Cherry pick for 1.9 #4893
Merged
Cherry pick for 1.9 #4893
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
## Change Implements two independent but related changes: 1. Makes adding/updating an overlapping ARP range a hard error 2. Adds `AddOrUpdate` functionality to the index so that callers don't need to know if the manifest is already present ## Validation Added/updated unit tests for ARP overlap. Added unit and interop test for AddOrUpdate.
Update dependency System.IO.Packaging due to CVE-2024-43484, CVE-2024-43483 ###### Microsoft Reviewers: [Open in CodeFlow](https://microsoft.github.io/open-pr/?codeflow=https://github.com/microsoft/winget-cli/pull/4881)
###### Microsoft Reviewers: [Open in CodeFlow](https://microsoft.github.io/open-pr/?codeflow=https://github.com/microsoft/winget-cli/pull/4726)
## Change When extracting a sequence, consume all (up to 1KB really) input even if it doesn't start with an escape character. This was spurred by an issue where the `peek` call was not returning (waiting for input). Pressing Enter broke it out of that wait, but other input was now at the front and blocked future attempts to extract the sequence. The best solution to this would be to move all input handling to its own dedicated thread, but that is a much larger change.
## Issue The requestor of this new (1.10) API needs to know whether the operation was an add or an update. At the same time, the "was the index modified" return value from Update has always been true for any changes since the manifest hash was added. ## Change Return `true` when adding and `false` when updating.
…ce Type (#4891) Fix for Source Argument Validation in SourceWorkflow for Default Source Type [Issues:] The current validation in the source flow correctly detects duplicate source names. However, when the source argument is validated along with the source type, it allows different source names with the same arguments for the empty source type. This happens because, during source type comparison, if the source type is not provided, it defaults to an empty string, which is compared against the default type (Microsoft.PreIndexed). This allows multiple different source names with the same argument to be considered valid sources. For an empty source type, the default source type is assigned during the source add operation, not beforehand. Consequently, after the source add operation is finished, the source will have some source arguments, but only the name will differ. [Fix:] For an empty source type, we should compare against the default source to prevent different source names with the same arguments for the default types. During validation, we obtain the default type to replace the empty source type and use it for comparison to validate argument duplication. - Extended source tests to validate the duplicate source argument scenario for the default source type. - Fixed additional failing source origin tests with appropriate fixes. [How Validated:] - Compiled the latest modifications and deployed the AppInstallerCLIPackage. - Executed CLI SourceTests to ensure all tests pass without issues. **[Manual validation:]** **Before fix:**  **After fix:**  <!-- To check a checkbox place an "x" between the brackets. e.g: [x] --> - [x] I have signed the [Contributor License Agreement](https://cla.opensource.microsoft.com/microsoft/winget-pkgs). - [ ] This pull request is related to an issue. ----- ###### Microsoft Reviewers: [Open in CodeFlow](https://microsoft.github.io/open-pr/?codeflow=https://github.com/microsoft/winget-cli/pull/4891)
yao-msft
approved these changes
Oct 21, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Microsoft Reviewers: Open in CodeFlow