Merge branch 'hotfix/1.6.17'

dist/linux/common/org.cryptomator.Cryptomator.metainfo.xml

@@ -66,6 +66,7 @@
 	</content_rating>
 
 	<releases>
+		<release date="2022-12-14" version="1.6.17"/>
 		<release date="2022-12-06" version="1.6.16"/>
 		<release date="2022-10-06" version="1.6.15"/>
 		<release date="2022-08-31" version="1.6.14"/>

pom.xml

@@ -3,7 +3,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.cryptomator</groupId>
 	<artifactId>cryptomator</artifactId>
-	<version>1.6.16</version>
+	<version>1.6.17</version>
 	<name>Cryptomator Desktop App</name>
 
 	<organization>
@@ -27,6 +27,7 @@
 		<nonModularGroupIds>com.github.serceman,com.github.jnr,org.ow2.asm,net.java.dev.jna,org.apache.jackrabbit,org.apache.httpcomponents,de.swiesend,org.purejava,com.github.hypfvieh</nonModularGroupIds>
 
 		<!-- cryptomator dependencies -->
+		<cryptomator.cryptolib.version>2.1.1</cryptomator.cryptolib.version>
 		<cryptomator.cryptofs.version>2.5.3</cryptomator.cryptofs.version>
 		<cryptomator.integrations.version>1.2.0-beta1</cryptomator.integrations.version>
 		<cryptomator.integrations.win.version>1.1.2</cryptomator.integrations.win.version>
@@ -57,12 +58,18 @@
 
 		<!-- build-time dependencies -->
 		<jetbrains.annotations.version>23.0.0</jetbrains.annotations.version>
-		<dependency-check.version>7.2.1</dependency-check.version>
+		<dependency-check.version>7.4.0</dependency-check.version>
 		<jacoco.version>0.8.8</jacoco.version>
 	</properties>
 
 	<dependencies>
 		<!-- Cryptomator Libs -->
+		<dependency>
+			<!-- needed due to https://github.com/cryptomator/cryptolib/issues/34-->
+			<groupId>org.cryptomator</groupId>
+			<artifactId>cryptolib</artifactId>
+			<version>${cryptomator.cryptolib.version}</version>
+		</dependency>
 		<dependency>
 			<groupId>org.cryptomator</groupId>
 			<artifactId>cryptofs</artifactId>

src/main/java/org/cryptomator/common/settings/DeviceKey.java

@@ -76,6 +76,11 @@ public class DeviceKey {
 
 	private P384KeyPair createAndStoreNewKeyPair(char[] passphrase, Path p12File) throws IOException {
 		var keyPair = P384KeyPair.generate();
+		var tmpFile = p12File.resolveSibling(p12File.getFileName().toString() + ".tmp");
+		if(Files.exists(tmpFile)) {
+			LOG.debug("Leftover from devicekey creation detected. Deleting {}", tmpFile);
+			Files.delete(tmpFile);
+		}
 		LOG.debug("Store new device key to {}", p12File);
 		keyPair.store(p12File, passphrase);
 		return keyPair;

suppression.xml

@@ -35,13 +35,15 @@
 		<cve>CVE-2022-25366</cve>
 	</suppress>
 
+	<!-- Apache Commons-cli false positives below -->
 	<suppress>
 		<notes><![CDATA[
 			False positive for commons-cli due, see https://github.com/jeremylong/DependencyCheck/pull/4148
 		]]></notes>
 		<gav regex="true">^commons\-cli:commons\-cli:.*$</gav>
 		<cpe>cpe:/a:apache:james</cpe>
-		<!-- while we are at it exclude also this fp -->
+		<!-- while we are at it exclude also these fp -->
 		<cpe>cpe:/a:spirit-project:spirit</cpe>
+		<cpe>cpe:/a:apache:commons_net</cpe>
 	</suppress>
 </suppressions>