diff --git a/.gitignore b/.gitignore index 0bbebec..8e45209 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/pip-19.2.3.tar.gz +SOURCES/pip-19.3.1.tar.gz diff --git a/.python3x-pip.metadata b/.python3x-pip.metadata index da3a8b9..248aa18 100644 --- a/.python3x-pip.metadata +++ b/.python3x-pip.metadata @@ -1 +1 @@ -80f07dcd304d1b5819c83c644c4bea8c07335917 SOURCES/pip-19.2.3.tar.gz +bb825314632e0528aa93a19ab18e87f4cc36e998 SOURCES/pip-19.3.1.tar.gz diff --git a/SOURCES/CVE-2021-33503.patch b/SOURCES/CVE-2021-33503.patch new file mode 100644 index 0000000..d7a8b01 --- /dev/null +++ b/SOURCES/CVE-2021-33503.patch @@ -0,0 +1,42 @@ +From 6d2dcef3427b96c36ddfebf217f774a2c5ecad38 Mon Sep 17 00:00:00 2001 +From: Lumir Balhar +Date: Wed, 30 Jun 2021 09:27:07 +0200 +Subject: [PATCH] CVE-2021-33503 + +--- + src/pip/_vendor/urllib3/util/url.py | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/src/pip/_vendor/urllib3/util/url.py b/src/pip/_vendor/urllib3/util/url.py +index 5fe37a7..addaeb7 100644 +--- a/src/pip/_vendor/urllib3/util/url.py ++++ b/src/pip/_vendor/urllib3/util/url.py +@@ -63,12 +63,12 @@ IPV6_ADDRZ_RE = re.compile("^" + IPV6_ADDRZ_PAT + "$") + BRACELESS_IPV6_ADDRZ_RE = re.compile("^" + IPV6_ADDRZ_PAT[2:-2] + "$") + ZONE_ID_RE = re.compile("(" + ZONE_ID_PAT + r")\]$") + +-SUBAUTHORITY_PAT = (u"^(?:(.*)@)?(%s|%s|%s)(?::([0-9]{0,5}))?$") % ( ++_HOST_PORT_PAT = ("^(%s|%s|%s)(?::([0-9]{0,5}))?$") % ( + REG_NAME_PAT, + IPV4_PAT, + IPV6_ADDRZ_PAT, + ) +-SUBAUTHORITY_RE = re.compile(SUBAUTHORITY_PAT, re.UNICODE | re.DOTALL) ++_HOST_PORT_RE = re.compile(_HOST_PORT_PAT, re.UNICODE | re.DOTALL) + + UNRESERVED_CHARS = set( + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789._-~" +@@ -374,7 +374,9 @@ def parse_url(url): + scheme = scheme.lower() + + if authority: +- auth, host, port = SUBAUTHORITY_RE.match(authority).groups() ++ auth, _, host_port = authority.rpartition("@") ++ auth = auth or None ++ host, port = _HOST_PORT_RE.match(host_port).groups() + if auth and normalize_uri: + auth = _encode_invalid_chars(auth, USERINFO_CHARS) + if port == "": +-- +2.31.1 + diff --git a/SOURCES/CVE-2021-3572.patch b/SOURCES/CVE-2021-3572.patch new file mode 100644 index 0000000..04739c1 --- /dev/null +++ b/SOURCES/CVE-2021-3572.patch @@ -0,0 +1,34 @@ +From 4f0099156245ed2873d6945d5e58db741e15836d Mon Sep 17 00:00:00 2001 +From: Lumir Balhar +Date: Tue, 8 Jun 2021 09:51:47 +0200 +Subject: [PATCH] CVE-2021-3572 + +--- + src/pip/_internal/vcs/git.py | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/src/pip/_internal/vcs/git.py b/src/pip/_internal/vcs/git.py +index 92b8457..7b3cc4a 100644 +--- a/src/pip/_internal/vcs/git.py ++++ b/src/pip/_internal/vcs/git.py +@@ -120,9 +120,15 @@ class Git(VersionControl): + output = cls.run_command(['show-ref', rev], cwd=dest, + show_stdout=False, on_returncode='ignore') + refs = {} +- for line in output.strip().splitlines(): ++ # NOTE: We do not use splitlines here since that would split on other ++ # unicode separators, which can be maliciously used to install a ++ # different revision. ++ for line in output.strip().split("\n"): ++ line = line.rstrip("\r") ++ if not line: ++ continue + try: +- sha, ref = line.split() ++ sha, ref = line.split(" ", maxsplit=2) + except ValueError: + # Include the offending line to simplify troubleshooting if + # this error ever occurs. +-- +2.31.1 + diff --git a/SOURCES/emit-a-warning-when-running-with-root-privileges.patch b/SOURCES/emit-a-warning-when-running-with-root-privileges.patch index 0c61734..c782610 100644 --- a/SOURCES/emit-a-warning-when-running-with-root-privileges.patch +++ b/SOURCES/emit-a-warning-when-running-with-root-privileges.patch @@ -1,8 +1,19 @@ +From aab24967a03bda3b0999d80562a6064c27d1e0e0 Mon Sep 17 00:00:00 2001 +From: Tomas Orsava +Date: Tue, 12 Nov 2019 17:15:08 +0100 +Subject: [PATCH] Downstream only patch + +Emit a warning to the user if pip install is run with root privileges +Issue upstream: https://github.com/pypa/pip/issues/4288 +--- + src/pip/_internal/commands/install.py | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + diff --git a/src/pip/_internal/commands/install.py b/src/pip/_internal/commands/install.py -index 1279d4a..aeb9d26 100644 +index 5842d18..a6104b4 100644 --- a/src/pip/_internal/commands/install.py +++ b/src/pip/_internal/commands/install.py -@@ -5,6 +5,8 @@ import logging +@@ -12,6 +12,8 @@ import logging import operator import os import shutil @@ -11,9 +22,9 @@ index 1279d4a..aeb9d26 100644 from optparse import SUPPRESS_HELP from pip._vendor import pkg_resources -@@ -217,6 +219,23 @@ class InstallCommand(RequirementCommand): - +@@ -281,6 +283,23 @@ class InstallCommand(RequirementCommand): def run(self, options, args): + # type: (Values, List[Any]) -> int cmdoptions.check_install_build_global(options) + + def is_venv(): @@ -35,3 +46,6 @@ index 1279d4a..aeb9d26 100644 upgrade_strategy = "to-satisfy-only" if options.upgrade: upgrade_strategy = options.upgrade_strategy +-- +2.20.1 + diff --git a/SOURCES/network-tests.patch b/SOURCES/network-tests.patch new file mode 100644 index 0000000..8acf694 --- /dev/null +++ b/SOURCES/network-tests.patch @@ -0,0 +1,683 @@ +From 621800d5c65aea36c6a1d9b685ff88f35cfce476 Mon Sep 17 00:00:00 2001 +From: Tomas Orsava +Date: Fri, 15 Nov 2019 19:44:54 +0100 +Subject: [PATCH] Mark 6 tests as network tests + +=================================== FAILURES =================================== +_______________________________ test_freeze_path _______________________________ +tmpdir = Path('/tmp/pytest-of-mockbuild/pytest-0/test_freeze_path0') +script = +data = + def test_freeze_path(tmpdir, script, data): + """ + Test freeze with --path. + """ +> script.pip('install', '--find-links', data.find_links, + '--target', tmpdir, 'simple==2.0') +tests/functional/test_freeze.py:712: +_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ +tests/lib/__init__.py:593: in run + _check_stderr( +_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ +stderr = "WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'N...t at 0x7fe6435ef280>: Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/simple/\n" +allow_stderr_warning = False, allow_stderr_error = False + def _check_stderr( + stderr, allow_stderr_warning, allow_stderr_error, + ): + """ + Check the given stderr for logged warnings and errors. + + :param stderr: stderr output as a string. + :param allow_stderr_warning: whether a logged warning (or deprecation + message) is allowed. Must be True if allow_stderr_error is True. + :param allow_stderr_error: whether a logged error is allowed. + """ + assert not (allow_stderr_error and not allow_stderr_warning) + + lines = stderr.splitlines() + for line in lines: + # First check for logging errors, which we don't allow during + # tests even if allow_stderr_error=True (since a logging error + # would signal a bug in pip's code). + # Unlike errors logged with logger.error(), these errors are + # sent directly to stderr and so bypass any configured log formatter. + # The "--- Logging error ---" string is used in Python 3.4+, and + # "Logged from file " is used in Python 2. + if (line.startswith('--- Logging error ---') or + line.startswith('Logged from file ')): + reason = 'stderr has a logging error, which is never allowed' + msg = make_check_stderr_message(stderr, line=line, reason=reason) + raise RuntimeError(msg) + if allow_stderr_error: + continue + + if line.startswith('ERROR: '): + reason = ( + 'stderr has an unexpected error ' + '(pass allow_stderr_error=True to permit this)' + ) + msg = make_check_stderr_message(stderr, line=line, reason=reason) + raise RuntimeError(msg) + if allow_stderr_warning: + continue + + if (line.startswith('WARNING: ') or + line.startswith(DEPRECATION_MSG_PREFIX)): + reason = ( + 'stderr has an unexpected warning ' + '(pass allow_stderr_warning=True to permit this)' + ) + msg = make_check_stderr_message(stderr, line=line, reason=reason) +> raise RuntimeError(msg) +E RuntimeError: stderr has an unexpected warning (pass allow_stderr_warning=True to permit this): +E Caused by line: "WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/simple/" +E Complete stderr: WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/simple/ +E WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/simple/ +E WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/simple/ +E WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/simple/ +E WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/simple/ +tests/lib/__init__.py:404: RuntimeError +________________________ test_freeze_path_exclude_user _________________________ +tmpdir = Path('/tmp/pytest-of-mockbuild/pytest-0/test_freeze_path_exclude_user0') +script = +data = + def test_freeze_path_exclude_user(tmpdir, script, data): + """ + Test freeze with --path and make sure packages from --user are not picked + up. + """ + script.pip_install_local('--find-links', data.find_links, + '--user', 'simple2') +> script.pip('install', '--find-links', data.find_links, + '--target', tmpdir, 'simple==1.0') +tests/functional/test_freeze.py:728: +_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ +tests/lib/__init__.py:593: in run + _check_stderr( +_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ +stderr = "WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'N...t at 0x7f87ae751310>: Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/simple/\n" +allow_stderr_warning = False, allow_stderr_error = False + def _check_stderr( + stderr, allow_stderr_warning, allow_stderr_error, + ): + """ + Check the given stderr for logged warnings and errors. + + :param stderr: stderr output as a string. + :param allow_stderr_warning: whether a logged warning (or deprecation + message) is allowed. Must be True if allow_stderr_error is True. + :param allow_stderr_error: whether a logged error is allowed. + """ + assert not (allow_stderr_error and not allow_stderr_warning) + + lines = stderr.splitlines() + for line in lines: + # First check for logging errors, which we don't allow during + # tests even if allow_stderr_error=True (since a logging error + # would signal a bug in pip's code). + # Unlike errors logged with logger.error(), these errors are + # sent directly to stderr and so bypass any configured log formatter. + # The "--- Logging error ---" string is used in Python 3.4+, and + # "Logged from file " is used in Python 2. + if (line.startswith('--- Logging error ---') or + line.startswith('Logged from file ')): + reason = 'stderr has a logging error, which is never allowed' + msg = make_check_stderr_message(stderr, line=line, reason=reason) + raise RuntimeError(msg) + if allow_stderr_error: + continue + + if line.startswith('ERROR: '): + reason = ( + 'stderr has an unexpected error ' + '(pass allow_stderr_error=True to permit this)' + ) + msg = make_check_stderr_message(stderr, line=line, reason=reason) + raise RuntimeError(msg) + if allow_stderr_warning: + continue + + if (line.startswith('WARNING: ') or + line.startswith(DEPRECATION_MSG_PREFIX)): + reason = ( + 'stderr has an unexpected warning ' + '(pass allow_stderr_warning=True to permit this)' + ) + msg = make_check_stderr_message(stderr, line=line, reason=reason) +> raise RuntimeError(msg) +E RuntimeError: stderr has an unexpected warning (pass allow_stderr_warning=True to permit this): +E Caused by line: "WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/simple/" +E Complete stderr: WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/simple/ +E WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/simple/ +E WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/simple/ +E WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/simple/ +E WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/simple/ +tests/lib/__init__.py:404: RuntimeError +__________________________ test_freeze_path_multiple ___________________________ +tmpdir = Path('/tmp/pytest-of-mockbuild/pytest-0/test_freeze_path_multiple0') +script = +data = + def test_freeze_path_multiple(tmpdir, script, data): + """ + Test freeze with multiple --path arguments. + """ + path1 = tmpdir / "path1" + os.mkdir(path1) + path2 = tmpdir / "path2" + os.mkdir(path2) +> script.pip('install', '--find-links', data.find_links, + '--target', path1, 'simple==2.0') +tests/functional/test_freeze.py:750: +_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ +tests/lib/__init__.py:593: in run + _check_stderr( +_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ +stderr = "WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'N...t at 0x7f07e6253280>: Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/simple/\n" +allow_stderr_warning = False, allow_stderr_error = False + def _check_stderr( + stderr, allow_stderr_warning, allow_stderr_error, + ): + """ + Check the given stderr for logged warnings and errors. + + :param stderr: stderr output as a string. + :param allow_stderr_warning: whether a logged warning (or deprecation + message) is allowed. Must be True if allow_stderr_error is True. + :param allow_stderr_error: whether a logged error is allowed. + """ + assert not (allow_stderr_error and not allow_stderr_warning) + + lines = stderr.splitlines() + for line in lines: + # First check for logging errors, which we don't allow during + # tests even if allow_stderr_error=True (since a logging error + # would signal a bug in pip's code). + # Unlike errors logged with logger.error(), these errors are + # sent directly to stderr and so bypass any configured log formatter. + # The "--- Logging error ---" string is used in Python 3.4+, and + # "Logged from file " is used in Python 2. + if (line.startswith('--- Logging error ---') or + line.startswith('Logged from file ')): + reason = 'stderr has a logging error, which is never allowed' + msg = make_check_stderr_message(stderr, line=line, reason=reason) + raise RuntimeError(msg) + if allow_stderr_error: + continue + + if line.startswith('ERROR: '): + reason = ( + 'stderr has an unexpected error ' + '(pass allow_stderr_error=True to permit this)' + ) + msg = make_check_stderr_message(stderr, line=line, reason=reason) + raise RuntimeError(msg) + if allow_stderr_warning: + continue + + if (line.startswith('WARNING: ') or + line.startswith(DEPRECATION_MSG_PREFIX)): + reason = ( + 'stderr has an unexpected warning ' + '(pass allow_stderr_warning=True to permit this)' + ) + msg = make_check_stderr_message(stderr, line=line, reason=reason) +> raise RuntimeError(msg) +E RuntimeError: stderr has an unexpected warning (pass allow_stderr_warning=True to permit this): +E Caused by line: "WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/simple/" +E Complete stderr: WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/simple/ +E WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/simple/ +E WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/simple/ +E WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/simple/ +E WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/simple/ +tests/lib/__init__.py:404: RuntimeError +_________________ test_install_no_binary_builds_pep_517_wheel __________________ +script = +data = , with_wheel = None + def test_install_no_binary_builds_pep_517_wheel(script, data, with_wheel): + to_install = data.packages.joinpath('pep517_setup_and_pyproject') +> res = script.pip( + 'install', '--no-binary=:all:', '-f', data.find_links, to_install + ) +tests/functional/test_install.py:1279: +_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ +self = +args = ('python', '-m', 'pip', 'install', '--no-binary=:all:', '-f', ...) +kw = {'expect_stderr': True} +cwd = Path('/tmp/pytest-of-mockbuild/pytest-0/test_install_no_binary_builds_0/workspace/scratch') +run_from = None, allow_stderr_error = False, allow_stderr_warning = False +expect_error = None + def run(self, *args, **kw): + """ + :param allow_stderr_error: whether a logged error is allowed in + stderr. Passing True for this argument implies + `allow_stderr_warning` since warnings are weaker than errors. + :param allow_stderr_warning: whether a logged warning (or + deprecation message) is allowed in stderr. + :param expect_error: if False (the default), asserts that the command + exits with 0. Otherwise, asserts that the command exits with a + non-zero exit code. Passing True also implies allow_stderr_error + and allow_stderr_warning. + :param expect_stderr: whether to allow warnings in stderr (equivalent + to `allow_stderr_warning`). This argument is an abbreviated + version of `allow_stderr_warning` and is also kept for backwards + compatibility. + """ + if self.verbose: + print('>> running %s %s' % (args, kw)) + + cwd = kw.pop('cwd', None) + run_from = kw.pop('run_from', None) + assert not cwd or not run_from, "Don't use run_from; it's going away" + cwd = cwd or run_from or self.cwd + if sys.platform == 'win32': + # Partial fix for ScriptTest.run using `shell=True` on Windows. + args = [str(a).replace('^', '^^').replace('&', '^&') for a in args] + + # Remove `allow_stderr_error` and `allow_stderr_warning` before + # calling run() because PipTestEnvironment doesn't support them. + allow_stderr_error = kw.pop('allow_stderr_error', None) + allow_stderr_warning = kw.pop('allow_stderr_warning', None) + + # Propagate default values. + expect_error = kw.get('expect_error') + if expect_error: + # Then default to allowing logged errors. + if allow_stderr_error is not None and not allow_stderr_error: + raise RuntimeError( + 'cannot pass allow_stderr_error=False with ' + 'expect_error=True' + ) + allow_stderr_error = True + + elif kw.get('expect_stderr'): + # Then default to allowing logged warnings. + if allow_stderr_warning is not None and not allow_stderr_warning: + raise RuntimeError( + 'cannot pass allow_stderr_warning=False with ' + 'expect_stderr=True' + ) + allow_stderr_warning = True + + if allow_stderr_error: + if allow_stderr_warning is not None and not allow_stderr_warning: + raise RuntimeError( + 'cannot pass allow_stderr_warning=False with ' + 'allow_stderr_error=True' + ) + + # Default values if not set. + if allow_stderr_error is None: + allow_stderr_error = False + if allow_stderr_warning is None: + allow_stderr_warning = allow_stderr_error + + # Pass expect_stderr=True to allow any stderr. We do this because + # we do our checking of stderr further on in check_stderr(). + kw['expect_stderr'] = True +> result = super(PipTestEnvironment, self).run(cwd=cwd, *args, **kw) +E AssertionError: Script returned code: 1 +tests/lib/__init__.py:586: AssertionError +----------------------------- Captured stdout call ----------------------------- +Script result: python -m pip install --no-binary=:all: -f file:///tmp/pytest-of-mockbuild/pytest-0/test_install_no_binary_builds_0/data/packages /tmp/pytest-of-mockbuild/pytest-0/test_install_no_binary_builds_0/data/packages/pep517_setup_and_pyproject + return code: 1 +-- stderr: -------------------- + ERROR: Command errored out with exit status 1: + command: /tmp/pytest-of-mockbuild/pytest-0/test_install_no_binary_builds_0/workspace/venv/bin/python /builddir/build/BUILDROOT/python-pip-19.3.1-1.fc32.noarch/usr/lib/python3.8/site-packages/pip install --ignore-installed --no-user --prefix /tmp/pytest-of-mockbuild/pytest-0/test_install_no_binary_builds_0/workspace/tmp/pip-build-env-ntp1m4dh/overlay --no-warn-script-location --no-binary :all: --only-binary :none: -i https://pypi.org/simple --find-links file:///tmp/pytest-of-mockbuild/pytest-0/test_install_no_binary_builds_0/data/packages -- setuptools + cwd: None + Complete output (28 lines): + Looking in links: file:///tmp/pytest-of-mockbuild/pytest-0/test_install_no_binary_builds_0/data/packages + WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/setuptools/ + WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/setuptools/ + WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/setuptools/ + WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/setuptools/ + WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/setuptools/ + Processing /tmp/pytest-of-mockbuild/pytest-0/test_install_no_binary_builds_0/data/packages/setuptools-0.9.6.tar.gz + ERROR: Command errored out with exit status 1: + command: /tmp/pytest-of-mockbuild/pytest-0/test_install_no_binary_builds_0/workspace/venv/bin/python -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pytest-of-mockbuild/pytest-0/test_install_no_binary_builds_0/workspace/tmp/pip-install-b_6lf4z6/setuptools/setup.py'"'"'; __file__='"'"'/tmp/pytest-of-mockbuild/pytest-0/test_install_no_binary_builds_0/workspace/tmp/pip-install-b_6lf4z6/setuptools/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' egg_info --egg-base /tmp/pytest-of-mockbuild/pytest-0/test_install_no_binary_builds_0/workspace/tmp/pip-install-b_6lf4z6/setuptools/pip-egg-info + cwd: /tmp/pytest-of-mockbuild/pytest-0/test_install_no_binary_builds_0/workspace/tmp/pip-install-b_6lf4z6/setuptools/ + Complete output (15 lines): + Traceback (most recent call last): + File "", line 1, in + File "/tmp/pytest-of-mockbuild/pytest-0/test_install_no_binary_builds_0/workspace/tmp/pip-install-b_6lf4z6/setuptools/setuptools/__init__.py", line 2, in + from setuptools.extension import Extension, Library + File "/tmp/pytest-of-mockbuild/pytest-0/test_install_no_binary_builds_0/workspace/tmp/pip-install-b_6lf4z6/setuptools/setuptools/extension.py", line 5, in + from setuptools.dist import _get_unpatched + File "/tmp/pytest-of-mockbuild/pytest-0/test_install_no_binary_builds_0/workspace/tmp/pip-install-b_6lf4z6/setuptools/setuptools/dist.py", line 7, in + from setuptools.command.install import install + File "/tmp/pytest-of-mockbuild/pytest-0/test_install_no_binary_builds_0/workspace/tmp/pip-install-b_6lf4z6/setuptools/setuptools/command/__init__.py", line 8, in + from setuptools.command import install_scripts + File "/tmp/pytest-of-mockbuild/pytest-0/test_install_no_binary_builds_0/workspace/tmp/pip-install-b_6lf4z6/setuptools/setuptools/command/install_scripts.py", line 3, in + from pkg_resources import Distribution, PathMetadata, ensure_directory + File "/tmp/pytest-of-mockbuild/pytest-0/test_install_no_binary_builds_0/workspace/tmp/pip-install-b_6lf4z6/setuptools/pkg_resources.py", line 1545, in + register_loader_type(importlib_bootstrap.SourceFileLoader, DefaultProvider) + AttributeError: module 'importlib._bootstrap' has no attribute 'SourceFileLoader' + ---------------------------------------- + ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output. + ---------------------------------------- +ERROR: Command errored out with exit status 1: /tmp/pytest-of-mockbuild/pytest-0/test_install_no_binary_builds_0/workspace/venv/bin/python /builddir/build/BUILDROOT/python-pip-19.3.1-1.fc32.noarch/usr/lib/python3.8/site-packages/pip install --ignore-installed --no-user --prefix /tmp/pytest-of-mockbuild/pytest-0/test_install_no_binary_builds_0/workspace/tmp/pip-build-env-ntp1m4dh/overlay --no-warn-script-location --no-binary :all: --only-binary :none: -i https://pypi.org/simple --find-links file:///tmp/pytest-of-mockbuild/pytest-0/test_install_no_binary_builds_0/data/packages -- setuptools Check the logs for full command output. +-- stdout: -------------------- +Looking in links: file:///tmp/pytest-of-mockbuild/pytest-0/test_install_no_binary_builds_0/data/packages +Processing /tmp/pytest-of-mockbuild/pytest-0/test_install_no_binary_builds_0/data/packages/pep517_setup_and_pyproject + Installing build dependencies: started + Installing build dependencies: finished with status 'error' +_______________________ test_config_file_override_stack ________________________ +script = +virtualenv = + def test_config_file_override_stack(script, virtualenv): + """ + Test config files (global, overriding a global config with a + local, overriding all with a command line flag). + + """ + fd, config_file = tempfile.mkstemp('-pip.cfg', 'test-') + try: +> _test_config_file_override_stack(script, virtualenv, config_file) +tests/functional/test_install_config.py:144: +_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ +tests/functional/test_install_config.py:172: in _test_config_file_override_stack + result = script.pip( +_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ +self = +args = ('python', '-m', 'pip', 'install', '-vvv', '--index-url', ...) +kw = {'expect_stderr': True} +cwd = Path('/tmp/pytest-of-mockbuild/pytest-0/test_config_file_override_stac0/workspace/scratch') +run_from = None, allow_stderr_error = False, allow_stderr_warning = False +expect_error = None + def run(self, *args, **kw): + """ + :param allow_stderr_error: whether a logged error is allowed in + stderr. Passing True for this argument implies + `allow_stderr_warning` since warnings are weaker than errors. + :param allow_stderr_warning: whether a logged warning (or + deprecation message) is allowed in stderr. + :param expect_error: if False (the default), asserts that the command + exits with 0. Otherwise, asserts that the command exits with a + non-zero exit code. Passing True also implies allow_stderr_error + and allow_stderr_warning. + :param expect_stderr: whether to allow warnings in stderr (equivalent + to `allow_stderr_warning`). This argument is an abbreviated + version of `allow_stderr_warning` and is also kept for backwards + compatibility. + """ + if self.verbose: + print('>> running %s %s' % (args, kw)) + + cwd = kw.pop('cwd', None) + run_from = kw.pop('run_from', None) + assert not cwd or not run_from, "Don't use run_from; it's going away" + cwd = cwd or run_from or self.cwd + if sys.platform == 'win32': + # Partial fix for ScriptTest.run using `shell=True` on Windows. + args = [str(a).replace('^', '^^').replace('&', '^&') for a in args] + + # Remove `allow_stderr_error` and `allow_stderr_warning` before + # calling run() because PipTestEnvironment doesn't support them. + allow_stderr_error = kw.pop('allow_stderr_error', None) + allow_stderr_warning = kw.pop('allow_stderr_warning', None) + + # Propagate default values. + expect_error = kw.get('expect_error') + if expect_error: + # Then default to allowing logged errors. + if allow_stderr_error is not None and not allow_stderr_error: + raise RuntimeError( + 'cannot pass allow_stderr_error=False with ' + 'expect_error=True' + ) + allow_stderr_error = True + + elif kw.get('expect_stderr'): + # Then default to allowing logged warnings. + if allow_stderr_warning is not None and not allow_stderr_warning: + raise RuntimeError( + 'cannot pass allow_stderr_warning=False with ' + 'expect_stderr=True' + ) + allow_stderr_warning = True + + if allow_stderr_error: + if allow_stderr_warning is not None and not allow_stderr_warning: + raise RuntimeError( + 'cannot pass allow_stderr_warning=False with ' + 'allow_stderr_error=True' + ) + + # Default values if not set. + if allow_stderr_error is None: + allow_stderr_error = False + if allow_stderr_warning is None: + allow_stderr_warning = allow_stderr_error + + # Pass expect_stderr=True to allow any stderr. We do this because + # we do our checking of stderr further on in check_stderr(). + kw['expect_stderr'] = True +> result = super(PipTestEnvironment, self).run(cwd=cwd, *args, **kw) +E AssertionError: Script returned code: 1 +tests/lib/__init__.py:586: AssertionError +----------------------------- Captured stdout call ----------------------------- +Script result: python -m pip install -vvv --index-url https://pypi.org/simple/ INITools + return code: 1 +-- stderr: -------------------- +WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/initools/ +WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/initools/ +WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/initools/ +WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/initools/ +WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/initools/ +ERROR: Could not find a version that satisfies the requirement INITools (from versions: none) +ERROR: No matching distribution found for INITools +-- stdout: -------------------- +Created temporary directory: /tmp/pytest-of-mockbuild/pytest-0/test_config_file_override_stac0/workspace/tmp/pip-ephem-wheel-cache-6gj33ens +Created temporary directory: /tmp/pytest-of-mockbuild/pytest-0/test_config_file_override_stac0/workspace/tmp/pip-req-tracker-s7_2cwgc +Created requirements tracker '/tmp/pytest-of-mockbuild/pytest-0/test_config_file_override_stac0/workspace/tmp/pip-req-tracker-s7_2cwgc' +Created temporary directory: /tmp/pytest-of-mockbuild/pytest-0/test_config_file_override_stac0/workspace/tmp/pip-install-_91mh3df +Looking in indexes: https://pypi.org/simple/ +1 location(s) to search for versions of INITools: +* https://pypi.org/simple/initools/ +Getting page https://pypi.org/simple/initools/ +Found index url https://pypi.org/simple/ +Looking up "https://pypi.org/simple/initools/" in the cache +Request header has "max_age" as 0, cache bypassed +Starting new HTTPS connection (1): pypi.org:443 +Incremented Retry for (url='/simple/initools/'): Retry(total=4, connect=None, read=None, redirect=None, status=None) +Starting new HTTPS connection (2): pypi.org:443 +Incremented Retry for (url='/simple/initools/'): Retry(total=3, connect=None, read=None, redirect=None, status=None) +Starting new HTTPS connection (3): pypi.org:443 +Incremented Retry for (url='/simple/initools/'): Retry(total=2, connect=None, read=None, redirect=None, status=None) +Starting new HTTPS connection (4): pypi.org:443 +Incremented Retry for (url='/simple/initools/'): Retry(total=1, connect=None, read=None, redirect=None, status=None) +Starting new HTTPS connection (5): pypi.org:443 +Incremented Retry for (url='/simple/initools/'): Retry(total=0, connect=None, read=None, redirect=None, status=None) +Starting new HTTPS connection (6): pypi.org:443 +Could not fetch URL https://pypi.org/simple/initools/: connection error: HTTPSConnectionPool(host='pypi.org', port=443): Max retries exceeded with url: /simple/initools/ (Caused by NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')) - skipping +Given no hashes to check 0 links for project 'INITools': discarding no candidates +Cleaning up... +Removed build tracker '/tmp/pytest-of-mockbuild/pytest-0/test_config_file_override_stac0/workspace/tmp/pip-req-tracker-s7_2cwgc' +Exception information: +Traceback (most recent call last): + File "/builddir/build/BUILDROOT/python-pip-19.3.1-1.fc32.noarch/usr/lib/python3.8/site-packages/pip/_internal/cli/base_command.py", line 153, in _main + status = self.run(options, args) + File "/builddir/build/BUILDROOT/python-pip-19.3.1-1.fc32.noarch/usr/lib/python3.8/site-packages/pip/_internal/commands/install.py", line 401, in run + resolver.resolve(requirement_set) + File "/builddir/build/BUILDROOT/python-pip-19.3.1-1.fc32.noarch/usr/lib/python3.8/site-packages/pip/_internal/legacy_resolve.py", line 202, in resolve + self._resolve_one(requirement_set, req) + File "/builddir/build/BUILDROOT/python-pip-19.3.1-1.fc32.noarch/usr/lib/python3.8/site-packages/pip/_internal/legacy_resolve.py", line 368, in _resolve_one + abstract_dist = self._get_abstract_dist_for(req_to_install) + File "/builddir/build/BUILDROOT/python-pip-19.3.1-1.fc32.noarch/usr/lib/python3.8/site-packages/pip/_internal/legacy_resolve.py", line 314, in _get_abstract_dist_for + req.populate_link(self.finder, upgrade_allowed, self.require_hashes) + File "/builddir/build/BUILDROOT/python-pip-19.3.1-1.fc32.noarch/usr/lib/python3.8/site-packages/pip/_internal/req/req_install.py", line 226, in populate_link + self.link = finder.find_requirement(self, upgrade) + File "/builddir/build/BUILDROOT/python-pip-19.3.1-1.fc32.noarch/usr/lib/python3.8/site-packages/pip/_internal/index.py", line 905, in find_requirement + raise DistributionNotFound( +pip._internal.exceptions.DistributionNotFound: No matching distribution found for INITools +_______________________ test_no_upgrade_unless_requested _______________________ +script = + def test_no_upgrade_unless_requested(script): + """ + No upgrade if not specifically requested. + + """ +> script.pip('install', 'INITools==0.1') +tests/functional/test_install_upgrade.py:16: +_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ +self = +args = ('python', '-m', 'pip', 'install', 'INITools==0.1') +kw = {'expect_stderr': True} +cwd = Path('/tmp/pytest-of-mockbuild/pytest-0/test_no_upgrade_unless_request0/workspace/scratch') +run_from = None, allow_stderr_error = False, allow_stderr_warning = False +expect_error = None + def run(self, *args, **kw): + """ + :param allow_stderr_error: whether a logged error is allowed in + stderr. Passing True for this argument implies + `allow_stderr_warning` since warnings are weaker than errors. + :param allow_stderr_warning: whether a logged warning (or + deprecation message) is allowed in stderr. + :param expect_error: if False (the default), asserts that the command + exits with 0. Otherwise, asserts that the command exits with a + non-zero exit code. Passing True also implies allow_stderr_error + and allow_stderr_warning. + :param expect_stderr: whether to allow warnings in stderr (equivalent + to `allow_stderr_warning`). This argument is an abbreviated + version of `allow_stderr_warning` and is also kept for backwards + compatibility. + """ + if self.verbose: + print('>> running %s %s' % (args, kw)) + + cwd = kw.pop('cwd', None) + run_from = kw.pop('run_from', None) + assert not cwd or not run_from, "Don't use run_from; it's going away" + cwd = cwd or run_from or self.cwd + if sys.platform == 'win32': + # Partial fix for ScriptTest.run using `shell=True` on Windows. + args = [str(a).replace('^', '^^').replace('&', '^&') for a in args] + + # Remove `allow_stderr_error` and `allow_stderr_warning` before + # calling run() because PipTestEnvironment doesn't support them. + allow_stderr_error = kw.pop('allow_stderr_error', None) + allow_stderr_warning = kw.pop('allow_stderr_warning', None) + + # Propagate default values. + expect_error = kw.get('expect_error') + if expect_error: + # Then default to allowing logged errors. + if allow_stderr_error is not None and not allow_stderr_error: + raise RuntimeError( + 'cannot pass allow_stderr_error=False with ' + 'expect_error=True' + ) + allow_stderr_error = True + + elif kw.get('expect_stderr'): + # Then default to allowing logged warnings. + if allow_stderr_warning is not None and not allow_stderr_warning: + raise RuntimeError( + 'cannot pass allow_stderr_warning=False with ' + 'expect_stderr=True' + ) + allow_stderr_warning = True + + if allow_stderr_error: + if allow_stderr_warning is not None and not allow_stderr_warning: + raise RuntimeError( + 'cannot pass allow_stderr_warning=False with ' + 'allow_stderr_error=True' + ) + + # Default values if not set. + if allow_stderr_error is None: + allow_stderr_error = False + if allow_stderr_warning is None: + allow_stderr_warning = allow_stderr_error + + # Pass expect_stderr=True to allow any stderr. We do this because + # we do our checking of stderr further on in check_stderr(). + kw['expect_stderr'] = True +> result = super(PipTestEnvironment, self).run(cwd=cwd, *args, **kw) +E AssertionError: Script returned code: 1 +tests/lib/__init__.py:586: AssertionError +----------------------------- Captured stdout call ----------------------------- +Script result: python -m pip install INITools==0.1 + return code: 1 +-- stderr: -------------------- +WARNING: Retrying (Retry(total=4, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/initools/ +WARNING: Retrying (Retry(total=3, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/initools/ +WARNING: Retrying (Retry(total=2, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/initools/ +WARNING: Retrying (Retry(total=1, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/initools/ +WARNING: Retrying (Retry(total=0, connect=None, read=None, redirect=None, status=None)) after connection broken by 'NewConnectionError(': Failed to establish a new connection: [Errno -2] Name or service not known')': /simple/initools/ +ERROR: Could not find a version that satisfies the requirement INITools==0.1 (from versions: none) +ERROR: No matching distribution found for INITools==0.1 +--- + tests/functional/test_freeze.py | 3 +++ + tests/functional/test_install.py | 1 + + tests/functional/test_install_config.py | 1 + + tests/functional/test_install_upgrade.py | 1 + + 4 files changed, 6 insertions(+) + +diff --git a/tests/functional/test_freeze.py b/tests/functional/test_freeze.py +index 546a482..aabb0ca 100644 +--- a/tests/functional/test_freeze.py ++++ b/tests/functional/test_freeze.py +@@ -705,6 +705,7 @@ def test_freeze_user(script, virtualenv, data): + assert 'simple2' not in result.stdout + + ++@pytest.mark.network + def test_freeze_path(tmpdir, script, data): + """ + Test freeze with --path. +@@ -718,6 +719,7 @@ def test_freeze_path(tmpdir, script, data): + _check_output(result.stdout, expected) + + ++@pytest.mark.network + def test_freeze_path_exclude_user(tmpdir, script, data): + """ + Test freeze with --path and make sure packages from --user are not picked +@@ -739,6 +741,7 @@ def test_freeze_path_exclude_user(tmpdir, script, data): + _check_output(result.stdout, expected) + + ++@pytest.mark.network + def test_freeze_path_multiple(tmpdir, script, data): + """ + Test freeze with multiple --path arguments. +diff --git a/tests/functional/test_install.py b/tests/functional/test_install.py +index 0bea054..b816df6 100644 +--- a/tests/functional/test_install.py ++++ b/tests/functional/test_install.py +@@ -1274,6 +1274,7 @@ def test_install_no_binary_disables_building_wheels(script, data, with_wheel): + assert "Running setup.py install for upper" in str(res), str(res) + + ++@pytest.mark.network + def test_install_no_binary_builds_pep_517_wheel(script, data, with_wheel): + to_install = data.packages.joinpath('pep517_setup_and_pyproject') + res = script.pip( +diff --git a/tests/functional/test_install_config.py b/tests/functional/test_install_config.py +index bcf83f1..c9c60a2 100644 +--- a/tests/functional/test_install_config.py ++++ b/tests/functional/test_install_config.py +@@ -133,6 +133,7 @@ def test_command_line_appends_correctly(script, data): + ), 'stdout: {}'.format(result.stdout) + + ++@pytest.mark.network + def test_config_file_override_stack(script, virtualenv): + """ + Test config files (global, overriding a global config with a +diff --git a/tests/functional/test_install_upgrade.py b/tests/functional/test_install_upgrade.py +index 36b518b..c34a961 100644 +--- a/tests/functional/test_install_upgrade.py ++++ b/tests/functional/test_install_upgrade.py +@@ -8,6 +8,7 @@ from tests.lib import assert_all_changes, pyversion + from tests.lib.local_repos import local_checkout + + ++@pytest.mark.network + def test_no_upgrade_unless_requested(script): + """ + No upgrade if not specifically requested. +-- +2.20.1 + diff --git a/SOURCES/pip-allow-different-versions.patch b/SOURCES/pip-allow-different-versions.patch index 5b7075d..8b8fa47 100644 --- a/SOURCES/pip-allow-different-versions.patch +++ b/SOURCES/pip-allow-different-versions.patch @@ -1,20 +1,23 @@ ---- /usr/bin/pip3 2018-03-29 15:22:13.000000000 +0200 -+++ pip3 2018-05-04 11:49:08.098821010 +0200 -@@ -4,7 +4,16 @@ +--- /usr/bin/pip3 2019-11-12 17:37:34.793131862 +0100 ++++ pip3 2019-11-12 17:40:42.014107134 +0100 +@@ -2,7 +2,19 @@ + # -*- coding: utf-8 -*- import re import sys - --from pip._internal import main +-from pip._internal.main import main +try: -+ from pip._internal import main ++ from pip._internal.main import main +except ImportError: -+ # user has most probably downgraded pip in their home -+ # so let them run it anyway until ~/.local/bin makes it in front of the PATH -+ from pip import main -+else: -+ # user might also upgraded pip... -+ if hasattr(main, 'main'): -+ main = main.main - ++ try: ++ # If the user has downgraded pip, the above import will fail. ++ # Let's try older methods of invoking it: ++ ++ # pip 19 uses this ++ from pip._internal import main ++ except ImportError: ++ # older pip versions use this ++ from pip import main ++ if __name__ == '__main__': - sys.argv[0] = re.sub(r'(-script\.pyw?|\.exe)?$', '', sys.argv[0]) + sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0]) + sys.exit(main()) diff --git a/SOURCES/remove-existing-dist-only-if-path-conflicts.patch b/SOURCES/remove-existing-dist-only-if-path-conflicts.patch index c93a887..ec44270 100644 --- a/SOURCES/remove-existing-dist-only-if-path-conflicts.patch +++ b/SOURCES/remove-existing-dist-only-if-path-conflicts.patch @@ -1,29 +1,34 @@ -commit b6d5da6796801862eb751a93d507c343af0604d6 -Author: Victor Stinner -Date: Tue Sep 18 17:13:51 2018 +0200 +From 8c58a99221415ca7c3d5ce50dcffefa14e421928 Mon Sep 17 00:00:00 2001 +From: Tomas Orsava +Date: Tue, 12 Nov 2019 17:24:20 +0100 +Subject: [PATCH] Subject: Prevent removing of the system packages installed + under /usr/lib - Subject: Prevent removing of the system packages installed under /usr/lib - - when pip install -U is executed. - - Resolves: rhbz#1550368 - - Co-Authored-By: Michal Cyprian +when pip install -U is executed. + +Resolves: rhbz#1550368 + +Co-Authored-By: Michal Cyprian +Co-Authored-By: Victor Stinner +--- + src/pip/_internal/legacy_resolve.py | 5 ++++- + src/pip/_internal/req/req_install.py | 3 ++- + src/pip/_internal/utils/misc.py | 11 +++++++++++ + 3 files changed, 17 insertions(+), 2 deletions(-) diff --git a/src/pip/_internal/legacy_resolve.py b/src/pip/_internal/legacy_resolve.py -index 1d9229cb..3088d22d 100644 +index c24158f..bd92287 100644 --- a/src/pip/_internal/legacy_resolve.py +++ b/src/pip/_internal/legacy_resolve.py -@@ -24,7 +24,7 @@ from pip._internal.exceptions import ( - from pip._internal.req.constructors import install_req_from_req_string +@@ -30,6 +30,7 @@ from pip._internal.exceptions import ( + ) from pip._internal.utils.logging import indent_log from pip._internal.utils.misc import ( -- dist_in_usersite, ensure_dir, normalize_version_info, -+ dist_in_install_path, dist_in_usersite, ensure_dir, normalize_version_info, - ) - from pip._internal.utils.packaging import ( - check_requires_python, get_requires_python, -@@ -219,7 +219,9 @@ class Resolver(object): ++ dist_in_install_path, + dist_in_usersite, + ensure_dir, + normalize_version_info, +@@ -224,7 +225,9 @@ class Resolver(object): """ # Don't uninstall the conflict if doing a user install and the # conflict is not a user install. @@ -35,19 +40,18 @@ index 1d9229cb..3088d22d 100644 req.satisfied_by = None diff --git a/src/pip/_internal/req/req_install.py b/src/pip/_internal/req/req_install.py -index f5c93504..1096c397 100644 +index 5a8c0dc..f80ba87 100644 --- a/src/pip/_internal/req/req_install.py +++ b/src/pip/_internal/req/req_install.py -@@ -27,7 +27,7 @@ from pip._internal.utils.logging import indent_log - from pip._internal.utils.marker_files import PIP_DELETE_MARKER_FILENAME - from pip._internal.utils.misc import ( - _make_build_dir, ask_path_exists, backup_dir, call_subprocess, -- display_path, dist_in_site_packages, dist_in_usersite, ensure_dir, -+ display_path, dist_in_install_path, dist_in_site_packages, dist_in_usersite, ensure_dir, - get_installed_version, redact_password_from_url, rmtree, - ) - from pip._internal.utils.packaging import get_metadata -@@ -427,7 +427,7 @@ class InstallRequirement(object): +@@ -39,6 +39,7 @@ from pip._internal.utils.misc import ( + ask_path_exists, + backup_dir, + display_path, ++ dist_in_install_path, + dist_in_site_packages, + dist_in_usersite, + ensure_dir, +@@ -461,7 +462,7 @@ class InstallRequirement(object): "lack sys.path precedence to %s in %s" % (existing_dist.project_name, existing_dist.location) ) @@ -57,20 +61,19 @@ index f5c93504..1096c397 100644 return True diff --git a/src/pip/_internal/utils/misc.py b/src/pip/_internal/utils/misc.py -index 61f74dc8..ffa8042c 100644 +index b848263..5b75fed 100644 --- a/src/pip/_internal/utils/misc.py +++ b/src/pip/_internal/utils/misc.py -@@ -30,7 +30,7 @@ from pip._vendor.six.moves.urllib.parse import unquote as urllib_unquote - +@@ -28,6 +28,7 @@ from pip._vendor.six.moves.urllib.parse import unquote as urllib_unquote from pip import __version__ - from pip._internal.exceptions import CommandError, InstallationError --from pip._internal.locations import site_packages, user_site -+from pip._internal.locations import distutils_scheme, site_packages, user_site - from pip._internal.utils.compat import ( - WINDOWS, console_to_str, expanduser, stdlib_pkgs, str_to_display, - ) -@@ -454,6 +454,16 @@ def dist_in_site_packages(dist): - ).startswith(normalize_path(site_packages)) + from pip._internal.exceptions import CommandError + from pip._internal.locations import ( ++ distutils_scheme, + get_major_minor_version, + site_packages, + user_site, +@@ -389,6 +390,16 @@ def dist_in_site_packages(dist): + return dist_location(dist).startswith(normalize_path(site_packages)) +def dist_in_install_path(dist): @@ -86,3 +89,6 @@ index 61f74dc8..ffa8042c 100644 def dist_is_editable(dist): # type: (Distribution) -> bool """ +-- +2.20.1 + diff --git a/SPECS/python3x-pip.spec b/SPECS/python3x-pip.spec index cb86a8c..d6b5faa 100644 --- a/SPECS/python3x-pip.spec +++ b/SPECS/python3x-pip.spec @@ -15,40 +15,40 @@ Name: python3x-%{srcname} # When updating, update the bundled libraries versions bellow! # You can use vendor_meta.sh in the dist git repo -Version: 19.2.3 -Release: 5%{?dist} +Version: 19.3.1 +Release: 4%{?dist} Summary: A tool for installing and managing Python packages # We bundle a lot of libraries with pip, which itself is under MIT license. # Here is the list of the libraries with corresponding licenses: # appdirs: MIT +# certifi: MPLv2.0 +# chardet: LGPLv2 +# colorama: BSD +# CacheControl: ASL 2.0 +# contextlib2: Python # distlib: Python # distro: ASL 2.0 # html5lib: MIT -# six: MIT -# colorama: BSD -# CacheControl: ASL 2.0 -# msgpack-python: ASL 2.0 -# lockfile: MIT -# progress: ISC +# idna: BSD # ipaddress: Python +# msgpack: ASL 2.0 # packaging: ASL 2.0 or BSD # pep517: MIT +# progress: ISC # pyparsing: MIT # pytoml: MIT -# retrying: ASL 2.0 # requests: ASL 2.0 -# chardet: LGPLv2 -# idna: BSD -# urllib3: MIT -# certifi: MPLv2.0 +# retrying: ASL 2.0 # setuptools: MIT +# six: MIT +# urllib3: MIT # webencodings: BSD License: MIT and Python and ASL 2.0 and BSD and ISC and LGPLv2 and MPLv2.0 and (ASL 2.0 or BSD) -URL: http://www.pip-installer.org -Source0: %pypi_source +URL: https://pip.pypa.io/ +Source0: https://github.com/pypa/pip/archive/%{version}/%{srcname}-%{version}.tar.gz BuildArch: noarch # Exclude i686 arch. Due to a modularity issue it's being added to the @@ -64,22 +64,10 @@ BuildRequires: python38-setuptools-wheel BuildRequires: python38-wheel-wheel %endif -# to get tests: -# git clone https://github.com/pypa/pip && cd pip -# git checkout $VERSION && tar -czvf ../pip-$VERSION-tests.tar.gz tests/ -%if %{with tests} -Source1: pip-%{version}-tests.tar.gz -%endif - # Themes required to build the docs. %if %{with doc} -Source2: https://github.com/pypa/pypa-docs-theme/archive/%{pypa_theme_commit_hash}.tar.gz -Source3: https://github.com/python/python-docs-theme/archive/2018.2.tar.gz -%endif - -%if %{with tests} -# Fix expected output in test to not break with alpha/beta/rc Python versions -Patch0: https://github.com/pypa/pip/pull/6788.patch +Source1: https://github.com/pypa/pypa-docs-theme/archive/%{pypa_theme_commit_hash}.tar.gz +Source2: https://github.com/python/python-docs-theme/archive/2018.2.tar.gz %endif # Downstream only patch @@ -99,6 +87,20 @@ Patch3: remove-existing-dist-only-if-path-conflicts.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1655253 Patch4: dummy-certifi.patch +# Mark tests that need the Internet as network tests so we can skip them +# https://github.com/pypa/pip/pull/7359 +Patch5: network-tests.patch + +# Patch for CVE-2021-3572 - pip incorrectly handled unicode separators in git references +# Upstream PR: https://github.com/pypa/pip/pull/9827 +# Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1962856 +Patch6: CVE-2021-3572.patch + +# CVE-2021-33503 Catastrophic backtracking in URL authority parser +# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=1968074 +# Upstream fix: https://github.com/urllib3/urllib3/commit/2d4a3fee6de2fa45eb82169361918f759269b4ec +Patch7: CVE-2021-33503.patch + # Downstream only patch # Users might have local installations of pip from using # `pip install --user --upgrade pip` on older/newer versions. @@ -131,26 +133,26 @@ Packages" or "Pip Installs Python". %global bundled() %{expand: Provides: bundled(python%{1}dist(appdirs)) = 1.4.3 Provides: bundled(python%{1}dist(CacheControl)) = 0.12.5 -Provides: bundled(python%{1}dist(certifi)) = 2019.6.16 +Provides: bundled(python%{1}dist(certifi)) = 2019.9.11 Provides: bundled(python%{1}dist(chardet)) = 3.0.4 Provides: bundled(python%{1}dist(colorama)) = 0.4.1 +Provides: bundled(python%{1}dist(contextlib2)) = 0.6.0 Provides: bundled(python%{1}dist(distlib)) = 0.2.9.post0 Provides: bundled(python%{1}dist(distro)) = 1.4.0 Provides: bundled(python%{1}dist(html5lib)) = 1.0.1 Provides: bundled(python%{1}dist(idna)) = 2.8 Provides: bundled(python%{1}dist(ipaddress)) = 1.0.22 -Provides: bundled(python%{1}dist(lockfile)) = 0.12.2 -Provides: bundled(python%{1}dist(msgpack)) = 0.6.1 -Provides: bundled(python%{1}dist(packaging)) = 19.0 -Provides: bundled(python%{1}dist(pep517)) = 0.5.0 +Provides: bundled(python%{1}dist(msgpack)) = 0.6.2 +Provides: bundled(python%{1}dist(packaging)) = 19.2 +Provides: bundled(python%{1}dist(pep517)) = 0.7.0 Provides: bundled(python%{1}dist(progress)) = 1.5 -Provides: bundled(python%{1}dist(pyparsing)) = 2.4.0 -Provides: bundled(python%{1}dist(pytoml)) = 0.1.20 +Provides: bundled(python%{1}dist(pyparsing)) = 2.4.2 +Provides: bundled(python%{1}dist(pytoml)) = 0.1.21 Provides: bundled(python%{1}dist(requests)) = 2.22.0 Provides: bundled(python%{1}dist(retrying)) = 1.3.3 -Provides: bundled(python%{1}dist(setuptools)) = 41.0.1 +Provides: bundled(python%{1}dist(setuptools)) = 41.4.0 Provides: bundled(python%{1}dist(six)) = 1.12.0 -Provides: bundled(python%{1}dist(urllib3)) = 1.25.3 +Provides: bundled(python%{1}dist(urllib3)) = 1.25.6 Provides: bundled(python%{1}dist(webencodings)) = 0.5.1 } @@ -193,6 +195,8 @@ BuildRequires: ca-certificates Requires: ca-certificates Requires: python%{python3_pkgversion}-setuptools +# Require alternatives version that implements the --keep-foreign flag +Requires(postun): alternatives >= 1.19.1-1 # python38 installs the alternatives master symlink to which we attach a slave Requires: python38 Requires(post): python38 @@ -236,29 +240,25 @@ A Python wheel of pip to use with venv. %prep %setup -q -n %{srcname}-%{version} -%if %{with tests} -tar -xf %{SOURCE1} -%endif %if %{with doc} pushd docs/html -tar -xf %{SOURCE2} +tar -xf %{SOURCE1} mv pypa-docs-theme-%{pypa_theme_commit_hash} pypa -tar -xf %{SOURCE3} +tar -xf %{SOURCE2} mv python-docs-theme-2018.2 python-docs-theme popd %endif -%if %{with tests} -%patch0 -p1 -%endif %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 # this goes together with patch4 rm src/pip/_vendor/certifi/*.pem -sed -i '/\.pem$/d' src/pip.egg-info/SOURCES.txt %if %{with tests} # tests expect wheels in here @@ -380,9 +380,9 @@ if [ $1 -eq 0 ]; then grep -c "^/usr/bin/python3.8 - priority [0-9]*"` if [ $EXISTS -ne 0 ]; then - alternatives --remove-slave python3 %{_bindir}/python3.8 \ + alternatives --keep-foreign --remove-slave python3 %{_bindir}/python3.8 \ pip3 - alternatives --remove-slave python3 %{_bindir}/python3.8 \ + alternatives --keep-foreign --remove-slave python3 %{_bindir}/python3.8 \ pip-3 fi fi @@ -417,6 +417,23 @@ fi %{python_wheeldir}/%{python_wheelname} %changelog +* Mon Aug 02 2021 Tomas Orsava - 19.3.1-4 +- Adjusted the postun scriptlets to enable upgrading to RHEL 9 +- Resolves: rhbz#1933055 + +* Wed Jun 30 2021 Lumír Balhar - 19.3.1-3 +- Fix for CVE-2021-33503 Catastrophic backtracking in URL authority parser +Resolves: rhbz#1968074 + +* Tue Jun 08 2021 Lumír Balhar - 19.3.1-2 +- Fix for CVE-2021-3572 - pip incorrectly handled unicode separators in git references +Resolves: rhbz#1962856 + +* Thu Apr 23 2020 Lumír Balhar - 19.3.1 +- Rebase to 19.3.1 to enable support for manylinux2014 +Resolves: rhbz#1827623 +- + some other fixes from Fedora 32 where we have the same version now + * Mon Mar 09 2020 Tomas Orsava - 19.2.3-5 - Implement the alternatives system for the executables - Resolves: rhbz#1807041 @@ -705,9 +722,8 @@ Resolves: rhbz#1406922 * Fri Jan 1 2010 Peter Halliday - 0.6.1.4 - fix dependency issue * Fri Dec 18 2009 Peter Halliday - 0.6.1-2 -- fix spec file +- fix spec file * Thu Dec 17 2009 Peter Halliday - 0.6.1-1 - upgrade to 0.6.1 of pip * Mon Aug 31 2009 Peter Halliday - 0.4-1 - Initial package -