[wix-users] WiX v3.10.2 Important Security Fix Release breaks Debugging?

Jürgen Schäpker Juergen.Schaepker at giepa.de
Mon Jan 25 02:13:07 PST 2016


WiX310_3.10.2.2516 breaks the ability to correctly debug my custom BA.

Visual Studio 2013, C# project. With WiX310_3.10.1.2213 it worked fine with "Start external Program" set to the BA_Setup.exe.

With the new WiX all I can do is start the Setup and then "Attach to Process" when it has already started.

Best regards,
Jürgen Schäpker

-----Ursprüngliche Nachricht-----
Von: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] Im Auftrag von Rob Mensching
Gesendet: Donnerstag, 21. Januar 2016 00:36
An: WiX Toolset Users Mailing List
Betreff: [wix-users] WiX v3.10.2 Important Security Fix Release


We just finished releasing WiX v3.10.2. If you are using Burn it is *highly* recommended that you upgrade to mitigate Windows issues recently reported. For more information see: https://www.firegiant.com/blog/2016/1/20/wix-v3.10.2-released/

It is important to note that there are two potential breaking changes in this security update. These breaking changes are necessary to mitigate the security issues. Copied the link above:

* A bundle cannot be named Setup.exe. When an executable is named Setup.exe, Windows loads additional DLLs in an insecure manner. To prevent such a guaranteed vulnerability, Light.exe now yields an error if the bundle output is named Setup.exe. As Setup.exe might be a common file name, this breaking change is especially annoying. Unfortunately, Windows loads the additional DLLs in a way that Burn code cannot mitigate.

* The process that loads the bootstrapper application is no longer the process the user started. Attempts to use ::GetModuleFileName to locate the source media (i.e., with loose files next to the bundle .exe) will fail. A workaround is to use the new WixBundleSourceProcessPath and WixBundleSourceProcessFolder variables to find the original process. In general, this shouldn't be a serious problem-bootstrapper applications can already carry all the files they need using Payload elements.

Again, if you are using Burn it is *highly* recommended that you upgrade to WiX v3.10.2 as soon as possible: https://wix.codeplex.com/releases/view/619491


  Rob Mensching
FireGiant  |  Dedicated support for the WiX toolset  |  http://www.firegiant.com/

WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/

More information about the wix-users mailing list