Blob Blame History Raw
Name:           python-virtualenv
Version:        15.1.0
Release:        5%{?dist}
Summary:        Tool to create isolated Python environments

Group:          Development/Languages
License:        MIT

# Disable downloading pip, wheel and setuptools from pypi
# automatically when creating a new venv.
# Upstream commit that was reverted:
Patch0: disable-pypi-downloads-on-venv-creation.patch

# Patch for CVE in the bundled urllib3
# CVE-2018-20060 Cross-host redirect does not remove Authorization header allow for credential exposure
Patch1:         CVE-2018-20060.patch

# Patch for CVE in the bundled urllib3
# CVE-2019-11236 CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service
Patch2:         CVE-2019-11236.patch

# Patch for CVE in the bundled requests
# CVE-2018-18074 Redirect from HTTPS to HTTP does not remove Authorization header
# This patch fixes both the CVE
# and the subsequent regression
Patch3:         CVE-2018-18074.patch

# Use the system level root certificate instead of the one bundled in requests
# for the bundled pip
Patch4:         dummy-certifi.patch

# Don't fail on missing requests cert
Patch5:         dont-fail-on-missing-requests-cert.patch

BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

BuildArch:      noarch
BuildRequires:  python2-devel
Requires:       python2-setuptools, python2-devel

BuildRequires:  ca-certificates
Requires:       ca-certificates

Provides:       python2-virtualenv = %{version}-%{release}

%if 0%{?fedora}
BuildRequires:  python-sphinx

virtualenv is a tool to create isolated Python environments. virtualenv
is a successor to workingenv, and an extension of virtual-python. It is
written by Ian Bicking, and sponsored by the Open Planning Project. It is
licensed under an MIT-style permissive license.

%setup -q -n virtualenv-%{version}
%patch0 -p1
%{__sed} -i -e "1s|#!/usr/bin/env python||" 

# Patching of bundled libraries
pushd virtualenv_support/
# Extract wheel content
unzip pip-9.0.1-py2.py3-none-any.whl
pushd pip/_vendor/requests/packages/urllib3/
%patch1 -p1
%patch2 -p1
popd  # out of wheel
pushd pip/_vendor/requests/
%patch3 -p1
%patch4 -p1
popd # out of wheel
sed -i '/\.pem/d' pip-9.0.1.dist-info/RECORD
# Replace the pip folder in the zip archive (.whl)
zip -r pip-9.0.1-py2.py3-none-any.whl pip pip-9.0.1.dist-info
# Removal of the bundled request certificate
zip -d pip-9.0.1-py2.py3-none-any.whl pip/_vendor/requests/cacert.pem
# Remove unzipped folders
rm -rf pip/ pip-9.0.1.dist-info/
popd  # out of virtualenv_support
%patch5 -p1

# Build code
%{__python2} build

# Build docs on Fedora
%if 0%{?fedora} > 0
%{__python2} build_sphinx

%{__python2} install --skip-build --root $RPM_BUILD_ROOT
rm -f build/sphinx/html/.buildinfo

# The versioned 2.x script was removed from upstream. Add it back.
cp %{buildroot}/%{_bindir}/virtualenv %{buildroot}/%{_bindir}/virtualenv-%{python2_version}
cp %{buildroot}/%{_bindir}/virtualenv %{buildroot}/%{_bindir}/virtualenv-2


%doc docs/*rst PKG-INFO AUTHORS.txt LICENSE.txt
# Include sphinx docs on Fedora
%if 0%{?fedora} > 0
%doc build/sphinx/*
# For noarch packages: sitelib
%attr(755,root,root) %{_bindir}/virtualenv*

* Mon Nov 22 2021 Charalampos Stratakis <> - 15.1.0-5
- Use the system certs for the bundled pip
Resolves: rhbz#2015326

* Thu Feb 13 2020 Lumír Balhar <> - 15.1.0-4
- Bump
Resolves: rhbz#1649153
Resolves: rhbz#1700824
Resolves: rhbz#1643829

* Tue Jan 14 2020 Lumír Balhar <> - 15.1.0-3
- Add three new patches for CVEs in bundled urllib3 and requests
CVE-2018-20060, CVE-2019-11236, CVE-2018-18074
Resolves: rhbz#1649153
Resolves: rhbz#1700824
Resolves: rhbz#1643829

* Wed Sep 13 2017 Charalampos Stratakis <> - 15.1.0-2
- Add back the versioned virtualenv script
Resolves: rhbz#1461154

* Wed Sep 13 2017 Charalampos Stratakis <> - 15.1.0-1
- Rebase to version 15.1.0
- Disable automatic downloads from pypi on new venv creation
Resolves: rhbz#1461154

* Wed Feb 08 2017 Charalampos Stratakis <> - 1.10.1-4
- Fix Python 3.4 compatibility
Resolves: rhbz#1411685

* Mon May 09 2016 Tomas Orsava <> - 1.10.1-3
- Added a patch that shows a custom error message when a FILE passed to
  virtualenv to be used as 'home dir' already exists and is NOT a directory.
Resolves: rhbz#1306513

* Fri Dec 27 2013 Daniel Mach <> - 1.10.1-2
- Mass rebuild 2013-12-27

* Tue Aug 20 2013 Robert Kuska <> - 1.10.1-1
- Update to v1.10.1 to deal with different securiy issue
Resolves: CVE-2013-1633 

* Wed Jul 17 2013 Robert Kuska <> - 1.9.1-2
- Delete bundled libraries of pip and setuptools

* Tue May 14 2013 Toshio Kuratomi <> - 1.9.1-1
- Update to upstream 1.9.1 because of security issues with the bundled
  python-pip in older releases.  This is just a quick fix until a
  python-virtualenv maintainer can unbundle the python-pip package

* Thu Feb 14 2013 Fedora Release Engineering <> - 1.7.2-2
- Rebuilt for

* Tue Aug 14 2012 Steve Milner <> - 1.7.2-1
- Update for upstream bug fixes.
- Added path for versioned binary.
- Patch no longer required.

* Sat Jul 21 2012 Fedora Release Engineering <> -
- Rebuilt for

* Wed Mar 14 2012 Steve 'Ashcrow' Milner <> -
- Update for upstream bug fixes.
- Added patch for sphinx building

* Sat Jan 14 2012 Fedora Release Engineering <> - 1.7-2
- Rebuilt for

* Tue Dec 20 2011 Steve 'Ashcrow' Milner <> - 1.7-1
- Update for

* Wed Feb 09 2011 Fedora Release Engineering <> - 1.5.1-2
- Rebuilt for

* Sat Oct 16 2010 Steve 'Ashcrow' Milner <> - 1.5.1-1
- Added _weakrefset requirement for Python 2.7.1.
- Add support for PyPy.
- Uses a proper temporary dir when installing environment requirements.
- Add --prompt option to be able to override the default prompt prefix.
- Add fish and csh activate scripts.

* Thu Jul 22 2010 David Malcolm <> - 1.4.8-4
- Rebuilt for

* Tue Jul  7 2010 Steve 'Ashcrow' Milner <> - 1.4.8-3
- Fixed EPEL installation issue from BZ#611536

* Tue Jun  8 2010 Steve 'Ashcrow' Milner <> - 1.4.8-2
- Only replace the python shebang on the first line (Robert Buchholz)

* Fri Apr 28 2010 Steve 'Ashcrow' Milner <> - 1.4.8-1
- update pip to 0.7
- move regen-docs into bin/
- Fix #31, make work on Windows (use Lib/site-packages)
unset PYTHONHOME envioronment variable -- first step towards fixing the PYTHONHOME issue; see e.g.
- unset PYTHONHOME in the (Unix) activate script (and reset it in deactivate())
- use the in via running bin/
- add warning message if PYTHONHOME is set

* Fri Apr 2 2010 Steve 'Ashcrow' Milner <> - 1.4.6-1
- allow script creation without setuptools
- fix problem with --relocate when bin/ has subdirs (fixes #12)
- Allow more flexible .pth file fixup
- make nt a required module, along with posix. it may not be a builtin module on jython
- don't mess with PEP 302-supplied __file__, from CPython, and merge in a small startup optimization for Jython, from Jython

* Tue Dec 22 2009 Steve 'Ashcrow' Milner <> - 1.4.3-1
- Updated for upstream release.

* Thu Nov 12 2009 Steve 'Ashcrow' Milner <> - 1.4.2-1
- Updated for upstream release.

* Sun Jul 26 2009 Fedora Release Engineering <> - 1.3.3-2
- Rebuilt for

* Tue Apr 28 2009 Steve 'Ashcrow' Milner <> - 1.3.3-1
- Updated for upstream release.

* Thu Feb 26 2009 Fedora Release Engineering <> - 1.3.2-2
- Rebuilt for

* Thu Dec 25 2008 Steve 'Ashcrow' Milner <> - 1.3.2-1
- Updated for upstream release.

* Thu Dec 04 2008 Ignacio Vazquez-Abrams <> - 1.3.1-4
- Rebuild for Python 2.6

* Mon Dec  1 2008 Steve 'Ashcrow' Milner <> - 1.3.1-3
- Added missing dependencies.

* Sat Nov 29 2008 Ignacio Vazquez-Abrams <> - 1.3.1-2
- Rebuild for Python 2.6

* Fri Nov 28 2008 Steve 'Ashcrow' Milner <> - 1.3.1-1
- Updated for upstream release

* Sun Sep 28 2008 Steve 'Ashcrow' Milner <> - 1.3-1
- Updated for upstream release

* Sat Aug 30 2008 Steve 'Ashcrow' Milner <> - 1.2-1
- Updated for upstream release

* Fri Aug 29 2008 Steve 'Ashcrow' Milner <> - 1.1-3
- Updated from review notes

* Thu Aug 28 2008 Steve 'Ashcrow' Milner <> - 1.1-2
- Updated from review notes

* Tue Aug 26 2008 Steve 'Ashcrow' Milner <> - 1.1-1
- Initial Version