Merge branch 'stable'

* stable:
  (version) 0.10.11
  (doc) update release notes for 0.10.11
  (GH-1540) Fix - AutoUninstaller can't find escaped quotes
  (GH-1543) Fix - log format error on install location with GUID
  (GH-1500) Fix - Wrap Write-Host if used in setup
  (GH-991) Install - Modify profile if file exists & empty
  (GH-1443) Set original config before loop
  (maint) add a note for GH-1548
  (GH-1557) Upgrade 7z to 18.5

.uppercut

@@ -17,7 +17,7 @@
   <property name="version.use_semanticversioning" value="true" overwrite="false" />
   <property name="version.major" value="0" overwrite="false" />
   <property name="version.minor" value="10" overwrite="false" />
-  <property name="version.patch" value="10" overwrite="false" />
+  <property name="version.patch" value="11" overwrite="false" />
   <property name="version.fix" value="0" overwrite="false" />
   <property name="version.nuget.prerelease" value="" overwrite="false" />
   <property name="version.use.build_date" value="false" overwrite="false" />

CHANGELOG.md

@@ -3,6 +3,17 @@ This covers changes for the "chocolatey" and "chocolatey.lib" packages, which ar
 
 **NOTE**: If you have a licensed edition of Chocolatey ("chocolatey.extension"), refer to this in tandem with [Chocolatey Licensed CHANGELOG](https://github.com/chocolatey/choco/blob/master/CHANGELOG_LICENSED.md).
 
+## [0.10.11](https://github.com/chocolatey/choco/issues?q=milestone%3A0.10.11+is%3Aclosed) (May 4, 2018)
+### BUG FIXES
+ * Fix - AutoUninstaller - Captures registry snapshot escaping quotes - unable to find path for uninstall - see [#1540](https://github.com/chocolatey/choco/issues/1540)
+ * Fix - Installation/Setup - Use of Write-Host in Install-ChocolateyPath.ps1 prevents non-interactive installation of Chocolatey itself - see [#1560](https://github.com/chocolatey/choco/issues/1560)
+ * Fix - Logging - GUID in software name: "Chocolatey had an error formatting string" - see [#1543](https://github.com/chocolatey/choco/issues/1543)
+
+### IMPROVEMENTS
+ * [Security] RAR Extraction with older 7zip uses uninitialized memory (CVE-2018-10115) - see [#1557](https://github.com/chocolatey/choco/issues/1557)
+ * Tab Completion - Modify profile if file exists but is empty - see [#991](https://github.com/chocolatey/choco/issues/991)
+
+
 ## [0.10.10](https://github.com/chocolatey/choco/issues?q=milestone%3A0.10.10+is%3Aclosed) (April 12, 2018)
 ### BUG FIXES
  * Fix - Installing Chocolatey 0.10.9 results in an exit code of 1 - see [#1529](https://github.com/chocolatey/choco/issues/1529)

nuget/chocolatey.lib/chocolatey.lib.nuspec

@@ -33,14 +33,15 @@ This is the Chocolatey Library (API / DLL) package which allows Chocolatey to be
 </description>
     <releaseNotes>See all - https://github.com/chocolatey/choco/blob/stable/CHANGELOG.md
 
-## 0.10.10
+## 0.10.11
 ### BUG FIXES
- * Installing chocolatey 0.10.9 results in an exit code of 1 - see [#1529](https://github.com/chocolatey/choco/issues/1529)
- * Proxy bypass list with "*" will return regex quantifier parsing errors - see [#1532](https://github.com/chocolatey/choco/issues/1532)
- * NuGet cache folders - choco should always attempt to remove and should find in the cacheLocation when set - see [#1527](https://github.com/chocolatey/choco/issues/1527)
+ * Fix - AutoUninstaller - Captures registry snapshot escaping quotes - unable to find path for uninstall - see [#1540](https://github.com/chocolatey/choco/issues/1540)
+ * Fix - Installation/Setup - Use of Write-Host in Install-ChocolateyPath.ps1 prevents non-interactive installation of Chocolatey itself - see [#1560](https://github.com/chocolatey/choco/issues/1560)
+ * Fix - Logging - GUID in software name: "Chocolatey had an error formatting string" - see [#1543](https://github.com/chocolatey/choco/issues/1543)
 
 ### IMPROVEMENTS
- * Logging - Exclusive File Lock on Non-Essential Logs - see [#1531](https://github.com/chocolatey/choco/issues/1531)
+ * [Security] RAR Extraction with older 7zip uses uninitialized memory (CVE-2018-10115) - see [#1557](https://github.com/chocolatey/choco/issues/1557)
+ * Tab Completion - Modify profile if file exists but is empty - see [#991](https://github.com/chocolatey/choco/issues/991)
     </releaseNotes>
     <dependencies>
       <dependency id="log4net" version="2.0.3" />

nuget/chocolatey/chocolatey.nuspec

@@ -63,14 +63,15 @@ In that mess there is a link to the [PowerShell Chocolatey module reference](htt
     <releaseNotes>
 See all - https://github.com/chocolatey/choco/blob/stable/CHANGELOG.md
 
-## 0.10.10
+## 0.10.11
 ### BUG FIXES
- * Installing chocolatey 0.10.9 results in an exit code of 1 - see [#1529](https://github.com/chocolatey/choco/issues/1529)
- * Proxy bypass list with "*" will return regex quantifier parsing errors - see [#1532](https://github.com/chocolatey/choco/issues/1532)
- * NuGet cache folders - choco should always attempt to remove and should find in the cacheLocation when set - see [#1527](https://github.com/chocolatey/choco/issues/1527)
+ * Fix - AutoUninstaller - Captures registry snapshot escaping quotes - unable to find path for uninstall - see [#1540](https://github.com/chocolatey/choco/issues/1540)
+ * Fix - Installation/Setup - Use of Write-Host in Install-ChocolateyPath.ps1 prevents non-interactive installation of Chocolatey itself - see [#1560](https://github.com/chocolatey/choco/issues/1560)
+ * Fix - Logging - GUID in software name: "Chocolatey had an error formatting string" - see [#1543](https://github.com/chocolatey/choco/issues/1543)
 
 ### IMPROVEMENTS
- * Logging - Exclusive File Lock on Non-Essential Logs - see [#1531](https://github.com/chocolatey/choco/issues/1531)
+ * [Security] RAR Extraction with older 7zip uses uninitialized memory (CVE-2018-10115) - see [#1557](https://github.com/chocolatey/choco/issues/1557)
+ * Tab Completion - Modify profile if file exists but is empty - see [#991](https://github.com/chocolatey/choco/issues/991)
     </releaseNotes>
   </metadata>
 </package>

nuget/chocolatey/tools/chocolateysetup.psm1

@@ -600,10 +600,14 @@ function Add-ChocolateyProfile {
       #"" | Out-File $profileFile -Encoding UTF8
     }
 
-    $signature = Get-AuthenticodeSignature $profile
-    if ($signature.Status -ne 'NotSigned') {
-      Write-Warning "Not setting tab completion: File is Authenticode signed at '$profile'."
-      return
+    # Check authenticode, but only if file is greater than 4 bytes
+    $profileFileInfo = New-Object System.IO.FileInfo($profileFile)
+    if ($profileFileInfo.Length -ge 5) {
+      $signature = Get-AuthenticodeSignature $profile
+      if ($signature.Status -ne 'NotSigned') {
+        Write-Warning "Not setting tab completion: File is Authenticode signed at '$profile'."
+        return
+      }
     }
 
     $profileInstall = @'

src/chocolatey.resources/helpers/functions/Get-EnvironmentVariable.ps1

@@ -65,6 +65,7 @@ param(
 )
 
   # Do not log function call, it may expose variable names
+  ## Called from chocolateysetup.psm1 - wrap any Write-Host in try/catch
 
   [string] $MACHINE_ENVIRONMENT_REGISTRY_KEY_NAME = "SYSTEM\CurrentControlSet\Control\Session Manager\Environment\";
   [Microsoft.Win32.RegistryKey] $win32RegistryKey = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey($MACHINE_ENVIRONMENT_REGISTRY_KEY_NAME)

src/chocolatey.resources/helpers/functions/Install-ChocolateyEnvironmentVariable.ps1

@@ -96,6 +96,7 @@ param(
 )
 
   Write-FunctionCallLogMessage -Invocation $MyInvocation -Parameters $PSBoundParameters
+  ## Called from chocolateysetup.psm1 - wrap any Write-Host in try/catch
 
   if ($variableType -eq [System.EnvironmentVariableTarget]::Machine) {
     if (Test-ProcessAdminRights) {

src/chocolatey.resources/helpers/functions/Install-ChocolateyPath.ps1

@@ -73,6 +73,7 @@ param(
 )
 
   Write-FunctionCallLogMessage -Invocation $MyInvocation -Parameters $PSBoundParameters
+  ## Called from chocolateysetup.psm1 - wrap any Write-Host in try/catch
 
   $originalPathToInstall = $pathToInstall
 
@@ -81,7 +82,12 @@ param(
   $envPath = $env:PATH
   if (!$envPath.ToLower().Contains($pathToInstall.ToLower()))
   {
-    Write-Host "PATH environment variable does not have $pathToInstall in it. Adding..."
+    try {
+      Write-Host "PATH environment variable does not have $pathToInstall in it. Adding..."
+    } catch {
+      Write-Verbose "PATH environment variable does not have $pathToInstall in it. Adding..."
+    }
+
     $actualPath = Get-EnvironmentVariable -Name 'Path' -Scope $pathType -PreserveVariables
 
     $statementTerminator = ";"

src/chocolatey.resources/helpers/functions/Test-ProcessAdminRights.ps1

@@ -37,6 +37,7 @@ System.Boolean
 #>
 
   # do not log function call
+  ## Called from chocolateysetup.psm1 - wrap any Write-Host in try/catch
 
   $currentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent([Security.Principal.TokenAccessLevels]'Query,Duplicate'))
   $isAdmin = $currentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)

src/chocolatey.tests/infrastructure.app/services/AutomaticUninstallerServiceSpecs.cs

@@ -519,6 +519,55 @@ public void should_call_command_executor()
                             It.IsAny<bool>()),
                     Times.Once);
             }
+        }        
+
+        public class when_uninstall_string_has_ampersand_quot : AutomaticUninstallerServiceSpecsBase
+        {
+            private readonly string uninstallStringWithAmpersandQuot = @"&quot;C:\Program Files (x86)\WinDirStat\Uninstall.exe&quot; /SILENT";
+
+            public override void Context()
+            {
+                base.Context();
+                registryKeys.Clear();
+                registryKeys.Add(
+                    new RegistryApplicationKey
+                    {
+                        DisplayName = expectedDisplayName,
+                        InstallLocation = @"C:\Program Files (x86)\WinDirStat",
+                        UninstallString = uninstallStringWithAmpersandQuot,
+                        HasQuietUninstall = true,
+                        KeyPath = @"HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDirStat",
+                        InstallerType = installerType.InstallerType,
+                    });
+                packageInformation.RegistrySnapshot = new Registry("123", registryKeys);
+            }
+
+            public override void Because()
+            {
+                MockLogger.LogMessagesToConsole = true;
+                service.run(packageResult, config);
+            }
+
+            [Fact]
+            public void should_call_get_package_information()
+            {
+                packageInfoService.Verify(s => s.get_package_information(It.IsAny<IPackage>()), Times.Once);
+            }
+
+            [Fact]
+            public void should_call_command_executor()
+            {
+                commandExecutor.Verify(
+                    c =>
+                        c.execute(
+                            expectedUninstallString,
+                            "/SILENT".trim_safe(),
+                            It.IsAny<int>(),
+                            It.IsAny<Action<object, DataReceivedEventArgs>>(),
+                            It.IsAny<Action<object, DataReceivedEventArgs>>(),
+                            It.IsAny<bool>()),
+                    Times.Once);
+            }
         } 
 
         public class when_uninstall_string_has_multiple_file_paths : AutomaticUninstallerServiceSpecsBase

src/chocolatey/infrastructure.app/domain/RegistryValueExtensions.cs

@@ -26,7 +26,7 @@ public static string get_value_as_string(this RegistryKey key, string name)
 
             // Since it is possible that registry keys contain characters that are not valid
             // in XML files, ensure that all content is escaped, prior to serialization
-            var escapedXml = System.Security.SecurityElement.Escape(key.GetValue(name).to_string());
+            var escapedXml = System.Security.SecurityElement.Escape(key.GetValue(name).to_string()).Replace(""","\"").Replace("'","'");
 
             return escapedXml == null ? string.Empty : escapedXml.Replace("\0", string.Empty);
         }

src/chocolatey/infrastructure.app/nuget/NugetCommon.cs

@@ -187,7 +187,10 @@ public static IPackageManager GetPackageManager(ChocolateyConfiguration configur
                     Logger = nugetLogger,
                 };
 
-            //NOTE DO NOT EVER use this method - packageManager.PackageInstalling += (s, e) =>
+            // GH-1548
+            //note: is this a good time to capture a backup (for dependencies) / maybe grab remembered arguments here instead / and somehow get out of the endless loop! 
+            //NOTE DO NOT EVER use this method - packageManager.PackageInstalling += (s, e) => { };
+
             packageManager.PackageInstalled += (s, e) =>
                 {
                     var pkg = e.Package;

src/chocolatey/infrastructure.app/services/AutomaticUninstallerService.cs

@@ -140,7 +140,7 @@ public void remove(RegistryApplicationKey key, ChocolateyConfiguration config, P
             }
 
             // split on " /" and " -" for quite a bit more accuracy
-            IList<string> uninstallArgsSplit = key.UninstallString.to_string().Split(new[] { " /", " -" }, StringSplitOptions.RemoveEmptyEntries).ToList();
+            IList<string> uninstallArgsSplit = key.UninstallString.to_string().Replace("&quot;","\"").Replace("&apos;","'").Split(new[] { " /", " -" }, StringSplitOptions.RemoveEmptyEntries).ToList();
             var uninstallExe = uninstallArgsSplit.DefaultIfEmpty(string.Empty).FirstOrDefault().trim_safe();
             if (uninstallExe.Count(u => u == '"') > 2)
             {
@@ -159,7 +159,7 @@ public void remove(RegistryApplicationKey key, ChocolateyConfiguration config, P
                    this.Log().Debug("Error splitting the uninstall string:{0} {1}".format_with(Environment.NewLine,ex.to_string()));
                 }
             }
-            var uninstallArgs = key.UninstallString.to_string().Replace(uninstallExe.to_string(), string.Empty).trim_safe();
+            var uninstallArgs = key.UninstallString.to_string().Replace("&quot;", "\"").Replace("&apos;", "'").Replace(uninstallExe.to_string(), string.Empty).trim_safe();
 
             uninstallExe = uninstallExe.remove_surrounding_quotes();
             this.Log().Debug(() => " Uninstaller path is '{0}'".format_with(uninstallExe));

src/chocolatey/infrastructure.app/services/ChocolateyPackageInformationService.cs

@@ -65,7 +65,7 @@ public ChocolateyPackageInformation get_package_information(IPackage package)
 A corrupt .registry file exists at {0}.
  Open this file in a text editor, and remove/escape any characters that
  are regarded as illegal within XML strings not surrounded by CData. 
- These are typically the characters &, ', "", and `<`, `>`. Again, this
+ These are typically the characters &, `<`, and `>`. Again, this
  is an XML document, so you will see many < and > characters, so just
  focus exclusively in the string values not surrounded by CData. Once 
  these have been corrected, rename the .registry.bad file to .registry.

src/chocolatey/infrastructure.app/services/ChocolateyPackageService.cs

@@ -441,7 +441,7 @@ public void handle_package_result(PackageResult packageResult, ChocolateyConfigu
             var installerDetected = Environment.GetEnvironmentVariable(ApplicationParameters.Environment.ChocolateyPackageInstallerType);
             if (!string.IsNullOrWhiteSpace(installLocation))
             {
-                 this.Log().Info(ChocolateyLoggers.Important, "  Software installed to '{0}'".format_with(installLocation));
+                 this.Log().Info(ChocolateyLoggers.Important, "  Software installed to '{0}'".format_with(installLocation.escape_curly_braces()));
             }
             else if (!string.IsNullOrWhiteSpace(installerDetected))
             {

src/chocolatey/infrastructure.app/services/NugetService.cs

@@ -608,8 +608,13 @@ public virtual ConcurrentDictionary<string, PackageResult> upgrade_run(Chocolate
             set_package_names_if_all_is_specified(config, () => { config.IgnoreDependencies = true; });
             config.IgnoreDependencies = configIgnoreDependencies;
 
+            var originalConfig = config.deep_copy();
+
             foreach (string packageName in config.PackageNames.Split(new[] { ApplicationParameters.PackageNamesSeparator }, StringSplitOptions.RemoveEmptyEntries).or_empty_list_if_null())
             {
+                // set original config back each time through
+                config = originalConfig;
+
                 IPackage installedPackage = packageManager.LocalRepository.FindPackage(packageName);
 
                 if (installedPackage == null)
@@ -789,7 +794,7 @@ public virtual ConcurrentDictionary<string, PackageResult> upgrade_run(Chocolate
                         continue;
                     }
 
-                    var originalConfig = set_package_config_for_upgrade(config, pkgInfo);
+                    set_package_config_for_upgrade(config, pkgInfo);
 
                     if (performAction)
                     {
@@ -846,9 +851,6 @@ public virtual ConcurrentDictionary<string, PackageResult> upgrade_run(Chocolate
                             if (continueAction != null) continueAction.Invoke(packageResult);
                         }
                     }
-
-                    // set original config back
-                    config = originalConfig;
                 }
             }
 
@@ -861,7 +863,7 @@ public virtual ConcurrentDictionary<string, PackageResult> upgrade_run(Chocolate
         /// <param name="config">The configuration.</param>
         /// <param name="packageInfo">The package information.</param>
         /// <returns>The original unmodified configuration, so it can be reset after upgrade</returns>
-        private ChocolateyConfiguration set_package_config_for_upgrade(ChocolateyConfiguration config, ChocolateyPackageInformation packageInfo)
+        protected virtual ChocolateyConfiguration set_package_config_for_upgrade(ChocolateyConfiguration config, ChocolateyPackageInformation packageInfo)
         {
             if (!config.Features.UseRememberedArgumentsForUpgrades || string.IsNullOrWhiteSpace(packageInfo.Arguments)) return config;