6 changed files with 477 additions and 25 deletions
--- a/SOURCES/CVE-2021-3572.patch
+++ b/SOURCES/CVE-2021-3572.patch
@ -0,0 +1,53 @@
 Backport of https://github.com/pypa/pip/pull/9827 with parts of
 https://github.com/pypa/pip/pull/4690 to make it work with pip v9.0.1
 diff --git a/pip/vcs/git.py b/pip/vcs/git.py
 index 2187dd8..d1502f8 100644
 --- a/pip/vcs/git.py
 +++ b/pip/vcs/git.py
@@ -81,7 +81,7 @@ class Git(VersionControl):
         and branches may need origin/ as a prefix.
         Returns the SHA1 of the branch or tag if found.
         """
 -        revisions = self.get_short_refs(dest)
 +        revisions = self.get_short_refs(dest, rev)
         origin_rev = 'origin/%s' % rev
         if origin_rev in revisions:
@@ -171,12 +171,20 @@ class Git(VersionControl):
             ['rev-parse', 'HEAD'], show_stdout=False, cwd=location)
         return current_rev.strip()
 -    def get_full_refs(self, location):
 +    def get_full_refs(self, location, pattern=''):
         """Yields tuples of (commit, ref) for branches and tags"""
 -        output = self.run_command(['show-ref'],
 +        output = self.run_command(['show-ref', pattern],
                                   show_stdout=False, cwd=location)
 -        for line in output.strip().splitlines():
 -            commit, ref = line.split(' ', 1)
 +        for line in output.split("\n"):
 +            line = line.rstrip("\r")
 +            if not line:
 +                continue
 +            try:
 +                commit, ref = line.split(' ', 1)
 +            except ValueError:
 +                # Include the offending line to simplify troubleshooting if
 +                # this error ever occurs.
 +                raise ValueError(f'unexpected show-ref line: {line!r}')
             yield commit.strip(), ref.strip()
     def is_ref_remote(self, ref):
@@ -200,10 +208,10 @@ class Git(VersionControl):
     def get_refs(self, location):
         return self.get_short_refs(location)
 -    def get_short_refs(self, location):
 +    def get_short_refs(self, location, pattern=''):
         """Return map of named refs (branches or tags) to commit hashes."""
         rv = {}
 -        for commit, ref in self.get_full_refs(location):
 +        for commit, ref in self.get_full_refs(location, pattern):
             ref_name = None
             if self.is_ref_remote(ref):
                 ref_name = ref[len('refs/remotes/'):]
--- a/SOURCES/cve-2007-4559-tarfile.patch
+++ b/SOURCES/cve-2007-4559-tarfile.patch
@ -0,0 +1,47 @@
 Minimal patch for pip
 diff -rU3 pip-22.3.1-orig/src/pip/_internal/utils/unpacking.py pip-22.3.1/src/pip/_internal/utils/unpacking.py
 --- a/pip/utils/__init__.py	2022-11-05 16:25:43.000000000 +0100
 +++ b/pip/utils/__init__.py	2023-08-08 13:17:47.705613554 +0200
@@ -559,6 +559,13 @@
             if leading:
                 fn = split_leading_dir(fn)[1]
             path = os.path.join(location, fn)
 +
 +            # Call the `data` filter for its side effect (raising exception)
 +            try:
 +                tarfile.data_filter(member.replace(name=fn), location)
 +            except tarfile.LinkOutsideDestinationError:
 +                pass
 +
             if member.isdir():
                 ensure_dir(path)
             elif member.issym():
 Patch for vendored distlib from https://github.com/pypa/distlib/pull/201
 diff --git a/distlib/util.py b/distlib/util.py
 index e0622e4..4349d0b 100644
 --- a/pip/_vendor/distlib/util.py
 +++ b/pip/_vendor/distlib/util.py
@@ -1249,6 +1249,19 @@ def check_path(path):
             for tarinfo in archive.getmembers():
                 if not isinstance(tarinfo.name, text_type):
                     tarinfo.name = tarinfo.name.decode('utf-8')
 +
 +        # Limit extraction of dangerous items, if this Python
 +        # allows it easily. If not, just trust the input.
 +        # See: https://docs.python.org/3/library/tarfile.html#extraction-filters
 +        def extraction_filter(member, path):
 +            """Run tarfile.tar_fillter, but raise the expected ValueError"""
 +            # This is only called if the current Python has tarfile filters
 +            try:
 +                return tarfile.tar_filter(member, path)
 +            except tarfile.FilterError as exc:
 +                raise ValueError(str(exc))
 +        archive.extraction_filter = extraction_filter
 +
         archive.extractall(dest_dir)
     finally:
--- a/SOURCES/pip-directory-traversal-security-issue-tests.patch
+++ b/SOURCES/pip-directory-traversal-security-issue-tests.patch
@ -0,0 +1,122 @@
 From 7917dbda14ef64a5e7fdea48383a266577484ac8 Mon Sep 17 00:00:00 2001
 From: Tomas Orsava <torsava@redhat.com>
 Date: Wed, 19 Aug 2020 12:51:16 +0200
 Subject: [PATCH 2/2] FIX #6413 pip install <url> allow directory traversal
 (tests)
 ---
 tests/unit/test_download.py | 85 +++++++++++++++++++++++++++++++++++++
 1 file changed, 85 insertions(+)
 diff --git a/tests/unit/test_download.py b/tests/unit/test_download.py
 index ee4b11c..15f99ec 100644
 --- a/tests/unit/test_download.py
 +++ b/tests/unit/test_download.py
@@ -1,5 +1,6 @@
 import hashlib
 import os
 +import sys
 from io import BytesIO
 from shutil import rmtree, copy
 from tempfile import mkdtemp
@@ -13,6 +14,7 @@ import pip
 from pip.exceptions import HashMismatch
 from pip.download import (
     PipSession, SafeFileCache, path_to_url, unpack_http_url, url_to_path,
 +    _download_http_url, parse_content_disposition, sanitize_content_filename,
     unpack_file_url,
 )
 from pip.index import Link
@@ -123,6 +125,89 @@ def test_unpack_http_url_bad_downloaded_checksum(mock_unpack_file):
         rmtree(download_dir)
 +@pytest.mark.parametrize("filename, expected", [
 +    ('dir/file', 'file'),
 +    ('../file', 'file'),
 +    ('../../file', 'file'),
 +    ('../', ''),
 +    ('../..', '..'),
 +    ('/', ''),
 +])
 +def test_sanitize_content_filename(filename, expected):
 +    """
 +    Test inputs where the result is the same for Windows and non-Windows.
 +    """
 +    assert sanitize_content_filename(filename) == expected
 +
 +
 +@pytest.mark.parametrize("filename, win_expected, non_win_expected", [
 +    ('dir\\file', 'file', 'dir\\file'),
 +    ('..\\file', 'file', '..\\file'),
 +    ('..\\..\\file', 'file', '..\\..\\file'),
 +    ('..\\', '', '..\\'),
 +    ('..\\..', '..', '..\\..'),
 +    ('\\', '', '\\'),
 +])
 +def test_sanitize_content_filename__platform_dependent(
 +    filename,
 +    win_expected,
 +    non_win_expected
 +):
 +    """
 +    Test inputs where the result is different for Windows and non-Windows.
 +    """
 +    if sys.platform == 'win32':
 +        expected = win_expected
 +    else:
 +        expected = non_win_expected
 +    assert sanitize_content_filename(filename) == expected
 +
 +
 +@pytest.mark.parametrize("content_disposition, default_filename, expected", [
 +    ('attachment;filename="../file"', 'df', 'file'),
 +])
 +def test_parse_content_disposition(
 +    content_disposition,
 +    default_filename,
 +    expected
 +):
 +    actual = parse_content_disposition(content_disposition, default_filename)
 +    assert actual == expected
 +
 +
 +def test_download_http_url__no_directory_traversal(tmpdir):
 +    """
 +    Test that directory traversal doesn't happen on download when the
 +    Content-Disposition header contains a filename with a ".." path part.
 +    """
 +    mock_url = 'http://www.example.com/whatever.tgz'
 +    contents = b'downloaded'
 +    link = Link(mock_url)
 +
 +    session = Mock()
 +    resp = MockResponse(contents)
 +    resp.url = mock_url
 +    resp.headers = {
 +        # Set the content-type to a random value to prevent
 +        # mimetypes.guess_extension from guessing the extension.
 +        'content-type': 'random',
 +        'content-disposition': 'attachment;filename="../out_dir_file"'
 +    }
 +    session.get.return_value = resp
 +
 +    download_dir = tmpdir.join('download')
 +    os.mkdir(download_dir)
 +    file_path, content_type = _download_http_url(
 +        link,
 +        session,
 +        download_dir,
 +        hashes=None,
 +    )
 +    # The file should be downloaded to download_dir.
 +    actual = os.listdir(download_dir)
 +    assert actual == ['out_dir_file']
 +
 +
 @pytest.mark.skipif("sys.platform == 'win32'")
 def test_path_to_url_unix():
     assert path_to_url('/tmp/file') == 'file:///tmp/file'
 -- 
 2.25.4
--- a/SOURCES/pip-directory-traversal-security-issue.patch
+++ b/SOURCES/pip-directory-traversal-security-issue.patch
@ -0,0 +1,79 @@
 From 8044d9f2fbcb09f09a62b26ac1d8a134976bb2ac Mon Sep 17 00:00:00 2001
 From: gzpan123 <gzpan123@gmail.com>
 Date: Wed, 17 Apr 2019 21:25:45 +0800
 Subject: [PATCH 1/2] FIX #6413 pip install <url> allow directory traversal
 ---
 news/6413.bugfix |  3 +++
 pip/download.py  | 31 ++++++++++++++++++++++++++-----
 2 files changed, 29 insertions(+), 5 deletions(-)
 create mode 100644 news/6413.bugfix
 diff --git a/news/6413.bugfix b/news/6413.bugfix
 new file mode 100644
 index 0000000..68d0a72
 --- /dev/null
 +++ b/news/6413.bugfix
@@ -0,0 +1,3 @@
 +Prevent ``pip install <url>`` from permitting directory traversal if e.g.
 +a malicious server sends a ``Content-Disposition`` header with a filename
 +containing ``../`` or ``..\\``.
 diff --git a/pip/download.py b/pip/download.py
 index 039e55a..b3d169b 100644
 --- a/pip/download.py
 +++ b/pip/download.py
@@ -54,7 +54,8 @@ __all__ = ['get_file_content',
            'is_url', 'url_to_path', 'path_to_url',
            'is_archive_file', 'unpack_vcs_link',
            'unpack_file_url', 'is_vcs_url', 'is_file_url',
 -           'unpack_http_url', 'unpack_url']
 +           'unpack_http_url', 'unpack_url',
 +           'parse_content_disposition', 'sanitize_content_filename']
 logger = logging.getLogger(__name__)
@@ -824,6 +825,29 @@ def unpack_url(link, location, download_dir=None,
         write_delete_marker_file(location)
 +def sanitize_content_filename(filename):
 +    # type: (str) -> str
 +    """
 +    Sanitize the "filename" value from a Content-Disposition header.
 +    """
 +    return os.path.basename(filename)
 +
 +
 +def parse_content_disposition(content_disposition, default_filename):
 +    # type: (str, str) -> str
 +    """
 +    Parse the "filename" value from a Content-Disposition header, and
 +    return the default filename if the result is empty.
 +    """
 +    _type, params = cgi.parse_header(content_disposition)
 +    filename = params.get('filename')
 +    if filename:
 +        # We need to sanitize the filename to prevent directory traversal
 +        # in case the filename contains ".." path parts.
 +        filename = sanitize_content_filename(filename)
 +    return filename or default_filename
 +
 +
 def _download_http_url(link, session, temp_dir, hashes):
     """Download link url into temp_dir using provided session"""
     target_url = link.url.split('#', 1)[0]
@@ -864,10 +888,7 @@ def _download_http_url(link, session, temp_dir, hashes):
     # Have a look at the Content-Disposition header for a better guess
     content_disposition = resp.headers.get('content-disposition')
     if content_disposition:
 -        type, params = cgi.parse_header(content_disposition)
 -        # We use ``or`` here because we don't want to use an "empty" value
 -        # from the filename param.
 -        filename = params.get('filename') or filename
 +        filename = parse_content_disposition(content_disposition, filename)
     ext = splitext(filename)[1]
     if not ext:
         ext = mimetypes.guess_extension(content_type)
 -- 
 2.25.4
--- a/SOURCES/skip_yanked_releases.patch
+++ b/SOURCES/skip_yanked_releases.patch
@ -0,0 +1,91 @@
 From b97ef609100fbdd5895dab48cdab578dfeba396c Mon Sep 17 00:00:00 2001
 From: Lumir Balhar <lbalhar@redhat.com>
 Date: Fri, 10 Sep 2021 13:38:40 +0200
 Subject: [PATCH 1/2] Implement handling of yanked_reason from the HTML anchor
 ---
 pip/index.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)
 diff --git a/pip/index.py b/pip/index.py
 index f653f6e6a..ced52ce5a 100644
 --- a/pip/index.py
 +++ b/pip/index.py
@@ -865,7 +865,11 @@ class HTMLPage(object):
                 )
                 pyrequire = anchor.get('data-requires-python')
                 pyrequire = unescape(pyrequire) if pyrequire else None
 -                yield Link(url, self, requires_python=pyrequire)
 +                yanked_reason = anchor.get('data-yanked', default=None)
 +                # Empty or valueless attribute are both parsed as empty string
 +                if yanked_reason is not None:
 +                    yanked_reason = unescape(yanked_reason)
 +                yield Link(url, self, requires_python=pyrequire, yanked_reason=yanked_reason)
     _clean_re = re.compile(r'[^a-z0-9$&+,/:;=?@.#%_\\|-]', re.I)
@@ -879,7 +883,7 @@ class HTMLPage(object):
 class Link(object):
 -    def __init__(self, url, comes_from=None, requires_python=None):
 +    def __init__(self, url, comes_from=None, requires_python=None, yanked_reason=None):
         """
         Object representing a parsed link from https://pypi.python.org/simple/*
@@ -900,6 +904,8 @@ class Link(object):
         self.url = url
         self.comes_from = comes_from
         self.requires_python = requires_python if requires_python else None
 +        self.yanked_reason = yanked_reason
 +        self.yanked = yanked_reason is not None
     def __str__(self):
         if self.requires_python:
 -- 
 2.31.1
 From d8dc6ee5d6809736dce43dc1e57d497f9ff91f26 Mon Sep 17 00:00:00 2001
 From: Lumir Balhar <lbalhar@redhat.com>
 Date: Fri, 10 Sep 2021 13:43:22 +0200
 Subject: [PATCH 2/2] Skip all yanked candidates if possible
 ---
 pip/index.py | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 diff --git a/pip/index.py b/pip/index.py
 index ced52ce5a..823bbaf7d 100644
 --- a/pip/index.py
 +++ b/pip/index.py
@@ -489,6 +489,27 @@ class PackageFinder(object):
         if applicable_candidates:
             best_candidate = max(applicable_candidates,
                                  key=self._candidate_sort_key)
 +            # If we cannot find a non-yanked candidate,
 +            # use the best one and print a warning about it.
 +            # Otherwise, try to find another best candidate, ignoring
 +            # all the yanked releases.
 +            if getattr(best_candidate.location, "yanked", False):
 +                nonyanked_candidates = [
 +                    c for c in applicable_candidates
 +                    if not getattr(c.location, "yanked", False)
 +                ]
 +
 +                if set(nonyanked_candidates):
 +                    best_candidate = max(nonyanked_candidates,
 +                                         key=self._candidate_sort_key)
 +                else:
 +                    warning_message = (
 +                        "WARNING: The candidate selected for download or install "
 +                        "is a yanked version: '{}' candidate (version {} at {})"
 +                    ).format(best_candidate.project, best_candidate.version, best_candidate.location)
 +                    if best_candidate.location.yanked_reason:
 +                        warning_message += "\nReason for being yanked: {}".format(best_candidate.location.yanked_reason)
 +                    logger.warning(warning_message)
         else:
             best_candidate = None
 -- 
 2.31.1
--- a/SPECS/python-pip.spec
+++ b/SPECS/python-pip.spec
@ -9,17 +9,12 @@
 %global python3_wheeldir %{_datadir}/python3-wheels
 %endif
 # Note that with disabled python3, bashcomp2 will be disabled as well because
 # bashcompdir will point to a different path than with python3 enabled.
 %global bashcompdir %(b=$(pkg-config --variable=completionsdir bash-completion 2>/dev/null); echo ${b:-%{_sysconfdir}/bash_completion.d})
 %if "%{bashcompdir}" != "%{_sysconfdir}/bash_completion.d"
 %global bashcomp2 1
 %endif
 Name:           python-%{srcname}
 # When updating, update the bundled libraries versions bellow!
 Version:        9.0.3
-Release:        16%{?dist}
+Release:        24%{?dist}
 Summary:        A tool for installing and managing Python packages
 Group:          Development/Libraries
@ -63,7 +58,7 @@ BuildRequires:  bzr
 # git clone https://github.com/pypa/pip && cd pip
 # git checkout 9.0.1 && tar -czvf ../pip-9.0.1-tests.tar.gz tests/
 %if %{with tests}
-Source1:        pip-9.0.1-tests.tar.gz
+Source1:        pip-%{version}-tests.tar.gz
 %endif
 # Patch until the following issue gets implemented upstream:
@ -113,6 +108,34 @@ Patch7:         CVE-2019-11324.patch
 # https://github.com/psf/requests/pull/4851
 Patch8:         CVE-2018-18074.patch
 # Patch for pip install <url> allow directory traversal, leading to arbitrary file write
 # - Upstream PR: https://github.com/pypa/pip/pull/6418/files
 # - Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1868016
 # Patch9 fixes the issue
 # Patch10 adds unit tests for the issue
 Patch9:         pip-directory-traversal-security-issue.patch
 Patch10:        pip-directory-traversal-security-issue-tests.patch
 # Patch for CVE-2021-3572 - pip incorrectly handled unicode separators in git references
 # The patch is adjusted for older pip where it's necessary to also switch
 # the way pip gets revisions from git
 # Upstream PR: https://github.com/pypa/pip/pull/9827
 # Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1962856
 Patch11:        CVE-2021-3572.patch
 # Downstream-only implementation of support of yanked releases
 # PEP 592 - Adding "Yank" Support to the Simple API:
 #   https://www.python.org/dev/peps/pep-0592/
 # Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2000135
 Patch12:        skip_yanked_releases.patch
 # CVE-2007-4559, PEP-721, PEP-706: Use tarfile.data_filter for extracting
 # - Minimal downstream-only patch, to be replaced by upstream solution
 #   proposed in https://github.com/pypa/pip/pull/12214
 # - Patch for vendored distlib, accepted upstream:
 #   https://github.com/pypa/distlib/pull/201
 Patch13:         cve-2007-4559-tarfile.patch
 %global _description \
 pip is a package management system used to install and manage software packages \
 written in Python. Many packages can be found in the Python Package Index \
@ -148,6 +171,9 @@ Requires:  platform-python-setuptools
 BuildRequires:  ca-certificates
 Requires:       ca-certificates
 # pip has to require explicit version of platform-python that provides
 # filters in tarfile module (fix for CVE-2007-4559).
 Requires:       platform-python >= 3.6.8-55
 # Virtual provides for the packages bundled by pip.
 # See the python2 list above for instructions.
@ -200,6 +226,8 @@ A documentation for a tool for installing and managing Python packages
 %if %{without bootstrap}
 %package -n python3-%{srcname}-wheel
 Summary:        The pip wheel
 # Older Python does not provide tarfile filters (fix for CVE-2007-4559).
 Conflicts:      platform-python < 3.6.8-55
 # Virtual provides for the packages bundled by pip.
 # You can find the versions in pip/_vendor/vendor.txt file.
@ -250,9 +278,17 @@ popd
 pushd pip/_vendor/requests
 %patch8 -p1
 popd
 %patch9 -p1
 %if %{with tests}
 %patch10 -p1
 %endif
 %patch11 -p1
 %patch12 -p1
 %patch13 -p1
 # this goes together with patch4
 rm pip/_vendor/certifi/*.pem
 rm pip/_vendor/requests/*.pem
 sed -i '/\.pem$/d' pip.egg-info/SOURCES.txt
 sed -i '1d' pip/__init__.py
@ -260,6 +296,13 @@ sed -i '1d' pip/__init__.py
 # Remove ordereddict as it is only required for python <= 2.6
 rm pip/_vendor/ordereddict.py
 # Remove windows executable binaries
 rm -v pip/_vendor/distlib/*.exe
 sed -i '/\.exe/d' setup.py
 # Backports for Python 2
 rm pip/_vendor/distlib/_backport/tarfile.py
 rm pip/_vendor/distlib/_backport/shutil.py
 %build
 %if %{without bootstrap}
@ -295,20 +338,8 @@ mkdir -p %{buildroot}%{bashcompdir}
 PYTHONPATH=%{buildroot}%{python3_sitelib} \
    %{buildroot}%{_bindir}/pip3 completion --bash \
    > %{buildroot}%{bashcompdir}/pip3
-pips2=pip
+
-pips3=pip3
+sed -i -e "s/^\\(complete.*\\) pip\$/\\1 pip3 pip-3 pip3.6 pip-3.6/" \
 for pip in %{buildroot}%{_bindir}/pip*; do
    pip=$(basename $pip)
    case $pip in
        pip3?*)
            pips3="$pips3 $pip"
 %if 0%{?bashcomp2}
            ln -s pip-%{python3_version} %{buildroot}%{bashcompdir}/$pip
 %endif
            ;;
    esac
 done
 sed -i -e "s/^\\(complete.*\\) pip\$/\\1 $pips3/" \
    -e s/_pip_completion/_pip3_completion/ \
    %{buildroot}%{bashcompdir}/pip3
@ -350,10 +381,7 @@ py.test-%{python3_version} -m 'not network'
 %{_bindir}/pip%{python3_version}
 %{_bindir}/pip-%{python3_version}
 %dir %{bashcompdir}
-%{bashcompdir}/pip3*
+%{bashcompdir}/pip*
 %if 0%{?bashcomp2}
 %dir %(dirname %{bashcompdir})
 %endif
 %if %{with doc}
 %files doc
@ -371,6 +399,38 @@ py.test-%{python3_version} -m 'not network'
 %endif
 %changelog
 * Wed Feb 14 2024 Lumír Balhar <lbalhar@redhat.com> - 9.0.3-24
 - Require Python with tarfile filters
 Resolves: RHEL-25446
 * Tue Aug 08 2023 Petr Viktorin <pviktori@redhat.com> - 9.0.3-23
 - Use tarfile.data_filter for extracting (CVE-2007-4559, PEP-721, PEP-706)
 Resolves: RHBZ#2218241
 * Wed Oct 06 2021 Charalampos Stratakis <cstratak@redhat.com> - 9.0.3-22
 - Remove bundled windows executables
 - Resolves: rhbz#2006788
 * Tue Oct 05 2021 Lumír Balhar <lbalhar@redhat.com> - 9.0.3-21
 - Support of yanked releases
 Resolves: rhbz#2000135
 * Mon Jun 07 2021 Lumír Balhar <lbalhar@redhat.com> - 9.0.3-20
 - Fix for CVE-2021-3572 - pip incorrectly handled unicode separators in git references
 Resolves: rhbz#1962856
 * Fri Jan 08 2021 Lumír Balhar <lbalhar@redhat.com> - 9.0.3-19
 - Fix bash completion files and simplify spec
 Resolves: rhbz#1904478
 * Wed Aug 19 2020 Tomas Orsava <torsava@redhat.com> - 9.0.3-18
 - Patch for pip install <url> allow directory traversal, leading to arbitrary file write
 Resolves: rhbz#1868016
 * Wed Mar 04 2020 Charalampos Stratakis <cstratak@redhat.com> - 9.0.3-17
 - Remove unused CA bundle from the bundled requests library
 Resolves: rhbz#1775200
 * Mon Jan 13 2020 Lumír Balhar <lbalhar@redhat.com> - 9.0.3-16
 - Add four new patches for CVEs in bundled urllib3 and requests
 CVE-2018-20060, CVE-2019-11236, CVE-2019-11324, CVE-2018-18074