From 52c302f32575235ea0d552c7fdda32367e6da770 Mon Sep 17 00:00:00 2001 From: Rob Reynolds Date: Sat, 21 Aug 2021 10:47:51 -0500 Subject: [PATCH 1/9] (#2322) Use PNG for Nuspec IconUrl Use PNG instead of GIF for the iconUrl in the nuspec. Use a location that meets the published guidelines for iconUrl. This allows the icon to be used with integrations that may not recognize GIF files. --- nuget/chocolatey.lib/chocolatey.lib.nuspec | 2 +- nuget/chocolatey/chocolatey.nuspec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nuget/chocolatey.lib/chocolatey.lib.nuspec b/nuget/chocolatey.lib/chocolatey.lib.nuspec index 65c39ecd0a..e9c50f6f95 100644 --- a/nuget/chocolatey.lib/chocolatey.lib.nuspec +++ b/nuget/chocolatey.lib/chocolatey.lib.nuspec @@ -7,7 +7,7 @@ Chocolatey Core [PREVIEW] Chocolatey Software, Inc https://github.com/chocolatey/choco - https://raw.githubusercontent.com/chocolatey/choco/master/docs/logo/chocolateyicon.gif + https://chocolatey.org/assets/images/nupkg/chocolateyicon.png https://raw.githubusercontent.com/chocolatey/choco/master/LICENSE false 2017-2021 Chocolatey Software, Inc, 2011-2017 RealDimensions Software, LLC diff --git a/nuget/chocolatey/chocolatey.nuspec b/nuget/chocolatey/chocolatey.nuspec index c7b5db2514..1ec337de3c 100644 --- a/nuget/chocolatey/chocolatey.nuspec +++ b/nuget/chocolatey/chocolatey.nuspec @@ -8,7 +8,7 @@ Chocolatey Chocolatey Software, Inc https://github.com/chocolatey/choco - https://raw.githubusercontent.com/chocolatey/choco/master/docs/logo/chocolateyicon.gif + https://chocolatey.org/assets/images/nupkg/chocolateyicon.png https://raw.githubusercontent.com/chocolatey/choco/master/LICENSE false 2017-2021 Chocolatey Software, Inc, 2011-2017 RealDimensions Software, LLC From 8d39153b67da6df60b06f934972d664a03cdc306 Mon Sep 17 00:00:00 2001 From: Gary Ewan Park Date: Wed, 1 Sep 2021 10:42:17 +0100 Subject: [PATCH 2/9] (maint) Corrected version number We are no longer going to ship a 0.10.16 release, but rather a 0.11.0 release. --- .../helpers/functions/Install-ChocolateyPackage.ps1 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/chocolatey.resources/helpers/functions/Install-ChocolateyPackage.ps1 b/src/chocolatey.resources/helpers/functions/Install-ChocolateyPackage.ps1 index 1d414c1d60..48372ac056 100644 --- a/src/chocolatey.resources/helpers/functions/Install-ChocolateyPackage.ps1 +++ b/src/chocolatey.resources/helpers/functions/Install-ChocolateyPackage.ps1 @@ -222,7 +222,7 @@ Allows splatting with arguments that do not apply. Do not use directly. .PARAMETER BeforeInstall Script Specifies the commands to run after download has completed but before install steps have begun. -Available in 0.10.16+. +Available in 0.11.0+. Use this for starting an auxilary process such as AutoHotkey, so that any timeouts are not affected by the time to download. From 18b253a19e8c66810e23159a5c92d315f62484f3 Mon Sep 17 00:00:00 2001 From: Gary Ewan Park Date: Tue, 31 Aug 2021 14:58:00 +0100 Subject: [PATCH 3/9] (version) 0.11.0-beta --- .uppercut | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.uppercut b/.uppercut index 5869ef0230..ab9171c53d 100644 --- a/.uppercut +++ b/.uppercut @@ -16,8 +16,8 @@ - - + + From 31686228e932ce718f59d95b9b767fae0f85a8cc Mon Sep 17 00:00:00 2001 From: Paul Broadwith Date: Mon, 30 Aug 2021 16:43:50 +0100 Subject: [PATCH 4/9] (#2333) Disable loading of DLL under extensions path As there isn't a way to determine whether a DLL is a usable PowerShell module without loading it into memory, we're better off not loading DLLs directly, as it has caused issues several times in the past (see: #2078, #1041). This has previously required us to create an ever-expanding list of exceptions to the loading behaviour. Instead, if folks want to load DLLs as powershell modules, they can package them alongside a PSM1 file that handles the DLL import itself. This removes the need for Chocolatey to guess which dlls are powershell modules and which should not be loaded. --- .../helpers/chocolateyInstaller.psm1 | 30 ------------------- 1 file changed, 30 deletions(-) diff --git a/src/chocolatey.resources/helpers/chocolateyInstaller.psm1 b/src/chocolatey.resources/helpers/chocolateyInstaller.psm1 index 271e628359..1d5263c9d5 100644 --- a/src/chocolatey.resources/helpers/chocolateyInstaller.psm1 +++ b/src/chocolatey.resources/helpers/chocolateyInstaller.psm1 @@ -56,36 +56,6 @@ $currentAssemblies = [System.AppDomain]::CurrentDomain.GetAssemblies() $extensionsPath = Join-Path "$helpersPath" '..\extensions' if (Test-Path($extensionsPath)) { Write-Debug 'Loading community extensions' - Get-ChildItem $extensionsPath -recurse -filter "*.dll" | Select -ExpandProperty FullName | % { - $path = $_; - if ($path.Contains("extensions\chocolatey\lib-synced")) { continue } - - try { - Write-Debug "Importing '$path'"; - $fileNameWithoutExtension = $([System.IO.Path]::GetFileNameWithoutExtension($path)) - Write-Debug "Loading '$fileNameWithoutExtension' extension."; - $loaded = $false - $currentAssemblies | % { - $name = $_.GetName().Name - if ($name -eq $fileNameWithoutExtension) { - Import-Module $_ - $loaded = $true - } - } - - if (!$loaded) { - if ($fileNameWithoutExtension -ne "chocolateygui.licensed") { - Import-Module $path; - } - } - } catch { - if ($env:ChocolateyPowerShellHost -eq 'true') { - Write-Warning "Import failed for '$path'. Error: '$_'" - } else { - Write-Warning "Import failed for '$path'. If it depends on a newer version of the .NET framework, please make sure you are using the built-in PowerShell Host. Error: '$_'" - } - } - } #Resolve-Path $extensionsPath\**\*\*.psm1 | % { Write-Debug "Importing `'$_`'"; Import-Module $_.ProviderPath } Get-ChildItem $extensionsPath -recurse -filter "*.psm1" | Select -ExpandProperty FullName | % { Write-Debug "Importing `'$_`'"; Import-Module $_; } } From bc87477d41b5d3d55f9294d19789da67cea611cb Mon Sep 17 00:00:00 2001 From: Gary Ewan Park Date: Thu, 2 Sep 2021 08:42:43 +0100 Subject: [PATCH 5/9] (doc) Add release notes for 0.11.0 --- CHANGELOG.md | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a9fb907c5e..da45c41a62 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,50 @@ This covers changes for the "chocolatey" and "chocolatey.lib" packages, which ar **NOTE**: If you have a licensed edition of Chocolatey ("chocolatey.extension"), refer to this in tandem with [Chocolatey Licensed CHANGELOG](https://github.com/chocolatey/choco/blob/master/CHANGELOG_LICENSED.md). +## [0.11.0](https://github.com/chocolatey/choco/issues?q=is%3Aclosed+milestone%3A0.11.0) (unreleased) +### BREAKING CHANGES + * Disable importing / loading of DLL in the extension folder - see [#2333](https://github.com/chocolatey/choco/issues/2333) + * choco list -e -a returns pre-releases even when --pre is not passed - see [#2304](https://github.com/chocolatey/choco/issues/2304) + +### BUG FIXES + * Fix - Prevent creation of empty nuget.config in user appdata folder - see [#2233](https://github.com/chocolatey/choco/issues/2233) + * Fix - Upgrade all with remembered arguments changes packages to pre-release - see [#2111](https://github.com/chocolatey/choco/issues/2111) + * Fix - Software applications are being reported as not being managed by Chocolatey when their associated package is installed - see [#2092](https://github.com/chocolatey/choco/issues/2092) + * Fix - Unable to remove API Key with choco apikey command - see [#1889](https://github.com/chocolatey/choco/issues/1889) + * Fix - Not all package versions are returned when running running choco list --all-versions --exact - see [#1843](https://github.com/chocolatey/choco/issues/1843) + * Fix - Upgrade all reuses overridden package parameters when useRememberedArgumentsForUpgrades feature is turned on - see [#1443](https://github.com/chocolatey/choco/issues/1443) + * Fix - choco pack fails when running on Mono when current directory is not the same one that contains the .nuspec being packed - see [#2263](https://github.com/chocolatey/choco/issues/2263) + * Fix - Running choco pack on Mono on Linux will not include any files in .nupkg if there is no files element in the .nuspec - see [#2258](https://github.com/chocolatey/choco/issues/2258) + * Fix - Nuspec files with forward slash creates nested layer of directories when packed on Windows - see [#2166](https://github.com/chocolatey/choco/issues/2166) + * Fix - Prevent loading of Chocolatey GUI Licensed Extension assembly - see [#2078](https://github.com/chocolatey/choco/issues/2078) + * Fix - Working directory always being replaced with configured cache location when using Start-ChocolateyProcessAsAdmin - see [#2051](https://github.com/chocolatey/choco/issues/2051) + * Fix - Temp location can change unexpectedly when using System credentials - see [#2044](https://github.com/chocolatey/choco/issues/2044) + * Fix - Incorrect output regarding package files when package can't be found to be downloaded - see [#1962](https://github.com/chocolatey/choco/issues/1962) + +### IMPROVEMENTS + * TBD - see [#2266](https://github.com/chocolatey/choco/issues/2266) + * Provide ability to export all currently installed packages to a packages.config file - see [#357](https://github.com/chocolatey/choco/issues/357) + * Provide ability to execute PowerShell script right before installation starts when using Install-ChocolateyPackage - see [#1060](https://github.com/chocolatey/choco/issues/1060) + * Add ChocolateyExitOnRebootDetected feature setting to environment variables for usage within package scripts - see [#1983](https://github.com/chocolatey/choco/issues/1983) + * Only search top level package folders when running the remove pending packages task - see [#1866](https://github.com/chocolatey/choco/issues/1866) + * Change default repository in the chocolatey.config to community.chocolatey.org - see [#2231](https://github.com/chocolatey/choco/issues/2231) + * Support UnzipLocation as an alias to Destination parameter in the Get-ChocolateyUnzip function - see [#2203](https://github.com/chocolatey/choco/issues/2203) + * API - Allow Lets.GetChocolatey to not initialize logging - see [#2124](https://github.com/chocolatey/choco/issues/2124) + * Provide ability to install msp patch files using Install-ChocolateyInstallPackage function - see [#2112](https://github.com/chocolatey/choco/issues/2112) + * Add ability to use authorization headers in the Get-WebFile function - see [#1998](https://github.com/chocolatey/choco/issues/1998) + * Ensure nuspec files generated from the choco new command use UTF-8 without a byte order mark - see [#1364](https://github.com/chocolatey/choco/issues/1364) + * Provide top level help command explaining what commands can be executed - see [#944](https://github.com/chocolatey/choco/issues/944) + * Ensure correct path separator in nuspec files is used on different operating systems - see [#502](https://github.com/chocolatey/choco/issues/502) + * Remove unused variable in uninstall template generated from choco new command - see [#2114](https://github.com/chocolatey/choco/issues/2114) + +### DOCUMENTATION + * Clarify the SpecificFolder parameter for helper functions - see [#2190](https://github.com/chocolatey/choco/issues/2190) + * Update deprecation notice to use outdated command when using version command - see [#2048](https://github.com/chocolatey/choco/issues/2048) + * Include information about --version option in choco help documentation - see [#2049](https://github.com/chocolatey/choco/issues/2049) + * Fix examples for Install-ChocolateyPackage function - see [#1899](https://github.com/chocolatey/choco/issues/1899) + * Terminology improvements in choco.exe help output - see [#1861](https://github.com/chocolatey/choco/issues/1861) + * Wrong error message shown when using Get-ChocolateyWebFile and forcex86 - see [#1859](https://github.com/chocolatey/choco/issues/1859) + ## [0.10.15](https://github.com/chocolatey/choco/issues?q=milestone%3A0.10.15+is%3Aclosed) (June 3, 2019) ### BUG FIXES * Fix - list/search/info - searching with --exact or info results in Object reference not set to an instance of an object - see [#1837](https://github.com/chocolatey/choco/issues/1837) From c208a6e0e01e770d3490d6607d2b787ec67689d0 Mon Sep 17 00:00:00 2001 From: Gary Ewan Park Date: Fri, 14 May 2021 09:01:48 +0100 Subject: [PATCH 6/9] (#2266) Update to latest log4net package - This is required due to an identified vulnerability in earlier versions of the log4net assembly: https://github.com/advisories/GHSA-2cwj-8chv-9pp9 --- src/chocolatey.console/chocolatey.console.csproj | 5 +++-- src/chocolatey.console/packages.config | 2 +- .../chocolatey.tests.integration.csproj | 6 ++++-- src/chocolatey.tests.integration/packages.config | 2 +- src/chocolatey.tests/chocolatey.tests.csproj | 6 ++++-- src/chocolatey.tests/packages.config | 2 +- src/chocolatey/chocolatey.csproj | 4 ++-- src/chocolatey/packages.config | 2 +- 8 files changed, 17 insertions(+), 12 deletions(-) diff --git a/src/chocolatey.console/chocolatey.console.csproj b/src/chocolatey.console/chocolatey.console.csproj index 802ac636f8..8469be9047 100644 --- a/src/chocolatey.console/chocolatey.console.csproj +++ b/src/chocolatey.console/chocolatey.console.csproj @@ -123,8 +123,8 @@ False ..\packages\AlphaFS.2.1.3\lib\net40\AlphaFS.dll - - ..\packages\log4net.2.0.3\lib\net40-client\log4net.dll + + ..\packages\log4net.2.0.12\lib\net40\log4net.dll ..\packages\Microsoft.Web.Xdt.2.1.1\lib\net40\Microsoft.Web.XmlTransform.dll @@ -147,6 +147,7 @@ + diff --git a/src/chocolatey.console/packages.config b/src/chocolatey.console/packages.config index 19b6ca4a77..2353fc5da7 100644 --- a/src/chocolatey.console/packages.config +++ b/src/chocolatey.console/packages.config @@ -2,7 +2,7 @@ - + diff --git a/src/chocolatey.tests.integration/chocolatey.tests.integration.csproj b/src/chocolatey.tests.integration/chocolatey.tests.integration.csproj index ef8882ad74..59786e709d 100644 --- a/src/chocolatey.tests.integration/chocolatey.tests.integration.csproj +++ b/src/chocolatey.tests.integration/chocolatey.tests.integration.csproj @@ -54,8 +54,8 @@ ..\..\lib\bdddoc\bdddoc.dll - - ..\packages\log4net.2.0.3\lib\net40-client\log4net.dll + + ..\packages\log4net.2.0.12\lib\net40\log4net.dll ..\packages\Microsoft.Web.Xdt.2.1.1\lib\net40\Microsoft.Web.XmlTransform.dll @@ -81,6 +81,7 @@ ..\packages\SimpleInjector.2.5.0\lib\net40-client\SimpleInjector.Diagnostics.dll + ..\packages\Rx-Core.2.1.30214.0\lib\Net40\System.Reactive.Core.dll @@ -91,6 +92,7 @@ ..\packages\Rx-Linq.2.1.30214.0\lib\Net40\System.Reactive.Linq.dll + diff --git a/src/chocolatey.tests.integration/packages.config b/src/chocolatey.tests.integration/packages.config index 93abe28393..f8bdadd08e 100644 --- a/src/chocolatey.tests.integration/packages.config +++ b/src/chocolatey.tests.integration/packages.config @@ -1,7 +1,7 @@  - + diff --git a/src/chocolatey.tests/chocolatey.tests.csproj b/src/chocolatey.tests/chocolatey.tests.csproj index b3197b2dc3..8aebac445e 100644 --- a/src/chocolatey.tests/chocolatey.tests.csproj +++ b/src/chocolatey.tests/chocolatey.tests.csproj @@ -50,8 +50,8 @@ MinimumRecommendedRules.ruleset - - ..\packages\log4net.2.0.3\lib\net40-client\log4net.dll + + ..\packages\log4net.2.0.12\lib\net40\log4net.dll ..\packages\Microsoft.Web.Xdt.2.1.1\lib\net40\Microsoft.Web.XmlTransform.dll @@ -77,7 +77,9 @@ ..\packages\SimpleInjector.2.5.0\lib\net40-client\SimpleInjector.Diagnostics.dll + + diff --git a/src/chocolatey.tests/packages.config b/src/chocolatey.tests/packages.config index e446ba1697..41b0d1385e 100644 --- a/src/chocolatey.tests/packages.config +++ b/src/chocolatey.tests/packages.config @@ -1,6 +1,6 @@  - + diff --git a/src/chocolatey/chocolatey.csproj b/src/chocolatey/chocolatey.csproj index 6635f7dd4e..f9a20ebe54 100644 --- a/src/chocolatey/chocolatey.csproj +++ b/src/chocolatey/chocolatey.csproj @@ -67,8 +67,8 @@ False ..\packages\AlphaFS.2.1.3\lib\net40\AlphaFS.dll - - ..\packages\log4net.2.0.3\lib\net40-client\log4net.dll + + ..\packages\log4net.2.0.12\lib\net40-client\log4net.dll False diff --git a/src/chocolatey/packages.config b/src/chocolatey/packages.config index b3a3019a63..f5d25adbc9 100644 --- a/src/chocolatey/packages.config +++ b/src/chocolatey/packages.config @@ -2,7 +2,7 @@ - + From 77ad4e4c79924c5049755acef9ba8d2ca4c9418b Mon Sep 17 00:00:00 2001 From: Gary Ewan Park Date: Thu, 2 Sep 2021 11:05:23 +0100 Subject: [PATCH 7/9] (version) 0.11.0 --- .uppercut | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.uppercut b/.uppercut index ab9171c53d..5f7083a3f8 100644 --- a/.uppercut +++ b/.uppercut @@ -19,8 +19,8 @@ - - + + From 7d5de462da2b8a0102733168b1b0bfd08517c92a Mon Sep 17 00:00:00 2001 From: Gary Ewan Park Date: Thu, 2 Sep 2021 11:13:33 +0100 Subject: [PATCH 8/9] (doc) Update release notes With date of release and security issue. --- CHANGELOG.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index da45c41a62..c79f9adf72 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,7 +3,7 @@ This covers changes for the "chocolatey" and "chocolatey.lib" packages, which ar **NOTE**: If you have a licensed edition of Chocolatey ("chocolatey.extension"), refer to this in tandem with [Chocolatey Licensed CHANGELOG](https://github.com/chocolatey/choco/blob/master/CHANGELOG_LICENSED.md). -## [0.11.0](https://github.com/chocolatey/choco/issues?q=is%3Aclosed+milestone%3A0.11.0) (unreleased) +## [0.11.0](https://github.com/chocolatey/choco/issues?q=is%3Aclosed+milestone%3A0.11.0) (September 2nd, 2021) ### BREAKING CHANGES * Disable importing / loading of DLL in the extension folder - see [#2333](https://github.com/chocolatey/choco/issues/2333) * choco list -e -a returns pre-releases even when --pre is not passed - see [#2304](https://github.com/chocolatey/choco/issues/2304) @@ -24,7 +24,7 @@ This covers changes for the "chocolatey" and "chocolatey.lib" packages, which ar * Fix - Incorrect output regarding package files when package can't be found to be downloaded - see [#1962](https://github.com/chocolatey/choco/issues/1962) ### IMPROVEMENTS - * TBD - see [#2266](https://github.com/chocolatey/choco/issues/2266) + * [Security] XML External Entity attack in log4net (CVE-2018-1285) - see [#2266](https://github.com/chocolatey/choco/issues/2266) * Provide ability to export all currently installed packages to a packages.config file - see [#357](https://github.com/chocolatey/choco/issues/357) * Provide ability to execute PowerShell script right before installation starts when using Install-ChocolateyPackage - see [#1060](https://github.com/chocolatey/choco/issues/1060) * Add ChocolateyExitOnRebootDetected feature setting to environment variables for usage within package scripts - see [#1983](https://github.com/chocolatey/choco/issues/1983) From d0f16d349de93522b7e82d555cd70271db95f9eb Mon Sep 17 00:00:00 2001 From: Gary Ewan Park Date: Thu, 2 Sep 2021 11:16:55 +0100 Subject: [PATCH 9/9] (maint) Update release notes link To point to the docs version of the release notes, rather than the changelog on GitHub. --- nuget/chocolatey.lib/chocolatey.lib.nuspec | 2 +- nuget/chocolatey/chocolatey.nuspec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/nuget/chocolatey.lib/chocolatey.lib.nuspec b/nuget/chocolatey.lib/chocolatey.lib.nuspec index e9c50f6f95..cb067d69d7 100644 --- a/nuget/chocolatey.lib/chocolatey.lib.nuspec +++ b/nuget/chocolatey.lib/chocolatey.lib.nuspec @@ -31,7 +31,7 @@ This is the Chocolatey Library (API / DLL) package which allows Chocolatey to be * [Documentation](https://docs.chocolatey.org/en-us/) / [Support](https://chocolatey.org/support) - See all - https://github.com/chocolatey/choco/blob/stable/CHANGELOG.md + See all - https://docs.chocolatey.org/en-us/choco/release-notes diff --git a/nuget/chocolatey/chocolatey.nuspec b/nuget/chocolatey/chocolatey.nuspec index 1ec337de3c..a330e3446d 100644 --- a/nuget/chocolatey/chocolatey.nuspec +++ b/nuget/chocolatey/chocolatey.nuspec @@ -61,7 +61,7 @@ We have some great guidance on how to do that. Where? I'll give you a hint, it r In that mess there is a link to the [PowerShell Chocolatey module reference](https://docs.chocolatey.org/en-us/create/functions). -See all - https://github.com/chocolatey/choco/blob/stable/CHANGELOG.md +See all - https://docs.chocolatey.org/en-us/choco/release-notes