[wix-users] Workaround GDI+ security vulnerability

Stewart Lynch stewartlynch8 at gmail.com
Thu Jun 2 12:44:31 PDT 2016


Thanks for the info. I'm afraid I don't understand about the package cache
or ARP entry. I really wouldn't know how to go about writing a cleaner app.

I will suggest using msizap. What is the easiest way of finding the product
code? I'm not sure exactly which version that he installed, I assume it will
be somewhere in the log? And is it the product code of the msi installer or
the bundle? I guess I need to remove both.



-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of
Hoover, Jacob
Sent: 02 June 2016 19:49
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
Subject: Re: [wix-users] Workaround GDI+ security vulnerability

https://sourceforge.net/p/wix/mailman/message/32814552/

Probably the safest bet is to write a cleaner app, that would use msiexec to
remove the MSI packages your bundle installed, and then some manual code to
purge the package cache and delete the ARP entry.

If we had a means of setting Bundle at Id in the WXS, then you could in theory
re-cache the bundle.  Unfortunately that functionality doesn't exist today
(probably due to fear of people using it for all but this specific use
case).

If your building WiX from source, you could in theory hard code the faulty
bundle ID and rebuild the bundle with a fixed BA, that you would then need
to have the customer manually re-cache it to allow for an uninstall.

-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of
Stewart Lynch
Sent: Thursday, June 02, 2016 12:40 PM
To: 'WiX Toolset Users Mailing List' <wix-users at lists.wixtoolset.org>
Subject: Re: [wix-users] Workaround GDI+ security vulnerability

Hi,

Unfortunately one of my customers has got into a complete mess, he now can't
upgrade or uninstall my software which was built with v3.10.3.2917.

After trying to upgrade and hitting the error that I described below, the
install seems partially installed. There are now two installs in the Windows
install list. The old one, and the new one. Clicking on the new one to
uninstall it actually tries to install it again because it doesn't think
it's installed. Trying to uninstall the old version, in his words "...second
one starts to uninstall, spawns 6 more processes, and then nothing happens,
no CPU usage like during install. When I cancel, the processes remain
there."

I've asked him to supply the log files, but is there anything we can do just
to completely remove these installs by hand and start afresh?

Any help would be greatly appreciated because I really don't want to lose
this customer.

Many thanks,

Stewart.


-----Original Message-----
From: Stewart Lynch [mailto:stewartlynch8 at gmail.com]
Sent: 26 May 2016 21:05
To: 'WiX Toolset Users Mailing List' <wix-users at lists.wixtoolset.org>
Subject: RE: [wix-users] Workaround GDI+ security vulnerability

Thank you. I have submitted my bug with all of the information and attached
files. Let me know if there's anything else that you need.

https://github.com/wixtoolset/issues/issues/5308

Many thanks,

Stewart.

-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of
Sean Hall
Sent: 26 May 2016 20:11
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
Subject: Re: [wix-users] Workaround GDI+ security vulnerability

Please file a bug at https://github.com/wixtoolset/issues/issues and attach
the logs there (this list doesn't support attachments).  Make sure to
include steps that we can take to reproduce the issue.

On Thu, May 26, 2016 at 1:10 PM, Stewart Lynch <stewartlynch8 at gmail.com>
wrote:

> Scratch that. It's still not working with the latest version. I really 
> don't know what to do now.
>
>
> -----Original Message-----
> From: Stewart Lynch [mailto:stewartlynch8 at gmail.com]
> Sent: 26 May 2016 18:40
> To: 'WiX Toolset Users Mailing List' <wix-users at lists.wixtoolset.org>
> Subject: RE: [wix-users] Workaround GDI+ security vulnerability
>
> This appears to be fixed in v3.10.3.2924. If both the old and new 
> installers have been built with that version of Wix updating works. It 
> would be good to have a conformation that this has actually been 
> fixed.
>
> This doesn't help my clients that have installed the version built 
> with v3.10.3.2917, I'll have to tell them to uninstall manually.
>
>
>
> -----Original Message-----
> From: Stewart Lynch [mailto:stewartlynch8 at gmail.com]
> Sent: 26 May 2016 18:18
> To: 'WiX Toolset Users Mailing List' <wix-users at lists.wixtoolset.org>
> Subject: RE: [wix-users] Workaround GDI+ security vulnerability
>
> I can confirm that it's the old installer that is throwing this error. 
> When it tries to uninstall the old version the burn exe crashes on 
> startup, just as it did in the original problem. It seems that this 
> problem wasn't fixed in all cases
> (https://github.com/wixtoolset/wix3/pull/351)
>
> If anyone would find a repro useful I can share my two installer exes. 
> I only seems to happen on Win7 (I have a clean Win7 install on a VM).
>
> Stewart.
>
>
> -----Original Message-----
> From: Stewart Lynch [mailto:stewartlynch8 at gmail.com]
> Sent: 26 May 2016 17:25
> To: 'WiX Toolset Users Mailing List' <wix-users at lists.wixtoolset.org>
> Subject: RE: [wix-users] Workaround GDI+ security vulnerability
>
> Yes, that's the full log. After my custom burn app threw the exception 
> I cancelled it, which closed everything down. I've attached the two 
> log files that I see in my temp folder. I don't see any errors in my 
> Application event log.
>
> I guess it could be something that I'm doing in my custom app that is 
> causing this, I'll see if I can debug into it and see exactly where 
> its failing. I have a suspicion that it may be because I have a custom 
> action where I run another exe. It's just a bit suspicious that its 
> exactly the same exception as a known bug that was fixed recently.
>
> I just had another thought, could it be that its failing uninstalling 
> the old version, it works if I uninstall manually. I see that my two 
> log files have different burn version numbers. I updated to the very 
> latest version when I built the new installer.
>
>
> -----Original Message-----
> From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On 
> Behalf Of Sean Hall
> Sent: 26 May 2016 15:38
> To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
> Subject: Re: [wix-users] Workaround GDI+ security vulnerability
>
> Is that the complete Burn log?  That looks like the bundle crashed, is 
> there an error in the Application event log?
>
> There were a couple of bugs in 3.10.3.2917, can you try 3.10.3.2924?
> http://wixtoolset.org/releases/v3-10-3-2924/
>
> On Thu, May 26, 2016 at 7:28 AM, Stewart Lynch 
> <stewartlynch8 at gmail.com>
> wrote:
>
> > Hi,
> >
> >
> >
> > I've been having a problem with my custom burn exe throwing an 
> > exception when it tried to access .NET assemblies. This is the
exception:
> >
> > Font '?' cannot be found
> >
> > I think it failed to load the .NET system.drawing.dll while trying 
> > to create a font.
> >
> >
> >
> > The exe was throwing the exception as soon as it started. I 
> > eventually found that this was fixed in this change:
> >
> > https://github.com/wixtoolset/wix3/pull/351
> >
> > After updating to v3.10.3.2917 the exe would run and the 
> > installation completed.
> >
> >
> >
> > However, when I next changed the version number and try and to 
> > install an update I get the same exception after the msi has 
> > finished installing. The Burn log file is below. Looking at the msi 
> > log file it shows that it completed successfully, it was the burn 
> > exe that threw the exception after the mdi completed. I'm installing 
> > on
Win7.
> >
> >
> >
> > Is this a known problem?
> >
> >
> >
> > Many thanks,
> >
> >
> >
> > Stewart.
> >
> >
> >
> > ------------------------------
> >
> > Burn log file:
> >
> >
> >
> > [0FA0:0FA4][2016-05-26T13:02:25]i001: Burn v3.10.3.2917, Windows
> > v6.1 (Build
> > 7601: Service Pack 1), path:
> >
> > C:\Users\STEWAR~1\AppData\Local\Temp\{18067DD0-80C1-4DF9-A27C-935986
> > BF
> > 5FB3}\
> > .cr\FramePro_x64_setup (1).exe
> >
> > [0FA0:0FA4][2016-05-26T13:02:25]i000: Initializing string variable 
> > 'InstallFolder' to value
'[ProgramFiles64Folder]PureDevSoftware\FramePro'
> >
> > [0FA0:0FA4][2016-05-26T13:02:25]i000: Initializing string variable 
> > 'CodeInstallFolder' to value 
> > '[ProgramFiles64Folder]PureDevSoftware\FramePro'
> >
> > [0FA0:0FA4][2016-05-26T13:02:25]i009: Command Line:
> > '"-burn.clean.room=C:\Users\Stewart Win7 
> > Clean\Downloads\FramePro_x64_setup
> > (1).exe"'
> >
> > [0FA0:0FA4][2016-05-26T13:02:25]i000: Setting string variable 
> > 'WixBundleOriginalSource' to value 'C:\Users\Stewart Win7 
> > Clean\Downloads\FramePro_x64_setup (1).exe'
> >
> > [0FA0:0FA4][2016-05-26T13:02:25]i000: Setting string variable 
> > 'WixBundleOriginalSourceFolder' to value 'C:\Users\Stewart Win7 
> > Clean\Downloads\'
> >
> > [0FA0:0FA4][2016-05-26T13:02:25]i000: Setting string variable 
> > 'WixBundleLog'
> > to value
> 'C:\Users\STEWAR~1\AppData\Local\Temp\FramePro_20160526130225.log'
> >
> > [0FA0:0FA4][2016-05-26T13:02:25]i000: Setting string variable 
> > 'WixBundleName' to value 'FramePro'
> >
> > [0FA0:0FA4][2016-05-26T13:02:25]i000: Setting string variable 
> > 'WixBundleManufacturer' to value 'PureDev Software'
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i000: Loading managed bootstrapper 
> > application.
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i000: Creating BA thread to run 
> > asynchronously.
> >
> > [0FA0:0CA4][2016-05-26T13:02:26]i000: Launching SCLInstaller
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i100: Detect begin, 3 packages
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i052: Condition
'InstallFolderTestSearch'
> > evaluates to false.
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i000: Setting string variable 
> > 'Netfx4x64FullVersion' to value '4.6.01055'
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i000: Setting numeric variable 
> > 'InstallFolderTestSearch' to value 1
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i000: Setting string variable 
> > 'VCRedistInstalled' to value '1'
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i000: Setting string variable 
> > 'Netfx4FullVersion' to value '4.6.01055'
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i000: Setting numeric variable 
> > 'CodeInstallFolderTestSearch' to value 1
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i052: Condition 
> > 'CodeInstallFolderTestSearch' evaluates to true.
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i000: Setting string variable 
> > 'CodeInstallFolder' to value 'C:\Program
Files\PureDevSoftware\FramePro\'
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i102: Detected related bundle:
> > {c5a08f6f-1434-4d51-b2b3-d0c259eab4b3}, type: Upgrade, scope:
> > PerMachine,
> > version: 1.2.2.0, operation: MajorUpgrade
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i052: Condition 'VCRedistInstalled'
> > evaluates to true.
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i052: Condition 'Netfx4FullVersion 
> > AND (NOT
> > VersionNT64 OR Netfx4x64FullVersion)' evaluates to true.
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i103: Detected related package:
> > {E0101584-EB2E-467D-8F8F-85B72DEE77CE}, scope: PerMachine, version:
> > 1.2.2.0,
> > language: 0 operation: MajorUpgrade
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i101: Detected package: 
> > VS2015Runtime,
> > state: Present, cached: None
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i101: Detected package: Netfx4Full,
> state:
> > Present, cached: None
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i101: Detected package: FramePro, state:
> > Absent, cached: None
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i199: Detect complete, result: 0x0
> >
> > [0FA0:0CA4][2016-05-26T13:02:29]i000: Setting string variable 
> > 'InstallFolder' to value 'C:\Program Files\PureDevSoftware\FramePro'
> >
> > [0FA0:0CA4][2016-05-26T13:02:29]i000: Setting string variable 
> > 'CodeInstallFolder' to value 'C:\Program
Files\PureDevSoftware\FramePro\'
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i200: Plan begin, 3 packages, action:
> > Install
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]w321: Skipping dependency 
> > registration on package with no dependency providers: VS2015Runtime
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]w321: Skipping dependency 
> > registration on package with no dependency providers: Netfx4Full
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i000: Setting string variable 
> > 'WixBundleRollbackLog_FramePro' to value
> >
> > 'C:\Users\STEWAR~1\AppData\Local\Temp\FramePro_20160526130225_000_Fr
> > am
> > ePro_r
> > ollback.log'
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i000: Setting string variable 
> > 'WixBundleLog_FramePro' to value
> >
> > 'C:\Users\STEWAR~1\AppData\Local\Temp\FramePro_20160526130225_000_Fr
> > am
> > ePro.l
> > og'
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i201: Planned package: 
> > VS2015Runtime,
> > state:
> > Present, default requested: Present, ba requested: Present, execute:
> > None,
> > rollback: None, cache: No, uncache: No, dependency: None
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i201: Planned package: Netfx4Full,
state:
> > Present, default requested: Present, ba requested: Present, execute:
> > None,
> > rollback: None, cache: No, uncache: No, dependency: None
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i201: Planned package: FramePro, state:
> > Absent, default requested: Present, ba requested: Present, execute:
> > Install,
> > rollback: Uninstall, cache: Yes, uncache: No, dependency: Register
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i207: Planned related bundle:
> > {c5a08f6f-1434-4d51-b2b3-d0c259eab4b3}, type: Upgrade, default
requested:
> > Absent, ba requested: Absent, execute: Uninstall, rollback: Install,
> > dependency: None
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i299: Plan complete, result: 0x0
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i300: Apply begin
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i010: Launching elevated engine process.
> >
> > [0FA0:0FA4][2016-05-26T13:02:32]i011: Launched elevated engine process.
> >
> > [0FA0:0FA4][2016-05-26T13:02:32]i012: Connected to elevated engine.
> >
> > [0C0C:0C10][2016-05-26T13:02:32]i358: Pausing automatic updates.
> >
> > [0C0C:0C10][2016-05-26T13:02:34]i359: Paused automatic updates.
> >
> > [0C0C:0C10][2016-05-26T13:02:34]i360: Creating a system restore point.
> >
> > [0C0C:0C10][2016-05-26T13:02:40]i361: Created a system restore point.
> >
> > [0C0C:0C10][2016-05-26T13:02:40]i370: Session begin, registration key:
> >
> > SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{02a49190-b153-4
> > 65 1-b5bb -2539855b0e5c}, options: 0x7, disable resume: No
> >
> > [0C0C:0C10][2016-05-26T13:02:40]i000: Caching bundle from:
> >
> > 'C:\Users\STEWAR~1\AppData\Local\Temp\{74E73143-1A17-445B-8A5C-8C89F
> > 74 AD707} \.be\FramePro_x64_setup.exe' to: 'C:\ProgramData\Package 
> > Cache\{02a49190-b153-4651-b5bb-2539855b0e5c}\FramePro_x64_setup.exe'
> >
> > [0C0C:0C10][2016-05-26T13:02:40]i320: Registering bundle dependency
> > provider: {02a49190-b153-4651-b5bb-2539855b0e5c}, version: 1.2.3.0
> >
> > [0C0C:0C10][2016-05-26T13:02:40]i371: Updating session, registration
key:
> >
> > SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{02a49190-b153-4
> > 65 1-b5bb -2539855b0e5c}, resume: Active, restart initiated: No, 
> > disable
> > resume: No
> >
> > [0FA0:0EE0][2016-05-26T13:02:40]i336: Acquiring container:
> > WixAttachedContainer, copy from: C:\Users\Stewart Win7 
> > Clean\Downloads\FramePro_x64_setup (1).exe
> >
> > [0FA0:0EE0][2016-05-26T13:02:40]i000: Setting string variable 
> > 'WixBundleLastUsedSource' to value 'C:\Users\Stewart Win7
> Clean\Downloads\'
> >
> > [0C0C:040C][2016-05-26T13:02:40]i305: Verified acquired payload:
> > FramePro at
> > path: C:\ProgramData\Package Cache\.unverified\FramePro, moving to:
> > C:\ProgramData\Package
> >
> > Cache\{DB44BBC8-BA64-41A9-BD90-F76DA22AB5E2}v1.2.3.0\FrameProInstall
> > er
> > 64.msi
> > .
> >
> > [0C0C:0C10][2016-05-26T13:02:40]i323: Registering package dependency
> > provider: {DB44BBC8-BA64-41A9-BD90-F76DA22AB5E2}, version: 1.2.3.0,
> > package:
> > FramePro
> >
> > [0C0C:0C10][2016-05-26T13:02:40]i301: Applying execute package:
> > FramePro,
> > action: Install, path: C:\ProgramData\Package
> >
> > Cache\{DB44BBC8-BA64-41A9-BD90-F76DA22AB5E2}v1.2.3.0\FrameProInstall
> > er 64.msi , arguments: ' ARPSYSTEMCOMPONENT="1" MSIFASTINSTALL="7"
> > INSTALLLOCATION="C:\Program Files\PureDevSoftware\FramePro"
> > CODEINSTALLLOCATION="C:\Program Files\PureDevSoftware\FramePro\"'
> >
> > [0FA0:0FA4][2016-05-26T13:02:51]i319: Applied execute package:
> > FramePro,
> > result: 0x0, restart: None
> >
> > [0C0C:0C10][2016-05-26T13:02:51]i325: Registering dependency:
> > {02a49190-b153-4651-b5bb-2539855b0e5c} on package provider:
> > {DB44BBC8-BA64-41A9-BD90-F76DA22AB5E2}, package: FramePro
> >
> > [0C0C:0C10][2016-05-26T13:02:51]i301: Applying execute package:
> > {c5a08f6f-1434-4d51-b2b3-d0c259eab4b3}, action: Uninstall, path:
> > C:\ProgramData\Package
> > Cache\{c5a08f6f-1434-4d51-b2b3-d0c259eab4b3}\FramePro_x64_setup.exe,
> > arguments: '-burn.filehandle.self=536 "C:\ProgramData\Package 
> > Cache\{c5a08f6f-1434-4d51-b2b3-d0c259eab4b3}\FramePro_x64_setup.exe"
> > -uninstall -quiet -burn.related.upgrade 
> > -burn.ancestors={02a49190-b153-4651-b5bb-2539855b0e5c}'
> >
> >
> > ____________________________________________________________________
> > WiX Toolset Users Mailing List provided by FireGiant 
> > http://www.firegiant.com/
> >
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant 
> http://www.firegiant.com/
>
>
>
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant 
> http://www.firegiant.com/
>

____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant
http://www.firegiant.com/



____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant
http://www.firegiant.com/

____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant
http://www.firegiant.com/



More information about the wix-users mailing list