From 3523ca781ece0eec687eefde812fecfb73092b61 Mon Sep 17 00:00:00 2001
From: Jens Neuhalfen <jens@neuhalfen.name>
Date: Wed, 18 Nov 2020 21:18:29 +0100
Subject: [PATCH] Bump to 2.3.0

---
 CHANGELOG.md                    | 13 +++++++++++++
 README.md                       |  6 +++---
 TODO.md                         | 12 ++++++++++--
 build.gradle                    |  5 +++--
 examples/decrypt/build.gradle   |  2 +-
 examples/maven/pom.xml          |  2 +-
 examples/reencrypt/build.gradle |  2 +-
 7 files changed, 32 insertions(+), 10 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c5b3bc77..34bb254f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,18 @@
 ## V 2.x.x (NEXT)
 
+## V 2.3.0 Bugfix Release
+
+This releases fixes a security issue (#50) where encrypted, but not signed archives could be modified. 
+Some background on MDC and why it's important security-wise: https://gpgtools.tenderapp.com/kb/faq/modification-detection-code-mdc-errors
+
+* Fix: Do not expose logback as compile-time dependency (#41)
+* Fix: java.io.EOFException: Unexpected end of ZIP input stream using 2.2.0 version for PGP file (#46)
+* Fix: KeyFlag#extractPublicKeyFlags throws NullPointerException if called on an older public key with no hashed subpackets (#48)
+* Fix: Encrypting with keys that don't have a KeyFlags subpacket (#50)
+* Fix: MDC (integrity checksum) is not verified when decrypting (#45)
+* Enh: Bump Bouncy Castle to 1.67
+
+
 ## V 2.2.0 Key generation
 
 * new: Add key generation (initial version by Paul Schaub [@vanitasvitae])
diff --git a/README.md b/README.md
index eb7a3b6c..96e9454e 100644
--- a/README.md
+++ b/README.md
@@ -215,10 +215,10 @@ dependencies {
     <dependency>
         <groupId>name.neuhalfen.projects.crypto.bouncycastle.openpgp</groupId>
         <artifactId>bouncy-gpg</artifactId>
-        <version>2.2.0</version>
-    </dependency>
+        <version>2.3.0</version>
+    </dependency>
 ```
-  
+ 
 ### Install Provider
 
 ```java
diff --git a/TODO.md b/TODO.md
index 6eafab58..01c77476 100644
--- a/TODO.md
+++ b/TODO.md
@@ -4,10 +4,9 @@ Open TODOs
 Version 3.0
 --------------
 
-Version 2.2
+Version 2.4
 -------------
 
-- [ ] Key generation
 - [ ] Key generation key expiration
 - [ ] Key generation documentation
 - [ ] Add decryptor.getResult() for decryption result
@@ -16,6 +15,15 @@ Version 2.2
 - [ ] Unit tests: iterate different DefaultPGPAlgorithmSuites.secureSuiteForGnuPG() (incl. compression & no signature!)
 - [ ] Extend documentation of key derivation
 
+Version 2.3
+-------------
+- [x] Bugfixes
+
+
+Version 2.2
+-------------
+- [x] Key generation
+
 
 Version 2.1
 -------------
diff --git a/build.gradle b/build.gradle
index ae897763..6ad763b6 100644
--- a/build.gradle
+++ b/build.gradle
@@ -87,7 +87,7 @@ sourceCompatibility = 8
 targetCompatibility = 8
 
 group = 'name.neuhalfen.projects.crypto.bouncycastle.openpgp'
-version = '2.2.0'
+version = '2.3.0'
 
 repositories {
     jcenter()
@@ -127,7 +127,6 @@ dependencies {
     compile 'org.bouncycastle:bcpg-jdk15on:1.67'
 
     compile 'org.slf4j:slf4j-api:1.7.30'
-    compile 'ch.qos.logback:logback-classic:1.2.3'
 
     // @Nullable and friends are not needed at runtime
     compile 'com.google.code.findbugs:jsr305:3.0.2'
@@ -136,6 +135,8 @@ dependencies {
     testCompile 'org.hamcrest:hamcrest-all:1.3'
     testCompile 'org.mockito:mockito-core:3.2.4'
     testCompile 'org.concordion:concordion-api-documentation-extension:0.0.4'
+    testCompile 'ch.qos.logback:logback-classic:1.2.3'
+
 }
 
 
diff --git a/examples/decrypt/build.gradle b/examples/decrypt/build.gradle
index 92fb0ef7..6523137f 100644
--- a/examples/decrypt/build.gradle
+++ b/examples/decrypt/build.gradle
@@ -27,7 +27,7 @@ dependencies {
     compile 'org.bouncycastle:bcprov-jdk15on:1.67'
     compile 'org.bouncycastle:bcpg-jdk15on:1.67'
 
-    compile 'name.neuhalfen.projects.crypto.bouncycastle.openpgp:bouncy-gpg:2.2.0'
+    compile 'name.neuhalfen.projects.crypto.bouncycastle.openpgp:bouncy-gpg:2.3.0'
 
     compile 'org.slf4j:slf4j-api:1.7.25'
     compile 'ch.qos.logback:logback-classic:1.2.3'
diff --git a/examples/maven/pom.xml b/examples/maven/pom.xml
index 7c569def..69a42ba5 100644
--- a/examples/maven/pom.xml
+++ b/examples/maven/pom.xml
@@ -42,7 +42,7 @@
     <dependency>
       <groupId>name.neuhalfen.projects.crypto.bouncycastle.openpgp</groupId>
       <artifactId>bouncy-gpg</artifactId>
-      <version>2.2.0</version>
+      <version>2.3.0</version>
     </dependency>
     <dependency>
       <groupId>ch.qos.logback</groupId>
diff --git a/examples/reencrypt/build.gradle b/examples/reencrypt/build.gradle
index edb1c607..37ec4be0 100644
--- a/examples/reencrypt/build.gradle
+++ b/examples/reencrypt/build.gradle
@@ -27,7 +27,7 @@ dependencies {
     compile 'org.bouncycastle:bcprov-jdk15on:1.67'
     compile 'org.bouncycastle:bcpg-jdk15on:1.67'
 
-    compile 'name.neuhalfen.projects.crypto.bouncycastle.openpgp:bouncy-gpg:2.2.0'
+    compile 'name.neuhalfen.projects.crypto.bouncycastle.openpgp:bouncy-gpg:2.3.0'
 
     compile 'org.slf4j:slf4j-api:1.7.22'
     compile 'ch.qos.logback:logback-classic:1.2.1'