git.ipfire.org Git - thirdparty/xz.git/commit

author	Lasse Collin <lasse.collin@tukaani.org>
	Tue, 1 Oct 2024 09:10:23 +0000 (12:10 +0300)
committer	Lasse Collin <lasse.collin@tukaani.org>
	Tue, 1 Oct 2024 10:23:16 +0000 (13:23 +0300)
commit	9ecccb3d5f67205f156f8c7ad1ec98436c165abd
tree	46e76c018e092e4fb87389520c18470c51b01184	tree
parent	e17caec12e14eb46ae90f4a5e59401ada4ab2842	commit \| diff

Windows: Embed an application manifest in the EXE files

IMPORTANT: This includes a security fix to command line tool
           argument handling.

Some toolchains embed an application manifest by default to declare
UAC-compliance. Some also declare compatibility with Vista/8/8.1/10/11
to let the app access features newer than those of Vista.

We want all the above but also two more things:

  - Declare that the app is long path aware to support paths longer
    than 259 characters (this may also require a registry change).

  - Force the code page to UTF-8. This allows the command line tools
    to access files whose names contain characters that don't exist
    in the current legacy code page (except unpaired surrogates).
    The UTF-8 code page also fixes security issues in command line
    argument handling which can be exploited with malicious filenames.

Thanks to Orange Tsai and splitline from DEVCORE Research Team
for discovering this issue.

Thanks to Vijay Sarvepalli for reporting the issue to me.

Thanks to Kelvin Lee for testing with MSVC and helping with
the required build system fixes.

(cherry picked from commit 46ee0061629fb075d61d83839e14dd193337af59)

CMakeLists.txt		diff \| blob \| blame \| history
src/Makefile.am		diff \| blob \| blame \| history
src/common/common_w32res.rc		diff \| blob \| blame \| history
src/common/w32_application.manifest	[new file with mode: 0644]	blob