-
-
Notifications
You must be signed in to change notification settings - Fork 624
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Launcher: Update to latest build of NSIS to address potential Security Issues #9134
Comments
Note that the launcher is only used to start NVDA from it, it doesn't perform the installation itself. Having said that, I've thought about updating NSIS as well, but it doesn't have that much priority. Giving it p3 for now. |
hello |
hello |
Fixes #13270, #9134 May fix #13329, #13222 NSIS 2.51 has been removed from miscDeps in Remove old version of NSIS to be moved to separate submodule nvda-misc-deps#24 NSIS 3.08 has been added to a new submodule in Add NSIS 3.08 distribution NSIS-build#2 Steps for updating NSIS have been added in Add process for updating NSIS NSIS-build#1 Summary of the issue: NSIS is outdated (version 2.51 is from 2016). A variety of issues have been coming up with the installer: If special characters are in the path, the NSIS fails to run the installer Installer is failing to start on certain builds of Windows (Windows 7 SP1, Windows 11 ARM, Windows 10 21H2) Description of how this pull request fixes the issue: NSIS has been moved to its own submodule (currently private while reviewing the repository settings). this includes adding steps for updating in the future NSIS has been updated to 3.08. The UAC plugin has been removed, as it is now redundant. NSIS elevates the uninstaller automatically now, rather than needing the UAC plugin. This has been confirmed with testing. Minor build warnings have been fixed. Testing strategy: Follow the testing strategy in the NSIS submodule readme Commit history: * use latest nsis * remove redundant plugin code * Update NSIS link * Fix build warnings for the installer and uninstaller Fixes the following build warnings For the installer: warning: !warning: MUI_LANGUAGE[EX] should be inserted after the MUI_[UN]PAGE_* macros (macro:MUI_LANGUAGEEX:6) For the uninstaller: 9100: Generating version information for language "1033-English" without standard key "FileVersion" * add zh-hk information * Update submodule commits * update changes
Closed via #13398 |
NVDA is currently built with NSIS 2.51; however, in the latest builds of the installer several security issues have been address that could result in potential DLL hijacking (see https://nsis.sourceforge.io/Docs/AppendixF.html and search for "security" for more info). To prevent this, could we update to the latest NSIS build?
The text was updated successfully, but these errors were encountered: