Ubuntu
cmake package

cmake FTBFS due to test failure w/ git protocol.file.allow=user default

  1. Noble (24.04)
  2. Bug #2052362
Bug #2052362 reported by dann frazier
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cmake (Ubuntu)
Fix Released
Undecided
Unassigned
Jammy
Fix Released
Undecided
dann frazier
Mantic
Fix Released
Undecided
Unassigned
Noble
Fix Released
Undecided
Unassigned

Bug Description

[Impact]
cmake no longer builds from source in jammy due to a git security update that sets protocol.file.allow=user by default. This doesn't currently impact our builders because they seem to have an old version of git pinned - but it does impact anyone building w/ latest jammy updates applied. Here's a tail of the buildlog:

<...>
        Start 161: ExternalProjectLocal
663/664 Test #161: ExternalProjectLocal ........................................ Passed 38.40 sec
        Start 163: ExternalProjectUpdate
664/664 Test #163: ExternalProjectUpdate ....................................... Passed 34.81 sec

99% tests passed, 2 tests failed out of 664

Label Time Summary:
CMake = 4485.67 sec*proc (263 tests)
CUDA = 488.20 sec*proc (9 tests)
HIP = 97.83 sec*proc (5 tests)
ISPC = 306.75 sec*proc (5 tests)
Label1 = 0.07 sec*proc (1 test)
Label2 = 0.07 sec*proc (1 test)
Qt5 = 1859.09 sec*proc (43 tests)
command = 6.62 sec*proc (27 tests)
policy = 476.79 sec*proc (38 tests)
run = 4479.05 sec*proc (236 tests)

Total Test time (real) = 447.01 sec

The following tests FAILED:
 157 - ExternalProject (Failed)
 225 - CTest.UpdateGIT (Failed)
Errors while running CTest
make[2]: *** [Makefile:94: test] Error 8
make[2]: Leaving directory '/home/ubuntu/cmake-3.22.1/Build'
dh_auto_test: error: cd Build && make -j64 test ARGS\+=--verbose ARGS\+=-j64 -j1 "ARGS=-E CTestTestUpload\\|curl --timeout 5000 -j64" returned exit code 2
make[1]: *** [debian/rules:81: override_dh_auto_test] Error 25
make[1]: Leaving directory '/home/ubuntu/cmake-3.22.1'
make: *** [debian/rules:108: binary] Error 2
dpkg-buildpackage: error: debian/rules binary subprocess returned exit status 2

[Test Case]
Rebuild cmake in latest jammy.

[Regression Risk]
The fix is to a test case. A risk is that the test may no longer test a valid use case, and future updates could thereby sneak an actual functional regression through.

See original description

CVE References

dann frazier (dannf)
Changed in cmake (Ubuntu Jammy):
status: New → In Progress
assignee: nobody → dann frazier (dannf)
Changed in cmake (Ubuntu Mantic):
status: New → Fix Released
Changed in cmake (Ubuntu Noble):
status: New → Fix Released
Revision history for this message
dann frazier (dannf) wrote :
description: updated
description: updated
Revision history for this message
Robie Basak (racb) wrote : Please test proposed package

Hello dann, or anyone else affected,

Accepted cmake into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/cmake/3.22.1-1ubuntu1.22.04.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in cmake (Ubuntu Jammy):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-jammy
Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (cmake/3.22.1-1ubuntu1.22.04.2)

All autopkgtests for the newly accepted cmake (3.22.1-1ubuntu1.22.04.2) for jammy have finished running.
The following regressions have been reported in tests triggered by the package:

benchmark/1.6.1-1 (armhf)
llvm-toolchain-12/1:12.0.1-19ubuntu3 (arm64)
pybind11/2.9.1-2 (amd64, arm64, armhf, s390x)
tbb/2020.3-1ubuntu3 (armhf)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/jammy/update_excuses.html#cmake

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Gianfranco Costamagna (costamagnagianfranco) wrote :

Regressions are now fixed.

Revision history for this message
dann frazier (dannf) wrote :

= verification =

cmake now builds cleanly in an up to date jammy/armhf environment.

tags: added: verification-done verification-done-jammy
removed: verification-needed verification-needed-jammy
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cmake - 3.22.1-1ubuntu1.22.04.2

---------------
cmake (3.22.1-1ubuntu1.22.04.2) jammy; urgency=medium

  * Cherry pick upstream fix to avoid a segfault when encountering
    an empty /proc/cpuinfo (LP: #2052360).
  * Cherry pick upstream fix for test failure caused by git setting
    protocol.file.allow=user by default to mitigate CVE-2022-39253
    (LP: #2052362).

 -- dann frazier <email address hidden> Sat, 03 Feb 2024 16:33:56 -0700

Changed in cmake (Ubuntu Jammy):
status: Fix Committed → Fix Released
Revision history for this message
Andreas Hasenack (ahasenack) wrote : Update Released

The verification of the Stable Release Update for cmake has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.