From 77446d2aa56e9e3262d9d2247342bbbb0ff5e907 Mon Sep 17 00:00:00 2001 From: Steve Dower Date: Mon, 7 Mar 2022 17:23:11 +0000 Subject: bpo-46948: Fix CVE-2022-26488 by ensuring the Windows Installer correctly uses the install path during repair (GH-31726) --- .../Windows/2022-03-07-16-34-11.bpo-46948.Ufd4tG.rst | 2 ++ Tools/msi/appendpath/appendpath.wxs | 1 + Tools/msi/bundle/bundle.wxs | 2 +- Tools/msi/common.wxs | 16 ++++++++++++++-- Tools/msi/dev/dev.wxs | 1 + Tools/msi/doc/doc.wxs | 1 + Tools/msi/lib/lib.wxs | 1 + Tools/msi/path/path.wxs | 3 ++- Tools/msi/tcltk/tcltk.wxs | 1 + Tools/msi/test/test.wxs | 1 + Tools/msi/tools/tools.wxs | 1 + Tools/msi/ucrt/ucrt.wxs | 1 + 12 files changed, 27 insertions(+), 4 deletions(-) create mode 100644 Misc/NEWS.d/next/Windows/2022-03-07-16-34-11.bpo-46948.Ufd4tG.rst diff --git a/Misc/NEWS.d/next/Windows/2022-03-07-16-34-11.bpo-46948.Ufd4tG.rst b/Misc/NEWS.d/next/Windows/2022-03-07-16-34-11.bpo-46948.Ufd4tG.rst new file mode 100644 index 0000000..cfc4827 --- /dev/null +++ b/Misc/NEWS.d/next/Windows/2022-03-07-16-34-11.bpo-46948.Ufd4tG.rst @@ -0,0 +1,2 @@ +Prevent CVE-2022-26488 by ensuring the Add to PATH option in the Windows +installer uses the correct path when being repaired. diff --git a/Tools/msi/appendpath/appendpath.wxs b/Tools/msi/appendpath/appendpath.wxs index e8d7a9d..bba186c 100644 --- a/Tools/msi/appendpath/appendpath.wxs +++ b/Tools/msi/appendpath/appendpath.wxs @@ -3,6 +3,7 @@ + diff --git a/Tools/msi/bundle/bundle.wxs b/Tools/msi/bundle/bundle.wxs index 0683f87..ac4b7a6 100644 --- a/Tools/msi/bundle/bundle.wxs +++ b/Tools/msi/bundle/bundle.wxs @@ -108,8 +108,8 @@ - + diff --git a/Tools/msi/common.wxs b/Tools/msi/common.wxs index 398d94a..d8f3cde 100644 --- a/Tools/msi/common.wxs +++ b/Tools/msi/common.wxs @@ -53,11 +53,23 @@ - + + - + + + + + + + + + + + + diff --git a/Tools/msi/dev/dev.wxs b/Tools/msi/dev/dev.wxs index cfc4c44..15a0836 100644 --- a/Tools/msi/dev/dev.wxs +++ b/Tools/msi/dev/dev.wxs @@ -4,6 +4,7 @@ + diff --git a/Tools/msi/doc/doc.wxs b/Tools/msi/doc/doc.wxs index d05936f..1d7706b 100644 --- a/Tools/msi/doc/doc.wxs +++ b/Tools/msi/doc/doc.wxs @@ -4,6 +4,7 @@ + diff --git a/Tools/msi/lib/lib.wxs b/Tools/msi/lib/lib.wxs index 5c67420..e417e31 100644 --- a/Tools/msi/lib/lib.wxs +++ b/Tools/msi/lib/lib.wxs @@ -4,6 +4,7 @@ + diff --git a/Tools/msi/path/path.wxs b/Tools/msi/path/path.wxs index 496f9d0..3285439 100644 --- a/Tools/msi/path/path.wxs +++ b/Tools/msi/path/path.wxs @@ -2,7 +2,8 @@ - + + diff --git a/Tools/msi/tcltk/tcltk.wxs b/Tools/msi/tcltk/tcltk.wxs index fdd6da3..bad56d5 100644 --- a/Tools/msi/tcltk/tcltk.wxs +++ b/Tools/msi/tcltk/tcltk.wxs @@ -4,6 +4,7 @@ + diff --git a/Tools/msi/test/test.wxs b/Tools/msi/test/test.wxs index bf601f4..9e497e7 100644 --- a/Tools/msi/test/test.wxs +++ b/Tools/msi/test/test.wxs @@ -4,6 +4,7 @@ + diff --git a/Tools/msi/tools/tools.wxs b/Tools/msi/tools/tools.wxs index bb6436c..c06b3c2 100644 --- a/Tools/msi/tools/tools.wxs +++ b/Tools/msi/tools/tools.wxs @@ -4,6 +4,7 @@ + diff --git a/Tools/msi/ucrt/ucrt.wxs b/Tools/msi/ucrt/ucrt.wxs index 525130c..e9e2a9a 100644 --- a/Tools/msi/ucrt/ucrt.wxs +++ b/Tools/msi/ucrt/ucrt.wxs @@ -4,6 +4,7 @@ + -- cgit v0.12