From b38b2588c734045447ecd5f4c2a688003eddc554 Mon Sep 17 00:00:00 2001 From: Orion Poplawski Date: May 24 2022 14:36:52 +0000 Subject: Backport patch to fix infinite recursion with pip wheel with $TMPDIR in $PWD --- diff --git a/SOURCES/7873.patch b/SOURCES/7873.patch new file mode 100644 index 0000000..c27ebb2 --- /dev/null +++ b/SOURCES/7873.patch @@ -0,0 +1,84 @@ +diff -up pip-19.3.1/news/7872.bugfix.pip7873 pip-19.3.1/news/7872.bugfix +--- pip-19.3.1/news/7872.bugfix.pip7873 2022-05-24 08:34:03.285054864 -0600 ++++ pip-19.3.1/news/7872.bugfix 2022-05-24 08:34:03.285054864 -0600 +@@ -0,0 +1 @@ ++Prevent an infinite recursion with ``pip wheel`` when ``$TMPDIR`` is within the source directory. +diff -up pip-19.3.1/src/pip/_internal/download.py.pip7873 pip-19.3.1/src/pip/_internal/download.py +--- pip-19.3.1/src/pip/_internal/download.py.pip7873 2019-10-17 13:32:34.000000000 -0600 ++++ pip-19.3.1/src/pip/_internal/download.py 2022-05-24 08:35:17.013833331 -0600 +@@ -350,12 +350,24 @@ def _copy2_ignoring_special_files(src, d + + def _copy_source_tree(source, target): + # type: (str, str) -> None ++ target_abspath = os.path.abspath(target) ++ target_basename = os.path.basename(target_abspath) ++ target_dirname = os.path.dirname(target_abspath) ++ + def ignore(d, names): +- # Pulling in those directories can potentially be very slow, +- # exclude the following directories if they appear in the top +- # level dir (and only it). +- # See discussion at https://github.com/pypa/pip/pull/6770 +- return ['.tox', '.nox'] if d == source else [] ++ skipped = [] # type: List[str] ++ if d == source: ++ # Pulling in those directories can potentially be very slow, ++ # exclude the following directories if they appear in the top ++ # level dir (and only it). ++ # See discussion at https://github.com/pypa/pip/pull/6770 ++ skipped += ['.tox', '.nox'] ++ if os.path.abspath(d) == target_dirname: ++ # Prevent an infinite recursion if the target is in source. ++ # This can happen when TMPDIR is set to ${PWD}/... ++ # and we copy PWD to TMPDIR. ++ skipped += [target_basename] ++ return skipped + + kwargs = dict(ignore=ignore, symlinks=True) # type: CopytreeKwargs + +diff -up pip-19.3.1/src/pip/_internal/operations/prepare.py.pip7873 pip-19.3.1/src/pip/_internal/operations/prepare.py +diff -up pip-19.3.1/tests/data/src/extension/extension.c.pip7873 pip-19.3.1/tests/data/src/extension/extension.c +diff -up pip-19.3.1/tests/data/src/extension/setup.py.pip7873 pip-19.3.1/tests/data/src/extension/setup.py +--- pip-19.3.1/tests/data/src/extension/setup.py.pip7873 2022-05-24 08:34:03.285054864 -0600 ++++ pip-19.3.1/tests/data/src/extension/setup.py 2022-05-24 08:34:03.285054864 -0600 +@@ -0,0 +1,4 @@ ++from setuptools import Extension, setup ++ ++module = Extension('extension', sources=['extension.c']) ++setup(name='extension', version='0.0.1', ext_modules = [module]) +diff -up pip-19.3.1/tests/functional/test_wheel.py.pip7873 pip-19.3.1/tests/functional/test_wheel.py +--- pip-19.3.1/tests/functional/test_wheel.py.pip7873 2019-10-17 13:32:34.000000000 -0600 ++++ pip-19.3.1/tests/functional/test_wheel.py 2022-05-24 08:34:03.285054864 -0600 +@@ -1,6 +1,7 @@ + """'pip wheel' tests""" + import os + import re ++import sys + from os.path import exists + + import pytest +@@ -228,6 +229,24 @@ def test_pip_wheel_with_user_set_in_conf + assert "Successfully built withpyproject" in result.stdout, result.stdout + + ++@pytest.mark.skipif(sys.platform.startswith('win'), ++ reason='The empty extension module does not work on Win') ++def test_pip_wheel_ext_module_with_tmpdir_inside(script, data, common_wheels): ++ tmpdir = data.src / 'extension/tmp' ++ tmpdir.mkdir() ++ script.environ['TMPDIR'] = str(tmpdir) ++ ++ # To avoid a test dependency on a C compiler, we set the env vars to "noop" ++ # The .c source is empty anyway ++ script.environ['CC'] = script.environ['LDSHARED'] = str('true') ++ ++ result = script.pip( ++ 'wheel', data.src / 'extension', ++ '--no-index', '-f', common_wheels ++ ) ++ assert "Successfully built extension" in result.stdout, result.stdout ++ ++ + @pytest.mark.network + def test_pep517_wheels_are_not_confused_with_other_files(script, tmpdir, data): + """Check correct wheels are copied. (#6196) diff --git a/SPECS/python3x-pip.spec b/SPECS/python3x-pip.spec index ad494ba..14a7e6d 100644 --- a/SPECS/python3x-pip.spec +++ b/SPECS/python3x-pip.spec @@ -16,7 +16,7 @@ Name: python3x-%{srcname} # When updating, update the bundled libraries versions bellow! # You can use vendor_meta.sh in the dist git repo Version: 19.3.1 -Release: 5%{?dist} +Release: 6%{?dist} Summary: A tool for installing and managing Python packages # We bundle a lot of libraries with pip, which itself is under MIT license. @@ -101,6 +101,11 @@ Patch6: CVE-2021-3572.patch # Upstream fix: https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec Patch7: CVE-2021-33503.patch +# Prevent infinite recursion with pip wheel with $TMPDIR in +# $PWD +# https://github.com/pypa/pip/pull/7873 +Patch8: 7873.patch + # Downstream only patch # Users might have local installations of pip from using # `pip install --user --upgrade pip` on older/newer versions. @@ -256,6 +261,7 @@ popd %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 # this goes together with patch4 rm src/pip/_vendor/certifi/*.pem @@ -420,6 +426,9 @@ fi %{python_wheeldir}/%{python_wheelname} %changelog +* Tue May 24 2022 Orion Poplawski - 19.3.1-6 +- Backport patch to fix infinite recursion with pip wheel with $TMPDIR in $PWD + * Thu Oct 14 2021 Charalampos Stratakis - 19.3.1-5 - Remove bundled windows executables - Resolves: rhbz#2006789