows 8 Kit, but everything else requires the DX SDK.
-winrt|msvc {
- FXC = fxc.exe
-} else {
- DX_DIR = $$(DXSDK_DIR)
- isEmpty(DX_DIR) {
- error("Cannot determine DirectX SDK location. Please set DXSDK_DIR environment variable.")
- }
-
- equals(QMAKE_TARGET.arch, x86_64) {
- FXC = \"$${DX_DIR}Utilities\\bin\\x64\\fxc.exe\"
- } else {
- FXC = \"$${DX_DIR}Utilities\\bin\\x86\\fxc.exe\"
- }
-}
+FXC = $$shell_quote($$shell_path($$QMAKE_FXC_LOCATION))
static: DEFINES *= LIBGLESV2_EXPORT_H_ ANGLE_EXPORT=
diff --git x/qtbase/src/gui/configure.json y/qtbase/src/gui/configure.json
index 4145ceddf6..2a96bc5a75 100644
--- x/qtbase/src/gui/configure.json
+++ y/qtbase/src/gui/configure.json
@@ -702,10 +702,6 @@
}
},
- "testTypeAliases": {
- "files": [ "fxc" ]
- },
-
"tests": {
"angle_d3d11_qdtd": {
"label": "D3D11_QUERY_DATA_TIMESTAMP_DISJOINT",
@@ -721,9 +717,7 @@
"fxc": {
"label": "Direct3D Shader Compiler",
"type": "fxc",
- "files": [
- "fxc.exe"
- ]
+ "log": "value"
},
"egl-x11": {
"label": "EGL on X11",
@@ -976,7 +970,8 @@
"condition": "features.dxguid && tests.fxc && (features.direct3d9 || (config.winrt && features.direct3d11 && libs.d3dcompiler))",
"output": [
"publicFeature",
- { "type": "define", "name": "QT_OPENGL_ES_2_ANGLE" }
+ { "type": "define", "name": "QT_OPENGL_ES_2_ANGLE" },
+ { "type": "varAssign", "name": "QMAKE_FXC_LOCATION", "value": "tests.fxc.value" }
]
},
"angle_d3d11_qdtd": {
diff --git x/qtbase/src/gui/configure.pri y/qtbase/src/gui/configure.pri
index f53a93063c..bc27a756a3 100644
--- x/qtbase/src/gui/configure.pri
+++ y/qtbase/src/gui/configure.pri
@@ -20,12 +20,35 @@ defineTest(qtConfLibrary_freetype) {
# DXSDK_DIR variable. Starting with Windows Kit 8, it is included in
# the Windows SDK.
defineTest(qtConfTest_fxc) {
- dxdir = $$getenv("DXSDK_DIR")
- !isEmpty(dxdir) {
- EXTRA_PATH += $$dxdir/Utilities/bin/x86
+ !mingw {
+ fxc = $$qtConfFindInPath("fxc.exe")
+ } else {
+ equals(QMAKE_HOST.arch, x86_64): \
+ fns = x64/fxc.exe
+ else: \
+ fns = x86/fxc.exe
+ dxdir = $$(DXSDK_DIR)
+ !isEmpty(dxdir) {
+ fxc = $$dxdir/Utilities/bin/$$fns
+ } else {
+ winkitbindir = $$(WindowsSdkVerBinPath)
+ !isEmpty(winkitbindir) {
+ fxc = $$winkitbindir/$$fns
+ } else {
+ winkitdir = $$(WindowsSdkDir)
+ !isEmpty(winkitdir): \
+ fxc = $$winkitdir/bin/$$fns
+ }
+ }
}
- qtConfTest_files($${1}): return(true)
+ !isEmpty(fxc):exists($$fxc) {
+ $${1}.value = $$clean_path($$fxc)
+ export($${1}.value)
+ $${1}.cache += value
+ export($${1}.cache)
+ return(true)
+ }
return(false)
}
--
2.17.0

View File

@ -0,0 +1,442 @@
From 6b73c48ac35de82b95b74f8dd614fe282209cd61 Mon Sep 17 00:00:00 2001
From: Oswald Buddenhagen <oswald.buddenhagen@qt.io>
Date: Tue, 12 Dec 2017 12:21:16 +0100
Subject: configure: refactor directx checks
properly atomize the libraries and express their dependencies, and
adjust the project files accordingly.
note that we don't try to use any additional paths, as all SDKs we
currently support have built-in directx 11 support:
- msvc2013 comes with win sdk 8.1; that is also used for win7 targets
- mingw-64 5.3 (though this one is missing fxc, which is why the code
path for using an external sdk for that remains)
Change-Id: Ib44e389ef46567308293c2bbcad20a96e8ef70c7
---
src/angle/src/common/gles_common.pri | 6 +-
src/angle/src/libEGL/libEGL.pro | 5 +-
src/gui/configure.json | 176 ++++++++++++++----
src/gui/configure.pri | 19 +-
.../fontdatabases/windows/windows.pri | 9 +-
.../fontdatabases/winrt/winrt.pri | 4 +-
src/plugins/platforms/direct2d/direct2d.pro | 3 +-
src/plugins/platforms/platforms.pro | 6 +-
src/plugins/platforms/windows/windows.pri | 2 +
src/plugins/platforms/winrt/winrt.pro | 3 +-
10 files changed, 168 insertions(+), 65 deletions(-)
diff --git x/qtbase/src/angle/src/common/gles_common.pri y/qtbase/src/angle/src/common/gles_common.pri
index 82d38a62e6..927949d758 100644
--- x/qtbase/src/angle/src/common/gles_common.pri
+++ y/qtbase/src/angle/src/common/gles_common.pri
@@ -5,11 +5,11 @@ INCLUDEPATH += $$OUT_PWD/.. $$ANGLE_DIR/src/libANGLE
# Remember to adapt src/gui/configure.* if the Direct X version changes.
!winrt: \
- LIBS_PRIVATE += -ld3d9
+ QMAKE_USE_PRIVATE += d3d9
winrt: \
- LIBS_PRIVATE += -ld3dcompiler -ldxgi -ld3d11
+ QMAKE_USE_PRIVATE += d3dcompiler d3d11 dxgi
-LIBS_PRIVATE += -ldxguid
+QMAKE_USE_PRIVATE += dxguid
STATICLIBS = translator preprocessor
for(libname, STATICLIBS) {
diff --git x/qtbase/src/angle/src/libEGL/libEGL.pro y/qtbase/src/angle/src/libEGL/libEGL.pro
index 9e9c639002..ad2117f2fc 100644
--- x/qtbase/src/angle/src/libEGL/libEGL.pro
+++ y/qtbase/src/angle/src/libEGL/libEGL.pro
@@ -1,9 +1,10 @@
include(../common/common.pri)
DEF_FILE_TARGET = $${TARGET}
TARGET = $$qtLibraryTarget($${LIBEGL_NAME})
-winrt: LIBS_PRIVATE += -ld3d11
+winrt: QMAKE_USE_PRIVATE += d3d11
+QMAKE_USE_PRIVATE += dxguid
-LIBS_PRIVATE += -ldxguid -L$$QT_BUILD_TREE/lib -l$$qtLibraryTarget($${LIBGLESV2_NAME})
+LIBS_PRIVATE += -L$$QT_BUILD_TREE/lib -l$$qtLibraryTarget($${LIBGLESV2_NAME})
DEFINES += GL_APICALL= GL_GLEXT_PROTOTYPES= EGLAPI= LIBEGL_IMPLEMENTATION
diff --git x/qtbase/src/gui/configure.json y/qtbase/src/gui/configure.json
index 219385a108..4145ceddf6 100644
--- x/qtbase/src/gui/configure.json
+++ y/qtbase/src/gui/configure.json
@@ -65,21 +65,79 @@
"-lbcm_host"
]
},
- "direct2d": {
- "label": "Direct 2D",
- "export": "",
+ "dxguid": {
+ "label": "DirectX GUID",
+ "sources": [
+ "-ldxguid"
+ ]
+ },
+ "dxgi": {
+ "label": "DirectX GI",
+ "headers": [ "dxgi.h" ],
+ "sources": [
+ "-ldxgi"
+ ]
+ },
+ "dxgi1_2": {
+ "label": "DirectX GI 1.2",
"test": {
- "include": [ "d3d11_1.h", "d2d1_1.h", "d2d1_1helper.h", "dxgi1_2.h", "wrl.h", "dwrite.h" ],
- "tail": "using Microsoft::WRL::ComPtr;",
"main": [
- "ComPtr<ID2D1Factory1> d2dFactory;",
- "D2D1CreateFactory(D2D1_FACTORY_TYPE_SINGLE_THREADED, d2dFactory.ReleaseAndGetAddressOf());",
- "ComPtr<IDXGISurface1> surface;",
+ "// fails with mingw-w64 5.4.0 - declaration is missing from header",
+ "IDXGISurface1 *surface;",
"(void) surface;"
]
},
+ "headers": [ "dxgi1_2.h" ],
+ "sources": [
+ "-ldxgi"
+ ]
+ },
+ "d3d9": {
+ "label": "Direct3D 9",
+ "headers": "d3d9.h",
+ "sources": [
+ "-ld3d9"
+ ]
+ },
+ "d3d11": {
+ "label": "Direct3D 11",
+ "headers": "d3d11.h",
+ "sources": [
+ "-ld3d11"
+ ]
+ },
+ "d3d11_1": {
+ "label": "Direct3D 11.1",
+ "headers": "d3d11_1.h",
+ "sources": [
+ "-ld3d11"
+ ]
+ },
+ "d3dcompiler": {
+ "label": "Direct3D Shader Compiler Library",
+ "headers": "d3dcompiler.h",
+ "sources": [
+ "-ld3dcompiler"
+ ]
+ },
+ "d2d1": {
+ "label": "Direct2D 1",
+ "headers": [ "d2d1.h", "d2d1helper.h" ],
+ "sources": [
+ "-ld2d1"
+ ]
+ },
+ "d2d1_1": {
+ "label": "Direct2D 1.1",
+ "test": {
+ "main": [
+ "ID2D1Factory1 *d2dFactory;",
+ "D2D1CreateFactory(D2D1_FACTORY_TYPE_SINGLE_THREADED, &d2dFactory);"
+ ]
+ },
+ "headers": [ "d2d1_1.h", "d2d1_1helper.h" ],
"sources": [
- "-ld2d1 -ldwrite -ld3d11"
+ "-ld2d1"
]
},
"directfb": {
@@ -96,9 +154,8 @@
{ "type": "pkgConfig", "args": "directfb" }
]
},
- "directwrite": {
+ "dwrite": {
"label": "DirectWrite",
- "export": "",
"test": {
"include": [ "dwrite.h", "d2d1.h" ],
"main": [
@@ -107,6 +164,29 @@
" (IUnknown **)(&factory));"
]
},
+ "headers": "dwrite.h",
+ "sources": [
+ "-ldwrite"
+ ]
+ },
+ "dwrite_1": {
+ "label": "DirectWrite 1",
+ "headers": "dwrite_1.h",
+ "sources": [
+ "-ldwrite"
+ ]
+ },
+ "dwrite_2": {
+ "label": "DirectWrite 2",
+ "test": {
+ "main": [
+ "IUnknown *factory = 0;",
+ "(void)(size_t(DWRITE_E_NOCOLOR) + sizeof(IDWriteFontFace2));",
+ "DWriteCreateFactory(DWRITE_FACTORY_TYPE_SHARED, __uuidof(IDWriteFactory2),",
+ " &factory);"
+ ]
+ },
+ "headers": "dwrite_2.h",
"sources": [
"-ldwrite"
]
@@ -623,7 +703,7 @@
},
"testTypeAliases": {
- "files": [ "directX" ]
+ "files": [ "fxc" ]
},
"tests": {
@@ -638,26 +718,10 @@
]
}
},
- "directwrite2": {
- "label": "DirectWrite 2",
- "type": "compile",
- "test": {
- "include": [ "dwrite_2.h", "d2d1.h" ],
- "main": [
- "IUnknown *factory = 0;",
- "(void)(size_t(DWRITE_E_NOCOLOR) + sizeof(IDWriteFontFace2));",
- "DWriteCreateFactory(DWRITE_FACTORY_TYPE_SHARED, __uuidof(IDWriteFactory2),",
- " &factory);"
- ]
- },
- "use": "directwrite"
- },
- "directx": {
- "label": "DirectX SDK",
- "type": "directX",
+ "fxc": {
+ "label": "Direct3D Shader Compiler",
+ "type": "fxc",
"files": [
- "d3dcompiler.h",
- "d3d11.lib",
"fxc.exe"
]
},
@@ -909,7 +973,7 @@
"angle": {
"label": "ANGLE",
"autoDetect": "features.opengles2 || features.opengl-dynamic",
- "condition": "config.win32 && tests.directx",
+ "condition": "features.dxguid && tests.fxc && (features.direct3d9 || (config.winrt && features.direct3d11 && libs.d3dcompiler))",
"output": [
"publicFeature",
{ "type": "define", "name": "QT_OPENGL_ES_2_ANGLE" }
@@ -936,19 +1000,59 @@
"directwrite": {
"label": "DirectWrite",
"emitIf": "config.win32",
- "condition": "libs.directwrite",
+ "condition": "libs.dwrite",
+ "output": [ "privateFeature" ]
+ },
+ "directwrite1": {
+ "label": "DirectWrite 1",
+ "emitIf": "config.win32",
+ "condition": "libs.dwrite_1",
"output": [ "privateFeature" ]
},
"directwrite2": {
"label": "DirectWrite 2",
"emitIf": "config.win32",
- "condition": "features.directwrite && tests.directwrite2",
+ "condition": "features.directwrite1 && libs.dwrite_2",
+ "output": [ "privateFeature" ]
+ },
+ "dxguid": {
+ "label": "DirectX GUID",
+ "condition": "config.win32 && libs.dxguid",
+ "output": [ "privateFeature" ]
+ },
+ "direct3d9": {
+ "label": "Direct 3D 9",
+ "condition": "config.win32 && !config.winrt && libs.d3d9",
+ "output": [ "privateFeature" ]
+ },
+ "dxgi": {
+ "label": "DirectX GI",
+ "condition": "config.win32 && libs.dxgi",
+ "output": [ "privateFeature" ]
+ },
+ "dxgi1_2": {
+ "label": "DirectX GI 1.2",
+ "condition": "features.dxgi && libs.dxgi1_2",
+ "output": [ "privateFeature" ]
+ },
+ "direct3d11": {
+ "label": "Direct 3D 11",
+ "condition": "features.dxgi && libs.d3d11",
+ "output": [ "privateFeature" ]
+ },
+ "direct3d11_1": {
+ "label": "Direct 3D 11.1",
+ "condition": "features.direct3d11 && features.dxgi1_2 && libs.d3d11_1",
"output": [ "privateFeature" ]
},
"direct2d": {
"label": "Direct 2D",
- "section": "Platform plugins",
- "condition": "config.win32 && !config.winrt && libs.direct2d",
+ "condition": "config.win32 && !config.winrt && features.direct3d11 && libs.d2d1",
+ "output": [ "privateFeature" ]
+ },
+ "direct2d1_1": {
+ "label": "Direct 2D 1.1",
+ "condition": "features.direct2d && libs.d2d1_1",
"output": [ "privateFeature" ]
},
"evdev": {
diff --git x/qtbase/src/gui/configure.pri y/qtbase/src/gui/configure.pri
index fcd2d1f73e..f53a93063c 100644
--- x/qtbase/src/gui/configure.pri
+++ y/qtbase/src/gui/configure.pri
@@ -15,29 +15,16 @@ defineTest(qtConfLibrary_freetype) {
return(true)
}
-# Check for Direct X SDK (include, lib, and direct shader compiler 'fxc').
+# Check for Direct X shader compiler 'fxc'.
# Up to Direct X SDK June 2010 and for MinGW, this is pointed to by the
# DXSDK_DIR variable. Starting with Windows Kit 8, it is included in
-# the Windows SDK. Checking for the header is not sufficient, since it
-# is also present in MinGW.
-defineTest(qtConfTest_directX) {
+# the Windows SDK.
+defineTest(qtConfTest_fxc) {
dxdir = $$getenv("DXSDK_DIR")
!isEmpty(dxdir) {
- EXTRA_INCLUDEPATH += $$dxdir/include
- equals(QT_ARCH, x86_64): \
- EXTRA_LIBDIR += $$dxdir/lib/x64
- else: \
- EXTRA_LIBDIR += $$dxdir/lib/x86
EXTRA_PATH += $$dxdir/Utilities/bin/x86
}
- $$qtConfEvaluate("features.sse2") {
- ky = $$size($${1}.files._KEYS_)
- $${1}.files._KEYS_ += $$ky
- # Not present on MinGW-32
- $${1}.files.$${ky} = "intrin.h"
- }
-
qtConfTest_files($${1}): return(true)
return(false)
}
diff --git x/qtbase/src/platformsupport/fontdatabases/windows/windows.pri y/qtbase/src/platformsupport/fontdatabases/windows/windows.pri
index 0e64084cf1..9c529f55ea 100644
--- x/qtbase/src/platformsupport/fontdatabases/windows/windows.pri
+++ y/qtbase/src/platformsupport/fontdatabases/windows/windows.pri
@@ -15,9 +15,14 @@ qtConfig(freetype) {
HEADERS += $$PWD/qwindowsfontdatabase_ft_p.h
}
-qtConfig(directwrite) {
- qtConfig(directwrite2): \
+qtConfig(directwrite):qtConfig(direct2d) {
+ qtConfig(directwrite2) {
+ QMAKE_USE_PRIVATE += dwrite_2
DEFINES *= QT_USE_DIRECTWRITE2
+ } else {
+ QMAKE_USE_PRIVATE += dwrite
+ }
+ QMAKE_USE_PRIVATE += d2d1
SOURCES += $$PWD/qwindowsfontenginedirectwrite.cpp
HEADERS += $$PWD/qwindowsfontenginedirectwrite_p.h
diff --git x/qtbase/src/platformsupport/fontdatabases/winrt/winrt.pri y/qtbase/src/platformsupport/fontdatabases/winrt/winrt.pri
index 291ada220f..7617df2e7a 100644
--- x/qtbase/src/platformsupport/fontdatabases/winrt/winrt.pri
+++ y/qtbase/src/platformsupport/fontdatabases/winrt/winrt.pri
@@ -8,4 +8,6 @@ HEADERS += \
DEFINES += __WRL_NO_DEFAULT_LIB__
-LIBS += -lws2_32 -ldwrite
+LIBS += -lws2_32
+
+QMAKE_USE_PRIVATE += dwrite_1
diff --git x/qtbase/src/plugins/platforms/direct2d/direct2d.pro y/qtbase/src/plugins/platforms/direct2d/direct2d.pro
index 3bfd02bdc8..9764272632 100644
--- x/qtbase/src/plugins/platforms/direct2d/direct2d.pro
+++ y/qtbase/src/plugins/platforms/direct2d/direct2d.pro
@@ -8,7 +8,8 @@ QT += \
qtConfig(accessibility): QT += accessibility_support-private
qtConfig(vulkan): QT += vulkan_support-private
-LIBS += -ldwmapi -ld2d1 -ld3d11 -ldwrite -lversion -lgdi32
+LIBS += -ldwmapi -lversion -lgdi32
+QMAKE_USE_PRIVATE += dwrite_1 d2d1_1 d3d11_1 dxgi1_2
include(../windows/windows.pri)
diff --git x/qtbase/src/plugins/platforms/platforms.pro y/qtbase/src/plugins/platforms/platforms.pro
index e61887618f..b70d8d5996 100644
--- x/qtbase/src/plugins/platforms/platforms.pro
+++ y/qtbase/src/plugins/platforms/platforms.pro
@@ -14,10 +14,10 @@ qtConfig(xcb) {
uikit:!watchos: SUBDIRS += ios
osx: SUBDIRS += cocoa
-win32:!winrt: SUBDIRS += windows
-winrt: SUBDIRS += winrt
+win32:!winrt:qtConfig(direct3d9): SUBDIRS += windows
+winrt:qtConfig(direct3d11): SUBDIRS += winrt
-qtConfig(direct2d) {
+qtConfig(direct3d11_1):qtConfig(direct2d1_1):qtConfig(directwrite1) {
SUBDIRS += direct2d
}
diff --git x/qtbase/src/plugins/platforms/windows/windows.pri y/qtbase/src/plugins/platforms/windows/windows.pri
index f4c396f7c5..2f244d8b71 100644
--- x/qtbase/src/plugins/platforms/windows/windows.pri
+++ y/qtbase/src/plugins/platforms/windows/windows.pri
@@ -9,6 +9,8 @@ mingw: LIBS *= -luuid
# For the dialog helpers:
LIBS += -lshlwapi -lshell32 -ladvapi32
+QMAKE_USE_PRIVATE += d3d9/nolink
+
DEFINES *= QT_NO_CAST_FROM_ASCII
SOURCES += \
diff --git x/qtbase/src/plugins/platforms/winrt/winrt.pro y/qtbase/src/plugins/platforms/winrt/winrt.pro
index 042b270cff..fc70eba979 100644
--- x/qtbase/src/plugins/platforms/winrt/winrt.pro
+++ y/qtbase/src/plugins/platforms/winrt/winrt.pro
@@ -8,7 +8,8 @@ QT += \
DEFINES *= QT_NO_CAST_FROM_ASCII __WRL_NO_DEFAULT_LIB__
-LIBS += -lws2_32 -ld3d11
+LIBS += -lws2_32
+QMAKE_USE_PRIVATE += d3d11
SOURCES = \
main.cpp \
--
2.17.0

View File

@ -0,0 +1,36 @@
diff --git x/qttools/src/linguist/linguist.pro y/qttools/src/linguist/linguist.pro
index 103336da..2fe9656d 100644
--- x/qttools/src/linguist/linguist.pro
+++ y/qttools/src/linguist/linguist.pro
@@ -3,11 +3,6 @@ SUBDIRS = \
lrelease \
lupdate \
lconvert
-!no-png:qtHaveModule(widgets):qtConfig(process): SUBDIRS += linguist
-
-qtNomakeTools( \
- linguist \
-)
equals(QMAKE_HOST.os, Windows): CMAKE_BIN_SUFFIX = ".exe"
diff --git x/qttools/src/src.pro y/qttools/src/src.pro
index 41064a5d..fcef4dd8 100644
--- x/qttools/src/src.pro
+++ y/qttools/src/src.pro
@@ -3,12 +3,6 @@ TEMPLATE = subdirs
qtHaveModule(widgets) {
no-png {
message("Some graphics-related tools are unavailable without PNG support")
- } else {
- SUBDIRS = assistant \
- pixeltool \
- designer
-
- linguist.depends = designer
}
}
--
2.14.3

View File

@ -0,0 +1,19 @@
--- x/qtbase/src/plugins/platforms/cocoa/qprintengine_mac_p.h
+++ y/qtbase/src/plugins/platforms/cocoa/qprintengine_mac_p.h
@@ -52,6 +52,7 @@
//
#include <QtCore/qglobal.h>
+#include <qpa/qplatformprintdevice.h>
#ifndef QT_NO_PRINTER
--- x/qtbase/src/plugins/plugins.pro
+++ y/qtbase/src/plugins/plugins.pro
@@ -9,6 +9,3 @@
!android:qtConfig(library): SUBDIRS *= generic
}
qtHaveModule(widgets): SUBDIRS += styles
-
-!winrt:qtHaveModule(printsupport): \
- SUBDIRS += printsupport

View File

@ -1,90 +0,0 @@
From 13f25c979fe4396e6d5a76bf183341229da2bacd Mon Sep 17 00:00:00 2001
From: Eskil Abrahamsen Blomfeldt <eskil.abrahamsen-blomfeldt@qt.io>
Date: Thu, 30 Nov 2017 15:00:26 +0100
Subject: [PATCH] macOS/iOS: Fix garbled text under some conditions
There seems to be an issue in CoreText which may cause an existing
font descriptor to give unreliable results if it refers to one of
the system theme fonts. Since we do not know all function calls
or events that may trigger this bug, the safe route is to always
create fresh font descriptors when creating fonts for these
descriptors. The impact on performance should be small, as Qt has
its own internal caches.
[ChangeLog][macOS/iOS][Text] Fixed an issue where text using
one of the system theme fonts would under certain circumstances
display random glyphs.
Task-number: QTBUG-63476
Change-Id: I9e9b253018c63976345eec1439a6b78de2cab869
---
.../fontdatabases/mac/qcoretextfontdatabase.mm | 24 ++++++++++++++--------
.../fontdatabases/mac/qcoretextfontdatabase_p.h | 4 +++-
2 files changed, 19 insertions(+), 9 deletions(-)
diff --git x/qtbase/src/platformsupport/fontdatabases/mac/qcoretextfontdatabase.mm y/qtbase/src/platformsupport/fontdatabases/mac/qcoretextfontdatabase.mm
index 6347d4d231..237e8a89a5 100644
--- x/qtbase/src/platformsupport/fontdatabases/mac/qcoretextfontdatabase.mm
+++ y/qtbase/src/platformsupport/fontdatabases/mac/qcoretextfontdatabase.mm
@@ -416,7 +416,19 @@ extern CGAffineTransform qt_transform_from_fontdef(const QFontDef &fontDef);
template <>
QFontEngine *QCoreTextFontDatabaseEngineFactory<QCoreTextFontEngine>::fontEngine(const QFontDef &fontDef, void *usrPtr)
{
- CTFontDescriptorRef descriptor = static_cast<CTFontDescriptorRef>(usrPtr);
+ QCFType<CTFontDescriptorRef> descriptor = QCFType<CTFontDescriptorRef>::constructFromGet(
+ static_cast<CTFontDescriptorRef>(usrPtr));
+
+ // CoreText will sometimes invalidate information in font descriptors that refer
+ // to system fonts in certain function calls or application states. While the descriptor
+ // looks the same from the outside, some internal plumbing is different, causing the results
+ // of creating CTFonts from those descriptors unreliable. The work-around for this
+ // is to copy the attributes of those descriptors each time we make a new CTFont
+ // from them instead of referring to the original, as that may trigger the CoreText bug.
+ if (m_systemFontDescriptors.contains(descriptor)) {
+ QCFType<CFDictionaryRef> attributes = CTFontDescriptorCopyAttributes(descriptor);
+ descriptor = CTFontDescriptorCreateWithAttributes(attributes);
+ }
// Since we do not pass in the destination DPI to CoreText when making
// the font, we need to pass in a point size which is scaled to include
@@ -427,14 +439,10 @@ QFontEngine *QCoreTextFontDatabaseEngineFactory<QCoreTextFontEngine>::fontEngine
qreal scaledPointSize = fontDef.pixelSize;
CGAffineTransform matrix = qt_transform_from_fontdef(fontDef);
- CTFontRef font = CTFontCreateWithFontDescriptor(descriptor, scaledPointSize, &matrix);
- if (font) {
- QFontEngine *engine = new QCoreTextFontEngine(font, fontDef);
- CFRelease(font);
- return engine;
- }
+ if (QCFType<CTFontRef> font = CTFontCreateWithFontDescriptor(descriptor, scaledPointSize, &matrix))
+ return new QCoreTextFontEngine(font, fontDef);
- return NULL;
+ return nullptr;
}
#ifndef QT_NO_FREETYPE
diff --git x/qtbase/src/platformsupport/fontdatabases/mac/qcoretextfontdatabase_p.h y/qtbase/src/platformsupport/fontdatabases/mac/qcoretextfontdatabase_p.h
index 9612b909f1..e14d1d6e6e 100644
--- x/qtbase/src/platformsupport/fontdatabases/mac/qcoretextfontdatabase_p.h
+++ y/qtbase/src/platformsupport/fontdatabases/mac/qcoretextfontdatabase_p.h
@@ -91,12 +91,14 @@ public:
QFont *themeFont(QPlatformTheme::Font) const;
const QHash<QPlatformTheme::Font, QFont *> &themeFonts() const;
+protected:
+ mutable QSet<CTFontDescriptorRef> m_systemFontDescriptors;
+
private:
void populateFromDescriptor(CTFontDescriptorRef font, const QString &familyName = QString());
mutable QString defaultFontName;
- mutable QSet<CTFontDescriptorRef> m_systemFontDescriptors;
mutable QHash<QPlatformTheme::Font, QFont *> m_themeFonts;
bool m_hasPopulatedAliases;
};
--
2.15.1

View File

@ -14,17 +14,20 @@ SET(QRC_FILES "ausweisapp.qrc")
IF(IOS OR ANDROID OR ${CMAKE_BUILD_TYPE} STREQUAL "DEBUG")
LIST(APPEND QRC_FILES "ausweisapp_mobile.qrc")
SET(ausweisapp_qml.qrc "${CMAKE_CURRENT_BINARY_DIR}/ausweisapp_qml.qrc")
WRITE_QRC("${ausweisapp_qml.qrc}" "${CMAKE_CURRENT_SOURCE_DIR}/qml" "qml")
LIST(APPEND QRC_FILES "${ausweisapp_qml.qrc}")
ENDIF()
IF(DESKTOP)
LIST(APPEND QRC_FILES "ausweisapp_desktop.qrc")
ENDIF()
IF(TARGET Qt5::Qml)
SET(ausweisapp_qml.qrc "${CMAKE_CURRENT_BINARY_DIR}/ausweisapp_qml.qrc")
WRITE_QRC("${ausweisapp_qml.qrc}" "${CMAKE_CURRENT_SOURCE_DIR}/qml" "qml")
LIST(APPEND QRC_FILES "${ausweisapp_qml.qrc}")
SET(QML_IMPORT_PATH ${CMAKE_CURRENT_SOURCE_DIR}/qml CACHE string "qml files" FORCE)
ENDIF()
SET(RCC ${CMAKE_BINARY_DIR}/src/${PROJECT_NAME}.rcc)
SET(RCC ${RCC} PARENT_SCOPE)
qt5_add_binary_resources(AusweisAppRcc "${QRC_FILES}" DESTINATION ${RCC})
SET(QML_IMPORT_PATH ${CMAKE_CURRENT_SOURCE_DIR}/qml ${CMAKE_CURRENT_SOURCE_DIR}/qml_stationary CACHE string "qml files" FORCE)

View File

@ -1,7 +1,9 @@
# Recommended usage:
# LSAN_OPTIONS=suppressions=/home/dev/src/asan_blacklist ./AusweisApp2
# LSAN_OPTIONS=suppressions=/home/dev/AusweisApp2.src/resources/asan_blacklist ./AusweisApp2
leak:g_malloc*
leak:CRYPTO_malloc
leak:libxcb*
leak:Q*
leak:QQuick*
leak:QKde*
leak:QQml*

View File

@ -10,17 +10,13 @@
<file>images/bt_3b.svg</file>
<file>images/bt_4.svg</file>
<file>images/bt_4b.svg</file>
<file>images/bspd1.svg</file>
<file>images/canHint.png</file>
<file>images/icon_attention.svg</file>
<file>images/icon_ok.png</file>
<file>images/icon_cancelled.png</file>
<file>images/Icon_Checked.svg</file>
<file>images/android/search_icon.svg</file>
<file>images/android/search_cancel.svg</file>
<file>images/iOS/search_icon.svg</file>
<file>images/iOS/search_cancel.svg</file>
<file>images/back-chevron.png</file>
<file>images/search.svg</file>
<file>images/cancel.svg</file>
<file>images/iOS/tabBar/Anbieter-off.png</file>
<file>images/iOS/tabBar/Anbieter-on.png</file>
<file>images/iOS/tabBar/Ausweisen-off.png</file>
@ -32,14 +28,12 @@
<file>images/icon_Pin.svg</file>
<file>images/iOS/tabBar/More-off.svg</file>
<file>images/iOS/tabBar/More-on.svg</file>
<file>images/rotes_X.svg</file>
<file>images/gruener_Haken.svg</file>
<file>images/status_error.svg</file>
<file>images/status_info.svg</file>
<file>images/status_ok.svg</file>
<file>images/iOS/CheckedCheckbox.png</file>
<file>images/iOS/Header-Ausweisapp@3x.png</file>
<file>images/delete.png</file>
<file>images/delete.svg</file>
<file>images/NFCPhoneCard.png</file>
<file>images/submit.png</file>
<file>images/submit.svg</file>
<file>images/ausweis.png</file>
<file>images/provider/information.svg</file>
@ -86,5 +80,7 @@
<file>images/location_flag_de.svg</file>
<file>images/location_flag_en.svg</file>
<file>images/siteWithLogo.png</file>
<file>images/icon_pair.svg</file>
<file>images/icon_settings.svg</file>
</qresource>
</RCC>

View File

@ -4,18 +4,25 @@
<file>html_templates/error.html</file>
<file>stylesheets/desktop.qss</file>
<file>images/beta.svg</file>
<file>images/green_check_mark.svg</file>
<file>images/MenuSelected.png</file>
<file>images/MenuUnselected.png</file>
<file>images/MenuUnselectedDisabled.png</file>
<file>images/npa.ico</file>
<file>images/Logo_AutentApp2_2014.png</file>
<file>images/AppLogo_AutentApp2_2014.png</file>
<file>images/Logo_Governikus.png</file>
<file>images/Logo_AusweisApp2.png</file>
<file>images/start_nPA_eAT.png</file>
<file>images/busy_animation.gif</file>
<file>images/html_message_section.jpg</file>
<file>images/padlock.svg</file>
<file>images/padlock_empty.svg</file>
<file>images/desktop/background.png</file>
<file>images/desktop/help_icon.svg</file>
<file>images/desktop/main_history.svg</file>
<file>images/desktop/main_identify.svg</file>
<file>images/desktop/main_pin.svg</file>
<file>images/desktop/main_provider.svg</file>
<file>images/desktop/sandglass.svg</file>
<file>images/desktop/settings_icon.svg</file>
<file>images/desktop/titlebar_arrow.svg</file>
<file>images/desktop/continue_arrow.svg</file>
<file>images/randompin/btn_normal_0.png</file>
<file>images/randompin/btn_normal_1.png</file>
<file>images/randompin/btn_normal_2.png</file>
@ -56,8 +63,8 @@
<file>updatable-files/reader/img_Gemalto_Prox_SU_mit_ausweis.png</file>
<file>updatable-files/reader/img_HID_Global_OMNIKEY_5321_V2.png</file>
<file>updatable-files/reader/img_HID_Global_OMNIKEY_5321_V2_mit_ausweis.png</file>
<file>updatable-files/reader/img_HID_Omnikey_5421.png</file>
<file>updatable-files/reader/img_HID_Omnikey_5421_mit_ausweis.png</file>
<file>updatable-files/reader/img_HID_Omnikey_542x.png</file>
<file>updatable-files/reader/img_HID_Omnikey_542x_mit_ausweis.png</file>
<file>updatable-files/reader/img_HID_Omnikey_Mobile_Reader_502X_CL.png</file>
<file>updatable-files/reader/img_HID_Omnikey_Mobile_Reader_502X_CL_mit_ausweis.png</file>
<file>updatable-files/reader/img_HID_Omnikey_Mobile_Reader_4121_CL.png</file>
@ -86,5 +93,9 @@
<file>updatable-files/reader/img_Reiner_SCT_cyberjack_RFID_standard_mit_ausweis.png</file>
<file>updatable-files/reader/img_RemoteReader.png</file>
<file>updatable-files/reader/img_RemoteReader_mit_ausweis.png</file>
<file>updatable-files/reader/img_Cherry_ST_1275.png</file>
<file>updatable-files/reader/img_Cherry_ST_1275_mit_ausweis.png</file>
<file>updatable-files/reader/img_Signotec_Omega_Pad.png</file>
<file>updatable-files/reader/img_Signotec_Omega_Pad_mit_ausweis.png</file>
</qresource>
</RCC>

View File

@ -3,43 +3,133 @@
<file>qtquickcontrols2.conf</file>
<file>images/zahnraeder.svg</file>
<file>images/check.svg</file>
<file>images/iOS/arrowLeft.svg</file>
<file>images/iOS/arrowRight.svg</file>
<file>images/iOS/list_item_arrow.svg</file>
<file>images/iOS/radio_button_check_ios.svg</file>
<file>images/iOS/toggle_on.png</file>
<file>images/iOS/toggle_off.png</file>
<file>images/iOS/toggle_disabled.png</file>
<file>images/arrowRight.svg</file>
<file>images/share.svg</file>
<file>images/android/navigation/ausweisen.svg</file>
<file>images/android/navigation/anbieter.svg</file>
<file>images/android/navigation/balloon.svg</file>
<file>images/android/navigation/remoteleser.svg</file>
<file>images/android/navigation/verlauf.svg</file>
<file>images/android/navigation/pin.svg</file>
<file>images/android/navigation/versionsinformation.svg</file>
<file>images/android/navigation/faq.svg</file>
<file>images/android/navigation/support.svg</file>
<file>images/android/navigation/bewerten.svg</file>
<file>images/android/navigation/teilen.svg</file>
<file>images/android/checkbox_0.svg</file>
<file>images/android/checkbox_1.svg</file>
<file>images/android/tabDivider.svg</file>
<file>images/android/arrowRight.svg</file>
<file>images/android/arrowLeft.svg</file>
<file>images/android/arrowRightWhite.svg</file>
<file>images/android/arrowLeftWhite.svg</file>
<file>images/android/android_toggle_on.png</file>
<file>images/android/android_toggle_off.png</file>
<file>images/android/android_toggle_on_disabled.png</file>
<file>images/android/android_toggle_off_disabled.png</file>
<file>images/android/android_arrow_back.svg</file>
<file>images/android/android_arrow_back_white.svg</file>
<file>images/android/navigation/tutorial.svg</file>
<file>images/iOS/search_icon.svg</file>
<file>images/iOS/search_cancel.svg</file>
<file>images/iOS/more/icon_mehr_favorit.svg</file>
<file>images/iOS/more/icon_mehr_fragen.svg</file>
<file>images/iOS/more/icon_mehr_info.svg</file>
<file>images/iOS/more/icon_mehr_license.svg</file>
<file>images/iOS/more/icon_mehr_remotereader.svg</file>
<file>images/iOS/more/icon_mehr_upload.svg</file>
<file>images/iOS/more/icon_mehr_log.svg</file>
<file>images/iOS/more/icon_mehr_tutorial.svg</file>
<file>images/tutorial/main_menu_what_caret.svg</file>
<file>images/tutorial/main_menu_where_caret.svg</file>
<file>images/tutorial/main_menu_how_caret.svg</file>
<file>images/tutorial/main_menu_important_caret.svg</file>
<file>images/tutorial/arrow_blue.svg</file>
<file>images/tutorial/arrows.svg</file>
<file>images/tutorial/button_de.png</file>
<file>images/tutorial/button_en.png</file>
<file>images/tutorial/idcard.svg</file>
<file>images/tutorial/identify.svg</file>
<file>images/tutorial/questionmark.svg</file>
<file>images/tutorial/hint.svg</file>
<file>images/tutorial/thumb_up.svg</file>
<file>images/tutorial/hand.svg</file>
<file>images/tutorial/check.svg</file>
<file>images/tutorial/click.svg</file>
<file>images/tutorial/save.svg</file>
<file>images/tutorial/bva.svg</file>
<file>images/tutorial/provider_home.svg</file>
<file>images/tutorial/rectangles.svg</file>
<file>images/tutorial/zoom_triangle.svg</file>
<file>images/tutorial/laptop.svg</file>
<file>images/tutorial/tablet.svg</file>
<file>images/tutorial/tablet-nfc.svg</file>
<file>images/tutorial/tablet-no-nfc.svg</file>
<file>images/tutorial/reader.svg</file>
<file>images/tutorial/desktop.svg</file>
<file>images/tutorial/phone.svg</file>
<file>images/tutorial/phone_list.svg</file>
<file>images/tutorial/phone-screen.svg</file>
<file>images/tutorial/nfc.svg</file>
<file>images/tutorial/no-nfc.svg</file>
<file>images/tutorial/wifi.svg</file>
<file>images/tutorial/bluetooth.svg</file>
<file>images/tutorial/letters.svg</file>
<file>images/tutorial/usb.svg</file>
<file>images/tutorial/circle-1.svg</file>
<file>images/tutorial/circle-2.svg</file>
<file>images/tutorial/circle-3.svg</file>
<file>images/tutorial/circle-4.svg</file>
<file>images/tutorial/circle-lock.svg</file>
<file>images/tutorial/circle-lock-2.svg</file>
<file>images/tutorial/up_icon.svg</file>
<file>images/tutorial/phone_screen_de.jpg</file>
<file>images/tutorial/phone_screen_en.jpg</file>
<file>images/tutorial/pin-5@2x.png</file>
<file>images/tutorial/pin-6@2x.png</file>
<file>images/tutorial/user-tine@3x.png</file>
<file>images/tutorial/providericons.png</file>
<file>images/tutorial/play_movie.png</file>
<file>images/tutorial/screenshot_cert_de.png</file>
<file>images/tutorial/screenshot_cert_en.png</file>
<file>images/tutorial/screenshot_providerlist_de.png</file>
<file>images/tutorial/screenshot_providerlist_en.png</file>
<file>images/tutorial/screenshot_menu_providerlist_de.png</file>
<file>images/tutorial/screenshot_menu_providerlist_en.png</file>
<file>images/tutorial/screenshot_pairing_de.png</file>
<file>images/tutorial/screenshot_pairing_en.png</file>
<file>images/tutorial/screenshot_sac_menu_de.png</file>
<file>images/tutorial/screenshot_sac_menu_en.png</file>
<file>images/tutorial/screenshot_choose_reader_de.png</file>
<file>images/tutorial/screenshot_choose_reader_en.png</file>
<file>images/tutorial/screenshot_pin_management_menu_en.png</file>
<file>images/tutorial/screenshot_pin_management_menu_de.png</file>
<file>images/tutorial/section_seperator_what.svg</file>
<file>images/tutorial/section_seperator_where.svg</file>
<file>images/tutorial/section_seperator_how.svg</file>
<file>images/tutorial/section_seperator_important.svg</file>
<file>images/tutorial/generated/where_overview_question.svg</file>
<file>images/tutorial/generated/where_providerlist_screenshot_de.svg</file>
<file>images/tutorial/generated/where_providerlist_screenshot_en.svg</file>
<file>images/tutorial/generated/where_identify_now_de.svg</file>
<file>images/tutorial/generated/where_identify_now_en.svg</file>
<file>images/tutorial/generated/where_userdata_example_de.svg</file>
<file>images/tutorial/generated/where_userdata_example_en.svg</file>
<file>images/tutorial/generated/where_lay_down_id.svg</file>
<file>images/tutorial/generated/where_pin6.svg</file>
<file>images/tutorial/generated/how_questions_everywhere.svg</file>
<file>images/tutorial/generated/how_device_lineup.svg</file>
<file>images/tutorial/generated/how_method_nfc.svg</file>
<file>images/tutorial/generated/how_method_sac_desktop.svg</file>
<file>images/tutorial/generated/how_method_sac_mobile.svg</file>
<file>images/tutorial/generated/how_method_bluetooth.svg</file>
<file>images/tutorial/generated/how_form_no_fun.svg</file>
<file>images/tutorial/generated/how_desktop.svg</file>
<file>images/tutorial/generated/important_pin5.svg</file>
<file>images/tutorial/generated/important_pin6.svg</file>
<file>images/tutorial/generated/important_lets_go.svg</file>
<file>images/tutorial/generated/important_space_questionmark.svg</file>
<file>images/tutorial/generated/reader_nfc_provider_on_smartphone.svg</file>
<file>images/tutorial/generated/reader_nfc_npa_on_smartphone.svg</file>
<file>images/tutorial/generated/reader_nfc_smartphone_nfc_position.svg</file>
<file>images/tutorial/generated/reader_nfc_finished.svg</file>
<file>images/tutorial/generated/reader_nfc_pin6.svg</file>
<file>images/tutorial/generated/reader_nfc_userdata_example_de.svg</file>
<file>images/tutorial/generated/reader_nfc_userdata_example_en.svg</file>
<file>images/tutorial/generated/reader_sac_provider_on_laptop.svg</file>
<file>images/tutorial/generated/reader_sac_npa_on_laptop.svg</file>
<file>images/tutorial/generated/reader_sac_aa2_ok.svg</file>
<file>images/tutorial/generated/reader_sac_menu_de.svg</file>
<file>images/tutorial/generated/reader_sac_menu_en.svg</file>
<file>images/tutorial/generated/reader_sac_no_nfc_devices.svg</file>
<file>images/tutorial/generated/reader_sac_no_nfc_provider.svg</file>
<file>images/tutorial/generated/reader_bluetooth_card_inserted.svg</file>
<file>images/tutorial/generated/reader_bluetooth_connection.svg</file>
<file>images/provider/categoryIcons/general.svg</file>
<file>images/provider/categoryIcons/citizen.svg</file>
<file>images/provider/categoryIcons/finance.svg</file>
@ -58,5 +148,7 @@
<file>images/phone_to_pc.svg</file>
<file>images/android/navigation/remotesettings.svg</file>
<file>images/trash_icon.svg</file>
<file>images/trash_icon_all.svg</file>
<file>images/trash_icon_white.svg</file>
</qresource>
</RCC>

View File

@ -3,11 +3,13 @@
"_comment_1": "array of CVCs; hex encoded",
"_comment_2": [
"DECVCAeID00104_DECVCAeID00105",
"DECVCAeID00103_DECVCAeID00104",
"DECVCAeID00102_DECVCAeID00103",
"DECVCAeID00102"
],
"cvRootCertificates": [
"7F218201B67F4E82016E5F290100420E44454356434165494430303130347F4982011D060A04007F000702020202038120A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E537782207D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9832026DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B68441048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F0469978520A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A786410459D1A08A2572022E17FED831982A9CB904518003CF83DABED88DBED28963768B88DBA22A153558BD21DDAA99318378B7CD7EBFE849557CD43F8526ABE72734538701015F200E44454356434165494430303130357F4C12060904007F0007030102025305FC0F13FFFF5F25060108000601025F24060201000601025F37402FBEEAE1B1ADE6CFB6CAB9D9B19F6A6EFACB7D9701997F43CF608BF72CF496F485F691E75190DEC25C672B92CF9BA917883659A6DC16793D22BBEC4019C616CC",
"7F218201B67F4E82016E5F290100420E44454356434165494430303130337F4982011D060A04007F000702020202038120A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E537782207D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9832026DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B68441048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F0469978520A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7864104241D8627338B64F20077FFD558909A096C635DDB222852038EAAE642E869A40173D588F817D95DB2A6A0F077EA5EE63596A20F85BC3CB176D2F98D88D90219AA8701015F200E44454356434165494430303130347F4C12060904007F0007030102025305FC0F13FFFF5F25060105000901045F24060108000901045F3740313A81ED8734E7A8C45F16B55FB603E63027B7F44C2DE3A8E782552D35949DB221CA33BD41A01DA6A1288C7885714FC3A03FA45683B75D3884930EC6738AF8A0",
"7F218201B67F4E82016E5F290100420E44454356434165494430303130327F4982011D060A04007F000702020202038120A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E537782207D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9832026DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B68441048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F0469978520A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A78641048925419FC7F194922CFC6B8DD25AE6A19C1B59216E6CF06270E5D75CFD64205F55CF867BBFEFEEFD6E680E1FD197F18AB684484901362568EFC9ADB5C6018D728701015F200E44454356434165494430303130337F4C12060904007F0007030102025305FC0F13FFFF5F25060102010200035F24060105010200035F37404D6F08A86A4F18409F6685387DD3C6A7FF5D68EA4F7714A861BBB3BB721D05D3014ADF1763C9292F715D8E94EE9B3E1B73AB1382414EBF39DFB3B0FB6C09DBEB",
"7F218201B67F4E82016E5F290100420E44454356434165494430303130327F4982011D060A04007F000702020202038120A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E537782207D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9832026DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B68441048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F0469978520A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A78641043347ECF96FFB4BD9B8554EFBCCFC7D0B242F1071E29B4C9C622C79E339D840AF67BEB9B912692265D9C16C62573F4579FFD4DE2DE92BAB409DD5C5D48244A9F78701015F200E44454356434165494430303130327F4C12060904007F0007030102025305FE0F01FFFF5F25060100010001085F24060103010001085F37405067145C68CAE9520F5BB34817F1CA9C43593DB56406C6A3B006CBF3F314E7349ACF0CC6BFEBCBDEFD10B4DCF0F231DA56977D88F9F90182D199076A56506451"
@ -15,19 +17,21 @@
"_comment_3": "array of Test-CVCs; hex encoded",
"_comment_4": [
"DETESTeID00001",
"DETESTeID00001_DETESTeID00002",
"DETESTeID00002_DETESTeID00004",
"DETESTeID00005_DETESTeID00006",
"DETESTeID00004_DETESTeID00005",
"DETESTeID00002_DETESTeID00004",
"DETESTeID00001_DETESTeID00002",
"DETESTeID00001",
"DECVCAeIDCTL0401_DECVCAeIDCTL0402",
"DECVCAeIDCT00001_DECVCAeIDCTL0401",
"DECVCAeIDCT00001_DECVCAeIDCT00001"
],
"cvRootCertificatesTest": [
"7F218201B67F4E82016E5F290100420E44455445535465494430303030317F4982011D060A04007F000702020202038120A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E537782207D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9832026DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B68441048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F0469978520A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7864104184BB519FC2A8F52DC0DC73112FACFE914F2A49B678DD5799A2B1DFE95E1A66359014E22FA8D66438413CEBA6CF0E215576B673376BF617AF4DFE9761D2290148701015F200E44455445535465494430303030317F4C12060904007F0007030102025305FE0F01FFFF5F25060100000801035F24060103000801035F37409F25EBFAF4B91E4C60A1683754C5DC076A3179753EF97D9F8CB01FE1DCD3B8C83E7A26602AB1F344BE5706006D79A9FF6A9716404DC83B9F30E1213B393128A2",
"7F218201B67F4E82016E5F290100420E44455445535465494430303030317F4982011D060A04007F000702020202038120A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E537782207D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9832026DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B68441048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F0469978520A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7864104096EB58BFD86252238EC2652185C43C3A56C320681A21E37A8E69DDC387C0C5F5513856EFE2FDC656E604893212E29449B365E304605AC5413E75BE31E641F128701015F200E44455445535465494430303030327F4C12060904007F0007030102025305FE0F01FFFF5F25060100000902015F24060103000902015F3740141120A0FDFC011A52F3F72B387A3DC7ACA88B4868D5AE9741780B6FF8A0B49E5F55169A2D298EF5CF95935DCA0C3DF3E9D42DC45F74F2066317154961E6C746",
"7F218201B67F4E82016E5F290100420E44455445535465494430303030327F4982011D060A04007F000702020202038120A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E537782207D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9832026DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B68441048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F0469978520A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A786410474FF63AB838C73C303AC003DFEE95CF8BF55F91E8FEBCB7395D942036E47CF1845EC786EC95BB453AAC288AD023B6067913CF9B63F908F49304E5CFC8B3050DD8701015F200E44455445535465494430303030347F4C12060904007F0007030102025305FC0F13FFFF5F25060102000501015F24060105000501015F37405C035A0611B6C58F0B5261FDD009DECAB7DC7A79482D5248CCA119059B7D82B2157CF0C4A499BCF441EFDD35E294A58C0AF19A34A0762159533285ACF170A505",
"7F218201B67F4E82016E5F290100420E44455445535465494430303030357F4982011D060A04007F000702020202038120A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E537782207D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9832026DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B68441048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F0469978520A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A786410425AB80F9C7BCA0AB1759D8E469F911CC006D02131552AA5F248B2A38D7C72CFB3317EA6881FD24D8B31A2E75FBEDA87964B60787095F75C753CD8BC5264D3C9A8701015F200E44455445535465494430303030367F4C12060904007F0007030102025305FC0F13FFFF5F25060108000200055F24060201000200055F37402E55923ED687CB104D609DD183402E8292DB03C3EFFE5EF3FAC597D2A8DB27370269EAAD7341D72447C9184CD817AE0E2BD4DF6FCF89DC52F455D490F077E5E9",
"7F218201B67F4E82016E5F290100420E44455445535465494430303030347F4982011D060A04007F000702020202038120A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E537782207D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9832026DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B68441048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F0469978520A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A78641049BFEBA8DC7FAAB6E3BDEB3FF794DBB800848FE4F6940A4CC7EECB5159C87DA5395505892026D420A22596CD014ED1FD872DADA597DB0F8D64441041198F62D448701015F200E44455445535465494430303030357F4C12060904007F0007030102025305FC0F13FFFF5F25060105000500045F24060108000500045F37402D2468416D66BCBE259B9B907A73395BC1EF94ED75F9C17615210246E9EFB06E6753E9055CE76623B7699B9EFB1A7D3A9DD83F6E6E09E55A33EA0A5F62A1C719",
"7F218201B67F4E82016E5F290100420E44455445535465494430303030327F4982011D060A04007F000702020202038120A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E537782207D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9832026DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B68441048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F0469978520A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A786410474FF63AB838C73C303AC003DFEE95CF8BF55F91E8FEBCB7395D942036E47CF1845EC786EC95BB453AAC288AD023B6067913CF9B63F908F49304E5CFC8B3050DD8701015F200E44455445535465494430303030347F4C12060904007F0007030102025305FC0F13FFFF5F25060102000501015F24060105000501015F37405C035A0611B6C58F0B5261FDD009DECAB7DC7A79482D5248CCA119059B7D82B2157CF0C4A499BCF441EFDD35E294A58C0AF19A34A0762159533285ACF170A505",
"7F218201B67F4E82016E5F290100420E44455445535465494430303030317F4982011D060A04007F000702020202038120A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E537782207D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9832026DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B68441048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F0469978520A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7864104096EB58BFD86252238EC2652185C43C3A56C320681A21E37A8E69DDC387C0C5F5513856EFE2FDC656E604893212E29449B365E304605AC5413E75BE31E641F128701015F200E44455445535465494430303030327F4C12060904007F0007030102025305FE0F01FFFF5F25060100000902015F24060103000902015F3740141120A0FDFC011A52F3F72B387A3DC7ACA88B4868D5AE9741780B6FF8A0B49E5F55169A2D298EF5CF95935DCA0C3DF3E9D42DC45F74F2066317154961E6C746",
"7F218201B67F4E82016E5F290100420E44455445535465494430303030317F4982011D060A04007F000702020202038120A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E537782207D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9832026DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B68441048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F0469978520A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7864104184BB519FC2A8F52DC0DC73112FACFE914F2A49B678DD5799A2B1DFE95E1A66359014E22FA8D66438413CEBA6CF0E215576B673376BF617AF4DFE9761D2290148701015F200E44455445535465494430303030317F4C12060904007F0007030102025305FE0F01FFFF5F25060100000801035F24060103000801035F37409F25EBFAF4B91E4C60A1683754C5DC076A3179753EF97D9F8CB01FE1DCD3B8C83E7A26602AB1F344BE5706006D79A9FF6A9716404DC83B9F30E1213B393128A2",
"7F218201BA7F4E8201725F290100421044454356434165494443544C303430317F4982011D060A04007F000702020202038120A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E537782207D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9832026DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B68441048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F0469978520A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A78641043EE15015916563E31459045924DE804C1D93A77652AA25D0B753730DBA3233886A9A9B28A06AF84CC5A40F78E9167CA40B8098724A3A0332283D0A52C5453FE08701015F201044454356434165494443544C303430327F4C12060904007F0007030102025305FE1FFFFFFF5F25060106000300015F24060109000300015F374068261CEB4DC915301371C9B273377F33CEB25AFA07E70EDB3498ACF0327DC13B9AF99A9D694A6D048F0DB6FF1774E882CA8F41C8A0B96FDDF6F6DDABFD55CB43",
"7F218201BA7F4E8201725F2901004210444543564341654944435430303030317F4982011D060A04007F000702020202038120A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E537782207D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9832026DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B68441048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F0469978520A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A78641042C037C6CF8C0B62E36E220B7D411404AF248A2C83C569A49FAB02FC232D2395B3A5FF80DDB01D0DFAFCEF55E54ACCBA4C56E528F0746BEF1108E7D9B0122EBA78701015F201044454356434165494443544C303430317F4C12060904007F0007030102025305FE1FFFFFFF5F25060106000300015F24060109000300015F37404FB2F9F17D38656EEC2846CBB1711E07D739E6A584D487B3AFBA5C723C73A10236995E6A19499DE941DFE3CC044E2AACB6B5869C0E46C9585AEF892E2236F62E",
"7F218201BA7F4E8201725F2901004210444543564341654944435430303030317F4982011D060A04007F000702020202038120A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E537782207D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9832026DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B68441048BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F0469978520A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7864104206160B85B82B2BE249DCD7B15FD1AD46CA03F39FE675C07535806E57CE24349392BBB9F73B364672F12243F18083DCC49ACA613767F0873AEB60715FC605A288701015F2010444543564341654944435430303030317F4C12060904007F0007030102025305FE1FFFFFFF5F25060106000300015F24060109000300015F37402B62927D46BF675DB387FC4A425FF3B604B20DD5ED6FFCDAFA9DA1DD920DC996245B358167C66A721DF39C6897864E4D648746339A97D22D08659885F92BDE21"
@ -40,33 +44,21 @@
],
"tlsSettings": {
"protocolVersion": "TlsV1_0OrLater",
"protocolVersion": "TlsV1_2",
"_comment_1": "ciphers are ordered by preference",
"ciphers": [
"ECDHE-ECDSA-AES256-GCM-SHA384",
"ECDHE-RSA-AES256-GCM-SHA384",
"DHE-DSS-AES256-GCM-SHA384",
"DHE-RSA-AES256-GCM-SHA384",
"ECDHE-ECDSA-AES256-SHA384",
"ECDHE-RSA-AES256-SHA384",
"DHE-DSS-AES256-SHA256",
"DHE-RSA-AES256-SHA256",
"ECDHE-ECDSA-AES128-GCM-SHA256",
"ECDHE-RSA-AES128-GCM-SHA256",
"DHE-DSS-AES128-GCM-SHA256",
"DHE-RSA-AES128-GCM-SHA256",
"ECDHE-ECDSA-AES128-SHA256",
"ECDHE-RSA-AES128-SHA256",
"DHE-DSS-AES128-SHA256",
"DHE-RSA-AES128-SHA256",
"ECDHE-ECDSA-AES256-SHA",
"ECDHE-RSA-AES256-SHA",
"DHE-DSS-AES256-SHA",
"DHE-RSA-AES256-SHA",
"ECDHE-ECDSA-AES128-SHA",
"ECDHE-RSA-AES128-SHA",
"DHE-DSS-AES128-SHA",
"DHE-RSA-AES128-SHA"
"DHE-RSA-AES128-SHA256"
],
"_comment_2": "prime256v1 := secp256r1",
"ellipticCurves": [
@ -78,23 +70,23 @@
"secp224r1"
],
"signatureAlgorithms": [
"Rsa+Sha512",
"Dsa+Sha512",
"Ec+Sha512",
"Rsa+Sha384",
"Dsa+Sha384",
"Ec+Sha384",
"Rsa+Sha256",
"Dsa+Sha256",
"Ec+Sha256",
"Rsa+Sha224",
"Dsa+Sha224",
"Ec+Sha224"
"RSA+SHA512",
"DSA+SHA512",
"ECDSA+SHA512",
"RSA+SHA384",
"DSA+SHA384",
"ECDSA+SHA384",
"RSA+SHA256",
"DSA+SHA256",
"ECDSA+SHA256",
"RSA+SHA224",
"DSA+SHA224",
"ECDSA+SHA224"
]
},
"tlsSettingsPsk": {
"protocolVersion": "TlsV1_1OrLater",
"protocolVersion": "TlsV1_2",
"_comment_1": "ciphers are ordered by preference",
"ciphers": [
"RSA-PSK-AES256-GCM-SHA384",
@ -105,15 +97,15 @@
],
"_comment_2": "ellipticCurves not needed",
"signatureAlgorithms": [
"Rsa+Sha512",
"Rsa+Sha384",
"Rsa+Sha256",
"Rsa+Sha224"
"RSA+SHA512",
"RSA+SHA384",
"RSA+SHA256",
"RSA+SHA224"
]
},
"tlsSettingsRemoteReader": {
"protocolVersion": "TlsV1_2OrLater",
"protocolVersion": "TlsV1_2",
"_comment_1": "ciphers are ordered by preference",
"ciphers": [
"ECDHE-RSA-AES256-GCM-SHA384",
@ -133,14 +125,14 @@
"secp224r1"
],
"signatureAlgorithms": [
"Rsa+Sha512",
"Rsa+Sha384",
"Rsa+Sha256"
"RSA+SHA512",
"RSA+SHA384",
"RSA+SHA256"
]
},
"tlsSettingsRemoteReaderPairing": {
"protocolVersion": "TlsV1_2OrLater",
"protocolVersion": "TlsV1_2",
"_comment_1": "ciphers are ordered by preference",
"ciphers": [
"RSA-PSK-AES256-GCM-SHA384",
@ -150,9 +142,9 @@
"RSA-PSK-AES256-CBC-SHA"
],
"signatureAlgorithms": [
"Rsa+Sha512",
"Rsa+Sha384",
"Rsa+Sha256"
"RSA+SHA512",
"RSA+SHA384",
"RSA+SHA256"
]
},
@ -171,14 +163,18 @@
"selfAuthentication": {
"_comment_1": "TCTokenURL for self authentication (AusweisAuskunft)",
"url": "https://www.autentapp.de/AusweisAuskunft/WebServiceRequesterServlet?mode=xml",
"testUrl": "https://test.governikus-eid.de/AusweisAuskunft/WebServiceRequesterServlet?mode=xml"
"url": "https://www.autentapp.de/AusweisAuskunft/WebServiceRequesterServlet?mode=json",
"testUrl": "https://test.governikus-eid.de/AusweisAuskunft/WebServiceRequesterServlet?mode=json"
},
"updateServer": {
"baseUrl": "@REMOTE_CONFIG_URL@/updatable-files"
},
"whitelistServer": {
"baseUrl": "https://appl.governikus-asp.de/whitelistserver"
},
"updates": {
"release": "@REMOTE_CONFIG_URL@@REMOTE_CONFIG_PATH_APPCAST@/Appcast.json",
"beta": "@REMOTE_CONFIG_URL@@REMOTE_CONFIG_PATH_APPCAST_BETA@/Appcast.json"

View File

@ -81,7 +81,7 @@
<div class="header_section" >
<div>
<a title="AusweisApp2" href="https://www.ausweisapp.bund.de/">
<img src="/images/AppLogo_AutentApp2_2014.png" alt="AusweisApp2 Logo" width="256" height="48" />
<img src="/images/Logo_AusweisApp2.png" alt="AusweisApp2 Logo" width="256" height="48" />
</a>
</div>
</div>

View File

@ -81,7 +81,7 @@
<div class="header_section" >
<div>
<a title="AusweisApp2" href="https://www.ausweisapp.bund.de/">
<img src="/images/AppLogo_AutentApp2_2014.png" alt="AusweisApp2 Logo" width="256" height="48" />
<img src="/images/Logo_AusweisApp2.png" alt="AusweisApp2 Logo" width="256" height="48" />
</a>
</div>
</div>

View File

@ -1,224 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 15.0.2, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.1" id="Ebene_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
width="188px" height="40.5px" viewBox="0 0 188 40.5" enable-background="new 0 0 188 40.5" xml:space="preserve">
<g>
<defs>
<rect id="SVGID_1_" x="-0.026" width="232.784" height="40.5"/>
</defs>
<clipPath id="SVGID_2_">
<use xlink:href="#SVGID_1_" overflow="visible"/>
</clipPath>
<g clip-path="url(#SVGID_2_)">
<defs>
<rect id="SVGID_3_" x="-0.026" width="232.784" height="40.5"/>
</defs>
<clipPath id="SVGID_4_">
<use xlink:href="#SVGID_3_" overflow="visible"/>
</clipPath>
<path clip-path="url(#SVGID_4_)" fill="#FFFFFF" d="M4.798,4.205c0,0-4.212,0-4.212,4.213v25.037c0,0,0,4.213,4.212,4.213h25.038
c0,0,4.212,0,4.212-4.213V8.418c0,0,0-4.213-4.212-4.213H4.798z"/>
</g>
<g clip-path="url(#SVGID_2_)">
<defs>
<path id="SVGID_5_" d="M4.89,21.283c0,6.68,5.088,12.109,11.589,12.779v-4.551c-3.985-0.639-7.038-4.063-7.038-8.229
c0-4.165,3.053-7.591,7.038-8.228V8.504C9.978,9.176,4.89,14.604,4.89,21.283"/>
</defs>
<clipPath id="SVGID_6_">
<use xlink:href="#SVGID_5_" overflow="visible"/>
</clipPath>
<g clip-path="url(#SVGID_6_)">
<defs>
<rect id="SVGID_7_" x="4.844" y="8.47" width="11.719" height="25.636"/>
</defs>
<clipPath id="SVGID_8_">
<use xlink:href="#SVGID_7_" overflow="visible"/>
</clipPath>
<g transform="matrix(1 0 0 1 -1.810140e-007 1.930745e-006)" clip-path="url(#SVGID_8_)">
<image overflow="visible" width="176" height="385" xlink:href="data:image/jpeg;base64,/9j/4AAQSkZJRgABAgEEOQQ5AAD/7AARRHVja3kAAQAEAAAAHgAA/+4AIUFkb2JlAGTAAAAAAQMA
EAMCAwYAAAU+AAAGxAAACZX/2wCEABALCwsMCxAMDBAXDw0PFxsUEBAUGx8XFxcXFx8eFxoaGhoX
Hh4jJSclIx4vLzMzLy9AQEBAQEBAQEBAQEBAQEABEQ8PERMRFRISFRQRFBEUGhQWFhQaJhoaHBoa
JjAjHh4eHiMwKy4nJycuKzU1MDA1NUBAP0BAQEBAQEBAQEBAQP/CABEIAYYAwwMBIgACEQEDEQH/
xAChAAEBAQEBAQAAAAAAAAAAAAAAAQUEBgcBAQADAQEAAAAAAAAAAAAAAAACAwQFARAAAAMIAwEB
AQAAAAAAAAAAADIFEDBAAhIDMzQEFQYBITERAAEBBwQCAQQDAQAAAAAAAAIBABBAccGCA6LSMzQR
BLExgRJyIUEUJBIAAQMEAgMAAAcBAAAAAAAAAQAQMHGBkQIxQrEyQxFBUWHRcoIz/9oADAMBAAIR
AxEAAAD6Bm6WTXHCcjm5OtyDrcg63IOtyDrcg63IOtyDrcg63IOvb8z6G6e6OhqZWrlVx8url44o
iiKIoiiKIoiiKJ6DA377N0dHUytXKrj5hXMyRRFEURRFEURRFEUT0GBv3T3B0dTL1MuuPmRzMgAA
AAAAAADewd+6zbHR0svUy64+aVzcsURRFEURRFEURRFE3sLduntjoaWZp5lcfNK52WKIoiiKIoii
KIoiib2Fu2z2h0NLM08yuPnBzswAAAAAAAADcw926eyN+hmaebXHziudmiiKIoiiKIoiiKIom5ib
d09kb9DN0s2EfOq52aKIoiiKIoiiKIoiibeLt2z2Bv0M3SzYR88rnZ4oiiKIoiiKIoiiKJt4u1bP
YG+9naOdCPnlc/PFEURRFEURRFEURRNrG2rZ643Xs7RzoR8+rn0RRFEURRFEURRFEUTaxtm2WuN1
7O0c6EcBXPoiiKIoiiKIoiiKIomzj7NstYbr2foZ8I4CsFEURRFEURRFEURRFE2cfYsnrDdcz9DP
h5gqwZ4oiiKIoiiKIoiiKJsZGvbPWG25n6GfDzCVgoiiKIoiiKIoiiKIomxka9stUbbmfocEPMIY
aAAAAAAAAAGvka9ktUbbnB38EPMMYaAAAAAAAAAGtk61ktUbbnB38EPMMYaAAAAAAAAAGvka9stQ
bLnB38EPMMYaAAAAAAAAAGvka9stQbLnB38EPMMYaAAAAAAAAAGvka9stQbLnB38EPMMYaAAAAAA
AAAGvka9stQbLnB38EPMMYaAAAAAAAAAGvka9stQbLnB38EPMMYaAAAAAAAAAGvka9stQbLnMR84
BRAAAAAAAAAB2EvewXz/AP/aAAgBAgABBQC99+/Ldc4rnFc4rnFc4rnFc4rnFc4rnHHnm+3Rexuu
NlF7G642UXsbrj5RexuuPlF7G64+UXcbrj5RdxuuPlF3G64+UXcbqxkF3G6sZBdxurGQXcbqxkF0
jqxkF0jqxkF0jqxkF0jqxkFwjqzkFwjqzkFwjqzkFwjqzkFwjqzkFwjqzkFwjqzkExfwfg/B+D8H
4Pwfg/B+C2Yf/9oACAEDAAEFAJy1TCqYVTCqYVTCqYVTCqYVTCqYWvv37OLhHVo4nK6tHE5XVo4n
K6tHE5XVs4nK6tnE5XVswnK6tmE5XVswmK6tmExXVswmK6kMJiupDCYrqQwmK6kMJiupDCb+OpDC
b+OpDCYrqQwmK6kMJiupDCYrqQwmK6kMPv8AHUv9H//aAAgBAQABBQALnIvcfh9spDtlIdspDtlI
dspDtlIdspDtlIdspDtlIdspDtlIdspDtlIdspDtlIdspDtlIdspDtlIdspDz3K5HJkZ6LQhfL42
ei0IXzGNnotCF8xjZ6HRhfMkZ6HRhfMkZ6DRhfNEZ6DRhfNEZ6DRhfNkYv6ML5sjF/ShfNkYv6UL
5wjF7ShfOEYvaUL50jF7ShfOkYu6UL50jF3ShfPEYu6cL54jFzThfPEYuacL58jFzThfPkYt6cL5
8jFvThUAjFvThUAjFvThUAjFrUhUEjFrUhUEjFrUhUEjFnUhUIjFnUhUIjFnUhUIjFnUhUMjFnUh
UMjFjUhUMjFjVhUMjFjVhUMjFjVhUQjFjVhUQjFjVhUQjFjVhUQjFjVhUQjFjVhUQjFjVhUQjFjV
hUQjFjVhUQjFjVhUQjFjVhUQjFjVhUQjOb8432zQiihFFCKKEUUIooRRQiihFFCKKEUUIooRRQii
hFFCKKEUUIooRRQiihFFCKOB84fz4P/aAAgBAgIGPwDYj9F7bZXttle22V7bZXttle22V7bZXttl
e22V7bZWoOxPP5/s2/8AWPW/ht/6x638NtSPW/htqR638NtSPW/htqR638NtSPW/htqRi/htqRi/
htqRi7bUjF22pGLttSMXbakYu21IxdtqRi7bUjF22pGLttSMXbakYu21IxdtqRi7bUjF2PF+F8V8
V8V8V8V8V8V8V8V8UP8Al/nlv//aAAgBAwIGPwA0XJyuTlcnK5OVycrk5XJyuTlcnK5OUPxJY0jD
GkYY0jDGkYY0jDGkYY0jDGkYY0jDGMMYwxjDGMMYwxjDGMMYwxjDGMMYwxjDGMMYw38roui6Loui
6Loui6Loutm//9oACAEBAQY/AG/PCagf5InlG7Bt2DbsG3YNuwbdg27Bt2DbsG3YNuwbdg27Bt2D
bsG3YNuwbdg27Bt2DbsG2dc+Rciio/j5/rz5fekN7Ew+CfekN7Ex+CfekN7Ex+Fen7pDexMfhX3p
DexMfhX3pDexMfhXp+6Q3sTH4V9yQ3sTGr7khs8xq+5IbPMavuSGzzGr7khs8xq+5IbPMavuSGzz
Gr7khs8xq+5IbPMavuSGzzGr7khs8xq+5IbPMavuSGzzGr7khs8xq+5IbNMavuSGzTGr7khs0xq+
5IbNMavuSGzTGr7khs0xq+5IbNMavuSGzTGr7khs0xq+5IbNMavuSGzTGr7khs0xq+5IbNMavuSG
zTGr7khs0xq+5IbNMavuSGzTGr7khs0xq+5IbNMavuSGzTGr7khs0xq+5IbNMavuSGzTGr7khs0x
q+5IbNMavuSGzTGr/wDpVRx+U/lPP1+zchatrchatrchatrchatrchatrchatrchatrchatrchat
rchatrchatrchatrchatrchatrchatrchatrchatrchatrchatrchatrchatrH/kJSTyn5efP2+q
I7//2Q==" transform="matrix(0.0666 0 0 -0.0666 4.8438 34.1055)">
</image>
</g>
</g>
</g>
<g clip-path="url(#SVGID_2_)">
<defs>
<path id="SVGID_9_" d="M18.859,13.056c3.984,0.637,7.038,4.063,7.038,8.228c0,4.166-3.053,7.59-7.038,8.229v4.551
c6.5-0.67,11.589-6.1,11.589-12.779c0-6.679-5.089-12.107-11.589-12.779V13.056z"/>
</defs>
<clipPath id="SVGID_10_">
<use xlink:href="#SVGID_9_" overflow="visible"/>
</clipPath>
<g clip-path="url(#SVGID_10_)">
<defs>
<rect id="SVGID_11_" x="18.767" y="8.47" width="11.852" height="25.636"/>
</defs>
<clipPath id="SVGID_12_">
<use xlink:href="#SVGID_11_" overflow="visible"/>
</clipPath>
<g transform="matrix(1 0 0 1 7.456483e-007 1.930745e-006)" clip-path="url(#SVGID_12_)">
<image overflow="visible" width="178" height="385" xlink:href="data:image/jpeg;base64,/9j/4AAQSkZJRgABAgEEOQQ5AAD/7AARRHVja3kAAQAEAAAAHgAA/+4AIUFkb2JlAGTAAAAAAQMA
EAMCAwYAAATzAAAGdwAACSv/2wCEABALCwsMCxAMDBAXDw0PFxsUEBAUGx8XFxcXFx8eFxoaGhoX
Hh4jJSclIx4vLzMzLy9AQEBAQEBAQEBAQEBAQEABEQ8PERMRFRISFRQRFBEUGhQWFhQaJhoaHBoa
JjAjHh4eHiMwKy4nJycuKzU1MDA1NUBAP0BAQEBAQEBAQEBAQP/CABEIAYYAwwMBIgACEQEDEQH/
xACPAAEBAQEBAQAAAAAAAAAAAAAAAQUEBgcBAQEBAQAAAAAAAAAAAAAAAAAEAgMQAAAFBAMBAQEA
AAAAAAAAAAAyAzMFEDBAEgIVBgQBEREAAAUEAwEAAgMAAAAAAAAAAbECcgMAEEAyotI0ETFBgSIU
EgABAwUBAQEBAAAAAAAAAAABABAwMYGRMkMCEYJC/9oADAMBAAIRAxEAAAD6Bka+HvGO5FsvW5B1
uQdbkHW5B1uQdbkHW5B1uQdbkHXu+X9Hy3uCSph7mJ0x5wWxgAAAAAAAAPRed9Hy67YjqYm3idMe
dVbHFEURRFEURRFEURRPRee9Dy67YjqYu1i9MeeFsYAAAAAAAAD0PnvQ8uu0I6mNs43THnlWSRRF
EURRFEURRFEUT0Pn/Qc+myI6mNs43TGALJAAAAAAAAAG/gb/AD6bIjqY+xj7xgKtkiiKIoiiKIoi
iKIom/g73LpsCSpj7GRvGCq2SKIoiiKIoiiKIoiibuHu8umuJKmRr5G8YSrJIoiiKIoiiKIoiiKJ
u4e5z6a4kqZOtk7xhKskiiKIoiiKIoiiKIom7h7nPprCSpk62TvGILJAAAAAAAAAG3ibfPprCSpl
auVvGILJAAAAAAAAAG3ibfPpqiSplauVvGKLJAAAAAAAAAG1i7XLpqiWpl6mXvGKK5AAAAAAAAAG
1i7XPpqCWpl6mXvGMK5AAAAAAAAAGzjbPPpqCWpl6mZvGMK5AAAAAAAAAGxj7PPppiWpmaeZvGOK
5AAAAAAAAAGxj7HPppiWpmaeZvGOquSKIoiiKIoiiKIoiibGRr8+mmJamZp5u8Y6qpIoiiKIoiiK
IoiiKJr5OvjppCWpm6WbvGQKpAAAAAAAAAGvka+OmkJambpZu8ZCqpIoiiKIoiiKIoiiKJr5Otjp
pCWpm6WbvGSKpQAAAAAAAAGtk62N6QlqZulm7xkiqUAAAAAAAABrZOtjekJambpZu8ZIqkAAAAAA
AAAa2Trc+mkJqnKazxjrxAAAAAAAAAdhnXUOXb//2gAIAQIAAQUAS/P7z04jTiNOI04jTiNOI04j
TiNOI04hbjx/OARctLthJy0u2EnLS7YSctLNhI9pYgSPaWIEj2liBI9pYgSPaWIEj2liBI9pYgSP
aWIEj2liBI9pYgTPaVIEz2lSBM9pUgTPaVIEz2lSBM9pUgTPaVIEz2lSBM9pUg4mtcyj/9oACAED
AAEFAFCbchtyG3IbchtyG3IbchtyG3Ibcgly/f3mFSWkThUlpE4VJaROFSWkThUlpE4VJaROFSWk
ThUlpI4VJaSOFCWkjhQlpI4UJaSOFCWkjhQlpI4UJaSOFCWkjhQlpI4UJaSOFCWkjhQlpI4UJaSO
FCWkjhQlpI45FtcDD//aAAgBAQABBQAeh+r6PmR7eSHbyQ7eSHbyQ7eSHbyQ7eSHbyQ7eSHbyQ7e
SHbyQ7eSHbyQ7eSHbyQ7eSHbyQ7eSHbyQ7eSHnvq+j6UaeoYxfLsU9Oxi+YYp6djF8wxT0zGL5li
npmMXzLFPSsYvmmKelYxfNMU9Ixi+bYp6RjF82xT0bGL5xino2MXzjFPRM4vnWaeiZxfOs09Czi+
eZp6FnF88zT0LOL55mnoGcXz7NPQM4vn2aT7OLAM0n2cWAZpPs4sAzSeZxYFmk8ziwLNJ5nFgWaT
rWLBNUnWsWCapOtYsE1ScaxYNqk41iwbVJxrFg2qTbWLCNUm2sWEapNtYsI1SbaxYRqk01iwrVJp
rFhWqTTWLCtUmmsWFapNNYsK1SZaxYZqky1iwzVJlrFhmqTLWLDNUmWsWGapMtYsM1SZaxYZqky1
iwzVPu/Pk/eGkONIcaQ40hxpDjSHGkONIcaQ40hxpDjSHGkONIcaQ40hxpDjSHGkONIcaQ4+H8+T
84D/2gAIAQICBj8A8/VqMLUYWowtRhajC1GFqMLUYWowtRhH4AKN5jNm8xmzeYzZvMZs3mM2bzGb
N5jNm8xmzCM2YRlhGWEZYRlhGWEZYRlhGWEZYRlhGWEZYRlhGWFbVXVdV1XVdV1XVdV1XVf3+qN/
/9oACAEDAgY/ACqnKqcqpyqnKqcqpyqnKqcqpyqnKH0ljGGMYYxhjGGMYYxhjGGMYYxhjGGMYYxh
jGGMYYxhjGGMYYxhjGGMYYxhjGGMYY0vRclyXJclyXJclyXJclz/ADVv/9oACAEBAQY/AKhVBIMY
qUICIfsPlehdehdehdehdehdehdehdehdehdehdehdehdehdehdehdehdehdehdehdehdehdTKnk
GQUqAAEf0Hy8DxLGneBXgeJY07wK8DxLGneBXgeJY07wK8DxLGneBXheJY0zwK8LxLGmeBXhcJY0
zgK8LhLGmcBXhcJY0zgK8LhLGmcBXhcJY0zgK8LhLGmcBXhcJY0zgK8LhLGmcBXhcJY0zgK8LhLG
mcBXhcJY0zgK8ThLGlcBXicJY0rgK8ThLGlcBXicJY0rgK8ThLGlcBXicJY0rgK8ThLGlcBXicJY
0rgK8ThLGlcBXicJY0rgK8ThLGlcBXicJY0rgK8ThLGlcBXicJY0rgK8ThLGlcBXicJY0rgK8ThL
GlcBXicJY0rgK8bhLGkcBXjcJY0jgK8bhLGkcBXjcJY0jgK8bhLGkcBXjcJY0jgK8bhLGkcBXjcJ
Y0jgK8bhLGkcBXjcJY0jgK8bhLGkcBXT/qEUp+/1+ffz/Fbq5da3Vy61url1rdXLrW6uXWt1cutb
q5da3Vy61url1rdXLrW6uXWt1cutbq5da3Vy61url1rdXLrW6uXWt1cutbq5da3Vy61url1pX+UR
Un7/AG+/fz/Nv//Z" transform="matrix(0.0666 0 0 -0.0666 18.7666 34.1055)">
</image>
</g>
</g>
</g>
<g clip-path="url(#SVGID_2_)">
<defs>
<rect id="SVGID_13_" x="-0.026" width="232.784" height="40.5"/>
</defs>
<clipPath id="SVGID_14_">
<use xlink:href="#SVGID_13_" overflow="visible"/>
</clipPath>
<path clip-path="url(#SVGID_14_)" fill="#5286C1" d="M33.628,33.143c0,4.105-4.104,4.105-4.104,4.105H5.111
c-4.105,0-4.105-4.105-4.105-4.105V8.73c0-4.104,4.105-4.104,4.105-4.104h24.413c4.104,0,4.104,4.104,4.104,4.104V33.143z
M34.66,33.354V8.52c0,0,0-4.926-4.926-4.926H4.9c0,0-4.926,0-4.926,4.926v24.834c0,0,0,4.926,4.926,4.926h24.833
C29.733,38.279,34.66,38.279,34.66,33.354"/>
<g opacity="0.8" clip-path="url(#SVGID_14_)">
<g>
<defs>
<rect id="SVGID_15_" x="31.426" width="201.332" height="40.5"/>
</defs>
<clipPath id="SVGID_16_">
<use xlink:href="#SVGID_15_" overflow="visible"/>
</clipPath>
<g clip-path="url(#SVGID_16_)">
<path fill="#5288C1" d="M54.316,30.701l-1.209-4.072H48.07l-1.21,4.072h-3.604l5.629-17.208h3.728l5.407,17.208H54.316z
M51.329,20.307l-0.691-3.037c-0.099,0.396-0.518,2.173-0.814,3.309c-0.321,1.235-0.543,2.05-0.914,3.185h3.358
C52.144,23.394,51.6,21.492,51.329,20.307z"/>
<path fill="#5288C1" d="M67.522,31.047c-0.42-0.295-0.766-0.715-0.988-1.234c-0.814,0.791-2,1.211-3.333,1.211
c-1.778,0-3.309-0.84-3.728-2.051c-0.198-0.566-0.272-1.234-0.272-2.518v-8.099l3.259-0.617v8.124
c0,1.135,0.099,1.729,0.271,2.073c0.173,0.346,0.667,0.594,1.16,0.594c0.815,0,1.802-0.594,2.049-1.211V18.43l3.16-0.666v9.654
c0,0.84,0.271,1.703,0.765,2.297L67.522,31.047z"/>
<path fill="#5288C1" d="M75.839,31.096c-1.555,0-3.259-0.492-5.11-1.455l1.185-2.42c1.012,0.617,2.765,1.432,4.197,1.432
c0.938,0,1.679-0.617,1.679-1.432c0-0.865-0.617-1.309-1.951-1.555l-1.481-0.271c-0.84-0.148-1.876-0.742-2.321-1.285
s-0.716-1.457-0.716-2.271c0-2.469,1.951-4.123,4.889-4.123c2.024,0,3.357,0.617,4.518,1.186l-1.086,2.222
c-1.259-0.642-2.173-0.914-3.111-0.914c-0.963,0-1.604,0.494-1.604,1.236c0,0.642,0.419,0.988,1.58,1.283l1.53,0.396
c1.556,0.395,2.074,0.863,2.519,1.432c0.469,0.592,0.691,1.309,0.691,2.147C81.247,29.318,79.074,31.096,75.839,31.096z"/>
<path fill="#5288C1" d="M94.897,30.701H91.86l-1.136-4.346c-0.271-1.012-0.568-2.221-0.716-3.061l-0.197-1.26
c-0.074,0.543-0.099,0.717-0.296,1.631c-0.247,1.086-0.79,3.258-1.086,4.444l-0.642,2.592h-3.086l-3.457-12.418l3.284-0.371
l1.037,4.865c0.296,1.309,0.642,3.432,0.716,3.924c0.148-0.963,0.518-2.987,0.913-4.395l1.185-4.246h3.111l1.012,4.174
c0.494,2.098,0.864,4.049,0.938,4.467c0.074-0.543,0.346-2.518,0.691-4.124l0.963-4.518h3.407L94.897,30.701z"/>
<path fill="#5288C1" d="M103.312,25.417v0.1c0,1.95,0.963,3.061,2.667,3.061c1.136,0,2.197-0.42,3.21-1.26l1.283,1.977
c-1.457,1.184-2.987,1.752-4.766,1.752c-3.628,0-5.974-2.566-5.974-6.543c0-2.27,0.469-3.777,1.58-5.012
c1.037-1.16,2.296-1.703,3.975-1.703c1.456,0,2.839,0.494,3.653,1.333c1.161,1.186,1.68,2.89,1.68,5.53v0.766H103.312z
M107.189,22.851c0-0.939-0.1-1.433-0.396-1.902c-0.321-0.494-0.79-0.741-1.456-0.741c-1.26,0-1.976,0.988-1.976,2.741v0.049
h3.827V22.851z"/>
<path fill="#5288C1" d="M113.902,16.628c-1.111,0-2.025-0.914-2.025-2.05s0.938-2.049,2.074-2.049c1.111,0,2,0.913,2,2.049
S115.037,16.628,113.902,16.628z M112.248,30.701V18.283l3.309-0.519v12.937H112.248z"/>
<path fill="#5288C1" d="M122.294,31.096c-1.555,0-3.259-0.492-5.11-1.455l1.185-2.42c1.013,0.617,2.766,1.432,4.197,1.432
c0.938,0,1.68-0.617,1.68-1.432c0-0.865-0.617-1.309-1.951-1.555l-1.48-0.271c-0.84-0.148-1.877-0.742-2.321-1.285
s-0.716-1.457-0.716-2.271c0-2.469,1.95-4.123,4.889-4.123c2.023,0,3.357,0.617,4.518,1.186l-1.086,2.222
c-1.26-0.642-2.174-0.914-3.111-0.914c-0.963,0-1.604,0.494-1.604,1.236c0,0.642,0.419,0.988,1.58,1.283l1.53,0.396
c1.556,0.395,2.074,0.863,2.519,1.432c0.469,0.592,0.691,1.309,0.691,2.147C127.702,29.318,125.529,31.096,122.294,31.096z"/>
<path fill="#5288C1" d="M139.549,30.701l-1.209-4.072h-5.037l-1.209,4.072h-3.604l5.63-17.208h3.727l5.408,17.208H139.549z
M136.563,20.307l-0.691-3.037c-0.1,0.396-0.518,2.173-0.814,3.309c-0.32,1.235-0.543,2.05-0.914,3.185h3.357
C137.377,23.394,136.834,21.492,136.563,20.307z"/>
<path fill="#5288C1" d="M154.188,29.541c-0.865,0.914-2,1.432-3.383,1.432c-0.988,0-1.926-0.246-2.641-0.666
c0.049,0.297,0.049,0.666,0.049,1.037v3.949l-3.186,0.84V21.517c0-1.654-0.023-2.124-0.197-3.185l2.938-0.519
c0.123,0.444,0.197,0.79,0.223,1.186c0.568-0.691,1.826-1.186,3.111-1.186c0.889,0,1.803,0.297,2.492,0.766
c1.359,0.913,2.346,2.543,2.346,5.456C155.939,26.752,155.496,28.135,154.188,29.541z M152.014,21.566
c-0.246-0.692-0.764-1.062-1.58-1.062c-0.814,0-1.604,0.346-2.197,0.963v6.147c0.445,0.371,1.162,0.74,1.828,0.74
c1.629,0,2.271-1.109,2.271-3.999C152.336,23.146,152.236,22.183,152.014,21.566z"/>
<path fill="#5288C1" d="M166.578,29.541c-0.863,0.914-2,1.432-3.381,1.432c-0.988,0-1.926-0.246-2.643-0.666
c0.049,0.297,0.049,0.666,0.049,1.037v3.949l-3.184,0.84V21.517c0-1.654-0.025-2.124-0.197-3.185l2.938-0.519
c0.123,0.444,0.197,0.79,0.223,1.186c0.566-0.691,1.826-1.186,3.109-1.186c0.889,0,1.803,0.297,2.494,0.766
c1.357,0.913,2.346,2.543,2.346,5.456C168.332,26.752,167.887,28.135,166.578,29.541z M164.406,21.566
c-0.246-0.692-0.766-1.062-1.58-1.062s-1.605,0.346-2.197,0.963v6.147c0.443,0.371,1.16,0.74,1.826,0.74
c1.631,0,2.271-1.109,2.271-3.999C164.727,23.146,164.629,22.183,164.406,21.566z"/>
</g>
<g clip-path="url(#SVGID_16_)">
<path fill="#5288C1" d="M185.299,30.701h-12.586v-3.076l3.734-2.417c3.453-2.229,4.99-3.672,4.99-5.557
c0-1.569-1.129-2.385-2.887-2.385c-1.947,0-3.768,1.381-4.52,1.978l-1.854-2.009c2.262-2.009,4.457-3.014,7.314-3.014
c3.516,0,5.9,1.915,5.9,4.896c0,2.699-2.229,5.055-6.717,7.786l-1.758,1.066c0.283-0.031,1.57-0.125,3.17-0.125h5.932
L185.299,30.701z"/>
</g>
</g>
</g>
</g>
</g>
</svg>

Before

Width:  |  Height:  |  Size: 15 KiB

View File

Before

Width:  |  Height:  |  Size: 3.2 KiB

After

Width:  |  Height:  |  Size: 3.2 KiB

View File

Before

Width:  |  Height:  |  Size: 1.2 KiB

After

Width:  |  Height:  |  Size: 1.2 KiB

View File

@ -1,6 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 17.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.1" id="Ebene_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
width="24px" height="24px" viewBox="0 0 24 24" enable-background="new 0 0 24 24" xml:space="preserve">
<path fill="#010202" d="M20,11H7.828l5.586-5.586L12,4l-8,8l8,8l1.414-1.414L7.828,13H20V11z"/>
</svg>

Before

Width:  |  Height:  |  Size: 466 B

View File

@ -1,6 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 17.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.1" id="Ebene_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
width="24px" height="24px" viewBox="0 0 24 24" enable-background="new 0 0 24 24" xml:space="preserve">
<path fill="#FFFFFF" d="M20,11H7.828l5.586-5.586L12,4l-8,8l8,8l1.414-1.414L7.828,13H20V11z"/>
</svg>

Before

Width:  |  Height:  |  Size: 466 B

View File

@ -1,64 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 17.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.1" id="Ebene_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
width="56px" height="24px" viewBox="0 0 56 24" enable-background="new 0 0 56 24" xml:space="preserve">
<symbol id="ic_x5F_delete_x0D_" viewBox="0 -24 24 24">
<g>
<path fill="#010202" d="M6-19c0-1.104,0.895-2,2-2h8c1.104,0,2,0.896,2,2v12H6V-19z M19-4h-3.5l-1,1h-5l-1-1H5v-2h14V-4z"/>
</g>
<polygon fill="none" points="24,-24 0,-24 0,0 24,0 "/>
</symbol>
<use xlink:href="#ic_x5F_delete_x0D_" width="24" height="24" id="ic_x5F_delete" y="-24" transform="matrix(1 0 0 -1 0 0)" display="none" overflow="visible" opacity="0.54"/>
<path display="none" fill="#538AC3" d="M18.443,3H5.556C5.556,3,3,3,3,5.556v12.887C3,18.443,3,21,5.556,21h12.887
c0-0.001,2.556-0.001,2.556-2.557V5.556C21,5.556,21,3,18.443,3z M11.395,7.815C9.368,8.14,7.815,9.882,7.815,12
c0,2.118,1.553,3.86,3.58,4.185v2.314C8.088,18.158,5.5,15.396,5.5,12c0-3.397,2.588-6.158,5.895-6.5V7.815z M12.605,18.499v-2.314
c2.027-0.325,3.58-2.067,3.58-4.185s-1.553-3.861-3.58-4.185V5.5C15.911,5.841,18.5,8.603,18.5,12
C18.5,15.396,15.911,18.158,12.605,18.499z"/>
<g id="TAGS_1_" display="none" enable-background="new ">
<g id="TAGS" display="inline">
<g>
<path fill="#548AC3" d="M20.028,10.283l-1.709-1.634c-0.002,0.003-0.004,0.006-0.006,0.009l-5.605-5.362
c-0.181-0.182-0.431-0.294-0.708-0.294c-0.001,0-0.002,0-0.003,0V3H5.676v0.002c-0.552,0-0.999,0.447-0.999,0.999h7.324
l8.016,7.708l0.073-0.085l0.001,0c0.142-0.172,0.232-0.391,0.232-0.633C20.323,10.715,20.21,10.464,20.028,10.283z
M19.657,13.306c0-0.029-0.001-0.058-0.004-0.087c-0.001-0.006-0.002-0.01-0.003-0.015c-0.004-0.029-0.007-0.057-0.013-0.085
c0-0.001,0-0.001,0-0.001c-0.041-0.198-0.14-0.374-0.28-0.51L11.71,5.294C11.529,5.112,11.279,5,11.002,5C11.001,5,11.001,5,11,5
V4.997H4.678V5C4.126,5,3.679,5.447,3.679,5.998H3.677v6.341h0.004c0.005,0.292,0.136,0.552,0.341,0.731l-0.004,0.004
l8.322,7.656l0.002-0.002c0.131,0.116,0.293,0.198,0.472,0.231c0.007,0.002,0.015,0.003,0.022,0.004
c0.022,0.004,0.045,0.007,0.067,0.009c0.032,0.004,0.064,0.005,0.097,0.005c0.305,0,0.577-0.137,0.76-0.353l0,0.001l5.659-6.658
l0-0.001c0.148-0.174,0.238-0.399,0.238-0.646C19.658,13.317,19.657,13.311,19.657,13.306z M6.342,8.994
c-0.735,0-1.332-0.596-1.332-1.332s0.596-1.332,1.332-1.332s1.332,0.596,1.332,1.332S7.077,8.994,6.342,8.994z"/>
</g>
</g>
</g>
<g id="TEXT__x2F__LEFT_1_" enable-background="new ">
<g id="TEXT__x2F__LEFT">
<g>
<path fill="#548AC3" d="M2.345,10.325h13.317c0,0,0,0,0,0h1.997c0.552,0,0.999-0.447,0.999-0.999
c0-0.552-0.447-0.999-0.999-0.999H2.345c-0.552,0-0.999,0.447-0.999,0.999C1.346,9.877,1.793,10.325,2.345,10.325z M2.345,4.998
h19.31c0.552,0,0.999-0.447,0.999-0.999S22.207,3,21.655,3H2.345C1.793,3,1.346,3.447,1.346,3.999S1.793,4.998,2.345,4.998z
M21.655,13.654H2.345c-0.552,0-0.999,0.447-0.999,0.999c0,0.552,0.447,0.999,0.999,0.999h19.31c0.552,0,0.999-0.447,0.999-0.999
C22.654,14.101,22.207,13.654,21.655,13.654z M15.662,18.981H2.345c-0.552,0-0.999,0.447-0.999,0.999
c0,0.552,0.447,0.999,0.999,0.999h13.317c0.552,0,0.999-0.447,0.999-0.999C16.661,19.428,16.214,18.981,15.662,18.981z"/>
</g>
</g>
</g>
<g id="COG_1_" display="none" enable-background="new ">
<g id="COG" display="inline">
<g>
<path fill="#548AC3" d="M12.003,8.627c-1.864,0-3.375,1.511-3.375,3.375c0,1.864,1.511,3.375,3.375,3.375
s3.375-1.511,3.375-3.375S13.866,8.627,12.003,8.627z M12.003,13.69c-0.932,0-1.688-0.755-1.688-1.688s0.756-1.688,1.688-1.688
c0.932,0,1.688,0.755,1.688,1.688S12.935,13.69,12.003,13.69z M18.617,10.163c-0.152-0.55-0.373-1.072-0.65-1.557
c0.315-0.424,1.401-2.009,0.618-2.792L18.184,5.39c-0.669-0.669-2.378,0.376-2.793,0.646c-0.491-0.278-1.018-0.499-1.575-0.65
C13.726,4.856,13.336,3,12.235,3h-0.44c-0.945,0-1.488,1.919-1.609,2.4C9.636,5.554,9.116,5.775,8.632,6.053
C8.251,5.769,6.614,4.637,5.815,5.436L5.391,5.793C4.695,6.489,5.852,8.325,6.063,8.647c-0.267,0.478-0.482,0.989-0.63,1.529
c-0.462,0.074-2.433,0.454-2.433,1.588v0.44c0,0.982,2.067,1.528,2.444,1.62c0.15,0.536,0.366,1.043,0.634,1.517
c-0.222,0.348-1.335,2.176-0.645,2.867l0.401,0.334c0.908,0.908,2.805-0.584,2.805-0.584l-0.088-0.094
c0.503,0.298,1.048,0.533,1.623,0.695c0.094,0.388,0.64,2.44,1.619,2.44h0.44c1.284,0,1.602-2.397,1.602-2.397L13.72,18.6
c0.582-0.149,1.134-0.373,1.646-0.66c0.401,0.267,2.082,1.319,2.752,0.648l0.446-0.447c0.896-0.896-0.562-2.727-0.602-2.778
c0.276-0.485,0.498-1.004,0.651-1.554c0.501-0.127,2.386-0.668,2.386-1.605v-0.44C20.999,10.52,18.757,10.183,18.617,10.163z
M12.003,17.065c-2.796,0-5.063-2.267-5.063-5.063s2.267-5.063,5.063-5.063c2.796,0,5.063,2.267,5.063,5.063
S14.799,17.065,12.003,17.065z"/>
</g>
</g>
</g>
</svg>

Before

Width:  |  Height:  |  Size: 4.8 KiB

View File

@ -1,63 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 17.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.1" id="Ebene_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
width="56px" height="24px" viewBox="0 0 56 24" enable-background="new 0 0 56 24" xml:space="preserve">
<symbol id="ic_x5F_delete_x0D_" viewBox="0 -24 24 24">
<g>
<path fill="#010202" d="M6-19c0-1.104,0.895-2,2-2h8c1.104,0,2,0.896,2,2v12H6V-19z M19-4h-3.5l-1,1h-5l-1-1H5v-2h14V-4z"/>
</g>
<polygon fill="none" points="24,-24 0,-24 0,0 24,0 "/>
</symbol>
<use xlink:href="#ic_x5F_delete_x0D_" width="24" height="24" id="ic_x5F_delete" y="-24" transform="matrix(1 0 0 -1 0 0)" display="none" overflow="visible" opacity="0.54"/>
<path fill="#538AC3" d="M18.443,3H5.556C5.556,3,3,3,3,5.556v12.887C3,18.443,3,21,5.556,21h12.887c0-0.001,2.556-0.001,2.556-2.557
V5.556C21,5.556,21,3,18.443,3z M11.395,7.815C9.368,8.14,7.815,9.882,7.815,12c0,2.118,1.553,3.86,3.58,4.185v2.314
C8.088,18.158,5.5,15.396,5.5,12c0-3.397,2.588-6.158,5.895-6.5V7.815z M12.605,18.499v-2.314c2.027-0.325,3.58-2.067,3.58-4.185
s-1.553-3.861-3.58-4.185V5.5C15.911,5.841,18.5,8.603,18.5,12C18.5,15.396,15.911,18.158,12.605,18.499z"/>
<g id="TAGS_1_" display="none" enable-background="new ">
<g id="TAGS" display="inline">
<g>
<path fill="#548AC3" d="M20.028,10.283l-1.709-1.634c-0.002,0.003-0.004,0.006-0.006,0.009l-5.605-5.362
c-0.181-0.182-0.431-0.294-0.708-0.294c-0.001,0-0.002,0-0.003,0V3H5.676v0.002c-0.552,0-0.999,0.447-0.999,0.999h7.324
l8.016,7.708l0.073-0.085l0.001,0c0.142-0.172,0.232-0.391,0.232-0.633C20.323,10.715,20.21,10.464,20.028,10.283z
M19.657,13.306c0-0.029-0.001-0.058-0.004-0.087c-0.001-0.006-0.002-0.01-0.003-0.015c-0.004-0.029-0.007-0.057-0.013-0.085
c0-0.001,0-0.001,0-0.001c-0.041-0.198-0.14-0.374-0.28-0.51L11.71,5.294C11.529,5.112,11.279,5,11.002,5C11.001,5,11.001,5,11,5
V4.997H4.678V5C4.126,5,3.679,5.447,3.679,5.998H3.677v6.341h0.004c0.005,0.292,0.136,0.552,0.341,0.731l-0.004,0.004
l8.322,7.656l0.002-0.002c0.131,0.116,0.293,0.198,0.472,0.231c0.007,0.002,0.015,0.003,0.022,0.004
c0.022,0.004,0.045,0.007,0.067,0.009c0.032,0.004,0.064,0.005,0.097,0.005c0.305,0,0.577-0.137,0.76-0.353l0,0.001l5.659-6.658
l0-0.001c0.148-0.174,0.238-0.399,0.238-0.646C19.658,13.317,19.657,13.311,19.657,13.306z M6.342,8.994
c-0.735,0-1.332-0.596-1.332-1.332s0.596-1.332,1.332-1.332s1.332,0.596,1.332,1.332S7.077,8.994,6.342,8.994z"/>
</g>
</g>
</g>
<g id="TEXT__x2F__LEFT_1_" display="none" enable-background="new ">
<g id="TEXT__x2F__LEFT" display="inline">
<g>
<path fill="#548AC3" d="M2.345,10.325h13.317c0,0,0,0,0,0h1.997c0.552,0,0.999-0.447,0.999-0.999
c0-0.552-0.447-0.999-0.999-0.999H2.345c-0.552,0-0.999,0.447-0.999,0.999C1.346,9.877,1.793,10.325,2.345,10.325z M2.345,4.998
h19.31c0.552,0,0.999-0.447,0.999-0.999S22.207,3,21.655,3H2.345C1.793,3,1.346,3.447,1.346,3.999S1.793,4.998,2.345,4.998z
M21.655,13.654H2.345c-0.552,0-0.999,0.447-0.999,0.999c0,0.552,0.447,0.999,0.999,0.999h19.31c0.552,0,0.999-0.447,0.999-0.999
C22.654,14.101,22.207,13.654,21.655,13.654z M15.662,18.981H2.345c-0.552,0-0.999,0.447-0.999,0.999
c0,0.552,0.447,0.999,0.999,0.999h13.317c0.552,0,0.999-0.447,0.999-0.999C16.661,19.428,16.214,18.981,15.662,18.981z"/>
</g>
</g>
</g>
<g id="COG_1_" display="none" enable-background="new ">
<g id="COG" display="inline">
<g>
<path fill="#548AC3" d="M12.003,8.627c-1.864,0-3.375,1.511-3.375,3.375c0,1.864,1.511,3.375,3.375,3.375
s3.375-1.511,3.375-3.375S13.866,8.627,12.003,8.627z M12.003,13.69c-0.932,0-1.688-0.755-1.688-1.688s0.756-1.688,1.688-1.688
c0.932,0,1.688,0.755,1.688,1.688S12.935,13.69,12.003,13.69z M18.617,10.163c-0.152-0.55-0.373-1.072-0.65-1.557
c0.315-0.424,1.401-2.009,0.618-2.792L18.184,5.39c-0.669-0.669-2.378,0.376-2.793,0.646c-0.491-0.278-1.018-0.499-1.575-0.65
C13.726,4.856,13.336,3,12.235,3h-0.44c-0.945,0-1.488,1.919-1.609,2.4C9.636,5.554,9.116,5.775,8.632,6.053
C8.251,5.769,6.614,4.637,5.815,5.436L5.391,5.793C4.695,6.489,5.852,8.325,6.063,8.647c-0.267,0.478-0.482,0.989-0.63,1.529
c-0.462,0.074-2.433,0.454-2.433,1.588v0.44c0,0.982,2.067,1.528,2.444,1.62c0.15,0.536,0.366,1.043,0.634,1.517
c-0.222,0.348-1.335,2.176-0.645,2.867l0.401,0.334c0.908,0.908,2.805-0.584,2.805-0.584l-0.088-0.094
c0.503,0.298,1.048,0.533,1.623,0.695c0.094,0.388,0.64,2.44,1.619,2.44h0.44c1.284,0,1.602-2.397,1.602-2.397L13.72,18.6
c0.582-0.149,1.134-0.373,1.646-0.66c0.401,0.267,2.082,1.319,2.752,0.648l0.446-0.447c0.896-0.896-0.562-2.727-0.602-2.778
c0.276-0.485,0.498-1.004,0.651-1.554c0.501-0.127,2.386-0.668,2.386-1.605v-0.44C20.999,10.52,18.757,10.183,18.617,10.163z
M12.003,17.065c-2.796,0-5.063-2.267-5.063-5.063s2.267-5.063,5.063-5.063c2.796,0,5.063,2.267,5.063,5.063
S14.799,17.065,12.003,17.065z"/>
</g>
</g>
</g>
</svg>

Before

Width:  |  Height:  |  Size: 4.8 KiB

View File

@ -1,64 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 17.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.1" id="Ebene_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
width="56px" height="24px" viewBox="0 0 56 24" enable-background="new 0 0 56 24" xml:space="preserve">
<symbol id="ic_x5F_delete_x0D_" viewBox="0 -24 24 24">
<g>
<path fill="#010202" d="M6-19c0-1.104,0.895-2,2-2h8c1.104,0,2,0.896,2,2v12H6V-19z M19-4h-3.5l-1,1h-5l-1-1H5v-2h14V-4z"/>
</g>
<polygon fill="none" points="24,-24 0,-24 0,0 24,0 "/>
</symbol>
<use xlink:href="#ic_x5F_delete_x0D_" width="24" height="24" id="ic_x5F_delete" y="-24" transform="matrix(1 0 0 -1 0 0)" display="none" overflow="visible" opacity="0.54"/>
<path display="none" fill="#538AC3" d="M18.443,3H5.556C5.556,3,3,3,3,5.556v12.887C3,18.443,3,21,5.556,21h12.887
c0-0.001,2.556-0.001,2.556-2.557V5.556C21,5.556,21,3,18.443,3z M11.395,7.815C9.368,8.14,7.815,9.882,7.815,12
c0,2.118,1.553,3.86,3.58,4.185v2.314C8.088,18.158,5.5,15.396,5.5,12c0-3.397,2.588-6.158,5.895-6.5V7.815z M12.605,18.499v-2.314
c2.027-0.325,3.58-2.067,3.58-4.185s-1.553-3.861-3.58-4.185V5.5C15.911,5.841,18.5,8.603,18.5,12
C18.5,15.396,15.911,18.158,12.605,18.499z"/>
<g id="TAGS_1_" enable-background="new ">
<g id="TAGS">
<g>
<path fill="#548AC3" d="M20.028,10.283l-1.709-1.634c-0.002,0.003-0.004,0.006-0.006,0.009l-5.605-5.362
c-0.181-0.182-0.431-0.294-0.708-0.294c-0.001,0-0.002,0-0.003,0V3H5.676v0.002c-0.552,0-0.999,0.447-0.999,0.999h7.324
l8.016,7.708l0.073-0.085l0.001,0c0.142-0.172,0.232-0.391,0.232-0.633C20.323,10.715,20.21,10.464,20.028,10.283z
M19.657,13.306c0-0.029-0.001-0.058-0.004-0.087c-0.001-0.006-0.002-0.01-0.003-0.015c-0.004-0.029-0.007-0.057-0.013-0.085
c0-0.001,0-0.001,0-0.001c-0.041-0.198-0.14-0.374-0.28-0.51L11.71,5.294C11.529,5.112,11.279,5,11.002,5C11.001,5,11.001,5,11,5
V4.997H4.678V5C4.126,5,3.679,5.447,3.679,5.998H3.677v6.341h0.004c0.005,0.292,0.136,0.552,0.341,0.731l-0.004,0.004
l8.322,7.656l0.002-0.002c0.131,0.116,0.293,0.198,0.472,0.231c0.007,0.002,0.015,0.003,0.022,0.004
c0.022,0.004,0.045,0.007,0.067,0.009c0.032,0.004,0.064,0.005,0.097,0.005c0.305,0,0.577-0.137,0.76-0.353l0,0.001l5.659-6.658
l0-0.001c0.148-0.174,0.238-0.399,0.238-0.646C19.658,13.317,19.657,13.311,19.657,13.306z M6.342,8.994
c-0.735,0-1.332-0.596-1.332-1.332s0.596-1.332,1.332-1.332s1.332,0.596,1.332,1.332S7.077,8.994,6.342,8.994z"/>
</g>
</g>
</g>
<g id="TEXT__x2F__LEFT_1_" display="none" enable-background="new ">
<g id="TEXT__x2F__LEFT" display="inline">
<g>
<path fill="#548AC3" d="M2.345,10.325h13.317c0,0,0,0,0,0h1.997c0.552,0,0.999-0.447,0.999-0.999
c0-0.552-0.447-0.999-0.999-0.999H2.345c-0.552,0-0.999,0.447-0.999,0.999C1.346,9.877,1.793,10.325,2.345,10.325z M2.345,4.998
h19.31c0.552,0,0.999-0.447,0.999-0.999S22.207,3,21.655,3H2.345C1.793,3,1.346,3.447,1.346,3.999S1.793,4.998,2.345,4.998z
M21.655,13.654H2.345c-0.552,0-0.999,0.447-0.999,0.999c0,0.552,0.447,0.999,0.999,0.999h19.31c0.552,0,0.999-0.447,0.999-0.999
C22.654,14.101,22.207,13.654,21.655,13.654z M15.662,18.981H2.345c-0.552,0-0.999,0.447-0.999,0.999
c0,0.552,0.447,0.999,0.999,0.999h13.317c0.552,0,0.999-0.447,0.999-0.999C16.661,19.428,16.214,18.981,15.662,18.981z"/>
</g>
</g>
</g>
<g id="COG_1_" display="none" enable-background="new ">
<g id="COG" display="inline">
<g>
<path fill="#548AC3" d="M12.003,8.627c-1.864,0-3.375,1.511-3.375,3.375c0,1.864,1.511,3.375,3.375,3.375
s3.375-1.511,3.375-3.375S13.866,8.627,12.003,8.627z M12.003,13.69c-0.932,0-1.688-0.755-1.688-1.688s0.756-1.688,1.688-1.688
c0.932,0,1.688,0.755,1.688,1.688S12.935,13.69,12.003,13.69z M18.617,10.163c-0.152-0.55-0.373-1.072-0.65-1.557
c0.315-0.424,1.401-2.009,0.618-2.792L18.184,5.39c-0.669-0.669-2.378,0.376-2.793,0.646c-0.491-0.278-1.018-0.499-1.575-0.65
C13.726,4.856,13.336,3,12.235,3h-0.44c-0.945,0-1.488,1.919-1.609,2.4C9.636,5.554,9.116,5.775,8.632,6.053
C8.251,5.769,6.614,4.637,5.815,5.436L5.391,5.793C4.695,6.489,5.852,8.325,6.063,8.647c-0.267,0.478-0.482,0.989-0.63,1.529
c-0.462,0.074-2.433,0.454-2.433,1.588v0.44c0,0.982,2.067,1.528,2.444,1.62c0.15,0.536,0.366,1.043,0.634,1.517
c-0.222,0.348-1.335,2.176-0.645,2.867l0.401,0.334c0.908,0.908,2.805-0.584,2.805-0.584l-0.088-0.094
c0.503,0.298,1.048,0.533,1.623,0.695c0.094,0.388,0.64,2.44,1.619,2.44h0.44c1.284,0,1.602-2.397,1.602-2.397L13.72,18.6
c0.582-0.149,1.134-0.373,1.646-0.66c0.401,0.267,2.082,1.319,2.752,0.648l0.446-0.447c0.896-0.896-0.562-2.727-0.602-2.778
c0.276-0.485,0.498-1.004,0.651-1.554c0.501-0.127,2.386-0.668,2.386-1.605v-0.44C20.999,10.52,18.757,10.183,18.617,10.163z
M12.003,17.065c-2.796,0-5.063-2.267-5.063-5.063s2.267-5.063,5.063-5.063c2.796,0,5.063,2.267,5.063,5.063
S14.799,17.065,12.003,17.065z"/>
</g>
</g>
</g>
</svg>

Before

Width:  |  Height:  |  Size: 4.8 KiB

View File

@ -1,64 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 17.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.1" id="Ebene_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
width="56px" height="24px" viewBox="0 0 56 24" enable-background="new 0 0 56 24" xml:space="preserve">
<symbol id="ic_x5F_delete_x0D_" viewBox="0 -24 24 24">
<g>
<path fill="#010202" d="M6-19c0-1.104,0.895-2,2-2h8c1.104,0,2,0.896,2,2v12H6V-19z M19-4h-3.5l-1,1h-5l-1-1H5v-2h14V-4z"/>
</g>
<polygon fill="none" points="24,-24 0,-24 0,0 24,0 "/>
</symbol>
<use xlink:href="#ic_x5F_delete_x0D_" width="24" height="24" id="ic_x5F_delete" y="-24" transform="matrix(1 0 0 -1 0 0)" display="none" overflow="visible" opacity="0.54"/>
<path display="none" fill="#538AC3" d="M18.443,3H5.556C5.556,3,3,3,3,5.556v12.887C3,18.443,3,21,5.556,21h12.887
c0-0.001,2.556-0.001,2.556-2.557V5.556C21,5.556,21,3,18.443,3z M11.395,7.815C9.368,8.14,7.815,9.882,7.815,12
c0,2.118,1.553,3.86,3.58,4.185v2.314C8.088,18.158,5.5,15.396,5.5,12c0-3.397,2.588-6.158,5.895-6.5V7.815z M12.605,18.499v-2.314
c2.027-0.325,3.58-2.067,3.58-4.185s-1.553-3.861-3.58-4.185V5.5C15.911,5.841,18.5,8.603,18.5,12
C18.5,15.396,15.911,18.158,12.605,18.499z"/>
<g id="TAGS_1_" display="none" enable-background="new ">
<g id="TAGS" display="inline">
<g>
<path fill="#548AC3" d="M20.028,10.283l-1.709-1.634c-0.002,0.003-0.004,0.006-0.006,0.009l-5.605-5.362
c-0.181-0.182-0.431-0.294-0.708-0.294c-0.001,0-0.002,0-0.003,0V3H5.676v0.002c-0.552,0-0.999,0.447-0.999,0.999h7.324
l8.016,7.708l0.073-0.085l0.001,0c0.142-0.172,0.232-0.391,0.232-0.633C20.323,10.715,20.21,10.464,20.028,10.283z
M19.657,13.306c0-0.029-0.001-0.058-0.004-0.087c-0.001-0.006-0.002-0.01-0.003-0.015c-0.004-0.029-0.007-0.057-0.013-0.085
c0-0.001,0-0.001,0-0.001c-0.041-0.198-0.14-0.374-0.28-0.51L11.71,5.294C11.529,5.112,11.279,5,11.002,5C11.001,5,11.001,5,11,5
V4.997H4.678V5C4.126,5,3.679,5.447,3.679,5.998H3.677v6.341h0.004c0.005,0.292,0.136,0.552,0.341,0.731l-0.004,0.004
l8.322,7.656l0.002-0.002c0.131,0.116,0.293,0.198,0.472,0.231c0.007,0.002,0.015,0.003,0.022,0.004
c0.022,0.004,0.045,0.007,0.067,0.009c0.032,0.004,0.064,0.005,0.097,0.005c0.305,0,0.577-0.137,0.76-0.353l0,0.001l5.659-6.658
l0-0.001c0.148-0.174,0.238-0.399,0.238-0.646C19.658,13.317,19.657,13.311,19.657,13.306z M6.342,8.994
c-0.735,0-1.332-0.596-1.332-1.332s0.596-1.332,1.332-1.332s1.332,0.596,1.332,1.332S7.077,8.994,6.342,8.994z"/>
</g>
</g>
</g>
<g id="TEXT__x2F__LEFT_1_" display="none" enable-background="new ">
<g id="TEXT__x2F__LEFT" display="inline">
<g>
<path fill="#548AC3" d="M2.345,10.325h13.317c0,0,0,0,0,0h1.997c0.552,0,0.999-0.447,0.999-0.999
c0-0.552-0.447-0.999-0.999-0.999H2.345c-0.552,0-0.999,0.447-0.999,0.999C1.346,9.877,1.793,10.325,2.345,10.325z M2.345,4.998
h19.31c0.552,0,0.999-0.447,0.999-0.999S22.207,3,21.655,3H2.345C1.793,3,1.346,3.447,1.346,3.999S1.793,4.998,2.345,4.998z
M21.655,13.654H2.345c-0.552,0-0.999,0.447-0.999,0.999c0,0.552,0.447,0.999,0.999,0.999h19.31c0.552,0,0.999-0.447,0.999-0.999
C22.654,14.101,22.207,13.654,21.655,13.654z M15.662,18.981H2.345c-0.552,0-0.999,0.447-0.999,0.999
c0,0.552,0.447,0.999,0.999,0.999h13.317c0.552,0,0.999-0.447,0.999-0.999C16.661,19.428,16.214,18.981,15.662,18.981z"/>
</g>
</g>
</g>
<g id="COG_1_" enable-background="new ">
<g id="COG">
<g>
<path fill="#548AC3" d="M12.003,8.627c-1.864,0-3.375,1.511-3.375,3.375c0,1.864,1.511,3.375,3.375,3.375
s3.375-1.511,3.375-3.375S13.866,8.627,12.003,8.627z M12.003,13.69c-0.932,0-1.688-0.755-1.688-1.688s0.756-1.688,1.688-1.688
c0.932,0,1.688,0.755,1.688,1.688S12.935,13.69,12.003,13.69z M18.617,10.163c-0.152-0.55-0.373-1.072-0.65-1.557
c0.315-0.424,1.401-2.009,0.618-2.792L18.184,5.39c-0.669-0.669-2.378,0.376-2.793,0.646c-0.491-0.278-1.018-0.499-1.575-0.65
C13.726,4.856,13.336,3,12.235,3h-0.44c-0.945,0-1.488,1.919-1.609,2.4C9.636,5.554,9.116,5.775,8.632,6.053
C8.251,5.769,6.614,4.637,5.815,5.436L5.391,5.793C4.695,6.489,5.852,8.325,6.063,8.647c-0.267,0.478-0.482,0.989-0.63,1.529
c-0.462,0.074-2.433,0.454-2.433,1.588v0.44c0,0.982,2.067,1.528,2.444,1.62c0.15,0.536,0.366,1.043,0.634,1.517
c-0.222,0.348-1.335,2.176-0.645,2.867l0.401,0.334c0.908,0.908,2.805-0.584,2.805-0.584l-0.088-0.094
c0.503,0.298,1.048,0.533,1.623,0.695c0.094,0.388,0.64,2.44,1.619,2.44h0.44c1.284,0,1.602-2.397,1.602-2.397L13.72,18.6
c0.582-0.149,1.134-0.373,1.646-0.66c0.401,0.267,2.082,1.319,2.752,0.648l0.446-0.447c0.896-0.896-0.562-2.727-0.602-2.778
c0.276-0.485,0.498-1.004,0.651-1.554c0.501-0.127,2.386-0.668,2.386-1.605v-0.44C20.999,10.52,18.757,10.183,18.617,10.163z
M12.003,17.065c-2.796,0-5.063-2.267-5.063-5.063s2.267-5.063,5.063-5.063c2.796,0,5.063,2.267,5.063,5.063
S14.799,17.065,12.003,17.065z"/>
</g>
</g>
</g>
</svg>

Before

Width:  |  Height:  |  Size: 4.8 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 2.6 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 2.6 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 2.6 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 2.7 KiB

View File

@ -1,10 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 15.0.2, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.1" id="Ebene_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
width="14px" height="32px" viewBox="0 0 14 32" enable-background="new 0 0 14 32" xml:space="preserve">
<path display="none" fill="#3D3D3D" d="M23,15v8H9V9h13V8H8v16h16v-9H23z"/>
<path display="none" fill="#3D3D3D" d="M26.496,9.577l-2.178-2.172l-8.645,8.727l-3.014-3.051l-2.167,2.182l5.164,5.176
L26.496,9.577z"/>
<path display="none" fill="#3D3D3D" d="M23,9v14H9V9H23 M24,8H8v16h16V8.039V8z"/>
<path opacity="0.3" d="M10.894,8.933l-4.108,7.025l4.095,6.983l-2.979-0.008L4,15.958L7.933,8.92L10.894,8.933z"/>
</svg>

Before

Width:  |  Height:  |  Size: 776 B

View File

@ -1,10 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg version="1.1" id="Ebene_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
width="14px" height="32px" viewBox="0 0 14 32" xml:space="preserve">
<path display="none" fill="#3D3D3D" d="M23,15v8H9V9h13V8H8v16h16v-9H23z"/>
<path display="none" fill="#3D3D3D" d="M26.496,9.577l-2.178-2.172l-8.646,8.727l-3.014-3.051l-2.167,2.182l5.164,5.176
L26.496,9.577z"/>
<path display="none" fill="#3D3D3D" d="M23,9v14H9V9H23 M24,8H8v16h16V8.039V8z"/>
<path opacity="0.3" fill="#FFFFFF" d="M10.895,8.933l-4.108,7.025l4.095,6.983l-2.979-0.008L4,15.958
L7.934,8.92L10.895,8.933z"/>
</svg>

Before

Width:  |  Height:  |  Size: 680 B

View File

@ -1,10 +0,0 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<svg version="1.1" id="Ebene_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
width="14px" height="32px" viewBox="0 0 14 32" xml:space="preserve">
<path display="none" fill="#3D3D3D" d="M23,15v8H9V9h13V8H8v16h16v-9H23z"/>
<path display="none" fill="#3D3D3D" d="M26.496,9.577l-2.178-2.172l-8.646,8.727l-3.014-3.051l-2.167,2.182l5.164,5.176
L26.496,9.577z"/>
<path display="none" fill="#3D3D3D" d="M23,9v14H9V9H23 M24,8H8v16h16V8.039V8z"/>
<path opacity="0.3" fill="#FFFFFF" d="M3.106,22.928l4.108-7.025L3.12,8.92l2.979,0.008L10,15.903
l-3.933,7.039L3.106,22.928z"/>
</svg>

Before

Width:  |  Height:  |  Size: 679 B

View File

@ -1,11 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 15.0.2, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.1" id="Ebene_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
width="32px" height="32px" viewBox="0 0 32 32" enable-background="new 0 0 32 32" xml:space="preserve">
<g display="none">
<path display="inline" fill="#2D2D2D" d="M26.493,9.359l-2.178-2.172l-8.646,8.727l-3.014-3.051l-2.166,2.182l5.164,5.175
L26.493,9.359z"/>
<path display="inline" fill="#2D2D2D" d="M23.001,15v8H9V9h13.001V8H8v16h16.001v-9H23.001z"/>
</g>
<path fill="#020202" d="M23,9v14H9V9H23 M24,8H8v16h16V8.039V8z"/>
</svg>

Before

Width:  |  Height:  |  Size: 696 B

View File

@ -1,10 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<!-- Generator: Adobe Illustrator 15.0.2, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
<svg version="1.1" id="Ebene_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
width="32px" height="32px" viewBox="0 0 32 32" enable-background="new 0 0 32 32" xml:space="preserve">
<g>
<path d="M26.493,9.359l-2.178-2.172l-8.646,8.727l-3.014-3.051l-2.166,2.182l5.164,5.175L26.493,9.359z"/>
<path d="M23.001,15v8H9V9h13.001V8H8v16h16.001v-9H23.001z"/>
</g>
<path display="none" fill="#020202" d="M23,9v14H9V9H23 M24,8H8v16h16V8.039V8z"/>
</svg>

Before

Width:  |  Height:  |  Size: 629 B

Binary file not shown.

Before

Width:  |  Height:  |  Size: 2.2 KiB

After

Width:  |  Height:  |  Size: 9.4 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 2.8 KiB

After

Width:  |  Height:  |  Size: 14 KiB

Some files were not shown because too many files have changed in this diff Show More