build: Fix condition to run SchedSecureObjects action for MSI build

g-bougard · g-bougard · commit b99231f35ad4 · 2024-04-02T17:41:21.000+02:00
diff --git a/Changes b/Changes
@@ -78,10 +78,10 @@ packaging:
 1.7.3 not yet released
 
 packaging:
-* Fix LOCAL is set to installation folder when LOCAL is not used on MSI windows
-  installation, and even if it was set empty in installer UI
-* Enhanced CVE-2024-28241 fix to only apply folder security if folder is not a
-  subfolder of system "Program Files" folder
+* Fix LOCAL was set to installation folder during windows MSI installation v1.7.2,
+  even if LOCAL was not used or it was set empty in installer UI
+* Enhanced CVE-2024-28241 fix to only apply folder security if install folder and
+  eventually LOCAL folder are subfolders of system "Program Files" folder
 
 1.7.2 Mon, 25 Mar 2024
 
diff --git a/contrib/windows/packaging/MSI_main-v2.wxs.tt b/contrib/windows/packaging/MSI_main-v2.wxs.tt
@@ -97,8 +97,8 @@
       <RegistrySearch Id="Local" Root="HKLM" Key="[%agent_regpath%]" Name="local" Type="raw"/>
     </Property>
     <SetProperty Id="CMDLINE_LOCAL"   Before="AppSearch" Value="[LOCAL]" />
-    <!-- Also compare to UPGRADEDIR to fix wrongly set LOCAL in 1.7.2 -->
-    <SetProperty Id="LOCAL"           After="AppSearch"  Value="[CMDLINE_LOCAL]"><![CDATA[CMDLINE_LOCAL<>"" OR (UPGRADEDIR<>"" AND LOCAL=UPGRADEDIR) OR CMDLINE_CONFIG="reset"]]></SetProperty>
+    <!-- Also compare to INSTALLDIR to fix wrongly set LOCAL in 1.7.2 -->
+    <SetProperty Id="LOCAL"           After="AppSearch"  Value="[CMDLINE_LOCAL]"><![CDATA[CMDLINE_LOCAL<>"" OR LOCAL=INSTALLDIR OR CMDLINE_CONFIG="reset"]]></SetProperty>
     <SetDirectory Id="_LOCALDIR"      Before="CostFinalize" Value="[LOCAL]" />
 
     <Property Id="ADDITIONAL_CONTENT" Secure="yes">
@@ -525,17 +525,17 @@
       <LaunchConditions Sequence="400" />
 
 [%- IF bits==32 %]
-      <Custom Action="SchedSecureObjects" After="CreateFolders"><![CDATA[(NOT INSTALLDIR<<ProgramFilesFolder OR (LOCAL<>"" AND NOT LOCAL<<ProgramFiles64Folder)) AND NOT REMOVE~="ALL"]]></Custom>
-      <Custom Action="SetFixInstallDir" After="SchedSecureObjects"><![CDATA[NOT INSTALLDIR<<ProgramFilesFolder AND NOT REMOVE~="ALL"]]></Custom>
-      <Custom Action="FixInstallDir" After="SetFixInstallDir"><![CDATA[NOT INSTALLDIR<<ProgramFilesFolder AND NOT REMOVE~="ALL"]]></Custom>
-      <Custom Action="SetFixLocalDir" After="SchedSecureObjects"><![CDATA[LOCAL<>"" AND NOT LOCAL<<ProgramFilesFolder AND NOT REMOVE~="ALL"]]></Custom>
-      <Custom Action="FixLocalDir" After="SetFixLocalDir"><![CDATA[LOCAL<>"" AND NOT LOCAL<<ProgramFilesFolder AND NOT REMOVE~="ALL"]]></Custom>
+      <Custom Action="SchedSecureObjects" After="CreateFolders"><![CDATA[NOT (INSTALLDIR<<ProgramFilesFolder AND (NOT LOCAL OR LOCAL<<ProgramFilesFolder)) AND NOT REMOVE~="ALL"]]></Custom>
+      <Custom Action="SetFixInstallDir" After="SchedSecureObjects"><![CDATA[NOT (INSTALLDIR<<ProgramFilesFolder AND (NOT LOCAL OR LOCAL<<ProgramFilesFolder)) AND NOT REMOVE~="ALL"]]></Custom>
+      <Custom Action="FixInstallDir" After="SetFixInstallDir"><![CDATA[NOT (INSTALLDIR<<ProgramFilesFolder AND (NOT LOCAL OR LOCAL<<ProgramFilesFolder)) AND NOT REMOVE~="ALL"]]></Custom>
+      <Custom Action="SetFixLocalDir" After="SchedSecureObjects"><![CDATA[LOCAL<>"" AND NOT (INSTALLDIR<<ProgramFilesFolder AND LOCAL<<ProgramFilesFolder) AND NOT REMOVE~="ALL"]]></Custom>
+      <Custom Action="FixLocalDir" After="SetFixLocalDir"><![CDATA[LOCAL<>"" AND NOT (INSTALLDIR<<ProgramFilesFolder AND LOCAL<<ProgramFilesFolder) AND NOT REMOVE~="ALL"]]></Custom>
 [%- ELSE %]
-      <Custom Action="SchedSecureObjects_x64" After="CreateFolders"><![CDATA[(NOT INSTALLDIR<<ProgramFiles64Folder OR (LOCAL<>"" AND NOT LOCAL<<ProgramFiles64Folder)) AND NOT REMOVE~="ALL"]]></Custom>
-      <Custom Action="SetFixInstallDir" After="SchedSecureObjects_x64"><![CDATA[NOT INSTALLDIR<<ProgramFiles64Folder AND NOT REMOVE~="ALL"]]></Custom>
-      <Custom Action="FixInstallDir" After="SetFixInstallDir"><![CDATA[NOT INSTALLDIR<<ProgramFiles64Folder AND NOT REMOVE~="ALL"]]></Custom>
-      <Custom Action="SetFixLocalDir" After="SchedSecureObjects_x64"><![CDATA[LOCAL<>"" AND NOT LOCAL<<ProgramFiles64Folder AND NOT REMOVE~="ALL"]]></Custom>
-      <Custom Action="FixLocalDir" After="SetFixLocalDir"><![CDATA[LOCAL<>"" AND NOT LOCAL<<ProgramFiles64Folder AND NOT REMOVE~="ALL"]]></Custom>
+      <Custom Action="SchedSecureObjects_x64" After="CreateFolders"><![CDATA[NOT (INSTALLDIR<<ProgramFiles64Folder AND (NOT LOCAL OR LOCAL<<ProgramFiles64Folder)) AND NOT REMOVE~="ALL"]]></Custom>
+      <Custom Action="SetFixInstallDir" After="SchedSecureObjects_x64"><![CDATA[NOT (INSTALLDIR<<ProgramFiles64Folder AND (NOT LOCAL OR LOCAL<<ProgramFiles64Folder)) AND NOT REMOVE~="ALL"]]></Custom>
+      <Custom Action="FixInstallDir" After="SetFixInstallDir"><![CDATA[NOT (INSTALLDIR<<ProgramFiles64Folder AND (NOT LOCAL OR LOCAL<<ProgramFiles64Folder)) AND NOT REMOVE~="ALL"]]></Custom>
+      <Custom Action="SetFixLocalDir" After="SchedSecureObjects_x64"><![CDATA[LOCAL<>"" AND NOT (INSTALLDIR<<ProgramFiles64Folder AND LOCAL<<ProgramFiles64Folder) AND NOT REMOVE~="ALL"]]></Custom>
+      <Custom Action="FixLocalDir" After="SetFixLocalDir"><![CDATA[LOCAL<>"" AND NOT (INSTALLDIR<<ProgramFiles64Folder AND LOCAL<<ProgramFiles64Folder) AND NOT REMOVE~="ALL"]]></Custom>
 [%- END %]
       <Custom Action="UpdateLocalDir" Before="CostFinalize"><![CDATA[LOCAL<>"" AND NOT LOCAL>>"\" AND NOT REMOVE~="ALL"]]></Custom>
 
