Protect our `$0` reference in the shell as `"$0"`. Otherwise it works
with a space in the path only due to an insecure Windows feature.
Prior to this fix, any installer using the option added by commit
v2.8.9~234^2 (Added CPACK_NSIS_ENABLE_UNINSTALL_BEFORE_INSTALL,
2011-06-11) exposes a local privilege escalation vulnerability.
Reported-by: Amir Szekely <kichik@gmail.com>
Reported-by: Ug_0 Security
Revert these commits:
* v3.6.0-rc1~134^2
Tests: QtAutogen: Same source name in different directories test, 2016-04-13
* v3.6.0-rc1~134^2~1
Autogen: Generate qrc_NAME.cpp files in subdirectories, 2016-04-19
* v3.6.0-rc1~134^2~2
Autogen: Generate not included moc files in subdirectories, 2016-04-19
They regress existing builds that depend on the paths/symbols generated
previously. Another approach will be needed to solve the name collision
problem they were intended to solve. Leave the error diagnostics for
the colliding cases that were added in the same topic as the above
commits because they provide a useful early failure in relevant cases.
Fixes#16209.
Factor CMAKE_<LANG>_USE_RESPONSE_FILE_FOR_{OBJECTS,LIBRARIES} lookup out
into a common helper. Use a separate helper for each because more
specific logic may be added to each later.
Custom command dependencies are followed for each target's source files
and add their transitive closure to the corresponding target. This
means that when a custom command in one target has a dependency on a
custom command in another target, both will appear in the dependent
target's sources. For the Makefile, VS IDE, and Xcode generators this
is not a problem because each target gets its own independent build
system that is evaluated in target dependency order. By the time the
dependent target is built the custom command that belongs to one of its
dependencies will already have been brought up to date.
For the Ninja generator we need to generate a monolithic build system
covering all targets so we can have only one copy of a custom command.
This means that we need to reconcile the target-level ordering
dependencies from its appearance in multiple targets to include only the
least-dependent common set. This is done by computing the set
intersection of the dependencies of all the targets containing a custom
command. However, we previously included only the direct dependencies
so any target-level dependency not directly added to all targets into
which a custom command propagates was discarded.
Fix this by computing the transitive closure of dependencies for each
target and then intersecting those sets. That will get the common set
of dependencies. Also add a test to cover a case in which the
incorrectly dropped target ordering dependencies would fail.
Although we provide a `VS_GLOBAL_ROOTNAMESPACE` option to both set
the `RootNamespace` value and reference it, some users may try to
set `VS_GLOBAL_RootNamespace` to set `RootNamespace` as a variant
of the `VS_GLOBAL_<variable>` property. In this case we still
need to add the reference to `$(RootNamespace)`.
Code extracted from:
http://public.kitware.com/KWSys.git
at commit 9d1dbd95835638e4c0fcf74dc8020cd4cd3426c1 (master).
Upstream Shortlog
-----------------
Dāvis Mosāns (2):
d2cdfc6d FStream: Use common base for basic_ifstream and basic_ofstream
9d1dbd95 FStream: Add MinGW support
Since commit v3.6.0-rc1~339^2 (CPack: Fix CPACK_INSTALL_CMAKE_PROJECTS
SubDirectory (4th) option, 2016-02-18) we now honor the "Directory"
option of this variable. Prior to that commit the value was not used
so projects may have used a placeholder value like `.` instead of `/`.
Treat `.` the same as `/` to restore compatibility with such projects.
Fixes#16205.
Code extracted from:
http://public.kitware.com/KWSys.git
at commit f396bf43fc8a3e475e703acb99d629d123dbd003 (master).
Upstream Shortlog
-----------------
Brad King (2):
e43689db SystemTools: Factor out environment storage class
2aa7dd82 SystemTools: Do not free buffer passed to putenv("A=") on Windows
Dāvis Mosāns (4):
19c31914 SystemTools: Abstract environment storage character type
61301786 SystemTools: Tweak GetEnv/PutEnv implementation layout
85920d53 SystemTools: Teach GetEnv/PutEnv to use correct encoding on Windows
f396bf43 SystemTools: Add HasEnv function
Add an explicit `<Natvis>` element in VS project files for `*.natvis`
files. These enable custom debug visualizers for project-specific
types.
Fixes#16043.
Use `sysconf(_SC_ARG_MAX)` wherever `_SC_ARG_MAX` is available instead
of hard-coding an incomplete list of operating systems that implement
it. In particular, it is available on BSD platforms that were not
previously listed.
Commit v3.6.0-rc1~174^2~1 (cmGlobalNinjaGenerator: Clarify logic for
forcing use of response files, 2016-04-06) started using negative
command line length values to represent forced use of response files but
forgot to update `calculateCommandLineLengthLimit()` accordingly. Teach
it to return `0` instead of `-1` when no limit is computed from the
system to avoid forcing response files.
Reported-by: Raphael Kubo da Costa <rakuco@FreeBSD.org>
8a98cf64 Honor CMAKE_*_LINKER_FLAGS[_<CONFIG>]_INIT set in toolchain files
37d15c39 MSVC: Set all CMAKE_*_LINKER_FLAGS_INIT directly
55c884ed Embarcadero: Set all CMAKE_*_LINKER_FLAGS_INIT directly
aec3c79a Strip CMAKE_*_LINKER_FLAGS[_<CONFIG>] initializer whitespace