[AUTOPATCHER-CORE] Upgrade cmake to 3.29.6 CVE-2023-46218 (#9447)

Co-authored-by: Osama Esmail <osamaesmail@microsoft.com>
2024-06-26 13:26:07 -07:00 · 2024-06-26 13:26:07 -07:00 · 378e43627f
--- a/SPECS/cmake/0001-manually-recreating-patches.patch
+++ b/SPECS/cmake/0001-manually-recreating-patches.patch
@ -0,0 +1,174 @@
+From 8808cec568577b184b146bca996c7f5a8e2d251b Mon Sep 17 00:00:00 2001
+From: Osama Esmail <osamaesmail@microsoft.com>
+Date: Wed, 19 Jun 2024 15:33:57 -0700
+Subject: [PATCH] manually recreating patches
+
+---
+ .../cmnghttp2/lib/includes/nghttp2/nghttp2.h   | 18 +++++++++++++++++-
+ Utilities/cmnghttp2/lib/nghttp2_helper.c       |  2 ++
+ Utilities/cmnghttp2/lib/nghttp2_option.c       |  5 +++++
+ Utilities/cmnghttp2/lib/nghttp2_option.h       |  5 +++++
+ Utilities/cmnghttp2/lib/nghttp2_session.c      | 11 +++++++++++
+ Utilities/cmnghttp2/lib/nghttp2_session.h      | 10 ++++++++++
+ 6 files changed, 50 insertions(+), 1 deletion(-)
+
+diff --git a/Utilities/cmnghttp2/lib/includes/nghttp2/nghttp2.h b/Utilities/cmnghttp2/lib/includes/nghttp2/nghttp2.h
+index 65077dd516..1486bd0f96 100644
+--- a/Utilities/cmnghttp2/lib/includes/nghttp2/nghttp2.h
+++ b/Utilities/cmnghttp2/lib/includes/nghttp2/nghttp2.h
+@@ -440,7 +440,12 @@ typedef enum {
+    * exhaustion on server side to send these frames forever and does
+    * not read network.
+    */
+-  NGHTTP2_ERR_FLOODED = -904
+  NGHTTP2_ERR_FLOODED = -904,
+  /**
+   * When a local endpoint receives too many CONTINUATION frames
+   * following a HEADER frame.
+   */
+  NGHTTP2_ERR_TOO_MANY_CONTINUATIONS = -905,
+ } nghttp2_error;
+ 
+ /**
+@@ -2756,6 +2761,17 @@ NGHTTP2_EXTERN void
+ nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation(
+     nghttp2_option *option, int val);
+ 
+/**
+ * @function
+ *
+ * This function sets the maximum number of CONTINUATION frames
+ * following an incoming HEADER frame.  If more than those frames are
+ * received, the remote endpoint is considered to be misbehaving and
+ * session will be closed.  The default value is 8.
+ */
+NGHTTP2_EXTERN void nghttp2_option_set_max_continuations(nghttp2_option *option,
+                                                         size_t val);
+
+ /**
+  * @function
+  *
+diff --git a/Utilities/cmnghttp2/lib/nghttp2_helper.c b/Utilities/cmnghttp2/lib/nghttp2_helper.c
+index 93dd4754b7..b3563d98e0 100644
+--- a/Utilities/cmnghttp2/lib/nghttp2_helper.c
+++ b/Utilities/cmnghttp2/lib/nghttp2_helper.c
+@@ -336,6 +336,8 @@ const char *nghttp2_strerror(int error_code) {
+            "closed";
+   case NGHTTP2_ERR_TOO_MANY_SETTINGS:
+     return "SETTINGS frame contained more than the maximum allowed entries";
+  case NGHTTP2_ERR_TOO_MANY_CONTINUATIONS:
+    return "Too many CONTINUATION frames following a HEADER frame";
+   default:
+     return "Unknown error code";
+   }
+diff --git a/Utilities/cmnghttp2/lib/nghttp2_option.c b/Utilities/cmnghttp2/lib/nghttp2_option.c
+index ee0cd0f022..dba2308b96 100644
+--- a/Utilities/cmnghttp2/lib/nghttp2_option.c
+++ b/Utilities/cmnghttp2/lib/nghttp2_option.c
+@@ -143,3 +143,8 @@ void nghttp2_option_set_no_rfc9113_leading_and_trailing_ws_validation(
+       NGHTTP2_OPT_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION;
+   option->no_rfc9113_leading_and_trailing_ws_validation = val;
+ }
+
+void nghttp2_option_set_max_continuations(nghttp2_option *option, size_t val) {
+  option->opt_set_mask |= NGHTTP2_OPT_MAX_CONTINUATIONS;
+  option->max_continuations = val;
+}
+\ No newline at end of file
+diff --git a/Utilities/cmnghttp2/lib/nghttp2_option.h b/Utilities/cmnghttp2/lib/nghttp2_option.h
+index b228a0754c..aca0853075 100644
+--- a/Utilities/cmnghttp2/lib/nghttp2_option.h
+++ b/Utilities/cmnghttp2/lib/nghttp2_option.h
+@@ -70,6 +70,7 @@ typedef enum {
+   NGHTTP2_OPT_MAX_SETTINGS = 1 << 12,
+   NGHTTP2_OPT_SERVER_FALLBACK_RFC7540_PRIORITIES = 1 << 13,
+   NGHTTP2_OPT_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION = 1 << 14,
+  NGHTTP2_OPT_MAX_CONTINUATIONS = 1 << 16,
+ } nghttp2_option_flag;
+ 
+ /**
+@@ -92,6 +93,10 @@ struct nghttp2_option {
+    * NGHTTP2_OPT_MAX_SETTINGS
+    */
+   size_t max_settings;
+  /**
+   * NGHTTP2_OPT_MAX_CONTINUATIONS
+   */
+  size_t max_continuations;
+   /**
+    * Bitwise OR of nghttp2_option_flag to determine that which fields
+    * are specified.
+diff --git a/Utilities/cmnghttp2/lib/nghttp2_session.c b/Utilities/cmnghttp2/lib/nghttp2_session.c
+index 93f3f07cf7..b178d5b0b7 100644
+--- a/Utilities/cmnghttp2/lib/nghttp2_session.c
+++ b/Utilities/cmnghttp2/lib/nghttp2_session.c
+@@ -491,6 +491,7 @@ static int session_new(nghttp2_session **session_ptr,
+   (*session_ptr)->max_send_header_block_length = NGHTTP2_MAX_HEADERSLEN;
+   (*session_ptr)->max_outbound_ack = NGHTTP2_DEFAULT_MAX_OBQ_FLOOD_ITEM;
+   (*session_ptr)->max_settings = NGHTTP2_DEFAULT_MAX_SETTINGS;
+  (*session_ptr)->max_continuations = NGHTTP2_DEFAULT_MAX_CONTINUATIONS;
+ 
+   if (option) {
+     if ((option->opt_set_mask & NGHTTP2_OPT_NO_AUTO_WINDOW_UPDATE) &&
+@@ -573,6 +574,10 @@ static int session_new(nghttp2_session **session_ptr,
+       (*session_ptr)->opt_flags |=
+           NGHTTP2_OPTMASK_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION;
+     }
+
+    if (option->opt_set_mask & NGHTTP2_OPT_MAX_CONTINUATIONS) {
+      (*session_ptr)->max_continuations = option->max_continuations;
+    }
+   }
+ 
+   rv = nghttp2_hd_deflate_init2(&(*session_ptr)->hd_deflater,
+@@ -6838,6 +6843,8 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in,
+           }
+         }
+         session_inbound_frame_reset(session);
+
+        session->num_continuations = 0;
+       }
+       break;
+     }
+@@ -6959,6 +6966,10 @@ ssize_t nghttp2_session_mem_recv(nghttp2_session *session, const uint8_t *in,
+       }
+ #endif /* DEBUGBUILD */
+ 
+      if (++session->num_continuations > session->max_continuations) {
+        return NGHTTP2_ERR_TOO_MANY_CONTINUATIONS;
+      }
+
+       readlen = inbound_frame_buf_read(iframe, in, last);
+       in += readlen;
+ 
+diff --git a/Utilities/cmnghttp2/lib/nghttp2_session.h b/Utilities/cmnghttp2/lib/nghttp2_session.h
+index 34d2d58528..dfdbd9ba2d 100644
+--- a/Utilities/cmnghttp2/lib/nghttp2_session.h
+++ b/Utilities/cmnghttp2/lib/nghttp2_session.h
+@@ -105,6 +105,10 @@ typedef struct {
+ /* The default value of maximum number of concurrent streams. */
+ #define NGHTTP2_DEFAULT_MAX_CONCURRENT_STREAMS 0xffffffffu
+ 
+/* The default max number of CONTINUATION frames following an incoming
+   HEADER frame. */
+#define NGHTTP2_DEFAULT_MAX_CONTINUATIONS 8
+
+ /* Internal state when receiving incoming frame */
+ typedef enum {
+   /* Receiving frame header */
+@@ -280,6 +284,12 @@ struct nghttp2_session {
+   size_t max_send_header_block_length;
+   /* The maximum number of settings accepted per SETTINGS frame. */
+   size_t max_settings;
+  /* The maximum number of CONTINUATION frames following an incoming
+     HEADER frame. */
+  size_t max_continuations;
+  /* The number of CONTINUATION frames following an incoming HEADER
+     frame.  This variable is reset when END_HEADERS flag is seen. */
+  size_t num_continuations;
+   /* Next Stream ID. Made unsigned int to detect >= (1 << 31). */
+   uint32_t next_stream_id;
+   /* The last stream ID this session initiated.  For client session,
+-- 
+2.34.1
+
--- a/SPECS/cmake/CVE-2024-24806.patch
+++ b/SPECS/cmake/CVE-2024-24806.patch
@ -1,26 +0,0 @@
-diff -ru cmake-3.28.2-orig/Utilities/cmlibuv/src/idna.c cmake-3.28.2/Utilities/cmlibuv/src/idna.c
--- cmake-3.28.2-orig/Utilities/cmlibuv/src/idna.c	2024-05-30 19:45:42.491785489 +0000
-+++ cmake-3.28.2/Utilities/cmlibuv/src/idna.c	2024-05-30 20:14:58.900157528 +0000
-@@ -274,6 +274,9 @@
-   char* ds;
-   int rc;
- 
-+  if (s == se)
-+    return UV_EINVAL;
-+
-   ds = d;
- 
-   si = s;
-@@ -308,8 +311,10 @@
-       return rc;
-   }
- 
-  if (d < de)
-    *d++ = '\0';
-+  if (d >= de)
-+    return UV_EINVAL;
-+
-+  *d++ = '\0';
- 
-   return d - ds;  /* Number of bytes written. */
- }
--- a/SPECS/cmake/cmake.signatures.json
+++ b/SPECS/cmake/cmake.signatures.json
@ -1,6 +1,6 @@
 {
  "Signatures": {
-    "cmake-3.28.2.tar.gz": "1466f872dc1c226f373cf8fba4230ed216a8f108bd54b477b5ccdfd9ea2d124a",
-    "macros.cmake": "1b5f1916a2118b932b217c4c5c4d52e723b1cf4c9587fe7f8fa45b41abfa7c60"
+    "macros.cmake": "1b5f1916a2118b932b217c4c5c4d52e723b1cf4c9587fe7f8fa45b41abfa7c60",
+    "cmake-3.29.6.tar.gz": "1391313003b83d48e2ab115a8b525a557f78d8c1544618b48d1d90184a10f0af"
  }
 }
--- a/SPECS/cmake/cmake.spec
+++ b/SPECS/cmake/cmake.spec
@ -1,8 +1,8 @@
 %global major_version 3
 Summary:        Cmake
 Name:           cmake
-Version:        3.28.2
-Release:        6%{?dist}
+Version:        3.29.6
+Release:        1%{?dist}
 License:        BSD AND LGPLv2+
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
@ -10,8 +10,7 @@ Group:          Development/Tools
 URL:            https://www.cmake.org/
 Source0:        https://github.com/Kitware/CMake/releases/download/v%{version}/%{name}-%{version}.tar.gz
 Source1:        macros.cmake
-Patch0:         disableUnstableUT.patch
-Patch1:         CVE-2024-24806.patch
+Patch0:         0001-manually-recreating-patches.patch
 BuildRequires:  bzip2
 BuildRequires:  bzip2-devel
 BuildRequires:  curl
@ -46,6 +45,7 @@ operating system and in a compiler-independent manner.
 %autosetup -p1

 %build
+export JAVA_HOME="%{_libdir}/jvm/msopenjdk-17"
 ./bootstrap \
    --prefix=%{_prefix} \
    --system-expat \
@ -90,6 +90,10 @@ bin/ctest --force-new-ctest-process --rerun-failed --output-on-failure
 %{_libdir}/rpm/macros.d/macros.cmake

 %changelog
+* Wed Jun 19 2024 Osama Esmail <osamaesmail@microsoft.com> - 3.29.6-1
+- Auto-upgrade to 3.29.6 to address CVE-2023-28320 and CVE-2024-46218
+- Adding 0001-manually-recreating-patches.patch to patch CVE-2024-28182
+
 * Thu May 30 2024 Nicolas Guibourge <nicolasg@microsoft.com> - 3.28.2-6
 - fix CVE-2024-24806 (cmake is built using libuv embedded in its code)

--- a/SPECS/cmake/disableUnstableUT.patch
+++ b/SPECS/cmake/disableUnstableUT.patch
@ -1,55 +0,0 @@
-diff --git a/Source/kwsys/CMakeLists.txt b/Source/kwsys/CMakeLists.txt
-index 7da59712..a2983833 100644
--- a/Source/kwsys/CMakeLists.txt
-+++ b/Source/kwsys/CMakeLists.txt
-@@ -979,7 +979,6 @@ if(KWSYS_STANDALONE OR CMake_SOURCE_DIR)
-     set(KWSYS_CXX_TESTS ${KWSYS_CXX_TESTS}
-       testConfigure.cxx
-       testStatus.cxx
-      testSystemTools.cxx
-       testCommandLineArguments.cxx
-       testCommandLineArguments1.cxx
-       testDirectory.cxx
-diff --git a/Tests/CMakeLists.txt b/Tests/CMakeLists.txt
-index 341aba63..af124b0b 100644
--- a/Tests/CMakeLists.txt
-+++ b/Tests/CMakeLists.txt
-@@ -2779,17 +2779,6 @@ if(BUILD_TESTING)
-       PASS_REGULAR_EXPRESSION "Upload\\.xml")
-   endif()
- 
-  configure_file(
-    "${CMake_SOURCE_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake.in"
-    "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake"
-    @ONLY ESCAPE_QUOTES)
-  add_test(CTestCoverageCollectGCOV ${CMAKE_CTEST_COMMAND}
-    -C \${CTEST_CONFIGURATION_TYPE}
-    -S "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/test.cmake" -VV
-    --output-log "${CMake_BINARY_DIR}/Tests/CTestCoverageCollectGCOV/testOut.log"
-    )
-  set_property(TEST CTestCoverageCollectGCOV PROPERTY ENVIRONMENT CTEST_PARALLEL_LEVEL=)
-
-   configure_file(
-     "${CMake_SOURCE_DIR}/Tests/CTestTestEmptyBinaryDirectory/test.cmake.in"
-     "${CMake_BINARY_DIR}/Tests/CTestTestEmptyBinaryDirectory/test.cmake"
-@@ -3151,18 +3140,6 @@ if(BUILD_TESTING)
-   set_tests_properties(CTestTestStopTime PROPERTIES
-     PASS_REGULAR_EXPRESSION "The stop time has been passed")
- 
-  configure_file(
-    "${CMake_SOURCE_DIR}/Tests/CTestTestSubdir/test.cmake.in"
-    "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/test.cmake"
-    @ONLY ESCAPE_QUOTES)
-  add_test(CTestTestSubdir ${CMAKE_CTEST_COMMAND}
-    -S "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/test.cmake" -V
-    --output-log "${CMake_BINARY_DIR}/Tests/CTestTestSubdir/testOutput.log"
-    )
-  #make sure all 3 subdirs were added
-  set_tests_properties(CTestTestSubdir PROPERTIES
-    PASS_REGULAR_EXPRESSION "0 tests failed out of 3")
-
-   configure_file(
-     "${CMake_SOURCE_DIR}/Tests/CTestTestTimeout/test.cmake.in"
-     "${CMake_BINARY_DIR}/Tests/CTestTestTimeout/test.cmake"
-- 
-2.17.1
--- a/cgmanifest.json
+++ b/cgmanifest.json
@ -1837,8 +1837,8 @@
        "type": "other",
        "other": {
          "name": "cmake",
-          "version": "3.28.2",
-          "downloadUrl": "https://github.com/Kitware/CMake/releases/download/v3.28.2/cmake-3.28.2.tar.gz"
+          "version": "3.29.6",
+          "downloadUrl": "https://github.com/Kitware/CMake/releases/download/v3.29.6/cmake-3.29.6.tar.gz"
        }
      }
    },
--- a/toolkit/resources/manifests/package/toolchain_aarch64.txt
+++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt
@ -45,8 +45,8 @@ check-debuginfo-0.15.2-1.azl3.aarch64.rpm
 chkconfig-1.25-1.azl3.aarch64.rpm
 chkconfig-debuginfo-1.25-1.azl3.aarch64.rpm
 chkconfig-lang-1.25-1.azl3.aarch64.rpm
-cmake-3.28.2-6.azl3.aarch64.rpm
-cmake-debuginfo-3.28.2-6.azl3.aarch64.rpm
+cmake-3.29.6-1.azl3.aarch64.rpm
+cmake-debuginfo-3.29.6-1.azl3.aarch64.rpm
 coreutils-9.4-3.azl3.aarch64.rpm
 coreutils-debuginfo-9.4-3.azl3.aarch64.rpm
 coreutils-lang-9.4-3.azl3.aarch64.rpm
--- a/toolkit/resources/manifests/package/toolchain_x86_64.txt
+++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt
@ -46,8 +46,8 @@ check-debuginfo-0.15.2-1.azl3.x86_64.rpm
 chkconfig-1.25-1.azl3.x86_64.rpm
 chkconfig-debuginfo-1.25-1.azl3.x86_64.rpm
 chkconfig-lang-1.25-1.azl3.x86_64.rpm
-cmake-3.28.2-6.azl3.x86_64.rpm
-cmake-debuginfo-3.28.2-6.azl3.x86_64.rpm
+cmake-3.29.6-1.azl3.x86_64.rpm
+cmake-debuginfo-3.29.6-1.azl3.x86_64.rpm
 coreutils-9.4-3.azl3.x86_64.rpm
 coreutils-debuginfo-9.4-3.azl3.x86_64.rpm
 coreutils-lang-9.4-3.azl3.x86_64.rpm