Skip to content

Commit cff1b78

Browse files
zoobazooba
authored
bpo-46948: Fix CVE-2022-26488 by ensuring the Windows Installer correctly uses the install path during repair (GH-31729)
1 parent c3ec5bc commit cff1b78

File tree

11 files changed

+26
-4
lines changed

11 files changed

+26
-4
lines changed

Misc/NEWS.d/next/Windows/2022-03-07-16-34-11.bpo-46948.Ufd4tG.rst

+2
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
Prevent CVE-2022-26488 by ensuring the Add to PATH option in the Windows
2+
installer uses the correct path when being repaired.

Tools/msi/bundle/bundle.wxs

+1-1
Original file line numberDiff line numberDiff line change
@@ -95,8 +95,8 @@
9595
<Chain ParallelCache="yes">
9696
<PackageGroupRef Id="crt" />
9797
<PackageGroupRef Id="core" />
98-
<PackageGroupRef Id="dev" />
9998
<PackageGroupRef Id="exe" />
99+
<PackageGroupRef Id="dev" />
100100
<PackageGroupRef Id="lib" />
101101
<PackageGroupRef Id="test" />
102102
<PackageGroupRef Id="doc" />

Tools/msi/common.wxs

+14-2
Original file line numberDiff line numberDiff line change
@@ -53,11 +53,23 @@
5353
</Fragment>
5454

5555
<Fragment>
56-
<?ifdef InstallDirectoryGuidSeed ?>
5756
<Directory Id="TARGETDIR" Name="SourceDir">
57+
<?ifdef InstallDirectoryGuidSeed ?>
5858
<Directory Id="InstallDirectory" ComponentGuidGenerationSeed="$(var.InstallDirectoryGuidSeed)" />
59+
<?endif ?>
5960
</Directory>
60-
<?endif ?>
61+
</Fragment>
62+
63+
<Fragment>
64+
<!-- Locate TARGETDIR automatically assuming we have executables installed -->
65+
<Property Id="TARGETDIR">
66+
<ComponentSearch Id="PythonExe_Directory" Guid="$(var.PythonExeComponentGuid)">
67+
<DirectorySearch Id="PythonExe_Directory" AssignToProperty="yes" Path=".">
68+
<FileSearch Id="PythonExe_DirectoryFile" Name="python.exe" />
69+
</DirectorySearch>
70+
</ComponentSearch>
71+
</Property>
72+
<Property Id="DetectTargetDir" Value="1" />
6173
</Fragment>
6274

6375
<!-- Top-level directories -->

Tools/msi/dev/dev.wxs

+1
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
<Package InstallerVersion="300" Compressed="yes" InstallScope="perUser" Platform="$(var.Platform)" />
55
<MediaTemplate EmbedCab="yes" CompressionLevel="high" />
66

7+
<PropertyRef Id="DetectTargetDir" />
78
<PropertyRef Id="UpgradeTable" />
89

910
<Feature Id="DefaultFeature" AllowAdvertise="no" Title="!(loc.Title)" Description="!(loc.Description)">

Tools/msi/doc/doc.wxs

+1
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
<Package InstallerVersion="300" Compressed="yes" InstallScope="perUser" Platform="$(var.Platform)" />
55
<MediaTemplate EmbedCab="yes" CompressionLevel="high" />
66

7+
<PropertyRef Id="DetectTargetDir" />
78
<PropertyRef Id="UpgradeTable" />
89
<PropertyRef Id="REGISTRYKEY" />
910

Tools/msi/lib/lib.wxs

+1
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
<Package InstallerVersion="300" Compressed="yes" InstallScope="perUser" Platform="$(var.Platform)" />
55
<MediaTemplate EmbedCab="yes" CompressionLevel="high" />
66

7+
<PropertyRef Id="DetectTargetDir" />
78
<PropertyRef Id="UpgradeTable" />
89
<PropertyRef Id="REGISTRYKEY" />
910

Tools/msi/path/path.wxs

+2-1
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,8 @@
22
<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi">
33
<Product Id="*" Language="!(loc.LCID)" Name="!(loc.Title)" Version="$(var.Version)" Manufacturer="!(loc.Manufacturer)" UpgradeCode="$(var.UpgradeCode)">
44
<Package InstallerVersion="300" Compressed="yes" InstallScope="perUser" Platform="$(var.Platform)" />
5-
5+
6+
<PropertyRef Id="DetectTargetDir" />
67
<PropertyRef Id="UpgradeTable" />
78
<PropertyRef Id="REGISTRYKEY" />
89

Tools/msi/tcltk/tcltk.wxs

+1
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
<Package InstallerVersion="300" Compressed="yes" InstallScope="perUser" Platform="$(var.Platform)" />
55
<MediaTemplate EmbedCab="yes" CompressionLevel="high" />
66

7+
<PropertyRef Id="DetectTargetDir" />
78
<PropertyRef Id="UpgradeTable" />
89
<PropertyRef Id="REGISTRYKEY" />
910

Tools/msi/test/test.wxs

+1
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
<Package InstallerVersion="300" Compressed="yes" InstallScope="perUser" Platform="$(var.Platform)" />
55
<MediaTemplate EmbedCab="yes" CompressionLevel="high" />
66

7+
<PropertyRef Id="DetectTargetDir" />
78
<PropertyRef Id="UpgradeTable" />
89
<PropertyRef Id="REGISTRYKEY" />
910

Tools/msi/tools/tools.wxs

+1
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
<Package InstallerVersion="300" Compressed="yes" InstallScope="perUser" Platform="$(var.Platform)" />
55
<MediaTemplate EmbedCab="yes" CompressionLevel="high" />
66

7+
<PropertyRef Id="DetectTargetDir" />
78
<PropertyRef Id="UpgradeTable" />
89

910
<Feature Id="DefaultFeature" AllowAdvertise="no" Title="!(loc.Title)" Description="!(loc.Description)">

Tools/msi/ucrt/ucrt.wxs

+1
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@
44
<Package InstallerVersion="300" Compressed="yes" InstallScope="perUser" Platform="$(var.Platform)" />
55
<MediaTemplate EmbedCab="yes" CompressionLevel="high" />
66

7+
<PropertyRef Id="DetectTargetDir" />
78
<PropertyRef Id="UpgradeTable" />
89
<PropertyRef Id="REGISTRYKEY" />
910

0 commit comments

Comments
 (0)