This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "CMake".
The branch, next has been updated
via f2049beeb1459e131f10cd94ac09abbd0529094e (commit)
via 86353043c7772dce08e170ad6f21be1a2b56c0eb (commit)
from 02acec06c0766f3922619e2bcc5c88f4cf512a73 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://cmake.org/gitweb?p=cmake.git;a=commitdiff;h=f2049beeb1459e131f10cd94ac09abbd0529094e
commit f2049beeb1459e131f10cd94ac09abbd0529094e
Merge: 02acec0 8635304
Author: Brad King <brad.k...@kitware.com>
AuthorDate: Thu Jul 21 09:54:36 2016 -0400
Commit: CMake Topic Stage <kwro...@kitware.com>
CommitDate: Thu Jul 21 09:54:36 2016 -0400
Merge topic 'nsis-protect-uninst-exec' into next
86353043 NSIS: Quote uninstaller path when executing it in a shell
https://cmake.org/gitweb?p=cmake.git;a=commitdiff;h=86353043c7772dce08e170ad6f21be1a2b56c0eb
commit 86353043c7772dce08e170ad6f21be1a2b56c0eb
Author: Justin Clift <jus...@postgresql.org>
AuthorDate: Fri Jul 15 14:18:37 2016 +0100
Commit: Brad King <brad.k...@kitware.com>
CommitDate: Thu Jul 21 09:53:52 2016 -0400
NSIS: Quote uninstaller path when executing it in a shell
Protect our `$0` reference in the shell as `"$0"`. Otherwise it works
with a space in the path only due to an insecure Windows feature.
Reported-by: Amir Szekely <kic...@gmail.com>
Reported-by: Ug_0 Security
diff --git a/Help/release/3.6.rst b/Help/release/3.6.rst
index 771c9dd..144537d 100644
--- a/Help/release/3.6.rst
+++ b/Help/release/3.6.rst
@@ -308,3 +308,9 @@ Other Changes
preferred future use is upper cased component names in variables.
New variables that will be added to CPackRPM in later versions
will only support upper cased component variable format.
+
+* The CPack NSIS generator's configuration file template was fixed to
+ quote the path to the uninstaller tool used by the
+ :variable:`CPACK_NSIS_ENABLE_UNINSTALL_BEFORE_INSTALL` option.
+ This avoids depending on an insecure Windows feature to run an
+ uninstaller tool with a space in the path.
diff --git a/Modules/NSIS.template.in b/Modules/NSIS.template.in
index 1ef3d28..92a3142 100644
--- a/Modules/NSIS.template.in
+++ b/Modules/NSIS.template.in
@@ -920,7 +920,7 @@ uninst:
ClearErrors
StrLen $2 "\Uninstall.exe"
StrCpy $3 $0 -$2 # remove "\Uninstall.exe" from UninstallString to get path
- ExecWait '$0 _?=$3' ;Do not copy the uninstaller to a temp file
+ ExecWait '"$0" _?=$3' ;Do not copy the uninstaller to a temp file
IfErrors uninst_failed inst
uninst_failed:
-----------------------------------------------------------------------
Summary of changes:
Help/release/3.6.rst | 6 ++++++
1 file changed, 6 insertions(+)
hooks/post-receive
--
CMake
_______________________________________________
Cmake-commits mailing list
Cmake-commits@cmake.org
http://public.kitware.com/mailman/listinfo/cmake-commits
