diff --git a/.gitignore b/.gitignore index 86d7491..17f25ed 100644 --- a/.gitignore +++ b/.gitignore @@ -1 +1 @@ -SOURCES/pip-21.0.1.tar.gz +SOURCES/pip-21.2.3.tar.gz diff --git a/.python-pip.metadata b/.python-pip.metadata index 29cee1d..5bc4c55 100644 --- a/.python-pip.metadata +++ b/.python-pip.metadata @@ -1 +1 @@ -ccdc77442a6d5f943cdce39a94459334370e7b8c SOURCES/pip-21.0.1.tar.gz +c899dfeece28336424046e097bc48783a5d4264b SOURCES/pip-21.2.3.tar.gz diff --git a/SOURCES/9760.patch b/SOURCES/9760.patch deleted file mode 100644 index fb7e379..0000000 --- a/SOURCES/9760.patch +++ /dev/null @@ -1,111 +0,0 @@ -From 960c01adce491de00ef7a8d02a32fea31b15a1dc Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= -Date: Fri, 2 Apr 2021 02:39:11 +0200 -Subject: [PATCH] Update urllib3 to 1.26.4 to fix CVE-2021-28363 - ---- - news/CVE-2021-28363.vendor.rst | 1 + - src/pip/_vendor/urllib3/_version.py | 2 +- - src/pip/_vendor/urllib3/connection.py | 8 ++++++-- - src/pip/_vendor/urllib3/exceptions.py | 12 +++++++++++- - src/pip/_vendor/urllib3/util/retry.py | 1 + - src/pip/_vendor/vendor.txt | 2 +- - 6 files changed, 21 insertions(+), 5 deletions(-) - create mode 100644 news/CVE-2021-28363.vendor.rst - -diff --git a/news/CVE-2021-28363.vendor.rst b/news/CVE-2021-28363.vendor.rst -new file mode 100644 -index 00000000000..29700ab7469 ---- /dev/null -+++ b/news/CVE-2021-28363.vendor.rst -@@ -0,0 +1 @@ -+Update urllib3 to 1.26.4 to fix CVE-2021-28363 -diff --git a/src/pip/_vendor/urllib3/_version.py b/src/pip/_vendor/urllib3/_version.py -index 2dba29e3fbe..97c983300b0 100644 ---- a/src/pip/_vendor/urllib3/_version.py -+++ b/src/pip/_vendor/urllib3/_version.py -@@ -1,2 +1,2 @@ - # This file is protected via CODEOWNERS --__version__ = "1.26.2" -+__version__ = "1.26.4" -diff --git a/src/pip/_vendor/urllib3/connection.py b/src/pip/_vendor/urllib3/connection.py -index 660d679c361..45580b7e1ea 100644 ---- a/src/pip/_vendor/urllib3/connection.py -+++ b/src/pip/_vendor/urllib3/connection.py -@@ -67,7 +67,7 @@ class BrokenPipeError(Exception): - - # When it comes time to update this value as a part of regular maintenance - # (ie test_recent_date is failing) update it to ~6 months before the current date. --RECENT_DATE = datetime.date(2019, 1, 1) -+RECENT_DATE = datetime.date(2020, 7, 1) - - _CONTAINS_CONTROL_CHAR_RE = re.compile(r"[^-!#$%&'*+.^_`|~0-9a-zA-Z]") - -@@ -215,7 +215,7 @@ def putrequest(self, method, url, *args, **kwargs): - - def putheader(self, header, *values): - """""" -- if SKIP_HEADER not in values: -+ if not any(isinstance(v, str) and v == SKIP_HEADER for v in values): - _HTTPConnection.putheader(self, header, *values) - elif six.ensure_str(header.lower()) not in SKIPPABLE_HEADERS: - raise ValueError( -@@ -490,6 +490,10 @@ def _connect_tls_proxy(self, hostname, conn): - self.ca_cert_dir, - self.ca_cert_data, - ) -+ # By default urllib3's SSLContext disables `check_hostname` and uses -+ # a custom check. For proxies we're good with relying on the default -+ # verification. -+ ssl_context.check_hostname = True - - # If no cert was provided, use only the default options for server - # certificate validation -diff --git a/src/pip/_vendor/urllib3/exceptions.py b/src/pip/_vendor/urllib3/exceptions.py -index d69958d5dfc..cba6f3f560f 100644 ---- a/src/pip/_vendor/urllib3/exceptions.py -+++ b/src/pip/_vendor/urllib3/exceptions.py -@@ -289,7 +289,17 @@ class ProxySchemeUnknown(AssertionError, URLSchemeUnknown): - # TODO(t-8ch): Stop inheriting from AssertionError in v2.0. - - def __init__(self, scheme): -- message = "Not supported proxy scheme %s" % scheme -+ # 'localhost' is here because our URL parser parses -+ # localhost:8080 -> scheme=localhost, remove if we fix this. -+ if scheme == "localhost": -+ scheme = None -+ if scheme is None: -+ message = "Proxy URL had no scheme, should start with http:// or https://" -+ else: -+ message = ( -+ "Proxy URL had unsupported scheme %s, should use http:// or https://" -+ % scheme -+ ) - super(ProxySchemeUnknown, self).__init__(message) - - -diff --git a/src/pip/_vendor/urllib3/util/retry.py b/src/pip/_vendor/urllib3/util/retry.py -index ee51f922f84..d25a41b42ea 100644 ---- a/src/pip/_vendor/urllib3/util/retry.py -+++ b/src/pip/_vendor/urllib3/util/retry.py -@@ -253,6 +253,7 @@ def __init__( - "Using 'method_whitelist' with Retry is deprecated and " - "will be removed in v2.0. Use 'allowed_methods' instead", - DeprecationWarning, -+ stacklevel=2, - ) - allowed_methods = method_whitelist - if allowed_methods is _Default: -diff --git a/src/pip/_vendor/vendor.txt b/src/pip/_vendor/vendor.txt -index 51a5508479e..868baba6f01 100644 ---- a/src/pip/_vendor/vendor.txt -+++ b/src/pip/_vendor/vendor.txt -@@ -13,7 +13,7 @@ requests==2.25.1 - certifi==2020.12.05 - chardet==4.0.0 - idna==2.10 -- urllib3==1.26.2 -+ urllib3==1.26.4 - resolvelib==0.5.4 - retrying==1.3.3 - setuptools==44.0.0 diff --git a/SOURCES/don-t-split-git-references-on-unicode-separators.patch b/SOURCES/don-t-split-git-references-on-unicode-separators.patch deleted file mode 100644 index 031c418..0000000 --- a/SOURCES/don-t-split-git-references-on-unicode-separators.patch +++ /dev/null @@ -1,33 +0,0 @@ -From ca24e4bfa60cec8341ccf40000a41bc9592713df Mon Sep 17 00:00:00 2001 -From: Karolina Surma -Date: Mon, 17 May 2021 11:34:30 +0200 -Subject: [PATCH] Don't split git references on unicode separators - ---- - src/pip/_internal/vcs/git.py | 10 ++++++++-- - 1 file changed, 8 insertions(+), 2 deletions(-) -diff --git a/src/pip/_internal/vcs/git.py b/src/pip/_internal/vcs/git.py -index cc22cd7..308e857 100644 ---- a/src/pip/_internal/vcs/git.py -+++ b/src/pip/_internal/vcs/git.py -@@ -147,9 +147,15 @@ class Git(VersionControl): - on_returncode='ignore', - ) - refs = {} -- for line in output.strip().splitlines(): -+ # NOTE: We do not use splitlines here since that would split on other -+ # unicode separators, which can be maliciously used to install a -+ # different revision. -+ for line in output.strip().split("\n"): -+ line = line.rstrip("\r") -+ if not line: -+ continue - try: -- sha, ref = line.split() -+ sha, ref = line.split(" ", maxsplit=2) - except ValueError: - # Include the offending line to simplify troubleshooting if - # this error ever occurs. --- -2.31.1 - diff --git a/SOURCES/dummy-certifi.patch b/SOURCES/dummy-certifi.patch index 992aed4..459eada 100644 --- a/SOURCES/dummy-certifi.patch +++ b/SOURCES/dummy-certifi.patch @@ -1,25 +1,26 @@ -From cf96ff346639d1b9f5efa3fd0976694e04df3f5f Mon Sep 17 00:00:00 2001 -From: Tomas Hrnciar -Date: Sun, 26 Apr 2020 21:38:44 +0200 +From 2c58d7301dd5a47570f782fe2fce7fbb1918f60c Mon Sep 17 00:00:00 2001 +From: Karolina Surma +Date: Mon, 10 May 2021 16:38:50 +0200 Subject: [PATCH] Dummy certifi patch +Co-Authored-By: Tomas Hrnciar --- src/pip/_vendor/certifi/core.py | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/pip/_vendor/certifi/core.py b/src/pip/_vendor/certifi/core.py -index 8987449..d174ced 100644 +index b8140cf..f1a0b01 100644 --- a/src/pip/_vendor/certifi/core.py +++ b/src/pip/_vendor/certifi/core.py -@@ -9,6 +9,7 @@ This module returns the installation location of cacert.pem or its contents. - import os - +@@ -14,6 +14,7 @@ class _PipPatchedCertificate(Exception): + + try: + raise ImportError # force fallback - from importlib.resources import path as get_path, read_text - - _CACERT_CTX = None -@@ -51,9 +52,7 @@ except ImportError: + # Return a certificate file on disk for a standalone pip zipapp running in + # an isolated build environment to use. Passing --cert to the standalone + # pip does not work since requests calls where() unconditionally on import. +@@ -67,9 +68,7 @@ except ImportError: # If we don't have importlib.resources, then we will just do the old logic # of assuming we're on the filesystem and munge the path directly. def where(): @@ -27,9 +28,9 @@ index 8987449..d174ced 100644 - - return os.path.join(f, "cacert.pem") + return '/etc/pki/tls/certs/ca-bundle.crt' - - + + def contents(): --- -2.25.4 +-- +2.30.2 diff --git a/SOURCES/emit-a-warning-when-running-with-root-privileges.patch b/SOURCES/emit-a-warning-when-running-with-root-privileges.patch deleted file mode 100644 index 7c6a390..0000000 --- a/SOURCES/emit-a-warning-when-running-with-root-privileges.patch +++ /dev/null @@ -1,51 +0,0 @@ -From 74bb5d26e232493de43adfa1f4b42b66fd701294 Mon Sep 17 00:00:00 2001 -From: Tomas Hrnciar -Date: Sun, 26 Apr 2020 13:52:24 +0200 -Subject: [PATCH] Downstream only patch - -Emit a warning to the user if pip install is run with root privileges -Issue upstream: https://github.com/pypa/pip/issues/4288 ---- - src/pip/_internal/commands/install.py | 19 +++++++++++++++++++ - 1 file changed, 19 insertions(+) - -diff --git a/src/pip/_internal/commands/install.py b/src/pip/_internal/commands/install.py -index 70bda2e2..1e750ae1 100644 ---- a/src/pip/_internal/commands/install.py -+++ b/src/pip/_internal/commands/install.py -@@ -13,6 +13,8 @@ import operator - import os - import shutil - import site -+import sys -+from os import path - from optparse import SUPPRESS_HELP - - from pip._vendor import pkg_resources -@@ -241,6 +243,23 @@ class InstallCommand(RequirementCommand): - raise CommandError("Can not combine '--user' and '--target'") - - cmdoptions.check_install_build_global(options) -+ -+ def is_venv(): -+ return (hasattr(sys, 'real_prefix') or -+ (hasattr(sys, 'base_prefix') and -+ sys.base_prefix != sys.prefix)) -+ -+ # Check whether we have root privileges and aren't in venv/virtualenv -+ if os.getuid() == 0 and not is_venv() and not options.root_path: -+ command = path.basename(sys.argv[0]) -+ if command == "__main__.py": -+ command = path.basename(sys.executable) + " -m pip" -+ logger.warning( -+ "Running pip install with root privileges is " -+ "generally not a good idea. Try `%s install --user` instead." -+ % command -+ ) -+ - upgrade_strategy = "to-satisfy-only" - if options.upgrade: - upgrade_strategy = options.upgrade_strategy --- -2.23.0 - diff --git a/SOURCES/no-version-warning.patch b/SOURCES/no-version-warning.patch index 6d7268f..6c34bec 100644 --- a/SOURCES/no-version-warning.patch +++ b/SOURCES/no-version-warning.patch @@ -1,7 +1,8 @@ -diff -rU3 pip-20.3-orig/src/pip/_vendor/packaging/version.py pip-20.3/src/pip/_vendor/packaging/version.py ---- pip-20.3-orig/src/pip/_vendor/packaging/version.py 2020-11-30 12:58:32.000000000 +0100 -+++ pip-20.3/src/pip/_vendor/packaging/version.py 2020-12-16 21:25:15.818221608 +0100 -@@ -124,11 +124,6 @@ +diff --git a/src/pip/_vendor/packaging/version.py b/src/pip/_vendor/packaging/version.py +index de9a09a..154e94d 100644 +--- a/src/pip/_vendor/packaging/version.py ++++ b/src/pip/_vendor/packaging/version.py +@@ -108,11 +108,6 @@ class LegacyVersion(_BaseVersion): self._version = str(version) self._key = _legacy_cmpkey(self._version) @@ -11,5 +12,5 @@ diff -rU3 pip-20.3-orig/src/pip/_vendor/packaging/version.py pip-20.3/src/pip/_v - DeprecationWarning, - ) - def __str__(self): - # type: () -> str + def __str__(self) -> str: + return self._version diff --git a/SOURCES/nowarn-pip._internal.main.patch b/SOURCES/nowarn-pip._internal.main.patch index 7027cf5..1490643 100644 --- a/SOURCES/nowarn-pip._internal.main.patch +++ b/SOURCES/nowarn-pip._internal.main.patch @@ -1,10 +1,12 @@ -From 7c36cb21910b415e0eb171d0f6c4dbf72382fdaf Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= -Date: Tue, 10 Mar 2020 11:03:22 +0100 +From 619782ad2d181fe2933ddf4edc7127fdc13dd0df Mon Sep 17 00:00:00 2001 +From: Karolina Surma +Date: Mon, 10 May 2021 16:48:49 +0200 Subject: [PATCH] Don't warn the user about pip._internal.main() entrypoint In Fedora, we use that in ensurepip and users cannot do anything about it, this warning is juts moot. Also, the warning breaks CPython test suite. + +Co-Authored-By: =?UTF-8?q?Miro=20Hron=C4=8Dok?= --- src/pip/_internal/__init__.py | 2 +- src/pip/_internal/utils/entrypoints.py | 19 ++++++++++--------- @@ -12,29 +14,29 @@ this warning is juts moot. Also, the warning breaks CPython test suite. 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/src/pip/_internal/__init__.py b/src/pip/_internal/__init__.py -index 3aa8a46..0ec017b 100755 +index 6afb5c6..faf25af 100755 --- a/src/pip/_internal/__init__.py +++ b/src/pip/_internal/__init__.py -@@ -15,4 +15,4 @@ def main(args=None): +@@ -16,4 +16,4 @@ def main(args: (Optional[List[str]]) = None) -> int: """ from pip._internal.utils.entrypoints import _wrapper - return _wrapper(args) + return _wrapper(args, _nowarn=True) diff --git a/src/pip/_internal/utils/entrypoints.py b/src/pip/_internal/utils/entrypoints.py -index befd01c..d6f3632 100644 +index 1504a12..07d941b 100644 --- a/src/pip/_internal/utils/entrypoints.py +++ b/src/pip/_internal/utils/entrypoints.py -@@ -7,7 +7,7 @@ if MYPY_CHECK_RUNNING: - from typing import List, Optional +@@ -4,7 +4,7 @@ from typing import List, Optional + from pip._internal.cli.main import main --def _wrapper(args=None): -+def _wrapper(args=None, _nowarn=False): - # type: (Optional[List[str]]) -> int +-def _wrapper(args: Optional[List[str]] = None) -> int: ++def _wrapper(args: Optional[List[str]] = None, _nowarn: bool = False) -> int: """Central wrapper for all old entrypoints. -@@ -20,12 +20,13 @@ def _wrapper(args=None): + Historically pip has had several entrypoints defined. Because of issues +@@ -16,12 +16,13 @@ def _wrapper(args: Optional[List[str]] = None) -> int: directing them to an appropriate place for help, we now define all of our old entrypoints as wrappers for the current one. """ @@ -68,5 +70,5 @@ index e416315..7f57f67 100644 + if entrypoint[0] != "fake_pip = pip._internal:main": + assert "old script wrapper" in result2.stderr -- -2.24.1 +2.32.0 diff --git a/SOURCES/remove-existing-dist-only-if-path-conflicts.patch b/SOURCES/remove-existing-dist-only-if-path-conflicts.patch index 3913557..e68e892 100644 --- a/SOURCES/remove-existing-dist-only-if-path-conflicts.patch +++ b/SOURCES/remove-existing-dist-only-if-path-conflicts.patch @@ -1,6 +1,6 @@ -From f83eacf40f1506418e74d747906b8f108401f91d Mon Sep 17 00:00:00 2001 -From: Lumir Balhar -Date: Tue, 26 Jan 2021 09:05:07 +0100 +From aca0c9df4ef54f70a3fedb07f4faac463f88a331 Mon Sep 17 00:00:00 2001 +From: Karolina Surma +Date: Mon, 10 May 2021 18:16:20 +0200 Subject: [PATCH] Prevent removing of the system packages installed under /usr/lib @@ -11,6 +11,8 @@ Resolves: rhbz#1550368 Co-Authored-By: Michal Cyprian Co-Authored-By: Victor Stinner Co-Authored-By: Petr Viktorin +Co-Authored-By: Lumir Balhar +Co-Authored-By: Miro Hrončok --- src/pip/_internal/req/req_install.py | 3 ++- src/pip/_internal/resolution/legacy/resolver.py | 5 ++++- @@ -19,10 +21,10 @@ Co-Authored-By: Petr Viktorin 4 files changed, 27 insertions(+), 2 deletions(-) diff --git a/src/pip/_internal/req/req_install.py b/src/pip/_internal/req/req_install.py -index 6d0aa30..0a5f8ed 100644 +index 4c58cdb..3570e17 100644 --- a/src/pip/_internal/req/req_install.py +++ b/src/pip/_internal/req/req_install.py -@@ -39,6 +39,7 @@ from pip._internal.utils.misc import ( +@@ -43,6 +43,7 @@ from pip._internal.utils.misc import ( ask_path_exists, backup_dir, display_path, @@ -30,7 +32,7 @@ index 6d0aa30..0a5f8ed 100644 dist_in_site_packages, dist_in_usersite, get_distribution, -@@ -445,7 +446,7 @@ class InstallRequirement: +@@ -426,7 +427,7 @@ class InstallRequirement: "lack sys.path precedence to {} in {}".format( existing_dist.project_name, existing_dist.location) ) @@ -40,18 +42,18 @@ index 6d0aa30..0a5f8ed 100644 else: if self.editable: diff --git a/src/pip/_internal/resolution/legacy/resolver.py b/src/pip/_internal/resolution/legacy/resolver.py -index 665dba1..a219e63 100644 +index 4df8f7e..dda2292 100644 --- a/src/pip/_internal/resolution/legacy/resolver.py +++ b/src/pip/_internal/resolution/legacy/resolver.py -@@ -34,6 +34,7 @@ from pip._internal.resolution.base import BaseResolver +@@ -42,6 +42,7 @@ from pip._internal.resolution.base import BaseResolver, InstallRequirementProvid from pip._internal.utils.compatibility_tags import get_supported from pip._internal.utils.logging import indent_log from pip._internal.utils.misc import dist_in_usersite, normalize_version_info +from pip._internal.utils.misc import dist_in_install_path from pip._internal.utils.packaging import check_requires_python, get_requires_python - from pip._internal.utils.typing import MYPY_CHECK_RUNNING -@@ -204,7 +205,9 @@ class Resolver(BaseResolver): + logger = logging.getLogger(__name__) +@@ -194,7 +195,9 @@ class Resolver(BaseResolver): """ # Don't uninstall the conflict if doing a user install and the # conflict is not a user install. @@ -63,34 +65,41 @@ index 665dba1..a219e63 100644 req.satisfied_by = None diff --git a/src/pip/_internal/resolution/resolvelib/factory.py b/src/pip/_internal/resolution/resolvelib/factory.py -index be0729e..bc2912b 100644 +index e7fd344..555e657 100644 --- a/src/pip/_internal/resolution/resolvelib/factory.py +++ b/src/pip/_internal/resolution/resolvelib/factory.py -@@ -1,5 +1,6 @@ +@@ -1,6 +1,7 @@ + import contextlib import functools import logging +import sys - - from pip._vendor.packaging.utils import canonicalize_name - -@@ -19,7 +20,9 @@ from pip._internal.utils.misc import ( - dist_in_site_packages, - dist_in_usersite, - get_installed_distributions, -+ dist_location, + from typing import ( + TYPE_CHECKING, + Dict, +@@ -34,6 +35,7 @@ from pip._internal.exceptions import ( + UnsupportedWheel, ) -+from pip._internal.locations import distutils_scheme - from pip._internal.utils.typing import MYPY_CHECK_RUNNING + from pip._internal.index.package_finder import PackageFinder ++from pip._internal.locations import get_scheme + from pip._internal.metadata import BaseDistribution, get_default_environment + from pip._internal.models.link import Link + from pip._internal.models.wheel import Wheel +@@ -46,6 +48,7 @@ from pip._internal.req.req_install import ( + from pip._internal.resolution.base import InstallRequirementProvider + from pip._internal.utils.compatibility_tags import get_supported + from pip._internal.utils.hashes import Hashes ++from pip._internal.utils.misc import dist_location from pip._internal.utils.virtualenv import running_under_virtualenv -@@ -362,6 +365,13 @@ class Factory: + from .base import Candidate, CandidateVersion, Constraint, Requirement +@@ -525,6 +528,13 @@ class Factory: if dist is None: # Not installed, no uninstallation required. return None + # Prevent uninstalling packages from /usr -+ if dist_location(dist) in ( -+ distutils_scheme('', prefix=sys.base_prefix)['purelib'], -+ distutils_scheme('', prefix=sys.base_prefix)['platlib'], ++ if dist_location(dist._dist) in ( ++ get_scheme('', prefix=sys.base_prefix).purelib, ++ get_scheme('', prefix=sys.base_prefix).platlib, + ): + return None + @@ -98,18 +107,18 @@ index be0729e..bc2912b 100644 # be uninstalled, no matter it's in global or user site, because the # user site installation has precedence over global. diff --git a/src/pip/_internal/utils/misc.py b/src/pip/_internal/utils/misc.py -index 6dd94e2..7925518 100644 +index 99ebea3..5901687 100644 --- a/src/pip/_internal/utils/misc.py +++ b/src/pip/_internal/utils/misc.py -@@ -27,6 +27,7 @@ from pip._vendor.retrying import retry # type: ignore +@@ -40,6 +40,7 @@ from pip._vendor.tenacity import retry, stop_after_delay, wait_fixed from pip import __version__ from pip._internal.exceptions import CommandError from pip._internal.locations import get_major_minor_version, site_packages, user_site -+from pip._internal.locations import distutils_scheme, get_major_minor_version, site_packages, user_site ++from pip._internal.locations import get_scheme from pip._internal.utils.compat import WINDOWS, stdlib_pkgs - from pip._internal.utils.typing import MYPY_CHECK_RUNNING, cast from pip._internal.utils.virtualenv import ( -@@ -398,6 +399,16 @@ def dist_in_site_packages(dist): + running_under_virtualenv, +@@ -382,6 +383,16 @@ def dist_in_site_packages(dist): return dist_location(dist).startswith(normalize_path(site_packages)) @@ -120,12 +129,12 @@ index 6dd94e2..7925518 100644 + """ + norm_path = normalize_path(dist_location(dist)) + return norm_path.startswith(normalize_path( -+ distutils_scheme("")['purelib'].split('python')[0])) ++ get_scheme("").purelib.split('python')[0])) + + def dist_is_editable(dist): # type: (Distribution) -> bool """ -- -2.29.2 +2.32.0 diff --git a/SPECS/python-pip.spec b/SPECS/python-pip.spec index 967f35c..4cea8d2 100644 --- a/SPECS/python-pip.spec +++ b/SPECS/python-pip.spec @@ -13,7 +13,7 @@ %endif %global srcname pip -%global base_version 21.0.1 +%global base_version 21.2.3 %global upstream_version %{base_version}%{?prerel} %global python_wheelname %{srcname}-%{upstream_version}-py3-none-any.whl %global python_wheeldir %{_datadir}/python-wheels @@ -22,7 +22,7 @@ Name: python-%{srcname} Version: %{base_version}%{?prerel:~%{prerel}} -Release: 6%{?dist} +Release: 3%{?dist} Summary: A tool for installing and managing Python packages # We bundle a lot of libraries with pip, which itself is under MIT license. @@ -33,7 +33,6 @@ Summary: A tool for installing and managing Python packages # chardet: LGPLv2 # colorama: BSD # CacheControl: ASL 2.0 -# contextlib2: Python # distlib: Python # distro: ASL 2.0 # html5lib: MIT @@ -46,10 +45,10 @@ Summary: A tool for installing and managing Python packages # pyparsing: MIT # requests: ASL 2.0 # resolvelib: ISC -# retrying: ASL 2.0 # setuptools: MIT # six: MIT -# toml: MIT +# tenacity: ASL 2.0 +# tomli: MIT # urllib3: MIT # webencodings: BSD @@ -68,12 +67,6 @@ BuildRequires: python-setuptools-wheel BuildRequires: python-wheel-wheel %endif -# Downstream only patch -# Emit a warning to the user if pip install is run with root privileges -# Upstream discussion: -# https://discuss.python.org/t/playing-nice-with-external-package-managers/1968/20 -Patch1: emit-a-warning-when-running-with-root-privileges.patch - # Prevent removing of the system packages installed under /usr/lib # when pip install -U is executed. # https://bugzilla.redhat.com/show_bug.cgi?id=1550368#c24 @@ -93,17 +86,6 @@ Patch5: nowarn-pip._internal.main.patch # Upstream issue: https://github.com/pypa/packaging/issues/368 Patch6: no-version-warning.patch -# Update vendored urrlib3 to 1.26.4 to fix CVE-2021-28363 -# Security patch backported from pip 21.1 -Patch7: https://github.com/pypa/pip/pull/9760.patch - -# Don't split git references on unicode separators, -# which could be maliciously used to install a different revision on the -# repository. -# Security patch backported from pip 21.1.1 -# Upstream PR: https://github.com/pypa/pip/pull/9827 -Patch8: don-t-split-git-references-on-unicode-separators.patch - # Downstream only patch # Users might have local installations of pip from using # `pip install --user --upgrade pip` on older/newer versions. @@ -141,26 +123,25 @@ Packages" or "Pip Installs Python". %global bundled() %{expand: Provides: bundled(python%{1}dist(appdirs)) = 1.4.4 Provides: bundled(python%{1}dist(cachecontrol)) = 0.12.6 -Provides: bundled(python%{1}dist(certifi)) = 2020.12.5 +Provides: bundled(python%{1}dist(certifi)) = 2021.5.30 Provides: bundled(python%{1}dist(chardet)) = 4 Provides: bundled(python%{1}dist(colorama)) = 0.4.4 -Provides: bundled(python%{1}dist(contextlib2)) = 0.6^post1 -Provides: bundled(python%{1}dist(distlib)) = 0.3.1 +Provides: bundled(python%{1}dist(distlib)) = 0.3.2 Provides: bundled(python%{1}dist(distro)) = 1.5 Provides: bundled(python%{1}dist(html5lib)) = 1.1 -Provides: bundled(python%{1}dist(idna)) = 2.10 +Provides: bundled(python%{1}dist(idna)) = 3.2 Provides: bundled(python%{1}dist(msgpack)) = 1.0.2 -Provides: bundled(python%{1}dist(packaging)) = 20.9 -Provides: bundled(python%{1}dist(pep517)) = 0.9.1 +Provides: bundled(python%{1}dist(packaging)) = 21 +Provides: bundled(python%{1}dist(pep517)) = 0.11 Provides: bundled(python%{1}dist(progress)) = 1.5 Provides: bundled(python%{1}dist(pyparsing)) = 2.4.7 -Provides: bundled(python%{1}dist(requests)) = 2.25.1 -Provides: bundled(python%{1}dist(resolvelib)) = 0.5.4 -Provides: bundled(python%{1}dist(retrying)) = 1.3.3 +Provides: bundled(python%{1}dist(requests)) = 2.26 +Provides: bundled(python%{1}dist(resolvelib)) = 0.7.1 Provides: bundled(python%{1}dist(setuptools)) = 44 -Provides: bundled(python%{1}dist(six)) = 1.15 -Provides: bundled(python%{1}dist(toml)) = 0.10.2 -Provides: bundled(python%{1}dist(urllib3)) = 1.26.4 +Provides: bundled(python%{1}dist(six)) = 1.16 +Provides: bundled(python%{1}dist(tenacity)) = 8.0.1 +Provides: bundled(python%{1}dist(tomli)) = 1.0.3 +Provides: bundled(python%{1}dist(urllib3)) = 1.26.6 Provides: bundled(python%{1}dist(webencodings)) = 0.5.1 } @@ -239,6 +220,8 @@ Summary: A documentation for a tool for installing and managing Python pa BuildRequires: python%{python3_pkgversion}-sphinx BuildRequires: python%{python3_pkgversion}-sphinx-inline-tabs +BuildRequires: python%{python3_pkgversion}-sphinx-copybutton +BuildRequires: python%{python3_pkgversion}-myst-parser %description doc A documentation for a tool for installing and managing Python packages @@ -268,7 +251,7 @@ rm src/pip/_vendor/certifi/*.pem sed -i '/html_theme = "furo"/d' docs/html/conf.py # towncrier extension for Sphinx is not yet available in Fedora -sed -i "/'sphinxcontrib.towncrier',/d" docs/html/conf.py +sed -i '/"sphinxcontrib.towncrier",/d' docs/html/conf.py # tests expect wheels in here ln -s %{python_wheeldir} tests/data/common_wheels @@ -276,6 +259,9 @@ ln -s %{python_wheeldir} tests/data/common_wheels # Remove shebang from files in bundled chardet grep -lr "^#\!/usr/bin/env python" src/pip/_vendor/chardet/ | xargs sed -i "1d" +# Remove windows executable binaries +rm -v src/pip/_vendor/distlib/*.exe +sed -i '/\.exe/d' setup.py %build %py3_build_wheel @@ -290,16 +276,20 @@ rm -rf docs/build/html/{.doctrees,.buildinfo} %install -# The following is similar to %%py3_install_wheel, but we don't have +# The following is similar to %%pyproject_install, but we don't have # /usr/bin/pip yet, so we install using the wheel directly. # (This is not standard wheel usage, but the pip wheel supports it -- see # pip/__main__.py) -%{__python3} dist/%{python_wheelname}/pip install \ +%{python3} dist/%{python_wheelname}/pip install \ --root %{buildroot} \ --no-deps \ - --no-cache-dir \ - --no-index \ + --disable-pip-version-check \ + --progress-bar off \ + --verbose \ --ignore-installed \ + --no-warn-script-location \ + --no-index \ + --no-cache-dir \ --find-links dist \ 'pip==%{upstream_version}' @@ -355,8 +345,6 @@ install -p dist/%{python_wheelname} -t %{buildroot}%{python_wheeldir} # needs unaltered sys.path and we cannot do that in %%check # test_pep517_and_build_options # test_config_file_venv_option -# TODO investigate failures -# test_uninstall_non_local_distutils # Incompatible with the latest virtualenv # test_from_link_vcs_with_source_dir_obtains_commit_id # test_from_link_vcs_without_source_dir @@ -364,7 +352,6 @@ install -p dist/%{python_wheelname} -t %{buildroot}%{python_wheeldir} pytest_k='not completion and not test_pep517_and_build_options and not test_config_file_venv_option and - not test_uninstall_non_local_distutils and not test_from_link_vcs_with_source_dir_obtains_commit_id and not test_from_link_vcs_without_source_dir and not test_should_cache_git_sha' @@ -379,8 +366,8 @@ pytest_k='not completion and %files -n python%{python3_pkgversion}-%{srcname} -%license LICENSE.txt %doc README.rst +%license %{python3_sitelib}/pip-%{upstream_version}.dist-info/LICENSE.txt %if %{with doc} %{_mandir}/man1/pip.* %{_mandir}/man1/pip-*.* @@ -410,6 +397,28 @@ pytest_k='not completion and %{python_wheeldir}/%{python_wheelname} %changelog +* Wed Oct 06 2021 Charalampos Stratakis - 21.2.3-3 +- Remove bundled windows executables +- Resolves: rhbz#2006795 + +* Mon Sep 13 2021 Miro Hrončok - 21.2.3-2 +- Fix broken uninstallation by a bogus downstream patch + +* Mon Sep 13 2021 Miro Hrončok - 21.2.3-1 +- Update to 21.2.3 +- Resolves: rhbz#1985635 + +* Mon Sep 13 2021 Lumír Balhar - 21.1.3-1 +- Update to 21.1.3 +Resolves: rhbz#1976449 + +* Mon Sep 13 2021 Karolina Surma - 21.1.2-1 +- Update to 21.1.2 +Resolves: rhbz#1963433 + +* Mon Sep 13 2021 Karolina Surma - 21.1.1-1 +- Update to 21.1.1 + * Tue Aug 10 2021 Mohan Boddu - 21.0.1-6 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688