rpms/python2-pip
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import python2-pip-9.0.3-17.module+el8.3.0+6395+b838081d

Browse Source
This commit is contained in:
CentOS Sources 2020-06-09 20:36:47 +00:00 committed by Andrew Lukoshko
commit 0343f8fc9c
12 changed files with 7206 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
SOURCES/pip-9.0.3.tar.gz

1
.python2-pip.metadata Normal file
View File

@ -0,0 +1 @@
1f5f44d433ca599d40f8e46f440479b2c73802d8 SOURCES/pip-9.0.3.tar.gz

90
SOURCES/CVE-2018-18074.patch Normal file
View File

@ -0,0 +1,90 @@
From ffbfdb53681207b23bcf67dd76368ad6185ade24 Mon Sep 17 00:00:00 2001
From: Lumir Balhar <lbalhar@redhat.com>
Date: Thu, 16 Jan 2020 07:06:09 +0100
Subject: [PATCH] Fix for CVE-2018-18074
This patch contains the fix for CVE-2018-18074 and
a subsequent regression fix combined in one.
---
sessions.py | 36 +++++++++++++++++++++++++++++-------
utils.py | 1 +
2 files changed, 30 insertions(+), 7 deletions(-)
diff --git a/sessions.py b/sessions.py
index 6570e73..4038047 100644
--- a/sessions.py
+++ b/sessions.py
@@ -29,7 +29,7 @@ from .adapters import HTTPAdapter
from .utils import (
requote_uri, get_environ_proxies, get_netrc_auth, should_bypass_proxies,
- get_auth_from_url, rewind_body
+ get_auth_from_url, rewind_body, DEFAULT_PORTS
)
from .status_codes import codes
@@ -116,6 +116,32 @@ class SessionRedirectMixin(object):
return to_native_string(location, 'utf8')
return None
+
+ def should_strip_auth(self, old_url, new_url):
+ """Decide whether Authorization header should be removed when redirecting"""
+ old_parsed = urlparse(old_url)
+ new_parsed = urlparse(new_url)
+ if old_parsed.hostname != new_parsed.hostname:
+ return True
+ # Special case: allow http -> https redirect when using the standard
+ # ports. This isn't specified by RFC 7235, but is kept to avoid
+ # breaking backwards compatibility with older versions of requests
+ # that allowed any redirects on the same host.
+ if (old_parsed.scheme == 'http' and old_parsed.port in (80, None)
+ and new_parsed.scheme == 'https' and new_parsed.port in (443, None)):
+ return False
+
+ # Handle default port usage corresponding to scheme.
+ changed_port = old_parsed.port != new_parsed.port
+ changed_scheme = old_parsed.scheme != new_parsed.scheme
+ default_port = (DEFAULT_PORTS.get(old_parsed.scheme, None), None)
+ if (not changed_scheme and old_parsed.port in default_port
+ and new_parsed.port in default_port):
+ return False
+
+ # Standard case: root URI must match
+ return changed_port or changed_scheme
+
def resolve_redirects(self, resp, req, stream=False, timeout=None,
verify=True, cert=None, proxies=None, yield_requests=False, **adapter_kwargs):
"""Receives a Response. Returns a generator of Responses or Requests."""
@@ -232,14 +258,10 @@ class SessionRedirectMixin(object):
headers = prepared_request.headers
url = prepared_request.url
- if 'Authorization' in headers:
+ if 'Authorization' in headers and self.should_strip_auth(response.request.url, url):
# If we get redirected to a new host, we should strip out any
# authentication headers.
- original_parsed = urlparse(response.request.url)
- redirect_parsed = urlparse(url)
-
- if (original_parsed.hostname != redirect_parsed.hostname):
- del headers['Authorization']
+ del headers['Authorization']
# .netrc might have more auth for us on our new host.
new_auth = get_netrc_auth(url) if self.trust_env else None
diff --git a/utils.py b/utils.py
index 5c47de9..5695ab0 100644
--- a/utils.py
+++ b/utils.py
@@ -38,6 +38,7 @@ NETRC_FILES = ('.netrc', '_netrc')
DEFAULT_CA_BUNDLE_PATH = certs.where()
+DEFAULT_PORTS = {'http': 80, 'https': 443}
if platform.system() == 'Windows':
# provide a proxy_bypass version on Windows without DNS lookups
--
2.24.1

94
SOURCES/CVE-2018-20060.patch Normal file
View File

@ -0,0 +1,94 @@
From c734f873270cf9ca414832423f7aad98443c379f Mon Sep 17 00:00:00 2001
From: Lumir Balhar <lbalhar@redhat.com>
Date: Thu, 9 Jan 2020 11:26:24 +0100
Subject: [PATCH] CVE-2018-20060
---
poolmanager.py | 11 ++++++++++-
util/retry.py | 12 +++++++++++-
2 files changed, 21 insertions(+), 2 deletions(-)
diff --git a/poolmanager.py b/poolmanager.py
index 4ae9174..bfa5115 100644
--- a/poolmanager.py
+++ b/poolmanager.py
@@ -312,8 +312,9 @@ class PoolManager(RequestMethods):
kw['assert_same_host'] = False
kw['redirect'] = False
+
if 'headers' not in kw:
- kw['headers'] = self.headers
+ kw['headers'] = self.headers.copy()
if self.proxy is not None and u.scheme == "http":
response = conn.urlopen(method, url, **kw)
@@ -335,6 +336,14 @@ class PoolManager(RequestMethods):
if not isinstance(retries, Retry):
retries = Retry.from_int(retries, redirect=redirect)
+ # Strip headers marked as unsafe to forward to the redirected location.
+ # Check remove_headers_on_redirect to avoid a potential network call within
+ # conn.is_same_host() which may use socket.gethostbyname() in the future.
+ if (retries.remove_headers_on_redirect
+ and not conn.is_same_host(redirect_location)):
+ for header in retries.remove_headers_on_redirect:
+ kw['headers'].pop(header, None)
+
try:
retries = retries.increment(method, url, response=response, _pool=conn)
except MaxRetryError:
diff --git a/util/retry.py b/util/retry.py
index c603cb4..0b83963 100644
--- a/util/retry.py
+++ b/util/retry.py
@@ -126,6 +126,11 @@ class Retry(object):
exhausted, to raise a MaxRetryError, or to return a response with a
response code in the 3xx range.
+ :param iterable remove_headers_on_redirect:
+ Sequence of headers to remove from the request when a response
+ indicating a redirect is returned before firing off the redirected
+ request
+
:param bool raise_on_status: Similar meaning to ``raise_on_redirect``:
whether we should raise an exception, or return a response,
if status falls in ``status_forcelist`` range and retries have
@@ -144,6 +149,8 @@ class Retry(object):
DEFAULT_METHOD_WHITELIST = frozenset([
'HEAD', 'GET', 'PUT', 'DELETE', 'OPTIONS', 'TRACE'])
+ DEFAULT_REDIRECT_HEADERS_BLACKLIST = frozenset(['Authorization'])
+
RETRY_AFTER_STATUS_CODES = frozenset([413, 429, 503])
#: Maximum backoff time.
@@ -152,7 +159,8 @@ class Retry(object):
def __init__(self, total=10, connect=None, read=None, redirect=None, status=None,
method_whitelist=DEFAULT_METHOD_WHITELIST, status_forcelist=None,
backoff_factor=0, raise_on_redirect=True, raise_on_status=True,
- history=None, respect_retry_after_header=True):
+ history=None, respect_retry_after_header=True,
+ remove_headers_on_redirect=DEFAULT_REDIRECT_HEADERS_BLACKLIST):
self.total = total
self.connect = connect
@@ -171,6 +179,7 @@ class Retry(object):
self.raise_on_status = raise_on_status
self.history = history or tuple()
self.respect_retry_after_header = respect_retry_after_header
+ self.remove_headers_on_redirect = remove_headers_on_redirect
def new(self, **kw):
params = dict(
@@ -182,6 +191,7 @@ class Retry(object):
raise_on_redirect=self.raise_on_redirect,
raise_on_status=self.raise_on_status,
history=self.history,
+ remove_headers_on_redirect=self.remove_headers_on_redirect,
)
params.update(kw)
return type(self)(**params)
--
2.24.1

43
SOURCES/CVE-2019-11236.patch Normal file
View File

@ -0,0 +1,43 @@
From b40eb0f43daecc6e2e3ce47b0be49cf570d02adc Mon Sep 17 00:00:00 2001
From: Lumir Balhar <lbalhar@redhat.com>
Date: Thu, 9 Jan 2020 11:14:58 +0100
Subject: [PATCH] CVE-2019-9740
---
util/url.py | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/util/url.py b/util/url.py
index 6b6f996..2784c85 100644
--- a/util/url.py
+++ b/util/url.py
@@ -1,5 +1,6 @@
from __future__ import absolute_import
from collections import namedtuple
+import re
from ..exceptions import LocationParseError
@@ -10,6 +11,8 @@ url_attrs = ['scheme', 'auth', 'host', 'port', 'path', 'query', 'fragment']
# urllib3 infers URLs without a scheme (None) to be http.
NORMALIZABLE_SCHEMES = ('http', 'https', None)
+_contains_disallowed_url_pchar_re = re.compile('[\x00-\x20\x7f]')
+from ..packages.six.moves.urllib.parse import quote
class Url(namedtuple('Url', url_attrs)):
"""
@@ -155,6 +158,10 @@ def parse_url(url):
# Empty
return Url()
+ # Prevent CVE-2019-9740.
+ # adapted from https://github.com/python/cpython/pull/12755
+ url = _contains_disallowed_url_pchar_re.sub(lambda match: quote(match.group()), url)
+
scheme = None
auth = None
host = None
--
2.24.1

26
SOURCES/CVE-2019-11324.patch Normal file
View File

@ -0,0 +1,26 @@
From 54e768a6dbe3cadeb456dea37bbeaf6e1e17e87c Mon Sep 17 00:00:00 2001
From: Lumir Balhar <lbalhar@redhat.com>
Date: Thu, 9 Jan 2020 10:47:27 +0100
Subject: [PATCH] CVE-2019-11324 Certification mishandle when error should be
thrown
---
util/ssl_.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/util/ssl_.py b/util/ssl_.py
index 32fd9ed..f9f12ff 100644
--- a/util/ssl_.py
+++ b/util/ssl_.py
@@ -319,7 +319,7 @@ def ssl_wrap_socket(sock, keyfile=None, certfile=None, cert_reqs=None,
if e.errno == errno.ENOENT:
raise SSLError(e)
raise
- elif getattr(context, 'load_default_certs', None) is not None:
+ elif ssl_context is None and hasattr(context, 'load_default_certs'):
# try to load OS default certs; works well on Windows (require Python3.4+)
context.load_default_certs()
--
2.24.1

95
SOURCES/allow-stripping-given-prefix-from-wheel-RECORD-files.patch Normal file
View File

@ -0,0 +1,95 @@
diff -up pip-9.0.1/pip/commands/install.py.orig pip-9.0.1/pip/commands/install.py
--- pip-9.0.1/pip/commands/install.py.orig 2016-11-06 11:49:45.000000000 -0700
+++ pip-9.0.1/pip/commands/install.py 2016-11-16 16:20:48.638906543 -0700
@@ -151,6 +151,14 @@ class InstallCommand(RequirementCommand)
"directory.")
cmd_opts.add_option(
+ '--strip-file-prefix',
+ dest='strip_file_prefix',
+ metavar='prefix',
+ default=None,
+ help="Strip given prefix from script paths in wheel RECORD."
+ )
+
+ cmd_opts.add_option(
'--prefix',
dest='prefix_path',
metavar='dir',
@@ -340,6 +348,7 @@ class InstallCommand(RequirementCommand)
global_options,
root=options.root_path,
prefix=options.prefix_path,
+ strip_file_prefix=options.strip_file_prefix,
)
possible_lib_locations = get_lib_location_guesses(
diff -up pip-9.0.1/pip/req/req_install.py.orig pip-9.0.1/pip/req/req_install.py
--- pip-9.0.1/pip/req/req_install.py.orig 2016-11-06 11:49:45.000000000 -0700
+++ pip-9.0.1/pip/req/req_install.py 2016-11-16 16:19:24.848336960 -0700
@@ -838,8 +838,7 @@ class InstallRequirement(object):
else:
return True
- def install(self, install_options, global_options=[], root=None,
- prefix=None):
+ def install(self, install_options, global_options=[], root=None, prefix=None, strip_file_prefix=None):
if self.editable:
self.install_editable(
install_options, global_options, prefix=prefix)
@@ -848,7 +847,12 @@ class InstallRequirement(object):
version = pip.wheel.wheel_version(self.source_dir)
pip.wheel.check_compatibility(version, self.name)
- self.move_wheel_files(self.source_dir, root=root, prefix=prefix)
+ self.move_wheel_files(
+ self.source_dir,
+ root=root,
+ prefix=prefix,
+ strip_file_prefix=strip_file_prefix
+ )
self.install_succeeded = True
return
@@ -1053,7 +1057,7 @@ class InstallRequirement(object):
def is_wheel(self):
return self.link and self.link.is_wheel
- def move_wheel_files(self, wheeldir, root=None, prefix=None):
+ def move_wheel_files(self, wheeldir, root=None, prefix=None, strip_file_prefix=None):
move_wheel_files(
self.name, self.req, wheeldir,
user=self.use_user_site,
@@ -1062,6 +1066,7 @@ class InstallRequirement(object):
prefix=prefix,
pycompile=self.pycompile,
isolated=self.isolated,
+ strip_file_prefix=strip_file_prefix,
)
def get_dist(self):
diff -up pip-9.0.1/pip/wheel.py.orig pip-9.0.1/pip/wheel.py
--- pip-9.0.1/pip/wheel.py.orig 2016-11-06 11:49:45.000000000 -0700
+++ pip-9.0.1/pip/wheel.py 2016-11-16 16:19:24.848336960 -0700
@@ -238,7 +238,7 @@ def get_entrypoints(filename):
def move_wheel_files(name, req, wheeldir, user=False, home=None, root=None,
- pycompile=True, scheme=None, isolated=False, prefix=None):
+ pycompile=True, scheme=None, isolated=False, prefix=None, strip_file_prefix=None):
"""Install a wheel"""
if not scheme:
@@ -521,7 +521,11 @@ if __name__ == '__main__':
writer.writerow(row)
for f in generated:
h, l = rehash(f)
- writer.writerow((normpath(f, lib_dir), h, l))
+ final_path = normpath(f, lib_dir)
+ if strip_file_prefix and final_path.startswith(strip_file_prefix):
+ final_path = os.path.join(os.sep,
+ os.path.relpath(final_path, strip_file_prefix))
+ writer.writerow((final_path, h, l))
for f in installed:
writer.writerow((installed[f], '', ''))
shutil.move(temp_record, record)

15
SOURCES/dummy-certifi.patch Normal file
View File

@ -0,0 +1,15 @@
diff --git a/pip/_vendor/certifi/core.py b/pip/_vendor/certifi/core.py
index eab9d1d..9614a88 100644
--- a/pip/_vendor/certifi/core.py
+++ b/pip/_vendor/certifi/core.py
@@ -19,9 +19,7 @@ class DeprecatedBundleWarning(DeprecationWarning):
def where():
- f = os.path.dirname(__file__)
-
- return os.path.join(f, 'cacert.pem')
+ return '/etc/pki/tls/certs/ca-bundle.crt'
def old_where():

44
SOURCES/emit-a-warning-when-running-with-root-privileges.patch Normal file
View File

@ -0,0 +1,44 @@
From 18a617e9e0f64b727938422d4f941dfddfbf5d00 Mon Sep 17 00:00:00 2001
From: Tomas Orsava <torsava@redhat.com>
Date: Tue, 14 Feb 2017 17:10:09 +0100
Subject: [PATCH] Emit a warning when running with root privileges.
---
pip/commands/install.py | 14 ++++++++++++++
1 file changed, 14 insertions(+)
diff --git a/pip/commands/install.py b/pip/commands/install.py
index 227c526..277a3d1 100644
--- a/pip/commands/install.py
+++ b/pip/commands/install.py
@@ -6,6 +6,8 @@ import os
import tempfile
import shutil
import warnings
+import sys
+from os import path
try:
import wheel
except ImportError:
@@ -193,6 +195,18 @@ class InstallCommand(RequirementCommand):
cmdoptions.resolve_wheel_no_use_binary(options)
cmdoptions.check_install_build_global(options)
+ def is_venv():
+ return hasattr(sys, 'real_prefix') or \
+ (hasattr(sys, 'base_prefix') and sys.base_prefix != sys.prefix)
+
+ # Check whether we have root privileges and aren't in venv/virtualenv
+ if os.getuid() == 0 and not is_venv():
+ logger.warning(
+ "WARNING: Running pip install with root privileges is "
+ "generally not a good idea. Try `%s install --user` instead."
+ % path.basename(sys.argv[0])
+ )
+
if options.as_egg:
warnings.warn(
"--egg has been deprecated and will be removed in the future. "
--
2.11.0

36
SOURCES/pip-nowarn-upgrade.patch Normal file
View File

@ -0,0 +1,36 @@
diff --git a/pip/utils/outdated.py b/pip/utils/outdated.py
index 2164cc3..c71539f 100644
--- a/pip/utils/outdated.py
+++ b/pip/utils/outdated.py
@@ -92,6 +92,21 @@ def load_selfcheck_statefile():
return GlobalSelfCheckState()
+def pip_installed_by_pip():
+ """Checks whether pip was installed by pip
+
+ This is used not to display the upgrade message when pip is in fact
+ installed by system package manager, such as dnf on Fedora.
+ """
+ import pkg_resources
+ try:
+ dist = pkg_resources.get_distribution('pip')
+ return (dist.has_metadata('INSTALLER') and
+ 'pip' in dist.get_metadata_lines('INSTALLER'))
+ except pkg_resources.DistributionNotFound:
+ return False
+
+
def pip_version_check(session):
"""Check for an update for pip.
@@ -141,7 +156,8 @@ def pip_version_check(session):
# Determine if our pypi_version is older
if (pip_version < remote_version and
- pip_version.base_version != remote_version.base_version):
+ pip_version.base_version != remote_version.base_version and
+ pip_installed_by_pip()):
# Advise "python -m pip" on Windows to avoid issues
# with overwriting pip.exe.
if WINDOWS:

6151
SOURCES/pip2.1 Normal file
View File

File diff suppressed because it is too large Load Diff

610
SPECS/python2-pip.spec Normal file
View File

@ -0,0 +1,610 @@
%bcond_with bootstrap
%bcond_with tests
%bcond_with doc
%global srcname pip
%global python_wheelname %{srcname}-%{version}-py2.py3-none-any.whl
%global python2_wheeldir %{_datadir}/python2-wheels
%if %{without bootstrap}
%global python2_wheelname %python_wheelname
%endif
# Note that with disabled python3, bashcomp2 will be disabled as well because
# bashcompdir will point to a different path than with python3 enabled.
%global bashcompdir %(b=$(pkg-config --variable=completionsdir bash-completion 2>/dev/null); echo ${b:-%{_sysconfdir}/bash_completion.d})
%if "%{bashcompdir}" != "%{_sysconfdir}/bash_completion.d"
%global bashcomp2 1
%endif
Name: python2-%{srcname}
# When updating, update the bundled libraries versions bellow!
Version: 9.0.3
Release: 17%{?dist}
Summary: A tool for installing and managing Python 2 packages
Group: Development/Libraries
# We bundle a lot of libraries with pip, which itself is under MIT license.
# Here is the list of the libraries with corresponding licenses:
# appdirs: MIT
# CacheControl: ASL 2.0
# certifi: MPLv2.0
# chardet: LGPLv2
# colorama: BSD
# distlib: Python
# distro: ASL 2.0
# html5lib: MIT
# idna: BSD
# ipaddress: Python
# lockfile: MIT
# packaging: ASL 2.0 or BSD
# progress: ISC
# pyparsing: MIT
# requests: ASL 2.0
# retrying: ASL 2.0
# urllib3: MIT
# six: MIT
# urllib3: MIT
# webencodings: BSD
License: MIT and Python and ASL 2.0 and BSD and ISC and LGPLv2 and MPLv2.0 and (ASL 2.0 or BSD)
URL: http://www.pip-installer.org
Source0: https://files.pythonhosted.org/packages/source/p/%{srcname}/%{srcname}-%{version}.tar.gz
# to get tests:
# git clone https://github.com/pypa/pip && cd pip
# git checkout 9.0.1 && tar -czvf ../pip-9.0.1-tests.tar.gz tests/
%if %{with tests}
Source1: pip-9.0.1-tests.tar.gz
%endif
# Manpage generated by sphinx from source tarball
# cd pip-9.0.3/docs && make man && cp _build/man/pip.1 ../../pip2.1
Source2: pip2.1
BuildArch: noarch
%if %{with tests}
BuildRequires: git
BuildRequires: bzr
%endif
# Patch until the following issue gets implemented upstream:
# https://github.com/pypa/pip/issues/1351
Patch0: allow-stripping-given-prefix-from-wheel-RECORD-files.patch
# Downstream only patch
# Emit a warning to the user if pip install is run with root privileges
# Issue upstream: https://github.com/pypa/pip/issues/4288
Patch1: emit-a-warning-when-running-with-root-privileges.patch
# Do not show the "new version of pip" warning outside of venv
# Upstream issue: https://github.com/pypa/pip/issues/5346
# Fedora bug: https://bugzilla.redhat.com/show_bug.cgi?id=1573755
Patch3: pip-nowarn-upgrade.patch
# Use the system level root certificate instead of the one bundled in certifi
# https://bugzilla.redhat.com/show_bug.cgi?id=1655253
Patch4: dummy-certifi.patch
# Patch for CVE in the bundled urllib3
# CVE-2018-20060 Cross-host redirect does not remove Authorization header allow for credential exposure
# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-20060
Patch5: CVE-2018-20060.patch
# Patch for CVE in the bundled urllib3
# CVE-2019-11236 CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service
# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-11236
Patch6: CVE-2019-11236.patch
# Patch for CVE in the bundled urllib3
# CVE-2019-11324 Certification mishandle when error should be thrown
# https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-11324
Patch7: CVE-2019-11324.patch
# Patch for CVE in the bundled requests
# CVE-2018-18074 Redirect from HTTPS to HTTP does not remove Authorization header
# This patch fixes both the CVE
# https://bugzilla.redhat.com/show_bug.cgi?id=1643829
# and the subsequent regression
# https://github.com/psf/requests/pull/4851
Patch8: CVE-2018-18074.patch
BuildRequires: python2-devel
BuildRequires: python2-setuptools
%if %{with tests}
BuildRequires: python2-mock
BuildRequires: python2-pytest
BuildRequires: python2-pretend
BuildRequires: python2-freezegun
BuildRequires: python2-pytest-capturelog
BuildRequires: python2-scripttest
BuildRequires: python2-virtualenv
%endif
%if %{without bootstrap}
BuildRequires: python2-pip
BuildRequires: python2-wheel
%endif
Requires: python2-setuptools
# Virtual provides for the packages bundled by pip.
# You can find the versions in pip/_vendor/vendor.txt file.
# Don't forget to update this bellow for python3 as well.
Provides: bundled(python2dist(appdirs)) = 1.4.0
Provides: bundled(python2dist(cachecontrol)) = 0.11.7
Provides: bundled(python2dist(colorama)) = 0.3.7
Provides: bundled(python2dist(distlib)) = 0.2.4
Provides: bundled(python2dist(distro)) = 1.0.1
Provides: bundled(python2dist(html5lib)) = 1.0b10
Provides: bundled(python2dist(ipaddress) = 1.0.17
Provides: bundled(python2dist(lockfile)) = 0.12.2
Provides: bundled(python2dist(packaging)) = 16.8
Provides: bundled(python2dist(setuptools)) = 28.8.0
Provides: bundled(python2dist(progress)) = 1.2
Provides: bundled(python2dist(pyparsing)) = 2.1.10
Provides: bundled(python2dist(requests)) = 2.11.1
Provides: bundled(python2dist(retrying)) = 1.3.3
Provides: bundled(python2dist(six)) = 1.10.0
Provides: bundled(python2dist(webencodings)) = 0.5
# Bundled within the requests bundle
Provides: bundled(python2dist(chardet)) = 2.3.0
Provides: bundled(python2dist(urllib3)) = 1.16
%{?python_provide:%python_provide python2-%{srcname}}
%description
pip is a package management system used to install and manage software packages
written in Python. Many packages can be found in the Python Package Index
(PyPI). pip is a recursive acronym that can stand for either "Pip Installs
Packages" or "Pip Installs Python".
%if %{with doc}
%package doc
Summary: A documentation for a tool for installing and managing Python packages
BuildRequires: python%{python3_pkgversion}-sphinx
%description doc
A documentation for a tool for installing and managing Python packages
%endif
%if %{without bootstrap}
%package -n python2-pip-wheel
Summary: The pip wheel
# Virtual provides for the packages bundled by pip.
# You can find the versions in pip/_vendor/vendor.txt file.
Provides: bundled(python2dist(appdirs)) = 1.4.0
Provides: bundled(python2dist(cachecontrol)) = 0.11.7
Provides: bundled(python2dist(colorama)) = 0.3.7
Provides: bundled(python2dist(distlib)) = 0.2.4
Provides: bundled(python2dist(distro)) = 1.0.1
Provides: bundled(python2dist(html5lib)) = 1.0b10
Provides: bundled(python2dist(ipaddress) = 1.0.17
Provides: bundled(python2dist(lockfile)) = 0.12.2
Provides: bundled(python2dist(packaging)) = 16.8
Provides: bundled(python2dist(setuptools)) = 28.8.0
Provides: bundled(python2dist(progress)) = 1.2
Provides: bundled(python2dist(pyparsing)) = 2.1.10
Provides: bundled(python2dist(requests)) = 2.11.1
Provides: bundled(python2dist(retrying)) = 1.3.3
Provides: bundled(python2dist(six)) = 1.10.0
Provides: bundled(python2dist(webencodings)) = 0.5
%description -n python2-pip-wheel
A Python wheel of pip to use with venv.
%endif
%prep
%setup -q -n %{srcname}-%{version}
%if %{with tests}
tar -xf %{SOURCE1}
%endif
%patch0 -p1
%patch1 -p1
%patch3 -p1
%patch4 -p1
# Patching of bundled libraries
pushd pip/_vendor/urllib3
%patch5 -p1
%patch6 -p1
%patch7 -p1
popd
pushd pip/_vendor/requests
%patch8 -p1
popd
# this goes together with patch4
rm pip/_vendor/certifi/*.pem
rm pip/_vendor/requests/*.pem
sed -i '/\.pem$/d' pip.egg-info/SOURCES.txt
sed -i '1d' pip/__init__.py
# Remove ordereddict as it is only required for python <= 2.6
rm pip/_vendor/ordereddict.py
%build
export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
%if %{without bootstrap}
%py2_build_wheel
%else
%py2_build
%endif
%if %{with doc}
pushd docs
make html
make man
rm _build/html/.buildinfo
popd
%endif
%install
%if %{with doc}
install -d %{buildroot}%{_mandir}/man1
install -pm0644 docs/_build/man/*.1 %{buildroot}%{_mandir}/man1/pip2.1
%else
# When building without doc, use pregenerated version of pip2 manual page
mkdir -p %{buildroot}%{_mandir}/man1/
cp %{SOURCE2} %{buildroot}%{_mandir}/man1/
%endif # with doc
export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
%if %{without bootstrap}
%py2_install_wheel %{python2_wheelname}
%else
%py2_install
%endif
rm %{buildroot}%{_bindir}/pip{,%{python2_version}}
# Provide symlinks to executables to comply with Fedora guidelines for Python
ln -s ./pip2 %{buildroot}%{_bindir}/pip-%{python2_version}
ln -s ./pip2 %{buildroot}%{_bindir}/pip%{python2_version}
ln -s ./pip2 %{buildroot}%{_bindir}/pip-2
# Manpage symlink
ln -s ./pip2.1.gz %{buildroot}%{_mandir}/man1/pip%{python2_version}.1.gz
mkdir -p %{buildroot}%{bashcompdir}
PYTHONPATH=%{buildroot}%{python2_sitelib} \
%{buildroot}%{_bindir}/pip2 completion --bash \
> %{buildroot}%{bashcompdir}/pip2
pips2="pip2"
pips3=pip%{python3_version}
for pip in %{buildroot}%{_bindir}/pip*; do
pip=$(basename $pip)
case $pip in
pip2.*|pip-2*)
pips2="$pips2 $pip"
%if 0%{?bashcomp2}
ln -s pip2 %{buildroot}%{bashcompdir}/$pip
%endif
;;
esac
done
sed -i -e "s/^\\(complete.*\\) pip\$/\\1 $pips2/" \
%{buildroot}%{bashcompdir}/pip2
# Make sure the INSTALLER is not pip, otherwise pip-nowarn-upgrade.patch
# (Patch3) won't work
mkdir -p %{buildroot}%{python2_sitelib}/pip-%{version}.dist-info
echo rpm > %{buildroot}%{python2_sitelib}/pip-%{version}.dist-info/INSTALLER
%if %{without bootstrap}
mkdir -p %{buildroot}%{python2_wheeldir}
install -p dist/%{python2_wheelname} -t %{buildroot}%{python2_wheeldir}
%endif
%if %{with tests}
%check
export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
py.test-%{python2_version} -m 'not network'
%endif
%files
%license LICENSE.txt
%doc README.rst
%{_mandir}/man1/pip2.*
%{_bindir}/pip2
%{_bindir}/pip-2
%{_bindir}/pip%{python2_version}
%{_bindir}/pip-%{python2_version}
%{python2_sitelib}/pip*
%dir %{bashcompdir}
%{bashcompdir}/pip2
%if 0%{?bashcomp2}
%{bashcompdir}/pip2*
%{bashcompdir}/pip-2*
%dir %(dirname %{bashcompdir})
%endif
%if %{with doc}
%files doc
%license LICENSE.txt
%doc README.rst
%doc docs/_build/html
%endif # with doc
%if %{without bootstrap}
%files -n python2-pip-wheel
%license LICENSE.txt
# we own the dir for simplicity
%dir %{python2_wheeldir}/
%{python2_wheeldir}/%{python2_wheelname}
%endif
%changelog
* Mon Mar 16 2020 Charalampos Stratakis <cstratak@redhat.com> - 9.0.3-17
- Remove unused CA bundle from the bundled requests library
Resolves: rhbz#1775194
* Tue Jan 14 2020 Lumír Balhar <lbalhar@redhat.com> - 9.0.3-16
- Add four new patches for CVEs in bundled urllib3 and requests
CVE-2018-20060, CVE-2019-11236, CVE-2019-11324, CVE-2018-18074
Resolves: rhbz#1649153
Resolves: rhbz#1700824
Resolves: rhbz#1702473
Resolves: rhbz#1643829
* Thu Oct 24 2019 Charalampos Stratakis <cstratak@redhat.com> - 9.0.3-15
- Use the system level root certificate instead of the one bundled in certifi
Resolves: rhbz#1659551
* Tue Jun 18 2019 Charalampos Stratakis <cstratak@redhat.com> - 9.0.3-14
- Create the python-pip-wheel subpackage
Resolves: rhbz#1659551
* Thu Apr 25 2019 Tomas Orsava <torsava@redhat.com> - 9.0.3-13
- Bumping due to problems with modular RPM upgrade path
- Resolves: rhbz#1695587
* Mon Dec 10 2018 Tomas Orsava <torsava@redhat.com> - 9.0.3-12
- Do not show the "new version of pip" warning outside of venv
- Resolves: rhbz#1656171
* Tue Dec 04 2018 Lumír Balhar <lbalhar@redhat.com> - 9.0.3-11
- Use pregenerated manpage for pip2 when building without doc
- Resolves: rhbz#1655587
* Wed Aug 29 2018 Tomas Orsava <torsava@redhat.com> - 9.0.3-10
- Separate the python2-pip subpackage into its own component
- Related: rhbz#1628242
* Wed Aug 29 2018 Lumír Balhar <lbalhar@redhat.com> - 9.0.3-9
- Fix bash completion bug when python3 is disabled
- Resolves: rhbz#1615727
* Wed Aug 15 2018 Lumír Balhar <lbalhar@redhat.com> - 9.0.3-8
- Remove files without full version suffix
- Resolves: rhbz#1615727
* Wed Aug 08 2018 Lumír Balhar <lbalhar@redhat.com> - 9.0.3-7
- Remove unversioned binaries from python2 subpackage
- Resolves: rhbz#1613343
* Tue Aug 07 2018 Lumír Balhar <lbalhar@redhat.com> - 9.0.3-6
- Fix python3/doc condition
- Do not build doc in python27 module
* Mon Aug 06 2018 Lumír Balhar <lbalhar@redhat.com> - 9.0.3-5
- Build python3-pip in python27 module
* Mon Aug 06 2018 Charalampos Stratakis <cstratak@redhat.com> - 9.0.3-4
- Correct license information
* Tue Jul 03 2018 Tomas Orsava <torsava@redhat.com> - 9.0.3-3
- This package might be built with the non-modular python2 package from RHEL8
buildroot and thus we need to enable it
* Mon Jun 25 2018 Tomas Orsava <torsava@redhat.com> - 9.0.3-2
- Rebuild for the python27 module
* Thu Mar 29 2018 Charalampos Stratakis <cstratak@redhat.com> - 9.0.3-1
- Update to 9.0.3
* Wed Feb 21 2018 Lumír Balhar <lbalhar@redhat.com> - 9.0.1-16
- Include built HTML documentation (in the new -doc subpackage) and man page
* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 9.0.1-15
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
* Mon Dec 04 2017 Charalampos Stratakis <cstratak@redhat.com> - 9.0.1-14
- Reintroduce the ipaddress module in the python3 subpackage.
* Mon Nov 20 2017 Charalampos Stratakis <cstratak@redhat.com> - 9.0.1-13
- Add virtual provides for the bundled libraries. (rhbz#1096912)
* Tue Aug 29 2017 Tomas Orsava <torsava@redhat.com> - 9.0.1-12
- Switch macros to bcond's and make Python 2 optional to facilitate building
the Python 2 and Python 3 modules
* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 9.0.1-11
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Tue May 23 2017 Tomas Orsava <torsava@redhat.com> - 9.0.1-10
- Modernized package descriptions
Resolves: rhbz#1452568
* Tue Mar 21 2017 Tomas Orsava <torsava@redhat.com> - 9.0.1-9
- Fix typo in the sudo pip warning
* Fri Mar 03 2017 Tomas Orsava <torsava@redhat.com> - 9.0.1-8
- Patch 1 update: No sudo pip warning in venv or virtualenv
* Thu Feb 23 2017 Tomas Orsava <torsava@redhat.com> - 9.0.1-7
- Patch 1 update: Customize the warning with the proper version of the pip
command
* Tue Feb 14 2017 Tomas Orsava <torsava@redhat.com> - 9.0.1-6
- Added patch 1: Emit a warning when running with root privileges
* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 9.0.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Mon Jan 02 2017 Tomas Orsava <torsava@redhat.com> - 9.0.1-4
- Provide symlinks to executables to comply with Fedora guidelines for Python
Resolves: rhbz#1406922
* Fri Dec 09 2016 Charalampos Stratakis <cstratak@redhat.com> - 9.0.1-3
- Rebuild for Python 3.6 with wheel
* Fri Dec 09 2016 Charalampos Stratakis <cstratak@redhat.com> - 9.0.1-2
- Rebuild for Python 3.6 without wheel
* Fri Nov 18 2016 Orion Poplawski <orion@cora.nwra.com> - 9.0.1-1
- Update to 9.0.1
* Fri Nov 18 2016 Orion Poplawski <orion@cora.nwra.com> - 8.1.2-5
- Enable EPEL Python 3 builds
- Use new python macros
- Cleanup spec
* Fri Aug 05 2016 Tomas Orsava <torsava@redhat.com> - 8.1.2-4
- Updated the test sources
* Fri Aug 05 2016 Tomas Orsava <torsava@redhat.com> - 8.1.2-3
- Moved python-pip into the python2-pip subpackage
- Added the python_provide macro
* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 8.1.2-2
- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
* Tue May 17 2016 Tomas Orsava <torsava@redhat.com> - 8.1.2-1
- Update to 8.1.2
- Moved to a new PyPI URL format
- Updated the prefix-stripping patch because of upstream changes in pip/wheel.py
* Mon Feb 22 2016 Slavek Kabrda <bkabrda@redhat.com> - 8.0.2-1
- Update to 8.0.2
* Thu Feb 04 2016 Fedora Release Engineering <releng@fedoraproject.org> - 7.1.0-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Wed Oct 14 2015 Robert Kuska <rkuska@redhat.com> - 7.1.0-3
- Rebuilt for Python3.5 rebuild
- With wheel set to 1
* Tue Oct 13 2015 Robert Kuska <rkuska@redhat.com> - 7.1.0-2
- Rebuilt for Python3.5 rebuild
* Wed Jul 01 2015 Slavek Kabrda <bkabrda@redhat.com> - 7.1.0-1
- Update to 7.1.0
* Tue Jun 30 2015 Ville Skyttä <ville.skytta@iki.fi> - 7.0.3-3
- Install bash completion
- Ship LICENSE.txt as %%license where available
* Thu Jun 18 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 7.0.3-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Thu Jun 04 2015 Matej Stuchlik <mstuchli@redhat.com> - 7.0.3-1
- Update to 7.0.3
* Fri Mar 06 2015 Matej Stuchlik <mstuchli@redhat.com> - 6.0.8-1
- Update to 6.0.8
* Thu Dec 18 2014 Slavek Kabrda <bkabrda@redhat.com> - 1.5.6-5
- Only enable tests on Fedora.
* Mon Dec 01 2014 Matej Stuchlik <mstuchli@redhat.com> - 1.5.6-4
- Add tests
- Add patch skipping tests requiring Internet access
* Tue Nov 18 2014 Matej Stuchlik <mstuchli@redhat.com> - 1.5.6-3
- Added patch for local dos with predictable temp dictionary names
(http://seclists.org/oss-sec/2014/q4/655)
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.5.6-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Sun May 25 2014 Matej Stuchlik <mstuchli@redhat.com> - 1.5.6-1
- Update to 1.5.6
* Fri Apr 25 2014 Matej Stuchlik <mstuchli@redhat.com> - 1.5.4-4
- Rebuild as wheel for Python 3.4
* Thu Apr 24 2014 Matej Stuchlik <mstuchli@redhat.com> - 1.5.4-3
- Disable build_wheel
* Thu Apr 24 2014 Matej Stuchlik <mstuchli@redhat.com> - 1.5.4-2
- Rebuild as wheel for Python 3.4
* Mon Apr 07 2014 Matej Stuchlik <mstuchli@redhat.com> - 1.5.4-1
- Updated to 1.5.4
* Mon Oct 14 2013 Tim Flink <tflink@fedoraproject.org> - 1.4.1-1
- Removed patch for CVE 2013-2099 as it has been included in the upstream 1.4.1 release
- Updated version to 1.4.1
* Sun Aug 04 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3.1-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
* Tue Jul 16 2013 Toshio Kuratomi <toshio@fedoraproject.org> - 1.3.1-4
- Fix for CVE 2013-2099
* Thu May 23 2013 Tim Flink <tflink@fedoraproject.org> - 1.3.1-3
- undo python2 executable rename to python-pip. fixes #958377
- fix summary to match upstream
* Mon May 06 2013 Kevin Kofler <Kevin@tigcc.ticalc.org> - 1.3.1-2
- Fix main package Summary, it's for Python 2, not 3 (#877401)
* Fri Apr 26 2013 Jon Ciesla <limburgher@gmail.com> - 1.3.1-1
- Update to 1.3.1, fix for CVE-2013-1888.
* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.2.1-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
* Tue Oct 09 2012 Tim Flink <tflink@fedoraproject.org> - 1.2.1-2
- Fixing files for python3-pip
* Thu Oct 04 2012 Tim Flink <tflink@fedoraproject.org> - 1.2.1-1
- Update to upstream 1.2.1
- Change binary from pip-python to python-pip (RHBZ#855495)
- Add alias from python-pip to pip-python, to be removed at a later date
* Tue May 15 2012 Tim Flink <tflink@fedoraproject.org> - 1.1.0-1
- Update to upstream 1.1.0
* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.0.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
* Sat Oct 22 2011 Tim Flink <tflink@fedoraproject.org> - 1.0.2-1
- update to 1.0.2 and added python3 subpackage
* Wed Jun 22 2011 Tim Flink <tflink@fedoraproject.org> - 0.8.3-1
- update to 0.8.3 and project home page
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.8.2-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
* Mon Dec 20 2010 Luke Macken <lmacken@redhat.com> - 0.8.2-1
- update to 0.8.2 of pip
* Mon Aug 30 2010 Peter Halliday <phalliday@excelsiorsystems.net> - 0.8-1
- update to 0.8 of pip
* Thu Jul 22 2010 David Malcolm <dmalcolm@redhat.com> - 0.7.2-5
- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
* Wed Jul 7 2010 Peter Halliday <phalliday@excelsiorsystems.net> - 0.7.2-1
- update to 0.7.2 of pip
* Sun May 23 2010 Peter Halliday <phalliday@excelsiorsystems.net> - 0.7.1-1
- update to 0.7.1 of pip
* Fri Jan 1 2010 Peter Halliday <phalliday@excelsiorsystems.net> - 0.6.1.4
- fix dependency issue
* Fri Dec 18 2009 Peter Halliday <phalliday@excelsiorsystems.net> - 0.6.1-2
- fix spec file
* Thu Dec 17 2009 Peter Halliday <phalliday@excelsiorsystems.net> - 0.6.1-1
- upgrade to 0.6.1 of pip
* Mon Aug 31 2009 Peter Halliday <phalliday@excelsiorsystems.net> - 0.4-1
- Initial package