mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-08-04 08:59:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 11

bpo-46948: Fix CVE-2022-26488 by ensuring the Windows Installer correctly uses the install path during repair (GH-31726)

Browse source
This commit is contained in:
Steve Dower 2022-03-07 17:23:11 +00:00 committed by GitHub
parent ca9689f8da
commit 77446d2aa5
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 27 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
Misc/NEWS.d/next/Windows/2022-03-07-16-34-11.bpo-46948.Ufd4tG.rst Normal file
View file

@ -0,0 +1,2 @@
Prevent CVE-2022-26488 by ensuring the Add to PATH option in the Windows
installer uses the correct path when being repaired.

1
Tools/msi/appendpath/appendpath.wxs
View file

@ -3,6 +3,7 @@
<Product Id="*" Language="!(loc.LCID)" Name="!(loc.Title)" Version="$(var.Version)" Manufacturer="!(loc.Manufacturer)" UpgradeCode="$(var.UpgradeCode)"> <Product Id="*" Language="!(loc.LCID)" Name="!(loc.Title)" Version="$(var.Version)" Manufacturer="!(loc.Manufacturer)" UpgradeCode="$(var.UpgradeCode)">
<Package InstallerVersion="500" Compressed="yes" InstallScope="perUser" /> <Package InstallerVersion="500" Compressed="yes" InstallScope="perUser" />
<PropertyRef Id="DetectTargetDir" />
<PropertyRef Id="UpgradeTable" /> <PropertyRef Id="UpgradeTable" />
<PropertyRef Id="REGISTRYKEY" /> <PropertyRef Id="REGISTRYKEY" />

2
Tools/msi/bundle/bundle.wxs
View file

@ -108,8 +108,8 @@
<PackageGroupRef Id="crt" /> <PackageGroupRef Id="crt" />
<?endif ?> <?endif ?>
<PackageGroupRef Id="core" /> <PackageGroupRef Id="core" />
<PackageGroupRef Id="dev" />
<PackageGroupRef Id="exe" /> <PackageGroupRef Id="exe" />
<PackageGroupRef Id="dev" />
<PackageGroupRef Id="lib" /> <PackageGroupRef Id="lib" />
<PackageGroupRef Id="test" /> <PackageGroupRef Id="test" />
<PackageGroupRef Id="doc" /> <PackageGroupRef Id="doc" />

16
Tools/msi/common.wxs
View file

@ -53,11 +53,23 @@
</Fragment> </Fragment>
<Fragment> <Fragment>
<?ifdef InstallDirectoryGuidSeed ?>
<Directory Id="TARGETDIR" Name="SourceDir"> <Directory Id="TARGETDIR" Name="SourceDir">
<?ifdef InstallDirectoryGuidSeed ?>
<Directory Id="InstallDirectory" ComponentGuidGenerationSeed="$(var.InstallDirectoryGuidSeed)" /> <Directory Id="InstallDirectory" ComponentGuidGenerationSeed="$(var.InstallDirectoryGuidSeed)" />
<?endif ?>
</Directory> </Directory>
<?endif ?> </Fragment>
<Fragment>
<!-- Locate TARGETDIR automatically assuming we have executables installed -->
<Property Id="TARGETDIR">
<ComponentSearch Id="PythonExe_Directory" Guid="$(var.PythonExeComponentGuid)">
<DirectorySearch Id="PythonExe_Directory" AssignToProperty="yes" Path=".">
<FileSearch Id="PythonExe_DirectoryFile" Name="python.exe" />
</DirectorySearch>
</ComponentSearch>
</Property>
<Property Id="DetectTargetDir" Value="1" />
</Fragment> </Fragment>
<!-- Top-level directories --> <!-- Top-level directories -->

1
Tools/msi/dev/dev.wxs
View file

@ -4,6 +4,7 @@
<Package InstallerVersion="500" Compressed="yes" InstallScope="perUser" /> <Package InstallerVersion="500" Compressed="yes" InstallScope="perUser" />
<MediaTemplate EmbedCab="yes" CompressionLevel="high" /> <MediaTemplate EmbedCab="yes" CompressionLevel="high" />
<PropertyRef Id="DetectTargetDir" />
<PropertyRef Id="UpgradeTable" /> <PropertyRef Id="UpgradeTable" />
<Feature Id="DefaultFeature" AllowAdvertise="no" Title="!(loc.Title)" Description="!(loc.Description)"> <Feature Id="DefaultFeature" AllowAdvertise="no" Title="!(loc.Title)" Description="!(loc.Description)">

1
Tools/msi/doc/doc.wxs
View file

@ -4,6 +4,7 @@
<Package InstallerVersion="500" Compressed="yes" InstallScope="perUser" /> <Package InstallerVersion="500" Compressed="yes" InstallScope="perUser" />
<MediaTemplate EmbedCab="yes" CompressionLevel="high" /> <MediaTemplate EmbedCab="yes" CompressionLevel="high" />
<PropertyRef Id="DetectTargetDir" />
<PropertyRef Id="UpgradeTable" /> <PropertyRef Id="UpgradeTable" />
<PropertyRef Id="REGISTRYKEY" /> <PropertyRef Id="REGISTRYKEY" />

1
Tools/msi/lib/lib.wxs
View file

@ -4,6 +4,7 @@
<Package InstallerVersion="500" Compressed="yes" InstallScope="perUser" /> <Package InstallerVersion="500" Compressed="yes" InstallScope="perUser" />
<MediaTemplate EmbedCab="yes" CompressionLevel="high" /> <MediaTemplate EmbedCab="yes" CompressionLevel="high" />
<PropertyRef Id="DetectTargetDir" />
<PropertyRef Id="UpgradeTable" /> <PropertyRef Id="UpgradeTable" />
<PropertyRef Id="REGISTRYKEY" /> <PropertyRef Id="REGISTRYKEY" />

3
Tools/msi/path/path.wxs
View file

@ -2,7 +2,8 @@
<Wix xmlns="http://schemas.microsoft.com/wix/2006/wi"> <Wix xmlns="http://schemas.microsoft.com/wix/2006/wi">
<Product Id="*" Language="!(loc.LCID)" Name="!(loc.Title)" Version="$(var.Version)" Manufacturer="!(loc.Manufacturer)" UpgradeCode="$(var.UpgradeCode)"> <Product Id="*" Language="!(loc.LCID)" Name="!(loc.Title)" Version="$(var.Version)" Manufacturer="!(loc.Manufacturer)" UpgradeCode="$(var.UpgradeCode)">
<Package InstallerVersion="500" Compressed="yes" InstallScope="perUser" /> <Package InstallerVersion="500" Compressed="yes" InstallScope="perUser" />
<PropertyRef Id="DetectTargetDir" />
<PropertyRef Id="UpgradeTable" /> <PropertyRef Id="UpgradeTable" />
<PropertyRef Id="REGISTRYKEY" /> <PropertyRef Id="REGISTRYKEY" />

1
Tools/msi/tcltk/tcltk.wxs
View file

@ -4,6 +4,7 @@
<Package InstallerVersion="500" Compressed="yes" InstallScope="perUser" /> <Package InstallerVersion="500" Compressed="yes" InstallScope="perUser" />
<MediaTemplate EmbedCab="yes" CompressionLevel="high" /> <MediaTemplate EmbedCab="yes" CompressionLevel="high" />
<PropertyRef Id="DetectTargetDir" />
<PropertyRef Id="UpgradeTable" /> <PropertyRef Id="UpgradeTable" />
<PropertyRef Id="REGISTRYKEY" /> <PropertyRef Id="REGISTRYKEY" />

1
Tools/msi/test/test.wxs
View file

@ -4,6 +4,7 @@
<Package InstallerVersion="500" Compressed="yes" InstallScope="perUser" /> <Package InstallerVersion="500" Compressed="yes" InstallScope="perUser" />
<MediaTemplate EmbedCab="yes" CompressionLevel="high" /> <MediaTemplate EmbedCab="yes" CompressionLevel="high" />
<PropertyRef Id="DetectTargetDir" />
<PropertyRef Id="UpgradeTable" /> <PropertyRef Id="UpgradeTable" />
<PropertyRef Id="REGISTRYKEY" /> <PropertyRef Id="REGISTRYKEY" />

1
Tools/msi/tools/tools.wxs
View file

@ -4,6 +4,7 @@
<Package InstallerVersion="500" Compressed="yes" InstallScope="perUser" /> <Package InstallerVersion="500" Compressed="yes" InstallScope="perUser" />
<MediaTemplate EmbedCab="yes" CompressionLevel="high" /> <MediaTemplate EmbedCab="yes" CompressionLevel="high" />
<PropertyRef Id="DetectTargetDir" />
<PropertyRef Id="UpgradeTable" /> <PropertyRef Id="UpgradeTable" />
<Feature Id="DefaultFeature" AllowAdvertise="no" Title="!(loc.Title)" Description="!(loc.Description)"> <Feature Id="DefaultFeature" AllowAdvertise="no" Title="!(loc.Title)" Description="!(loc.Description)">

1
Tools/msi/ucrt/ucrt.wxs
View file

@ -4,6 +4,7 @@
<Package InstallerVersion="500" Compressed="yes" InstallScope="perUser" /> <Package InstallerVersion="500" Compressed="yes" InstallScope="perUser" />
<MediaTemplate EmbedCab="yes" CompressionLevel="high" /> <MediaTemplate EmbedCab="yes" CompressionLevel="high" />
<PropertyRef Id="DetectTargetDir" />
<PropertyRef Id="UpgradeTable" /> <PropertyRef Id="UpgradeTable" />
<PropertyRef Id="REGISTRYKEY" /> <PropertyRef Id="REGISTRYKEY" />