AU: 1 updated - librecad

[skip ci] https://gist.github.com/choco-bot/a14b1e5bfaf70839b338eb1ab7f8226f/1eb9c8d1d9923a506abbabe730e2b7de1054c62e
chocolatey-community · Jul 29, 2023 · 883166b · 883166b
1 parent 89f7714
commit 883166b
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 22 deletions.
diff --git a/automatic/librecad/legal/VERIFICATION.txt b/automatic/librecad/legal/VERIFICATION.txt
@@ -3,16 +3,16 @@ Verification is intended to assist the Chocolatey moderators and community
 in verifying that this package's contents are trustworthy.
 
 The embedded software have been downloaded from the listed download
-location on <https://github.com/LibreCAD/LibreCAD/releases/tag/2.2.0.1>
+location on <https://github.com/LibreCAD/LibreCAD/releases/tag/2.2.0.2>
 and can be verified by doing the following:
 
-1. Download the following <https://github.com/LibreCAD/LibreCAD/releases/download/2.2.0.1/LibreCAD-Installer-2.2.0.1.exe>
+1. Download the following <https://github.com/LibreCAD/LibreCAD/releases/download/2.2.0.2/LibreCAD-Installer-2.2.0.2.exe>
 2. Get the checksum using one of the following methods:
   - Using powershell function 'Get-FileHash'
   - Use chocolatey utility 'checksum.exe'
 3. The checksums should match the following:
 
   checksum type: sha256
-  checksum: F1520DB7A6EF13928780D42CB2DC6DD74C88F7F6C39A7774EFC83B79D52ABD5D
+  checksum: 996014CC38E0E98D274FBBB89E4F6FF92455E487E3A06BA46A38FEB7C575A9D2
 
 The file 'LICENSE.txt' has been obtained from <https://github.com/LibreCAD/LibreCAD/blob/master/LICENSE>
diff --git a/automatic/librecad/librecad.json b/automatic/librecad/librecad.json
@@ -1,5 +1,5 @@
 {
-    "2.2":  "2.2.0.1",
+    "2.2":  "2.2.0.2",
     "2.1":  "2.1.3",
     "2.0":  "2.0.11"
 }
diff --git a/automatic/librecad/librecad.nuspec b/automatic/librecad/librecad.nuspec
@@ -3,7 +3,7 @@
 <package xmlns="http://schemas.microsoft.com/packaging/2015/06/nuspec.xsd">
   <metadata>
     <id>librecad</id>
-    <version>2.2.0.1</version>
+    <version>2.2.0.2</version>
     <packageSourceUrl>https://github.com/chocolatey-community/chocolatey-packages/tree/master/automatic/librecad</packageSourceUrl>
     <owners>chocolatey-community</owners>
     <title>LibreCAD</title>
@@ -24,31 +24,27 @@
 LibreCAD is a free Open Source CAD application for Windows, Apple and Linux. Support and documentation is free from our large, dedicated community of users, contributors and developers.
 
 ]]></description>
-    <releaseNotes>## Bugfix release 2.2.0.1
+    <releaseNotes>## Bugfix release 2.2.0.2
 This is a bugfix release for official stable release 2.2.0.
 
-It fixes a minor vulnerability (CVE-2023-30259) with a mature `shapelib` contained in our codebase.
-The vulnerability addresses only the plugin `Importshp`, which is used to import shape files (SHP/SHX/DBF).
-Shape files are used in surveying and so do not affect the most users.
-As this is probably not a widely used plugin, the fix was just to remove the plugin.
+It fixes 3 minor issue:
+
+  * An undetected vulnerability, opening malformed LFF font files caused a crash
+  * Format issues in bundled fonts
+  * A regression, finding nearest points on ellipses caused a crash
 
-If you are a surveyor and need the shape file support, it is safe to stay with 2.2.0 version, as long as you know the origin of the used shape files.
-The vulnerability is an out-of-bounds read, what means, if a malformed shape file is imported, the application can crash.
-With some efforts an attacker possibly can create a shape file, which can lead to unintended code execution and seize your computer.
-But this is a worst case scenario, which I would rate as extremely low to occur.
-
 
 MD5 sums:
 ```
-059e5fff8d19b4ff729ea8d07656209c  LibreCAD-2.2.0.1-x86_64.AppImage
-33b0675ea52c77f2f1f6c8861677414d  LibreCAD-2.2.0.1.dmg
-5aaa9f6b237fdfd42a4095058584dbcb  LibreCAD-Installer-2.2.0.1.exe
+747e2e9986801d87b94e67d76a5807e9  LibreCAD-2.2.0.2-x86_64.appimage
+39f31210941ae2f94f757ff3d677e889  LibreCAD-2.2.0.2.dmg
+f73213a4c8036f46ef0a397efd5d7b16  LibreCAD-Installer-2.2.0.2.exe
 ```
 SHA256 hashes:
 ```
-278967ae89398e07321ff4bd430e9cfbff4b9d17b887113d08fb51c8f2def2e7  LibreCAD-2.2.0.1-x86_64.AppImage
-23b47914440c99d6d0371e67d31f5bb328ad8f6966d7ed564820cb7a71a3b350  LibreCAD-2.2.0.1.dmg
-f1520db7a6ef13928780d42cb2dc6dd74c88f7f6c39a7774efc83b79d52abd5d  LibreCAD-Installer-2.2.0.1.exe
+e5f32dce953b856f357bb3ccaaffa30cad99459bbd0d474ab07b16065249c7fb  LibreCAD-2.2.0.2-x86_64.appimage
+552e2ac63fca297c617511c3983be7477bc050e8f774841abb7db5ce81ce935b  LibreCAD-2.2.0.2.dmg
+996014cc38e0e98d274fbbb89e4f6ff92455e487e3a06ba46a38feb7c575a9d2  LibreCAD-Installer-2.2.0.2.exe
 ```
 </releaseNotes>
     <dependencies>

diff --git a/automatic/librecad/tools/chocolateyInstall.ps1 b/automatic/librecad/tools/chocolateyInstall.ps1
@@ -5,7 +5,7 @@ $toolsPath = Split-Path -parent $MyInvocation.MyCommand.Definition
 $packageArgs = @{
   packageName    = $env:ChocolateyPackageName
   fileType       = 'exe'
-  file           = "$toolsPath\LibreCAD-Installer-2.2.0.1.exe"
+  file           = "$toolsPath\LibreCAD-Installer-2.2.0.2.exe"
   softwareName   = 'LibreCAD'
   silentArgs     = '/S'
   validExitCodes = @(0)