Difference between revisions of "Flash Player"
m (reboot="true" is an overkill for a browser plug-in, changed to postponed) |
m (reboot="true" is an overkill for a browser plug-in, changed to postponed) |
||
Line 186: | Line 186: | ||
</check> | </check> | ||
<install cmd='msiexec /q /i %SOFTWARE%\Flash\install_flash_player_active_x.msi'> | <install cmd='msiexec /q /i %SOFTWARE%\Flash\install_flash_player_active_x.msi'> | ||
− | <exit code="3010" reboot=" | + | <exit code="3010" reboot="postponed" /> |
</install> | </install> | ||
<upgrade cmd='msiexec /q /i %SOFTWARE%\Flash\install_flash_player_active_x.msi'> | <upgrade cmd='msiexec /q /i %SOFTWARE%\Flash\install_flash_player_active_x.msi'> | ||
− | <exit code="3010" reboot=" | + | <exit code="3010" reboot="postponed" /> |
</upgrade> | </upgrade> | ||
<remove cmd='MsiExec.exe /qn /X{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}'/> | <remove cmd='MsiExec.exe /qn /X{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}'/> |
Revision as of 22:04, 2 April 2009
You are encouraged to update for security reasons to version 10.0.22.87: http://www.adobe.com/support/security/bulletins/apsb09-01.html.
Contents
Adobe Flash Player 10 for Internet Explorer with Win64bit check
<package
id="flashplayer_ie"
name="Adobe Flash Player 10 for IE"
revision="4"
reboot="false"
priority="10">
<check type="logical" condition="or">
<check type="logical" condition="and">
<check type="uninstall" condition="exists" path="Adobe Flash Player 10 ActiveX" />
<check type="file" condition="versionequalto" path="%SYSTEMROOT%\system32\Macromed\Flash\Flash10b.ocx" value="10.0.22.87"/>
</check>
<check type="logical" condition="and">
<check type="uninstall" condition="exists" path="Adobe Flash Player 10 ActiveX" />
<check type="file" condition="versionequalto" path="%SYSTEMROOT%\SysWOW64\Macromed\Flash\Flash10b.ocx" value="10.0.22.87"/>
</check>
</check>
<install cmd='%SOFTWARE%\flash\install_flash_player_ax.exe /S' />
<upgrade cmd='%SOFTWARE%\flash\install_flash_player_ax.exe /S' />
<remove cmd='%COMSPEC% /C if exist "%SYSTEMROOT%\system32\Macromed\Flash\uninstall_activeX.exe" "%SYSTEMROOT%\system32\Macromed\Flash\uninstall_activeX.exe" /S'/>
<remove cmd='%COMSPEC% /C if exist "%SYSTEMROOT%\SysWOW64\Macromed\Flash\uninstall_activeX.exe" "%SYSTEMROOT%\SysWOW64\Macromed\Flash\uninstall_activeX.exe" /S'/>
</package>
Adobe Flash Player 10 for Firefox/Opera with Win64bit check
<package
id="flashplayer_mozilla"
name="Adobe Flash Player 10 for Mozilla/Opera"
revision="4"
reboot="false"
priority="10">
<check type="logical" condition="or">
<check type="logical" condition="and">
<check type="uninstall" condition="exists" path="Adobe Flash Player 10 Plugin" />
<check type="file" condition="versionequalto" path="%SYSTEMROOT%\system32\Macromed\Flash\NPSWF32.dll" value="10.0.22.87" />
</check>
<check type="logical" condition="and">
<check type="uninstall" condition="exists" path="Adobe Flash Player 10 Plugin" />
<check type="file" condition="versionequalto" path="%SYSTEMROOT%\SysWOW64\Macromed\Flash\NPSWF32.dll" value="10.0.22.87" />
</check>
</check>
<install cmd='%SOFTWARE%\flash\install_flash_player.exe /S' />
<upgrade cmd='%SOFTWARE%\flash\install_flash_player.exe /S' />
<remove cmd='%COMSPEC% /C if exist "%SYSTEMROOT%\system32\Macromed\Flash\uninstall_plugin.exe" "%SYSTEMROOT%\system32\Macromed\Flash\uninstall_plugin.exe" /S'/>
<remove cmd='%COMSPEC% /C if exist "%SYSTEMROOT%\SysWOW64\Macromed\Flash\uninstall_plugin.exe" "%SYSTEMROOT%\SysWOW64\Macromed\Flash\uninstall_plugin.exe" /S'/>
</package>
Disable Automatic Update dialog in Adobe Flash Player 10 (and 9)
It seems that Flash checks in to the mother ship Adobe at regular bases to check if there is an update available. And if so, it presents the user with a dialog asking if he wants to upgrade Flash to the latest version, which is what we don't want when the software is managed by WPKG. To prevent this from happening, you can do the following:
- create a file named "mms.cfg" (if you don't already have it for other flash settings)
- add an entry in this file: AutoUpdateDisable=1
- this file now has to be added to the FlashPlayer installation directory during the install of the package. You can do this by just plain copying the file into that directory. Add the next lines to your Flash package:
Right after the installation:
<install cmd='%COMSPEC% /c copy /y /v "%SOFTWARE%\FlashPlayer\mms.cfg" %WINDIR%\system32\Macromed\Flash\' />
Right after the upgrade:
<upgrade cmd='%COMSPEC% /c copy /y /v "%SOFTWARE%\FlashPlayer\mms.cfg" %WINDIR%\system32\Macromed\Flash\' />
Right before the uninstall:
<remove cmd='%COMSPEC% /c del /s /q "%WINDIR%\system32\Macromed\Flash\mms.cfg"' />
Or you could create a separate package for this setting.
Note: This probably also works for older versions of Flash (<9), but I believe the mms.cfg file then has to be copied to the Windows\system32 directory?
Adobe Flash Player security settings for "Clickjacking" vulnerability (APSA08-08)
Waiting for the next version of Flash Player to be available, you are strongly encouraged to apply the following settings for security reasons: http://www.adobe.com/support/security/advisories/apsa08-08.html.
According to bulletin and to the "Adobe Flash Player Administration Guide" (you find the link in the same security bulletin):
- create a file named "mms.cfg"
- write in this file the lines containing the "ParameterName = ParameterValue" pairs you need, "AVHardwareDisable = 1" in this APSA08-08 case
- deploy it with the following WPKG package
<package id="flash-settings" name="Adobe Flash Player settings for APSA08-08 vulnerability" revision="1" reboot="false" priority="0" execute="once">
<install cmd='%COMSPEC% /c copy /Y "%SOFTWARE%\Flash\settings\mms.cfg " "%WINDIR%\system32\Macromed\Flash\" ' />
</package>
Or you could just integrate this line with the installation packages above, if you do not want to keep it as a separate package.
Older versions
Adobe Flash Player 9.0.124.0 for Firefox
You are encouraged to upgrade for security reasons: http://www.adobe.com/support/security/bulletins/apsb08-11.html and then to apply the security settings for "Clickjacking" vulnerability (APSA08-08) defined below.
Installer packaged as an executable, installs as a plugin. Sometimes it is upgraded only on the second run of wpkg, it must be a timing issue between installing over previous version and checking conditions.
<package id="flashplayerfirefox" name="Adobe Flash Player for Firefox" revision="1" reboot="false" priority="0">
<depends package-id="firefox"/>
<check type="file" condition="versiongreaterorequal" path="%WINDIR%\system32\Macromed\Flash\NPSWF32.dll" value="9.0.124.0"/>
<install cmd='%SOFTWARE%\Flash\install_flash_player.exe /S' />
<upgrade cmd='%SOFTWARE%\Flash\install_flash_player.exe /S' />
<remove cmd='%WINDIR%\system32\Macromed\Flash\uninstall_plugin.exe /S'/>
</package>
It's good to kill Firefox application process before installing, since the installer won't work with browser running. To do this add to code:
<install cmd="taskkill /F /IM Firefox.exe">
<exit code="0" />
<exit code="128" />
</install>
And of course:
<upgrade cmd="taskkill /F /IM Firefox.exe">
<exit code="0" />
<exit code="128" />
</upgrade>
Adobe Flash Player 9.0.124.0 for Internet Explorer
You are encouraged to upgrade for security reasons: http://www.adobe.com/support/security/bulletins/apsb08-11.html and then to apply the security settings for "Clickjacking" vulnerability (APSA08-08) defined below.
Installer packaged as .msi, installs as an ActiveX. You can download it from http://fpdownload.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_active_x.msi - make sure you comply with the license: http://www.adobe.com/licensing/distribution/.
The line "Adobe Flash Player 9 ActiveX" in Control Panel's Add/Remove Programs doesn't show any minor version, so both this line and the detailed ocx's file version have to be checked with a logical and condition.
<package id="flashplayerie" name="Adobe Flash Player for Internet Explorer" revision="1" reboot="false" priority="0">
<check type="logical" condition="and">
<check type="file" condition="versiongreaterorequal" path="%WINDIR%\system32\Macromed\Flash\Flash9f.ocx" value="9.0.124.0"/>
<check type="uninstall" condition="exists" path="Adobe Flash Player 9 ActiveX"/>
</check>
<install cmd='msiexec /q /i %SOFTWARE%\Flash\install_flash_player_active_x.msi'>
<exit code="3010" reboot="true" />
</install>
<upgrade cmd='msiexec /q /i %SOFTWARE%\Flash\install_flash_player_active_x.msi'>
<exit code="3010" reboot="true" />
</upgrade>
<remove cmd='MsiExec.exe /qn /X{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}'/>
</package>
Adobe Flash Player 9.0.115.0 for Firefox
Installer packaged as an executable, installs as a plugin.
<package id="flashplayerfirefox" name="Adobe Flash Player for Firefox" revision="1" reboot="false" priority="0">
<depends package-id="firefox"/>
<check type="file" condition="versiongreaterorequal" path="%WINDIR%\system32\Macromed\Flash\NPSWF32.dll" value="9.0.115.0"/>
<install cmd='%SOFTWARE%\Flash\install_flash_player /S' />
<upgrade cmd='%SOFTWARE%\Flash\install_flash_player /S' />
<remove cmd='%WINDIR%\system32\Macromed\Flash\uninstall_plugin.exe /S'/>
</package>
Adobe Flash Player 9.0.115.0 for Internet Explorer
Installer packaged as .msi, installs as an ActiveX. The line "Adobe Flash Player 9 ActiveX" in Control Panel's Add/Remove Programs doesn't show any minor version, so both this line and the detailed ocx's file version have to be checked with a logical and condition.
<package id="flashplayerie" name="Adobe Flash Player for Internet Explorer" revision="1" reboot="false" priority="0">
<check type="logical" condition="and">
<check type="file" condition="versiongreaterorequal" path="%WINDIR%\system32\Macromed\Flash\Flash9e.ocx" value="9.0.115.0"/>
<check type="uninstall" condition="exists" path="Adobe Flash Player 9 ActiveX"/>
</check>
<install cmd='msiexec /q /i %SOFTWARE%\Flash\install_flash_player_active_x.msi'>
<exit code="3010" reboot="postponed" />
</install>
<upgrade cmd='msiexec /q /i %SOFTWARE%\Flash\install_flash_player_active_x.msi'>
<exit code="3010" reboot="postponed" />
</upgrade>
<remove cmd='MsiExec.exe /qn /X{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}'/>
</package>
Adobe Flash Player 9.0.47.0 for Firefox
Installer packaged as an executable, installs as a plugin. Didn't test if the uninstall_plugin.exe in the remove line removes both this and Internet Explorer Flash Player ActiveX.
<package id="flashplayerfirefox" name="Adobe Flash Player for Firefox" revision="1" reboot="false" priority="0">
<depends package-id="firefox"/>
<check type="file" condition="versiongreaterorequal" path="%WINDIR%\system32\Macromed\Flash\NPSWF32.dll" value="9.0.47.0"/>
<install cmd='%SOFTWARE%\Flash\install_flash_player /S' />
<upgrade cmd='%SOFTWARE%\Flash\install_flash_player /S' />
<remove cmd='%WINDIR%\system32\Macromed\Flash\uninstall_plugin.exe /S'/>
</package>
Adobe Flash Player 9.0.47.0 for Internet Explorer
Installer packaged as .msi, installs as an ActiveX. The line "Adobe Flash Player 9 ActiveX" in Control Panel's Add/Remove Programs doesn't show any minor version, so both this line and the detailed ocx's file version have to be checked with a logical and condition.
<package id="flashplayerie" name="Adobe Flash Player for Internet Explorer" revision="1" reboot="false" priority="0">
<check type="logical" condition="and">
<check type="file" condition="versiongreaterorequal" path="%WINDIR%\system32\Macromed\Flash\Flash9d.ocx" value="9.0.47.0"/>
<check type="uninstall" condition="exists" path="Adobe Flash Player 9 ActiveX"/>
</check>
<install cmd='msiexec /q /i %SOFTWARE%\Flash\install_flash_player_active_x.msi'>
<exit code="3010" reboot="postponed" />
</install>
<upgrade cmd='msiexec /q /i %SOFTWARE%\Flash\install_flash_player_active_x.msi'>
<exit code="3010" reboot="postponed" />
</upgrade>
<remove cmd='MsiExec.exe /qn /X{786547F9-59BB-4FA3-B2D8-327FF1F14870}'/>
</package>