Skip to content

[liblzma] Add sandbox feature#50072

Merged
JavierMatosD merged 1 commit into
microsoft:masterfrom
bansan85:49986-liblzma-sandbox
Feb 25, 2026
Merged

[liblzma] Add sandbox feature#50072
JavierMatosD merged 1 commit into
microsoft:masterfrom
bansan85:49986-liblzma-sandbox

Conversation

@bansan85

Copy link
Copy Markdown
Contributor

Fixes #49986

  • Changes comply with the maintainer guide.
  • SHA512s are updated for each updated download.
  • The "supports" clause reflects platforms that may be fixed by this new version.
  • Any fixed CI baseline entries are removed from that file.
  • Any patches that are no longer applied are deleted from the port's directory.
  • The version database is fixed by rerunning ./vcpkg x-add-version --all and committing the result.
  • Only one version is added to each modified port's versions file.

@bansan85 bansan85 marked this pull request as draft February 18, 2026 08:18
@bansan85 bansan85 force-pushed the 49986-liblzma-sandbox branch from 2cc75b1 to 5b70779 Compare February 18, 2026 08:36
@bansan85 bansan85 marked this pull request as ready for review February 18, 2026 08:36
@bansan85 bansan85 marked this pull request as draft February 18, 2026 09:16
@bansan85 bansan85 force-pushed the 49986-liblzma-sandbox branch 2 times, most recently from 9d92d8e to 2f0cbec Compare February 18, 2026 09:54
@bansan85 bansan85 marked this pull request as ready for review February 18, 2026 11:23
@bansan85 bansan85 force-pushed the 49986-liblzma-sandbox branch from 2f0cbec to 5fbc89f Compare February 18, 2026 11:42

@BillyONeal BillyONeal left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To get in this condition you have to be writing a triplet to pass in the -fsanitize, and the bug also describes a way to do this without introducing a feature.in the triplet. I'm not sure adding this feature actually fixes a problem?

Comment thread ports/liblzma/vcpkg.json Outdated
}
],
"default-features": [
"sandbox"

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In general we have taken a dim view of the default-features feature because user feedback has been that they feel disabling default features is impossible; this inserts a feature constraint into almost every existing use of "liblzma" in the registry. I think this needs to be a non-default feature unless the library is entirely useless without it.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this needs to be a non-default feature unless the library is entirely useless without it.

But what is the desired default configuration: sandbox on or sandbox off? Is it related to security?

IIRC the "dim view" on default-features is also related to that user would need to know what they can turn off or which ports must be fixed when maintainers make poor choices. IMO the absence of default features means that users must know or study all dependencies to ensure upstreams' default security and functional capabilities are actually engaged.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I agree with you both, that why we need a way that user can choose not install a specific feature, even if it a default.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

something like: liblzma[!sandbox]

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I set sandbox to default because it's enabled by default.

I dug a little. Sandbox is used only by tools. Since vcpkg is mainly used to build lib and not tools / executables, the sandbox feature can be disabled by default.

I will open an issue in the xz project to not generate a fatal error if sanitization is enabled with XZ_SANDBOX set to "auto" to just disable the sandbox.

@bansan85

Copy link
Copy Markdown
Contributor Author

To get in this condition you have to be writing a triplet to pass in the -fsanitize, and the bug also describes a way to do this without introducing a feature.in the triplet. I'm not sure adding this feature actually fixes a problem?

I don't like adding a port specification in triplet. That's why I implemented it as a feature.

But at second thought, I could also fixed it by patching the source to not fail if XZ_SANDBOX is set to auto and to disable sandbox feature.

https://github.com/tukaani-project/xz/blob/1007bf08b5fddf088b3131e692210af4b4b7fd8c/CMakeLists.txt#L1921

What do you prefer ?

@bansan85

Copy link
Copy Markdown
Contributor Author

I reported the problem to upstream and sent a MR

tukaani-project/xz#209

@bansan85

Copy link
Copy Markdown
Contributor Author

Patching CMakeLists.txt is not a good solution.

So there are two solutions:

  • Add a feature to build tools with sandbox (my current implementation). I know that disabling feature is not easy. It's tools only, so I can disable it by default.
  • Check VCPKG_C_FLAGS in portfile.cmake to see if -fsanitize= is used and set XZ_SANDBOX=no.

Do you have a preference?

@JavierMatosD JavierMatosD left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sandbox is used only by tools.

If Sandbox only affects tools feature, then should it be a part of the tools feature logic internally rather than exposing it as a user facing feature? Something like "if tools is enabled, sandbox is auto; if not, no". I think that could work if you can show proof that this only affects tools. I'd still be concerned with anyone who wants tools but doesn't want Sandbox would be unable to disable it easily. That said, upstream enables it by default. I agree with @BillyONeal that this should not be a default feature.

It seems upstream intentionally kept this an error -> tukaani-project/xz#209 (comment) "A fair bit of thinking and discussion occurred before tukaani-project/xz@88588b1 was committed in late 2023. I think the commit is still good, and "auto" should behave like it does now."

@JavierMatosD JavierMatosD marked this pull request as draft February 19, 2026 23:12
@bansan85

Copy link
Copy Markdown
Contributor Author

In CMakeLists.txt, sandbox option set SANDBOX_COMPILE_DEFINITION definition.

SANDBOX_COMPILE_DEFINITION is used in sandbox.c and xzdec.c

xzdec is a tool.

sandbox.c is only used in xz command line tool.

@bansan85 bansan85 force-pushed the 49986-liblzma-sandbox branch from 5fbc89f to e4a8f3e Compare February 24, 2026 10:11
@bansan85 bansan85 marked this pull request as ready for review February 24, 2026 10:11
@bansan85 bansan85 force-pushed the 49986-liblzma-sandbox branch from e4a8f3e to af763f0 Compare February 24, 2026 10:24
@JavierMatosD JavierMatosD merged commit 39e25a6 into microsoft:master Feb 25, 2026
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

[liblzma] Add feature to disable sandbox

5 participants