You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Gradle integration for prerequisites: Added Gradle wrapper configuration (version 8.14) and updated gradle.properties with tool download URLs for Composer, InnoExtract, InnoSetup, and HashMyFiles, enabling automated prerequisite management via gradle loadLibs
Inno Setup library updates: Downgraded Inno Setup from version 6.4.0 to 6.1.0 across all language files and core files, with copyright year updates to 2023
Language support expansion: Added new Turkish and Polish language translation files; added Ukrainian language support; removed several language files (Tamil, Swedish, Arabic, Korean)
Example script improvements: Refactored link label components to static text with manual styling, simplified timer management, updated hash validation methods, and added new three-architecture installer example
Documentation additions: Added comprehensive Prerequisites Module README with setup instructions and build commands; added Inno Setup revision history documentation (whatsnew.htm)
Code cleanup: Removed extraction wizard page messages from multiple language files, simplified download page configuration, and removed unnecessary query parameters
File reorganization: Moved Inno Setup files from bin/lib/innosetup/app/ to bin/lib/innosetup/ directory structure
Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance.
Status: No audit logs: Newly added download actions execute external network requests without any accompanying audit logging of who initiated them, when, or their outcome.
Generic: Robust Error Handling and Edge Case Management
Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation
Status: Timer cleanup removed: The new timer setup removed previous cleanup (KillTimer) and null checks, which may cause resource leaks or errors if the wizard form is not available.
Generic: Security-First Input Validation and Data Handling
Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities
Status: Insecure URL: The XML download source was changed from HTTPS to HTTP, reducing transport security and potentially enabling MITM tampering.
Referred Code
XMLURL = 'http://jrsoftware.github.io/issrc/ISHelp/isxfunc.xml';
XMLFileName = 'isxfunc.xml';
XMLFileName2 = 'isxfuncmodified.xml';
procedure MSXMLButtonOnClick(Sender: TObject);
var
XMLHTTP, XMLDoc, NewNode, RootNode: Variant;
Path: String;
begin
if MsgBox('Setup will now use MSXML to download XML file ''' + XMLURL + ''' and save it to disk.'#13#13'Setup will then load, modify and save this XML file. Do you want to continue?', mbInformation, mb_YesNo) = idNo then
Exit;
Why: The suggestion correctly identifies a missing semicolon in the Pascal script, which is a syntax error that would prevent compilation, making this a critical fix.
URLLabel := TNewStaticText.Create(ParentForm);
URLLabel.Caption := 'www.innosetup.com';
URLLabel.Cursor := crHand;
URLLabel.OnClick := @URLLabelOnClick;
URLLabel.Parent := ParentForm;
{ Alter Font *after* setting Parent so the correct defaults are inherited first }
URLLabel.Font.Style := URLLabel.Font.Style + [fsUnderline];
-URLLabel.Font.Color := clHotLight+URLLabel.Font.Color := clHotLight;
URLLabel.Top := AboutButton.Top + AboutButton.Height - URLLabel.Height - 2;
URLLabel.Left := AboutButton.Left + AboutButton.Width + ScaleX(20);
URLLabel.Anchors := [akLeft, akBottom];
Suggestion importance[1-10]: 9
__
Why: The suggestion correctly identifies a syntax error (a missing semicolon) that would prevent the script from compiling, making it a critical fix.
High
Properly manage and stop timer
Restore the timer cleanup logic by reintroducing DeinitializeSetup and add a guard in MyTimerProc to prevent potential access violations when the wizard form is destroyed.
Why: The suggestion correctly identifies that the PR introduces a potential access violation by removing the timer cleanup logic, which is a significant correctness issue, especially for an example script.
Add a missing semicolon after the URLLabel.Font.Color assignment to fix a compilation error. Additionally, set AutoSize := True on the label before calculating its position to ensure its height is accurate.
Why: The suggestion correctly identifies a syntax error (a missing semicolon) that would prevent the script from compiling, which is a critical issue. It also provides a valid recommendation to improve layout logic.
Medium
Fix label sizing and anchoring
To prevent potential layout issues, parent the ProgressBarLabel before using its dimensions to position other controls, and consider changing its anchor from bottom to top for more stable resizing behavior.
Why: The suggestion correctly identifies a potential layout issue where ProgressBarLabel.Width is used before the control is parented and sized, which could lead to incorrect positioning of ProgressBar. It proposes a robust solution by setting the parent first and adjusting bounds.
Why: The suggestion correctly identifies a missing semicolon which is a syntax error that would prevent the script from compiling, making it a critical fix.
High
Stabilize autosized label layout
To prevent potential UI misalignments, explicitly recalculate the layout and cache the width of the autosized ProgressBarLabel before using it to position the ProgressBar.
Why: The suggestion correctly identifies a potential UI layout issue where an autosized control's width might not be final when used for positioning, improving the example's robustness.
The PR adds Gradle for dependency management but also commits large binary files like Setup.e32 and SetupLdr.e32. These files should be downloaded by Gradle during the build and added to .gitignore to keep them out of version control.
MZP���������������������@��������������������������������������������� �!��L�!��This program must be run under Win32
Solution Walkthrough:
Before:
// .gitignore
# (does not contain entries for Inno Setup binaries)
// Repository state
/bin/lib/innosetup/Setup.e32 // Large binary committed
/bin/lib/innosetup/SetupLdr.e32 // Large binary committed
// build.gradle (conceptual)
// Gradle is introduced, but binaries are still checked in.
After:
// .gitignore
# Ignore downloaded Inno Setup binaries
/bin/lib/innosetup/Setup.e32
/bin/lib/innosetup/SetupLdr.e32
// Repository state
// (binary files are no longer in the repository)
// build.gradle (conceptual)
task downloadInnoSetupBinaries {
// Logic to download Setup.e32 and SetupLdr.e32
// into bin/lib/innosetup/
}
build.dependsOn(downloadInnoSetupBinaries)
Suggestion importance[1-10]: 9
__
Why: The suggestion correctly identifies that committing large binaries like Setup.e32 and SetupLdr.e32 contradicts the PR's goal of using Gradle for dependency management and is a significant repository anti-pattern.
High
Security
Revert to HTTPS to prevent security risks
Revert the XMLURL constant from HTTP back to HTTPS to prevent Man-in-the-Middle (MitM) attacks during file download.
Why: The suggestion correctly identifies a critical security vulnerability (MitM) introduced by downgrading the URL protocol from HTTPS to HTTP for a file download within an installer.
High
Use a stronger hashing algorithm
Revert the hashing algorithm for key validation from the deprecated SHA-1 back to the more secure SHA-256 to avoid cryptographic vulnerabilities.
Why: The suggestion correctly identifies that downgrading from SHA-256 to SHA-1 is a security weakness, as SHA-1 is cryptographically broken, and recommends reverting to the stronger algorithm.
Medium
General
Simplify logic for better performance
Simplify the InstallOtherArch function by replacing the calls to InstallX64 and InstallARM64 with a single check for not Is64BitInstallMode to improve efficiency.
function InstallOtherArch: Boolean;
begin
- Result := not InstallX64 and not InstallARM64;+ Result := not Is64BitInstallMode;
end;
Suggestion importance[1-10]: 6
__
Why: The suggestion provides a valid simplification and optimization for the InstallOtherArch function by using the Is64BitInstallMode check, which improves code clarity and efficiency.
Here are some key observations to aid the review process:
⏱️ Estimated effort to review: 4 🔵🔵🔵🔵⚪
🧪 No relevant tests
🔒 Security concerns
Mixed content and insecure downloads: Several URLs were changed to HTTP (e.g., XMLURL in CodeAutomation.iss) and download links adjusted. Using HTTP can enable MITM attacks and tampering of downloaded content. Additionally, a download hash is only provided for one file in CodeDownloadFiles.iss; ensure all downloadable artifacts are fetched over HTTPS and verified with strong hashes (e.g., SHA-256).
Missing semicolon after setting font color for URLLabel may cause a compile error; verify the line setting URLLabel.Font.Color := clHotLight is properly terminated.
Changed XML download URL from HTTPS to HTTP and altered user message text and save path wording; confirm downgrade to HTTP is intentional and safe, and UI text remains accurate.
XMLURL = 'http://jrsoftware.github.io/issrc/ISHelp/isxfunc.xml';
XMLFileName = 'isxfunc.xml';
XMLFileName2 = 'isxfuncmodified.xml';
procedure MSXMLButtonOnClick(Sender: TObject);
var
XMLHTTP, XMLDoc, NewNode, RootNode: Variant;
Path: String;
begin
if MsgBox('Setup will now use MSXML to download XML file ''' + XMLURL + ''' and save it to disk.'#13#13'Setup will then load, modify and save this XML file. Do you want to continue?', mbInformation, mb_YesNo) = idNo then
Exit;
Timer cleanup removed (KillTimer and Deinitialize) and guard against WizardForm nil dropped; verify no orphan timers remain after setup exit and that callback safely accesses form lifecycle.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
N6REJ
added
Blocker 🚩
User description
provides ability for prerequisites to use gradle
PR Type
Enhancement, Documentation
Description
Gradle integration for prerequisites: Added Gradle wrapper configuration (version 8.14) and updated
gradle.propertieswith tool download URLs for Composer, InnoExtract, InnoSetup, and HashMyFiles, enabling automated prerequisite management viagradle loadLibsInno Setup library updates: Downgraded Inno Setup from version 6.4.0 to 6.1.0 across all language files and core files, with copyright year updates to 2023
Language support expansion: Added new Turkish and Polish language translation files; added Ukrainian language support; removed several language files (Tamil, Swedish, Arabic, Korean)
Example script improvements: Refactored link label components to static text with manual styling, simplified timer management, updated hash validation methods, and added new three-architecture installer example
Documentation additions: Added comprehensive Prerequisites Module README with setup instructions and build commands; added Inno Setup revision history documentation (whatsnew.htm)
Code cleanup: Removed extraction wizard page messages from multiple language files, simplified download page configuration, and removed unnecessary query parameters
File reorganization: Moved Inno Setup files from
bin/lib/innosetup/app/tobin/lib/innosetup/directory structureDiagram Walkthrough
File Walkthrough
6 files
CodeClasses.iss
Refactor link label to static text with manual stylingbin/lib/innosetup/Examples/CodeClasses.iss
LinkLabelOnLinkClickprocedure and related link labelfunctionality
StaticText2andLinkLabelvariable declarations and theirinitialization code
TNewLinkLabelwithTNewStaticTextfor URL display with manualstyling
akToptoakBottomfor betterlayout
AutoSize := Trueto static text controlsCodeDll.iss
Simplify timer management by removing cleanup logicbin/lib/innosetup/Examples/CodeDll.iss
KillTimerfunction declaration andTimerIDvariableMyTimerProcby removing null check forWizardFormDeinitializeSetupprocedure that was cleaning up the timerInitializeWizardto not store timer IDCodeDownloadFiles.iss
Simplify download page configuration and URLsbin/lib/innosetup/Examples/CodeDownloadFiles.iss
ShowBaseNameInsteadOfUrlproperty assignment fromDownloadPage?dontcount=1from download URLsExample3.iss
Add application supported file types registry configurationbin/lib/innosetup/Examples/Example3.iss
SupportedTypesunderApplications\MyProg.exePolish.isl
Add Polish language support for Inno Setup installerbin/lib/innosetup/Languages/Polish.isl
6.1.0+
operations
prompts
Ukrainian.isl
Add Ukrainian language support for Inno Setup installerbin/lib/innosetup/Languages/Ukrainian.isl
6.1.0+
messages
9 files
CodeAutomation.iss
Update XML download URL and message textbin/lib/innosetup/Examples/CodeAutomation.iss
CodeDlg.iss
Update hash validation and input directory page configurationbin/lib/innosetup/Examples/CodeDlg.iss
CreateInputDirPageparameter fromSetupMessage(msgNewFolderName)to empty stringhash value
ISPPBuiltins.iss
Update copyright years to 2023bin/lib/innosetup/ISPPBuiltins.iss
ISPP.chm
Update compiled help filebin/lib/innosetup/ISPP.chm
Russian.isl
Downgrade Russian translation to 6.1.0 and remove extraction messagesbin/lib/innosetup/Languages/Russian.isl
ExtractionLabel,ButtonStopExtraction, etc.)[LangOptions]sectionItalian.isl
Downgrade Italian translation to 6.1.0 and update metadatabin/lib/innosetup/Languages/Italian.isl
HelpTextNotemessage entryCzech.isl
Downgrade Czech translation to 6.1.0 and update dialog textbin/lib/innosetup/Languages/Czech.isl
BrowseDialogTitletext from "Zvolte slo�ku" to "Vyhledatslo�ku"
Catalan.isl
Downgrade Catalan translation to 6.1.0 and update contact infobin/lib/innosetup/Languages/Catalan.isl
carles24@carlesmillan.cattocarles@carlesmillan.catBulgarian.isl
Downgrade Bulgarian translation to 6.1.0bin/lib/innosetup/Languages/Bulgarian.isl
6 files
64BitThreeArch.iss
Add new three-architecture installer example scriptbin/lib/innosetup/Examples/64BitThreeArch.iss
(x86, x64, ARM64)
InstallX64,InstallARM64,and
InstallOtherArchmulti-architecture builds
64BitTwoArch.iss
Remove ARM64 references and simplify architecture configurationbin/lib/innosetup/Examples/64BitTwoArch.iss
documentation
ArchitecturesInstallIn64BitModefromx64compatibletox64compatibility
ArchitecturesAllowedcomment reference fromArchitecturesAllowedtoProcessorsAllowed64Bit.iss
Remove ARM64 compatibility references and simplify configurationbin/lib/innosetup/Examples/64Bit.iss
ArchitecturesAllowedfromx64compatibletox64ArchitecturesInstallIn64BitModefromx64compatibletox64whatsnew.htm
Add comprehensive revision history documentationbin/lib/innosetup/whatsnew.htm
Turkish.isl
Add complete Turkish language translation filebin/lib/innosetup/Languages/Turkish.isl
interface text
README.md
Add Prerequisites Module documentation and setup guidemodules/prerequisites/README.md
gradle loadLibspackages
prerequisites
2 files
UnicodeExample1.iss
Add UTF-8 BOM and remove version check directivebin/lib/innosetup/Examples/UnicodeExample1.iss
requirement
CodeAutomation2.iss
Add trailing newlines to filebin/lib/innosetup/Examples/CodeAutomation2.iss
20 files
Corsican.isl
Downgrade Corsican translation to version 6.1.0 compatibilitybin/lib/innosetup/Languages/Corsican.isl
ExtractionLabel,ButtonStopExtraction, etc.)Armenian.isl
Downgrade Armenian translation to version 6.1.0 compatibilitybin/lib/innosetup/Languages/Armenian.isl
Hungarian.isl
Downgrade Hungarian translation to version 6.1.0 compatibilitybin/lib/innosetup/Languages/Hungarian.isl
ExtractionLabel,ButtonStopExtraction, etc.)Spanish.isl
Downgrade Spanish translation to version 6.1.0 compatibilitybin/lib/innosetup/Languages/Spanish.isl
6.1.0)
Dutch.isl
Downgrade Dutch translation to version 6.1.0 compatibilitybin/lib/innosetup/Languages/Dutch.isl
mlaan@jrsoftware.org
Finnish.isl
Downgrade Finnish translation to version 6.1.0 compatibilitybin/lib/innosetup/Languages/Finnish.isl
Slovak.isl
Downgrade Slovak translation to version 6.1.0 compatibilitybin/lib/innosetup/Languages/Slovak.isl
German.isl
Downgrade German translation to version 6.1.0 compatibilitybin/lib/innosetup/Languages/German.isl
AutoStartProgrammessageBrazilianPortuguese.isl
Downgrade Brazilian Portuguese translation to version 6.1.0bin/lib/innosetup/Languages/BrazilianPortuguese.isl
French.isl
Downgrade French translation to version 6.1.0 compatibilitybin/lib/innosetup/Languages/French.isl
Danish.isl
Downgrade Danish translation to version 6.1.0 compatibilitybin/lib/innosetup/Languages/Danish.isl
Japanese.isl
Downgrade Japanese translation to version 6.1.0 compatibilitybin/lib/innosetup/Languages/Japanese.isl
Slovenian.isl
Downgrade Slovenian translation to version 6.1.0 compatibilitybin/lib/innosetup/Languages/Slovenian.isl
Norwegian.isl
Downgrade Norwegian translation to version 6.1.0 compatibilitybin/lib/innosetup/Languages/Norwegian.isl
Default.isl
Downgrade default English messages to version 6.1.0bin/lib/innosetup/Default.isl
gradle.properties
Configure Gradle properties and tool download URLsgradle.properties
org.gradle.configuration-cache=falseHashMyFiles
6.2.2, etc.)
Hebrew.isl
Downgrade Hebrew translation to version 6.1.0 compatibilitybin/lib/innosetup/Languages/Hebrew.isl
Portuguese.isl
Downgrade Portuguese translation to version 6.1.0 compatibilitybin/lib/innosetup/Languages/Portuguese.isl
license.txt
Update Inno Setup license copyright years to 2023bin/lib/innosetup/license.txt
gradle-wrapper.properties
Add Gradle wrapper configuration for version 8.14gradle/wrapper/gradle-wrapper.properties
46 files