From 63450261bb3df8fc53a9e4797075407ea995b328 Mon Sep 17 00:00:00 2001
From: Zach van Rijn <me@zv.io>
Date: Tue, 28 Feb 2023 15:35:22 -0600
Subject: system/cmake: bump { 3.23.1 --> 3.23.5 }. add patch for 'git' file
 protocol.

CVE-2022-39253 is mitigated in 'git' >= v2.30.6, v2.31.5, v2.32.4, v2.33.5,
v2.34.5, v2.35.5, v2.36.3, v2.37.4, v2.38.1

by changing some default protocol permissions. Two CMake tests fail without
git config changes:

  * ExternalProject
  * CTest.UpdateGIT

We backport CMake commit 79ce0f434e916684d734e136b92e14f472a9d14a to
enable these tests to pass when using a more recent version of 'git'.

CMake is also bumped to include minor internal bugfixes.

Fixes #967.
---
 system/cmake/APKBUILD                               |  9 ++++++---
 .../fix-tests-git-file-protocol-permission.patch    | 21 +++++++++++++++++++++
 2 files changed, 27 insertions(+), 3 deletions(-)
 create mode 100644 system/cmake/fix-tests-git-file-protocol-permission.patch

(limited to 'system')

diff --git a/system/cmake/APKBUILD b/system/cmake/APKBUILD
index 6369839ad..2491baa30 100644
--- a/system/cmake/APKBUILD
+++ b/system/cmake/APKBUILD
@@ -1,7 +1,7 @@
 # Contributor: Valery Kartel <valery.kartel@gmail.com>
 # Maintainer: A. Wilcox <awilfox@adelielinux.org>
 pkgname=cmake
-pkgver=3.23.1
+pkgver=3.23.5
 pkgrel=0
 pkgdesc="Cross-platform build system"
 url="https://cmake.org"
@@ -18,7 +18,9 @@ case $pkgver in
 *.*.*) _v=v${pkgver%.*};;
 esac
 
-source="https://cmake.org/files/$_v/cmake-${pkgver}.tar.gz"
+source="https://cmake.org/files/$_v/cmake-${pkgver}.tar.gz
+	fix-tests-git-file-protocol-permission.patch
+	"
 
 _parallel_opt() {
 	local i n
@@ -62,4 +64,5 @@ package() {
 	make DESTDIR="$pkgdir" install
 }
 
-sha512sums="94893f888c0cbfc58e54a0bd65d6c0697fe4a0e95c678b7cb35e7dc8854d57eb360bfc952750f97983348817f847f6df85903f21a5857b1a3880b2a7eb6cc029  cmake-3.23.1.tar.gz"
+sha512sums="298f02cd4a0b332184b3e49f343d8a03dcfa637004b0ee9d0a81f72b1ee568aca9caa7322dbf9fe82d9660a8c617f572404cef0c34b2f63297e9211e953cca12  cmake-3.23.5.tar.gz
+353cae903076760c77a902256ea6c61102ada60c1ebd05227670cb2bb9aa8f49a4e9946513650f4e58ff94f9a1d108c427d88340b9a633df5376e8036498245e  fix-tests-git-file-protocol-permission.patch"
diff --git a/system/cmake/fix-tests-git-file-protocol-permission.patch b/system/cmake/fix-tests-git-file-protocol-permission.patch
new file mode 100644
index 000000000..c43d9a146
--- /dev/null
+++ b/system/cmake/fix-tests-git-file-protocol-permission.patch
@@ -0,0 +1,21 @@
+Backported: https://github.com/Kitware/CMake/commit/79ce0f434e916684d734e136b92e14f472a9d14a
+
+diff -ur a/Tests/CMakeLists.txt b/Tests/CMakeLists.txt
+--- a/Tests/CMakeLists.txt	2022-11-01 08:36:33.000000000 -0500
++++ b/Tests/CMakeLists.txt	2023-02-28 15:24:14.294747915 -0600
+@@ -1586,6 +1586,7 @@
+     )
+   list(APPEND TEST_BUILD_DIRS "${CMake_BINARY_DIR}/Tests/ExternalProject")
+   set_tests_properties(ExternalProject PROPERTIES
++    ENVIRONMENT GIT_ALLOW_PROTOCOL=file
+     RUN_SERIAL 1
+     TIMEOUT ${CMAKE_LONG_TEST_TIMEOUT})
+ 
+@@ -2678,6 +2679,7 @@
+         -P "${CMake_BINARY_DIR}/Tests/CTestUpdateGIT.cmake"
+         )
+       list(APPEND TEST_BUILD_DIRS "${CMake_BINARY_DIR}/Tests/${CTestUpdateGIT_DIR}")
++      set_property(TEST CTest.UpdateGIT PROPERTY ENVIRONMENT GIT_ALLOW_PROTOCOL=file)
+     endif()
+ 
+     # Test CTest Update with HG
-- 
cgit v1.2.3-70-g09d2