root/xz - xz - Root on GIT

root/xz

Fork 0

mirror of https://git.tukaani.org/xz.git synced 2026-04-03 22:58:06 +00:00

Commit Graph

Author	SHA1	Message	Date
Lasse Collin	34b80e282e	Windows: Revert the setlocale(LC_ALL, ".UTF8") documentation Only leave the FindFileFirstA() notes from 20dfca81, reverting the incorrect setlocale() notes. On Windows, Gettext's <libintl.h> overrides setlocale() with libintl_setlocale() wrapper. I hadn't noticed this, and thus my conclusions were wrong. Fixes: 20dfca8171dad4c64785ac61d5b68972c444877b	2024-12-20 16:33:28 +02:00
Lasse Collin	20dfca8171	Windows: Document the need for setlocale(LC_ALL, ".UTF8") Also warn about unpaired surrogates and (somewhat UTF-8-specific) MAX_PATH issue in FindFirstFileA(). Fixes: 46ee0061629fb075d61d83839e14dd193337af59	2024-12-18 17:09:29 +02:00
Lasse Collin	46ee006162	Windows: Embed an application manifest in the EXE files IMPORTANT: This includes a security fix to command line tool argument handling. Some toolchains embed an application manifest by default to declare UAC-compliance. Some also declare compatibility with Vista/8/8.1/10/11 to let the app access features newer than those of Vista. We want all the above but also two more things: - Declare that the app is long path aware to support paths longer than 259 characters (this may also require a registry change). - Force the code page to UTF-8. This allows the command line tools to access files whose names contain characters that don't exist in the current legacy code page (except unpaired surrogates). The UTF-8 code page also fixes security issues in command line argument handling which can be exploited with malicious filenames. See the new file w32_application.manifest.comments.txt. Thanks to Orange Tsai and splitline from DEVCORE Research Team for discovering this issue. Thanks to Vijay Sarvepalli for reporting the issue to me. Thanks to Kelvin Lee for testing with MSVC and helping with the required build system fixes.	2024-10-01 12:10:23 +03:00

Author

SHA1

Message

Date

Lasse Collin

34b80e282e

Windows: Revert the setlocale(LC_ALL, ".UTF8") documentation

Only leave the FindFileFirstA() notes from 20dfca81, reverting
the incorrect setlocale() notes. On Windows, Gettext's <libintl.h>
overrides setlocale() with libintl_setlocale() wrapper. I hadn't
noticed this, and thus my conclusions were wrong.

Fixes: 20dfca8171dad4c64785ac61d5b68972c444877b

2024-12-20 16:33:28 +02:00

Lasse Collin

20dfca8171

Windows: Document the need for setlocale(LC_ALL, ".UTF8")

Also warn about unpaired surrogates and (somewhat UTF-8-specific)
MAX_PATH issue in FindFirstFileA().

Fixes: 46ee0061629fb075d61d83839e14dd193337af59

2024-12-18 17:09:29 +02:00

Lasse Collin

46ee006162

Windows: Embed an application manifest in the EXE files

IMPORTANT: This includes a security fix to command line tool
           argument handling.

Some toolchains embed an application manifest by default to declare
UAC-compliance. Some also declare compatibility with Vista/8/8.1/10/11
to let the app access features newer than those of Vista.

We want all the above but also two more things:

  - Declare that the app is long path aware to support paths longer
    than 259 characters (this may also require a registry change).

  - Force the code page to UTF-8. This allows the command line tools
    to access files whose names contain characters that don't exist
    in the current legacy code page (except unpaired surrogates).
    The UTF-8 code page also fixes security issues in command line
    argument handling which can be exploited with malicious filenames.
    See the new file w32_application.manifest.comments.txt.

Thanks to Orange Tsai and splitline from DEVCORE Research Team
for discovering this issue.

Thanks to Vijay Sarvepalli for reporting the issue to me.

Thanks to Kelvin Lee for testing with MSVC and helping with
the required build system fixes.

2024-10-01 12:10:23 +03:00

3 Commits