[AUTO-CHERRYPICK] pytorch: fix CVE-2024-5187 - branch 3.0-dev (#11042)

Co-authored-by: SeanDougherty <sdougherty@microsoft.com>

Author: CBL-Mariner-Bot

SPECS/pytorch/CVE-2024-5187.patch

@@ -0,0 +1,85 @@
+From a8c49a5fac46df180ba95810dcbb56c00dbd9c76 Mon Sep 17 00:00:00 2001
+From: sunflowersxu <166728538+sunflowersxu@users.noreply.github.com>
+Date: Thu, 13 Jun 2024 01:47:14 +0800
+Subject: [PATCH] Mitigate tarball directory traversal risks (#6164)
+
+Hi, this pr is cleaner version than #6145
+
+Signed-off-by: sunriseXu <15927176697@163.com>
+Co-authored-by: sunriseXu <15927176697@163.com>
+Co-authored-by: Justin Chu <justinchuby@users.noreply.github.com>
+---
+ third_party/onnx/onnx/hub.py | 43 +++++++++++++++++++++++++++++++++++-
+ 1 file changed, 42 insertions(+), 1 deletion(-)
+
+diff --git a/third_party/onnx/onnx/hub.py b/third_party/onnx/onnx/hub.py
+index e5ca9e2c..dc888742 100644
+--- a/third_party/onnx/onnx/hub.py
++++ b/third_party/onnx/onnx/hub.py
+@@ -271,6 +271,35 @@ def load(
+     return onnx.load(cast(IO[bytes], BytesIO(model_bytes)))
+ 
+ 
++def _tar_members_filter(tar: tarfile.TarFile, base: str) -> list[tarfile.TarInfo]:
++    """Check that the content of ``tar`` will be extracted safely
++
++    Args:
++        tar: The tarball file
++        base: The directory where the tarball will be extracted
++
++    Returns:
++        list of tarball members
++    """
++    result = []
++    for member in tar:
++        member_path = os.path.join(base, member.name)
++        abs_base = os.path.abspath(base)
++        abs_member = os.path.abspath(member_path)
++        if not abs_member.startswith(abs_base):
++            raise RuntimeError(
++                f"The tarball member {member_path} in downloading model contains "
++                f"directory traversal sequence which may contain harmful payload."
++            )
++        elif member.issym() or member.islnk():
++            raise RuntimeError(
++                f"The tarball member {member_path} in downloading model contains "
++                f"symbolic links which may contain harmful payload."
++            )
++        result.append(member)
++    return result
++
++
+ def download_model_with_test_data(
+     model: str,
+     repo: str = "onnx/models:main",
+@@ -280,6 +309,7 @@ def download_model_with_test_data(
+ ) -> Optional[str]:
+     """
+     Downloads a model along with test data by name from the onnx model hub and returns the directory to which the files have been extracted.
++    Users are responsible for making sure the model comes from a trusted source, and the data is safe to be extracted.
+ 
+     :param model: The name of the onnx model in the manifest. This field is case-sensitive
+     :param repo: The location of the model repo in format "user/repo[:branch]".
+@@ -342,7 +372,18 @@ def download_model_with_test_data(
+         local_model_with_data_dir_path = local_model_with_data_path[
+             0 : len(local_model_with_data_path) - 7
+         ]
+-        model_with_data_zipped.extractall(local_model_with_data_dir_path)
++        # Mitigate tarball directory traversal risks
++        if hasattr(tarfile, "data_filter"):
++            model_with_data_zipped.extractall(
++                path=local_model_with_data_dir_path, filter="data"
++            )
++        else:
++            model_with_data_zipped.extractall(
++                path=local_model_with_data_dir_path,
++                members=_tar_members_filter(
++                    model_with_data_zipped, local_model_with_data_dir_path
++                ),
++            )    
+     model_with_data_path = (
+         local_model_with_data_dir_path
+         + "/"
+-- 
+2.39.4
+

SPECS/pytorch/generate_source_tarball.sh

@@ -1,6 +1,5 @@
 {
-    "Signatures": {
-        "pytorch-2.2.2-submodules.tar.gz": "74d91f9cbba81848a0c07c718810889c46ca2d24a198444d8e3caca13eea9ffc",
-        "pytorch-2.2.2.tar.gz": "57a1136095bdfe769acb87876dce77212da2c995c61957a67a1f16172d235d17"
-    }
-}
+ "Signatures": {
+  "pytorch-2.2.2.tar.gz": "57a1136095bdfe769acb87876dce77212da2c995c61957a67a1f16172d235d17"
+ }
+}

SPECS/pytorch/pytorch.signatures.json

@@ -2,15 +2,13 @@
 Summary:        Tensors and Dynamic neural networks in Python with strong GPU acceleration.
 Name:           pytorch
 Version:        2.2.2
-Release:        2%{?dist}
+Release:        3%{?dist}
 License:        BSD-3-Clause
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 Group:          Development/Languages/Python
 URL:            https://pytorch.org/
 Source0:        https://github.com/pytorch/pytorch/releases/download/v%{version}/%{name}-v%{version}.tar.gz#/%{name}-%{version}.tar.gz
-# Use the generate_source_tarball.sh script to create a tarball of submodules during version updates.
-Source1:        %{name}-%{version}-submodules.tar.gz
 BuildRequires:  cmake
 BuildRequires:  gcc
 BuildRequires:  gcc-c++
@@ -26,6 +24,7 @@ BuildRequires:  python3-six
 
 Patch1:         CVE-2024-27318.patch
 Patch2:         CVE-2022-1941.patch
+Patch3:         CVE-2024-5187.patch
 
 %description
 PyTorch is a Python package that provides two high-level features:
@@ -59,7 +58,7 @@ PyTorch is a Python package that provides two high-level features:
 You can reuse your favorite Python packages such as NumPy, SciPy and Cython to extend PyTorch when needed.
 
 %prep
-%autosetup -a 1 -p 1 -n %{name}-v%{version}
+%autosetup -p 1 -n %{name}-v%{version}
 
 %build
 export USE_CUDA=0
@@ -87,6 +86,10 @@ cp -arf docs %{buildroot}/%{_pkgdocdir}
 %{_docdir}/*
 
 %changelog
+* Tue Nov 12 2024 Sean Dougherty <sdougherty@microsoft.com> - 2.2.2-3
+- Add patch to address CVE-2024-5187
+- Remove unnecessary double vendoring of the third_party directory. Doubling happens because the contents of the submodule tarball are pulled directly from the original source tarball and then re-uploaded as this "submodule tarball".
+
 * Tue Sep 17 2024 Archana Choudhary <archana1@microsoft.com> - 2.2.2-2
 - patch for CVE-2024-27318, CVE-2022-1941