diff --git a/backport-CVE-2025-9301.patch b/backport-CVE-2025-9301.patch new file mode 100644 index 0000000000000000000000000000000000000000..b2385008f57dbfdd728585fb76d1b8ad1fa4eba5 --- /dev/null +++ b/backport-CVE-2025-9301.patch @@ -0,0 +1,63 @@ +From 37e27f71bc356d880c908040cd0cb68fa2c371b8 Mon Sep 17 00:00:00 2001 +From: Tyler Yankee +Date: Wed, 13 Aug 2025 15:22:28 -0400 +Subject: [PATCH] foreach: Explicitly skip replay without iterations + +As written, foreach loops with a trailing `IN` (i.e., no loop +variable(s) given) lead to an assertion error. Handle this case by +exiting early when we know the loop won't execute anything. + +Fixes: #27135 +--- + Source/cmForEachCommand.cxx | 3 +++ + Tests/RunCMake/foreach/RunCMakeTest.cmake | 1 + + Tests/RunCMake/foreach/TrailingIn-result.txt | 1 + + Tests/RunCMake/foreach/TrailingIn.cmake | 5 +++++ + 4 files changed, 10 insertions(+) + create mode 100644 Tests/RunCMake/foreach/TrailingIn-result.txt + create mode 100644 Tests/RunCMake/foreach/TrailingIn.cmake + +diff --git a/Source/cmForEachCommand.cxx b/Source/cmForEachCommand.cxx +index 96867e26587..8b741183885 100644 +--- a/Source/cmForEachCommand.cxx ++++ b/Source/cmForEachCommand.cxx +@@ -100,6 +100,9 @@ bool cmForEachFunctionBlocker::ArgumentsMatch(cmListFileFunction const& lff, + bool cmForEachFunctionBlocker::Replay( + std::vector functions, cmExecutionStatus& inStatus) + { ++ if (this->Args.size() == this->IterationVarsCount) { ++ return true; ++ } + return this->ZipLists ? this->ReplayZipLists(functions, inStatus) + : this->ReplayItems(functions, inStatus); + } +diff --git a/Tests/RunCMake/foreach/RunCMakeTest.cmake b/Tests/RunCMake/foreach/RunCMakeTest.cmake +index 15ca477043f..acfc742ea6f 100644 +--- a/Tests/RunCMake/foreach/RunCMakeTest.cmake ++++ b/Tests/RunCMake/foreach/RunCMakeTest.cmake +@@ -22,3 +22,4 @@ run_cmake(foreach-RANGE-invalid-test) + run_cmake(foreach-RANGE-out-of-range-test) + run_cmake(foreach-var-scope-CMP0124-OLD) + run_cmake(foreach-var-scope-CMP0124-NEW) ++run_cmake(TrailingIn) +diff --git a/Tests/RunCMake/foreach/TrailingIn-result.txt b/Tests/RunCMake/foreach/TrailingIn-result.txt +new file mode 100644 +index 00000000000..573541ac970 +--- /dev/null ++++ b/Tests/RunCMake/foreach/TrailingIn-result.txt +@@ -0,0 +1 @@ ++0 +diff --git a/Tests/RunCMake/foreach/TrailingIn.cmake b/Tests/RunCMake/foreach/TrailingIn.cmake +new file mode 100644 +index 00000000000..e2b5b2f21f7 +--- /dev/null ++++ b/Tests/RunCMake/foreach/TrailingIn.cmake +@@ -0,0 +1,5 @@ ++foreach(v IN) ++endforeach() ++ ++foreach(v1 v2 IN) ++endforeach() +-- +GitLab + diff --git a/cmake.spec b/cmake.spec index 2078c36c3ad6d70a84076d960bf3f34432fe7ced..6d23483a0c1bd92a7095f35b3484546df4fbc7ea 100644 --- a/cmake.spec +++ b/cmake.spec @@ -11,7 +11,7 @@ Name: cmake Version: 3.22.0 -Release: 10 +Release: 11 Summary: Cross-platform make system License: BSD and MIT and zlib URL: http://www.cmake.org @@ -26,6 +26,7 @@ Patch1: cmake-fedora-flag_release.patch Patch2: cmake-mingw-dl.patch Patch3: cmake-3.22.0-sw.patch Patch4: fix-messy-code-for-openssl-1.1.1wa-version.patch +Patch6001: backport-CVE-2025-9301.patch BuildRequires: coreutils findutils gcc-c++ gcc-gfortran sed BuildRequires: emacs python3-devel pkgconfig(Qt5Widgets) desktop-file-utils @@ -104,7 +105,7 @@ BuildArch: noarch Documentation for cmake. %prep -%setup -n cmake-%{version}%{?versuf} +%setup -qn cmake-%{version}%{?versuf} %patch0 -p1 %patch1 -p1 %patch2 -p1 @@ -112,6 +113,7 @@ Documentation for cmake. %patch3 -p1 %endif %patch4 -p1 +%patch6001 -p1 sed '1c #!%{__python3}' %{SOURCE4} > cmake.prov sed '1c #!%{__python3}' %{SOURCE5} > cmake.req @@ -244,6 +246,9 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : %exclude %{_pkgdocdir}/Copyright.txt %changelog +* Mon Aug 25 2025 Funda Wang - 3.22.0-11 +- fix CVE-2025-9301 + * Thu Jan 23 2025 fuanan - 3.22.0-10 - remove the architecture judgment in the patches section; - include all patches in the source package.