AU: 2 updated - autohotkey.portable librecad

[skip ci] https://gist.github.com/choco-bot/a14b1e5bfaf70839b338eb1ab7f8226f/bbffaf4c641d9340fe55038d01b2f9533aa23df2

automatic/autohotkey.portable/autohotkey.portable.json

@@ -1,5 +1,5 @@
 {
     "1.1":  "1.1.37.01",
-    "2.0":  "2.0.3",
+    "2.0":  "2.0.4",
     "2.1":  "2.1-alpha1"
 }

automatic/autohotkey.portable/autohotkey.portable.nuspec

@@ -3,7 +3,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2010/07/nuspec.xsd">
   <metadata>
     <id>autohotkey.portable</id>
-    <version>2.1-alpha1</version>
+    <version>2.0.4</version>
     <title>AutoHotkey (Portable)</title>
     <owners>chocolatey-community</owners>
     <authors>Lexikos</authors>

automatic/autohotkey.portable/tools/VERIFICATION.txt

@@ -7,21 +7,21 @@ Package can be verified like this:
 
 1. Go to
 
-   x32: https://autohotkey.com/download/2.1//AutoHotkey_2.1-alpha.1.zip
-   x64: https://autohotkey.com/download/2.1//AutoHotkey_2.1-alpha.1.zip
+   x32: https://autohotkey.com/download/2.0//AutoHotkey_2.0.4.zip
+   x64: https://autohotkey.com/download/2.0//AutoHotkey_2.0.4.zip
 
    to download the installer.
 
 2. You can use one of the following methods to obtain the SHA256 checksum:
    - Use powershell function 'Get-FileHash'
    - Use Chocolatey utility 'checksum.exe'
 
-   checksum32: 1AC2A73A17744856C035293C077CF28472843B49826B5E2C67F690DDB9324338
-   checksum64: 1AC2A73A17744856C035293C077CF28472843B49826B5E2C67F690DDB9324338
+   checksum32: 312CE07DD1D745113CFA0515424DD0249F9BAFFEE19098A9B2BE4027D5FB7418
+   checksum64: 312CE07DD1D745113CFA0515424DD0249F9BAFFEE19098A9B2BE4027D5FB7418
 
 Using AU:
 
-   Get-RemoteChecksum https://autohotkey.com/download/2.1//AutoHotkey_2.1-alpha.1.zip
+   Get-RemoteChecksum https://autohotkey.com/download/2.0//AutoHotkey_2.0.4.zip
 
 File 'license.txt' is obtained from:
    https://github.com/AutoHotkey/AutoHotkey/blob/df84a3e902b522db0756a7366bd9884c80fa17b6/license.txt

automatic/autohotkey.portable/tools/chocolateyInstall.ps1

@@ -1,6 +1,6 @@
 $ErrorActionPreference = 'Stop'
 
-$fileName  = 'AutoHotkey_2.1-alpha.1.zip'
+$fileName  = 'AutoHotkey_2.0.4.zip'
 $toolsPath = Split-Path -Parent $MyInvocation.MyCommand.Definition
 $zip_path = "$toolsPath\$fileName"
 Remove-Item $toolsPath\* -Recurse -Force -Exclude $fileName

automatic/librecad/legal/VERIFICATION.txt

@@ -3,16 +3,16 @@ Verification is intended to assist the Chocolatey moderators and community
 in verifying that this package's contents are trustworthy.
 
 The embedded software have been downloaded from the listed download
-location on <https://github.com/LibreCAD/LibreCAD/releases/tag/2.2.0>
+location on <https://github.com/LibreCAD/LibreCAD/releases/tag/2.2.0.1>
 and can be verified by doing the following:
 
-1. Download the following <https://github.com/LibreCAD/LibreCAD/releases/download/2.2.0/LibreCAD-Installer-2.2.0.exe>
+1. Download the following <https://github.com/LibreCAD/LibreCAD/releases/download/2.2.0.1/LibreCAD-Installer-2.2.0.1.exe>
 2. Get the checksum using one of the following methods:
   - Using powershell function 'Get-FileHash'
   - Use chocolatey utility 'checksum.exe'
 3. The checksums should match the following:
 
   checksum type: sha256
-  checksum: 233809D3C7EBF2B9C32601354B29F16F1EB269FE529415828174B3068BCE3FA4
+  checksum: F1520DB7A6EF13928780D42CB2DC6DD74C88F7F6C39A7774EFC83B79D52ABD5D
 
 The file 'LICENSE.txt' has been obtained from <https://github.com/LibreCAD/LibreCAD/blob/master/LICENSE>

automatic/librecad/librecad.json

@@ -1,5 +1,5 @@
 {
-    "2.2":  "2.2.0",
+    "2.2":  "2.2.0.1",
     "2.1":  "2.1.3",
     "2.0":  "2.0.11"
 }

automatic/librecad/librecad.nuspec

@@ -3,7 +3,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>librecad</id>
-    <version>2.2.0</version>
+    <version>2.2.0.1</version>
     <packageSourceUrl>https://github.com/chocolatey-community/chocolatey-packages/tree/master/automatic/librecad</packageSourceUrl>
     <owners>chocolatey-community</owners>
     <title>LibreCAD</title>
@@ -24,49 +24,31 @@
 LibreCAD is a free Open Source CAD application for Windows, Apple and Linux. Support and documentation is free from our large, dedicated community of users, contributors and developers.
 
 ]]></description>
-    <releaseNotes>**Finally, here it is!**
+    <releaseNotes>## Bugfix release 2.2.0.1
+This is a bugfix release for official stable release 2.2.0.
 
-It took far too long to present this new stable LibreCAD version.
-Already announced several times, new obstacles kept appearing. But the main cause, however, is the loss of manpower in recent years.
-We no longer have the resources to maintain a stable and a development branch side by side.
-In addition, there were many problems in our parallel project [libdxfrw](https://github.com/LibreCAD/libdxfrw), which we also take care of.
-And there are also many invisible tasks to be dealt with, such as moving to a new cloud server, a new homepage, looking for financing our expenses, to name just a few.
+It fixes a minor vulnerability (CVE-2023-30259) with a mature `shapelib` contained in our codebase.
+The vulnerability addresses only the plugin `Importshp`, which is used to import shape files (SHP/SHX/DBF).
+Shape files are used in surveying and so do not affect the most users.
+As this is probably not a widely used plugin, the fix was just to remove the plugin.
 
-About 4800 commits have been made since the last stable version 2.1.3. Too much to go into detail.
-So here are a few notable changes in the new version 2.2.0:
-* many causes of crashes have been eliminated
-* eliminated DWG issues in libdxfrw, which caused several crashes
-* the performance of panning and zooming in large files has been significantly improved
-* the undo/redo engine has been completely revised due to several problems
-* adjustments for new compiler and Qt versions were required
-* extension of the command line, multi-line commands, paste and open command files
-* improvement of the print preview, with tiled printing and line widths adjustment
-* multiple selection and bulk actions in block and layer lists
-
-By expanding our [CI](https://en.wikipedia.org/wiki/Continuous_integration), we can now easily provide up-to-date binary packages that allow many users to easily test and bug hunt on Windows, MacOS and Linux.
-
-The new release also has an online manual which is hosted at [Read the Docs](https://librecad.readthedocs.io/).
-
-**This new stable version 2.2.0 finally replaces the previous stable 2.1.3.**
-
-Unfortunately, we have to disappoint people who are hoping for a soon release of LibreCAD 3. It is still a long way from productive use.
-Also there are still many contributions available for version 2.2 we wont waste. These can now be integrated into an unstable development branch. That means there will probably be one or two more feature release 2.2.x.
-There may be LibreCAD 3 releases in parallel in future, but for the time being, not with the features that LibreCAD 2.2 currently offers.
-
-At last, let me mention, that we recently resumed to accept financial contributions again. These are basically used to pay our expenses for hosting and domain services.
-This has become possible through [OpenCollective](https://opencollective.com/librecad) and by [GitHub Sponsors](https://github.com/sponsors/LibreCAD).
+If you are a surveyor and need the shape file support, it is safe to stay with 2.2.0 version, as long as you know the origin of the used shape files.
+The vulnerability is an out-of-bounds read, what means, if a malformed shape file is imported, the application can crash.
+With some efforts an attacker possibly can create a shape file, which can lead to unintended code execution and seize your computer.
+But this is a worst case scenario, which I would rate as extremely low to occur.
+
 
 MD5 sums:
 ```
-f6c6d3aeb9586c3db16e3af0f60905ce  LibreCAD-2.2.0-x86_64.AppImage
-36a5be5acd623a13cdaf7ae8efb4279e  LibreCAD-2.2.0.dmg
-3fe516a5f9c4efe4ae4fb186cd008857  LibreCAD-Installer-2.2.0.exe
+059e5fff8d19b4ff729ea8d07656209c  LibreCAD-2.2.0.1-x86_64.AppImage
+33b0675ea52c77f2f1f6c8861677414d  LibreCAD-2.2.0.1.dmg
+5aaa9f6b237fdfd42a4095058584dbcb  LibreCAD-Installer-2.2.0.1.exe
 ```
 SHA256 hashes:
 ```
-5b1cd348fa0ee8c1dc47fe56aef761b980582e58eafc6683207c40aadf30b74b  LibreCAD-2.2.0-x86_64.AppImage
-e17d81be0d943f99613d4c12e9a552e3257a41229a99933b7189ea3e896f5011  LibreCAD-2.2.0.dmg
-233809d3c7ebf2b9c32601354b29f16f1eb269fe529415828174b3068bce3fa4  LibreCAD-Installer-2.2.0.exe
+278967ae89398e07321ff4bd430e9cfbff4b9d17b887113d08fb51c8f2def2e7  LibreCAD-2.2.0.1-x86_64.AppImage
+23b47914440c99d6d0371e67d31f5bb328ad8f6966d7ed564820cb7a71a3b350  LibreCAD-2.2.0.1.dmg
+f1520db7a6ef13928780d42cb2dc6dd74c88f7f6c39a7774efc83b79d52abd5d  LibreCAD-Installer-2.2.0.1.exe
 ```
 </releaseNotes>
     <dependencies>

automatic/librecad/tools/chocolateyInstall.ps1

@@ -5,7 +5,7 @@ $toolsPath = Split-Path -parent $MyInvocation.MyCommand.Definition
 $packageArgs = @{
   packageName    = $env:ChocolateyPackageName
   fileType       = 'exe'
-  file           = "$toolsPath\LibreCAD-Installer-2.2.0.exe"
+  file           = "$toolsPath\LibreCAD-Installer-2.2.0.1.exe"
   softwareName   = 'LibreCAD'
   silentArgs     = '/S'
   validExitCodes = @(0)

automatic/librecad/update.ps1

@@ -32,15 +32,15 @@ function global:au_GetLatest {
   $releases = Get-AllGitHubReleases -Owner 'LibreCAD' -Name 'LibreCAD'
 
   $streams = @{}
-  $releases | % {
+  $releases | ForEach-Object {
     if ($_.tag_name -eq 'latest') {
       # This is the continuous build, ie nightly builds so we skip this one
       return
     }
 
     $version = Get-Version $_.tag_name
 
-    $url = $_.assets | ? browser_download_url -match '\.exe$' | Select-Object -ExpandProperty browser_download_url
+    $url = $_.assets | Where-Object browser_download_url -match '\.exe$' | Select-Object -ExpandProperty browser_download_url
     $streamName = $version.ToString(2)
 
     if (!($streams.ContainsKey($streamName)) -and $url) {