import python-pip-9.0.3-22.el8

2021-10-16 04:22:45 +00:00 · 2021-10-16 04:22:45 +00:00 · 4a5881b40d
parent 5063e29959
commit 4a5881b40d
2 changed files with 110 additions and 1 deletions
--- a/SOURCES/skip_yanked_releases.patch
+++ b/SOURCES/skip_yanked_releases.patch
@ -0,0 +1,91 @@
+From b97ef609100fbdd5895dab48cdab578dfeba396c Mon Sep 17 00:00:00 2001
+From: Lumir Balhar <lbalhar@redhat.com>
+Date: Fri, 10 Sep 2021 13:38:40 +0200
+Subject: [PATCH 1/2] Implement handling of yanked_reason from the HTML anchor
+
+---
+ pip/index.py | 10 ++++++++--
+ 1 file changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/pip/index.py b/pip/index.py
+index f653f6e6a..ced52ce5a 100644
+--- a/pip/index.py
+++ b/pip/index.py
+@@ -865,7 +865,11 @@ class HTMLPage(object):
+                 )
+                 pyrequire = anchor.get('data-requires-python')
+                 pyrequire = unescape(pyrequire) if pyrequire else None
+-                yield Link(url, self, requires_python=pyrequire)
+                yanked_reason = anchor.get('data-yanked', default=None)
+                # Empty or valueless attribute are both parsed as empty string
+                if yanked_reason is not None:
+                    yanked_reason = unescape(yanked_reason)
+                yield Link(url, self, requires_python=pyrequire, yanked_reason=yanked_reason)
+ 
+     _clean_re = re.compile(r'[^a-z0-9$&+,/:;=?@.#%_\\|-]', re.I)
+ 
+@@ -879,7 +883,7 @@ class HTMLPage(object):
+ 
+ class Link(object):
+ 
+-    def __init__(self, url, comes_from=None, requires_python=None):
+    def __init__(self, url, comes_from=None, requires_python=None, yanked_reason=None):
+         """
+         Object representing a parsed link from https://pypi.python.org/simple/*
+ 
+@@ -900,6 +904,8 @@ class Link(object):
+         self.url = url
+         self.comes_from = comes_from
+         self.requires_python = requires_python if requires_python else None
+        self.yanked_reason = yanked_reason
+        self.yanked = yanked_reason is not None
+ 
+     def __str__(self):
+         if self.requires_python:
+-- 
+2.31.1
+
+From d8dc6ee5d6809736dce43dc1e57d497f9ff91f26 Mon Sep 17 00:00:00 2001
+From: Lumir Balhar <lbalhar@redhat.com>
+Date: Fri, 10 Sep 2021 13:43:22 +0200
+Subject: [PATCH 2/2] Skip all yanked candidates if possible
+
+---
+ pip/index.py | 21 +++++++++++++++++++++
+ 1 file changed, 21 insertions(+)
+
+diff --git a/pip/index.py b/pip/index.py
+index ced52ce5a..823bbaf7d 100644
+--- a/pip/index.py
+++ b/pip/index.py
+@@ -489,6 +489,27 @@ class PackageFinder(object):
+         if applicable_candidates:
+             best_candidate = max(applicable_candidates,
+                                  key=self._candidate_sort_key)
+            # If we cannot find a non-yanked candidate,
+            # use the best one and print a warning about it.
+            # Otherwise, try to find another best candidate, ignoring
+            # all the yanked releases.
+            if getattr(best_candidate.location, "yanked", False):
+                nonyanked_candidates = [
+                    c for c in applicable_candidates
+                    if not getattr(c.location, "yanked", False)
+                ]
+
+                if set(nonyanked_candidates):
+                    best_candidate = max(nonyanked_candidates,
+                                         key=self._candidate_sort_key)
+                else:
+                    warning_message = (
+                        "WARNING: The candidate selected for download or install "
+                        "is a yanked version: '{}' candidate (version {} at {})"
+                    ).format(best_candidate.project, best_candidate.version, best_candidate.location)
+                    if best_candidate.location.yanked_reason:
+                        warning_message += "\nReason for being yanked: {}".format(best_candidate.location.yanked_reason)
+                    logger.warning(warning_message)
+         else:
+             best_candidate = None
+ 
+-- 
+2.31.1
+
--- a/SPECS/python-pip.spec
+++ b/SPECS/python-pip.spec
@ -14,7 +14,7 @@
 Name:           python-%{srcname}
 # When updating, update the bundled libraries versions bellow!
 Version:        9.0.3
-Release:        20%{?dist}
+Release:        22%{?dist}
 Summary:        A tool for installing and managing Python packages

 Group:          Development/Libraries
@ -123,6 +123,12 @@ Patch10:        pip-directory-traversal-security-issue-tests.patch
 # Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1962856
 Patch11:        CVE-2021-3572.patch

+# Downstream-only implementation of support of yanked releases
+# PEP 592 - Adding "Yank" Support to the Simple API:
+#   https://www.python.org/dev/peps/pep-0592/
+# Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2000135
+Patch12:        skip_yanked_releases.patch
+
 %global _description \
 pip is a package management system used to install and manage software packages \
 written in Python. Many packages can be found in the Python Package Index \
@ -265,6 +271,7 @@ popd
 %patch10 -p1
 %endif
 %patch11 -p1
+%patch12 -p1

 # this goes together with patch4
 rm pip/_vendor/certifi/*.pem
@ -276,6 +283,9 @@ sed -i '1d' pip/__init__.py
 # Remove ordereddict as it is only required for python <= 2.6
 rm pip/_vendor/ordereddict.py

+# Remove windows executable binaries
+rm -v pip/_vendor/distlib/*.exe
+sed -i '/\.exe/d' setup.py

 %build
 %if %{without bootstrap}
@ -372,6 +382,14 @@ py.test-%{python3_version} -m 'not network'
 %endif

 %changelog
+* Wed Oct 06 2021 Charalampos Stratakis <cstratak@redhat.com> - 9.0.3-22
+- Remove bundled windows executables
+- Resolves: rhbz#2006788
+
+* Tue Oct 05 2021 Lumír Balhar <lbalhar@redhat.com> - 9.0.3-21
+- Support of yanked releases
+Resolves: rhbz#2000135
+
 * Mon Jun 07 2021 Lumír Balhar <lbalhar@redhat.com> - 9.0.3-20
 - Fix for CVE-2021-3572 - pip incorrectly handled unicode separators in git references
 Resolves: rhbz#1962856