Merge branch 'release/1.1.0'

Author: overheadhunter

.github/workflows/build.yml

@@ -8,23 +8,19 @@ jobs:
     if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
     steps:
       - uses: actions/checkout@v2
-      - uses: actions/setup-java@v1
+      - uses: actions/setup-java@v2
         with:
-          java-version: 11
-      - uses: actions/cache@v2
-        with:
-          path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-maven-
+          distribution: 'temurin'
+          java-version: 17
+          cache: 'maven'
       - name: Ensure to use tagged version
         if: startsWith(github.ref, 'refs/tags/')
         shell: bash
         run: |
           mvn versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/}
       - name: Build and Test
         id: buildAndTest
-        run: mvn -B clean install
+        run: mvn -B clean install -Pdependency-check
       - uses: actions/upload-artifact@v2
         with:
           name: artifacts

.github/workflows/codeql-analysis.yml

@@ -18,15 +18,11 @@ jobs:
     - uses: actions/checkout@v2
       with:
         fetch-depth: 2
-    - uses: actions/setup-java@v1
+    - uses: actions/setup-java@v2
       with:
-        java-version: 11
-    - uses: actions/cache@v2
-      with:
-        path: ~/.m2/repository
-        key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-        restore-keys: |
-          ${{ runner.os }}-maven-
+        distribution: 'temurin'
+        java-version: 17
+        cache: 'maven'
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v1
       with:

.github/workflows/publish-central.yml

@@ -13,25 +13,26 @@ jobs:
       - uses: actions/checkout@v2
         with:
           ref: "refs/tags/${{ github.event.inputs.tag }}"
-      - uses: actions/setup-java@v1
+      - uses: actions/setup-java@v2
         with:
-          java-version: 11
+          distribution: 'temurin'
+          java-version: 17
+          cache: 'maven'
           server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml
           server-username: MAVEN_USERNAME # env variable for username in deploy
           server-password: MAVEN_PASSWORD # env variable for token in deploy
           gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
           gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
-      - uses: actions/cache@v2
-        with:
-          path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-maven-
       - name: Enforce project version ${{ github.event.inputs.tag }}
         run: mvn versions:set -B -DnewVersion=${{ github.event.inputs.tag }}
       - name: Deploy
         run: mvn deploy -B -DskipTests -Psign,deploy-central --no-transfer-progress
         env:
+          MAVEN_OPTS: >
+            --add-opens=java.base/java.util=ALL-UNNAMED
+            --add-opens=java.base/java.lang.reflect=ALL-UNNAMED
+            --add-opens=java.base/java.text=ALL-UNNAMED
+            --add-opens=java.desktop/java.awt.font=ALL-UNNAMED
           MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
           MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
           MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}

.github/workflows/publish-github.yml

@@ -8,17 +8,13 @@ jobs:
     if: startsWith(github.ref, 'refs/tags/') # only allow publishing tagged versions
     steps:
       - uses: actions/checkout@v2
-      - uses: actions/setup-java@v1
+      - uses: actions/setup-java@v2
         with:
-          java-version: 11
+          distribution: 'temurin'
+          java-version: 17
+          cache: 'maven'
           gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
           gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
-      - uses: actions/cache@v2
-        with:
-          path: ~/.m2/repository
-          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
-          restore-keys: |
-            ${{ runner.os }}-maven-
       - name: Enforce project version ${{ github.event.release.tag_name }}
         run: mvn versions:set -B -DnewVersion=${{ github.event.release.tag_name }}
       - name: Deploy

.idea/misc.xml

@@ -5,7 +5,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.cryptomator</groupId>
 	<artifactId>integrations-linux</artifactId>
-	<version>1.0.1</version>
+	<version>1.1.0</version>
 
 	<name>integrations-linux</name>
 	<description>Provides optional Linux services used by Cryptomator</description>
@@ -36,16 +36,21 @@
 
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+		<project.jdk.version>17</project.jdk.version>
 
 		<!-- runtime dependencies -->
-		<api.version>1.0.0</api.version>
+		<api.version>1.1.0</api.version>
 		<secret-service.version>1.7.0</secret-service.version>
-		<kdewallet.version>1.2.3</kdewallet.version>
-		<guava.version>31.0-jre</guava.version>
-		<slf4j.version>1.7.32</slf4j.version>
+		<kdewallet.version>1.2.6</kdewallet.version>
+		<guava.version>31.1-jre</guava.version>
+		<slf4j.version>1.7.36</slf4j.version>
 
 		<!-- test dependencies -->
-		<junit.version>5.8.1</junit.version>
+		<junit.version>5.8.2</junit.version>
+
+		<!-- build plugin dependencies -->
+		<dependency-check.version>7.0.0</dependency-check.version>
+		<nexus-staging.version>1.6.8</nexus-staging.version>
 	</properties>
 
 	<dependencies>
@@ -83,14 +88,13 @@
 	</dependencies>
 
 	<build>
-
 		<plugins>
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-compiler-plugin</artifactId>
-				<version>3.8.1</version>
+				<version>3.9.0</version>
 				<configuration>
-					<release>11</release>
+					<release>17</release>
 				</configuration>
 			</plugin>
 			<plugin>
@@ -145,7 +149,7 @@
 				</executions>
 				<configuration>
 					<quiet>true</quiet>
-					<release>11</release>
+					<release>${project.jdk.version}</release>
 					<tags>
 						<!-- workaround for "unknown tag: implNote", see https://blog.codefx.org/java/new-javadoc-tags/#Maven  -->
 						<tag>
@@ -192,6 +196,33 @@
 
 
 	<profiles>
+		<profile>
+			<id>dependency-check</id>
+			<build>
+				<plugins>
+					<plugin>
+						<groupId>org.owasp</groupId>
+						<artifactId>dependency-check-maven</artifactId>
+						<version>${dependency-check.version}</version>
+						<configuration>
+							<cveValidForHours>24</cveValidForHours>
+							<failBuildOnCVSS>0</failBuildOnCVSS>
+							<skipTestScope>true</skipTestScope>
+							<detail>true</detail>
+							<suppressionFile>suppression.xml</suppressionFile>
+						</configuration>
+						<executions>
+							<execution>
+								<goals>
+									<goal>check</goal>
+								</goals>
+							</execution>
+						</executions>
+					</plugin>
+				</plugins>
+			</build>
+		</profile>
+
 		<profile>
 			<id>sign</id>
 			<build>
@@ -225,7 +256,7 @@
 				<repository>
 					<id>ossrh</id>
 					<name>Maven Central</name>
-					<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
+					<url>https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/</url>
 				</repository>
 			</distributionManagement>
 			<build>
@@ -237,7 +268,7 @@
 						<extensions>true</extensions>
 						<configuration>
 							<serverId>ossrh</serverId>
-							<nexusUrl>https://oss.sonatype.org/</nexusUrl>
+							<nexusUrl>https://s01.oss.sonatype.org/</nexusUrl>
 							<autoReleaseAfterClose>true</autoReleaseAfterClose>
 						</configuration>
 					</plugin>

pom.xml

@@ -1,6 +1,8 @@
 package org.cryptomator.linux.keychain;
 
 import com.google.common.base.Preconditions;
+import org.cryptomator.integrations.common.OperatingSystem;
+import org.cryptomator.integrations.common.Priority;
 import org.cryptomator.integrations.keychain.KeychainAccessException;
 import org.cryptomator.integrations.keychain.KeychainAccessProvider;
 import org.freedesktop.dbus.connections.impl.DBusConnection;
@@ -14,6 +16,8 @@
 
 import java.util.Optional;
 
+@Priority(900)
+@OperatingSystem(OperatingSystem.Value.LINUX)
 public class KDEWalletKeychainAccess implements KeychainAccessProvider {
 
 	private static final Logger LOG = LoggerFactory.getLogger(KDEWalletKeychainAccess.class);
@@ -42,7 +46,7 @@ public boolean isLocked() {
 	}
 
 	@Override
-	public void storePassphrase(String key, CharSequence passphrase) throws KeychainAccessException {
+	public void storePassphrase(String key, String displayName, CharSequence passphrase) throws KeychainAccessException {
 		Preconditions.checkState(wallet.isPresent(), "Keychain not supported.");
 		wallet.get().storePassphrase(key, passphrase);
 	}
@@ -60,7 +64,7 @@ public void deletePassphrase(String key) throws KeychainAccessException {
 	}
 
 	@Override
-	public void changePassphrase(String key, CharSequence passphrase) throws KeychainAccessException {
+	public void changePassphrase(String key, String displayName, CharSequence passphrase) throws KeychainAccessException {
 		Preconditions.checkState(wallet.isPresent(), "Keychain not supported.");
 		wallet.get().changePassphrase(key, passphrase);
 	}

src/main/java/org/cryptomator/linux/keychain/KDEWalletKeychainAccess.java

@@ -1,14 +1,17 @@
 package org.cryptomator.linux.keychain;
 
+import org.cryptomator.integrations.common.OperatingSystem;
+import org.cryptomator.integrations.common.Priority;
 import org.cryptomator.integrations.keychain.KeychainAccessException;
 import org.cryptomator.integrations.keychain.KeychainAccessProvider;
 import org.freedesktop.secret.simple.SimpleCollection;
 
 import java.io.IOException;
-import java.security.AccessControlException;
 import java.util.List;
 import java.util.Map;
 
+@Priority(900)
+@OperatingSystem(OperatingSystem.Value.LINUX)
 public class SecretServiceKeychainAccess implements KeychainAccessProvider {
 
 	private final String LABEL_FOR_SECRET_IN_KEYRING = "Cryptomator";
@@ -33,15 +36,15 @@ public boolean isLocked() {
 	}
 
 	@Override
-	public void storePassphrase(String key, CharSequence passphrase) throws KeychainAccessException {
+	public void storePassphrase(String key, String displayName, CharSequence passphrase) throws KeychainAccessException {
 		try (SimpleCollection keyring = new SimpleCollection()) {
 			List<String> list = keyring.getItems(createAttributes(key));
 			if (list == null || list.isEmpty()) {
 				keyring.createItem(LABEL_FOR_SECRET_IN_KEYRING, passphrase, createAttributes(key));
 			} else {
-				changePassphrase(key, passphrase);
+				changePassphrase(key, displayName, passphrase);
 			}
-		} catch (IOException | AccessControlException e) {
+		} catch (IOException | SecurityException e) {
 			throw new KeychainAccessException("Storing password failed.", e);
 		}
 	}
@@ -55,7 +58,7 @@ public char[] loadPassphrase(String key) throws KeychainAccessException {
 			} else {
 				return null;
 			}
-		} catch (IOException | AccessControlException e) {
+		} catch (IOException | SecurityException e) {
 			throw new KeychainAccessException("Loading password failed.", e);
 		}
 	}
@@ -67,19 +70,19 @@ public void deletePassphrase(String key) throws KeychainAccessException {
 			if (list != null && !list.isEmpty()) {
 				keyring.deleteItem(list.get(0));
 			}
-		} catch (IOException | AccessControlException e) {
+		} catch (IOException | SecurityException e) {
 			throw new KeychainAccessException("Deleting password failed.", e);
 		}
 	}
 
 	@Override
-	public void changePassphrase(String key, CharSequence passphrase) throws KeychainAccessException {
+	public void changePassphrase(String key, String displayName, CharSequence passphrase) throws KeychainAccessException {
 		try (SimpleCollection keyring = new SimpleCollection()) {
 			List<String> list = keyring.getItems(createAttributes(key));
 			if (list != null && !list.isEmpty()) {
 				keyring.updateItem(list.get(0), LABEL_FOR_SECRET_IN_KEYRING, passphrase, createAttributes(key));
 			}
-		} catch (IOException | AccessControlException e) {
+		} catch (IOException | SecurityException e) {
 			throw new KeychainAccessException("Changing password failed.", e);
 		}
 	}

src/main/java/org/cryptomator/linux/keychain/SecretServiceKeychainAccess.java

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+	<suppress>
+		<notes><![CDATA[
+        Incorrectly matched CPE, see https://github.com/jeremylong/DependencyCheck/issues/4177git
+		]]></notes>
+		<gav regex="true">^org\.cryptomator:.*$</gav>
+		<cpe>cpe:/a:cryptomator:cryptomator</cpe>
+		<cve>CVE-2022-25366</cve>
+	</suppress>
+	<suppress>
+		<notes><![CDATA[
+			False postive, because secret-service only accesses the external gnome-keyring service
+		]]></notes>
+		<gav regex="true">^de\.swiesend\:secret\-service:.*$</gav>
+		<cve>CVE-2018-19358</cve>
+		<cve>CVE-2018-20781</cve>
+	</suppress>
+</suppressions>