import python-pip-9.0.3-22.el8

SOURCES/skip_yanked_releases.patch

@@ -0,0 +1,91 @@
+From b97ef609100fbdd5895dab48cdab578dfeba396c Mon Sep 17 00:00:00 2001
+From: Lumir Balhar <lbalhar@redhat.com>
+Date: Fri, 10 Sep 2021 13:38:40 +0200
+Subject: [PATCH 1/2] Implement handling of yanked_reason from the HTML anchor
+
+---
+ pip/index.py | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/pip/index.py b/pip/index.py
+index f653f6e6a..ced52ce5a 100644
+--- a/pip/index.py
++++ b/pip/index.py
+@@ -865,7 +865,11 @@ class HTMLPage(object):
+                 )
+                 pyrequire = anchor.get('data-requires-python')
+                 pyrequire = unescape(pyrequire) if pyrequire else None
+-                yield Link(url, self, requires_python=pyrequire)
++                yanked_reason = anchor.get('data-yanked', default=None)
++                # Empty or valueless attribute are both parsed as empty string
++                if yanked_reason is not None:
++                    yanked_reason = unescape(yanked_reason)
++                yield Link(url, self, requires_python=pyrequire, yanked_reason=yanked_reason)
+ 
+     _clean_re = re.compile(r'[^a-z0-9$&+,/:;=?@.#%_\\|-]', re.I)
+ 
+@@ -879,7 +883,7 @@ class HTMLPage(object):
+ 
+ class Link(object):
+ 
+-    def __init__(self, url, comes_from=None, requires_python=None):
++    def __init__(self, url, comes_from=None, requires_python=None, yanked_reason=None):
+         """
+         Object representing a parsed link from https://pypi.python.org/simple/*
+ 
+@@ -900,6 +904,8 @@ class Link(object):
+         self.url = url
+         self.comes_from = comes_from
+         self.requires_python = requires_python if requires_python else None
++        self.yanked_reason = yanked_reason
++        self.yanked = yanked_reason is not None
+ 
+     def __str__(self):
+         if self.requires_python:
+-- 
+2.31.1
+
+From d8dc6ee5d6809736dce43dc1e57d497f9ff91f26 Mon Sep 17 00:00:00 2001
+From: Lumir Balhar <lbalhar@redhat.com>
+Date: Fri, 10 Sep 2021 13:43:22 +0200
+Subject: [PATCH 2/2] Skip all yanked candidates if possible
+
+---
+ pip/index.py | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+diff --git a/pip/index.py b/pip/index.py
+index ced52ce5a..823bbaf7d 100644
+--- a/pip/index.py
++++ b/pip/index.py
+@@ -489,6 +489,27 @@ class PackageFinder(object):
+         if applicable_candidates:
+             best_candidate = max(applicable_candidates,
+                                  key=self._candidate_sort_key)
++            # If we cannot find a non-yanked candidate,
++            # use the best one and print a warning about it.
++            # Otherwise, try to find another best candidate, ignoring
++            # all the yanked releases.
++            if getattr(best_candidate.location, "yanked", False):
++                nonyanked_candidates = [
++                    c for c in applicable_candidates
++                    if not getattr(c.location, "yanked", False)
++                ]
++
++                if set(nonyanked_candidates):
++                    best_candidate = max(nonyanked_candidates,
++                                         key=self._candidate_sort_key)
++                else:
++                    warning_message = (
++                        "WARNING: The candidate selected for download or install "
++                        "is a yanked version: '{}' candidate (version {} at {})"
++                    ).format(best_candidate.project, best_candidate.version, best_candidate.location)
++                    if best_candidate.location.yanked_reason:
++                        warning_message += "\nReason for being yanked: {}".format(best_candidate.location.yanked_reason)
++                    logger.warning(warning_message)
+         else:
+             best_candidate = None
+ 
+-- 
+2.31.1
+

SPECS/python-pip.spec

@@ -14,7 +14,7 @@
 Name:           python-%{srcname}
 # When updating, update the bundled libraries versions bellow!
 Version:        9.0.3
-Release:        20%{?dist}
+Release:        22%{?dist}
 Summary:        A tool for installing and managing Python packages
 
 Group:          Development/Libraries
@@ -123,6 +123,12 @@ Patch10:        pip-directory-traversal-security-issue-tests.patch
 # Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1962856
 Patch11:        CVE-2021-3572.patch
 
+# Downstream-only implementation of support of yanked releases
+# PEP 592 - Adding "Yank" Support to the Simple API:
+#   https://www.python.org/dev/peps/pep-0592/
+# Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2000135
+Patch12:        skip_yanked_releases.patch
+
 %global _description \
 pip is a package management system used to install and manage software packages \
 written in Python. Many packages can be found in the Python Package Index \
@@ -265,6 +271,7 @@ popd
 %patch10 -p1
 %endif
 %patch11 -p1
+%patch12 -p1
 
 # this goes together with patch4
 rm pip/_vendor/certifi/*.pem
@@ -276,6 +283,9 @@ sed -i '1d' pip/__init__.py
 # Remove ordereddict as it is only required for python <= 2.6
 rm pip/_vendor/ordereddict.py
 
+# Remove windows executable binaries
+rm -v pip/_vendor/distlib/*.exe
+sed -i '/\.exe/d' setup.py
 
 %build
 %if %{without bootstrap}
@@ -372,6 +382,14 @@ py.test-%{python3_version} -m 'not network'
 %endif
 
 %changelog
+* Wed Oct 06 2021 Charalampos Stratakis <cstratak@redhat.com> - 9.0.3-22
+- Remove bundled windows executables
+- Resolves: rhbz#2006788
+
+* Tue Oct 05 2021 Lumír Balhar <lbalhar@redhat.com> - 9.0.3-21
+- Support of yanked releases
+Resolves: rhbz#2000135
+
 * Mon Jun 07 2021 Lumír Balhar <lbalhar@redhat.com> - 9.0.3-20
 - Fix for CVE-2021-3572 - pip incorrectly handled unicode separators in git references
 Resolves: rhbz#1962856