PGPainless 1.6.8-SNAPSHOT

PGPainless 1.6.7
Update changelog
2024-03-21 12:40:41 +01:00 · 2024-03-21 12:37:39 +01:00 · 2024-03-19 15:55:58 +01:00 · 2024-03-19 15:51:09 +01:00 · 2024-03-19 15:14:07 +01:00 · 2024-03-17 17:22:15 +01:00
12 changed files with 47 additions and 19 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,6 +5,12 @@ SPDX-License-Identifier: CC0-1.0

 # PGPainless Changelog

+## 1.6.7
+- SOP: Fix OOM error when detached-signing large amounts of data (fix #432)
+- Move `CachingBcPublicKeyDataDecryptorFactory` from `org.bouncycastle` packet to `org.pgpainless.decryption_verification` to avoid package split (partially addresses #428)
+- Basic support for Java Modules for `pgpainless-core` and `pgpainless-sop`
+  - Added `Automatic-Module-Name` directive to gradle build files
+
 ## 1.6.6
 - Downgrade `logback-core` and `logback-classic` to `1.2.13` to fix #426

--- a/README.md
+++ b/README.md
@ -191,7 +191,7 @@ repositories {
 }

 dependencies {
-	implementation 'org.pgpainless:pgpainless-core:1.6.6'
+	implementation 'org.pgpainless:pgpainless-core:1.6.7'
 }
 ```

--- a/SECURITY.md
+++ b/SECURITY.md
@ -32,4 +32,4 @@ Valid security issues will be fixed ASAP.
 PGPainless has received a security audit by [cure53.de](https://cure53.de) in late 2021.
 The [penetrationj test and audit](https://cure53.de/pentest-report_pgpainless.pdf) covered PGPainless
 release candidate 1.0.0-rc6.
-Security fixes for discovered flaws were deployed before the final 1.0.0 release.
+Security fixes for discovered flaws were deployed before the final 1.0.0 release.
--- a/pgpainless-core/build.gradle
+++ b/pgpainless-core/build.gradle
@ -27,3 +27,10 @@ dependencies {
    // @Nullable, @Nonnull annotations
    implementation "com.google.code.findbugs:jsr305:3.0.2"
 }
+
+// https://docs.gradle.org/current/userguide/java_library_plugin.html#sec:java_library_modular_auto
+tasks.named('jar') {
+    manifest {
+        attributes('Automatic-Module-Name': 'org.pgpainless.core')
+    }
+}
--- a/pgpainless-core/src/main/java/org/bouncycastle/package-info.java
+++ b/pgpainless-core/src/main/java/org/bouncycastle/package-info.java
@ -1,8 +0,0 @@
-// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
-//
-// SPDX-License-Identifier: Apache-2.0
-
-/**
- * Classes which could be upstreamed to BC at some point.
- */
-package org.bouncycastle;
--- a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/CachingBcPublicKeyDataDecryptorFactory.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/CachingBcPublicKeyDataDecryptorFactory.java
@ -1,8 +1,8 @@
-// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
+// SPDX-FileCopyrightText: 2024 Paul Schaub <vanitasvitae@fsfe.org>
 //
 // SPDX-License-Identifier: Apache-2.0

-package org.bouncycastle;
+package org.pgpainless.decryption_verification;

 import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPPrivateKey;
@ -10,7 +10,6 @@ import org.bouncycastle.openpgp.operator.PublicKeyDataDecryptorFactory;
 import org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory;
 import org.bouncycastle.util.encoders.Base64;
 import org.bouncycastle.util.encoders.Hex;
-import org.pgpainless.decryption_verification.CustomPublicKeyDataDecryptorFactory;
 import org.pgpainless.key.SubkeyIdentifier;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
--- a/pgpainless-core/src/test/java/org/bouncycastle/CachingBcPublicKeyDataDecryptorFactoryTest.java
+++ b/pgpainless-core/src/test/java/org/bouncycastle/CachingBcPublicKeyDataDecryptorFactoryTest.java
@ -18,6 +18,7 @@ import org.bouncycastle.util.io.Streams;
 import org.junit.jupiter.api.Test;
 import org.pgpainless.PGPainless;
 import org.pgpainless.algorithm.EncryptionPurpose;
+import org.pgpainless.decryption_verification.CachingBcPublicKeyDataDecryptorFactory;
 import org.pgpainless.decryption_verification.ConsumerOptions;
 import org.pgpainless.decryption_verification.DecryptionStream;
 import org.pgpainless.key.SubkeyIdentifier;
--- a/pgpainless-sop/README.md
+++ b/pgpainless-sop/README.md
@ -23,7 +23,7 @@ To start using pgpainless-sop in your code, include the following lines in your
 ...
 dependencies {
    ...
-    implementation "org.pgpainless:pgpainless-sop:1.6.6"
+    implementation "org.pgpainless:pgpainless-sop:1.6.7"
    ...
 }

@ -34,7 +34,7 @@ dependencies {
    <dependency>
        <groupId>org.pgpainless</groupId>
        <artifactId>pgpainless-sop</artifactId>
-        <version>1.6.6</version>
+        <version>1.6.7</version>
    </dependency>
    ...
 </dependencies>
--- a/pgpainless-sop/build.gradle
+++ b/pgpainless-sop/build.gradle
@ -34,3 +34,10 @@ test {
    useJUnitPlatform()
    environment("test.implementation", "sop.testsuite.pgpainless.PGPainlessSopInstanceFactory")
 }
+
+// https://docs.gradle.org/current/userguide/java_library_plugin.html#sec:java_library_modular_auto
+tasks.named('jar') {
+    manifest {
+        attributes('Automatic-Module-Name': 'org.pgpainless.sop')
+    }
+}
--- a/pgpainless-sop/src/main/java/org/pgpainless/sop/DetachedSignImpl.java
+++ b/pgpainless-sop/src/main/java/org/pgpainless/sop/DetachedSignImpl.java
@ -4,7 +4,6 @@

 package org.pgpainless.sop;

-import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
@ -92,10 +91,10 @@ public class DetachedSignImpl implements DetachedSign {
            }
        }

-        ByteArrayOutputStream buffer = new ByteArrayOutputStream();
+        OutputStream sink = new NullOutputStream();
        try {
            EncryptionStream signingStream = PGPainless.encryptAndOrSign()
-                    .onOutputStream(buffer)
+                    .onOutputStream(sink)
                    .withOptions(ProducerOptions.sign(signingOptions)
                            .setAsciiArmor(armor));

--- a/pgpainless-sop/src/main/java/org/pgpainless/sop/NullOutputStream.java
+++ b/pgpainless-sop/src/main/java/org/pgpainless/sop/NullOutputStream.java
@ -0,0 +1,17 @@
+// SPDX-FileCopyrightText: 2024 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package org.pgpainless.sop;
+
+import java.io.OutputStream;
+
+/**
+ * {@link OutputStream} that simply discards bytes written to it.
+ */
+public class NullOutputStream extends OutputStream {
+    @Override
+    public void write(int b) {
+        // NOP
+    }
+}
--- a/version.gradle
+++ b/version.gradle
@ -4,7 +4,7 @@

 allprojects {
    ext {
-        shortVersion = '1.6.7'
+        shortVersion = '1.6.8'
        isSnapshot = true
        pgpainlessMinAndroidSdk = 10
        javaSourceCompatibility = 1.8
Author	SHA1	Message	Date
Paul Schaub	9d3cbf5957	PGPainless 1.6.8-SNAPSHOT	2024-03-21 12:40:41 +01:00
Paul Schaub	fc7101cdef	PGPainless 1.6.7	2024-03-21 12:37:39 +01:00
Paul Schaub	36c29cd167	Update changelog	2024-03-19 15:55:58 +01:00
Paul Schaub	0cf7fb6289	Add Automatic-Module-Name to pgpainless-core and pgpainless-sop	2024-03-19 15:51:09 +01:00
Paul Schaub	7224230493	Move CachingPublicKeyDataDecryptorFactory to package org.pgpainless.decryption_verification Partially addresses #428 for the 1.6 branch	2024-03-19 15:14:07 +01:00
Paul Schaub	caeeaf6751	Update changelog	2024-03-17 17:22:15 +01:00
Paul Schaub	9cf15e3d7c	Fix OOM when detached signing large files Fixes #432	2024-03-17 17:11:28 +01:00