diff --git a/0001-fix-for-http-bugs.python.org-issue17980-in-code-back.patch b/0001-fix-for-http-bugs.python.org-issue17980-in-code-back.patch deleted file mode 100644 index 5f928ef..0000000 --- a/0001-fix-for-http-bugs.python.org-issue17980-in-code-back.patch +++ /dev/null @@ -1,36 +0,0 @@ -From ca207acb4fdea344bb3a775d44aa0d9f59ad31a1 Mon Sep 17 00:00:00 2001 -From: Toshio Kuratomi -Date: Mon, 15 Jul 2013 10:58:20 -0700 -Subject: [PATCH] fix for http://bugs.python.org/issue17980 in code backported - from the python3 stdlib - ---- - pip/backwardcompat/ssl_match_hostname.py | 10 +++++++++- - 1 file changed, 9 insertions(+), 1 deletion(-) - -diff --git a/pip/backwardcompat/ssl_match_hostname.py b/pip/backwardcompat/ssl_match_hostname.py -index 5707649..a6fadf4 100644 ---- a/pip/backwardcompat/ssl_match_hostname.py -+++ b/pip/backwardcompat/ssl_match_hostname.py -@@ -7,9 +7,17 @@ __version__ = '3.2a3' - class CertificateError(ValueError): - pass - --def _dnsname_to_pat(dn): -+def _dnsname_to_pat(dn, max_wildcards=1): - pats = [] - for frag in dn.split(r'.'): -+ if frag.count('*') > max_wildcards: -+ # Issue #17980: avoid denials of service by refusing more -+ # than one wildcard per fragment. A survery of established -+ # policy among SSL implementations showed it to be a -+ # reasonable choice. -+ raise CertificateError( -+ "too many wildcards in certificate DNS name: " + repr(dn)) -+ - if frag == '*': - # When '*' is a fragment by itself, it matches a non-empty dotless - # fragment. --- -1.7.11.7 - diff --git a/python-pip.spec b/python-pip.spec index da4e626..d4aecd8 100644 --- a/python-pip.spec +++ b/python-pip.spec @@ -8,16 +8,14 @@ %global srcname pip Name: python-%{srcname} -Version: 1.3.1 -Release: 5%{?dist} +Version: 1.4.1 +Release: 1%{?dist} Summary: A tool for installing and managing Python packages Group: Development/Libraries License: MIT URL: http://www.pip-installer.org Source0: http://pypi.python.org/packages/source/p/pip/%{srcname}-%{version}.tar.gz -# Sent to dstufft (upstream) -Patch0: 0001-fix-for-http-bugs.python.org-issue17980-in-code-back.patch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildArch: noarch @@ -50,7 +48,6 @@ easy_installable should be pip-installable as well. %prep %setup -q -n %{srcname}-%{version} -%patch0 -p1 %{__sed} -i '1d' pip/__init__.py @@ -136,6 +133,10 @@ popd %endif # with_python3 %changelog +* Mon Oct 14 2013 Tim Flink - 1.4.1-1 +- Removed patch for CVE 2013-2099 as it has been included in the upstream 1.4.1 release +- Updated version to 1.4.1 + * Sun Aug 04 2013 Fedora Release Engineering - 1.3.1-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild diff --git a/sources b/sources index 4b91cac..23e5b3b 100644 --- a/sources +++ b/sources @@ -1 +1,2 @@ +6afbb46aeb48abac658d4df742bff714 pip-1.4.1.tar.gz cbb27a191cebc58997c4da8513863153 pip-1.3.1.tar.gz