SOURCES/CVE-2021-3572.patch

@@ -0,0 +1,53 @@
+Backport of https://github.com/pypa/pip/pull/9827 with parts of
+https://github.com/pypa/pip/pull/4690 to make it work with pip v9.0.1
+diff --git a/pip/vcs/git.py b/pip/vcs/git.py
+index 2187dd8..d1502f8 100644
+--- a/pip/vcs/git.py
++++ b/pip/vcs/git.py
+@@ -81,7 +81,7 @@ class Git(VersionControl):
+         and branches may need origin/ as a prefix.
+         Returns the SHA1 of the branch or tag if found.
+         """
+-        revisions = self.get_short_refs(dest)
++        revisions = self.get_short_refs(dest, rev)
+ 
+         origin_rev = 'origin/%s' % rev
+         if origin_rev in revisions:
+@@ -171,12 +171,20 @@ class Git(VersionControl):
+             ['rev-parse', 'HEAD'], show_stdout=False, cwd=location)
+         return current_rev.strip()
+ 
+-    def get_full_refs(self, location):
++    def get_full_refs(self, location, pattern=''):
+         """Yields tuples of (commit, ref) for branches and tags"""
+-        output = self.run_command(['show-ref'],
++        output = self.run_command(['show-ref', pattern],
+                                   show_stdout=False, cwd=location)
+-        for line in output.strip().splitlines():
+-            commit, ref = line.split(' ', 1)
++        for line in output.split("\n"):
++            line = line.rstrip("\r")
++            if not line:
++                continue
++            try:
++                commit, ref = line.split(' ', 1)
++            except ValueError:
++                # Include the offending line to simplify troubleshooting if
++                # this error ever occurs.
++                raise ValueError(f'unexpected show-ref line: {line!r}')
+             yield commit.strip(), ref.strip()
+ 
+     def is_ref_remote(self, ref):
+@@ -200,10 +208,10 @@ class Git(VersionControl):
+     def get_refs(self, location):
+         return self.get_short_refs(location)
+ 
+-    def get_short_refs(self, location):
++    def get_short_refs(self, location, pattern=''):
+         """Return map of named refs (branches or tags) to commit hashes."""
+         rv = {}
+-        for commit, ref in self.get_full_refs(location):
++        for commit, ref in self.get_full_refs(location, pattern):
+             ref_name = None
+             if self.is_ref_remote(ref):
+                 ref_name = ref[len('refs/remotes/'):]

SOURCES/cve-2007-4559-tarfile.patch

@@ -0,0 +1,47 @@
+Minimal patch for pip
+
+diff -rU3 pip-22.3.1-orig/src/pip/_internal/utils/unpacking.py pip-22.3.1/src/pip/_internal/utils/unpacking.py
+--- a/pip/utils/__init__.py	2022-11-05 16:25:43.000000000 +0100
++++ b/pip/utils/__init__.py	2023-08-08 13:17:47.705613554 +0200
+@@ -559,6 +559,13 @@
+             if leading:
+                 fn = split_leading_dir(fn)[1]
+             path = os.path.join(location, fn)
++
++            # Call the `data` filter for its side effect (raising exception)
++            try:
++                tarfile.data_filter(member.replace(name=fn), location)
++            except tarfile.LinkOutsideDestinationError:
++                pass
++
+             if member.isdir():
+                 ensure_dir(path)
+             elif member.issym():
+
+
+Patch for vendored distlib from https://github.com/pypa/distlib/pull/201
+
+diff --git a/distlib/util.py b/distlib/util.py
+index e0622e4..4349d0b 100644
+--- a/pip/_vendor/distlib/util.py
++++ b/pip/_vendor/distlib/util.py
+@@ -1249,6 +1249,19 @@ def check_path(path):
+             for tarinfo in archive.getmembers():
+                 if not isinstance(tarinfo.name, text_type):
+                     tarinfo.name = tarinfo.name.decode('utf-8')
++
++        # Limit extraction of dangerous items, if this Python
++        # allows it easily. If not, just trust the input.
++        # See: https://docs.python.org/3/library/tarfile.html#extraction-filters
++        def extraction_filter(member, path):
++            """Run tarfile.tar_fillter, but raise the expected ValueError"""
++            # This is only called if the current Python has tarfile filters
++            try:
++                return tarfile.tar_filter(member, path)
++            except tarfile.FilterError as exc:
++                raise ValueError(str(exc))
++        archive.extraction_filter = extraction_filter
++
+         archive.extractall(dest_dir)
+ 
+     finally:

SOURCES/pip-directory-traversal-security-issue-tests.patch

@@ -0,0 +1,122 @@
+From 7917dbda14ef64a5e7fdea48383a266577484ac8 Mon Sep 17 00:00:00 2001
+From: Tomas Orsava <torsava@redhat.com>
+Date: Wed, 19 Aug 2020 12:51:16 +0200
+Subject: [PATCH 2/2] FIX #6413 pip install <url> allow directory traversal
+ (tests)
+
+---
+ tests/unit/test_download.py | 85 +++++++++++++++++++++++++++++++++++++
+ 1 file changed, 85 insertions(+)
+
+diff --git a/tests/unit/test_download.py b/tests/unit/test_download.py
+index ee4b11c..15f99ec 100644
+--- a/tests/unit/test_download.py
++++ b/tests/unit/test_download.py
+@@ -1,5 +1,6 @@
+ import hashlib
+ import os
++import sys
+ from io import BytesIO
+ from shutil import rmtree, copy
+ from tempfile import mkdtemp
+@@ -13,6 +14,7 @@ import pip
+ from pip.exceptions import HashMismatch
+ from pip.download import (
+     PipSession, SafeFileCache, path_to_url, unpack_http_url, url_to_path,
++    _download_http_url, parse_content_disposition, sanitize_content_filename,
+     unpack_file_url,
+ )
+ from pip.index import Link
+@@ -123,6 +125,89 @@ def test_unpack_http_url_bad_downloaded_checksum(mock_unpack_file):
+         rmtree(download_dir)
+ 
+ 
++@pytest.mark.parametrize("filename, expected", [
++    ('dir/file', 'file'),
++    ('../file', 'file'),
++    ('../../file', 'file'),
++    ('../', ''),
++    ('../..', '..'),
++    ('/', ''),
++])
++def test_sanitize_content_filename(filename, expected):
++    """
++    Test inputs where the result is the same for Windows and non-Windows.
++    """
++    assert sanitize_content_filename(filename) == expected
++
++
++@pytest.mark.parametrize("filename, win_expected, non_win_expected", [
++    ('dir\\file', 'file', 'dir\\file'),
++    ('..\\file', 'file', '..\\file'),
++    ('..\\..\\file', 'file', '..\\..\\file'),
++    ('..\\', '', '..\\'),
++    ('..\\..', '..', '..\\..'),
++    ('\\', '', '\\'),
++])
++def test_sanitize_content_filename__platform_dependent(
++    filename,
++    win_expected,
++    non_win_expected
++):
++    """
++    Test inputs where the result is different for Windows and non-Windows.
++    """
++    if sys.platform == 'win32':
++        expected = win_expected
++    else:
++        expected = non_win_expected
++    assert sanitize_content_filename(filename) == expected
++
++
++@pytest.mark.parametrize("content_disposition, default_filename, expected", [
++    ('attachment;filename="../file"', 'df', 'file'),
++])
++def test_parse_content_disposition(
++    content_disposition,
++    default_filename,
++    expected
++):
++    actual = parse_content_disposition(content_disposition, default_filename)
++    assert actual == expected
++
++
++def test_download_http_url__no_directory_traversal(tmpdir):
++    """
++    Test that directory traversal doesn't happen on download when the
++    Content-Disposition header contains a filename with a ".." path part.
++    """
++    mock_url = 'http://www.example.com/whatever.tgz'
++    contents = b'downloaded'
++    link = Link(mock_url)
++
++    session = Mock()
++    resp = MockResponse(contents)
++    resp.url = mock_url
++    resp.headers = {
++        # Set the content-type to a random value to prevent
++        # mimetypes.guess_extension from guessing the extension.
++        'content-type': 'random',
++        'content-disposition': 'attachment;filename="../out_dir_file"'
++    }
++    session.get.return_value = resp
++
++    download_dir = tmpdir.join('download')
++    os.mkdir(download_dir)
++    file_path, content_type = _download_http_url(
++        link,
++        session,
++        download_dir,
++        hashes=None,
++    )
++    # The file should be downloaded to download_dir.
++    actual = os.listdir(download_dir)
++    assert actual == ['out_dir_file']
++
++
+ @pytest.mark.skipif("sys.platform == 'win32'")
+ def test_path_to_url_unix():
+     assert path_to_url('/tmp/file') == 'file:///tmp/file'
+-- 
+2.25.4
+

SOURCES/pip-directory-traversal-security-issue.patch

@@ -0,0 +1,79 @@
+From 8044d9f2fbcb09f09a62b26ac1d8a134976bb2ac Mon Sep 17 00:00:00 2001
+From: gzpan123 <gzpan123@gmail.com>
+Date: Wed, 17 Apr 2019 21:25:45 +0800
+Subject: [PATCH 1/2] FIX #6413 pip install <url> allow directory traversal
+
+---
+ news/6413.bugfix |  3 +++
+ pip/download.py  | 31 ++++++++++++++++++++++++++-----
+ 2 files changed, 29 insertions(+), 5 deletions(-)
+ create mode 100644 news/6413.bugfix
+
+diff --git a/news/6413.bugfix b/news/6413.bugfix
+new file mode 100644
+index 0000000..68d0a72
+--- /dev/null
++++ b/news/6413.bugfix
+@@ -0,0 +1,3 @@
++Prevent ``pip install <url>`` from permitting directory traversal if e.g.
++a malicious server sends a ``Content-Disposition`` header with a filename
++containing ``../`` or ``..\\``.
+diff --git a/pip/download.py b/pip/download.py
+index 039e55a..b3d169b 100644
+--- a/pip/download.py
++++ b/pip/download.py
+@@ -54,7 +54,8 @@ __all__ = ['get_file_content',
+            'is_url', 'url_to_path', 'path_to_url',
+            'is_archive_file', 'unpack_vcs_link',
+            'unpack_file_url', 'is_vcs_url', 'is_file_url',
+-           'unpack_http_url', 'unpack_url']
++           'unpack_http_url', 'unpack_url',
++           'parse_content_disposition', 'sanitize_content_filename']
+ 
+ 
+ logger = logging.getLogger(__name__)
+@@ -824,6 +825,29 @@ def unpack_url(link, location, download_dir=None,
+         write_delete_marker_file(location)
+ 
+ 
++def sanitize_content_filename(filename):
++    # type: (str) -> str
++    """
++    Sanitize the "filename" value from a Content-Disposition header.
++    """
++    return os.path.basename(filename)
++
++
++def parse_content_disposition(content_disposition, default_filename):
++    # type: (str, str) -> str
++    """
++    Parse the "filename" value from a Content-Disposition header, and
++    return the default filename if the result is empty.
++    """
++    _type, params = cgi.parse_header(content_disposition)
++    filename = params.get('filename')
++    if filename:
++        # We need to sanitize the filename to prevent directory traversal
++        # in case the filename contains ".." path parts.
++        filename = sanitize_content_filename(filename)
++    return filename or default_filename
++
++
+ def _download_http_url(link, session, temp_dir, hashes):
+     """Download link url into temp_dir using provided session"""
+     target_url = link.url.split('#', 1)[0]
+@@ -864,10 +888,7 @@ def _download_http_url(link, session, temp_dir, hashes):
+     # Have a look at the Content-Disposition header for a better guess
+     content_disposition = resp.headers.get('content-disposition')
+     if content_disposition:
+-        type, params = cgi.parse_header(content_disposition)
+-        # We use ``or`` here because we don't want to use an "empty" value
+-        # from the filename param.
+-        filename = params.get('filename') or filename
++        filename = parse_content_disposition(content_disposition, filename)
+     ext = splitext(filename)[1]
+     if not ext:
+         ext = mimetypes.guess_extension(content_type)
+-- 
+2.25.4
+

SOURCES/skip_yanked_releases.patch

@@ -0,0 +1,91 @@
+From b97ef609100fbdd5895dab48cdab578dfeba396c Mon Sep 17 00:00:00 2001
+From: Lumir Balhar <lbalhar@redhat.com>
+Date: Fri, 10 Sep 2021 13:38:40 +0200
+Subject: [PATCH 1/2] Implement handling of yanked_reason from the HTML anchor
+
+---
+ pip/index.py | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/pip/index.py b/pip/index.py
+index f653f6e6a..ced52ce5a 100644
+--- a/pip/index.py
++++ b/pip/index.py
+@@ -865,7 +865,11 @@ class HTMLPage(object):
+                 )
+                 pyrequire = anchor.get('data-requires-python')
+                 pyrequire = unescape(pyrequire) if pyrequire else None
+-                yield Link(url, self, requires_python=pyrequire)
++                yanked_reason = anchor.get('data-yanked', default=None)
++                # Empty or valueless attribute are both parsed as empty string
++                if yanked_reason is not None:
++                    yanked_reason = unescape(yanked_reason)
++                yield Link(url, self, requires_python=pyrequire, yanked_reason=yanked_reason)
+ 
+     _clean_re = re.compile(r'[^a-z0-9$&+,/:;=?@.#%_\\|-]', re.I)
+ 
+@@ -879,7 +883,7 @@ class HTMLPage(object):
+ 
+ class Link(object):
+ 
+-    def __init__(self, url, comes_from=None, requires_python=None):
++    def __init__(self, url, comes_from=None, requires_python=None, yanked_reason=None):
+         """
+         Object representing a parsed link from https://pypi.python.org/simple/*
+ 
+@@ -900,6 +904,8 @@ class Link(object):
+         self.url = url
+         self.comes_from = comes_from
+         self.requires_python = requires_python if requires_python else None
++        self.yanked_reason = yanked_reason
++        self.yanked = yanked_reason is not None
+ 
+     def __str__(self):
+         if self.requires_python:
+-- 
+2.31.1
+
+From d8dc6ee5d6809736dce43dc1e57d497f9ff91f26 Mon Sep 17 00:00:00 2001
+From: Lumir Balhar <lbalhar@redhat.com>
+Date: Fri, 10 Sep 2021 13:43:22 +0200
+Subject: [PATCH 2/2] Skip all yanked candidates if possible
+
+---
+ pip/index.py | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+diff --git a/pip/index.py b/pip/index.py
+index ced52ce5a..823bbaf7d 100644
+--- a/pip/index.py
++++ b/pip/index.py
+@@ -489,6 +489,27 @@ class PackageFinder(object):
+         if applicable_candidates:
+             best_candidate = max(applicable_candidates,
+                                  key=self._candidate_sort_key)
++            # If we cannot find a non-yanked candidate,
++            # use the best one and print a warning about it.
++            # Otherwise, try to find another best candidate, ignoring
++            # all the yanked releases.
++            if getattr(best_candidate.location, "yanked", False):
++                nonyanked_candidates = [
++                    c for c in applicable_candidates
++                    if not getattr(c.location, "yanked", False)
++                ]
++
++                if set(nonyanked_candidates):
++                    best_candidate = max(nonyanked_candidates,
++                                         key=self._candidate_sort_key)
++                else:
++                    warning_message = (
++                        "WARNING: The candidate selected for download or install "
++                        "is a yanked version: '{}' candidate (version {} at {})"
++                    ).format(best_candidate.project, best_candidate.version, best_candidate.location)
++                    if best_candidate.location.yanked_reason:
++                        warning_message += "\nReason for being yanked: {}".format(best_candidate.location.yanked_reason)
++                    logger.warning(warning_message)
+         else:
+             best_candidate = None
+ 
+-- 
+2.31.1
+

SPECS/python-pip.spec

@@ -9,17 +9,12 @@
 %global python3_wheeldir %{_datadir}/python3-wheels
 %endif
 
-# Note that with disabled python3, bashcomp2 will be disabled as well because
-# bashcompdir will point to a different path than with python3 enabled.
 %global bashcompdir %(b=$(pkg-config --variable=completionsdir bash-completion 2>/dev/null); echo ${b:-%{_sysconfdir}/bash_completion.d})
-%if "%{bashcompdir}" != "%{_sysconfdir}/bash_completion.d"
-%global bashcomp2 1
-%endif
 
 Name:           python-%{srcname}
 # When updating, update the bundled libraries versions bellow!
 Version:        9.0.3
-Release:        17%{?dist}
+Release:        24%{?dist}
 Summary:        A tool for installing and managing Python packages
 
 Group:          Development/Libraries
@@ -63,7 +58,7 @@ BuildRequires:  bzr
 # git clone https://github.com/pypa/pip && cd pip
 # git checkout 9.0.1 && tar -czvf ../pip-9.0.1-tests.tar.gz tests/
 %if %{with tests}
-Source1:        pip-9.0.1-tests.tar.gz
+Source1:        pip-%{version}-tests.tar.gz
 %endif
 
 # Patch until the following issue gets implemented upstream:
@@ -113,6 +108,34 @@ Patch7:         CVE-2019-11324.patch
 # https://github.com/psf/requests/pull/4851
 Patch8:         CVE-2018-18074.patch
 
+# Patch for pip install <url> allow directory traversal, leading to arbitrary file write
+# - Upstream PR: https://github.com/pypa/pip/pull/6418/files
+# - Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1868016
+# Patch9 fixes the issue
+# Patch10 adds unit tests for the issue
+Patch9:         pip-directory-traversal-security-issue.patch
+Patch10:        pip-directory-traversal-security-issue-tests.patch
+
+# Patch for CVE-2021-3572 - pip incorrectly handled unicode separators in git references
+# The patch is adjusted for older pip where it's necessary to also switch
+# the way pip gets revisions from git
+# Upstream PR: https://github.com/pypa/pip/pull/9827
+# Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1962856
+Patch11:        CVE-2021-3572.patch
+
+# Downstream-only implementation of support of yanked releases
+# PEP 592 - Adding "Yank" Support to the Simple API:
+#   https://www.python.org/dev/peps/pep-0592/
+# Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2000135
+Patch12:        skip_yanked_releases.patch
+
+# CVE-2007-4559, PEP-721, PEP-706: Use tarfile.data_filter for extracting
+# - Minimal downstream-only patch, to be replaced by upstream solution
+#   proposed in https://github.com/pypa/pip/pull/12214
+# - Patch for vendored distlib, accepted upstream:
+#   https://github.com/pypa/distlib/pull/201
+Patch13:         cve-2007-4559-tarfile.patch
+
 %global _description \
 pip is a package management system used to install and manage software packages \
 written in Python. Many packages can be found in the Python Package Index \
@@ -148,6 +171,9 @@ Requires:  platform-python-setuptools
 
 BuildRequires:  ca-certificates
 Requires:       ca-certificates
+# pip has to require explicit version of platform-python that provides
+# filters in tarfile module (fix for CVE-2007-4559).
+Requires:       platform-python >= 3.6.8-55
 
 # Virtual provides for the packages bundled by pip.
 # See the python2 list above for instructions.
@@ -200,6 +226,8 @@ A documentation for a tool for installing and managing Python packages
 %if %{without bootstrap}
 %package -n python3-%{srcname}-wheel
 Summary:        The pip wheel
+# Older Python does not provide tarfile filters (fix for CVE-2007-4559).
+Conflicts:      platform-python < 3.6.8-55
 
 # Virtual provides for the packages bundled by pip.
 # You can find the versions in pip/_vendor/vendor.txt file.
@@ -250,6 +278,13 @@ popd
 pushd pip/_vendor/requests
 %patch8 -p1
 popd
+%patch9 -p1
+%if %{with tests}
+%patch10 -p1
+%endif
+%patch11 -p1
+%patch12 -p1
+%patch13 -p1
 
 # this goes together with patch4
 rm pip/_vendor/certifi/*.pem
@@ -261,6 +296,13 @@ sed -i '1d' pip/__init__.py
 # Remove ordereddict as it is only required for python <= 2.6
 rm pip/_vendor/ordereddict.py
 
+# Remove windows executable binaries
+rm -v pip/_vendor/distlib/*.exe
+sed -i '/\.exe/d' setup.py
+
+# Backports for Python 2
+rm pip/_vendor/distlib/_backport/tarfile.py
+rm pip/_vendor/distlib/_backport/shutil.py
 
 %build
 %if %{without bootstrap}
@@ -296,20 +338,8 @@ mkdir -p %{buildroot}%{bashcompdir}
 PYTHONPATH=%{buildroot}%{python3_sitelib} \
     %{buildroot}%{_bindir}/pip3 completion --bash \
     > %{buildroot}%{bashcompdir}/pip3
-pips2=pip
-pips3=pip3
-for pip in %{buildroot}%{_bindir}/pip*; do
-    pip=$(basename $pip)
-    case $pip in
-        pip3?*)
-            pips3="$pips3 $pip"
-%if 0%{?bashcomp2}
-            ln -s pip-%{python3_version} %{buildroot}%{bashcompdir}/$pip
-%endif
-            ;;
-    esac
-done
-sed -i -e "s/^\\(complete.*\\) pip\$/\\1 $pips3/" \
+
+sed -i -e "s/^\\(complete.*\\) pip\$/\\1 pip3 pip-3 pip3.6 pip-3.6/" \
     -e s/_pip_completion/_pip3_completion/ \
     %{buildroot}%{bashcompdir}/pip3
 
@@ -351,10 +381,7 @@ py.test-%{python3_version} -m 'not network'
 %{_bindir}/pip%{python3_version}
 %{_bindir}/pip-%{python3_version}
 %dir %{bashcompdir}
-%{bashcompdir}/pip3*
-%if 0%{?bashcomp2}
-%dir %(dirname %{bashcompdir})
-%endif
+%{bashcompdir}/pip*
 
 %if %{with doc}
 %files doc
@@ -372,6 +399,34 @@ py.test-%{python3_version} -m 'not network'
 %endif
 
 %changelog
+* Wed Feb 14 2024 Lumír Balhar <lbalhar@redhat.com> - 9.0.3-24
+- Require Python with tarfile filters
+Resolves: RHEL-25446
+
+* Tue Aug 08 2023 Petr Viktorin <pviktori@redhat.com> - 9.0.3-23
+- Use tarfile.data_filter for extracting (CVE-2007-4559, PEP-721, PEP-706)
+Resolves: RHBZ#2218241
+
+* Wed Oct 06 2021 Charalampos Stratakis <cstratak@redhat.com> - 9.0.3-22
+- Remove bundled windows executables
+- Resolves: rhbz#2006788
+
+* Tue Oct 05 2021 Lumír Balhar <lbalhar@redhat.com> - 9.0.3-21
+- Support of yanked releases
+Resolves: rhbz#2000135
+
+* Mon Jun 07 2021 Lumír Balhar <lbalhar@redhat.com> - 9.0.3-20
+- Fix for CVE-2021-3572 - pip incorrectly handled unicode separators in git references
+Resolves: rhbz#1962856
+
+* Fri Jan 08 2021 Lumír Balhar <lbalhar@redhat.com> - 9.0.3-19
+- Fix bash completion files and simplify spec
+Resolves: rhbz#1904478
+
+* Wed Aug 19 2020 Tomas Orsava <torsava@redhat.com> - 9.0.3-18
+- Patch for pip install <url> allow directory traversal, leading to arbitrary file write
+Resolves: rhbz#1868016
+
 * Wed Mar 04 2020 Charalampos Stratakis <cstratak@redhat.com> - 9.0.3-17
 - Remove unused CA bundle from the bundled requests library
 Resolves: rhbz#1775200