From 536703c455b1ed7eecf9cb1bd3adfe21fbff48a8 Mon Sep 17 00:00:00 2001
From: Funda Wang <fundawang@yeah.net>
Date: Mon, 25 Aug 2025 11:53:03 +0800
Subject: [PATCH] fix CVE-2025-9301

---
 backport-CVE-2025-9301.patch | 63 ++++++++++++++++++++++++++++++++++++
 cmake.spec                   | 20 ++++++------
 2 files changed, 73 insertions(+), 10 deletions(-)
 create mode 100644 backport-CVE-2025-9301.patch

diff --git a/backport-CVE-2025-9301.patch b/backport-CVE-2025-9301.patch
new file mode 100644
index 0000000..b238500
--- /dev/null
+++ b/backport-CVE-2025-9301.patch
@@ -0,0 +1,63 @@
+From 37e27f71bc356d880c908040cd0cb68fa2c371b8 Mon Sep 17 00:00:00 2001
+From: Tyler Yankee <tyler.yankee@kitware.com>
+Date: Wed, 13 Aug 2025 15:22:28 -0400
+Subject: [PATCH] foreach: Explicitly skip replay without iterations
+
+As written, foreach loops with a trailing `IN` (i.e., no loop
+variable(s) given) lead to an assertion error. Handle this case by
+exiting early when we know the loop won't execute anything.
+
+Fixes: #27135
+---
+ Source/cmForEachCommand.cxx                  | 3 +++
+ Tests/RunCMake/foreach/RunCMakeTest.cmake    | 1 +
+ Tests/RunCMake/foreach/TrailingIn-result.txt | 1 +
+ Tests/RunCMake/foreach/TrailingIn.cmake      | 5 +++++
+ 4 files changed, 10 insertions(+)
+ create mode 100644 Tests/RunCMake/foreach/TrailingIn-result.txt
+ create mode 100644 Tests/RunCMake/foreach/TrailingIn.cmake
+
+diff --git a/Source/cmForEachCommand.cxx b/Source/cmForEachCommand.cxx
+index 96867e26587..8b741183885 100644
+--- a/Source/cmForEachCommand.cxx
++++ b/Source/cmForEachCommand.cxx
+@@ -100,6 +100,9 @@ bool cmForEachFunctionBlocker::ArgumentsMatch(cmListFileFunction const& lff,
+ bool cmForEachFunctionBlocker::Replay(
+   std::vector<cmListFileFunction> functions, cmExecutionStatus& inStatus)
+ {
++  if (this->Args.size() == this->IterationVarsCount) {
++    return true;
++  }
+   return this->ZipLists ? this->ReplayZipLists(functions, inStatus)
+                         : this->ReplayItems(functions, inStatus);
+ }
+diff --git a/Tests/RunCMake/foreach/RunCMakeTest.cmake b/Tests/RunCMake/foreach/RunCMakeTest.cmake
+index 15ca477043f..acfc742ea6f 100644
+--- a/Tests/RunCMake/foreach/RunCMakeTest.cmake
++++ b/Tests/RunCMake/foreach/RunCMakeTest.cmake
+@@ -22,3 +22,4 @@ run_cmake(foreach-RANGE-invalid-test)
+ run_cmake(foreach-RANGE-out-of-range-test)
+ run_cmake(foreach-var-scope-CMP0124-OLD)
+ run_cmake(foreach-var-scope-CMP0124-NEW)
++run_cmake(TrailingIn)
+diff --git a/Tests/RunCMake/foreach/TrailingIn-result.txt b/Tests/RunCMake/foreach/TrailingIn-result.txt
+new file mode 100644
+index 00000000000..573541ac970
+--- /dev/null
++++ b/Tests/RunCMake/foreach/TrailingIn-result.txt
+@@ -0,0 +1 @@
++0
+diff --git a/Tests/RunCMake/foreach/TrailingIn.cmake b/Tests/RunCMake/foreach/TrailingIn.cmake
+new file mode 100644
+index 00000000000..e2b5b2f21f7
+--- /dev/null
++++ b/Tests/RunCMake/foreach/TrailingIn.cmake
+@@ -0,0 +1,5 @@
++foreach(v IN)
++endforeach()
++
++foreach(v1 v2 IN)
++endforeach()
+-- 
+GitLab
+
diff --git a/cmake.spec b/cmake.spec
index ed2e1b8..b097263 100644
--- a/cmake.spec
+++ b/cmake.spec
@@ -18,7 +18,7 @@
 Name:           cmake
 Version:        3.31.8
 %global major_version %(echo %{version} | awk -F. '{print $1}')
-Release:        1
+Release:        2
 Summary:        Cross-platform make system
 License:        BSD-3-Clause AND MIT-open-group AND Zlib
 URL:            https://www.cmake.org
@@ -30,6 +30,8 @@ Source4:        cmake.prov
 Source5:        cmake.req
 Patch0:         cmake-findruby.patch
 Patch1:         cmake-3.31.6-sw.patch
+# https://gitlab.kitware.com/cmake/cmake/-/commit/37e27f71bc356d880c908040cd0cb68fa2c371b8
+Patch6001:      backport-CVE-2025-9301.patch
 
 BuildRequires:  coreutils findutils gcc-c++ gcc-gfortran sed
 
@@ -121,11 +123,6 @@ Documentation for cmake.
 %prep
 %autosetup -p1 -n cmake-%{version}
 
-echo '#!%{__python3}' > %{name}.prov
-echo '#!%{__python3}' > %{name}.req
-tail -n +2 %{SOURCE4} >> %{name}.prov
-tail -n +2 %{SOURCE5} >> %{name}.req
-
 %build
 export CFLAGS=`echo %{optflags} | sed 's/-g\b/-s/g'`
 export CXXFLAGS=`echo %{optflags} | sed 's/-g\b/-s/g'`
@@ -175,9 +172,9 @@ rm -f %{buildroot}%{_emacs_sitelispdir}
 install -p -m0644 -D %{S:2} %{buildroot}%{_rpmmacrodir}/macros.%{name}
 sed -i -e "s|@@CMAKE_VERSION@@|%{version}|" -e "s|@@CMAKE_MAJOR_VERSION@@|%{major_version}|" %{buildroot}%{_rpmmacrodir}/macros.%{name}
 touch -r %{S:2} %{buildroot}%{_rpmmacrodir}/macros.%{name}
-install -p -m0644 -D %{S:3} %{buildroot}%{_prefix}/lib/rpm/fileattrs/cmake.attr
-install -p -m0755 -D cmake.prov %{buildroot}%{_prefix}/lib/rpm/cmake.prov
-install -p -m0755 -D cmake.req %{buildroot}%{_prefix}/lib/rpm/cmake.req
+install -p -m0644 -D %{S:3} %{buildroot}%{_fileattrsdir}/cmake.attr
+install -p -m0755 -D %{S:4} %{buildroot}%{_rpmconfigdir}/cmake.prov
+install -p -m0755 -D %{S:5} %{buildroot}%{_rpmconfigdir}/cmake.req
 install -d %{buildroot}%{_libdir}/cmake
 find Source Utilities -type f -iname copy\*
 cp -p Source/kwsys/Copyright.txt ./Copyright_kwsys
@@ -255,7 +252,7 @@ popd
 
 %files rpm-macros
 %{_rpmmacrodir}/macros.cmake
-%{_rpmconfigdir}/fileattrs/cmake.attr
+%{_fileattrsdir}/cmake.attr
 %{_rpmconfigdir}/cmake.prov
 %{_rpmconfigdir}/cmake.req
 
@@ -276,6 +273,9 @@ popd
 %exclude %{_pkgdocdir}/Copyright.txt
 
 %changelog
+* Mon Aug 25 2025 Funda Wang <fundawang@yeah.net> - 3.31.8-2
+- fix CVE-2025-9301
+
 * Fri Jun 13 2025 Funda Wang <fundawang@yeah.net> - 3.31.8-1
 - update to version 3.31.8
 
-- 
Gitee