[wix-users] Workaround GDI+ security vulnerability
Sean Hall
r.sean.hall at gmail.com
Thu May 26 12:10:41 PDT 2016
Please file a bug at https://github.com/wixtoolset/issues/issues and attach
the logs there (this list doesn't support attachments). Make sure to
include steps that we can take to reproduce the issue.
On Thu, May 26, 2016 at 1:10 PM, Stewart Lynch <stewartlynch8 at gmail.com>
wrote:
> Scratch that. It's still not working with the latest version. I really
> don't
> know what to do now.
>
>
> -----Original Message-----
> From: Stewart Lynch [mailto:stewartlynch8 at gmail.com]
> Sent: 26 May 2016 18:40
> To: 'WiX Toolset Users Mailing List' <wix-users at lists.wixtoolset.org>
> Subject: RE: [wix-users] Workaround GDI+ security vulnerability
>
> This appears to be fixed in v3.10.3.2924. If both the old and new
> installers
> have been built with that version of Wix updating works. It would be good
> to
> have a conformation that this has actually been fixed.
>
> This doesn't help my clients that have installed the version built with
> v3.10.3.2917, I'll have to tell them to uninstall manually.
>
>
>
> -----Original Message-----
> From: Stewart Lynch [mailto:stewartlynch8 at gmail.com]
> Sent: 26 May 2016 18:18
> To: 'WiX Toolset Users Mailing List' <wix-users at lists.wixtoolset.org>
> Subject: RE: [wix-users] Workaround GDI+ security vulnerability
>
> I can confirm that it's the old installer that is throwing this error. When
> it tries to uninstall the old version the burn exe crashes on startup, just
> as it did in the original problem. It seems that this problem wasn't fixed
> in all cases (https://github.com/wixtoolset/wix3/pull/351)
>
> If anyone would find a repro useful I can share my two installer exes. I
> only seems to happen on Win7 (I have a clean Win7 install on a VM).
>
> Stewart.
>
>
> -----Original Message-----
> From: Stewart Lynch [mailto:stewartlynch8 at gmail.com]
> Sent: 26 May 2016 17:25
> To: 'WiX Toolset Users Mailing List' <wix-users at lists.wixtoolset.org>
> Subject: RE: [wix-users] Workaround GDI+ security vulnerability
>
> Yes, that's the full log. After my custom burn app threw the exception I
> cancelled it, which closed everything down. I've attached the two log files
> that I see in my temp folder. I don't see any errors in my Application
> event
> log.
>
> I guess it could be something that I'm doing in my custom app that is
> causing this, I'll see if I can debug into it and see exactly where its
> failing. I have a suspicion that it may be because I have a custom action
> where I run another exe. It's just a bit suspicious that its exactly the
> same exception as a known bug that was fixed recently.
>
> I just had another thought, could it be that its failing uninstalling the
> old version, it works if I uninstall manually. I see that my two log files
> have different burn version numbers. I updated to the very latest version
> when I built the new installer.
>
>
> -----Original Message-----
> From: wix-users [mailto:wix-users-bounces at lists.wixtoolset.org] On Behalf
> Of
> Sean Hall
> Sent: 26 May 2016 15:38
> To: WiX Toolset Users Mailing List <wix-users at lists.wixtoolset.org>
> Subject: Re: [wix-users] Workaround GDI+ security vulnerability
>
> Is that the complete Burn log? That looks like the bundle crashed, is
> there
> an error in the Application event log?
>
> There were a couple of bugs in 3.10.3.2917, can you try 3.10.3.2924?
> http://wixtoolset.org/releases/v3-10-3-2924/
>
> On Thu, May 26, 2016 at 7:28 AM, Stewart Lynch <stewartlynch8 at gmail.com>
> wrote:
>
> > Hi,
> >
> >
> >
> > I've been having a problem with my custom burn exe throwing an
> > exception when it tried to access .NET assemblies. This is the exception:
> >
> > Font '?' cannot be found
> >
> > I think it failed to load the .NET system.drawing.dll while trying to
> > create a font.
> >
> >
> >
> > The exe was throwing the exception as soon as it started. I eventually
> > found that this was fixed in this change:
> >
> > https://github.com/wixtoolset/wix3/pull/351
> >
> > After updating to v3.10.3.2917 the exe would run and the installation
> > completed.
> >
> >
> >
> > However, when I next changed the version number and try and to install
> > an update I get the same exception after the msi has finished
> > installing. The Burn log file is below. Looking at the msi log file it
> > shows that it completed successfully, it was the burn exe that threw
> > the exception after the mdi completed. I'm installing on Win7.
> >
> >
> >
> > Is this a known problem?
> >
> >
> >
> > Many thanks,
> >
> >
> >
> > Stewart.
> >
> >
> >
> > ------------------------------
> >
> > Burn log file:
> >
> >
> >
> > [0FA0:0FA4][2016-05-26T13:02:25]i001: Burn v3.10.3.2917, Windows v6.1
> > (Build
> > 7601: Service Pack 1), path:
> >
> > C:\Users\STEWAR~1\AppData\Local\Temp\{18067DD0-80C1-4DF9-A27C-935986BF
> > 5FB3}\
> > .cr\FramePro_x64_setup (1).exe
> >
> > [0FA0:0FA4][2016-05-26T13:02:25]i000: Initializing string variable
> > 'InstallFolder' to value '[ProgramFiles64Folder]PureDevSoftware\FramePro'
> >
> > [0FA0:0FA4][2016-05-26T13:02:25]i000: Initializing string variable
> > 'CodeInstallFolder' to value
> > '[ProgramFiles64Folder]PureDevSoftware\FramePro'
> >
> > [0FA0:0FA4][2016-05-26T13:02:25]i009: Command Line:
> > '"-burn.clean.room=C:\Users\Stewart Win7
> > Clean\Downloads\FramePro_x64_setup
> > (1).exe"'
> >
> > [0FA0:0FA4][2016-05-26T13:02:25]i000: Setting string variable
> > 'WixBundleOriginalSource' to value 'C:\Users\Stewart Win7
> > Clean\Downloads\FramePro_x64_setup (1).exe'
> >
> > [0FA0:0FA4][2016-05-26T13:02:25]i000: Setting string variable
> > 'WixBundleOriginalSourceFolder' to value 'C:\Users\Stewart Win7
> > Clean\Downloads\'
> >
> > [0FA0:0FA4][2016-05-26T13:02:25]i000: Setting string variable
> > 'WixBundleLog'
> > to value
> 'C:\Users\STEWAR~1\AppData\Local\Temp\FramePro_20160526130225.log'
> >
> > [0FA0:0FA4][2016-05-26T13:02:25]i000: Setting string variable
> > 'WixBundleName' to value 'FramePro'
> >
> > [0FA0:0FA4][2016-05-26T13:02:25]i000: Setting string variable
> > 'WixBundleManufacturer' to value 'PureDev Software'
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i000: Loading managed bootstrapper
> > application.
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i000: Creating BA thread to run
> > asynchronously.
> >
> > [0FA0:0CA4][2016-05-26T13:02:26]i000: Launching SCLInstaller
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i100: Detect begin, 3 packages
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i052: Condition 'InstallFolderTestSearch'
> > evaluates to false.
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i000: Setting string variable
> > 'Netfx4x64FullVersion' to value '4.6.01055'
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i000: Setting numeric variable
> > 'InstallFolderTestSearch' to value 1
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i000: Setting string variable
> > 'VCRedistInstalled' to value '1'
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i000: Setting string variable
> > 'Netfx4FullVersion' to value '4.6.01055'
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i000: Setting numeric variable
> > 'CodeInstallFolderTestSearch' to value 1
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i052: Condition
> > 'CodeInstallFolderTestSearch' evaluates to true.
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i000: Setting string variable
> > 'CodeInstallFolder' to value 'C:\Program Files\PureDevSoftware\FramePro\'
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i102: Detected related bundle:
> > {c5a08f6f-1434-4d51-b2b3-d0c259eab4b3}, type: Upgrade, scope:
> > PerMachine,
> > version: 1.2.2.0, operation: MajorUpgrade
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i052: Condition 'VCRedistInstalled'
> > evaluates to true.
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i052: Condition 'Netfx4FullVersion AND
> > (NOT
> > VersionNT64 OR Netfx4x64FullVersion)' evaluates to true.
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i103: Detected related package:
> > {E0101584-EB2E-467D-8F8F-85B72DEE77CE}, scope: PerMachine, version:
> > 1.2.2.0,
> > language: 0 operation: MajorUpgrade
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i101: Detected package: VS2015Runtime,
> > state: Present, cached: None
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i101: Detected package: Netfx4Full,
> state:
> > Present, cached: None
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i101: Detected package: FramePro, state:
> > Absent, cached: None
> >
> > [0FA0:0FA4][2016-05-26T13:02:26]i199: Detect complete, result: 0x0
> >
> > [0FA0:0CA4][2016-05-26T13:02:29]i000: Setting string variable
> > 'InstallFolder' to value 'C:\Program Files\PureDevSoftware\FramePro'
> >
> > [0FA0:0CA4][2016-05-26T13:02:29]i000: Setting string variable
> > 'CodeInstallFolder' to value 'C:\Program Files\PureDevSoftware\FramePro\'
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i200: Plan begin, 3 packages, action:
> > Install
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]w321: Skipping dependency registration
> > on package with no dependency providers: VS2015Runtime
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]w321: Skipping dependency registration
> > on package with no dependency providers: Netfx4Full
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i000: Setting string variable
> > 'WixBundleRollbackLog_FramePro' to value
> >
> > 'C:\Users\STEWAR~1\AppData\Local\Temp\FramePro_20160526130225_000_Fram
> > ePro_r
> > ollback.log'
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i000: Setting string variable
> > 'WixBundleLog_FramePro' to value
> >
> > 'C:\Users\STEWAR~1\AppData\Local\Temp\FramePro_20160526130225_000_Fram
> > ePro.l
> > og'
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i201: Planned package: VS2015Runtime,
> > state:
> > Present, default requested: Present, ba requested: Present, execute:
> > None,
> > rollback: None, cache: No, uncache: No, dependency: None
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i201: Planned package: Netfx4Full, state:
> > Present, default requested: Present, ba requested: Present, execute:
> > None,
> > rollback: None, cache: No, uncache: No, dependency: None
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i201: Planned package: FramePro, state:
> > Absent, default requested: Present, ba requested: Present, execute:
> > Install,
> > rollback: Uninstall, cache: Yes, uncache: No, dependency: Register
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i207: Planned related bundle:
> > {c5a08f6f-1434-4d51-b2b3-d0c259eab4b3}, type: Upgrade, default requested:
> > Absent, ba requested: Absent, execute: Uninstall, rollback: Install,
> > dependency: None
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i299: Plan complete, result: 0x0
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i300: Apply begin
> >
> > [0FA0:0FA4][2016-05-26T13:02:29]i010: Launching elevated engine process.
> >
> > [0FA0:0FA4][2016-05-26T13:02:32]i011: Launched elevated engine process.
> >
> > [0FA0:0FA4][2016-05-26T13:02:32]i012: Connected to elevated engine.
> >
> > [0C0C:0C10][2016-05-26T13:02:32]i358: Pausing automatic updates.
> >
> > [0C0C:0C10][2016-05-26T13:02:34]i359: Paused automatic updates.
> >
> > [0C0C:0C10][2016-05-26T13:02:34]i360: Creating a system restore point.
> >
> > [0C0C:0C10][2016-05-26T13:02:40]i361: Created a system restore point.
> >
> > [0C0C:0C10][2016-05-26T13:02:40]i370: Session begin, registration key:
> >
> > SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{02a49190-b153-465
> > 1-b5bb -2539855b0e5c}, options: 0x7, disable resume: No
> >
> > [0C0C:0C10][2016-05-26T13:02:40]i000: Caching bundle from:
> >
> > 'C:\Users\STEWAR~1\AppData\Local\Temp\{74E73143-1A17-445B-8A5C-8C89F74
> > AD707} \.be\FramePro_x64_setup.exe' to: 'C:\ProgramData\Package
> > Cache\{02a49190-b153-4651-b5bb-2539855b0e5c}\FramePro_x64_setup.exe'
> >
> > [0C0C:0C10][2016-05-26T13:02:40]i320: Registering bundle dependency
> > provider: {02a49190-b153-4651-b5bb-2539855b0e5c}, version: 1.2.3.0
> >
> > [0C0C:0C10][2016-05-26T13:02:40]i371: Updating session, registration key:
> >
> > SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{02a49190-b153-465
> > 1-b5bb -2539855b0e5c}, resume: Active, restart initiated: No, disable
> > resume: No
> >
> > [0FA0:0EE0][2016-05-26T13:02:40]i336: Acquiring container:
> > WixAttachedContainer, copy from: C:\Users\Stewart Win7
> > Clean\Downloads\FramePro_x64_setup (1).exe
> >
> > [0FA0:0EE0][2016-05-26T13:02:40]i000: Setting string variable
> > 'WixBundleLastUsedSource' to value 'C:\Users\Stewart Win7
> Clean\Downloads\'
> >
> > [0C0C:040C][2016-05-26T13:02:40]i305: Verified acquired payload:
> > FramePro at
> > path: C:\ProgramData\Package Cache\.unverified\FramePro, moving to:
> > C:\ProgramData\Package
> >
> > Cache\{DB44BBC8-BA64-41A9-BD90-F76DA22AB5E2}v1.2.3.0\FrameProInstaller
> > 64.msi
> > .
> >
> > [0C0C:0C10][2016-05-26T13:02:40]i323: Registering package dependency
> > provider: {DB44BBC8-BA64-41A9-BD90-F76DA22AB5E2}, version: 1.2.3.0,
> > package:
> > FramePro
> >
> > [0C0C:0C10][2016-05-26T13:02:40]i301: Applying execute package:
> > FramePro,
> > action: Install, path: C:\ProgramData\Package
> >
> > Cache\{DB44BBC8-BA64-41A9-BD90-F76DA22AB5E2}v1.2.3.0\FrameProInstaller
> > 64.msi , arguments: ' ARPSYSTEMCOMPONENT="1" MSIFASTINSTALL="7"
> > INSTALLLOCATION="C:\Program Files\PureDevSoftware\FramePro"
> > CODEINSTALLLOCATION="C:\Program Files\PureDevSoftware\FramePro\"'
> >
> > [0FA0:0FA4][2016-05-26T13:02:51]i319: Applied execute package:
> > FramePro,
> > result: 0x0, restart: None
> >
> > [0C0C:0C10][2016-05-26T13:02:51]i325: Registering dependency:
> > {02a49190-b153-4651-b5bb-2539855b0e5c} on package provider:
> > {DB44BBC8-BA64-41A9-BD90-F76DA22AB5E2}, package: FramePro
> >
> > [0C0C:0C10][2016-05-26T13:02:51]i301: Applying execute package:
> > {c5a08f6f-1434-4d51-b2b3-d0c259eab4b3}, action: Uninstall, path:
> > C:\ProgramData\Package
> > Cache\{c5a08f6f-1434-4d51-b2b3-d0c259eab4b3}\FramePro_x64_setup.exe,
> > arguments: '-burn.filehandle.self=536 "C:\ProgramData\Package
> > Cache\{c5a08f6f-1434-4d51-b2b3-d0c259eab4b3}\FramePro_x64_setup.exe"
> > -uninstall -quiet -burn.related.upgrade
> > -burn.ancestors={02a49190-b153-4651-b5bb-2539855b0e5c}'
> >
> >
> > ____________________________________________________________________
> > WiX Toolset Users Mailing List provided by FireGiant
> > http://www.firegiant.com/
> >
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant
> http://www.firegiant.com/
>
>
>
>
> ____________________________________________________________________
> WiX Toolset Users Mailing List provided by FireGiant
> http://www.firegiant.com/
>
More information about the wix-users
mailing list