diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..86d7491 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/pip-21.0.1.tar.gz diff --git a/.python-pip.metadata b/.python-pip.metadata new file mode 100644 index 0000000..29cee1d --- /dev/null +++ b/.python-pip.metadata @@ -0,0 +1 @@ +ccdc77442a6d5f943cdce39a94459334370e7b8c SOURCES/pip-21.0.1.tar.gz diff --git a/SOURCES/9760.patch b/SOURCES/9760.patch new file mode 100644 index 0000000..fb7e379 --- /dev/null +++ b/SOURCES/9760.patch @@ -0,0 +1,111 @@ +From 960c01adce491de00ef7a8d02a32fea31b15a1dc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= +Date: Fri, 2 Apr 2021 02:39:11 +0200 +Subject: [PATCH] Update urllib3 to 1.26.4 to fix CVE-2021-28363 + +--- + news/CVE-2021-28363.vendor.rst | 1 + + src/pip/_vendor/urllib3/_version.py | 2 +- + src/pip/_vendor/urllib3/connection.py | 8 ++++++-- + src/pip/_vendor/urllib3/exceptions.py | 12 +++++++++++- + src/pip/_vendor/urllib3/util/retry.py | 1 + + src/pip/_vendor/vendor.txt | 2 +- + 6 files changed, 21 insertions(+), 5 deletions(-) + create mode 100644 news/CVE-2021-28363.vendor.rst + +diff --git a/news/CVE-2021-28363.vendor.rst b/news/CVE-2021-28363.vendor.rst +new file mode 100644 +index 00000000000..29700ab7469 +--- /dev/null ++++ b/news/CVE-2021-28363.vendor.rst +@@ -0,0 +1 @@ ++Update urllib3 to 1.26.4 to fix CVE-2021-28363 +diff --git a/src/pip/_vendor/urllib3/_version.py b/src/pip/_vendor/urllib3/_version.py +index 2dba29e3fbe..97c983300b0 100644 +--- a/src/pip/_vendor/urllib3/_version.py ++++ b/src/pip/_vendor/urllib3/_version.py +@@ -1,2 +1,2 @@ + # This file is protected via CODEOWNERS +-__version__ = "1.26.2" ++__version__ = "1.26.4" +diff --git a/src/pip/_vendor/urllib3/connection.py b/src/pip/_vendor/urllib3/connection.py +index 660d679c361..45580b7e1ea 100644 +--- a/src/pip/_vendor/urllib3/connection.py ++++ b/src/pip/_vendor/urllib3/connection.py +@@ -67,7 +67,7 @@ class BrokenPipeError(Exception): + + # When it comes time to update this value as a part of regular maintenance + # (ie test_recent_date is failing) update it to ~6 months before the current date. +-RECENT_DATE = datetime.date(2019, 1, 1) ++RECENT_DATE = datetime.date(2020, 7, 1) + + _CONTAINS_CONTROL_CHAR_RE = re.compile(r"[^-!#$%&'*+.^_`|~0-9a-zA-Z]") + +@@ -215,7 +215,7 @@ def putrequest(self, method, url, *args, **kwargs): + + def putheader(self, header, *values): + """""" +- if SKIP_HEADER not in values: ++ if not any(isinstance(v, str) and v == SKIP_HEADER for v in values): + _HTTPConnection.putheader(self, header, *values) + elif six.ensure_str(header.lower()) not in SKIPPABLE_HEADERS: + raise ValueError( +@@ -490,6 +490,10 @@ def _connect_tls_proxy(self, hostname, conn): + self.ca_cert_dir, + self.ca_cert_data, + ) ++ # By default urllib3's SSLContext disables `check_hostname` and uses ++ # a custom check. For proxies we're good with relying on the default ++ # verification. ++ ssl_context.check_hostname = True + + # If no cert was provided, use only the default options for server + # certificate validation +diff --git a/src/pip/_vendor/urllib3/exceptions.py b/src/pip/_vendor/urllib3/exceptions.py +index d69958d5dfc..cba6f3f560f 100644 +--- a/src/pip/_vendor/urllib3/exceptions.py ++++ b/src/pip/_vendor/urllib3/exceptions.py +@@ -289,7 +289,17 @@ class ProxySchemeUnknown(AssertionError, URLSchemeUnknown): + # TODO(t-8ch): Stop inheriting from AssertionError in v2.0. + + def __init__(self, scheme): +- message = "Not supported proxy scheme %s" % scheme ++ # 'localhost' is here because our URL parser parses ++ # localhost:8080 -> scheme=localhost, remove if we fix this. ++ if scheme == "localhost": ++ scheme = None ++ if scheme is None: ++ message = "Proxy URL had no scheme, should start with http:// or https://" ++ else: ++ message = ( ++ "Proxy URL had unsupported scheme %s, should use http:// or https://" ++ % scheme ++ ) + super(ProxySchemeUnknown, self).__init__(message) + + +diff --git a/src/pip/_vendor/urllib3/util/retry.py b/src/pip/_vendor/urllib3/util/retry.py +index ee51f922f84..d25a41b42ea 100644 +--- a/src/pip/_vendor/urllib3/util/retry.py ++++ b/src/pip/_vendor/urllib3/util/retry.py +@@ -253,6 +253,7 @@ def __init__( + "Using 'method_whitelist' with Retry is deprecated and " + "will be removed in v2.0. Use 'allowed_methods' instead", + DeprecationWarning, ++ stacklevel=2, + ) + allowed_methods = method_whitelist + if allowed_methods is _Default: +diff --git a/src/pip/_vendor/vendor.txt b/src/pip/_vendor/vendor.txt +index 51a5508479e..868baba6f01 100644 +--- a/src/pip/_vendor/vendor.txt ++++ b/src/pip/_vendor/vendor.txt +@@ -13,7 +13,7 @@ requests==2.25.1 + certifi==2020.12.05 + chardet==4.0.0 + idna==2.10 +- urllib3==1.26.2 ++ urllib3==1.26.4 + resolvelib==0.5.4 + retrying==1.3.3 + setuptools==44.0.0 diff --git a/SOURCES/don-t-split-git-references-on-unicode-separators.patch b/SOURCES/don-t-split-git-references-on-unicode-separators.patch new file mode 100644 index 0000000..031c418 --- /dev/null +++ b/SOURCES/don-t-split-git-references-on-unicode-separators.patch @@ -0,0 +1,33 @@ +From ca24e4bfa60cec8341ccf40000a41bc9592713df Mon Sep 17 00:00:00 2001 +From: Karolina Surma +Date: Mon, 17 May 2021 11:34:30 +0200 +Subject: [PATCH] Don't split git references on unicode separators + +--- + src/pip/_internal/vcs/git.py | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) +diff --git a/src/pip/_internal/vcs/git.py b/src/pip/_internal/vcs/git.py +index cc22cd7..308e857 100644 +--- a/src/pip/_internal/vcs/git.py ++++ b/src/pip/_internal/vcs/git.py +@@ -147,9 +147,15 @@ class Git(VersionControl): + on_returncode='ignore', + ) + refs = {} +- for line in output.strip().splitlines(): ++ # NOTE: We do not use splitlines here since that would split on other ++ # unicode separators, which can be maliciously used to install a ++ # different revision. ++ for line in output.strip().split("\n"): ++ line = line.rstrip("\r") ++ if not line: ++ continue + try: +- sha, ref = line.split() ++ sha, ref = line.split(" ", maxsplit=2) + except ValueError: + # Include the offending line to simplify troubleshooting if + # this error ever occurs. +-- +2.31.1 + diff --git a/SOURCES/dummy-certifi.patch b/SOURCES/dummy-certifi.patch new file mode 100644 index 0000000..992aed4 --- /dev/null +++ b/SOURCES/dummy-certifi.patch @@ -0,0 +1,35 @@ +From cf96ff346639d1b9f5efa3fd0976694e04df3f5f Mon Sep 17 00:00:00 2001 +From: Tomas Hrnciar +Date: Sun, 26 Apr 2020 21:38:44 +0200 +Subject: [PATCH] Dummy certifi patch + +--- + src/pip/_vendor/certifi/core.py | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/src/pip/_vendor/certifi/core.py b/src/pip/_vendor/certifi/core.py +index 8987449..d174ced 100644 +--- a/src/pip/_vendor/certifi/core.py ++++ b/src/pip/_vendor/certifi/core.py +@@ -9,6 +9,7 @@ This module returns the installation location of cacert.pem or its contents. + import os + + try: ++ raise ImportError # force fallback + from importlib.resources import path as get_path, read_text + + _CACERT_CTX = None +@@ -51,9 +52,7 @@ except ImportError: + # If we don't have importlib.resources, then we will just do the old logic + # of assuming we're on the filesystem and munge the path directly. + def where(): +- f = os.path.dirname(__file__) +- +- return os.path.join(f, "cacert.pem") ++ return '/etc/pki/tls/certs/ca-bundle.crt' + + + def contents(): +-- +2.25.4 + diff --git a/SOURCES/emit-a-warning-when-running-with-root-privileges.patch b/SOURCES/emit-a-warning-when-running-with-root-privileges.patch new file mode 100644 index 0000000..7c6a390 --- /dev/null +++ b/SOURCES/emit-a-warning-when-running-with-root-privileges.patch @@ -0,0 +1,51 @@ +From 74bb5d26e232493de43adfa1f4b42b66fd701294 Mon Sep 17 00:00:00 2001 +From: Tomas Hrnciar +Date: Sun, 26 Apr 2020 13:52:24 +0200 +Subject: [PATCH] Downstream only patch + +Emit a warning to the user if pip install is run with root privileges +Issue upstream: https://github.com/pypa/pip/issues/4288 +--- + src/pip/_internal/commands/install.py | 19 +++++++++++++++++++ + 1 file changed, 19 insertions(+) + +diff --git a/src/pip/_internal/commands/install.py b/src/pip/_internal/commands/install.py +index 70bda2e2..1e750ae1 100644 +--- a/src/pip/_internal/commands/install.py ++++ b/src/pip/_internal/commands/install.py +@@ -13,6 +13,8 @@ import operator + import os + import shutil + import site ++import sys ++from os import path + from optparse import SUPPRESS_HELP + + from pip._vendor import pkg_resources +@@ -241,6 +243,23 @@ class InstallCommand(RequirementCommand): + raise CommandError("Can not combine '--user' and '--target'") + + cmdoptions.check_install_build_global(options) ++ ++ def is_venv(): ++ return (hasattr(sys, 'real_prefix') or ++ (hasattr(sys, 'base_prefix') and ++ sys.base_prefix != sys.prefix)) ++ ++ # Check whether we have root privileges and aren't in venv/virtualenv ++ if os.getuid() == 0 and not is_venv() and not options.root_path: ++ command = path.basename(sys.argv[0]) ++ if command == "__main__.py": ++ command = path.basename(sys.executable) + " -m pip" ++ logger.warning( ++ "Running pip install with root privileges is " ++ "generally not a good idea. Try `%s install --user` instead." ++ % command ++ ) ++ + upgrade_strategy = "to-satisfy-only" + if options.upgrade: + upgrade_strategy = options.upgrade_strategy +-- +2.23.0 + diff --git a/SOURCES/no-version-warning.patch b/SOURCES/no-version-warning.patch new file mode 100644 index 0000000..6d7268f --- /dev/null +++ b/SOURCES/no-version-warning.patch @@ -0,0 +1,15 @@ +diff -rU3 pip-20.3-orig/src/pip/_vendor/packaging/version.py pip-20.3/src/pip/_vendor/packaging/version.py +--- pip-20.3-orig/src/pip/_vendor/packaging/version.py 2020-11-30 12:58:32.000000000 +0100 ++++ pip-20.3/src/pip/_vendor/packaging/version.py 2020-12-16 21:25:15.818221608 +0100 +@@ -124,11 +124,6 @@ + self._version = str(version) + self._key = _legacy_cmpkey(self._version) + +- warnings.warn( +- "Creating a LegacyVersion has been deprecated and will be " +- "removed in the next major release", +- DeprecationWarning, +- ) + + def __str__(self): + # type: () -> str diff --git a/SOURCES/nowarn-pip._internal.main.patch b/SOURCES/nowarn-pip._internal.main.patch new file mode 100644 index 0000000..7027cf5 --- /dev/null +++ b/SOURCES/nowarn-pip._internal.main.patch @@ -0,0 +1,72 @@ +From 7c36cb21910b415e0eb171d0f6c4dbf72382fdaf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= +Date: Tue, 10 Mar 2020 11:03:22 +0100 +Subject: [PATCH] Don't warn the user about pip._internal.main() entrypoint + +In Fedora, we use that in ensurepip and users cannot do anything about it, +this warning is juts moot. Also, the warning breaks CPython test suite. +--- + src/pip/_internal/__init__.py | 2 +- + src/pip/_internal/utils/entrypoints.py | 19 ++++++++++--------- + tests/functional/test_cli.py | 3 ++- + 3 files changed, 13 insertions(+), 11 deletions(-) + +diff --git a/src/pip/_internal/__init__.py b/src/pip/_internal/__init__.py +index 3aa8a46..0ec017b 100755 +--- a/src/pip/_internal/__init__.py ++++ b/src/pip/_internal/__init__.py +@@ -15,4 +15,4 @@ def main(args=None): + """ + from pip._internal.utils.entrypoints import _wrapper + +- return _wrapper(args) ++ return _wrapper(args, _nowarn=True) +diff --git a/src/pip/_internal/utils/entrypoints.py b/src/pip/_internal/utils/entrypoints.py +index befd01c..d6f3632 100644 +--- a/src/pip/_internal/utils/entrypoints.py ++++ b/src/pip/_internal/utils/entrypoints.py +@@ -7,7 +7,7 @@ if MYPY_CHECK_RUNNING: + from typing import List, Optional + + +-def _wrapper(args=None): ++def _wrapper(args=None, _nowarn=False): + # type: (Optional[List[str]]) -> int + """Central wrapper for all old entrypoints. + +@@ -20,12 +20,13 @@ def _wrapper(args=None): + directing them to an appropriate place for help, we now define all of + our old entrypoints as wrappers for the current one. + """ +- sys.stderr.write( +- "WARNING: pip is being invoked by an old script wrapper. This will " +- "fail in a future version of pip.\n" +- "Please see https://github.com/pypa/pip/issues/5599 for advice on " +- "fixing the underlying issue.\n" +- "To avoid this problem you can invoke Python with '-m pip' instead of " +- "running pip directly.\n" +- ) ++ if not _nowarn: ++ sys.stderr.write( ++ "WARNING: pip is being invoked by an old script wrapper. This will " ++ "fail in a future version of pip.\n" ++ "Please see https://github.com/pypa/pip/issues/5599 for advice on " ++ "fixing the underlying issue.\n" ++ "To avoid this problem you can invoke Python with '-m pip' instead of " ++ "running pip directly.\n" ++ ) + return main(args) +diff --git a/tests/functional/test_cli.py b/tests/functional/test_cli.py +index e416315..7f57f67 100644 +--- a/tests/functional/test_cli.py ++++ b/tests/functional/test_cli.py +@@ -31,4 +31,5 @@ def test_entrypoints_work(entrypoint, script): + result = script.pip("-V") + result2 = script.run("fake_pip", "-V", allow_stderr_warning=True) + assert result.stdout == result2.stdout +- assert "old script wrapper" in result2.stderr ++ if entrypoint[0] != "fake_pip = pip._internal:main": ++ assert "old script wrapper" in result2.stderr +-- +2.24.1 + diff --git a/SOURCES/pip-allow-different-versions.patch b/SOURCES/pip-allow-different-versions.patch new file mode 100644 index 0000000..4a11517 --- /dev/null +++ b/SOURCES/pip-allow-different-versions.patch @@ -0,0 +1,27 @@ +--- /usr/bin/pip3 2019-11-12 17:37:34.793131862 +0100 ++++ pip3 2019-11-12 17:40:42.014107134 +0100 +@@ -2,7 +2,23 @@ + # -*- coding: utf-8 -*- + import re + import sys +-from pip._internal.cli.main import main ++ ++try: ++ from pip._internal.cli.main import main ++except ImportError: ++ try: ++ from pip._internal.main import main ++ except ImportError: ++ try: ++ # If the user has downgraded pip, the above import will fail. ++ # Let's try older methods of invoking it: ++ ++ # pip 19 uses this ++ from pip._internal import main ++ except ImportError: ++ # older pip versions use this ++ from pip import main ++ + if __name__ == '__main__': + sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0]) + sys.exit(main()) diff --git a/SOURCES/remove-existing-dist-only-if-path-conflicts.patch b/SOURCES/remove-existing-dist-only-if-path-conflicts.patch new file mode 100644 index 0000000..3913557 --- /dev/null +++ b/SOURCES/remove-existing-dist-only-if-path-conflicts.patch @@ -0,0 +1,131 @@ +From f83eacf40f1506418e74d747906b8f108401f91d Mon Sep 17 00:00:00 2001 +From: Lumir Balhar +Date: Tue, 26 Jan 2021 09:05:07 +0100 +Subject: [PATCH] Prevent removing of the system packages installed under + /usr/lib + +when pip install -U is executed. + +Resolves: rhbz#1550368 + +Co-Authored-By: Michal Cyprian +Co-Authored-By: Victor Stinner +Co-Authored-By: Petr Viktorin +--- + src/pip/_internal/req/req_install.py | 3 ++- + src/pip/_internal/resolution/legacy/resolver.py | 5 ++++- + src/pip/_internal/resolution/resolvelib/factory.py | 10 ++++++++++ + src/pip/_internal/utils/misc.py | 11 +++++++++++ + 4 files changed, 27 insertions(+), 2 deletions(-) + +diff --git a/src/pip/_internal/req/req_install.py b/src/pip/_internal/req/req_install.py +index 6d0aa30..0a5f8ed 100644 +--- a/src/pip/_internal/req/req_install.py ++++ b/src/pip/_internal/req/req_install.py +@@ -39,6 +39,7 @@ from pip._internal.utils.misc import ( + ask_path_exists, + backup_dir, + display_path, ++ dist_in_install_path, + dist_in_site_packages, + dist_in_usersite, + get_distribution, +@@ -445,7 +446,7 @@ class InstallRequirement: + "lack sys.path precedence to {} in {}".format( + existing_dist.project_name, existing_dist.location) + ) +- else: ++ elif dist_in_install_path(existing_dist): + self.should_reinstall = True + else: + if self.editable: +diff --git a/src/pip/_internal/resolution/legacy/resolver.py b/src/pip/_internal/resolution/legacy/resolver.py +index 665dba1..a219e63 100644 +--- a/src/pip/_internal/resolution/legacy/resolver.py ++++ b/src/pip/_internal/resolution/legacy/resolver.py +@@ -34,6 +34,7 @@ from pip._internal.resolution.base import BaseResolver + from pip._internal.utils.compatibility_tags import get_supported + from pip._internal.utils.logging import indent_log + from pip._internal.utils.misc import dist_in_usersite, normalize_version_info ++from pip._internal.utils.misc import dist_in_install_path + from pip._internal.utils.packaging import check_requires_python, get_requires_python + from pip._internal.utils.typing import MYPY_CHECK_RUNNING + +@@ -204,7 +205,9 @@ class Resolver(BaseResolver): + """ + # Don't uninstall the conflict if doing a user install and the + # conflict is not a user install. +- if not self.use_user_site or dist_in_usersite(req.satisfied_by): ++ if ((not self.use_user_site ++ or dist_in_usersite(req.satisfied_by)) ++ and dist_in_install_path(req.satisfied_by)): + req.should_reinstall = True + req.satisfied_by = None + +diff --git a/src/pip/_internal/resolution/resolvelib/factory.py b/src/pip/_internal/resolution/resolvelib/factory.py +index be0729e..bc2912b 100644 +--- a/src/pip/_internal/resolution/resolvelib/factory.py ++++ b/src/pip/_internal/resolution/resolvelib/factory.py +@@ -1,5 +1,6 @@ + import functools + import logging ++import sys + + from pip._vendor.packaging.utils import canonicalize_name + +@@ -19,7 +20,9 @@ from pip._internal.utils.misc import ( + dist_in_site_packages, + dist_in_usersite, + get_installed_distributions, ++ dist_location, + ) ++from pip._internal.locations import distutils_scheme + from pip._internal.utils.typing import MYPY_CHECK_RUNNING + from pip._internal.utils.virtualenv import running_under_virtualenv + +@@ -362,6 +365,13 @@ class Factory: + if dist is None: # Not installed, no uninstallation required. + return None + ++ # Prevent uninstalling packages from /usr ++ if dist_location(dist) in ( ++ distutils_scheme('', prefix=sys.base_prefix)['purelib'], ++ distutils_scheme('', prefix=sys.base_prefix)['platlib'], ++ ): ++ return None ++ + # We're installing into global site. The current installation must + # be uninstalled, no matter it's in global or user site, because the + # user site installation has precedence over global. +diff --git a/src/pip/_internal/utils/misc.py b/src/pip/_internal/utils/misc.py +index 6dd94e2..7925518 100644 +--- a/src/pip/_internal/utils/misc.py ++++ b/src/pip/_internal/utils/misc.py +@@ -27,6 +27,7 @@ from pip._vendor.retrying import retry # type: ignore + from pip import __version__ + from pip._internal.exceptions import CommandError + from pip._internal.locations import get_major_minor_version, site_packages, user_site ++from pip._internal.locations import distutils_scheme, get_major_minor_version, site_packages, user_site + from pip._internal.utils.compat import WINDOWS, stdlib_pkgs + from pip._internal.utils.typing import MYPY_CHECK_RUNNING, cast + from pip._internal.utils.virtualenv import ( +@@ -398,6 +399,16 @@ def dist_in_site_packages(dist): + return dist_location(dist).startswith(normalize_path(site_packages)) + + ++def dist_in_install_path(dist): ++ """ ++ Return True if given Distribution is installed in ++ path matching distutils_scheme layout. ++ """ ++ norm_path = normalize_path(dist_location(dist)) ++ return norm_path.startswith(normalize_path( ++ distutils_scheme("")['purelib'].split('python')[0])) ++ ++ + def dist_is_editable(dist): + # type: (Distribution) -> bool + """ +-- +2.29.2 + diff --git a/SPECS/python-pip.spec b/SPECS/python-pip.spec new file mode 100644 index 0000000..967f35c --- /dev/null +++ b/SPECS/python-pip.spec @@ -0,0 +1,783 @@ +# The original RHEL 9 content set is defined by (build)dependencies +# of the packages in Fedora ELN. Hence we disable tests and documentation here +# to prevent pulling many unwanted packages in. +# Once the RHEL 9 content set is defined and/or RHEL 9 forks from ELN, +# the conditional can be removed from the Fedora spec file. +# We intentionally keep this enabled on EPEL. +%if 0%{?rhel} >= 9 && !0%{?epel} +%bcond_with tests +%bcond_with doc +%else +%bcond_without tests +%bcond_without doc +%endif + +%global srcname pip +%global base_version 21.0.1 +%global upstream_version %{base_version}%{?prerel} +%global python_wheelname %{srcname}-%{upstream_version}-py3-none-any.whl +%global python_wheeldir %{_datadir}/python-wheels + +%global bashcompdir %(pkg-config --variable=completionsdir bash-completion 2>/dev/null) + +Name: python-%{srcname} +Version: %{base_version}%{?prerel:~%{prerel}} +Release: 6%{?dist} +Summary: A tool for installing and managing Python packages + +# We bundle a lot of libraries with pip, which itself is under MIT license. +# Here is the list of the libraries with corresponding licenses: + +# appdirs: MIT +# certifi: MPLv2.0 +# chardet: LGPLv2 +# colorama: BSD +# CacheControl: ASL 2.0 +# contextlib2: Python +# distlib: Python +# distro: ASL 2.0 +# html5lib: MIT +# idna: BSD +# ipaddress: Python +# msgpack: ASL 2.0 +# packaging: ASL 2.0 or BSD +# pep517: MIT +# progress: ISC +# pyparsing: MIT +# requests: ASL 2.0 +# resolvelib: ISC +# retrying: ASL 2.0 +# setuptools: MIT +# six: MIT +# toml: MIT +# urllib3: MIT +# webencodings: BSD + +License: MIT and Python and ASL 2.0 and BSD and ISC and LGPLv2 and MPLv2.0 and (ASL 2.0 or BSD) +URL: https://pip.pypa.io/ +Source0: https://github.com/pypa/pip/archive/%{upstream_version}/%{srcname}-%{upstream_version}.tar.gz + +BuildArch: noarch + +%if %{with tests} +BuildRequires: /usr/bin/git +BuildRequires: /usr/bin/hg +BuildRequires: /usr/bin/bzr +BuildRequires: /usr/bin/svn +BuildRequires: python-setuptools-wheel +BuildRequires: python-wheel-wheel +%endif + +# Downstream only patch +# Emit a warning to the user if pip install is run with root privileges +# Upstream discussion: +# https://discuss.python.org/t/playing-nice-with-external-package-managers/1968/20 +Patch1: emit-a-warning-when-running-with-root-privileges.patch + +# Prevent removing of the system packages installed under /usr/lib +# when pip install -U is executed. +# https://bugzilla.redhat.com/show_bug.cgi?id=1550368#c24 +Patch3: remove-existing-dist-only-if-path-conflicts.patch + +# Use the system level root certificate instead of the one bundled in certifi +# https://bugzilla.redhat.com/show_bug.cgi?id=1655253 +Patch4: dummy-certifi.patch + +# Don't warn the user about pip._internal.main() entrypoint +# In Fedora, we use that in ensurepip and users cannot do anything about it, +# this warning is juts moot. Also, the warning breaks CPython test suite. +Patch5: nowarn-pip._internal.main.patch + +# Don't warn the user about packaging's LegacyVersion being deprecated. +# (This also breaks Python's test suite when warnings are treated as errors.) +# Upstream issue: https://github.com/pypa/packaging/issues/368 +Patch6: no-version-warning.patch + +# Update vendored urrlib3 to 1.26.4 to fix CVE-2021-28363 +# Security patch backported from pip 21.1 +Patch7: https://github.com/pypa/pip/pull/9760.patch + +# Don't split git references on unicode separators, +# which could be maliciously used to install a different revision on the +# repository. +# Security patch backported from pip 21.1.1 +# Upstream PR: https://github.com/pypa/pip/pull/9827 +Patch8: don-t-split-git-references-on-unicode-separators.patch + +# Downstream only patch +# Users might have local installations of pip from using +# `pip install --user --upgrade pip` on older/newer versions. +# If they do that and they run `pip` or `pip3`, the one from /usr/bin is used. +# However that's the one from this RPM package and the import in there might +# fail (it tries to import from ~/.local, but older or newer pip is there with +# a bit different API). +# We add this patch as a dirty workaround to make /usr/bin/pip* work with +# both pip10+ (from this RPM) and older or newer (19.3+) pip (from whatever). +# A proper fix is to put ~/.local/bin in front of /usr/bin in the PATH, +# however others are against that and we cannot change it for existing +# installs/user homes anyway. +# https://bugzilla.redhat.com/show_bug.cgi?id=1569488 +# https://bugzilla.redhat.com/show_bug.cgi?id=1571650 +# https://bugzilla.redhat.com/show_bug.cgi?id=1767212 +# WARNING: /usr/bin/pip* are entrypoints, this cannot be applied in %%prep! +# %%patch10 doesn't work outside of %%prep, so we add it as a source +# Note that since pip 20, old main() import paths are preserved for backwards +# compatibility: https://github.com/pypa/pip/issues/7498 +# Meaning we don't need to update any of the older pips to support 20+ +# We also don't need to update Pythons to use new import path in ensurepip +Source10: pip-allow-different-versions.patch + +%description +pip is a package management system used to install and manage software packages +written in Python. Many packages can be found in the Python Package Index +(PyPI). pip is a recursive acronym that can stand for either "Pip Installs +Packages" or "Pip Installs Python". + + + +# Virtual provides for the packages bundled by pip. +# You can generate it with: +# %%{_rpmconfigdir}/pythonbundles.py --namespace 'python%%{1}dist' src/pip/_vendor/vendor.txt +%global bundled() %{expand: +Provides: bundled(python%{1}dist(appdirs)) = 1.4.4 +Provides: bundled(python%{1}dist(cachecontrol)) = 0.12.6 +Provides: bundled(python%{1}dist(certifi)) = 2020.12.5 +Provides: bundled(python%{1}dist(chardet)) = 4 +Provides: bundled(python%{1}dist(colorama)) = 0.4.4 +Provides: bundled(python%{1}dist(contextlib2)) = 0.6^post1 +Provides: bundled(python%{1}dist(distlib)) = 0.3.1 +Provides: bundled(python%{1}dist(distro)) = 1.5 +Provides: bundled(python%{1}dist(html5lib)) = 1.1 +Provides: bundled(python%{1}dist(idna)) = 2.10 +Provides: bundled(python%{1}dist(msgpack)) = 1.0.2 +Provides: bundled(python%{1}dist(packaging)) = 20.9 +Provides: bundled(python%{1}dist(pep517)) = 0.9.1 +Provides: bundled(python%{1}dist(progress)) = 1.5 +Provides: bundled(python%{1}dist(pyparsing)) = 2.4.7 +Provides: bundled(python%{1}dist(requests)) = 2.25.1 +Provides: bundled(python%{1}dist(resolvelib)) = 0.5.4 +Provides: bundled(python%{1}dist(retrying)) = 1.3.3 +Provides: bundled(python%{1}dist(setuptools)) = 44 +Provides: bundled(python%{1}dist(six)) = 1.15 +Provides: bundled(python%{1}dist(toml)) = 0.10.2 +Provides: bundled(python%{1}dist(urllib3)) = 1.26.4 +Provides: bundled(python%{1}dist(webencodings)) = 0.5.1 +} + +# Some manylinux1 wheels need libcrypt.so.1. +# Manylinux1, a common (as of 2019) platform tag for binary wheels, relies +# on a glibc version that included ancient crypto functions, which were +# moved to libxcrypt and then removed in: +# https://fedoraproject.org/wiki/Changes/FullyRemoveDeprecatedAndUnsafeFunctionsFromLibcrypt +# The manylinux1 standard assumed glibc would keep ABI compatibility, +# but that's only the case if libcrypt.so.1 (libxcrypt-compat) is around. +# This should be solved in the next manylinux standard (but it may be +# a long time until manylinux1 is phased out). +# See: https://github.com/pypa/manylinux/issues/305 +# Note that manylinux is only applicable to x86 (both 32 and 64 bits) +%global crypt_compat_recommends() %{expand: +Recommends: (libcrypt.so.1()(64bit) if python%{1}(x86-64)) +Recommends: (libcrypt.so.1 if python%{1}(x86-32)) +} + + + +%package -n python%{python3_pkgversion}-%{srcname} +Summary: A tool for installing and managing Python3 packages + +BuildRequires: python%{python3_pkgversion}-devel +# python3 bootstrap: this is rebuilt before the final build of python3, which +# adds the dependency on python3-rpm-generators, so we require it manually +# Note that the package prefix is always python3-, even if we build for 3.X +# The minimal version is for bundled provides verification script +BuildRequires: python3-rpm-generators >= 11-8 +BuildRequires: python%{python3_pkgversion}-setuptools +BuildRequires: bash-completion +%if %{with tests} +BuildRequires: python%{python3_pkgversion}-cryptography +BuildRequires: python%{python3_pkgversion}-mock +BuildRequires: python%{python3_pkgversion}-pytest +BuildRequires: python%{python3_pkgversion}-pretend +BuildRequires: python%{python3_pkgversion}-freezegun +BuildRequires: python%{python3_pkgversion}-scripttest +BuildRequires: python%{python3_pkgversion}-virtualenv +BuildRequires: python%{python3_pkgversion}-werkzeug +BuildRequires: python%{python3_pkgversion}-pyyaml +%endif +BuildRequires: python%{python3_pkgversion}-wheel +BuildRequires: ca-certificates +Requires: ca-certificates + +# This was previously required and we keep it recommended because a lot of +# sdists installed via pip will try to import setuptools. +# But pip doesn't actually require setuptools. +# It can install wheels without them and it can build wheels in isolation mode +# (using setuptools/flit/poetry/... installed from PyPI). +# Side note: pip bundles pkg_resources from setuptools for internal usage. +Recommends: python%{python3_pkgversion}-setuptools + +# Virtual provides for the packages bundled by pip: +%{bundled 3} + +Provides: pip = %{version}-%{release} +Conflicts: python-pip < %{version}-%{release} + +%{crypt_compat_recommends 3} + +# Provide platform-python-pip for backwards compatibility with RHEL 8 +Provides: platform-python-pip = %{version}-%{release} + +%description -n python%{python3_pkgversion}-%{srcname} +pip is a package management system used to install and manage software packages +written in Python. Many packages can be found in the Python Package Index +(PyPI). pip is a recursive acronym that can stand for either "Pip Installs +Packages" or "Pip Installs Python". + +%if %{with doc} +%package doc +Summary: A documentation for a tool for installing and managing Python packages + +BuildRequires: python%{python3_pkgversion}-sphinx +BuildRequires: python%{python3_pkgversion}-sphinx-inline-tabs + +%description doc +A documentation for a tool for installing and managing Python packages + +%endif + +%package wheel +Summary: The pip wheel +Requires: ca-certificates + +# Virtual provides for the packages bundled by pip: +%{bundled 3} + +%{crypt_compat_recommends 3} + +%description wheel +A Python wheel of pip to use with venv. + +%prep +%autosetup -p1 -n %{srcname}-%{upstream_version} + +# this goes together with patch4 +rm src/pip/_vendor/certifi/*.pem + +# Do not use furo as HTML theme in docs +# furo is not available in Fedora +sed -i '/html_theme = "furo"/d' docs/html/conf.py + +# towncrier extension for Sphinx is not yet available in Fedora +sed -i "/'sphinxcontrib.towncrier',/d" docs/html/conf.py + +# tests expect wheels in here +ln -s %{python_wheeldir} tests/data/common_wheels + +# Remove shebang from files in bundled chardet +grep -lr "^#\!/usr/bin/env python" src/pip/_vendor/chardet/ | xargs sed -i "1d" + + +%build +%py3_build_wheel + +%if %{with doc} +export PYTHONPATH=./src/ +# from tox.ini +sphinx-build-3 -b html docs/html docs/build/html +sphinx-build-3 -b man docs/man docs/build/man -c docs/html +rm -rf docs/build/html/{.doctrees,.buildinfo} +%endif + + +%install +# The following is similar to %%py3_install_wheel, but we don't have +# /usr/bin/pip yet, so we install using the wheel directly. +# (This is not standard wheel usage, but the pip wheel supports it -- see +# pip/__main__.py) +%{__python3} dist/%{python_wheelname}/pip install \ + --root %{buildroot} \ + --no-deps \ + --no-cache-dir \ + --no-index \ + --ignore-installed \ + --find-links dist \ + 'pip==%{upstream_version}' + +%if %{with doc} +pushd docs/build/man +install -d %{buildroot}%{_mandir}/man1 +for MAN in *1; do +install -pm0644 $MAN %{buildroot}%{_mandir}/man1/$MAN +for pip in "pip3" "pip-3" "pip%{python3_version}" "pip-%{python3_version}"; do +echo ".so $MAN" > %{buildroot}%{_mandir}/man1/${MAN/pip/$pip} +done +done +popd +%endif + +# before we ln -s anything, we apply Source10 patch to all pips: +for PIP in %{buildroot}%{_bindir}/pip*; do + patch -p1 --no-backup-if-mismatch $PIP < %{SOURCE10} +done + +mkdir -p %{buildroot}%{bashcompdir} +PYTHONPATH=%{buildroot}%{python3_sitelib} \ + %{buildroot}%{_bindir}/pip completion --bash \ + > %{buildroot}%{bashcompdir}/pip3 + +# Make bash completion apply to all the 5 symlinks we install +sed -i -e "s/^\\(complete.*\\) pip\$/\\1 pip pip{,-}{3,%{python3_version}}/" \ + -e s/_pip_completion/_pip3_completion/ \ + %{buildroot}%{bashcompdir}/pip3 + + +# Provide symlinks to executables to comply with Fedora guidelines for Python +ln -s ./pip%{python3_version} %{buildroot}%{_bindir}/pip-%{python3_version} +ln -s ./pip-%{python3_version} %{buildroot}%{_bindir}/pip-3 + + +# Make sure the INSTALLER is not pip and remove RECORD +# %%pyproject macros do this for all packages +echo rpm > %{buildroot}%{python3_sitelib}/pip-%{upstream_version}.dist-info/INSTALLER +rm %{buildroot}%{python3_sitelib}/pip-%{upstream_version}.dist-info/RECORD + +mkdir -p %{buildroot}%{python_wheeldir} +install -p dist/%{python_wheelname} -t %{buildroot}%{python_wheeldir} + + +%if %{with tests} +%check +# Verify bundled provides are up to date +%{_rpmconfigdir}/pythonbundles.py src/pip/_vendor/vendor.txt --compare-with '%{bundled 3}' + +# Upstream tests +# bash completion tests only work from installed package +# needs unaltered sys.path and we cannot do that in %%check +# test_pep517_and_build_options +# test_config_file_venv_option +# TODO investigate failures +# test_uninstall_non_local_distutils +# Incompatible with the latest virtualenv +# test_from_link_vcs_with_source_dir_obtains_commit_id +# test_from_link_vcs_without_source_dir +# test_should_cache_git_sha +pytest_k='not completion and + not test_pep517_and_build_options and + not test_config_file_venv_option and + not test_uninstall_non_local_distutils and + not test_from_link_vcs_with_source_dir_obtains_commit_id and + not test_from_link_vcs_without_source_dir and + not test_should_cache_git_sha' + +# --deselect'ed tests are not compatible with the latest virtualenv +# These files contain almost 500 tests so we should enable them back +# as soon as pip will be compatible upstream +# https://github.com/pypa/pip/pull/8441 +%pytest -m 'not network' -k "$(echo $pytest_k)" \ + --deselect tests/functional --deselect tests/lib/test_lib.py --deselect tests/unit/test_build_env.py +%endif + + +%files -n python%{python3_pkgversion}-%{srcname} +%license LICENSE.txt +%doc README.rst +%if %{with doc} +%{_mandir}/man1/pip.* +%{_mandir}/man1/pip-*.* +%{_mandir}/man1/pip3.* +%{_mandir}/man1/pip3-*.* +%endif +%{_bindir}/pip +%{_bindir}/pip3 +%{_bindir}/pip-3 +%{_bindir}/pip%{python3_version} +%{_bindir}/pip-%{python3_version} +%{python3_sitelib}/pip* +%dir %{bashcompdir} +%{bashcompdir}/pip3 + +%if %{with doc} +%files doc +%license LICENSE.txt +%doc README.rst +%doc docs/build/html +%endif + +%files wheel +%license LICENSE.txt +# we own the dir for simplicity +%dir %{python_wheeldir}/ +%{python_wheeldir}/%{python_wheelname} + +%changelog +* Tue Aug 10 2021 Mohan Boddu - 21.0.1-6 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Wed Jul 28 2021 Tomas Orsava - 21.0.1-5 +- Provide the platform-python-pip name for backwards compatibility + with RHEL 8 +- Related: rhbz#1891487 + +* Mon May 17 2021 Karolina Surma - 21.0.1-4 +- Backport security fixes from pip 21.1.1 + +* Fri Apr 16 2021 Mohan Boddu +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Sat Mar 13 2021 Miro Hrončok - 21.0.1-2 +- python-pip-wheel: Remove bundled provides and libcrypt recommends for Python 2 + (The wheel is Python 3 only for a while) + +* Wed Feb 17 2021 Lumír Balhar - 21.0.1-1 +- Update to 21.0.1 +Resolves: rhbz#1922592 + +* Tue Jan 26 2021 Lumír Balhar - 21.0-1 +- Update to 21.0 (#1919530) + +* Thu Dec 17 2020 Petr Viktorin - 20.3.3-1 +- Update to 20.3.3 + +* Mon Nov 30 2020 Miro Hrončok - 20.3-1 +- Update to 20.3 +- Add support for PEP 600: Future manylinux Platform Tags +- New resolver +- Fixes: rhbz#1893470 + +* Mon Oct 19 2020 Lumír Balhar - 20.2.4-1 +- Update to 20.2.4 (#1889112) + +* Wed Aug 05 2020 Tomas Orsava - 20.2.2-1 +- Update to 20.2.2 (#1838553) + +* Wed Jul 29 2020 Fedora Release Engineering - 20.1.1-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Fri Jul 10 2020 Lumír Balhar - 20.1.1-6 +- Do not emit a warning about root privileges when --root is used + +* Wed Jul 08 2020 Miro Hrončok - 20.1.1-5 +- Update bundled provides to match 20.1.1 + +* Tue Jun 16 2020 Lumír Balhar - 20.1.1-4 +- Deselect tests incompatible with the latest virtualenv + +* Sun May 24 2020 Miro Hrončok - 20.1.1-3 +- Rebuilt for Python 3.9 + +* Thu May 21 2020 Miro Hrončok - 20.1.1-2 +- Bootstrap for Python 3.9 + +* Wed May 20 2020 Tomas Hrnciar - 20.1.1-1 +- Update to 20.1.1 + +* Wed Apr 29 2020 Tomas Hrnciar - 20.1-1 +- Update to 20.1 + +* Mon Apr 27 2020 Tomas Hrnciar - 20.1~b1-1 +- Update to 20.1~b1 + +* Wed Apr 15 2020 Miro Hrončok - 20.0.2-4 +- Only recommend setuptools, don't require them + +* Fri Apr 10 2020 Miro Hrončok - 20.0.2-3 +- Allow setting $TMPDIR to $PWD/... during pip wheel (#1806625) + +* Tue Mar 10 2020 Miro Hrončok - 20.0.2-2 +- Don't warn the user about pip._internal.main() entrypoint to fix ensurepip + +* Mon Mar 02 2020 Miro Hrončok - 20.0.2-1 +- Update to 20.0.2 (#1793456) + +* Thu Jan 30 2020 Fedora Release Engineering - 19.3.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Mon Nov 04 2019 Tomas Orsava - 19.3.1-1 +- Update to 19.3.1 (#1761508) +- Drop upstreamed patch that fixed expected output in test to not break with alpha/beta/rc Python versions + +* Wed Oct 30 2019 Miro Hrončok - 19.2.3-2 +- Make /usr/bin/pip(3) work with user-installed pip 19.3+ (#1767212) + +* Mon Sep 02 2019 Miro Hrončok - 19.2.3-1 +- Update to 19.2.3 (#1742230) +- Drop patch that should strip path prefixes from RECORD files, the paths are relative + +* Wed Aug 21 2019 Petr Viktorin - 19.1.1-8 +- Remove python2-pip +- Make pip bootstrap itself, rather than with an extra bootstrap RPM build + +* Sat Aug 17 2019 Miro Hrončok - 19.1.1-7 +- Rebuilt for Python 3.8 + +* Wed Aug 14 2019 Miro Hrončok - 19.1.1-6 +- Bootstrap for Python 3.8 + +* Wed Aug 14 2019 Miro Hrončok - 19.1.1-5 +- Bootstrap for Python 3.8 + +* Fri Jul 26 2019 Fedora Release Engineering - 19.1.1-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Mon Jul 15 2019 Petr Viktorin - 19.1.1-3 +- Recommend libcrypt.so.1 for manylinux1 compatibility +- Make /usr/bin/pip Python 3 + +* Mon Jun 10 2019 Miro Hrončok - 19.1.1-2 +- Fix root warning when pip is invoked via python -m pip +- Remove a redundant second WARNING prefix form the abovementioned warning + +* Wed May 15 2019 Miro Hrončok - 19.1.1-1 +- Update to 19.1.1 (#1706995) + +* Thu Apr 25 2019 Miro Hrončok - 19.1-1 +- Update to 19.1 (#1702525) + +* Wed Mar 06 2019 Miro Hrončok - 19.0.3-1 +- Update to 19.0.3 (#1679277) + +* Wed Feb 13 2019 Miro Hrončok - 19.0.2-1 +- Update to 19.0.2 (#1668492) + +* Sat Feb 02 2019 Fedora Release Engineering - 18.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Mon Dec 03 2018 Miro Hrončok - 18.1-2 +- Use the system level root certificate instead of the one bundled in certifi + +* Thu Nov 22 2018 Miro Hrončok - 18.1-1 +- Update to 18.1 (#1652089) + +* Tue Sep 18 2018 Victor Stinner - 18.0-4 +- Prevent removing of the system packages installed under /usr/lib + when pip install -U is executed. Original patch by Michal Cyprian. + Resolves: rhbz#1550368. + +* Wed Aug 08 2018 Miro Hrončok - 18.0-3 +- Create python-pip-wheel package with the wheel + +* Tue Jul 31 2018 Miro Hrončok - 18.0-2 +- Remove redundant "Unicode" from License + +* Mon Jul 23 2018 Marcel Plch - 18.0-7 +- Update to 18.0 + +* Sat Jul 14 2018 Fedora Release Engineering - 9.0.3-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Mon Jun 18 2018 Miro Hrončok - 9.0.3-5 +- Rebuilt for Python 3.7 + +* Wed Jun 13 2018 Miro Hrončok - 9.0.3-4 +- Bootstrap for Python 3.7 + +* Wed Jun 13 2018 Miro Hrončok - 9.0.3-3 +- Bootstrap for Python 3.7 + +* Fri May 04 2018 Miro Hrončok - 9.0.3-2 +- Allow to import pip10's main from pip9's /usr/bin/pip +- Do not show the "new version of pip" warning outside of venv +Resolves: rhbz#1569488 +Resolves: rhbz#1571650 +Resolves: rhbz#1573755 + +* Thu Mar 29 2018 Charalampos Stratakis - 9.0.3-1 +- Update to 9.0.3 + +* Wed Feb 21 2018 Lumír Balhar - 9.0.1-16 +- Include built HTML documentation (in the new -doc subpackage) and man page + +* Fri Feb 09 2018 Fedora Release Engineering - 9.0.1-15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Mon Dec 04 2017 Charalampos Stratakis - 9.0.1-14 +- Reintroduce the ipaddress module in the python3 subpackage. + +* Mon Nov 20 2017 Charalampos Stratakis - 9.0.1-13 +- Add virtual provides for the bundled libraries. (rhbz#1096912) + +* Tue Aug 29 2017 Tomas Orsava - 9.0.1-12 +- Switch macros to bcond's and make Python 2 optional to facilitate building + the Python 2 and Python 3 modules + +* Thu Jul 27 2017 Fedora Release Engineering - 9.0.1-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue May 23 2017 Tomas Orsava - 9.0.1-10 +- Modernized package descriptions +Resolves: rhbz#1452568 + +* Tue Mar 21 2017 Tomas Orsava - 9.0.1-9 +- Fix typo in the sudo pip warning + +* Fri Mar 03 2017 Tomas Orsava - 9.0.1-8 +- Patch 1 update: No sudo pip warning in venv or virtualenv + +* Thu Feb 23 2017 Tomas Orsava - 9.0.1-7 +- Patch 1 update: Customize the warning with the proper version of the pip + command + +* Tue Feb 14 2017 Tomas Orsava - 9.0.1-6 +- Added patch 1: Emit a warning when running with root privileges + +* Sat Feb 11 2017 Fedora Release Engineering - 9.0.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Mon Jan 02 2017 Tomas Orsava - 9.0.1-4 +- Provide symlinks to executables to comply with Fedora guidelines for Python +Resolves: rhbz#1406922 + +* Fri Dec 09 2016 Charalampos Stratakis - 9.0.1-3 +- Rebuild for Python 3.6 with wheel + +* Fri Dec 09 2016 Charalampos Stratakis - 9.0.1-2 +- Rebuild for Python 3.6 without wheel + +* Fri Nov 18 2016 Orion Poplawski - 9.0.1-1 +- Update to 9.0.1 + +* Fri Nov 18 2016 Orion Poplawski - 8.1.2-5 +- Enable EPEL Python 3 builds +- Use new python macros +- Cleanup spec + +* Fri Aug 05 2016 Tomas Orsava - 8.1.2-4 +- Updated the test sources + +* Fri Aug 05 2016 Tomas Orsava - 8.1.2-3 +- Moved python-pip into the python2-pip subpackage +- Added the python_provide macro + +* Tue Jul 19 2016 Fedora Release Engineering - 8.1.2-2 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + +* Tue May 17 2016 Tomas Orsava - 8.1.2-1 +- Update to 8.1.2 +- Moved to a new PyPI URL format +- Updated the prefix-stripping patch because of upstream changes in pip/wheel.py + +* Mon Feb 22 2016 Slavek Kabrda - 8.0.2-1 +- Update to 8.0.2 + +* Thu Feb 04 2016 Fedora Release Engineering - 7.1.0-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Oct 14 2015 Robert Kuska - 7.1.0-3 +- Rebuilt for Python3.5 rebuild +- With wheel set to 1 + +* Tue Oct 13 2015 Robert Kuska - 7.1.0-2 +- Rebuilt for Python3.5 rebuild + +* Wed Jul 01 2015 Slavek Kabrda - 7.1.0-1 +- Update to 7.1.0 + +* Tue Jun 30 2015 Ville Skyttä - 7.0.3-3 +- Install bash completion +- Ship LICENSE.txt as %%license where available + +* Thu Jun 18 2015 Fedora Release Engineering - 7.0.3-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Thu Jun 04 2015 Matej Stuchlik - 7.0.3-1 +- Update to 7.0.3 + +* Fri Mar 06 2015 Matej Stuchlik - 6.0.8-1 +- Update to 6.0.8 + +* Thu Dec 18 2014 Slavek Kabrda - 1.5.6-5 +- Only enable tests on Fedora. + +* Mon Dec 01 2014 Matej Stuchlik - 1.5.6-4 +- Add tests +- Add patch skipping tests requiring Internet access + +* Tue Nov 18 2014 Matej Stuchlik - 1.5.6-3 +- Added patch for local dos with predictable temp dictionary names + (http://seclists.org/oss-sec/2014/q4/655) + +* Sat Jun 07 2014 Fedora Release Engineering - 1.5.6-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Sun May 25 2014 Matej Stuchlik - 1.5.6-1 +- Update to 1.5.6 + +* Fri Apr 25 2014 Matej Stuchlik - 1.5.4-4 +- Rebuild as wheel for Python 3.4 + +* Thu Apr 24 2014 Matej Stuchlik - 1.5.4-3 +- Disable build_wheel + +* Thu Apr 24 2014 Matej Stuchlik - 1.5.4-2 +- Rebuild as wheel for Python 3.4 + +* Mon Apr 07 2014 Matej Stuchlik - 1.5.4-1 +- Updated to 1.5.4 + +* Mon Oct 14 2013 Tim Flink - 1.4.1-1 +- Removed patch for CVE 2013-2099 as it has been included in the upstream 1.4.1 release +- Updated version to 1.4.1 + +* Sun Aug 04 2013 Fedora Release Engineering - 1.3.1-5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Tue Jul 16 2013 Toshio Kuratomi - 1.3.1-4 +- Fix for CVE 2013-2099 + +* Thu May 23 2013 Tim Flink - 1.3.1-3 +- undo python2 executable rename to python-pip. fixes #958377 +- fix summary to match upstream + +* Mon May 06 2013 Kevin Kofler - 1.3.1-2 +- Fix main package Summary, it's for Python 2, not 3 (#877401) + +* Fri Apr 26 2013 Jon Ciesla - 1.3.1-1 +- Update to 1.3.1, fix for CVE-2013-1888. + +* Thu Feb 14 2013 Fedora Release Engineering - 1.2.1-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild + +* Tue Oct 09 2012 Tim Flink - 1.2.1-2 +- Fixing files for python3-pip + +* Thu Oct 04 2012 Tim Flink - 1.2.1-1 +- Update to upstream 1.2.1 +- Change binary from pip-python to python-pip (RHBZ#855495) +- Add alias from python-pip to pip-python, to be removed at a later date + +* Tue May 15 2012 Tim Flink - 1.1.0-1 +- Update to upstream 1.1.0 + +* Sat Jan 14 2012 Fedora Release Engineering - 1.0.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Sat Oct 22 2011 Tim Flink - 1.0.2-1 +- update to 1.0.2 and added python3 subpackage + +* Wed Jun 22 2011 Tim Flink - 0.8.3-1 +- update to 0.8.3 and project home page + +* Tue Feb 08 2011 Fedora Release Engineering - 0.8.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Mon Dec 20 2010 Luke Macken - 0.8.2-1 +- update to 0.8.2 of pip +* Mon Aug 30 2010 Peter Halliday - 0.8-1 +- update to 0.8 of pip +* Thu Jul 22 2010 David Malcolm - 0.7.2-5 +- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild + +* Wed Jul 7 2010 Peter Halliday - 0.7.2-1 +- update to 0.7.2 of pip +* Sun May 23 2010 Peter Halliday - 0.7.1-1 +- update to 0.7.1 of pip +* Fri Jan 1 2010 Peter Halliday - 0.6.1.4 +- fix dependency issue +* Fri Dec 18 2009 Peter Halliday - 0.6.1-2 +- fix spec file +* Thu Dec 17 2009 Peter Halliday - 0.6.1-1 +- upgrade to 0.6.1 of pip +* Mon Aug 31 2009 Peter Halliday - 0.4-1 +- Initial package +