Previously the command opened the lock file using fopen with "w" mode,
which truncates the file to zero length. This is unsafe because:
1. If the lock file path is a symlink, the target file gets truncated
2. Race conditions between path resolution and file opening can be
exploited to truncate arbitrary files
An attacker can exploit this by creating a symlink at a predictable
lock file location pointing to a critical file (e.g., source files,
configuration, or system files). When cmake runs file(LOCK), it
follows the symlink and destroys the target file's contents.
Fix by changing the file mode from "w" (write/truncate) to "a"
(append). This creates the file if it doesn't exist but preserves
existing content, preventing data destruction attacks.
In commit f2596dfa0e (macOS: Work around bug in system curl 8.{3,4,5}
LibreSSL backend, 2024-07-16, v3.30.1~2^2) we tried to prefer
`secure-transport` on problematic versions of curl. However, the
`curl_global_sslset` setting must be applied before every
`curl_global_init` call, not just the first one. Otherwise a
second (or subsequent) download won't apply the work-around.
In commit 95323c90a1 (file(MAKE_DIRECTORY): Add optional RESULT keyword
to capture failure., 2024-06-16, v3.31.0-rc1~414^2) we computed an
updated range of arguments, that name directories to be created, before
the `RESULT` keyword. However, we forgot to use it in the loop.
Fixes: #26768
In commit 95323c90a1 (file(MAKE_DIRECTORY): Add optional RESULT keyword
to capture failure., 2024-06-16, v3.31.0-rc1~414^2) we computed an
updated range of arguments, that name directories to be created, before
the `RESULT` keyword. However, we forgot to use it in the loop.
Fixes: #26768
Run the `clang-format.bash` script to update all our C and C++ code to a
new style defined by `.clang-format`, now with "east const" enforcement.
Use `clang-format` version 18.
* If you reached this commit for a line in `git blame`, re-run the blame
operation starting at the parent of this commit to see older history
for the content.
* See the parent commit for instructions to rebase a change across this
style transition commit.
Issue: #26123
Use `cm::PathResolver`'s `RealPath` variant to normalize paths,
look up their on-disk case, and resolve symlinks, but without
resolving `subst` drives on Windows.
Fixes: #17206
KWSys's `CollapseFullPath` no longer looks up the actual case on disk.
Add the lookup explicitly where we need it:
* `ToNormalizedPathOnDisk`
* `file(REAL_PATH)`
* `get_filename_component(... ABSOLUTE)`
Fixes: #20214
If the connection fails in a way that might be a certificate error, and
verification was enabled by the new default, mention environment
variable `CMAKE_TLS_VERIFY` in the diagnostic to help users that were
relying on the old behavior turn off server certificate verification in
their environment.
Fixes: #23608
If CMake is linked to a system-provided curl shared library, the version
at run-time may not match the `LIBCURL_VERSION` at build time. Look up
the run-time curl version to populate the User-Agent string.
This is particularly important since commit d3cbee99e3 (macOS: Prefer
building with system-provided curl, 2024-05-09, v3.30.0-rc1~130^2~1)
switched to building our official binaries on macOS against the system
provided curl shared library.
Fixes: #26209
Since commit d3cbee99e3 (macOS: Prefer building with system-provided
curl, 2024-05-09, v3.30.0-rc1~130^2~1) CMake uses the macOS-provided
curl, which uses the LibreSSL backend by default. This exposes us to
curl issue 12525, created and fixed by the following upstream curl
commits:
* commit `bec0c5bbf` (openssl: switch to modern init for
LibreSSL 2.7.0+, 2023-08-07, `curl-8_3_0~201`)
* commit `9f2d2290d` (openssl: re-match LibreSSL deinit with init,
2023-12-15, `curl-8_6_0~219`)
Work around the bug by preferring the secure-transport backend by
default on the problematic versions of curl.
Projects may be generating a list of files or directories to pass as arguments
to file(TOUCH), file(TOUCH_NOCREATE), or file(MAKE_DIRECTORY). Those
lists might end up being empty, so rather than requiring at least one item,
allow an empty list.
Fixes: #24897
