[oe-core][walnascar][PATCH 1/1] cmake: fix CVE-2025-9301

public inbox for openembedded-core@lists.openembedded.org
 help / color / mirror / Atom feed

* [oe-core][walnascar][PATCH 1/1] cmake: fix CVE-2025-9301
@ 2025-10-16 14:14 Saravanan
  2025-10-16 14:17 ` Gyorgy Sarvari
  0 siblings, 1 reply; 2+ messages in thread
From: Saravanan @ 2025-10-16 14:14 UTC (permalink / raw)
  To: openembedded-core

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-9301
https://gitlab.kitware.com/cmake/cmake/-/issues/27135

Upstream-patch:
https://gitlab.kitware.com/cmake/cmake/-/commit/37e27f71bc356d880c908040cd0cb68fa2c371b8

Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
---
 .../cmake/cmake/CVE-2025-9301.patch           | 71 +++++++++++++++++++
 meta/recipes-devtools/cmake/cmake_3.31.6.bb   |  1 +
 2 files changed, 72 insertions(+)
 create mode 100644 meta/recipes-devtools/cmake/cmake/CVE-2025-9301.patch

diff --git a/meta/recipes-devtools/cmake/cmake/CVE-2025-9301.patch b/meta/recipes-devtools/cmake/cmake/CVE-2025-9301.patch
new file mode 100644
index 0000000000..a5bb2b5f92
--- /dev/null
+++ b/meta/recipes-devtools/cmake/cmake/CVE-2025-9301.patch
@@ -0,0 +1,71 @@
+From 37e27f71bc356d880c908040cd0cb68fa2c371b8 Mon Sep 17 00:00:00 2001
+From: Tyler Yankee <tyler.yankee@kitware.com>
+Date: Wed, 13 Aug 2025 15:22:28 -0400
+Subject: [PATCH] foreach: Explicitly skip replay without iterations
+
+As written, foreach loops with a trailing `IN` (i.e., no loop
+variable(s) given) lead to an assertion error. Handle this case by
+exiting early when we know the loop won't execute anything.
+
+Fixes: #27135
+
+CVE: CVE-2025-9301
+
+Upstream-Status: Backport
+https://gitlab.kitware.com/cmake/cmake/-/commit/37e27f71bc356d880c908040cd0cb68fa2c371b8
+
+Signed-off-by: Tyler Yankee <tyler.yankee@kitware.com>
+Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
+---
+ Source/cmForEachCommand.cxx                  | 3 +++
+ Tests/RunCMake/foreach/RunCMakeTest.cmake    | 1 +
+ Tests/RunCMake/foreach/TrailingIn-result.txt | 1 +
+ Tests/RunCMake/foreach/TrailingIn.cmake      | 5 +++++
+ 4 files changed, 10 insertions(+)
+ create mode 100644 Tests/RunCMake/foreach/TrailingIn-result.txt
+ create mode 100644 Tests/RunCMake/foreach/TrailingIn.cmake
+
+diff --git a/Source/cmForEachCommand.cxx b/Source/cmForEachCommand.cxx
+index 33dae79f..9b9a60b3 100644
+--- a/Source/cmForEachCommand.cxx
++++ b/Source/cmForEachCommand.cxx
+@@ -101,6 +101,9 @@ bool cmForEachFunctionBlocker::ArgumentsMatch(cmListFileFunction const& lff,
+ bool cmForEachFunctionBlocker::Replay(
+   std::vector<cmListFileFunction> functions, cmExecutionStatus& inStatus)
+ {
++  if (this->Args.size() == this->IterationVarsCount) {
++    return true;
++  }
+   return this->ZipLists ? this->ReplayZipLists(functions, inStatus)
+                         : this->ReplayItems(functions, inStatus);
+ }
+diff --git a/Tests/RunCMake/foreach/RunCMakeTest.cmake b/Tests/RunCMake/foreach/RunCMakeTest.cmake
+index 15ca4770..acfc742e 100644
+--- a/Tests/RunCMake/foreach/RunCMakeTest.cmake
++++ b/Tests/RunCMake/foreach/RunCMakeTest.cmake
+@@ -22,3 +22,4 @@ run_cmake(foreach-RANGE-invalid-test)
+ run_cmake(foreach-RANGE-out-of-range-test)
+ run_cmake(foreach-var-scope-CMP0124-OLD)
+ run_cmake(foreach-var-scope-CMP0124-NEW)
++run_cmake(TrailingIn)
+diff --git a/Tests/RunCMake/foreach/TrailingIn-result.txt b/Tests/RunCMake/foreach/TrailingIn-result.txt
+new file mode 100644
+index 00000000..573541ac
+--- /dev/null
++++ b/Tests/RunCMake/foreach/TrailingIn-result.txt
+@@ -0,0 +1 @@
++0
+diff --git a/Tests/RunCMake/foreach/TrailingIn.cmake b/Tests/RunCMake/foreach/TrailingIn.cmake
+new file mode 100644
+index 00000000..e2b5b2f2
+--- /dev/null
++++ b/Tests/RunCMake/foreach/TrailingIn.cmake
+@@ -0,0 +1,5 @@
++foreach(v IN)
++endforeach()
++
++foreach(v1 v2 IN)
++endforeach()
+-- 
+2.49.1
+
diff --git a/meta/recipes-devtools/cmake/cmake_3.31.6.bb b/meta/recipes-devtools/cmake/cmake_3.31.6.bb
index 2d343d6f52..a71928ea9c 100644
--- a/meta/recipes-devtools/cmake/cmake_3.31.6.bb
+++ b/meta/recipes-devtools/cmake/cmake_3.31.6.bb
@@ -11,6 +11,7 @@ SRC_URI:append:class-nativesdk = " \
     file://cmake-setup.py \
     file://environment.d-cmake.sh \
 "
+SRC_URI += "file://CVE-2025-9301.patch"
 
 LICENSE:append = " & BSD-1-Clause & MIT"
 LIC_FILES_CHKSUM:append = " \
-- 
2.49.1



^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [oe-core][walnascar][PATCH 1/1] cmake: fix CVE-2025-9301
  2025-10-16 14:14 [oe-core][walnascar][PATCH 1/1] cmake: fix CVE-2025-9301 Saravanan
@ 2025-10-16 14:17 ` Gyorgy Sarvari
  0 siblings, 0 replies; 2+ messages in thread
From: Gyorgy Sarvari @ 2025-10-16 14:17 UTC (permalink / raw)
  To: saravanan.kadambathursubramaniyam, openembedded-core

Unless something extraordinary happens, today's Walnascar release is the
last one from that branch. Most likely patches for Walnascar will not be
applied anymore.

On 10/16/25 16:14, Kadambathur Subramaniyam, Saravanan via
lists.openembedded.org wrote:
> Reference:
> https://nvd.nist.gov/vuln/detail/CVE-2025-9301
> https://gitlab.kitware.com/cmake/cmake/-/issues/27135
>
> Upstream-patch:
> https://gitlab.kitware.com/cmake/cmake/-/commit/37e27f71bc356d880c908040cd0cb68fa2c371b8
>
> Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
> ---
>  .../cmake/cmake/CVE-2025-9301.patch           | 71 +++++++++++++++++++
>  meta/recipes-devtools/cmake/cmake_3.31.6.bb   |  1 +
>  2 files changed, 72 insertions(+)
>  create mode 100644 meta/recipes-devtools/cmake/cmake/CVE-2025-9301.patch
>
> diff --git a/meta/recipes-devtools/cmake/cmake/CVE-2025-9301.patch b/meta/recipes-devtools/cmake/cmake/CVE-2025-9301.patch
> new file mode 100644
> index 0000000000..a5bb2b5f92
> --- /dev/null
> +++ b/meta/recipes-devtools/cmake/cmake/CVE-2025-9301.patch
> @@ -0,0 +1,71 @@
> +From 37e27f71bc356d880c908040cd0cb68fa2c371b8 Mon Sep 17 00:00:00 2001
> +From: Tyler Yankee <tyler.yankee@kitware.com>
> +Date: Wed, 13 Aug 2025 15:22:28 -0400
> +Subject: [PATCH] foreach: Explicitly skip replay without iterations
> +
> +As written, foreach loops with a trailing `IN` (i.e., no loop
> +variable(s) given) lead to an assertion error. Handle this case by
> +exiting early when we know the loop won't execute anything.
> +
> +Fixes: #27135
> +
> +CVE: CVE-2025-9301
> +
> +Upstream-Status: Backport
> +https://gitlab.kitware.com/cmake/cmake/-/commit/37e27f71bc356d880c908040cd0cb68fa2c371b8
> +
> +Signed-off-by: Tyler Yankee <tyler.yankee@kitware.com>
> +Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
> +---
> + Source/cmForEachCommand.cxx                  | 3 +++
> + Tests/RunCMake/foreach/RunCMakeTest.cmake    | 1 +
> + Tests/RunCMake/foreach/TrailingIn-result.txt | 1 +
> + Tests/RunCMake/foreach/TrailingIn.cmake      | 5 +++++
> + 4 files changed, 10 insertions(+)
> + create mode 100644 Tests/RunCMake/foreach/TrailingIn-result.txt
> + create mode 100644 Tests/RunCMake/foreach/TrailingIn.cmake
> +
> +diff --git a/Source/cmForEachCommand.cxx b/Source/cmForEachCommand.cxx
> +index 33dae79f..9b9a60b3 100644
> +--- a/Source/cmForEachCommand.cxx
> ++++ b/Source/cmForEachCommand.cxx
> +@@ -101,6 +101,9 @@ bool cmForEachFunctionBlocker::ArgumentsMatch(cmListFileFunction const& lff,
> + bool cmForEachFunctionBlocker::Replay(
> +   std::vector<cmListFileFunction> functions, cmExecutionStatus& inStatus)
> + {
> ++  if (this->Args.size() == this->IterationVarsCount) {
> ++    return true;
> ++  }
> +   return this->ZipLists ? this->ReplayZipLists(functions, inStatus)
> +                         : this->ReplayItems(functions, inStatus);
> + }
> +diff --git a/Tests/RunCMake/foreach/RunCMakeTest.cmake b/Tests/RunCMake/foreach/RunCMakeTest.cmake
> +index 15ca4770..acfc742e 100644
> +--- a/Tests/RunCMake/foreach/RunCMakeTest.cmake
> ++++ b/Tests/RunCMake/foreach/RunCMakeTest.cmake
> +@@ -22,3 +22,4 @@ run_cmake(foreach-RANGE-invalid-test)
> + run_cmake(foreach-RANGE-out-of-range-test)
> + run_cmake(foreach-var-scope-CMP0124-OLD)
> + run_cmake(foreach-var-scope-CMP0124-NEW)
> ++run_cmake(TrailingIn)
> +diff --git a/Tests/RunCMake/foreach/TrailingIn-result.txt b/Tests/RunCMake/foreach/TrailingIn-result.txt
> +new file mode 100644
> +index 00000000..573541ac
> +--- /dev/null
> ++++ b/Tests/RunCMake/foreach/TrailingIn-result.txt
> +@@ -0,0 +1 @@
> ++0
> +diff --git a/Tests/RunCMake/foreach/TrailingIn.cmake b/Tests/RunCMake/foreach/TrailingIn.cmake
> +new file mode 100644
> +index 00000000..e2b5b2f2
> +--- /dev/null
> ++++ b/Tests/RunCMake/foreach/TrailingIn.cmake
> +@@ -0,0 +1,5 @@
> ++foreach(v IN)
> ++endforeach()
> ++
> ++foreach(v1 v2 IN)
> ++endforeach()
> +-- 
> +2.49.1
> +
> diff --git a/meta/recipes-devtools/cmake/cmake_3.31.6.bb b/meta/recipes-devtools/cmake/cmake_3.31.6.bb
> index 2d343d6f52..a71928ea9c 100644
> --- a/meta/recipes-devtools/cmake/cmake_3.31.6.bb
> +++ b/meta/recipes-devtools/cmake/cmake_3.31.6.bb
> @@ -11,6 +11,7 @@ SRC_URI:append:class-nativesdk = " \
>      file://cmake-setup.py \
>      file://environment.d-cmake.sh \
>  "
> +SRC_URI += "file://CVE-2025-9301.patch"
>  
>  LICENSE:append = " & BSD-1-Clause & MIT"
>  LIC_FILES_CHKSUM:append = " \
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#224967): https://lists.openembedded.org/g/openembedded-core/message/224967
> Mute This Topic: https://lists.openembedded.org/mt/115789643/6084445
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [skandigraun@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>



^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2025-10-16 14:17 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-10-16 14:14 [oe-core][walnascar][PATCH 1/1] cmake: fix CVE-2025-9301 Saravanan
2025-10-16 14:17 ` Gyorgy Sarvari

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox