Difference between revisions of "Flash Player"

From WPKG | Open Source Software Deployment and Distribution
Jump to: navigation, search
(SECURITY - Update to version 10.0.32.18 also for Internet Explorer)
(Updated Flash 10 section, rewrote Flash 9 section to reflect v 9.0.246.0 release which fixes clickjacking vuln)
Line 7: Line 7:
 
     id="flashplayer_ie"
 
     id="flashplayer_ie"
 
     name="Adobe Flash Player 10 for IE"
 
     name="Adobe Flash Player 10 for IE"
     revision="5"
+
     revision="20090725"
 
     reboot="false"
 
     reboot="false"
 
     priority="10">
 
     priority="10">
Line 37: Line 37:
 
     id="flashplayer_mozilla"
 
     id="flashplayer_mozilla"
 
     name="Adobe Flash Player 10 for Mozilla/Opera"
 
     name="Adobe Flash Player 10 for Mozilla/Opera"
     revision="5"
+
     revision="20090725"
 
     reboot="false"
 
     reboot="false"
 
     priority="10">
 
     priority="10">
Line 61: Line 61:
 
</source>
 
</source>
  
== Disable Automatic Update dialog in Adobe Flash Player 10 (and 9) ==
+
== Disable Automatic Update dialog in Adobe Flash Player ==
  
It seems that Flash checks in to the mother ship Adobe at regular bases to check if there is an update available. And if so, it presents the user with a dialog asking if he wants to upgrade Flash to the latest version, which is what we don't want when the software is managed by WPKG.
+
It seems that Flash checks in to the mother ship Adobe at regular bases to check if there is an update available. And if so, it presents the user with a dialog asking if he wants to upgrade Flash to the latest version, which is what we don't want when the software is managed by WPKG. To prevent this from happening, you can do the following:
To prevent this from happening, you can do the following:
+
  
 
* create a file named "mms.cfg" (if you don't already have it for other flash settings)
 
* create a file named "mms.cfg" (if you don't already have it for other flash settings)
 
* add an entry in this file: AutoUpdateDisable=1
 
* add an entry in this file: AutoUpdateDisable=1
* this file now has to be added to the FlashPlayer installation directory during the install of the package. You can do this by just plain copying the file into that directory. Add the next lines to your Flash package:
+
* this file now has to be added to the FlashPlayer installation directory during the install of the package. You can do this by copying the file into that directory. Add the next lines to your Flash package:
 
Right after the installation:
 
Right after the installation:
 
<source lang="xml">
 
<source lang="xml">
Line 87: Line 86:
 
Or you could create a separate package for this setting.
 
Or you could create a separate package for this setting.
  
Note: This probably also works for older versions of Flash (<9), but I believe the mms.cfg file then has to be copied to the Windows\system32 directory?
+
This file will prevent current and older versions of Flash from auto-updating.
 
+
== Adobe Flash Player security settings for "Clickjacking" vulnerability (APSA08-08) ==
+
 
+
Waiting for the next version of Flash Player to be available, you are strongly encouraged to apply the following settings for security reasons: http://www.adobe.com/support/security/advisories/apsa08-08.html.
+
 
+
According to bulletin and to the "Adobe Flash Player Administration Guide" (you find the link in the same security bulletin):
+
 
+
* create a file named "mms.cfg"
+
* write in this file the lines containing the "ParameterName = ParameterValue" pairs you need, "AVHardwareDisable = 1" in this APSA08-08 case
+
* deploy it with the following WPKG package
+
 
+
<source lang="xml">
+
<package id="flash-settings" name="Adobe Flash Player settings for APSA08-08 vulnerability" revision="1" reboot="false" priority="0" execute="once">
+
  <install cmd='%COMSPEC% /c copy /Y "%SOFTWARE%\Flash\settings\mms.cfg " "%WINDIR%\system32\Macromed\Flash\" ' />
+
</package>
+
</source>
+
 
+
Or you could just integrate this line with the installation packages above, if you do not want to keep it as a separate package.
+
  
 
== Older versions ==
 
== Older versions ==
  
=== Adobe Flash Player 9.0.124.0 for Firefox ===
+
=== Adobe Flash Player 9.0.246.0 for Firefox ===
  
You are encouraged to upgrade for security reasons: http://www.adobe.com/support/security/bulletins/apsb08-11.html and then to apply the security settings for "Clickjacking" vulnerability (APSA08-08) defined below.
+
You are encouraged to upgrade for security reasons: http://www.adobe.com/support/security/bulletins/apsb08-11.html and [http://www.adobe.com/support/security/advisories/apsa08-08.html the click-jacking vulnerability] are both addressed in this update. It can be downloaded from [http://kb2.adobe.com/cps/406/kb406791.html here].
  
 
Installer packaged as an executable, installs as a plugin. Sometimes it is upgraded only on the second run of wpkg, it must be a timing issue between installing over previous version and checking conditions.
 
Installer packaged as an executable, installs as a plugin. Sometimes it is upgraded only on the second run of wpkg, it must be a timing issue between installing over previous version and checking conditions.
Line 118: Line 99:
 
<package id="flashplayerfirefox" name="Adobe Flash Player for Firefox" revision="1" reboot="false" priority="0">
 
<package id="flashplayerfirefox" name="Adobe Flash Player for Firefox" revision="1" reboot="false" priority="0">
 
   <depends package-id="firefox"/>
 
   <depends package-id="firefox"/>
   <check type="file" condition="versiongreaterorequal" path="%WINDIR%\system32\Macromed\Flash\NPSWF32.dll" value="9.0.124.0"/>
+
   <check type="file" condition="versiongreaterorequal" path="%WINDIR%\system32\Macromed\Flash\NPSWF32.dll" value="9.0.246.0"/>
 
   <install cmd='%SOFTWARE%\Flash\install_flash_player.exe /S' />
 
   <install cmd='%SOFTWARE%\Flash\install_flash_player.exe /S' />
 
   <upgrade cmd='%SOFTWARE%\Flash\install_flash_player.exe /S' />
 
   <upgrade cmd='%SOFTWARE%\Flash\install_flash_player.exe /S' />
Line 140: Line 121:
 
</source>
 
</source>
  
=== Adobe Flash Player 9.0.124.0 for Internet Explorer ===
+
=== Adobe Flash Player 9.0.246.0 for Internet Explorer ===
  
You are encouraged to upgrade for security reasons: http://www.adobe.com/support/security/bulletins/apsb08-11.html and then to apply the security settings for "Clickjacking" vulnerability (APSA08-08) defined below.
+
The same reasons for upgrading apply as for the plugin version above, and it can be downloaded from the same place. It is packaged as a .exe file, so presumably has the same installation/removal/upgrade syntax as the plugin version above, but the following code has not been tested.
 
+
Installer packaged as .msi, installs as an ActiveX. You can download it from http://fpdownload.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_active_x.msi - make sure you comply with the license: http://www.adobe.com/licensing/distribution/.
+
 
+
The line "Adobe Flash Player 9 ActiveX" in Control Panel's Add/Remove Programs doesn't show any minor version, so both this line and the detailed ocx's file version have to be checked with a logical and condition.
+
  
 
<source lang="xml">
 
<source lang="xml">
<package id="flashplayerie" name="Adobe Flash Player for Internet Explorer" revision="1" reboot="false" priority="0">
+
<package id="flashplayeractivex" name="ActiveX Flash Player" revision="20090730" reboot="false" priority="0">
   <check type="logical" condition="and">
+
   <check type="file" condition="versionequalto" path="%SYSTEMROOT%\system32\Macromed\Flash\Flash9c.ocx" value="9.0.246.0"/>
    <check type="file" condition="versiongreaterorequal" path="%WINDIR%\system32\Macromed\Flash\Flash9f.ocx" value="9.0.124.0"/>
+
   <install cmd='%SOFTWARE%\Flash\install_flash_player_ax.exe /S' />
    <check type="uninstall" condition="exists" path="Adobe Flash Player 9 ActiveX"/>
+
   <upgrade cmd='%SOFTWARE%\Flash\install_flash_player_ax.exe /S' />
  </check>
+
   <remove cmd='%COMSPEC% /C if exist "%SYSTEMROOT%\system32\Macromed\Flash\uninstall_activeX.exe" "%SYSTEMROOT%\system32\Macromed\Flash\uninstall_activeX.exe" /S'/>
   <install cmd='msiexec /q /i %SOFTWARE%\Flash\install_flash_player_active_x.msi'>
+
    <exit code="3010" reboot="true" />
+
  </install>
+
   <upgrade cmd='msiexec /q /i %SOFTWARE%\Flash\install_flash_player_active_x.msi'>
+
    <exit code="3010" reboot="true" />
+
  </upgrade>
+
   <remove cmd='MsiExec.exe /qn /X{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}'/>
+
 
</package>
 
</package>
 
</source>
 
</source>
 
=== Adobe Flash Player 9.0.115.0 for Firefox ===
 
 
Installer packaged as an executable, installs as a plugin.
 
 
<source lang="xml">
 
<package id="flashplayerfirefox" name="Adobe Flash Player for Firefox" revision="1" reboot="false" priority="0">
 
  <depends package-id="firefox"/>
 
  <check type="file" condition="versiongreaterorequal" path="%WINDIR%\system32\Macromed\Flash\NPSWF32.dll" value="9.0.115.0"/>
 
  <install cmd='%SOFTWARE%\Flash\install_flash_player /S' />
 
  <upgrade cmd='%SOFTWARE%\Flash\install_flash_player /S' />
 
  <remove cmd='%WINDIR%\system32\Macromed\Flash\uninstall_plugin.exe /S'/>
 
</package>
 
</source>
 
 
=== Adobe Flash Player 9.0.115.0 for Internet Explorer ===
 
 
Installer packaged as .msi, installs as an ActiveX. The line "Adobe Flash Player 9 ActiveX" in Control Panel's Add/Remove Programs doesn't show any minor version, so both this line and the detailed ocx's file version have to be checked with a logical and condition.
 
 
<source lang="xml">
 
<package id="flashplayerie" name="Adobe Flash Player for Internet Explorer" revision="1" reboot="false" priority="0">
 
  <check type="logical" condition="and">
 
    <check type="file" condition="versiongreaterorequal" path="%WINDIR%\system32\Macromed\Flash\Flash9e.ocx" value="9.0.115.0"/>
 
    <check type="uninstall" condition="exists" path="Adobe Flash Player 9 ActiveX"/>
 
  </check>
 
  <install cmd='msiexec /q /i %SOFTWARE%\Flash\install_flash_player_active_x.msi'>
 
    <exit code="3010" reboot="postponed" />
 
  </install>
 
  <upgrade cmd='msiexec /q /i %SOFTWARE%\Flash\install_flash_player_active_x.msi'>
 
    <exit code="3010" reboot="postponed" />
 
  </upgrade>
 
  <remove cmd='MsiExec.exe /qn /X{8E9DB7EF-5DD3-499E-BA2A-A1F3153A4DF8}'/>
 
</package>
 
</source>
 
 
=== Adobe Flash Player 9.0.47.0 for Firefox ===
 
 
Installer packaged as an executable, installs as a plugin. Didn't test if the uninstall_plugin.exe in the remove line removes both this and Internet Explorer Flash Player ActiveX.
 
 
<source lang="xml">
 
<package id="flashplayerfirefox" name="Adobe Flash Player for Firefox" revision="1" reboot="false" priority="0">
 
  <depends package-id="firefox"/>
 
  <check type="file" condition="versiongreaterorequal" path="%WINDIR%\system32\Macromed\Flash\NPSWF32.dll" value="9.0.47.0"/>
 
  <install cmd='%SOFTWARE%\Flash\install_flash_player /S' />
 
  <upgrade cmd='%SOFTWARE%\Flash\install_flash_player /S' />
 
  <remove cmd='%WINDIR%\system32\Macromed\Flash\uninstall_plugin.exe /S'/>
 
</package>
 
</source>
 
 
=== Adobe Flash Player 9.0.47.0 for Internet Explorer ===
 
 
Installer packaged as .msi, installs as an ActiveX. The line "Adobe Flash Player 9 ActiveX" in Control Panel's Add/Remove Programs doesn't show any minor version, so both this line and the detailed ocx's file version have to be checked with a logical and condition.
 
 
<source lang="xml">
 
<package id="flashplayerie" name="Adobe Flash Player for Internet Explorer" revision="1" reboot="false" priority="0">
 
  <check type="logical" condition="and">
 
    <check type="file" condition="versiongreaterorequal" path="%WINDIR%\system32\Macromed\Flash\Flash9d.ocx" value="9.0.47.0"/>
 
    <check type="uninstall" condition="exists" path="Adobe Flash Player 9 ActiveX"/>
 
  </check>
 
  <install cmd='msiexec /q /i %SOFTWARE%\Flash\install_flash_player_active_x.msi'>
 
    <exit code="3010" reboot="postponed" />
 
  </install>
 
  <upgrade cmd='msiexec /q /i %SOFTWARE%\Flash\install_flash_player_active_x.msi'>
 
    <exit code="3010" reboot="postponed" />
 
  </upgrade>
 
  <remove cmd='MsiExec.exe /qn /X{786547F9-59BB-4FA3-B2D8-327FF1F14870}'/>
 
</package>
 
</source>
 
 
  
 
[[category:Silent Installers]]
 
[[category:Silent Installers]]
 
[[category:Security Advisories]]
 
[[category:Security Advisories]]

Revision as of 10:34, 25 August 2009

You are encouraged to update for security reasons to version 10.0.32.18: http://www.adobe.com/support/security/bulletins/apsb09-10.html.

Adobe Flash Player 10 for Internet Explorer with Win64bit check

<package 
    id="flashplayer_ie"
    name="Adobe Flash Player 10 for IE"
    revision="20090725"
    reboot="false"
    priority="10">
        
    <check type="logical" condition="or">
        <check type="logical" condition="and">
            <check type="uninstall" condition="exists" path="Adobe Flash Player 10 ActiveX" />
            <check type="file" condition="versionequalto" path="%SYSTEMROOT%\system32\Macromed\Flash\Flash10c.ocx" value="10.0.32.18"/>
        </check>
        <check type="logical" condition="and">
            <check type="uninstall" condition="exists" path="Adobe Flash Player 10 ActiveX" />
            <check type="file" condition="versionequalto" path="%SYSTEMROOT%\SysWOW64\Macromed\Flash\Flash10c.ocx" value="10.0.32.18"/>
        </check>
    </check>

    <install cmd='%SOFTWARE%\flash\install_flash_player_ax.exe /S' />
        
    <upgrade cmd='%SOFTWARE%\flash\install_flash_player_ax.exe /S' />
    
    <remove cmd='%COMSPEC% /C if exist "%SYSTEMROOT%\system32\Macromed\Flash\uninstall_activeX.exe" "%SYSTEMROOT%\system32\Macromed\Flash\uninstall_activeX.exe" /S'/>
    <remove cmd='%COMSPEC% /C if exist "%SYSTEMROOT%\SysWOW64\Macromed\Flash\uninstall_activeX.exe" "%SYSTEMROOT%\SysWOW64\Macromed\Flash\uninstall_activeX.exe" /S'/>
</package>

Adobe Flash Player 10 for Firefox/Opera with Win64bit check

<package 
     id="flashplayer_mozilla"
     name="Adobe Flash Player 10 for Mozilla/Opera"
     revision="20090725"
     reboot="false"
     priority="10">
        
    <check type="logical" condition="or">
        <check type="logical" condition="and">
            <check type="uninstall" condition="exists" path="Adobe Flash Player 10 Plugin" />
            <check type="file" condition="versionequalto" path="%SYSTEMROOT%\system32\Macromed\Flash\NPSWF32.dll" value="10.0.32.18" />
        </check>
        <check type="logical" condition="and">
            <check type="uninstall" condition="exists" path="Adobe Flash Player 10 Plugin" />
            <check type="file" condition="versionequalto" path="%SYSTEMROOT%\SysWOW64\Macromed\Flash\NPSWF32.dll" value="10.0.32.18" />
        </check>
    </check>
        
    <install cmd='%SOFTWARE%\flash\install_flash_player.exe /S' />
    
    <upgrade cmd='%SOFTWARE%\flash\install_flash_player.exe /S' />
        
    <remove cmd='%COMSPEC% /C if exist "%SYSTEMROOT%\system32\Macromed\Flash\uninstall_plugin.exe" "%SYSTEMROOT%\system32\Macromed\Flash\uninstall_plugin.exe" /S'/>
    <remove cmd='%COMSPEC% /C if exist "%SYSTEMROOT%\SysWOW64\Macromed\Flash\uninstall_plugin.exe" "%SYSTEMROOT%\SysWOW64\Macromed\Flash\uninstall_plugin.exe" /S'/>
</package>

Disable Automatic Update dialog in Adobe Flash Player

It seems that Flash checks in to the mother ship Adobe at regular bases to check if there is an update available. And if so, it presents the user with a dialog asking if he wants to upgrade Flash to the latest version, which is what we don't want when the software is managed by WPKG. To prevent this from happening, you can do the following:

  • create a file named "mms.cfg" (if you don't already have it for other flash settings)
  • add an entry in this file: AutoUpdateDisable=1
  • this file now has to be added to the FlashPlayer installation directory during the install of the package. You can do this by copying the file into that directory. Add the next lines to your Flash package:

Right after the installation:

<install cmd='%COMSPEC% /c copy /y /v "%SOFTWARE%\FlashPlayer\mms.cfg" %WINDIR%\system32\Macromed\Flash\' />

Right after the upgrade:

<upgrade cmd='%COMSPEC% /c copy /y /v "%SOFTWARE%\FlashPlayer\mms.cfg" %WINDIR%\system32\Macromed\Flash\' />

Right before the uninstall:

<remove cmd='%COMSPEC% /c del /s /q "%WINDIR%\system32\Macromed\Flash\mms.cfg"' >
  <exit code="0" />
  <exit code="1" />  <!-- if file does not exist -->
</remove>

Or you could create a separate package for this setting.

This file will prevent current and older versions of Flash from auto-updating.

Older versions

Adobe Flash Player 9.0.246.0 for Firefox

You are encouraged to upgrade for security reasons: http://www.adobe.com/support/security/bulletins/apsb08-11.html and the click-jacking vulnerability are both addressed in this update. It can be downloaded from here.

Installer packaged as an executable, installs as a plugin. Sometimes it is upgraded only on the second run of wpkg, it must be a timing issue between installing over previous version and checking conditions.

<package id="flashplayerfirefox" name="Adobe Flash Player for Firefox" revision="1" reboot="false" priority="0">
  <depends package-id="firefox"/>
  <check type="file" condition="versiongreaterorequal" path="%WINDIR%\system32\Macromed\Flash\NPSWF32.dll" value="9.0.246.0"/>
  <install cmd='%SOFTWARE%\Flash\install_flash_player.exe /S' />
  <upgrade cmd='%SOFTWARE%\Flash\install_flash_player.exe /S' />
  <remove cmd='%WINDIR%\system32\Macromed\Flash\uninstall_plugin.exe /S'/>
</package>

It's good to kill Firefox application process before installing, since the installer won't work with browser running. To do this add to code:

<install cmd="taskkill /F /IM Firefox.exe">
            <exit code="0" />
            <exit code="128" />
</install>

And of course:

<upgrade cmd="taskkill /F /IM Firefox.exe">
            <exit code="0" />
            <exit code="128" />
</upgrade>

Adobe Flash Player 9.0.246.0 for Internet Explorer

The same reasons for upgrading apply as for the plugin version above, and it can be downloaded from the same place. It is packaged as a .exe file, so presumably has the same installation/removal/upgrade syntax as the plugin version above, but the following code has not been tested.

<package id="flashplayeractivex" name="ActiveX Flash Player" revision="20090730" reboot="false" priority="0">
  <check type="file" condition="versionequalto" path="%SYSTEMROOT%\system32\Macromed\Flash\Flash9c.ocx" value="9.0.246.0"/>
  <install cmd='%SOFTWARE%\Flash\install_flash_player_ax.exe /S' />
  <upgrade cmd='%SOFTWARE%\Flash\install_flash_player_ax.exe /S' />
  <remove cmd='%COMSPEC% /C if exist "%SYSTEMROOT%\system32\Macromed\Flash\uninstall_activeX.exe" "%SYSTEMROOT%\system32\Macromed\Flash\uninstall_activeX.exe" /S'/>
</package>