Skip to content

Commit 275706f

Browse files
azurelinux-securityazurelinux-security
committed
Patch cmake for CVE-2025-9301 
1 parent ce6a809 commit 275706f

File tree

4 files changed

+74
-5
lines changed

4 files changed

+74
-5
lines changed

SPECS/cmake/CVE-2025-9301.patch

Lines changed: 65 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,65 @@
1+
From 31976ee4e1b384aa571f9cb5377bf5e0c31bca46 Mon Sep 17 00:00:00 2001
2+
From: Tyler Yankee <[email protected]>
3+
Date: Wed, 13 Aug 2025 15:22:28 -0400
4+
Subject: [PATCH] foreach: Explicitly skip replay without iterations
5+
6+
As written, foreach loops with a trailing `IN` (i.e., no loop
7+
variable(s) given) lead to an assertion error. Handle this case by
8+
exiting early when we know the loop won't execute anything.
9+
10+
Fixes: #27135
11+
Signed-off-by: Azure Linux Security Servicing Account <[email protected]>
12+
Upstream-reference: https://gitlab.kitware.com/cmake/cmake/-/commit/37e27f71bc356d880c908040cd0cb68fa2c371b8.patch
13+
---
14+
Source/cmForEachCommand.cxx | 3 +++
15+
Tests/RunCMake/foreach/RunCMakeTest.cmake | 1 +
16+
Tests/RunCMake/foreach/TrailingIn-result.txt | 1 +
17+
Tests/RunCMake/foreach/TrailingIn.cmake | 5 +++++
18+
4 files changed, 10 insertions(+)
19+
create mode 100644 Tests/RunCMake/foreach/TrailingIn-result.txt
20+
create mode 100644 Tests/RunCMake/foreach/TrailingIn.cmake
21+
22+
diff --git a/Source/cmForEachCommand.cxx b/Source/cmForEachCommand.cxx
23+
index 33dae79f..9b9a60b3 100644
24+
--- a/Source/cmForEachCommand.cxx
25+
+++ b/Source/cmForEachCommand.cxx
26+
@@ -101,6 +101,9 @@ bool cmForEachFunctionBlocker::ArgumentsMatch(cmListFileFunction const& lff,
27+
bool cmForEachFunctionBlocker::Replay(
28+
std::vector<cmListFileFunction> functions, cmExecutionStatus& inStatus)
29+
{
30+
+ if (this->Args.size() == this->IterationVarsCount) {
31+
+ return true;
32+
+ }
33+
return this->ZipLists ? this->ReplayZipLists(functions, inStatus)
34+
: this->ReplayItems(functions, inStatus);
35+
}
36+
diff --git a/Tests/RunCMake/foreach/RunCMakeTest.cmake b/Tests/RunCMake/foreach/RunCMakeTest.cmake
37+
index 15ca4770..acfc742e 100644
38+
--- a/Tests/RunCMake/foreach/RunCMakeTest.cmake
39+
+++ b/Tests/RunCMake/foreach/RunCMakeTest.cmake
40+
@@ -22,3 +22,4 @@ run_cmake(foreach-RANGE-invalid-test)
41+
run_cmake(foreach-RANGE-out-of-range-test)
42+
run_cmake(foreach-var-scope-CMP0124-OLD)
43+
run_cmake(foreach-var-scope-CMP0124-NEW)
44+
+run_cmake(TrailingIn)
45+
diff --git a/Tests/RunCMake/foreach/TrailingIn-result.txt b/Tests/RunCMake/foreach/TrailingIn-result.txt
46+
new file mode 100644
47+
index 00000000..573541ac
48+
--- /dev/null
49+
+++ b/Tests/RunCMake/foreach/TrailingIn-result.txt
50+
@@ -0,0 +1 @@
51+
+0
52+
diff --git a/Tests/RunCMake/foreach/TrailingIn.cmake b/Tests/RunCMake/foreach/TrailingIn.cmake
53+
new file mode 100644
54+
index 00000000..e2b5b2f2
55+
--- /dev/null
56+
+++ b/Tests/RunCMake/foreach/TrailingIn.cmake
57+
@@ -0,0 +1,5 @@
58+
+foreach(v IN)
59+
+endforeach()
60+
+
61+
+foreach(v1 v2 IN)
62+
+endforeach()
63+
--
64+
2.45.4
65+

SPECS/cmake/cmake.spec

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
Summary: Cmake
33
Name: cmake
44
Version: 3.30.3
5-
Release: 8%{?dist}
5+
Release: 9%{?dist}
66
License: BSD AND LGPLv2+
77
Vendor: Microsoft Corporation
88
Distribution: Azure Linux
@@ -30,6 +30,7 @@ Patch10: CVE-2025-4947.patch
3030
Patch11: CVE-2025-5916.patch
3131
Patch12: CVE-2025-5917.patch
3232
Patch13: CVE-2025-5918.patch
33+
Patch14: CVE-2025-9301.patch
3334

3435
BuildRequires: bzip2
3536
BuildRequires: bzip2-devel
@@ -110,6 +111,9 @@ bin/ctest --force-new-ctest-process --rerun-failed --output-on-failure
110111
%{_libdir}/rpm/macros.d/macros.cmake
111112

112113
%changelog
114+
* Mon Sep 01 2025 Azure Linux Security Servicing Account <[email protected]> - 3.30.3-9
115+
- Patch for CVE-2025-9301
116+
113117
* Tue Jun 24 2025 Durga Jagadeesh Palli <[email protected]> - 3.30.3-8
114118
- Patch CVE-2025-5916, CVE-2025-5917 & CVE-2025-5918
115119

toolkit/resources/manifests/package/toolchain_aarch64.txt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -51,8 +51,8 @@ check-debuginfo-0.15.2-1.azl3.aarch64.rpm
5151
chkconfig-1.25-1.azl3.aarch64.rpm
5252
chkconfig-debuginfo-1.25-1.azl3.aarch64.rpm
5353
chkconfig-lang-1.25-1.azl3.aarch64.rpm
54-
cmake-3.30.3-8.azl3.aarch64.rpm
55-
cmake-debuginfo-3.30.3-8.azl3.aarch64.rpm
54+
cmake-3.30.3-9.azl3.aarch64.rpm
55+
cmake-debuginfo-3.30.3-9.azl3.aarch64.rpm
5656
coreutils-9.4-6.azl3.aarch64.rpm
5757
coreutils-debuginfo-9.4-6.azl3.aarch64.rpm
5858
coreutils-lang-9.4-6.azl3.aarch64.rpm

toolkit/resources/manifests/package/toolchain_x86_64.txt

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -54,8 +54,8 @@ check-debuginfo-0.15.2-1.azl3.x86_64.rpm
5454
chkconfig-1.25-1.azl3.x86_64.rpm
5555
chkconfig-debuginfo-1.25-1.azl3.x86_64.rpm
5656
chkconfig-lang-1.25-1.azl3.x86_64.rpm
57-
cmake-3.30.3-8.azl3.x86_64.rpm
58-
cmake-debuginfo-3.30.3-8.azl3.x86_64.rpm
57+
cmake-3.30.3-9.azl3.x86_64.rpm
58+
cmake-debuginfo-3.30.3-9.azl3.x86_64.rpm
5959
coreutils-9.4-6.azl3.x86_64.rpm
6060
coreutils-debuginfo-9.4-6.azl3.x86_64.rpm
6161
coreutils-lang-9.4-6.azl3.x86_64.rpm

0 commit comments

Comments
 (0)