From e794e76d7b361c6b36c7c245f109dd8e452e53d0 Mon Sep 17 00:00:00 2001
From: xyn-coder <xiangyuning@huawei.com>
Date: Thu, 11 Sep 2025 15:05:57 +0800
Subject: [PATCH] Fix CVE-2025-50181

---
 backport-CVE-2025-50181.patch | 90 +++++++++++++++++++++++++++++++++++
 python-pip.spec               |  6 ++-
 2 files changed, 95 insertions(+), 1 deletion(-)
 create mode 100644 backport-CVE-2025-50181.patch

diff --git a/backport-CVE-2025-50181.patch b/backport-CVE-2025-50181.patch
new file mode 100644
index 0000000..a97da70
--- /dev/null
+++ b/backport-CVE-2025-50181.patch
@@ -0,0 +1,90 @@
+From f05b1329126d5be6de501f9d1e3e36738bc08857 Mon Sep 17 00:00:00 2001
+From: Illia Volochii <illia.volochii@gmail.com>
+Date: Wed, 18 Jun 2025 16:25:01 +0300
+Subject: [PATCH] Merge commit from fork
+
+* Apply Quentin's suggestion
+
+Co-authored-by: Quentin Pradet <quentin.pradet@gmail.com>
+
+* Add tests for disabled redirects in the pool manager
+
+* Add a possible fix for the issue with not raised `MaxRetryError`
+
+* Make urllib3 handle redirects instead of JS when JSPI is used
+
+* Fix info in the new comment
+
+* State that redirects with XHR are not controlled by urllib3
+
+* Remove excessive params from new test requests
+
+* Add tests reaching max non-0 redirects
+
+* Test redirects with Emscripten
+
+* Fix `test_merge_pool_kwargs`
+
+* Add a changelog entry
+
+* Parametrize tests
+
+* Drop a fix for Emscripten
+
+* Apply Seth's suggestion to docs
+
+Co-authored-by: Seth Michael Larson <sethmichaellarson@gmail.com>
+
+* Use a minor release instead of the patch one
+
+Reference:https://github.com/urllib3/urllib3/commit/f05b1329126d5be6de501f9d1e3e36738bc08857
+Conflict:test/with_dummyserver/test_poolmanger,
+test/contrib/emscripten/test_emscrepten.py has not been modified because
+is has been deleted in the pre-phase of the spec file;CHANGES.rst,
+docs/reference/contrib/emscripten.rst,dummyserver/app.py has not been
+modified because these are the latest features and informations, does
+not involve related modifications
+
+---
+ src/pip/_vendor/urllib3/poolmanager.py | 18 +++++++++++++++++-
+ 1 file changed, 17 insertions(+), 1 deletion(-)
+
+diff --git a/src/pip/_vendor/urllib3/poolmanager.py b/src/pip/_vendor/urllib3/poolmanager.py
+index 7d4c22c..4e6d618 100644
+--- a/src/pip/_vendor/urllib3/poolmanager.py
++++ b/src/pip/_vendor/urllib3/poolmanager.py
+@@ -169,6 +169,22 @@ class PoolManager(RequestMethods):
+ 
+     def __init__(self, num_pools=10, headers=None, **connection_pool_kw):
+         RequestMethods.__init__(self, headers)
++        if "retries" in connection_pool_kw:
++            retries = connection_pool_kw["retries"]
++            if not isinstance(retries, Retry):
++                # When Retry is initialized, raise_on_redirect is based
++                # on a redirect boolean value.
++                # But requests made via a pool manager always set
++                # redirect to False, and raise_on_redirect always ends
++                # up being False consequently.
++                # Here we fix the issue by setting raise_on_redirect to
++                # a value needed by the pool manager without considering
++                # the redirect boolean.
++                raise_on_redirect = retries is not False
++                retries = Retry.from_int(retries, redirect=False)
++                retries.raise_on_redirect = raise_on_redirect
++                connection_pool_kw = connection_pool_kw.copy()
++                connection_pool_kw["retries"] = retries
+         self.connection_pool_kw = connection_pool_kw
+         self.pools = RecentlyUsedContainer(num_pools, dispose_func=lambda p: p.close())
+ 
+@@ -388,7 +404,7 @@ class PoolManager(RequestMethods):
+             kw["body"] = None
+             kw["headers"] = HTTPHeaderDict(kw["headers"])._prepare_for_method_change()
+ 
+-        retries = kw.get("retries")
++        retries = kw.get("retries", response.retries)
+         if not isinstance(retries, Retry):
+             retries = Retry.from_int(retries, redirect=redirect)
+ 
+-- 
+2.33.0
+
diff --git a/python-pip.spec b/python-pip.spec
index 517271b..c327a9f 100644
--- a/python-pip.spec
+++ b/python-pip.spec
@@ -6,7 +6,7 @@ pip is the package installer for Python. You can use pip to install packages fro
 %global bashcompdir %(b=$(pkg-config --variable=completionsdir bash-completion 2>/dev/null); echo ${b:-%{_sysconfdir}/bash_completion.d})
 Name:           python-%{srcname}
 Version:        21.3.1
-Release:        9
+Release:        10
 Summary:        A tool for installing and managing Python packages
 License:        MIT and Python and ASL 2.0 and BSD and ISC and LGPLv2 and MPLv2.0 and (ASL 2.0 or BSD)
 URL:            http://www.pip-installer.org
@@ -27,6 +27,7 @@ Patch6007:      backport-CVE-2023-43804-added-the-Cookie-to-the-list-of-headers.
 Patch6008:      backport-CVE-2023-45803-Made-body-stripped-from-HTTP-requests.patch
 Patch6009:      backport-CVE-2024-37891-Strip-Proxy-Authorization-header-on-redirects.patch
 Patch6010:      backport-CVE-2024-47081.patch
+Patch6011:      backport-CVE-2025-50181.patch
 
 Source10: 	pip-allow-older-versions.patch
 
@@ -136,6 +137,9 @@ install -D -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pip.conf
 %{python_wheeldir}/%{python_wheelname}
 
 %changelog
+* Thu Sep 11 2025 xiangyuning <xiangyuning@h-partners.com> - 21.3.1-10
+- Fix CVE-2025-50181
+
 * Fri Aug 22 2025 hugel <gengqihu2@h-partners.com> - 21.3.1-9
 - Fix CVE-2024-47081
 
-- 
Gitee