%{?scl:%scl_package python-setuptools} %{!?scl:%global pkg_name %{name}} %if (! 0%{?rhel}) || 0%{?rhel} > 6 %global build_wheel 1 %endif %if 0%{?rhel} && 0%{?rhel} < 6 %{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")} %endif %global srcname pip %if 0%{?build_wheel} %global python3_wheelname %{srcname}-%{version}-py2.py3-none-any.whl %endif Name: %{?scl_prefix}python-%{srcname} Version: 9.0.1 Release: 5%{?dist} Summary: A tool for installing and managing Python packages Group: Development/Libraries # We bundle a lot of libraries with pip, which itself is under MIT license. # Here is the list of the libraries with corresponding licenses: # appdirs: MIT # distlib: Python # distro: ASL 2.0 # html5lib: MIT # six: MIT # colorama: BSD # CacheControl: ASL 2.0 # lockfile: MIT # progress: ISC # ipaddress: Python # packaging: ASL 2.0 or BSD # pyparsing: MIT # retrying: ASL 2.0 # requests: ASL 2.0 # chardet: LGPLv2 # urllib3: MIT # certifi: MPLv2.0 # setuptools: MIT # webencodings: BSD # backports.ssl_match_hostname: Python License: MIT and Python and ASL 2.0 and BSD and ISC and LGPLv2 and MPLv2.0 and (ASL 2.0 or BSD) URL: http://www.pip-installer.org Source0: https://files.pythonhosted.org/packages/source/p/pip/%{srcname}-%{version}.tar.gz Patch0: allow-stripping-given-prefix-from-wheel-RECORD-files.patch # Use the system level root certificate instead of the one bundled in requests # https://bugzilla.redhat.com/show_bug.cgi?id=1826520 Patch4: dummy-certifi.patch # Fix CVE-2019-20916: directory traversal in _download_http_url() function # Backported from upstream: https://github.com/pypa/pip/pull/6418 Patch5: CVE-2019-20916.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildArch: noarch BuildRequires: %{?scl_prefix}python-devel BuildRequires: %{?scl_prefix}python-setuptools %if 0%{?build_wheel} BuildRequires: %{?scl_prefix}python-pip BuildRequires: %{?scl_prefix}python-wheel %endif BuildRequires: ca-certificates Requires: ca-certificates Requires: %{?scl_prefix}python-setuptools # Virtual provides for the packages bundled by pip. # You can find the versions in pip/_vendor/vendor.txt file. Provides: bundled(python-appdirs) = 1.4.0 Provides: bundled(python-cachecontrol) = 0.11.7 Provides: bundled(python-colorama) = 0.3.7 Provides: bundled(python-distlib) = 0.2.4 Provides: bundled(python-distro) = 1.0.1 Provides: bundled(python-html5lib) = 1.0b10 Provides: bundled(python-ipaddress) = 1.0.17 Provides: bundled(python-lockfile) = 0.12.2 Provides: bundled(python-packaging) = 16.8 Provides: bundled(python-setuptools) = 28.8.0 Provides: bundled(python-progress) = 1.2 Provides: bundled(python-pyparsing) = 2.1.10 Provides: bundled(python-requests) = 2.11.1 Provides: bundled(python-retrying) = 1.3.3 Provides: bundled(python-six) = 1.10.0 Provides: bundled(python-webencodings) = 0.5 # Bundled within the requests bundle Provides: bundled(python-chardet) = 2.3.0 Provides: bundled(python-urllib3) = 1.16 # Bundled within the urllib3 bundle of the requests bundle Provides: bundled(python-backports-ssl_match_hostname) = 3.4.0.2 %description Pip is a replacement for `easy_install `_. It uses mostly the same techniques for finding packages, so packages that were made easy_installable should be pip-installable as well. %prep %{?scl:scl enable %{scl} - << \EOF} %setup -q -n %{srcname}-%{version} %patch0 -p1 %patch4 -p1 %patch5 -p1 %{__sed} -i '1d' pip/__init__.py # this goes together with patch4 rm pip/_vendor/requests/*.pem sed -i '/\.pem$/d' pip.egg-info/SOURCES.txt # Remove ordereddict as it is only required for python <= 2.6 rm pip/_vendor/ordereddict.py rm pip/_vendor/requests/packages/urllib3/packages/ordered_dict.py %{?scl:EOF} %build %{?scl:scl enable %{scl} - << \EOF} %if 0%{?build_wheel} %{__python3} setup.py bdist_wheel %else %{__python3} setup.py build %endif %{?scl:EOF} %install %{__rm} -rf %{buildroot} %{?scl:scl enable %{scl} - << \EOF} %if 0%{?build_wheel} pip3 install -I dist/%{python3_wheelname} --root %{buildroot} --strip-file-prefix %{buildroot} %else %{__python3} setup.py install --skip-build --root %{buildroot} %endif %{?scl:EOF} %clean %{__rm} -rf %{buildroot} # unfortunately, pip's test suite requires virtualenv >= 1.6 which isn't in # fedora yet. Once it is, check can be implemented %files %defattr(-,root,root,-) %doc LICENSE.txt README.rst docs %attr(755,root,root) %{_bindir}/pip %attr(755,root,root) %{_bindir}/pip3* %{python3_sitelib}/pip* %changelog * Mon Sep 21 2020 Charalampos Stratakis - 9.0.1-5 - Security fix for CVE-2019-20916 Resolves: rhbz#1877249 * Wed Sep 16 2020 Charalampos Stratakis - 9.0.1-4 - Use the system level root certificate instead of the one bundled in requests Resolves: rhbz#1826520 * Tue Sep 08 2020 Charalampos Stratakis - 9.0.1-3 - Add virtual provides for the bundled libraries - Correct the license information to reflect the bundled libraries Resolves: rhbz#1774951 * Wed Jun 14 2017 Charalampos Stratakis - 9.0.1-2 - Rebuild as wheel * Wed Jun 14 2017 Charalampos Stratakis - 9.0.1-1 - Update to 9.0.1 for rh-python36 * Sat Feb 13 2016 Robert Kuska - 7.1.0-2 - Rebuilt with rewheel * Sat Feb 13 2016 Robert Kuska - 7.1.0-1 - Rebuilt for rh-python35 * Mon Jan 19 2015 Matej Stuchlik - 1.5.6-4 - Rebuild as wheel * Tue Nov 18 2014 Matej Stuchlik - 1.5.6-3 - Added patch for local dos with predictable temp dictionary names (http://seclists.org/oss-sec/2014/q4/655) * Sat Jun 07 2014 Fedora Release Engineering - 1.5.6-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Sun May 25 2014 Matej Stuchlik - 1.5.6-1 - Update to 1.5.6 * Fri Apr 25 2014 Matej Stuchlik - 1.5.4-4 - Rebuild as wheel for Python 3.4 * Thu Apr 24 2014 Matej Stuchlik - 1.5.4-3 - Disable build_wheel * Thu Apr 24 2014 Matej Stuchlik - 1.5.4-2 - Rebuild as wheel for Python 3.4 * Mon Apr 07 2014 Matej Stuchlik - 1.5.4-1 - Updated to 1.5.4 * Mon Oct 14 2013 Tim Flink - 1.4.1-1 - Removed patch for CVE 2013-2099 as it has been included in the upstream 1.4.1 release - Updated version to 1.4.1 * Sun Aug 04 2013 Fedora Release Engineering - 1.3.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild * Tue Jul 16 2013 Toshio Kuratomi - 1.3.1-4 - Fix for CVE 2013-2099 * Thu May 23 2013 Tim Flink - 1.3.1-3 - undo python2 executable rename to python-pip. fixes #958377 - fix summary to match upstream * Mon May 06 2013 Kevin Kofler - 1.3.1-2 - Fix main package Summary, it's for Python 2, not 3 (#877401) * Fri Apr 26 2013 Jon Ciesla - 1.3.1-1 - Update to 1.3.1, fix for CVE-2013-1888. * Thu Feb 14 2013 Fedora Release Engineering - 1.2.1-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild * Tue Oct 09 2012 Tim Flink - 1.2.1-2 - Fixing files for python3-pip * Thu Oct 04 2012 Tim Flink - 1.2.1-1 - Update to upstream 1.2.1 - Change binary from pip-python to python-pip (RHBZ#855495) - Add alias from python-pip to pip-python, to be removed at a later date * Tue May 15 2012 Tim Flink - 1.1.0-1 - Update to upstream 1.1.0 * Sat Jan 14 2012 Fedora Release Engineering - 1.0.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild * Sat Oct 22 2011 Tim Flink - 1.0.2-1 - update to 1.0.2 and added python3 subpackage * Wed Jun 22 2011 Tim Flink - 0.8.3-1 - update to 0.8.3 and project home page * Tue Feb 08 2011 Fedora Release Engineering - 0.8.2-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild * Mon Dec 20 2010 Luke Macken - 0.8.2-1 - update to 0.8.2 of pip * Mon Aug 30 2010 Peter Halliday - 0.8-1 - update to 0.8 of pip * Thu Jul 22 2010 David Malcolm - 0.7.2-5 - Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild * Wed Jul 7 2010 Peter Halliday - 0.7.2-1 - update to 0.7.2 of pip * Sun May 23 2010 Peter Halliday - 0.7.1-1 - update to 0.7.1 of pip * Fri Jan 1 2010 Peter Halliday - 0.6.1.4 - fix dependency issue * Fri Dec 18 2009 Peter Halliday - 0.6.1-2 - fix spec file * Thu Dec 17 2009 Peter Halliday - 0.6.1-1 - upgrade to 0.6.1 of pip * Mon Aug 31 2009 Peter Halliday - 0.4-1 - Initial package