cmake: fix CVE-2025-9301

Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-9301 https://gitlab.kitware.com/cmake/cmake/-/issues/27135 Upstream-patch: https://gitlab.kitware.com/cmake/cmake/-/commit/37e27f71bc356d880c908040cd0cb68fa2c371b8 (From OE-Core rev: d31b2201bba808ec82c8d88df25b1106c588720e) Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com> Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com> Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Saravanan <saravanan.kadambathursubramaniyam@windriver.com> 2025-10-16 19:37:58 +0530
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2025-10-27 11:37:43 +0000
commit: 6f85697140fe4a6a53b480e7164391fd5edcd6a5 (patch)
tree: 1a428844aaa3b6898692eb231de8a51f3a633608 /meta/recipes-devtools
parent: 2111e3d4af7a3ce7e712a5b009c05c19fa797d8a (diff)
download: poky-6f85697140fe4a6a53b480e7164391fd5edcd6a5.tar.gz
2 files changed, 73 insertions, 0 deletions
diff --git a/meta/recipes-devtools/cmake/cmake/CVE-2025-9301.patch b/meta/recipes-devtools/cmake/cmake/CVE-2025-9301.patch
new file mode 100644
index 0000000000..5e765c6d9d
--- /dev/null
+++ b/meta/recipes-devtools/cmake/cmake/CVE-2025-9301.patch
@@ -0,0 +1,71 @@
+From 37e27f71bc356d880c908040cd0cb68fa2c371b8 Mon Sep 17 00:00:00 2001
+From: Tyler Yankee <tyler.yankee@kitware.com>
+Date: Wed, 13 Aug 2025 15:22:28 -0400
+Subject: [PATCH] foreach: Explicitly skip replay without iterations
+As written, foreach loops with a trailing `IN` (i.e., no loop
+variable(s) given) lead to an assertion error. Handle this case by
+exiting early when we know the loop won't execute anything.
+Fixes: #27135
+CVE: CVE-2025-9301
+Upstream-Status: Backport
+https://gitlab.kitware.com/cmake/cmake/-/commit/37e27f71bc356d880c908040cd0cb68fa2c371b8
+Signed-off-by: Tyler Yankee <tyler.yankee@kitware.com>
+Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
+---
+ Source/cmForEachCommand.cxx                  | 3 +++
+ Tests/RunCMake/foreach/RunCMakeTest.cmake    | 1 +
+ Tests/RunCMake/foreach/TrailingIn-result.txt | 1 +
+ Tests/RunCMake/foreach/TrailingIn.cmake      | 5 +++++
+ 4 files changed, 10 insertions(+)
+ create mode 100644 Tests/RunCMake/foreach/TrailingIn-result.txt
+ create mode 100644 Tests/RunCMake/foreach/TrailingIn.cmake
+diff --git a/Source/cmForEachCommand.cxx b/Source/cmForEachCommand.cxx
+index 96867e26..8b741183 100644
+--- a/Source/cmForEachCommand.cxx
+++ b/Source/cmForEachCommand.cxx
+@@ -100,6 +100,9 @@ bool cmForEachFunctionBlocker::ArgumentsMatch(cmListFileFunction const& lff,
+ bool cmForEachFunctionBlocker::Replay(
+   std::vector<cmListFileFunction> functions, cmExecutionStatus& inStatus)
+ {
+  if (this->Args.size() == this->IterationVarsCount) {
+    return true;
+  }
+   return this->ZipLists ? this->ReplayZipLists(functions, inStatus)
+                         : this->ReplayItems(functions, inStatus);
+ }
+diff --git a/Tests/RunCMake/foreach/RunCMakeTest.cmake b/Tests/RunCMake/foreach/RunCMakeTest.cmake
+index 15ca4770..acfc742e 100644
+--- a/Tests/RunCMake/foreach/RunCMakeTest.cmake
+++ b/Tests/RunCMake/foreach/RunCMakeTest.cmake
+@@ -22,3 +22,4 @@ run_cmake(foreach-RANGE-invalid-test)
+ run_cmake(foreach-RANGE-out-of-range-test)
+ run_cmake(foreach-var-scope-CMP0124-OLD)
+ run_cmake(foreach-var-scope-CMP0124-NEW)
+run_cmake(TrailingIn)
+diff --git a/Tests/RunCMake/foreach/TrailingIn-result.txt b/Tests/RunCMake/foreach/TrailingIn-result.txt
+new file mode 100644
+index 00000000..573541ac
+--- /dev/null
+++ b/Tests/RunCMake/foreach/TrailingIn-result.txt
+@@ -0,0 +1 @@
+0
+diff --git a/Tests/RunCMake/foreach/TrailingIn.cmake b/Tests/RunCMake/foreach/TrailingIn.cmake
+new file mode 100644
+index 00000000..e2b5b2f2
+--- /dev/null
+++ b/Tests/RunCMake/foreach/TrailingIn.cmake
+@@ -0,0 +1,5 @@
+foreach(v IN)
+endforeach()
+
+foreach(v1 v2 IN)
+endforeach()
+-- 
+2.48.1
diff --git a/meta/recipes-devtools/cmake/cmake_4.1.2.bb b/meta/recipes-devtools/cmake/cmake_4.1.2.bb
index cfc5cb1b93..de86625892 100644
--- a/meta/recipes-devtools/cmake/cmake_4.1.2.bb
+++ b/meta/recipes-devtools/cmake/cmake_4.1.2.bb
@@ -11,6 +11,8 @@ SRC_URI:append:class-nativesdk = " \
    file://environment.d-cmake.sh \
 "
+SRC_URI += "file://CVE-2025-9301.patch"
 LICENSE:append = " & BSD-1-Clause & MIT"
 LIC_FILES_CHKSUM:append = " \
    file://Utilities/cmjsoncpp/LICENSE;md5=5d73c165a0f9e86a1342f32d19ec5926 \
author	Saravanan <saravanan.kadambathursubramaniyam@windriver.com>	2025-10-16 19:37:58 +0530
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2025-10-27 11:37:43 +0000
commit	6f85697140fe4a6a53b480e7164391fd5edcd6a5 (patch)
tree	1a428844aaa3b6898692eb231de8a51f3a633608 /meta/recipes-devtools
parent	2111e3d4af7a3ce7e712a5b009c05c19fa797d8a (diff)
download	poky-6f85697140fe4a6a53b480e7164391fd5edcd6a5.tar.gz

diff --git a/meta/recipes-devtools/cmake/cmake/CVE-2025-9301.patch b/meta/recipes-devtools/cmake/cmake/CVE-2025-9301.patch new file mode 100644 index 0000000000..5e765c6d9d --- /dev/null +++ b/meta/recipes-devtools/cmake/cmake/CVE-2025-9301.patch
@@ -0,0 +1,71 @@
		1	From 37e27f71bc356d880c908040cd0cb68fa2c371b8 Mon Sep 17 00:00:00 2001
		2	From: Tyler Yankee <tyler.yankee@kitware.com>
		3	Date: Wed, 13 Aug 2025 15:22:28 -0400
		4	Subject: [PATCH] foreach: Explicitly skip replay without iterations
		5
		6	As written, foreach loops with a trailing `IN` (i.e., no loop
		7	variable(s) given) lead to an assertion error. Handle this case by
		8	exiting early when we know the loop won't execute anything.
		9
		10	Fixes: #27135
		11
		12	CVE: CVE-2025-9301
		13
		14	Upstream-Status: Backport
		15	https://gitlab.kitware.com/cmake/cmake/-/commit/37e27f71bc356d880c908040cd0cb68fa2c371b8
		16
		17	Signed-off-by: Tyler Yankee <tyler.yankee@kitware.com>
		18	Signed-off-by: Saravanan <saravanan.kadambathursubramaniyam@windriver.com>
		19	---
		20	Source/cmForEachCommand.cxx \| 3 +++
		21	Tests/RunCMake/foreach/RunCMakeTest.cmake \| 1 +
		22	Tests/RunCMake/foreach/TrailingIn-result.txt \| 1 +
		23	Tests/RunCMake/foreach/TrailingIn.cmake \| 5 +++++
		24	4 files changed, 10 insertions(+)
		25	create mode 100644 Tests/RunCMake/foreach/TrailingIn-result.txt
		26	create mode 100644 Tests/RunCMake/foreach/TrailingIn.cmake
		27
		28	diff --git a/Source/cmForEachCommand.cxx b/Source/cmForEachCommand.cxx
		29	index 96867e26..8b741183 100644
		30	--- a/Source/cmForEachCommand.cxx
		31	+++ b/Source/cmForEachCommand.cxx
		32	@@ -100,6 +100,9 @@ bool cmForEachFunctionBlocker::ArgumentsMatch(cmListFileFunction const& lff,
		33	bool cmForEachFunctionBlocker::Replay(
		34	std::vector<cmListFileFunction> functions, cmExecutionStatus& inStatus)
		35	{
		36	+ if (this->Args.size() == this->IterationVarsCount) {
		37	+ return true;
		38	+ }
		39	return this->ZipLists ? this->ReplayZipLists(functions, inStatus)
		40	: this->ReplayItems(functions, inStatus);
		41	}
		42	diff --git a/Tests/RunCMake/foreach/RunCMakeTest.cmake b/Tests/RunCMake/foreach/RunCMakeTest.cmake
		43	index 15ca4770..acfc742e 100644
		44	--- a/Tests/RunCMake/foreach/RunCMakeTest.cmake
		45	+++ b/Tests/RunCMake/foreach/RunCMakeTest.cmake
		46	@@ -22,3 +22,4 @@ run_cmake(foreach-RANGE-invalid-test)
		47	run_cmake(foreach-RANGE-out-of-range-test)
		48	run_cmake(foreach-var-scope-CMP0124-OLD)
		49	run_cmake(foreach-var-scope-CMP0124-NEW)
		50	+run_cmake(TrailingIn)
		51	diff --git a/Tests/RunCMake/foreach/TrailingIn-result.txt b/Tests/RunCMake/foreach/TrailingIn-result.txt
		52	new file mode 100644
		53	index 00000000..573541ac
		54	--- /dev/null
		55	+++ b/Tests/RunCMake/foreach/TrailingIn-result.txt
		56	@@ -0,0 +1 @@
		57	+0
		58	diff --git a/Tests/RunCMake/foreach/TrailingIn.cmake b/Tests/RunCMake/foreach/TrailingIn.cmake
		59	new file mode 100644
		60	index 00000000..e2b5b2f2
		61	--- /dev/null
		62	+++ b/Tests/RunCMake/foreach/TrailingIn.cmake
		63	@@ -0,0 +1,5 @@
		64	+foreach(v IN)
		65	+endforeach()
		66	+
		67	+foreach(v1 v2 IN)
		68	+endforeach()
		69	--
		70	2.48.1
		71


diff --git a/meta/recipes-devtools/cmake/cmake_4.1.2.bb b/meta/recipes-devtools/cmake/cmake_4.1.2.bb index cfc5cb1b93..de86625892 100644 --- a/meta/recipes-devtools/cmake/cmake_4.1.2.bb +++ b/meta/recipes-devtools/cmake/cmake_4.1.2.bb
@@ -11,6 +11,8 @@ SRC_URI:append:class-nativesdk = " \
11	file://environment.d-cmake.sh \	11	file://environment.d-cmake.sh \
12	"	12	"
13		13
		14	SRC_URI += "file://CVE-2025-9301.patch"
		15
14	LICENSE:append = " & BSD-1-Clause & MIT"	16	LICENSE:append = " & BSD-1-Clause & MIT"
15	LIC_FILES_CHKSUM:append = " \	17	LIC_FILES_CHKSUM:append = " \
16	file://Utilities/cmjsoncpp/LICENSE;md5=5d73c165a0f9e86a1342f32d19ec5926 \	18	file://Utilities/cmjsoncpp/LICENSE;md5=5d73c165a0f9e86a1342f32d19ec5926 \