Thank you Martin for this important alert, and the information you provided..
Assigning to the registered maintainer.

Severity: normal => major
Assignee: bugsquad => lists.jjorge

I am aware of the problem, but the way aqbanking is fixing it makes it hard to act quickly : it is a new version of the library, which also needs to update gwenhywfar library, then kmymoney and gnucash.

Will push an update ASAP.

So here is the list of updates needed to test. Only someone having a german bank online account can test the new PSD2, but anyone can ensure he gets no regression for the rest.

Suggested advisory :
Since 14th of September both server and client software used in online-banking in the EU have to be PSD2 compliant. The aqbanking version provided with Mageia 7 (5.7.8) was not compatible with PSD2. As a consequence online banking with the help of aqbanking in programs like kmymoney and gnucash was no longer possible.
This update brings aqbanking 5.99 along with updated gwenhywfar and alkimia libraries to allow online-banking again, along with kmymoney 5.0.7 and gnucash 3.7 which are latest bugfix versions released.

Ref:
[EN] https://kmymoney.org/news.php#itemKMyMoney507released
[DE] https://www.aquamaniac.de/rdm/news/13

SRPMS:
gwenhywfar-4.99.21rc5-1.mga7.src.rpm

RPMS:
gwenhywfar-4.99.21rc5-1.mga7.i586.rpm
libgwenhywfar78-4.99.21rc5-1.mga7.i586.rpm
libgwengui-qt5_0-4.99.21rc5-1.mga7.i586.rpm
libgwengui-gtk3_0-4.99.21rc5-1.mga7.i586.rpm
libgwengui-cpp0-4.99.21rc5-1.mga7.i586.rpm
libgwenhywfar-devel-4.99.21rc5-1.mga7.i586.rpm

[... see next comment]

[... see previous comment]

plasma-applets-alkimia-8.0.2-1.mga7.i586.rpm
libalkimia5_8-8.0.2-1.mga7.i586.rpm
libalkimia-devel-8.0.2-1.mga7.i586.rpm

aqbanking-5.99.39beta-1.mga7.i586.rpm
libaqbanking43-5.99.39beta-1.mga7.i586.rpm
libaqbanking-devel-5.99.39beta-1.mga7.i586.rpm

kmymoney-5.0.7-1.mga7.i586.rpm
libkmm_csvimportercore5-5.0.7-1.mga7.i586.rpm
libkmm_mymoney5-5.0.7-1.mga7.i586.rpm
libkmm_icons5-5.0.7-1.mga7.i586.rpm
libkmm_plugin5-5.0.7-1.mga7.i586.rpm
libkmm_widgets5-5.0.7-1.mga7.i586.rpm
libkmm_payeeidentifier5-5.0.7-1.mga7.i586.rpm
libkmm_menus5-5.0.7-1.mga7.i586.rpm
libkmm_models5-5.0.7-1.mga7.i586.rpm
libkmm_settings5-5.0.7-1.mga7.i586.rpm
libkmm_printer5-5.0.7-1.mga7.i586.rpm
kmymoney-devel-5.0.7-1.mga7.i586.rpm

gnucash-3.7-1.mga7.i586.rpm
gnucash-ofx-3.7-1.mga7.i586.rpm
gnucash-hbci-3.7-1.mga7.i586.rpm
libgnucash-devel-3.7-1.mga7.i586.rpm
libgnucash0-3.7-1.mga7.i586.rpm
python3-gnucash-3.7-1.mga7.i586.rpm

end of rpms list!

Status: NEW => ASSIGNED
CC: (none) => lists.jjorge
Assignee: lists.jjorge => qa-bugs

Thanks a lot for the updated packages. I've tested them (64 bit version) briefly and this is what I got:
1. Using kmymoney seems to work. I was able to retrieve the account list for my online bank account and I could get the transactions list of my account. If I remember correctly SEPA transactions are still broken in kmymoney. 
2. I tried to test SEPA transactions in gnucash but here my problems started. At first, I had no possibility to configure online banking in the tools menu of gnucash. I realized that i forgot to install the package gnucash-hbci which requires installation of aqhbci and libqahbci. However, those packages are still version 5.8.7 which conflicts with aqbanking-5.99. I think updated versions of aqhbci and libaqhbci are required to get back online banking in gnucash.

(In reply to Martin Spiegel from comment #5)
> I realized that i forgot to install the package
> gnucash-hbci which requires installation of aqhbci and libqahbci. However,
> those packages are still version 5.8.7 which conflicts with aqbanking-5.99.
> I think updated versions of aqhbci and libaqhbci are required to get back
> online banking in gnucash.

You're right, but the problem is reversed : hbci tool is now in aqbanking package. No need for a separate package anymore, upstream have changed a lot!

 So I have submitted a release 2 for
- aqbanking conflicts now against aqhbci 5.8.7
- gnucash requires now aqbanking for gnucash-hbci

Let's try to install them when they hit the mirrors.

(In reply to José Jorge from comment #6)

> Let's try to install them when they hit the mirrors.

Here my experiences with release 2:  
- gnucash: retrieval of the list of accounts and of the account balance works now. Retrieval of the transactions list works as long as the list contains the transactions of the last 90 days or less. If I try to get the whole transactions list, gnucash freezes while retrieving the transactions list and crashes a few seconds later. The difference between "only the last 90 days" and "all transactions" is that you have to provide a TAN for getting the whole list. The TAN (in my case generated with the help of a chip tan generator) seems to be valid and is accepted by the bank server but afterwards gnucash crashes. SEPA transaction: nothing happens (no connection to the bank server is established). Maybe I'm doing something wrong here because I'm not familiar with gnucash and the usage of gnucash is - at least for me - not very intuitive.   
- kmymoney: Retrieval of the list of accounts works. Transactions list: same as with gnucash (seems to be an aqbanking problem). SEPA transaction: seems to work at first but is still broken (connection with the bank server is established, server requests a TAN which in successfully generated. The bank server seems to accept the generated TAN without errors but the transaction is not processed).

(In reply to Martin Spiegel from comment #7)
> Here my experiences with release 2:  
> - gnucash: retrieval of the list of accounts and of the account balance
> works now.
> - kmymoney: Retrieval of the list of accounts works.

Thanks for all those tests. So at least the PSD2 bug is fixed. Feel free to work upstream with aqbanking team to debug the "all transactions" problem. The main problem is that there is no test bank server available so that non deutsch users can test.

Also the gnucash hbci wiki page is welcoming your thoughts ;-)

Validating according to this very documented test, in my side I have ensured the OFX import still works in both gnucash and kmymoney.

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update
Whiteboard: (none) => MGA7-64-OK

(In reply to José Jorge from comment #8)
> (In reply to Martin Spiegel from comment #7)
> > Here my experiences with release 2:  
> > - gnucash: retrieval of the list of accounts and of the account balance
> > works now.
> > - kmymoney: Retrieval of the list of accounts works.
> 
> Thanks for all those tests. So at least the PSD2 bug is fixed. Feel free to
> work upstream with aqbanking team to debug the "all transactions" problem.
> The main problem is that there is no test bank server available so that non
> deutsch users can test.

Meanwhile new aqbanking (5.99.40beta) and gwenhywfar (4.99.22rc6) versions are out. After installing these new versions SEPA transactions work for me in Kmymoney (in gnucash they still don't work)! 
I also found a way to download the full transactions list (the one which requires a TAN) successfully with this aqbanking version in Kmymoney and gnucash:
1. You have to activate the option "Prefer statement download as CAMT" in the account properties. Choosing this option prevent Kmymoney and gnucash from crashing during retrieval of the transactions list.
2. You have to provide the SWIFT BIC in the account properties. If the BIC field is left empty, download of the full transactions list is rejected with an "invalid BIC" error message.
Maybe you could provide updated packages? This would be really great because it brings back all the online banking functions at least in Kmymoney.

(In reply to Martin Spiegel from comment #9)
> Meanwhile new aqbanking (5.99.40beta) and gwenhywfar (4.99.22rc6) versions
> are out. After installing these new versions SEPA transactions work for me
> in Kmymoney[...]
> Maybe you could provide updated packages? This would be really great because
> it brings back all the online banking functions at least in Kmymoney.

Ok pushed to testing. Sysadmins, please take care the file list has changed a little to gwenhywfar-4.99.22rc6 and aqbanking-5.99.40beta.

If/when you push a new package to testing, the old tests and validation is void

Whiteboard: MGA7-64-OK => (none)
Keywords: validated_update => (none)
CC: (none) => tmb

(In reply to Thomas Backlund from comment #11)
> If/when you push a new package to testing, the old tests and validation is
> void

You're right. I have tested again an OFX import. Martin, you are the only one whom can test aqanking again with our new packages.

(In reply to José Jorge from comment #12)

> You're right. I have tested again an OFX import. Martin, you are the only
> one whom can test aqanking again with our new packages.

I will do that but it might last two or three days.

MGA7-64 Plasma on Lenovo B50
No installation issues, omitting the devel packages.
I have a (not anymore active) gnucash file, containing some 700+ transactions, all older than 2 years. Opened the file with the new update, all transactions visible, I could add a new one and delete it again, all seems to work OK.

CC: (none) => herman.viaene

(In reply to Herman Viaene from comment #14)
> MGA7-64 Plasma on Lenovo B50
> No installation issues, omitting the devel packages.
> I have a (not anymore active) gnucash file, containing some 700+
> transactions, all older than 2 years. Opened the file with the new update,
> all transactions visible, I could add a new one and delete it again, all
> seems to work OK.
Did you try online banking with aqbanking (HBCI/FinTs protocol) in gnucash? This is the critical part because here a lot has changed with PSD2.

(In reply to José Jorge from comment #12)

> ... Martin, you are the only
> one whom can test aqanking again with our new packages.

Ok, here I go again :-)

1. Installed the new aqbanking and gwenhywfar packages from core updates testing
2. Test results for kmymoney: (i) aqbanking setup: Retrieval of bank certificate, bank info, system identification, TAN modes and list of accounts works, (ii) online banking: retrieval of the transactions list and account balance with and without TAN (less or more than 90 days) works, SEPA transaction works.
3. Test results for gnucash: (i) aqbanking setup: Retrieval of bank certificate, bank info, system identification, TAN modes and list of accounts works, (ii) online banking: retrieval of the account balance only, of the transactions list and account balance with and without TAN (less or more than 90 days) works, SEPA transaction *does not* work. This is most probably the following gnucash bug: https://bugs.gnucash.org/show_bug.cgi?id=797430 (SEPA transfers are not executed).

I've tested with two different bank accounts from two different banks using different methods of TAN generation (chipTAN optic and pushTAN via secured app).

Apart from the gnucash bug everything looks fine! Thanks again for providing the updated packages.

Thanks Martin, now we have a solid PSD2 solution in Mageia 7 ;-)

Keywords: (none) => validated_update
Whiteboard: (none) => MGA7-64-OK

(In reply to Martin Spiegel from comment #15)
> (In reply to Herman Viaene from comment #14)
> > MGA7-64 Plasma on Lenovo B50
> > No installation issues, omitting the devel packages.
> > I have a (not anymore active) gnucash file, containing some 700+
> > transactions, all older than 2 years. Opened the file with the new update,
> > all transactions visible, I could add a new one and delete it again, all
> > seems to work OK.
> Did you try online banking with aqbanking (HBCI/FinTs protocol) in gnucash?
> This is the critical part because here a lot has changed with PSD2.

No, I don't have such online connection, and I don't know if banks here promote this for private accounts, never seen anything like that.

So what's the srpms that actually belong to this update ?

Sorry, I missed this SRPM list :

gwenhywfar-4.99.22rc6-1.mga7.srpm
aqbanking-5.99.40beta-1.mga7.srpm
alkimia-8.0.2-1.mga7.srpm
kmymoney-5.0.7-1.mga7.srpm
gnucash-3.7-1.mga7.srpm

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGAA-2019-0162.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED