In commit 51f39a0f32 (Help: Fix install(SBOM) argument typo, 2026-02-27,
v4.3.0-rc2~8^2) the typo was fixed in the wrong signature. Revert that
and fix the correct signature.
Try to be a bit more consistent about:
- Placing angle brackets around text which serves as a placeholder
rather than being literal.
- Using curly brackets rather than angle brackets to denote groups where
one of the options is required.
- Describing optional list arguments like `<x>...` rather than
`[<x>...]`. (Instances of lists not associated with keywords are
intentionally left as-is, however.)
Also, teach our CMake lexer to understand curly braces used as above
(prior uses were only in parsed literals without syntax highlighting),
and to highlight them (and remaining uses of angle braces) as the type
Punctuation rather than the type Operator, for consistency with square
braces.
Add explicit cross-references for commands which optionally take an
output variable (otherwise modifying their input in-place) for clarity.
Note that `cmake_path` should not be used to modify variables reserved
by CMake.
Improve references to the "CMake-style" semicolon-separated lists, and
apply those corresponding changes to the `file` command page.
Remove basic CPS import and export from 'experimental' status. Update
documentation and tests accordingly.
Note that mapped exports (CMAKE_EXPERIMENTAL_MAPPED_PACKAGE_INFO) are
still experimental.
Previously, `CMAKE_<LANG>_LINK_FLAGS` was an undocumented variable used
for linking executables only. Re-spell that variable mirroring the
existing spellings for shared and module libraries, and add policy
CMP0210 to preserve compatibility.
Then, repurpose `CMAKE_<LANG>_LINK_FLAGS` to provide a variable to be
used for per-language link flags for all target types, along with a
per-configuration variant. These are added to the `<LINK_FLAGS>` rule
placeholder in the generators.
Fixes: #21934
Relates: #25620
Co-authored-by: Brad King <brad.king@kitware.com>
Add security flags to libarchive extraction to prevent path traversal
(Zip Slip) and absolute path attacks:
- ARCHIVE_EXTRACT_SECURE_NODOTDOT: Block ".." path components
- ARCHIVE_EXTRACT_SECURE_NOABSOLUTEPATHS: Block absolute paths
- ARCHIVE_EXTRACT_SECURE_SYMLINKS: Block symlinks escaping extract dir
This hardens both `cmake -E tar` and `file(ARCHIVE_EXTRACT)` against
malicious archives that attempt to write files outside the intended
extraction directory.
Change the interface of the `export` command so that `PACKAGE_INFO` and
`SBOM` are proper, first-level sub-commands, rather than being implemented via
`export(EXPORT ... (PACKAGE_INFO|SBOM) ...)`. This brings consistency with the
`install` command and also simplifies argument parsing.
Update the documentation and test cases accordingly. Some of the
argument handling test cases are now rather gratuitous, and are removed,
which also improves consistency with the `install` tests.
8ec5a595cd cmSbom: Add documentation for `install(SBOM)` and `export(SBOM)`
83671f2d87 cmSbom: Add `export(SBOM)` build generators and unit tests
f2027a886b cmSbom: Add `install(SBOM)` generator and unit tests
dcadde3662 CPS: Refactor ForbidGeneratorExpressions into cmGeneratorExpression
bcb6f689a4 cmExportInstallFileGenerator: Allow overriding of CheckInterfaceDirs
6d6c37c90d cmPackageInfoArguments: Extract common values
8c6676b2ea cmFindPackage: Fix PACKAGE_VERSION not being set when rebuilding
Acked-by: Kitware Robot <kwrobot@kitware.com>
Tested-by: buildbot <buildbot@kitware.com>
Merge-request: !11396