packages/python-pip
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!114 upgrade version to 21.3.1

Browse Source 
Merge pull request !114 from renxichen/master
This commit is contained in:
openeuler-ci-bot 2021-12-25 07:31:42 +00:00 committed by Gitee
commit 70dc0300b6
8 changed files with 24 additions and 161 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
allow-stripping-given-prefix-from-wheel-RECORD-files.patch
View File

@ -12,20 +12,20 @@ diff --git a/src/pip/_internal/commands/install.py b/src/pip/_internal/commands/
index 8c2c32f..674d30c 100644
--- a/src/pip/_internal/commands/install.py
+++ b/src/pip/_internal/commands/install.py
@@ -130,6 +130,13 @@ class InstallCommand(RequirementCommand):
default=None,
help="Installation prefix where lib, bin and other top-level "
"folders are placed")
@@ -134,6 +134,13 @@ class InstallCommand(RequirementCommand):
"folders are placed"
),
)
+ self.cmd_opts.add_option(
+ '--strip-file-prefix',
+ dest='strip_file_prefix',
+ metavar='prefix',
+ default=None,
+ help="Strip given prefix from script paths in wheel RECORD."
+ )
+ '--strip-file-prefix',
+ dest='strip_file_prefix',
+ metavar='prefix',
+ default=None,
+ help="Strip given prefix from script paths in wheel RECORD."
+ )
self.cmd_opts.add_option(cmdoptions.build_dir())
self.cmd_opts.add_option(cmdoptions.src())
--
2.23.0

44
backport-CVE-2021-3572.patch
View File

@ -1,44 +0,0 @@
From ca832b2836e0bffa7cf95589acdcd71230f5834e Mon Sep 17 00:00:00 2001
From: Pradyun Gedam <pradyunsg@users.noreply.github.com>
Date: Sat, 24 Apr 2021 10:13:15 +0100
Subject: [PATCH] Don't split git references on unicode separators
Reference:https://github.com/pypa/pip/commit/ca832b2836e0bffa7cf95589acdcd71230f5834e
Previously, maliciously formatted tags could be used to hijack a
commit-based pin. Using the fact that the split here allowed for
all of unicode's whitespace characters as separators -- which git allows
as a part of a tag name -- it is possible to force a different revision
to be installed; if an attacker gains access to the repository.
This change stops splitting the string on unicode characters, by forcing
the splits to happen on newlines and ASCII spaces.
---
src/pip/_internal/vcs/git.py | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/src/pip/_internal/vcs/git.py b/src/pip/_internal/vcs/git.py
index 1831aed..37be66c 100644
--- a/src/pip/_internal/vcs/git.py
+++ b/src/pip/_internal/vcs/git.py
@@ -143,9 +143,15 @@ class Git(VersionControl):
pass
refs = {}
- for line in output.strip().splitlines():
+ # NOTE: We do not use splitlines here since that would split on other
+ # unicode separators, which can be maliciously used to install a
+ # different revision.
+ for line in output.strip().split("\n"):
+ line = line.rstrip("\r")
+ if not line:
+ continue
try:
- sha, ref = line.split()
+ sha, ref = line.split(" ", maxsplit=2)
except ValueError:
# Include the offending line to simplify troubleshooting if
# this error ever occurs.
--
1.8.3.1

8
dummy-certifi.patch
View File

@ -11,15 +11,15 @@ diff --git a/src/pip/_vendor/certifi/core.py b/src/pip/_vendor/certifi/core.py
index 8987449..568d078 100644
--- a/src/pip/_vendor/certifi/core.py
+++ b/src/pip/_vendor/certifi/core.py
@@ -9,6 +9,7 @@ This module returns the installation location of cacert.pem or its contents.
import os
@@ -23,6 +23,7 @@ try:
return _PIP_STANDALONE_CERT
raise _PipPatchedCertificate()
try:
+ raise ImportError # force fallback
from importlib.resources import path as get_path, read_text
_CACERT_CTX = None
@@ -51,9 +52,7 @@ except ImportError:
@@ -67,9 +68,7 @@ except ImportError:
# If we don't have importlib.resources, then we will just do the old logic
# of assuming we're on the filesystem and munge the path directly.
def where():

4
emit-a-warning-when-running-with-root-privileges.patch
View File

@ -19,9 +19,9 @@ index 70bda2e2..1e750ae1 100644
import site
+import sys
+from os import path
from optparse import SUPPRESS_HELP
from optparse import SUPPRESS_HELP, Values
from typing import Iterable, List, Optional
from pip._vendor import pkg_resources
@@ -241,6 +243,23 @@ class InstallCommand(RequirementCommand):
raise CommandError("Can not combine '--user' and '--target'")

BIN
pip-20.3.3.tar.gz
View File

Binary file not shown.

BIN
pip-21.3.1.tar.gz Normal file
View File

Binary file not shown.

11
python-pip.spec
View File

@ -1,12 +1,12 @@
%global srcname pip
%global python_wheelname %{srcname}-%{version}-py2.py3-none-any.whl
%global python_wheelname %{srcname}-%{version}-py3-none-any.whl
%global python_wheeldir %{_datadir}/python-wheels
%global _description \
pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes.
%global bashcompdir %(b=$(pkg-config --variable=completionsdir bash-completion 2>/dev/null); echo ${b:-%{_sysconfdir}/bash_completion.d})
Name: python-%{srcname}
Version: 20.3.3
Release: 5
Version: 21.3.1
Release: 1
Summary: A tool for installing and managing Python packages
License: MIT and Python and ASL 2.0 and BSD and ISC and LGPLv2 and MPLv2.0 and (ASL 2.0 or BSD)
URL: http://www.pip-installer.org
@ -14,9 +14,7 @@ Source0: %{pypi_source}
BuildArch: noarch
Patch1: allow-stripping-given-prefix-from-wheel-RECORD-files.patch
Patch2: emit-a-warning-when-running-with-root-privileges.patch
Patch3: remove-existing-dist-only-if-path-conflicts.patch
Patch6000: dummy-certifi.patch
Patch6001: backport-CVE-2021-3572.patch
Source10: pip-allow-older-versions.patch
@ -119,6 +117,9 @@ install -p dist/%{python_wheelname} -t %{buildroot}%{python_wheeldir}
%{python_wheeldir}/%{python_wheelname}
%changelog
* Mon Dec 20 2021 renhongxun<renhongxun@huawei.com> - 21.3.1-1
- upgrade version to 21.3.1
* Fri Nov 26 2021 shixuantong<shixuantong@huawei.com> - 20.3.3-5
- remove python3-pip from BuildRequires

94
remove-existing-dist-only-if-path-conflicts.patch
View File

@ -1,94 +0,0 @@
From 854fd7296bb9306d46ba3cc8bb7c6f18a7960ed6 Mon Sep 17 00:00:00 2001
From: Tomas Hrnciar <thrnciar@redhat.com>
Date: Sun, 26 Apr 2020 21:19:03 +0200
Subject: [PATCH] Prevent removing of the system packages installed under
/usr/lib
when pip install -U is executed.
Resolves: rhbz#1550368
Co-Authored-By: Michal Cyprian <m.cyprian@gmail.com>
Co-Authored-By: Victor Stinner <vstinner@redhat.com>
---
src/pip/_internal/req/req_install.py | 3 ++-
src/pip/_internal/resolution/legacy/resolver.py | 5 ++++-
src/pip/_internal/utils/misc.py | 11 +++++++++++
3 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/src/pip/_internal/req/req_install.py b/src/pip/_internal/req/req_install.py
index 4759f4a..2e76e35 100644
--- a/src/pip/_internal/req/req_install.py
+++ b/src/pip/_internal/req/req_install.py
@@ -41,6 +41,7 @@ from pip._internal.utils.misc import (
ask_path_exists,
backup_dir,
display_path,
+ dist_in_install_path,
dist_in_site_packages,
dist_in_usersite,
get_distribution,
@@ -447,7 +448,7 @@ class InstallRequirement(object):
"lack sys.path precedence to {} in {}".format(
existing_dist.project_name, existing_dist.location)
)
- else:
+ elif dist_in_install_path(existing_dist):
self.should_reinstall = True
else:
if self.editable:
diff --git a/src/pip/_internal/resolution/legacy/resolver.py b/src/pip/_internal/resolution/legacy/resolver.py
index c9b4c66..ff361d8 100644
--- a/src/pip/_internal/resolution/legacy/resolver.py
+++ b/src/pip/_internal/resolution/legacy/resolver.py
@@ -34,6 +34,7 @@ from pip._internal.resolution.base import BaseResolver
from pip._internal.utils.compatibility_tags import get_supported
from pip._internal.utils.logging import indent_log
from pip._internal.utils.misc import dist_in_usersite, normalize_version_info
+from pip._internal.utils.misc import dist_in_install_path
from pip._internal.utils.packaging import check_requires_python, get_requires_python
from pip._internal.utils.typing import MYPY_CHECK_RUNNING
@@ -204,7 +205,9 @@ class Resolver(BaseResolver):
"""
# Don't uninstall the conflict if doing a user install and the
# conflict is not a user install.
- if not self.use_user_site or dist_in_usersite(req.satisfied_by):
+ if ((not self.use_user_site
+ or dist_in_usersite(req.satisfied_by))
+ and dist_in_install_path(req.satisfied_by)):
req.should_reinstall = True
req.satisfied_by = None
diff --git a/src/pip/_internal/utils/misc.py b/src/pip/_internal/utils/misc.py
index 24a7455..5fd48d3 100644
--- a/src/pip/_internal/utils/misc.py
+++ b/src/pip/_internal/utils/misc.py
@@ -31,7 +31,7 @@ from pip._vendor.six.moves.urllib.parse import unquote as urllib_unquote
from pip import __version__
from pip._internal.exceptions import CommandError
-from pip._internal.locations import get_major_minor_version, site_packages, user_site
+from pip._internal.locations import distutils_scheme, get_major_minor_version, site_packages, user_site
from pip._internal.utils.compat import WINDOWS, expanduser, stdlib_pkgs, str_to_display
from pip._internal.utils.typing import MYPY_CHECK_RUNNING, cast
from pip._internal.utils.virtualenv import (
@@ -406,6 +406,16 @@ def dist_in_site_packages(dist):
return dist_location(dist).startswith(normalize_path(site_packages))
+def dist_in_install_path(dist):
+ """
+ Return True if given Distribution is installed in
+ path matching distutils_scheme layout.
+ """
+ norm_path = normalize_path(dist_location(dist))
+ return norm_path.startswith(normalize_path(
+ distutils_scheme("")['purelib'].split('python')[0]))
+
+
def dist_is_editable(dist):
# type: (Distribution) -> bool
"""
--
2.25.4