pkg/cmd/pr/list/http.go #8
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Version 1.3.36.21 signed on 09/21/2020.
This CL has the following changes: * refactors the proxy detection policies to go through the Config Manager, thereby unifying all policies under the ConfigManager class. * exposes the proxy detection policies via the IPolicyStatus2 COM interface, thereby allowing chrome://policy/ to display these policies.
Toolchain and libraries update
Limit the path where LoadLibray should be looking for dlls to %windir%\System32 only.
…client fork. Functional changes are needed in certificate_tag and the forked copy in googleclient is stale. This brings the forked copy up to date, so future functional changes will be cleaner.
… tagger. Also mention support for unittests.
…epot. Modified this copy of certificate_tag_test to remove google3 dependencies. Changes: - Specify an explicit size for integer types used for sectors and offsets in Omaha certificate_tag. - Improve MSI file sanity checking in Omaha client cert tagger. - Fix ignored error in the Omaha client cert tagger, on the common code path for both exe and msi tagging. - Extend the certificate tagger for MSI format. - Go cert tagger: Fix bug in hex-format cert tags.
This change adds a jitter that can be up to 1 minute, which will help the issue, which, together with random boots of client machines may alleviate the issue. 1 minute is a compromise because we do not want to wait too long in UpdateApps. Policy fetch does not currently need the jitter. Registration is more heavy-weight at the moment.
This CL attempts to fix the Win7 runtime issues on OS versions which don't have the KB and thus lack support for LOAD_LIBRARY_SEARCH_SYSTEM32. The flag LOAD_WITH_ALTERED_SEARCH_PATH is used to load DLLs on non-compliant platforms (up to Win7 w/o the KB), a change inspired by similar code in Chrome.
Make the internal and open source builds use the same servers. Verisign servers are exhibiting some outage at the moment.
Before this change, the title bar text was static. This change allows for the progress to be seen in the top level title bar, which helps screen readers among other things. Because of issues with grit and python, I decided to reuse an existing string translation, IDS_APPLICATION_NAME_CONCATENATION. Not ideal, in the sense that it uses a comma for separation instead of a dash, but good enough.
The DMPolicyManager needs to enforce that it only returns values when the DM server has provided the corresponding property values, and return an error otherwise. The implementation was not consistent about this, and this CL fixes that.
* The Helper MSI/MSP are not being used, but are being shipped as a part of the build. * Also, crashing while installing the MSI is the 2nd largest bucket in Omaha. * The MSP elevator is also potentially a security vector. * And a maintenance issue. In light of all these reasons, this CL removes the MSI/MSP.
…ches. Crashing while calling ShellExecuteEx is the 2nd largest bucket in Omaha, hence the change to avoid using ShellExecute unless the process being launched is a foreground process. ShellExecute is needed for foreground processes, since it does a good job of moving the UX keyboard focus to the new process, but not for background processes.
Version 1.3.36.61 signed on 01/15/2021.
…ing. This is a fix for: #256.
… 381 The |process| parameter passed to StartGoogleUpdateWithArgs() can be NULL. This CL handles the NULL case now.
`FILE_GENERIC_READ` is a permission that is typically already in the ACL, so the test was failing. Changing to adding an ACE for `FILE_GENERIC_WRITE` instead.
Turns out that the permissions persist if the same filename is used, so the unit test fails on subsequent runs. Using a random filename instead fixes that.
Version 1.3.36.241 signed on 05/10/2023. This does not actually fix the unit test `GoogleUpdateRecoveryTest.VerifyFileSignature_SignedValid`, because `VerifyFileSignedWithinDays` fails. This is because the timestamp server countersignature is according to RFC3161, so there is no `szOID_RSA_counterSign` information in `CMSG_SIGNER_INFO`, instead there is `szOID_RFC3161_counterSign`.
This CL changes GoogleUpdate to use `%systemroot%\SystemTemp` for the crash reporting and as the temp folder for certain setup operations, instead of creating directories under %programfiles%\google, if the former directory is available on the system. `SystemTemp` is available on most recent versions of Windows 10 and 11. `SystemTemp` is secure and only accessible to admins and local system. In order to have continued support for older versions of Windows, this CL retains a fallback to the original behavior of using %programfiles%.
This CL changes the metainstaller to also use `%systemroot%\SystemTemp` for the secure temp folder for setup operations instead of creating directories under `%programfiles%\google`, if the former directory is available on the system. `SystemTemp` is available on most recent versions of Windows 10 and 11. `SystemTemp` is secure and only accessible to admins and local system. In order to have continued support for older versions of Windows, this CL retains a fallback to the original behavior of using `%programfiles%`. This CL has inlined several functions in `utils.h` and `file.h`, so that the metainstaller can call these functions, since the metainstaller does not link to `base.lib`.
This CL does a best-effort attempt to delete the company directory if it is empty. The company directory is `%LocalAppData%/Google` or `%ProgramFiles%/Google`.
This CL prevents elevation of privilege by reverting to the process token before starting processes. Otherwise, a lower privilege token could for instance symlink `C:\` to a different folder (per-user DosDevice) and allow an elevation of privilege attack.
This CL fixes this issue where if the `UpdatesSuppressedStartHour` + `UpdatesSuppressedStartMin` + `UpdatesSuppressedDurationMin` rolls over to the next day, then the updates would start being applied at the first update check after midnight, even if the duration is not up yet. So for instance, if the policy is to suppress updates `from 6 PM for 12 hours`, the updates would start getting downloaded and installed starting at `midnight`, even though the updater is supposed to `wait until 6 AM` the next day.
The `RegKey` class now deletes symlinks. Before, it would inadvertently follow links and delete the target.
https://www.geoffchappell.com/studies/windows/shell/shlwapi/api/reg/queryvalueex.htm ``` Although this function and the standard API function RegQueryValueEx have exactly the same prototype, the two do not behave identically. A call to the SHLWAPI function is essentially a call to the standard function but with post-processing, presumably with the idea of improving or even correcting the standard function. There are two general aims: to fix REG_SZ or REG_EXPAND_SZ data that is not properly null-terminated; to expand REG_EXPAND_SZ data and return it as REG_SZ data. ```
Updated the toolchain current version.
Updated breakpad last known good commit.
Updated gtest last known good commit.
Updated WTL version to WTL 10.0.10320 Release.
Alampathan
approved these changes
Jan 12, 2024
Alampathan
approved these changes
Jan 12, 2024
sorinj
force-pushed
the
main
branch
2 times, most recently
from
fceabff to
c97bc28
Compare
When GoogleUpdate runs Code Red, and a Code Red file is served by the server (or a malicious MitM), the GoogleUpdate code was under some circumstances doing a Move/Delete of a file that could be under a Medium integrity user's control with Local System privileges. This CL fixes this issue.
This CL adds a new command line parameter `/alwayslaunchcmd` that when coupled with `/silent` allows for the post-install launch command lines to be launched after the installation completes successfully.
This CL adds an icon, a manifest, and a version to the exe. #649
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
pkg/cmd/pr/list/http.go