[wix-users] Workaround GDI+ security vulnerability
Hoover, Jacob
Jacob.Hoover at greenheck.com
Thu Jun 2 14:46:34 PDT 2016
MSIZap is evil... Don't use it. There is nothing wrong with your MSI's, just your bundle.
Manual steps would be to identify each MSI your tainted bundle installed. Use a tool like Orca/InstEdit/Etc to look at the property table for the ProductCode property.
Step 1) Run msiexec /x {Product Code} for each MSI to uninstall them. Then the only thing that should be let is the ARP entry, and your Package Cache.
Step 2) The ARP entry for the per machine bundle install should be located in HKLM\Software\[Wow6432Node]\Microsoft\Windows\CurrentVersion\Uninstall\{Bundle Id guid}. (Use Wow6432Node if it's a 64 bit OS.) Export the key to a reg file, then remove it. (That should remove it from add remove programs.)
Step 3) For a per machine install, this should be located in C:\ProgramData\Package Cache\{Product Code}version\. For each MSI your tainted bundle installed, there should be an associated folder, containing the MSI/cab files. Backup and remove the specific folders.
Step 4) There should be a C:\ProgramData\Package Cache\{Bundle Id guid}\ folder, for the bundle in question. Back it up and remove it.
Note: For anything you remove, you should recycle bin the file or create a backup of the registry before proceeding. Deleting the wrong thing could cause irreversible damage without backups.
-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of Stewart Lynch
Sent: Thursday, June 02, 2016 2:45 PM
To: 'WiX Toolset Users Mailing List' <wix-users at lists.wixtoolset.org>
Subject: Re: [wix-users] Workaround GDI+ security vulnerability
Thanks for the info. I'm afraid I don't understand about the package cache or ARP entry. I really wouldn't know how to go about writing a cleaner app.
I will suggest using msizap. What is the easiest way of finding the product code? I'm not sure exactly which version that he installed, I assume it will be somewhere in the log? And is it the product code of the msi installer or the bundle? I guess I need to remove both.
-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of Hoover, Jacob
Sent: 02 June 2016 19:49
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
Subject: Re: [wix-users] Workaround GDI+ security vulnerability
https://sourceforge.net/p/wix/mailman/message/32814552/
Probably the safest bet is to write a cleaner app, that would use msiexec to remove the MSI packages your bundle installed, and then some manual code to purge the package cache and delete the ARP entry.
If we had a means of setting Bundle at Id in the WXS, then you could in theory re-cache the bundle. Unfortunately that functionality doesn't exist today (probably due to fear of people using it for all but this specific use case).
If your building WiX from source, you could in theory hard code the faulty bundle ID and rebuild the bundle with a fixed BA, that you would then need to have the customer manually re-cache it to allow for an uninstall.
-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of Stewart Lynch
Sent: Thursday, June 02, 2016 12:40 PM
To: 'WiX Toolset Users Mailing List' <wix-users at lists.wixtoolset.org>
Subject: Re: [wix-users] Workaround GDI+ security vulnerability
Hi,
Unfortunately one of my customers has got into a complete mess, he now can't upgrade or uninstall my software which was built with v3.10.3.2917.
After trying to upgrade and hitting the error that I described below, the install seems partially installed. There are now two installs in the Windows install list. The old one, and the new one. Clicking on the new one to uninstall it actually tries to install it again because it doesn't think it's installed. Trying to uninstall the old version, in his words "...second one starts to uninstall, spawns 6 more processes, and then nothing happens, no CPU usage like during install. When I cancel, the processes remain there."
I've asked him to supply the log files, but is there anything we can do just to completely remove these installs by hand and start afresh?
Any help would be greatly appreciated because I really don't want to lose this customer.
Many thanks,
Stewart.
-----Original Message-----
From: Stewart Lynch [mailto:stewartlynch8 at gmail.com]
Sent: 26 May 2016 21:05
To: 'WiX Toolset Users Mailing List' <wix-users at lists.wixtoolset.org>
Subject: RE: [wix-users] Workaround GDI+ security vulnerability
Thank you. I have submitted my bug with all of the information and attached files. Let me know if there's anything else that you need.
https://github.com/wixtoolset/issues/issues/5308
Many thanks,
Stewart.
-----Original Message-----
From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf Of Sean Hall
Sent: 26 May 2016 20:11
To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
Subject: Re: [wix-users] Workaround GDI+ security vulnerability
Please file a bug at https://github.com/wixtoolset/issues/issues and attach the logs there (this list doesn't support attachments). Make sure to include steps that we can take to reproduce the issue.
On Thu, May 26, 2016 at 1:10 PM, Stewart Lynch <stewartlynch8 at gmail.com>
wrote:
> Scratch that. It's still not working with the latest version. I really
> don't know what to do now.
>
>
> -----Original Message-----
> From: Stewart Lynch [mailto:stewartlynch8 at gmail.com]
> Sent: 26 May 2016 18:40
> To: 'WiX Toolset Users Mailing List' <wix-users at lists.wixtoolset.org>
> Subject: RE: [wix-users] Workaround GDI+ security vulnerability
>
> This appears to be fixed in v3.10.3.2924. If both the old and new
> installers have been built with that version of Wix updating works. It
> would be good to have a conformation that this has actually been
> fixed.
>
> This doesn't help my clients that have installed the version built
> with v3.10.3.2917, I'll have to tell them to uninstall manually.
>
>
>
> -----Original Message-----
> From: Stewart Lynch [mailto:stewartlynch8 at gmail.com]
> Sent: 26 May 2016 18:18
> To: 'WiX Toolset Users Mailing List' <wix-users at lists.wixtoolset.org>
> Subject: RE: [wix-users] Workaround GDI+ security vulnerability
>
> I can confirm that it's the old installer that is throwing this error.
> When it tries to uninstall the old version the burn exe crashes on
> startup, just as it did in the original problem. It seems that this
> problem wasn't fixed in all cases
> (https://github.com/wixtoolset/wix3/pull/351)
>
> If anyone would find a repro useful I can share my two installer exes.
> I only seems to happen on Win7 (I have a clean Win7 install on a VM).
>
> Stewart.
>
>
> -----Original Message-----
> From: Stewart Lynch [mailto:stewartlynch8 at gmail.com]
> Sent: 26 May 2016 17:25
> To: 'WiX Toolset Users Mailing List' <wix-users at lists.wixtoolset.org>
> Subject: RE: [wix-users] Workaround GDI+ security vulnerability
>
> Yes, that's the full log. After my custom burn app threw the exception
> I cancelled it, which closed everything down. I've attached the two
> log files that I see in my temp folder. I don't see any errors in my
> Application event log.
>
> I guess it could be something that I'm doing in my custom app that is
> causing this, I'll see if I can debug into it and see exactly where
> its failing. I have a suspicion that it may be because I have a custom
> action where I run another exe. It's just a bit suspicious that its
> exactly the same exception as a known bug that was fixed recently.
>
> I just had another thought, could it be that its failing uninstalling
> the old version, it works if I uninstall manually. I see that my two
> log files have different burn version numbers. I updated to the very
> latest version when I built the new installer.
>
>
> -----Original Message-----
> From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On
> Behalf Of Sean Hall
> Sent: 26 May 2016 15:38
> To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
> Subject: Re: [wix-users] Workaround GDI+ security vulnerability
>
> Is that the complete Burn log? That looks like the bundle crashed, is
> there an error in the Application event log?
>
> There were a couple of bugs in 3.10.3.2917, can you try 3.10.3.2924?
> http://wixtoolset.org/releases/v3-10-3-2924/
>
> On Thu, May 26, 2016 at 7:28 AM, Stewart Lynch
> <stewartlynch8 at gmail.com>
> wrote:
>
> > Hi,
> >
> >
> >
> > I've been having a problem with my custom burn exe throwing an
> > exception when it tried to access .NET assemblies. This is the
exception:
> >
> > Font '?' cannot be found
> >
> > I think it failed to load the .NET system.drawing.dll while trying
> > to create a font.
> >
> >
> >
> > The exe was throwing the exception as soon as it started. I
> > eventually found that this was fixed in this change:
> >
> > https://github.com/wixtoolset/wix3/pull/351
> >
> > After updating to v3.10.3.2917 the exe would run and the
> > installation completed.
> >
> >
> >
> > However, when I next changed the version number and try and to
> > install an update I get the same exception after the msi has
> > finished installing. The Burn log file is below. Looking at the msi
> > log file it shows that it completed successfully, it was the burn
> > exe that threw the exception after the mdi completed. I'm installing
> > on
Win7.
> >
> >
> >
> > Is this a known problem?
> >
> >
> >
> > Many thanks,
> >
> >
> >
> > Stewart.
> >
> >
> >
> > ------------------------------
> >
> > Burn log file:
> >
> >
> >
> > [0FA0:0FA4][2016-05-26T13:02:25]i001: Burn v3.10.3.2917, Windows
> > v6.1 (Build
> > 7601: Service Pack 1), path:
> >
> > C:\Users\STEWAR~1\AppData\Local\Temp\{18067DD0-80C1-4DF9-A27C-935986
> > BF
> > 5FB3}\
> > .cr\FramePro_x64_setup (1).exe
> >
> > [0FA0:0FA4][2016-05-26T13:02:25]i000: Initializing string variable
> > 'InstallFolder' to value
'[ProgramFiles64Folder]PureDevSoftware\FramePro'
> >
> > [0FA0:0FA4][2016-05-26T13:02:25]i000: Initializing string variable
> > 'CodeInstallFolder' to value
> > '[ProgramFiles64Folder]PureDevSoftware\FramePro'
> >
> > [0FA0:0FA4][2016-05-26T13:02:25]i009: Command Line:
> > '"-burn.clean.room=C:\Users\Stewart Win7
> > Clean\Downloads\FramePro_x64_setup
> > (1).exe"'
> >
> > [0FA0:0FA4][2016-05-26T13:02:25]i000: Setting string variable
> > 'WixBundleOriginalSource' to value 'C:\Users\Stewart Win7
> > Clean\Downloads\FramePro_x64_setup (1).exe'
> >
> > [0FA0:0FA4][2016-05-26T13:02:25]i000: Setting string variable
> > 'WixBundleOriginalSourceFolder' to value 'C:\Users\Stewart Win7
> > Clean\Downloads\'
> >
> > [0FA0:0FA4][2016-05-26T13:02:25]i000: Setting string variable
> > 'WixBundleLog'
> > to value
> 'C:\Users\STEWAR~1\AppData\Local\Temp\FramePro_20160526130225.log'
> >
> > [0FA0:0FA4][2016-05-26T13:02:25]i000: Setting string variable
> > 'WixBundleName' to value 'FramePro'
> >
> > [0FA0:0FA4][2016-05-26T13:02:25]i000: Setting string variable
> > 'WixBundleManufacturer' to value 'PureDev Software'
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i000: Loading managed bootstrapper
> > application.
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i000: Creating BA thread to run
> > asynchronously.
> >
> > [0FA0:0CA4][2016-05-26T13:02:26]i000: Launching SCLInstaller
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i100: Detect begin, 3 packages
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i052: Condition
'InstallFolderTestSearch'
> > evaluates to false.
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i000: Setting string variable
> > 'Netfx4x64FullVersion' to value '4.6.01055'
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i000: Setting numeric variable
> > 'InstallFolderTestSearch' to value 1
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i000: Setting string variable
> > 'VCRedistInstalled' to value '1'
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i000: Setting string variable
> > 'Netfx4FullVersion' to value '4.6.01055'
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i000: Setting numeric variable
> > 'CodeInstallFolderTestSearch' to value 1
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i052: Condition
> > 'CodeInstallFolderTestSearch' evaluates to true.
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i000: Setting string variable
> > 'CodeInstallFolder' to value 'C:\Program
Files\PureDevSoftware\FramePro\'
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i102: Detected related bundle:
> > {c5a08f6f-1434-4d51-b2b3-d0c259eab4b3}, type: Upgrade, scope:
> > PerMachine,
> > version: 1.2.2.0, operation: MajorUpgrade
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i052: Condition 'VCRedistInstalled'
> > evaluates to true.
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i052: Condition 'Netfx4FullVersion
> > AND (NOT
> > VersionNT64 OR Netfx4x64FullVersion)' evaluates to true.
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i103: Detected related package:
> > {E0101584-EB2E-467D-8F8F-85B72DEE77CE}, scope: PerMachine, version:
> > 1.2.2.0,
> > language: 0 operation: MajorUpgrade
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i101: Detected package:
> > VS2015Runtime,
> > state: Present, cached: None
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i101: Detected package: Netfx4Full,
> state:
> > Present, cached: None
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i101: Detected package: FramePro, state:
> > Absent, cached: None
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i199: Detect complete, result: 0x0
> >
> > [0FA0:0CA4][2016-05-26T13:02:29]i000: Setting string variable
> > 'InstallFolder' to value 'C:\Program Files\PureDevSoftware\FramePro'
> >
> > [0FA0:0CA4][2016-05-26T13:02:29]i000: Setting string variable
> > 'CodeInstallFolder' to value 'C:\Program
Files\PureDevSoftware\FramePro\'
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i200: Plan begin, 3 packages, action:
> > Install
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]w321: Skipping dependency
> > registration on package with no dependency providers: VS2015Runtime
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]w321: Skipping dependency
> > registration on package with no dependency providers: Netfx4Full
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i000: Setting string variable
> > 'WixBundleRollbackLog_FramePro' to value
> >
> > 'C:\Users\STEWAR~1\AppData\Local\Temp\FramePro_20160526130225_000_Fr
> > am
> > ePro_r
> > ollback.log'
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i000: Setting string variable
> > 'WixBundleLog_FramePro' to value
> >
> > 'C:\Users\STEWAR~1\AppData\Local\Temp\FramePro_20160526130225_000_Fr
> > am
> > ePro.l
> > og'
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i201: Planned package:
> > VS2015Runtime,
> > state:
> > Present, default requested: Present, ba requested: Present, execute:
> > None,
> > rollback: None, cache: No, uncache: No, dependency: None
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i201: Planned package: Netfx4Full,
state:
> > Present, default requested: Present, ba requested: Present, execute:
> > None,
> > rollback: None, cache: No, uncache: No, dependency: None
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i201: Planned package: FramePro, state:
> > Absent, default requested: Present, ba requested: Present, execute:
> > Install,
> > rollback: Uninstall, cache: Yes, uncache: No, dependency: Register
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i207: Planned related bundle:
> > {c5a08f6f-1434-4d51-b2b3-d0c259eab4b3}, type: Upgrade, default
requested:
> > Absent, ba requested: Absent, execute: Uninstall, rollback: Install,
> > dependency: None
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i299: Plan complete, result: 0x0
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i300: Apply begin
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i010: Launching elevated engine process.
> >
> > [0FA0:0FA4][2016-05-26T13:02:32]i011: Launched elevated engine process.
> >
> > [0FA0:0FA4][2016-05-26T13:02:32]i012: Connected to elevated engine.
> >
> > [0C0C:0C10][2016-05-26T13:02:32]i358: Pausing automatic updates.
> >
> > [0C0C:0C10][2016-05-26T13:02:34]i359: Paused automatic updates.
> >
> > [0C0C:0C10][2016-05-26T13:02:34]i360: Creating a system restore point.
> >
> > [0C0C:0C10][2016-05-26T13:02:40]i361: Created a system restore point.
> >
> > [0C0C:0C10][2016-05-26T13:02:40]i370: Session begin, registration key:
> >
> > SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{02a49190-b153-4
> > 65 1-b5bb -2539855b0e5c}, options: 0x7, disable resume: No
> >
> > [0C0C:0C10][2016-05-26T13:02:40]i000: Caching bundle from:
> >
> > 'C:\Users\STEWAR~1\AppData\Local\Temp\{74E73143-1A17-445B-8A5C-8C89F
> > 74 AD707} \.be\FramePro_x64_setup.exe' to: 'C:\ProgramData\Package
> > Cache\{02a49190-b153-4651-b5bb-2539855b0e5c}\FramePro_x64_setup.exe'
> >
> > [0C0C:0C10][2016-05-26T13:02:40]i320: Registering bundle dependency
> > provider: {02a49190-b153-4651-b5bb-2539855b0e5c}, version: 1.2.3.0
> >
> > [0C0C:0C10][2016-05-26T13:02:40]i371: Updating session, registration
key:
> >
> > SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{02a49190-b153-4
> > 65 1-b5bb -2539855b0e5c}, resume: Active, restart initiated: No,
> > disable
> > resume: No
> >
> > [0FA0:0EE0][2016-05-26T13:02:40]i336: Acquiring container:
> > WixAttachedContainer, copy from: C:\Users\Stewart Win7
> > Clean\Downloads\FramePro_x64_setup (1).exe
> >
> > [0FA0:0EE0][2016-05-26T13:02:40]i000: Setting string variable
> > 'WixBundleLastUsedSource' to value 'C:\Users\Stewart Win7
> Clean\Downloads\'
> >
> > [0C0C:040C][2016-05-26T13:02:40]i305: Verified acquired payload:
> > FramePro at
> > path: C:\ProgramData\Package Cache\.unverified\FramePro, moving to:
> > C:\ProgramData\Package
> >
> > Cache\{DB44BBC8-BA64-41A9-BD90-F76DA22AB5E2}v1.2.3.0\FrameProInstall
> > er
> > 64.msi
> > .
> >
> > [0C0C:0C10][2016-05-26T13:02:40]i323: Registering package dependency
> > provider: {DB44BBC8-BA64-41A9-BD90-F76DA22AB5E2}, version: 1.2.3.0,
> > package:
> > FramePro
> >
> > [0C0C:0C10][2016-05-26T13:02:40]i301: Applying execute package:
> > FramePro,
> > action: Install, path: C:\ProgramData\Package
> >
> > Cache\{DB44BBC8-BA64-41A9-BD90-F76DA22AB5E2}v1.2.3.0\FrameProInstall
> > er 64.msi , arguments: ' ARPSYSTEMCOMPONENT="1" MSIFASTINSTALL="7"
> > INSTALLLOCATION="C:\Program Files\PureDevSoftware\FramePro"
> > CODEINSTALLLOCATION="C:\Program Files\PureDevSoftware\FramePro\"'
> >
> > [0FA0:0FA4][2016-05-26T13:02:51]i319: Applied execute package:
> > FramePro,
> > result: 0x0, restart: None
> >
> > [0C0C:0C10][2016-05-26T13:02:51]i325: Registering dependency:
> > {02a49190-b153-4651-b5bb-2539855b0e5c} on package provider:
> > {DB44BBC8-BA64-41A9-BD90-F76DA22AB5E2}, package: FramePro
> >
> > [0C0C:0C10][2016-05-26T13:02:51]i301: Applying execute package:
> > {c5a08f6f-1434-4d51-b2b3-d0c259eab4b3}, action: Uninstall, path:
> > C:\ProgramData\Package
> > Cache\{c5a08f6f-1434-4d51-b2b3-d0c259eab4b3}\FramePro_x64_setup.exe,
> > arguments: '-burn.filehandle.self=536 "C:\ProgramData\Package
> > Cache\{c5a08f6f-1434-4d51-b2b3-d0c259eab4b3}\FramePro_x64_setup.exe"
> > -uninstall -quiet -burn.related.upgrade
> > -burn.ancestors={02a49190-b153-4651-b5bb-2539855b0e5c}'
> >
> >
> > ____________________________________________________________________
> > WiX Toolset Users Mailing List provided by FireGiant
> > http://www.firegiant.com/
> >
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant
> http://www.firegiant.com/
>
>
>
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant
> http://www.firegiant.com/
>
____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/
____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/
____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/
____________________________________________________________________
WiX Toolset Users Mailing List provided by FireGiant http://www.firegiant.com/
More information about the wix-users
mailing list