[Cmake-commits] CMake branch, next, updated. v3.6.0-940-gf2049be

Brad King brad.king at kitware.com
Thu Jul 21 09:54:37 EDT 2016 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "CMake".

The branch, next has been updated
       via  f2049beeb1459e131f10cd94ac09abbd0529094e (commit)
       via  86353043c7772dce08e170ad6f21be1a2b56c0eb (commit)
      from  02acec06c0766f3922619e2bcc5c88f4cf512a73 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
https://cmake.org/gitweb?p=cmake.git;a=commitdiff;h=f2049beeb1459e131f10cd94ac09abbd0529094e
commit f2049beeb1459e131f10cd94ac09abbd0529094e
Merge: 02acec0 8635304
Author:     Brad King <brad.king at kitware.com>
AuthorDate: Thu Jul 21 09:54:36 2016 -0400
Commit:     CMake Topic Stage <kwrobot at kitware.com>
CommitDate: Thu Jul 21 09:54:36 2016 -0400

    Merge topic 'nsis-protect-uninst-exec' into next
    
    86353043 NSIS: Quote uninstaller path when executing it in a shell


https://cmake.org/gitweb?p=cmake.git;a=commitdiff;h=86353043c7772dce08e170ad6f21be1a2b56c0eb
commit 86353043c7772dce08e170ad6f21be1a2b56c0eb
Author:     Justin Clift <justin at postgresql.org>
AuthorDate: Fri Jul 15 14:18:37 2016 +0100
Commit:     Brad King <brad.king at kitware.com>
CommitDate: Thu Jul 21 09:53:52 2016 -0400

    NSIS: Quote uninstaller path when executing it in a shell
    
    Protect our `$0` reference in the shell as `"$0"`.  Otherwise it works
    with a space in the path only due to an insecure Windows feature.
    
    Reported-by: Amir Szekely <kichik at gmail.com>
    Reported-by: Ug_0 Security

diff --git a/Help/release/3.6.rst b/Help/release/3.6.rst
index 771c9dd..144537d 100644
--- a/Help/release/3.6.rst
+++ b/Help/release/3.6.rst
@@ -308,3 +308,9 @@ Other Changes
   preferred future use is upper cased component names in variables.
   New variables that will be added to CPackRPM in later versions
   will only support upper cased component variable format.
+
+* The CPack NSIS generator's configuration file template was fixed to
+  quote the path to the uninstaller tool used by the
+  :variable:`CPACK_NSIS_ENABLE_UNINSTALL_BEFORE_INSTALL` option.
+  This avoids depending on an insecure Windows feature to run an
+  uninstaller tool with a space in the path.
diff --git a/Modules/NSIS.template.in b/Modules/NSIS.template.in
index 1ef3d28..92a3142 100644
--- a/Modules/NSIS.template.in
+++ b/Modules/NSIS.template.in
@@ -920,7 +920,7 @@ uninst:
   ClearErrors
   StrLen $2 "\Uninstall.exe"
   StrCpy $3 $0 -$2 # remove "\Uninstall.exe" from UninstallString to get path
-  ExecWait '$0 _?=$3' ;Do not copy the uninstaller to a temp file
+  ExecWait '"$0" _?=$3' ;Do not copy the uninstaller to a temp file
 
   IfErrors uninst_failed inst
 uninst_failed:

-----------------------------------------------------------------------

Summary of changes:
 Help/release/3.6.rst |    6 ++++++
 1 file changed, 6 insertions(+)


hooks/post-receive
-- 
CMake

More information about the Cmake-commits mailing list