Updates to remediate CVE-2024-0056 and CVE-2023-36414 (#7)

* Updates to remediate CVE-2024-0056 and CVE-2023-36414

* version fixes

* new binaries required

---------

Co-authored-by: Gary Hampson <[email protected]>
Co-authored-by: Chrissy LeMaire <[email protected]>

Author: 3 people

build/build-core.ps1

@@ -104,21 +104,21 @@ $parms = @{
 }
 
 $parms.Name = "Microsoft.Data.SqlClient"
-$parms.RequiredVersion = "5.1.1"
+$parms.RequiredVersion = "5.1.4"
 $null = Install-Package @parms
 
 $parms.Name = "Microsoft.Data.SqlClient.SNI.runtime"
-$parms.RequiredVersion = "5.1.0"
+$parms.RequiredVersion = "5.2.0"
 $null = Install-Package @parms
 
 $parms.Name = "Microsoft.Identity.Client"
 $parms.RequiredVersion = "4.53.0"
 $null = Install-Package @parms
 
-Copy-Item "$tempdir/nuget/Microsoft.Data.SqlClient.5.1.1/runtimes/unix/lib/net6.0/Microsoft.Data.SqlClient.dll" -Destination lib
-Copy-Item "$tempdir/nuget/Microsoft.Data.SqlClient.5.1.1/runtimes/win/lib/net6.0/Microsoft.Data.SqlClient.dll" -Destination lib/win-sqlclient/
+Copy-Item "$tempdir/nuget/Microsoft.Data.SqlClient.5.1.4/runtimes/unix/lib/net6.0/Microsoft.Data.SqlClient.dll" -Destination lib
+Copy-Item "$tempdir/nuget/Microsoft.Data.SqlClient.5.1.4/runtimes/win/lib/net6.0/Microsoft.Data.SqlClient.dll" -Destination lib/win-sqlclient/
 Copy-Item "$tempdir/nuget/Microsoft.Identity.Client.4.53.0/lib/net6.0/Microsoft.Identity.Client.dll" -Destination lib/win-sqlclient/ #Maybe this will be a problem, i dont know
-Copy-Item "$tempdir/nuget/Microsoft.Data.SqlClient.SNI.runtime.5.1.0/runtimes/win-x64/native/Microsoft.Data.SqlClient.SNI.dll" -Destination lib/win-sqlclient/
+Copy-Item "$tempdir/nuget/Microsoft.Data.SqlClient.SNI.runtime.5.2.0/runtimes/win-x64/native/Microsoft.Data.SqlClient.SNI.dll" -Destination lib/win-sqlclient/
 
 Copy-Item ./temp/linux/* -Destination lib -Exclude (Get-ChildItem lib -Recurse) -Recurse -Include *.exe, *.config -Verbose
 
@@ -161,6 +161,6 @@ if ($xmlpdb) {
         Remove-Item c:\gallery\dbatools.library\core\dbatools.library.psd1 -ErrorAction Ignore
         #Copy-Item C:\github\dbatools.library\dbatools.core.library.psd1 C:\github\dbatools.core.library
 
-        Get-ChildItem -Recurse -Path C:\gallery\dbatools.library\*.ps*, C:\gallery\dbatools.library\*\dbatools.dll | Set-AuthenticodeSignature -Certificate (Get-ChildItem -Path Cert:\CurrentUser\My\fd0dde81152c4d4868afd88d727e78a9b6881cf4) -TimestampServer http://timestamp.digicert.com -HashAlgorithm SHA256
+        Get-ChildItem -Recurse -Path C:\gallery\dbatools.library\*.ps*, C:\gallery\dbatools.library\*\dbatools.dll | Set-AuthenticodeSignature -Certificate (Get-ChildItem -Path Cert:\CurrentUser\My\1c735258e8b34ce113ad86a501235c1f2e263106) -TimestampServer http://timestamp.digicert.com -HashAlgorithm SHA256
     }
 #>

build/build-full.ps1

@@ -79,19 +79,19 @@ $parms = @{
 }
 
 $parms.Name = "Microsoft.Data.SqlClient"
-$parms.RequiredVersion = "5.1.1"
+$parms.RequiredVersion = "5.1.4"
 $null = Install-Package @parms
 
 $parms.Name = "Microsoft.Data.SqlClient.SNI.runtime"
-$parms.RequiredVersion = "5.1.0"
+$parms.RequiredVersion = "5.2.0"
 $null = Install-Package @parms
 
 $parms.Name = "Microsoft.Identity.Client"
 $parms.RequiredVersion = "4.53.0"
 $null = Install-Package @parms
 
 Copy-Item "$tempdir\nuget\Microsoft.Identity.Client.4.53.0\lib\net461\Microsoft.Identity.Client.dll" -Destination lib/
-Copy-Item "$tempdir\nuget\Microsoft.Data.SqlClient.SNI.runtime.5.1.0\runtimes\win-x64\native\Microsoft.Data.SqlClient.SNI.dll" -Destination lib/
+Copy-Item "$tempdir\nuget\Microsoft.Data.SqlClient.SNI.runtime.5.2.0\runtimes\win-x64\native\Microsoft.Data.SqlClient.SNI.dll" -Destination lib/
 
 
 Copy-Item "./var/misc/core/*.dll" -Destination ./lib/
@@ -106,17 +106,27 @@ Get-ChildItem -Directory -Path .\lib\ | Where-Object Name -notin 'x64', 'x86' |
 if ((Get-ChildItem -Path C:\gallery\dbatools.library -ErrorAction Ignore)) {
     $null = Remove-Item C:\gallery\dbatools.library -Recurse
     $null = mkdir C:\gallery\dbatools.library
+    $null = mkdir C:\gallery\dbatools.library\desktop
+    $null = mkdir C:\gallery\dbatools.library\desktop\lib
+    #$null = mkdir C:\gallery\dbatools.library\desktop\x86
+    #$null = mkdir C:\gallery\dbatools.library\desktop\x64
     $null = robocopy c:\github\dbatools.library C:\gallery\dbatools.library /S /XF actions-build.ps1 .markdownlint.json *.psproj* *.git* *.yml *.md dac.ps1 build*.ps1 dbatools-core*.* /XD .git .github Tests .vscode project temp runtime runtimes replication var opt | Out-String | Out-Null
 
     Remove-Item c:\gallery\dbatools.library\dac.ps1 -ErrorAction Ignore
     Remove-Item c:\gallery\dbatools.library\dbatools.core.library.psd1 -ErrorAction Ignore
     Copy-Item C:\github\dbatools.library\dbatools.library.psd1 C:\gallery\dbatools.library
+    Move-Item C:\github\dbatools.library\lib\x86 C:\gallery\dbatools.library\desktop\lib
+    Move-Item C:\github\dbatools.library\lib\x64 C:\gallery\dbatools.library\desktop\lib
+    Move-Item C:\github\dbatools.library\lib\* C:\gallery\dbatools.library\desktop\*
+    Remove-Item C:\gallery\dbatools.library\lib -Recurse
 
-    $null = Get-ChildItem -Recurse -Path C:\gallery\dbatools.library\*.ps*, C:\gallery\dbatools.library\dbatools.dll | Set-AuthenticodeSignature -Certificate (Get-ChildItem -Path Cert:\CurrentUser\My\fd0dde81152c4d4868afd88d727e78a9b6881cf4) -TimestampServer http://timestamp.digicert.com -HashAlgorithm SHA256
+
+    #$null = Get-ChildItem -Recurse -Path C:\gallery\dbatools.library\*.ps*, C:\gallery\dbatools.library\dbatools.dll | Set-AuthenticodeSignature -Certificate (Get-ChildItem -Path Cert:\CurrentUser\My\1c735258e8b34ce113ad86a501235c1f2e263106) -TimestampServer http://timestamp.digicert.com -HashAlgorithm SHA256
 }
 
 Import-Module C:\gallery\dbatools.library\dbatools.library.psd1 -Force
 Pop-Location
+# gotta copy the integration dlls
 <#
 already there
 -rwxrwxrwx ctrlb            ctrlb              10/08/2022 03:08       12132752 Microsoft.Data.Tools.Schema.Sql.dll

build/build-local.ps1

@@ -99,31 +99,31 @@ $parms.RequiredVersion = "170.7.0-preview"
 #Install-Package @parms
 
 $parms.Name = "Microsoft.Data.SqlClient"
-$parms.RequiredVersion = "5.0.1"
+$parms.RequiredVersion = "5.1.4"
 #Install-Package @parms
 
 $parms.Name = "Microsoft.Data.SqlClient.SNI.runtime"
-$parms.RequiredVersion = "5.0.1"
+$parms.RequiredVersion = "5.2.0"
 #Install-Package @parms
 
 $parms.Name = "Microsoft.Identity.Client"
-$parms.RequiredVersion = "4.45.0"
+$parms.RequiredVersion = "4.53.0"
 #Install-Package @parms
 
 $parms.Name = "Microsoft.SqlServer.Server"
 $parms.RequiredVersion = "1.0.0"
 #Install-Package @parms
 
 $parms.Name = "Azure.Identity"
-$parms.RequiredVersion = "1.6.0"
+$parms.RequiredVersion = "1.10.3"
 #Install-Package @parms
 
-Copy-Item "C:\temp\nuget\Microsoft.Data.SqlClient.5.0.1\runtimes\unix\lib\netcoreapp3.1\Microsoft.Data.SqlClient.dll" -Destination lib/net6.0/publish
-Copy-Item "C:\temp\nuget\Microsoft.Identity.Client.4.45.0\lib\net461\Microsoft.Identity.Client.dll" -Destination lib/net462/publish/
-Copy-Item "C:\temp\nuget\Microsoft.Data.SqlClient.5.0.1\runtimes\win\lib\netcoreapp3.1\Microsoft.Data.SqlClient.dll" -Destination lib/net6.0/publish/win-sqlclient
-Copy-Item "C:\temp\nuget\Microsoft.Identity.Client.4.45.0\lib\netcoreapp2.1\Microsoft.Identity.Client.dll" -Destination lib/net6.0/publish/win-sqlclient
-Copy-Item "C:\temp\nuget\Microsoft.Data.SqlClient.SNI.runtime.5.0.1\runtimes\win-x64\native\Microsoft.Data.SqlClient.SNI.dll" -Destination lib/net6.0/publish/win-sqlclient
-Copy-Item "C:\temp\nuget\Microsoft.Data.SqlClient.SNI.runtime.5.0.1\runtimes\win-x64\native\Microsoft.Data.SqlClient.SNI.dll" -Destination lib/net462/publish/
+Copy-Item "C:\temp\nuget\Microsoft.Data.SqlClient.5.1.4\runtimes\unix\lib\netcoreapp3.1\Microsoft.Data.SqlClient.dll" -Destination lib/net6.0/publish
+Copy-Item "C:\temp\nuget\Microsoft.Identity.Client.4.53.0\lib\net461\Microsoft.Identity.Client.dll" -Destination lib/net462/publish/
+Copy-Item "C:\temp\nuget\Microsoft.Data.SqlClient.5.1.4\runtimes\win\lib\netcoreapp3.1\Microsoft.Data.SqlClient.dll" -Destination lib/net6.0/publish/win-sqlclient
+Copy-Item "C:\temp\nuget\Microsoft.Identity.Client.4.53.0\lib\netcoreapp2.1\Microsoft.Identity.Client.dll" -Destination lib/net6.0/publish/win-sqlclient
+Copy-Item "C:\temp\nuget\Microsoft.Data.SqlClient.SNI.runtime.5.2.0\runtimes\win-x64\native\Microsoft.Data.SqlClient.SNI.dll" -Destination lib/net6.0/publish/win-sqlclient
+Copy-Item "C:\temp\nuget\Microsoft.Data.SqlClient.SNI.runtime.5.2.0\runtimes\win-x64\native\Microsoft.Data.SqlClient.SNI.dll" -Destination lib/net462/publish/
 
 Copy-Item "replication/*.dll" -Destination lib/net462/publish/
 Copy-Item "replication/*.dll" -Destination lib/net6.0/publish/