From 2fd7d57e0a8af17ceded279110acfe9d46e72e1a Mon Sep 17 00:00:00 2001
From: JaniruTEC <52893617+JaniruTEC@users.noreply.github.com>
Date: Tue, 27 Oct 2020 16:27:52 +0100
Subject: [PATCH 1/8] Added ability to skip CI

---
 .github/workflows/build.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 82e73eb..701e053 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -7,6 +7,8 @@ jobs:
   build:
     name: Build and Test
     runs-on: ubuntu-latest
+    #This check is case insensitive
+    if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
     outputs:
       artifact-version: ${{ steps.setversion.outputs.version }}
     env:
@@ -46,4 +48,4 @@ jobs:
         if: startsWith(github.ref, 'refs/tags/')
         env:
           BINTRAY_USERNAME: cryptobot
-          BINTRAY_API_KEY: ${{ secrets.BINTRAY_API_KEY }}
\ No newline at end of file
+          BINTRAY_API_KEY: ${{ secrets.BINTRAY_API_KEY }}

From 1405bbe470795b50925c505654a1f74e116cfa23 Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel <sebastian.stenzel@skymatic.de>
Date: Fri, 20 Nov 2020 10:38:09 +0100
Subject: [PATCH 2/8] Semantically more correct params Previous code worked
 "accidentally", because position is always 0 and therefore limit == remaining

---
 .../fusecloudaccess/CompletableAsynchronousFileChannel.java   | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/cryptomator/fusecloudaccess/CompletableAsynchronousFileChannel.java b/src/main/java/org/cryptomator/fusecloudaccess/CompletableAsynchronousFileChannel.java
index f43839d..5a5b57e 100644
--- a/src/main/java/org/cryptomator/fusecloudaccess/CompletableAsynchronousFileChannel.java
+++ b/src/main/java/org/cryptomator/fusecloudaccess/CompletableAsynchronousFileChannel.java
@@ -48,7 +48,9 @@ private CompletableFuture<Integer> readToPointer(Pointer ptr, long position, lon
 				return CompletableFuture.completedFuture(totalRead);
 			}
 			buffer.flip();
-			ptr.put(totalRead, buffer.array(), buffer.position(), buffer.limit());
+			assert buffer.position() == 0;
+			assert buffer.remaining() == read;
+			ptr.put(totalRead, buffer.array(), buffer.position(), buffer.remaining());
 			if (read == remaining // DONE, read requested number of bytes
 					|| read < n) { // EOF
 				return CompletableFuture.completedFuture(totalRead + read);

From 20410e4448406f3d51295da936fcdb4d865eace9 Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel <sebastian.stenzel@skymatic.de>
Date: Fri, 20 Nov 2020 10:41:50 +0100
Subject: [PATCH 3/8] fixed CI build

---
 .github/workflows/build.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 701e053..c90a74e 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -34,7 +34,7 @@ jobs:
         id: setversion
         run: |
           v=$(mvn help:evaluate "-Dexpression=project.version" -q -DforceStdout)
-          echo "::set-env name=BUILD_VERSION::${v}"
+          echo "BUILD_VERSION=${v}" >> $GITHUB_ENV
           echo "::set-output name=version::${v}"
       - name: Build and Test
         run: mvn -B install

From 4a8abcc5c946bbbefd3c7b5946dd59dfe082ff28 Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel <sebastian.stenzel@skymatic.de>
Date: Tue, 20 Apr 2021 08:58:16 +0200
Subject: [PATCH 4/8] updated CI build, switched from bintray to OSSRH

---
 .github/workflows/build.yml           |  41 +++------
 .github/workflows/publish-central.yml |  37 ++++++++
 .github/workflows/publish-github.yml  |  40 +++++++++
 pom.xml                               | 119 ++++++++++++++++++++++++++
 suppression.xml                       |   4 +
 5 files changed, 214 insertions(+), 27 deletions(-)
 create mode 100644 .github/workflows/publish-central.yml
 create mode 100644 .github/workflows/publish-github.yml
 create mode 100644 suppression.xml

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index c90a74e..9a15228 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,51 +1,38 @@
 name: Build
-
 on:
   [push]
-
 jobs:
   build:
     name: Build and Test
     runs-on: ubuntu-latest
-    #This check is case insensitive
     if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
-    outputs:
-      artifact-version: ${{ steps.setversion.outputs.version }}
-    env:
-      BUILD_VERSION: SNAPSHOT
     steps:
       - uses: actions/checkout@v2
       - uses: actions/setup-java@v1
         with:
           java-version: 11
-          server-id: bintray-jcenter
-          server-username: BINTRAY_USERNAME
-          server-password: BINTRAY_API_KEY
-      - uses: actions/cache@v1
+      - uses: actions/cache@v2
         with:
           path: ~/.m2/repository
           key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
           restore-keys: |
             ${{ runner.os }}-maven-
       - name: Ensure to use tagged version
-        run: mvn versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/}
         if: startsWith(github.ref, 'refs/tags/')
-      - name: Export the project version to the job environment and fix it as an ouput of this job
-        id: setversion
-        run: |
-          v=$(mvn help:evaluate "-Dexpression=project.version" -q -DforceStdout)
-          echo "BUILD_VERSION=${v}" >> $GITHUB_ENV
-          echo "::set-output name=version::${v}"
+        run: mvn versions:set --file ./pom.xml -DnewVersion=${GITHUB_REF##*/}
       - name: Build and Test
-        run: mvn -B install
-      - name: Upload snapshot artifact fuse-cloud-access-adapter-${{ env.BUILD_VERSION }}.jar
-        uses: actions/upload-artifact@v2
+        id: buildAndTest
+        run: mvn -B clean install -Pcoverage,dependency-check
+      - uses: actions/upload-artifact@v2
         with:
-          name: fuse-cloud-access-adapter-${{ env.BUILD_VERSION }}.jar
-          path: target/fuse-cloud-access-adapter-*.jar
-      - name: Deploy to jcenter
-        run: mvn -B deploy
+          name: artifacts
+          path: target/*.jar
+      - name: Create Release
+        uses: actions/create-release@v1
         if: startsWith(github.ref, 'refs/tags/')
         env:
-          BINTRAY_USERNAME: cryptobot
-          BINTRAY_API_KEY: ${{ secrets.BINTRAY_API_KEY }}
+          GITHUB_TOKEN: ${{ secrets.CRYPTOBOT_RELEASE_TOKEN }} # release as "cryptobot"
+        with:
+          tag_name: ${{ github.ref }}
+          release_name: Release ${{ github.ref }}
+          prerelease: true
\ No newline at end of file
diff --git a/.github/workflows/publish-central.yml b/.github/workflows/publish-central.yml
new file mode 100644
index 0000000..f22b7a9
--- /dev/null
+++ b/.github/workflows/publish-central.yml
@@ -0,0 +1,37 @@
+name: Publish to Maven Central
+on:
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: 'Tag'
+        required: true
+        default: '0.0.0'
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          ref: "refs/tags/${{ github.event.inputs.tag }}"
+      - uses: actions/setup-java@v1
+        with:
+          java-version: 11
+          server-id: ossrh # Value of the distributionManagement/repository/id field of the pom.xml
+          server-username: MAVEN_USERNAME # env variable for username in deploy
+          server-password: MAVEN_PASSWORD # env variable for token in deploy
+          gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
+          gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
+      - uses: actions/cache@v2
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
+      - name: Enforce project version ${{ github.event.inputs.tag }}
+        run: mvn versions:set -B -DnewVersion=${{ github.event.inputs.tag }}
+      - name: Deploy
+        run: mvn deploy -B -DskipTests -Psign,deploy-central --no-transfer-progress
+        env:
+          MAVEN_USERNAME: ${{ secrets.OSSRH_USERNAME }}
+          MAVEN_PASSWORD: ${{ secrets.OSSRH_PASSWORD }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
\ No newline at end of file
diff --git a/.github/workflows/publish-github.yml b/.github/workflows/publish-github.yml
new file mode 100644
index 0000000..f65726a
--- /dev/null
+++ b/.github/workflows/publish-github.yml
@@ -0,0 +1,40 @@
+name: Publish to GitHub Packages
+on:
+  release:
+    types: [published]
+jobs:
+  publish:
+    runs-on: ubuntu-latest
+    if: startsWith(github.ref, 'refs/tags/') # only allow publishing tagged versions
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-java@v1
+        with:
+          java-version: 11
+          gpg-private-key: ${{ secrets.RELEASES_GPG_PRIVATE_KEY }} # Value of the GPG private key to import
+          gpg-passphrase: MAVEN_GPG_PASSPHRASE # env variable for GPG private key passphrase
+      - uses: actions/cache@v2
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
+      - name: Enforce project version ${{ github.event.release.tag_name }}
+        run: mvn versions:set -B -DnewVersion=${{ github.event.release.tag_name }}
+      - name: Deploy
+        run: mvn deploy -B -DskipTests -Psign,deploy-github --no-transfer-progress
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          MAVEN_GPG_PASSPHRASE: ${{ secrets.RELEASES_GPG_PASSPHRASE }}
+      - name: Slack Notification
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
+          SLACK_USERNAME: 'Cryptobot'
+          SLACK_ICON:
+          SLACK_ICON_EMOJI: ':bot:'
+          SLACK_CHANNEL: 'proj-clap'
+          SLACK_TITLE: "Published ${{ github.event.repository.name }} ${{ github.event.release.tag_name }}"
+          SLACK_MESSAGE: "Ready to <https://github.com/${{ github.repository }}/actions/workflows/publish-central.yml|deploy to Maven Central>."
+          SLACK_FOOTER:
+          MSG_MINIMAL: true
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index a6930bf..26ce762 100644
--- a/pom.xml
+++ b/pom.xml
@@ -188,4 +188,123 @@
 		</plugins>
 	</build>
 
+	<profiles>
+		<profile>
+			<id>dependency-check</id>
+			<build>
+				<plugins>
+					<plugin>
+						<groupId>org.owasp</groupId>
+						<artifactId>dependency-check-maven</artifactId>
+						<version>6.1.5</version>
+						<configuration>
+							<cveValidForHours>24</cveValidForHours>
+							<failBuildOnCVSS>0</failBuildOnCVSS>
+							<skipTestScope>true</skipTestScope>
+							<detail>true</detail>
+							<suppressionFile>suppression.xml</suppressionFile>
+						</configuration>
+						<executions>
+							<execution>
+								<goals>
+									<goal>check</goal>
+								</goals>
+							</execution>
+						</executions>
+					</plugin>
+				</plugins>
+			</build>
+		</profile>
+
+		<profile>
+			<id>coverage</id>
+			<build>
+				<plugins>
+					<plugin>
+						<groupId>org.jacoco</groupId>
+						<artifactId>jacoco-maven-plugin</artifactId>
+						<version>0.8.6</version>
+						<executions>
+							<execution>
+								<id>prepare-agent</id>
+								<goals>
+									<goal>prepare-agent</goal>
+								</goals>
+							</execution>
+							<execution>
+								<id>report</id>
+								<goals>
+									<goal>report</goal>
+								</goals>
+							</execution>
+						</executions>
+					</plugin>
+				</plugins>
+			</build>
+		</profile>
+
+		<profile>
+			<id>sign</id>
+			<build>
+				<plugins>
+					<plugin>
+						<artifactId>maven-gpg-plugin</artifactId>
+						<version>1.6</version>
+						<executions>
+							<execution>
+								<id>sign-artifacts</id>
+								<phase>verify</phase>
+								<goals>
+									<goal>sign</goal>
+								</goals>
+								<configuration>
+									<gpgArguments>
+										<arg>--pinentry-mode</arg>
+										<arg>loopback</arg>
+									</gpgArguments>
+								</configuration>
+							</execution>
+						</executions>
+					</plugin>
+				</plugins>
+			</build>
+		</profile>
+
+		<profile>
+			<id>deploy-central</id>
+			<distributionManagement>
+				<repository>
+					<id>ossrh</id>
+					<name>Maven Central</name>
+					<url>https://oss.sonatype.org/service/local/staging/deploy/maven2/</url>
+				</repository>
+			</distributionManagement>
+			<build>
+				<plugins>
+					<plugin>
+						<groupId>org.sonatype.plugins</groupId>
+						<artifactId>nexus-staging-maven-plugin</artifactId>
+						<version>1.6.8</version>
+						<extensions>true</extensions>
+						<configuration>
+							<serverId>ossrh</serverId>
+							<nexusUrl>https://oss.sonatype.org/</nexusUrl>
+							<autoReleaseAfterClose>true</autoReleaseAfterClose>
+						</configuration>
+					</plugin>
+				</plugins>
+			</build>
+		</profile>
+
+		<profile>
+			<id>deploy-github</id>
+			<distributionManagement>
+				<repository>
+					<id>github</id>
+					<name>GitHub Packages</name>
+					<url>https://maven.pkg.github.com/cryptomator/fuse-cloud-access-adapter</url>
+				</repository>
+			</distributionManagement>
+		</profile>
+	</profiles>
 </project>
\ No newline at end of file
diff --git a/suppression.xml b/suppression.xml
new file mode 100644
index 0000000..c714921
--- /dev/null
+++ b/suppression.xml
@@ -0,0 +1,4 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!-- This file lists false positives found by org.owasp:dependency-check-maven build plugin -->
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
+</suppressions>
\ No newline at end of file

From 101b380a9b8fbd5f8dc684d279c98bdb500b502d Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel <sebastian.stenzel@skymatic.de>
Date: Tue, 20 Apr 2021 09:14:21 +0200
Subject: [PATCH 5/8] attempt to fix test in CI

---
 .../org/cryptomator/fusecloudaccess/OpenFileUploaderTest.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/test/java/org/cryptomator/fusecloudaccess/OpenFileUploaderTest.java b/src/test/java/org/cryptomator/fusecloudaccess/OpenFileUploaderTest.java
index de04cbe..ea0b202 100644
--- a/src/test/java/org/cryptomator/fusecloudaccess/OpenFileUploaderTest.java
+++ b/src/test/java/org/cryptomator/fusecloudaccess/OpenFileUploaderTest.java
@@ -291,7 +291,7 @@ public void testSuccessfulUploadWithMove() throws IOException, BrokenBarrierExce
 						return CompletableFuture.completedFuture(null);
 					});
 			Mockito.when(provider.move(Mockito.any(), Mockito.eq(cloudPath2), Mockito.eq(true))).thenReturn(CompletableFuture.completedFuture(cloudPath2));
-			Mockito.when(openFile.getPath()).thenReturn(cloudPath1); // initial target path
+			Mockito.doReturn(cloudPath1).when(openFile).getPath(); // initial target path
 			Assumptions.assumeFalse(cloudPath1.equals(cloudPath2));
 
 			Future<Void> pendingUpload = CompletableFuture.runAsync(() -> {
@@ -304,7 +304,7 @@ public void testSuccessfulUploadWithMove() throws IOException, BrokenBarrierExce
 				}
 			});
 			persistedBarrier.await();
-			Mockito.when(openFile.getPath()).thenReturn(cloudPath2); // set a new target path
+			Mockito.doReturn(cloudPath2).when(openFile).getPath(); // set a new target path
 			uploadedBarrier.await();
 			Assertions.assertTimeoutPreemptively(Duration.ofMillis(100), () -> pendingUpload.get());
 

From dabdebe45848501aa176af63a831d406adbacdb9 Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel <sebastian.stenzel@skymatic.de>
Date: Tue, 20 Apr 2021 09:25:59 +0200
Subject: [PATCH 6/8] dependency update

---
 pom.xml         | 12 ++++++------
 suppression.xml | 36 +++++++++++++++++++++++++++++++++++-
 2 files changed, 41 insertions(+), 7 deletions(-)

diff --git a/pom.xml b/pom.xml
index 26ce762..520f168 100644
--- a/pom.xml
+++ b/pom.xml
@@ -58,14 +58,14 @@
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 
 		<!-- compile time dependencies -->
-		<jnrfuse.version>0.5.4</jnrfuse.version>
-		<cloudaccess.version>1.1.0</cloudaccess.version>
-		<slf4j.version>1.7.28</slf4j.version>
-		<dagger.version>2.29</dagger.version>
+		<jnrfuse.version>0.5.5</jnrfuse.version>
+		<cloudaccess.version>1.1.3</cloudaccess.version>
+		<slf4j.version>1.7.30</slf4j.version>
+		<dagger.version>2.34.1</dagger.version>
 
 		<!-- test dependencies -->
-		<junit.jupiter.version>5.6.2</junit.jupiter.version>
-		<mockito.version>3.3.3</mockito.version>
+		<junit.jupiter.version>5.7.1</junit.jupiter.version>
+		<mockito.version>3.7.7</mockito.version>
 		<hamcrest.version>2.2</hamcrest.version>
 	</properties>
 
diff --git a/suppression.xml b/suppression.xml
index c714921..d724213 100644
--- a/suppression.xml
+++ b/suppression.xml
@@ -1,4 +1,38 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <!-- This file lists false positives found by org.owasp:dependency-check-maven build plugin -->
-<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.1.xsd">
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+    <suppress>
+        <notes><![CDATA[Suppress known vulnerabilities in FUSE libraries for jnr-fuse.]]></notes>
+        <gav regex="true">^com\.github\.serceman:jnr-fuse:.*$</gav>
+
+        <!-- See: https://nvd.nist.gov/vuln/detail/CVE-2011-0541 -->
+        <!-- Last Modified: 02/11/2014 - Awaiting reanalysis -->
+        <!-- Possible Symlink attack that allows unpermitted unmounts by denying updates to /etc/mtab on Fuse <= 2.8.5 -->
+        <!-- Can't fix: Error in FUSE -->
+        <cve>CVE-2011-0541</cve>
+
+        <!-- See: https://nvd.nist.gov/vuln/detail/CVE-2011-0542 -->
+        <!-- Last Modified: 09/05/2011 -->
+        <!-- Possible attack that allows unpermitted unmounts on Fuse <= 2.8.5 cause of missing check -->
+        <!-- Can't fix: Error in FUSE -->
+        <cve>CVE-2011-0542</cve>
+
+        <!-- See: https://nvd.nist.gov/vuln/detail/CVE-2011-0543 -->
+        <!-- Last Modified: 02/11/2014 - Awaiting reanalysis -->
+        <!-- Possible Symlink attack that allows unpermitted unmounts caused by bypassable access restrictions on certain util-linux version on Fuse <= 2.8.5 -->
+        <!-- Can't fix: Error in FUSE -->
+        <cve>CVE-2011-0543</cve>
+
+        <!-- See: https://nvd.nist.gov/vuln/detail/CVE-2015-3202 -->
+        <!-- Last Modified: 06/30/2017 -->
+        <!-- Possible arbitrary file write using mount's debugging feature because of uncleared environment vars on Fuse < 2.9.3-15 -->
+        <!-- Can't fix: Error in FUSE -->
+        <cve>CVE-2015-3202</cve>
+
+        <!-- See: https://nvd.nist.gov/vuln/detail/CVE-2018-10906 -->
+        <!-- Last Modified: 10/02/2019 -->
+        <!-- Possible restriction bypass leading to unpermitted mounting of filesystems by non-root users on Fuse < 2.9.8 and < 3.2.5 when using SELinux -->
+        <!-- Can't fix: Error in FUSE/Not of technical concern for this library -->
+        <cve>CVE-2018-10906</cve>
+    </suppress>
 </suppressions>
\ No newline at end of file

From b287b06d6d2240008b2e30a60eb70d3ef557e1d6 Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel <sebastian.stenzel@skymatic.de>
Date: Tue, 20 Apr 2021 09:34:44 +0200
Subject: [PATCH 7/8] remove bintray references

---
 pom.xml | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/pom.xml b/pom.xml
index 520f168..77516c7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -40,20 +40,6 @@
 		</license>
 	</licenses>
 
-	<repositories>
-		<repository>
-			<id>jcenter</id>
-			<url>https://jcenter.bintray.com</url>
-		</repository>
-	</repositories>
-
-	<distributionManagement>
-		<repository>
-			<id>bintray-jcenter</id>
-			<url>https://api.bintray.com/maven/cryptomator/maven/fuse-cloud-access-adapter/;publish=1</url>
-		</repository>
-	</distributionManagement>
-
 	<properties>
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 

From cbed0121763adec8644df2d76d4975721b74d8ee Mon Sep 17 00:00:00 2001
From: Sebastian Stenzel <sebastian.stenzel@skymatic.de>
Date: Tue, 20 Apr 2021 09:36:33 +0200
Subject: [PATCH 8/8] preparing 1.1.1

---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 77516c7..96c7fc7 100644
--- a/pom.xml
+++ b/pom.xml
@@ -5,7 +5,7 @@
 	<modelVersion>4.0.0</modelVersion>
 	<groupId>org.cryptomator</groupId>
 	<artifactId>fuse-cloud-access-adapter</artifactId>
-	<version>1.2.0-SNAPSHOT</version>
+	<version>1.1.1</version>
 
 	<name>FUSE to CloudAccess Adapter</name>
 	<description>Adapter between a FUSE frontend and a CloudAccess backend.</description>