On 07/21/2016 05:01 AM, Justin Clift wrote: > Are there people who could be proactively reached out to, or > is it more of a "pray and hope for the best" thing? :)
The latter. If someone familiar with the syntax can add precautionary quotes in places they are allowed but missing that may help. >> I've queued this for merge to 'release' for 3.6.1. > > Cool. Is there an ETA for that? I'm working to get it out as soon as possible. > Windows installer generated by > CMake with CPACK_NSIS_ENABLE_UNINSTALL_BEFORE_INSTALL enabled will > be bundling a local privilege escalation to Admin. I've revised the commit again to add this information to the commit message and the release notes: NSIS: Quote uninstaller path when executing it in a shell https://cmake.org/gitweb?p=cmake.git;a=commitdiff;h=11768733 > Cyril's question about a CVE is valid too. This should probably > be written up. :) > > Do you guys want to do that, or should Cyril begin the process? Please begin one. As now mentioned in the above commit message this option was added in CMake 2.8.9 (which was released around August 2012). Fortunately CMake's own installers never used this option. Thanks, -Brad -- Powered by www.kitware.com Please keep messages on-topic and check the CMake FAQ at: http://www.cmake.org/Wiki/CMake_FAQ Kitware offers various services to support the CMake community. For more information on each offering, please visit: CMake Support: http://cmake.org/cmake/help/support.html CMake Consulting: http://cmake.org/cmake/help/consulting.html CMake Training Courses: http://cmake.org/cmake/help/training.html Visit other Kitware open-source projects at http://www.kitware.com/opensource/opensource.html Follow this link to subscribe/unsubscribe: http://public.kitware.com/mailman/listinfo/cmake-developers
