This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "CMake".
The branch, next has been updated via f2049beeb1459e131f10cd94ac09abbd0529094e (commit) via 86353043c7772dce08e170ad6f21be1a2b56c0eb (commit) from 02acec06c0766f3922619e2bcc5c88f4cf512a73 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- https://cmake.org/gitweb?p=cmake.git;a=commitdiff;h=f2049beeb1459e131f10cd94ac09abbd0529094e commit f2049beeb1459e131f10cd94ac09abbd0529094e Merge: 02acec0 8635304 Author: Brad King <brad.k...@kitware.com> AuthorDate: Thu Jul 21 09:54:36 2016 -0400 Commit: CMake Topic Stage <kwro...@kitware.com> CommitDate: Thu Jul 21 09:54:36 2016 -0400 Merge topic 'nsis-protect-uninst-exec' into next 86353043 NSIS: Quote uninstaller path when executing it in a shell https://cmake.org/gitweb?p=cmake.git;a=commitdiff;h=86353043c7772dce08e170ad6f21be1a2b56c0eb commit 86353043c7772dce08e170ad6f21be1a2b56c0eb Author: Justin Clift <jus...@postgresql.org> AuthorDate: Fri Jul 15 14:18:37 2016 +0100 Commit: Brad King <brad.k...@kitware.com> CommitDate: Thu Jul 21 09:53:52 2016 -0400 NSIS: Quote uninstaller path when executing it in a shell Protect our `$0` reference in the shell as `"$0"`. Otherwise it works with a space in the path only due to an insecure Windows feature. Reported-by: Amir Szekely <kic...@gmail.com> Reported-by: Ug_0 Security diff --git a/Help/release/3.6.rst b/Help/release/3.6.rst index 771c9dd..144537d 100644 --- a/Help/release/3.6.rst +++ b/Help/release/3.6.rst @@ -308,3 +308,9 @@ Other Changes preferred future use is upper cased component names in variables. New variables that will be added to CPackRPM in later versions will only support upper cased component variable format. + +* The CPack NSIS generator's configuration file template was fixed to + quote the path to the uninstaller tool used by the + :variable:`CPACK_NSIS_ENABLE_UNINSTALL_BEFORE_INSTALL` option. + This avoids depending on an insecure Windows feature to run an + uninstaller tool with a space in the path. diff --git a/Modules/NSIS.template.in b/Modules/NSIS.template.in index 1ef3d28..92a3142 100644 --- a/Modules/NSIS.template.in +++ b/Modules/NSIS.template.in @@ -920,7 +920,7 @@ uninst: ClearErrors StrLen $2 "\Uninstall.exe" StrCpy $3 $0 -$2 # remove "\Uninstall.exe" from UninstallString to get path - ExecWait '$0 _?=$3' ;Do not copy the uninstaller to a temp file + ExecWait '"$0" _?=$3' ;Do not copy the uninstaller to a temp file IfErrors uninst_failed inst uninst_failed: ----------------------------------------------------------------------- Summary of changes: Help/release/3.6.rst | 6 ++++++ 1 file changed, 6 insertions(+) hooks/post-receive -- CMake _______________________________________________ Cmake-commits mailing list Cmake-commits@cmake.org http://public.kitware.com/mailman/listinfo/cmake-commits