Merge branch 'hotfix/v2.23.1'

2026-04-17 06:58:28 +02:00 · 2025-01-13 11:23:06 +01:00
parent 9ece41a0c5 fff62c48bb
commit 08efe8cd3c
5 changed files with 63 additions and 5 deletions
--- a/CHANGES_BWI.md
+++ b/CHANGES_BWI.md
@@ -1,3 +1,25 @@
+Changes in BWI project 2.23.1 (2025-01-08)
+===================================================
+
+Upstream merge ✨:
+
+Features ✨:
+
+Improvements 🙌:
+- MESSENGER-6727 replace makesalt with a more secure function
+- MESSENGER-6846 save sensible data in app space
+
+Bugfix 🐛:
+- MESSENGER-6726 force logout in case of incorrect pin
+
+Translations 🗣   :
+
+SDK API changes ⚠️:
+
+Build 🧱:
+
+Documentation 📄:
+
 Changes in BWI project 2.23.0 (2024-11-04)
 ===================================================

--- a/Config/AppVersion.xcconfig
+++ b/Config/AppVersion.xcconfig
@@ -16,5 +16,5 @@
 //

 // Version
-MARKETING_VERSION = 2.23.0
+MARKETING_VERSION = 2.23.1
 CURRENT_PROJECT_VERSION = 20220714163152
--- a/2
+++ b/2
@@ -43,7 +43,7 @@ when String # specific MatrixSDK released version
 $matrixSDKVersionSpec = $matrixSDKVersion
 end

-$matrixSDKVersionSpec = { :git => 'https://dl-gitlab.example.com/bwmessenger/bundesmessenger/bundesmessenger-ios-sdk', :tag => 'v2.23.0' }
+$matrixSDKVersionSpec = { :git => 'https://dl-gitlab.example.com/bwmessenger/bundesmessenger/bundesmessenger-ios-sdk', :tag => 'v2.23.1' }

 ########################################

--- a/Riot/Assets/new_features.html
+++ b/Riot/Assets/new_features.html
@@ -26,6 +26,24 @@
    </style>
 </head>
 <body>
+    <div>
+        <p>
+        <b>Version 2.23.1</b>
+        </p>
+     
+        <b>Verbesserungen</b>
+        <ul>
+            <li/>Daten werden jetzt noch sicherer im Bereich der App abgespeichert.
+        </ul>
+        
+        <p>
+        <b>Behobene Bugs</b>
+        <ul>
+            <li/>Der Logout bei falscher Pin-Eingabe ist jetzt noch zuverlässiger.
+        </ul>
+        </p>
+     
+    </div>
    <div>
        <p>
        <b>Version 2.23.0</b>
--- a/bwi/SecureStorage/SecureFileStorage.swift
+++ b/bwi/SecureStorage/SecureFileStorage.swift
@@ -17,6 +17,7 @@

 import Foundation
 import MatrixSDK
+import Security


 class SecureFileStorage {
@@ -100,11 +101,28 @@ class SecureFileStorage {
    // MARK: -
    
    private func makeSalt() -> String {
-        let secret = ProcessInfo.processInfo.globallyUniqueString
-        let index = secret.index(secret.startIndex, offsetBy: 32)
-        return String(secret.prefix(upTo: index))
+        return generateSecureRandomString(length: 32)!
    }
    
+    func generateSecureRandomString(length: Int) -> String? {
+        let characters = Array("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789")
+        let charactersCount = characters.count
+        
+        var randomBytes = [UInt8](repeating: 0, count: length)
+        let status = SecRandomCopyBytes(kSecRandomDefault, length, &randomBytes)
+        
+        guard status == errSecSuccess else {
+            MXLog.error("generateSecureRandomString failed")
+            return nil
+        }
+        
+        let randomString = randomBytes.map { byte in
+            String(characters[Int(byte) % charactersCount])
+        }.joined()
+        
+        return randomString
+    }
+
    func update(passphrase: String) throws {
        guard !locked else {
            throw SecureStorageError.locked