Merge branch 'develop' into release/1.1.0

Author: overheadhunter

.github/workflows/build.yml

@@ -20,7 +20,7 @@ jobs:
           mvn versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/}
       - name: Build and Test
         id: buildAndTest
-        run: mvn -B clean install
+        run: mvn -B clean install -Pdependency-check
       - uses: actions/upload-artifact@v2
         with:
           name: artifacts

pom.xml

@@ -36,16 +36,21 @@
 
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+		<project.jdk.version>17</project.jdk.version>
 
 		<!-- runtime dependencies -->
-		<api.version>1.1.0-beta2</api.version>
+		<api.version>1.1.0-rc1</api.version>
 		<secret-service.version>1.7.0</secret-service.version>
 		<kdewallet.version>1.2.6</kdewallet.version>
-		<guava.version>31.0.1-jre</guava.version>
+		<guava.version>31.1-jre</guava.version>
 		<slf4j.version>1.7.36</slf4j.version>
 
 		<!-- test dependencies -->
 		<junit.version>5.8.2</junit.version>
+
+		<!-- build plugin dependencies -->
+		<dependency-check.version>7.0.0</dependency-check.version>
+		<nexus-staging.version>1.6.8</nexus-staging.version>
 	</properties>
 
 	<dependencies>
@@ -144,7 +149,7 @@
 				</executions>
 				<configuration>
 					<quiet>true</quiet>
-					<release>17</release>
+					<release>${project.jdk.version}</release>
 					<tags>
 						<!-- workaround for "unknown tag: implNote", see https://blog.codefx.org/java/new-javadoc-tags/#Maven  -->
 						<tag>
@@ -191,6 +196,33 @@
 
 
 	<profiles>
+		<profile>
+			<id>dependency-check</id>
+			<build>
+				<plugins>
+					<plugin>
+						<groupId>org.owasp</groupId>
+						<artifactId>dependency-check-maven</artifactId>
+						<version>${dependency-check.version}</version>
+						<configuration>
+							<cveValidForHours>24</cveValidForHours>
+							<failBuildOnCVSS>0</failBuildOnCVSS>
+							<skipTestScope>true</skipTestScope>
+							<detail>true</detail>
+							<suppressionFile>suppression.xml</suppressionFile>
+						</configuration>
+						<executions>
+							<execution>
+								<goals>
+									<goal>check</goal>
+								</goals>
+							</execution>
+						</executions>
+					</plugin>
+				</plugins>
+			</build>
+		</profile>
+
 		<profile>
 			<id>sign</id>
 			<build>

src/main/java/org/cryptomator/linux/keychain/KDEWalletKeychainAccess.java

@@ -45,12 +45,6 @@ public boolean isLocked() {
 		return wallet.map(ConnectedWallet::isLocked).orElse(false);
 	}
 
-	@Override
-	@Deprecated
-	public void storePassphrase(String key, CharSequence passphrase) throws KeychainAccessException {
-		storePassphrase(key, null, passphrase);
-	}
-
 	@Override
 	public void storePassphrase(String key, String displayName, CharSequence passphrase) throws KeychainAccessException {
 		Preconditions.checkState(wallet.isPresent(), "Keychain not supported.");
@@ -69,12 +63,6 @@ public void deletePassphrase(String key) throws KeychainAccessException {
 		wallet.get().deletePassphrase(key);
 	}
 
-	@Override
-	@Deprecated
-	public void changePassphrase(String key, CharSequence passphrase) throws KeychainAccessException {
-		changePassphrase(key, null, passphrase);
-	}
-
 	@Override
 	public void changePassphrase(String key, String displayName, CharSequence passphrase) throws KeychainAccessException {
 		Preconditions.checkState(wallet.isPresent(), "Keychain not supported.");

src/main/java/org/cryptomator/linux/keychain/SecretServiceKeychainAccess.java

@@ -35,20 +35,14 @@ public boolean isLocked() {
 		}
 	}
 
-	@Override
-	@Deprecated
-	public void storePassphrase(String key, CharSequence passphrase) throws KeychainAccessException {
-		storePassphrase(key, null, passphrase);
-	}
-
 	@Override
 	public void storePassphrase(String key, String displayName, CharSequence passphrase) throws KeychainAccessException {
 		try (SimpleCollection keyring = new SimpleCollection()) {
 			List<String> list = keyring.getItems(createAttributes(key));
 			if (list == null || list.isEmpty()) {
 				keyring.createItem(LABEL_FOR_SECRET_IN_KEYRING, passphrase, createAttributes(key));
 			} else {
-				changePassphrase(key, passphrase);
+				changePassphrase(key, displayName, passphrase);
 			}
 		} catch (IOException | SecurityException e) {
 			throw new KeychainAccessException("Storing password failed.", e);
@@ -81,12 +75,6 @@ public void deletePassphrase(String key) throws KeychainAccessException {
 		}
 	}
 
-	@Override
-	@Deprecated
-	public void changePassphrase(String key, CharSequence passphrase) throws KeychainAccessException {
-		changePassphrase(key, null, passphrase);
-	}
-
 	@Override
 	public void changePassphrase(String key, String displayName, CharSequence passphrase) throws KeychainAccessException {
 		try (SimpleCollection keyring = new SimpleCollection()) {

suppression.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+	<suppress>
+		<notes><![CDATA[
+        Incorrectly matched CPE, see https://github.com/jeremylong/DependencyCheck/issues/4177git
+		]]></notes>
+		<gav regex="true">^org\.cryptomator:.*$</gav>
+		<cpe>cpe:/a:cryptomator:cryptomator</cpe>
+		<cve>CVE-2022-25366</cve>
+	</suppress>
+	<suppress>
+		<notes><![CDATA[
+			False postive, because secret-service only accesses the external gnome-keyring service
+		]]></notes>
+		<gav regex="true">^de\.swiesend\:secret\-service:.*$</gav>
+		<cve>CVE-2018-19358</cve>
+		<cve>CVE-2018-20781</cve>
+	</suppress>
+</suppressions>