From b8327aede2591bc2b0825e42d736da1be29249cb Mon Sep 17 00:00:00 2001 From: yangxinyu Date: Wed, 10 Sep 2025 13:58:17 +0800 Subject: [PATCH] [CVE] fix cve-2025-9165 to #bug24229 fix cve-2025-9165 Project: TC2024080204 Signed-off-by:yangxinyu --- cmake-3.30.5-cve-2025-9165.patch | 63 ++++++++++++++++++++++++++++++++ cmake.spec | 10 ++++- 2 files changed, 71 insertions(+), 2 deletions(-) create mode 100644 cmake-3.30.5-cve-2025-9165.patch diff --git a/cmake-3.30.5-cve-2025-9165.patch b/cmake-3.30.5-cve-2025-9165.patch new file mode 100644 index 0000000..b238500 --- /dev/null +++ b/cmake-3.30.5-cve-2025-9165.patch @@ -0,0 +1,63 @@ +From 37e27f71bc356d880c908040cd0cb68fa2c371b8 Mon Sep 17 00:00:00 2001 +From: Tyler Yankee +Date: Wed, 13 Aug 2025 15:22:28 -0400 +Subject: [PATCH] foreach: Explicitly skip replay without iterations + +As written, foreach loops with a trailing `IN` (i.e., no loop +variable(s) given) lead to an assertion error. Handle this case by +exiting early when we know the loop won't execute anything. + +Fixes: #27135 +--- + Source/cmForEachCommand.cxx | 3 +++ + Tests/RunCMake/foreach/RunCMakeTest.cmake | 1 + + Tests/RunCMake/foreach/TrailingIn-result.txt | 1 + + Tests/RunCMake/foreach/TrailingIn.cmake | 5 +++++ + 4 files changed, 10 insertions(+) + create mode 100644 Tests/RunCMake/foreach/TrailingIn-result.txt + create mode 100644 Tests/RunCMake/foreach/TrailingIn.cmake + +diff --git a/Source/cmForEachCommand.cxx b/Source/cmForEachCommand.cxx +index 96867e26587..8b741183885 100644 +--- a/Source/cmForEachCommand.cxx ++++ b/Source/cmForEachCommand.cxx +@@ -100,6 +100,9 @@ bool cmForEachFunctionBlocker::ArgumentsMatch(cmListFileFunction const& lff, + bool cmForEachFunctionBlocker::Replay( + std::vector functions, cmExecutionStatus& inStatus) + { ++ if (this->Args.size() == this->IterationVarsCount) { ++ return true; ++ } + return this->ZipLists ? this->ReplayZipLists(functions, inStatus) + : this->ReplayItems(functions, inStatus); + } +diff --git a/Tests/RunCMake/foreach/RunCMakeTest.cmake b/Tests/RunCMake/foreach/RunCMakeTest.cmake +index 15ca477043f..acfc742ea6f 100644 +--- a/Tests/RunCMake/foreach/RunCMakeTest.cmake ++++ b/Tests/RunCMake/foreach/RunCMakeTest.cmake +@@ -22,3 +22,4 @@ run_cmake(foreach-RANGE-invalid-test) + run_cmake(foreach-RANGE-out-of-range-test) + run_cmake(foreach-var-scope-CMP0124-OLD) + run_cmake(foreach-var-scope-CMP0124-NEW) ++run_cmake(TrailingIn) +diff --git a/Tests/RunCMake/foreach/TrailingIn-result.txt b/Tests/RunCMake/foreach/TrailingIn-result.txt +new file mode 100644 +index 00000000000..573541ac970 +--- /dev/null ++++ b/Tests/RunCMake/foreach/TrailingIn-result.txt +@@ -0,0 +1 @@ ++0 +diff --git a/Tests/RunCMake/foreach/TrailingIn.cmake b/Tests/RunCMake/foreach/TrailingIn.cmake +new file mode 100644 +index 00000000000..e2b5b2f21f7 +--- /dev/null ++++ b/Tests/RunCMake/foreach/TrailingIn.cmake +@@ -0,0 +1,5 @@ ++foreach(v IN) ++endforeach() ++ ++foreach(v1 v2 IN) ++endforeach() +-- +GitLab + diff --git a/cmake.spec b/cmake.spec index dc0d848..fde1acc 100644 --- a/cmake.spec +++ b/cmake.spec @@ -1,4 +1,4 @@ -%define anolis_release 2 +%define anolis_release 3 %bcond_with bootstrap %bcond_without emacs %bcond_without git_test @@ -39,6 +39,9 @@ Patch100: %{name}-findruby.patch Patch200: fix_atomic_error_when_build_on_riscv64.patch +#https://gitlab.kitware.com/cmake/cmake/-/commit/37e27f71bc356d880c908040cd0cb68fa2c371b8 +Patch201: cmake-3.30.5-cve-2025-9165.patch + BuildRequires: coreutils BuildRequires: findutils BuildRequires: gcc-c++ @@ -356,7 +359,10 @@ popd %{_rpmconfigdir}/%{name}.req %changelog -* Tue Jun 03 2025 Shangtong Guo - 3.30.3-2 +* Wed Sep 10 2025 yangxinyu - 3.30.5-3 +- fix cve-2025-9165 + +* Tue Jun 03 2025 Shangtong Guo - 3.30.5-2 - fix atomic link error when build on riscv64 * Thu Feb 27 2025 Zhao Hang - 3.30.5-1 -- Gitee