|
From: <chr...@us...> - 2013-03-31 22:23:01
|
Revision: 7617
http://sourceforge.net/p/winmerge/code/7617
Author: christianlist
Date: 2013-03-31 22:22:58 +0000 (Sun, 31 Mar 2013)
Log Message:
-----------
[patches:#3030] Unquoted program path vulnerability in installer integration with subversion
Modified Paths:
--------------
branches/R2_14/Docs/Users/ChangeLog.txt
branches/R2_14/Installer/InnoSetup/WinMerge.iss
Modified: branches/R2_14/Docs/Users/ChangeLog.txt
===================================================================
--- branches/R2_14/Docs/Users/ChangeLog.txt 2013-03-28 20:41:42 UTC (rev 7616)
+++ branches/R2_14/Docs/Users/ChangeLog.txt 2013-03-31 22:22:58 UTC (rev 7617)
@@ -5,6 +5,7 @@
http://winmerge.org/tracker/[tracker-id]
WinMerge 2.14.2
+ Bugfix: Unquoted program path vulnerability in installer integration with subversion (patches:#3030)
Bugfix: Download link to the 7-zip plugin installer is broken (bugs:#2128)
Translation updates:
- Basque (patches:#3024)
Modified: branches/R2_14/Installer/InnoSetup/WinMerge.iss
===================================================================
--- branches/R2_14/Installer/InnoSetup/WinMerge.iss 2013-03-28 20:41:42 UTC (rev 7616)
+++ branches/R2_14/Installer/InnoSetup/WinMerge.iss 2013-03-31 22:22:58 UTC (rev 7617)
@@ -553,7 +553,7 @@
Root: HKCU; SubKey: Software\TortoiseCVS\Prefs\External Merge2 Params; ValueType: string; ValueName: _; ValueData: """%mine"" ""%yours"""; Flags: uninsdeletevalue dontcreatekey; Tasks: TortoiseCVS
;Set WinMerge as TortoiseSVN diff tool
-Root: HKCU; SubKey: Software\TortoiseSVN; ValueType: string; ValueName: Diff; ValueData: {app}\{code:ExeName} -e -ub -dl %bname -dr %yname %base %mine; Flags: uninsdeletevalue; Tasks: TortoiseSVN
+Root: HKCU; SubKey: Software\TortoiseSVN; ValueType: string; ValueName: Diff; ValueData: """{app}\{code:ExeName}"" -e -u -dl %bname -dr %yname %base %mine"; Flags: uninsdeletevalue; Tasks: TortoiseSVN
;Whatever the user chooses at the [Select Setup Language] dialog should also determine what language WinMerge will start up in
;(unless the user already has a startup language specified)
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
|
