diff --git a/MarkupSafe-2.0.1-cp36-cp36m-manylinux1_x86_64.whl b/MarkupSafe-2.0.1-cp36-cp36m-manylinux1_x86_64.whl deleted file mode 100644 index 46dbca2f1dc1896100f87c556a0b685e14eca668..0000000000000000000000000000000000000000 Binary files a/MarkupSafe-2.0.1-cp36-cp36m-manylinux1_x86_64.whl and /dev/null differ diff --git a/RHEL-35649-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch b/RHEL-35649-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch deleted file mode 100644 index 700ab80a0f3b5b13aeb71d4ae91a2d4c388ec797..0000000000000000000000000000000000000000 --- a/RHEL-35649-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch +++ /dev/null @@ -1,65 +0,0 @@ -From d655030770081e2dfe46f90e27620472a502289d Mon Sep 17 00:00:00 2001 -From: David Lord -Date: Thu, 2 May 2024 09:14:00 -0700 -Subject: [PATCH] disallow invalid characters in keys to xmlattr filter - ---- - CHANGES.rst | 6 ++++++ - src/jinja2/filters.py | 22 +++++++++++++++++----- - tests/test_filters.py | 11 ++++++----- - 3 files changed, 29 insertions(+), 10 deletions(-) - -diff --git a/kubevirt/jinja2/filters.py b/kubevirt/jinja2/filters.py -index 4cf3c11fb..acd11976e 100644 ---- a/kubevirt/jinja2/filters.py -+++ b/kubevirt/jinja2/filters.py -@@ -250,7 +250,9 @@ def do_items(value: t.Union[t.Mapping[K, V], Undefined]) -> t.Iterator[t.Tuple[K - yield from value.items() - - --_space_re = re.compile(r"\s", flags=re.ASCII) -+# Check for characters that would move the parser state from key to value. -+# https://html.spec.whatwg.org/#attribute-name-state -+_attr_key_re = re.compile(r"[\s/>=]", flags=re.ASCII) - - - @pass_eval_context -@@ -259,8 +261,14 @@ def do_xmlattr( - ) -> str: - """Create an SGML/XML attribute string based on the items in a dict. - -- If any key contains a space, this fails with a ``ValueError``. Values that -- are neither ``none`` nor ``undefined`` are automatically escaped. -+ **Values** that are neither ``none`` nor ``undefined`` are automatically -+ escaped, safely allowing untrusted user input. -+ -+ User input should not be used as **keys** to this filter. If any key -+ contains a space, ``/`` solidus, ``>`` greater-than sign, or ``=`` equals -+ sign, this fails with a ``ValueError``. Regardless of this, user input -+ should never be used as keys to this filter, or must be separately validated -+ first. - - .. sourcecode:: html+jinja - -@@ -280,6 +288,10 @@ def do_xmlattr( - As you can see it automatically prepends a space in front of the item - if the filter returned something unless the second parameter is false. - -+ .. versionchanged:: 3.1.4 -+ Keys with ``/`` solidus, ``>`` greater-than sign, or ``=`` equals sign -+ are not allowed. -+ - .. versionchanged:: 3.1.3 - Keys with spaces are not allowed. - """ -@@ -289,8 +301,8 @@ def do_xmlattr( - if value is None or isinstance(value, Undefined): - continue - -- if _space_re.search(key) is not None: -- raise ValueError(f"Spaces are not allowed in attributes: '{key}'") -+ if _attr_key_re.search(key) is not None: -+ raise ValueError(f"Invalid character in attribute name: {key!r}") - - items.append(f'{escape(key)}="{escape(value)}"') - diff --git a/awscrt-0.11.13-cp36-cp36m-manylinux1_x86_64.whl b/awscrt-0.11.13-cp36-cp36m-manylinux1_x86_64.whl deleted file mode 100644 index 15c254520ed8f71ba86e8dcae2fd4f4d8655ae5a..0000000000000000000000000000000000000000 Binary files a/awscrt-0.11.13-cp36-cp36m-manylinux1_x86_64.whl and /dev/null differ diff --git a/bz2217902-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch b/bz2217902-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch index 56494f24ec55b66b9dab2c558bc8167da93d4efe..97707a57a8341007a4c3ea814fe25d54f6d33889 100644 --- a/bz2217902-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch +++ b/bz2217902-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch @@ -12,5 +12,6 @@ + # Fallback to a possibly dangerous extraction (before PEP 706) + tf.extract(name, tmpdir) filepaths = [os.path.join(tmpdir, n) for n in zonegroups] - try: - check_call(["zic", "-d", zonedir] + filepaths) + + _run_zic(zonedir, filepaths) + diff --git a/bz2217902-2-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch b/bz2217902-2-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch index 831ca45f7656c47650f4356e468507ff258b0cc5..9706cecb6605600afa3f63d87a9e3d513761bf56 100644 --- a/bz2217902-2-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch +++ b/bz2217902-2-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch @@ -12,8 +12,9 @@ + # Fallback to a possibly dangerous extraction (before PEP 706) + tf.extract(name, tmpdir) filepaths = [os.path.join(tmpdir, n) for n in zonegroups] - try: - check_call(["zic", "-d", zonedir] + filepaths) + + _run_zic(zonedir, filepaths) + --- a/awscli/dateutil/zoneinfo/rebuild.py 2023-01-26 16:29:30.000000000 +0100 +++ b/awscli/dateutil/zoneinfo/rebuild.py 2023-07-19 10:12:42.277559948 +0200 @@ -21,7 +21,12 @@ @@ -28,8 +29,9 @@ + # Fallback to a possibly dangerous extraction (before PEP 706) + tf.extract(name, tmpdir) filepaths = [os.path.join(tmpdir, n) for n in zonegroups] - try: - check_call(["zic", "-d", zonedir] + filepaths) + + _run_zic(zonedir, filepaths) + --- a/azure/dateutil/zoneinfo/rebuild.py 2023-01-26 16:29:30.000000000 +0100 +++ b/azure/dateutil/zoneinfo/rebuild.py 2023-07-19 10:12:42.277559948 +0200 @@ -21,7 +21,12 @@ @@ -44,5 +46,5 @@ + # Fallback to a possibly dangerous extraction (before PEP 706) + tf.extract(name, tmpdir) filepaths = [os.path.join(tmpdir, n) for n in zonegroups] - try: - check_call(["zic", "-d", zonedir] + filepaths) + + _run_zic(zonedir, filepaths) diff --git a/cffi-1.14.5-cp36-cp36m-manylinux1_x86_64.whl b/cffi-1.14.5-cp36-cp36m-manylinux1_x86_64.whl deleted file mode 100644 index a6271bc46c1af307dc70a59e9308477b9db34926..0000000000000000000000000000000000000000 Binary files a/cffi-1.14.5-cp36-cp36m-manylinux1_x86_64.whl and /dev/null differ diff --git a/cryptography-3.3.2-cp36-abi3-manylinux1_x86_64.whl b/cryptography-3.3.2-cp36-abi3-manylinux1_x86_64.whl deleted file mode 100644 index 3893155d03aab66e1d58d99663105968817ca441..0000000000000000000000000000000000000000 Binary files a/cryptography-3.3.2-cp36-abi3-manylinux1_x86_64.whl and /dev/null differ diff --git a/download b/download index 420fb52ce9714285610454512591f6e99481a46d..15eae7fb2f708656e05c4fa01efd4421ad44b29c 100644 --- a/download +++ b/download @@ -11,7 +11,7 @@ a56b8dc55158a41ab3c89c4c8feb8824 colorama-0.3.3.tar.gz 3bc52f1952b9a78361114147da63c35b flit_core-3.9.0.tar.gz a61b1015a213f1a9cf27252fbac579ee google-auth-2.3.0.tar.gz 5856306eac5f25db8249e37a4c6ee3e7 idna-3.3.tar.gz -a66396e3080a68928ff98276d6809138 Jinja2-3.1.3.tar.gz +083d64f070f6f1b5f75971ae60240785 jinja2-3.1.5.tar.gz d44bf469fcc16312e12fe8548cb177ee kubernetes-12.0.1.tar.gz 892e0fefa3c488387e5cc0cad2daa523 MarkupSafe-2.0.1.tar.gz e46e2af1ad29245ddbd93972770f528b msal-1.18.0.tar.gz @@ -32,6 +32,7 @@ bb9d65e5b9f0a6f37365a15922440155 pyroute2.ipset-0.6.13.tar.gz 29aef69d25536baa1c0a121c8cefdf72 pyroute2.ndb-0.6.13.tar.gz d0db73bc8015af946b3578330fb1e020 pyroute2.nftables-0.6.13.tar.gz 6016e3a0381e31cfeffd1e4e6f10843b pyroute2.nslink-0.6.13.tar.gz +5970010bb72452344df3d76a10281b65 python-dateutil-2.8.2.tar.gz 70ef5c5e6b05badc8675dcc3106d90cc python-string-utils-1.0.0.tar.gz 3b07eb596071bac75c886129de881d22 PyYAML-5.1.tar.gz 8c745949ad3e9ae83d9927fed213db8a requests-2.26.0.tar.gz @@ -40,9 +41,10 @@ c21701cdd75c170f8d690f704a362c44 rsa-4.7.2.tar.gz dd811a8f09dc0e622ad19a42508da7c1 ruamel.yaml-0.15.100.tar.gz ef2af87b5f265163700b12165a541406 ruamel.yaml-0.17.16.tar.gz e2397bedcd1f40b2f22b3696175082aa ruamel.yaml.clib-0.2.6.tar.gz -7a2c32ef46b0f91acc8c2756af56a711 setuptools-58.3.0.tar.gz -32918d8ac566360c21411e0b3556c695 setuptools_scm-6.3.2.tar.gz +2d7f698adca86005a771f8709686d5e4 setuptools-71.1.0.tar.gz +d8046dce093a94dc382b68b45f6a6257 setuptools_scm-8.1.0.tar.gz a7c927740e4964dd29b72cebfc1429bb six-1.16.0.tar.gz -36fd182000c721cf495d4dc673a6f9e9 tomli-1.0.1.tar.gz +d4341621d423a7ca6822e23d6d52bb9a tomli-2.0.1.tar.gz +cf64c2313f5fa5eb04c1deb3fc93abe9 typing_extensions-4.12.2.tar.gz f986d8e9616d2a43389f678d5dad9893 urllib3-1.26.18.tar.gz a043b9a04dc10a7c9f333cf55f6222df websocket-client-1.2.1.tar.gz diff --git a/fence-agents.spec b/fence-agents.spec index 24ddb706ac3be75a4632a184ecb7b8a591cbfd02..b3f25dc4540d212dc609bd34601e78a51f99174f 100644 --- a/fence-agents.spec +++ b/fence-agents.spec @@ -1,4 +1,3 @@ -%define anolis_release .0.1 # Copyright 2004-2011 Red Hat, Inc. # This copyrighted material is made available to anyone wishing to use, # modify, copy, or redistribute it subject to the terms and conditions @@ -38,8 +37,8 @@ %global urllib3_version 1.26.18 %global websocketclient websocket-client %global websocketclient_version 1.2.1 -%global jinja2 Jinja2 -%global jinja2_version 3.1.3 +%global jinja2 jinja2 +%global jinja2_version 3.1.5 %global markupsafe MarkupSafe %global markupsafe_version 2.0.1 %global stringutils string-utils @@ -54,13 +53,11 @@ %global reqstsoauthlib_version 1.3.0 %global ruamelyaml ruamel.yaml %global ruamelyaml_version 0.17.16 -%global setuptools setuptools -%global setuptools_version 58.3.0 Name: fence-agents Summary: Set of unified programs capable of host isolation ("fencing") Version: 4.10.0 -Release: 76%{?alphatag:.%{alphatag}}%{anolis_release}%{?dist}.1 +Release: 76%{?alphatag:.%{alphatag}}%{?dist}.4 License: GPLv2+ and LGPLv2+ URL: https://github.com/ClusterLabs/fence-agents Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz @@ -155,7 +152,7 @@ Source1060: pyroute2.nftables-0.6.13.tar.gz Source1061: pyroute2.nslink-0.6.13.tar.gz Source1062: pytz-2021.1-py2.py3-none-any.whl Source1063: rsa-4.7.2-py3-none-any.whl -Source1064: setuptools-57.0.0-py3-none-any.whl +Source1064: setuptools-71.1.0.tar.gz Source1065: uritemplate-3.0.1-py2.py3-none-any.whl # common (pexpect / suds) Source1066: pexpect-4.8.0-py2.py3-none-any.whl @@ -173,6 +170,7 @@ Source1073: %{googleauth}-%{googleauth_version}.tar.gz Source1074: %{cachetools}-%{cachetools_version}.tar.gz Source1075: %{pyasn1modules}-%{pyasn1modules_version}.tar.gz Source1076: %{pyasn1}-%{pyasn1_version}.tar.gz +Source1077: python-%{dateutil}-%{dateutil_version}.tar.gz Source1078: %{pyyaml}-%{pyyaml_version}.tar.gz ## rsa is dependency for "pip install", ## but gets removed to use cryptography lib instead @@ -187,26 +185,15 @@ Source1086: %{chrstnormalizer}-%{chrstnormalizer_version}.tar.gz Source1087: %{idna}-%{idna_version}.tar.gz Source1088: %{reqstsoauthlib}-%{reqstsoauthlib_version}.tar.gz Source1089: %{ruamelyaml}-%{ruamelyaml_version}.tar.gz -Source1090: %{setuptools}-%{setuptools_version}.tar.gz ## required for installation -Source1091: setuptools_scm-6.3.2.tar.gz -Source1092: packaging-21.2-py3-none-any.whl -Source1093: poetry-core-1.0.7.tar.gz -Source1094: pyparsing-3.0.1.tar.gz -Source1095: tomli-1.0.1.tar.gz -Source1096: flit_core-3.9.0.tar.gz +Source1090: setuptools_scm-8.1.0.tar.gz +Source1091: packaging-21.2-py3-none-any.whl +Source1092: poetry-core-1.0.7.tar.gz +Source1093: pyparsing-3.0.1.tar.gz +Source1094: tomli-2.0.1.tar.gz +Source1095: flit_core-3.9.0.tar.gz +Source1096: typing_extensions-4.12.2.tar.gz Source1097: wheel-0.37.0-py2.py3-none-any.whl -Source3000: pycryptodome-3.10.1.tar.gz -Source3001: cryptography-3.3.2-cp36-abi3-manylinux1_x86_64.whl -Source3002: awscrt-0.11.13-cp36-cp36m-manylinux1_x86_64.whl -Source3003: cffi-1.14.5-cp36-cp36m-manylinux1_x86_64.whl -Source3004: urllib3-1.24.3-py2.py3-none-any.whl -Source3005: importlib_metadata-4.8.1-py3-none-any.whl -Source3006: protobuf-3.17.3-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl -Source3007: zipp-3.5.0-py3-none-any.whl -Source3008: typing_extensions-3.10.0.2-py3-none-any.whl -Source3009: importlib_resources-5.2.2-py3-none-any.whl -Source3010: MarkupSafe-2.0.1-cp36-cp36m-manylinux1_x86_64.whl ### END Patch0: ha-cloud-support-aliyun.patch @@ -272,14 +259,10 @@ Patch58: RHEL-59882-fence_scsi-only-preempt-once-for-mpath-devices.patch ### HA support libs/utils ### # all archs Patch1000: bz2217902-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch -Patch1001: RHEL-35649-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch # cloud (x86_64 only) Patch2000: bz2217902-2-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch Patch2001: RHEL-43562-fix-bundled-urllib3-CVE-2024-37891.patch -# https://github.com/pypa/setuptools/pull/4332 -Patch2002: setuptools-fix-CVE-2024-6345.patch - %global supportedagents amt_ws apc apc_snmp bladecenter brocade cisco_mds cisco_ucs compute drac5 eaton_snmp emerson eps evacuate hpblade ibmblade ibm_powervs ibm_vpc ifmib ilo ilo_moonshot ilo_mp ilo_ssh intelmodular ipdu ipmilan kdump kubevirt lpar mpath redfish rhevm rsa rsb sbd scsi vmware_rest vmware_soap wti %ifarch x86_64 %global testagents virsh heuristics_ping aliyun aws azure_arm gce openstack virt @@ -356,7 +339,6 @@ BuildRequires: python3-pip python3-wheel BuildRequires: golang git %endif BuildRequires: python3-pycurl python3-requests -BuildRequires: python3-markupsafe %if 0%{?fedora} || 0%{?centos} > 7 || 0%{?rhel} > 7 BuildRequires: openwsman-python3 %endif @@ -456,12 +438,6 @@ BuildRequires: %{systemd_units} # prevent compilation of something that won't get used anyway sed -i.orig 's|FENCE_ZVM=1|FENCE_ZVM=0|' configure.ac -pushd %{_sourcedir} -tar -xf %{setuptools}-%{setuptools_version}.tar.gz -%patch -p0 -P2002 -tar -zcvf %{setuptools}-%{setuptools_version}.tar.gz %{setuptools}-%{setuptools_version}/ -popd - %build %if 0%{?fedora} || 0%{?centos} > 7 || 0%{?rhel} > 7 || 0%{?suse_version} export PYTHON="%{__python3}" @@ -493,19 +469,18 @@ echo "awscli" >> %{_sourcedir}/requirements-awscli.txt %ifnarch x86_64 LIBS="%{_sourcedir}/requirements-common.txt" %endif -# %{__python3} -m pip install --target support/$(echo $x | sed -E "s/.*requirements-(.*).txt/\1/") --no-index --find-links %{_sourcedir} setuptools_scm for x in $LIBS; do %{__python3} -m pip install --target support/$(echo $x | sed -E "s/.*requirements-(.*).txt/\1/") --no-index --find-links %{_sourcedir} -r $x done # fix incorrect #! detected by CI -#%ifarch x86_64 -#sed -i -e "/^#\!\/Users/c#\!%{__python3}" support/aws/bin/jp support/awscli/bin/jp -#%endif +%ifarch x86_64 +sed -i -e "/^#\!\/Users/c#\!%{__python3}" support/aws/bin/jp support/awscli/bin/jp +%endif -# %ifarch x86_64 -# sed -i -e "/^import awscli.clidriver/isys.path.insert(0, '/usr/lib/%{name}/support/awscli')" support/awscli/bin/aws -# %endif +%ifarch x86_64 +sed -i -e "/^import awscli.clidriver/isys.path.insert(0, '/usr/lib/%{name}/support/awscli')" support/awscli/bin/aws +%endif # kubevirt %{__python3} -m pip install --user --no-index --find-links %{_sourcedir} setuptools-scm @@ -515,7 +490,6 @@ rm -rf kubevirt/rsa* # regular patch doesnt work in build-section pushd support /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH1000} -/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH1001} %ifarch x86_64 /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH2000} @@ -713,7 +687,7 @@ Provides: bundled(python-pyroute2-nftables) = 0.6.13 Provides: bundled(python-pyroute2-nslink) = 0.6.13 Provides: bundled(python-pytz) = 2021.1 Provides: bundled(python-rsa) = 4.7.2 -Provides: bundled(python3-setuptools) = 57.0.0 +Provides: bundled(python3-setuptools) = 71.1.0 Provides: bundled(python-uritemplate) = 3.0.1 %description -n ha-cloud-support Support libraries for Fence Agents. @@ -1250,7 +1224,7 @@ Provides: bundled(python3-%{idna}) = %{idna_version} Provides: bundled(python3-%{reqstsoauthlib}) = %{reqstsoauthlib_version} Provides: bundled(python3-%{oauthlib}) = %{oauthlib_version} Provides: bundled(python3-%{ruamelyaml}) = %{ruamelyaml_version} -Provides: bundled(python3-setuptools) = %{setuptools_version} +Provides: bundled(python3-setuptools) = 71.1.0 %description kubevirt Fence agent for KubeVirt platform. %files kubevirt @@ -1556,11 +1530,9 @@ are located on corosync cluster nodes. %endif %changelog -* Wed Dec 04 2024 Chang Gao - 4.10.0-76.0.1.1 -- Replace some packages with build env -- Update CVE-2007-4559 patches -- Change Jinja2 require python version -- fix CVE-2024-6345 (gc-taifu@linux.alibaba.com) +* Thu Jan 9 2025 Oyvind Albrigtsen - 4.10.0-76.4 +- bundled jinja2: fix CVE-2024-56201 and CVE-2024-56326 + Resolves: RHEL-72070, RHEL-72063 * Wed Sep 25 2024 Oyvind Albrigtsen - 4.10.0-76.1 - fence_scsi: preempt clears all devices on the mpath device, so only diff --git a/importlib_metadata-4.8.1-py3-none-any.whl b/importlib_metadata-4.8.1-py3-none-any.whl deleted file mode 100644 index 0a226fb73c259dde1679607eafd87faabaf307fb..0000000000000000000000000000000000000000 Binary files a/importlib_metadata-4.8.1-py3-none-any.whl and /dev/null differ diff --git a/importlib_resources-5.2.2-py3-none-any.whl b/importlib_resources-5.2.2-py3-none-any.whl deleted file mode 100644 index 45047a5a848b39592607c46611a3cbb458eea331..0000000000000000000000000000000000000000 Binary files a/importlib_resources-5.2.2-py3-none-any.whl and /dev/null differ diff --git a/protobuf-3.17.3-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl b/protobuf-3.17.3-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl deleted file mode 100644 index 51f6ceadcf10bdaac6542d8eebd4904b234297d6..0000000000000000000000000000000000000000 Binary files a/protobuf-3.17.3-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.whl and /dev/null differ diff --git a/pycryptodome-3.10.1.tar.gz b/pycryptodome-3.10.1.tar.gz deleted file mode 100644 index ee913bf6f69f491e34d52758369cfeb8e9824378..0000000000000000000000000000000000000000 Binary files a/pycryptodome-3.10.1.tar.gz and /dev/null differ diff --git a/setuptools-57.0.0-py3-none-any.whl b/setuptools-57.0.0-py3-none-any.whl deleted file mode 100644 index f704306d4566efdd0cc6a62d45659d15672989f9..0000000000000000000000000000000000000000 Binary files a/setuptools-57.0.0-py3-none-any.whl and /dev/null differ diff --git a/setuptools-fix-CVE-2024-6345.patch b/setuptools-fix-CVE-2024-6345.patch deleted file mode 100644 index 81c943dea78e801e966ec2c9c403b7a50f51abd2..0000000000000000000000000000000000000000 --- a/setuptools-fix-CVE-2024-6345.patch +++ /dev/null @@ -1,202 +0,0 @@ ---- setuptools-58.3.0/setuptools/package_index.py.orig 2024-09-20 10:49:27.031090108 +0800 -+++ setuptools-58.3.0/setuptools/package_index.py 2024-09-20 10:57:16.429147164 +0800 -@@ -1,5 +1,6 @@ - """PyPI and direct package downloading""" - import sys -+import subprocess - import os - import re - import io -@@ -558,7 +559,7 @@ - scheme = URL_SCHEME(spec) - if scheme: - # It's a url, download it to tmpdir -- found = self._download_url(scheme.group(1), spec, tmpdir) -+ found = self._download_url(spec, tmpdir) - base, fragment = egg_info_for_url(spec) - if base.endswith('.py'): - found = self.gen_setup(found, fragment, tmpdir) -@@ -777,7 +778,7 @@ - raise DistutilsError("Download error for %s: %s" - % (url, v)) from v - -- def _download_url(self, scheme, url, tmpdir): -+ def _download_url(self, url, tmpdir): - # Determine download filename - # - name, fragment = egg_info_for_url(url) -@@ -792,19 +793,59 @@ - - filename = os.path.join(tmpdir, name) - -- # Download the file -- # -- if scheme == 'svn' or scheme.startswith('svn+'): -- return self._download_svn(url, filename) -- elif scheme == 'git' or scheme.startswith('git+'): -- return self._download_git(url, filename) -- elif scheme.startswith('hg+'): -- return self._download_hg(url, filename) -- elif scheme == 'file': -- return urllib.request.url2pathname(urllib.parse.urlparse(url)[2]) -- else: -- self.url_ok(url, True) # raises error if not allowed -- return self._attempt_download(url, filename) -+ return self._download_vcs(url, filename) or self._download_other(url, filename) -+ -+ @staticmethod -+ def _resolve_vcs(url): -+ """ -+ >>> rvcs = PackageIndex._resolve_vcs -+ >>> rvcs('git+http://foo/bar') -+ 'git' -+ >>> rvcs('hg+https://foo/bar') -+ 'hg' -+ >>> rvcs('git:myhost') -+ 'git' -+ >>> rvcs('hg:myhost') -+ >>> rvcs('http://foo/bar') -+ """ -+ scheme = urllib.parse.urlsplit(url).scheme -+ pre, sep, post = scheme.partition('+') -+ # svn and git have their own protocol; hg does not -+ allowed = set(['svn', 'git'] + ['hg'] * bool(sep)) -+ return next(iter({pre} & allowed), None) -+ -+ def _download_vcs(self, url, spec_filename): -+ vcs = self._resolve_vcs(url) -+ if not vcs: -+ return -+ if vcs == 'svn': -+ raise DistutilsError( -+ f"Invalid config, SVN download is not supported: {url}" -+ ) -+ -+ filename, _, _ = spec_filename.partition('#') -+ url, rev = self._vcs_split_rev_from_url(url) -+ -+ self.info(f"Doing {vcs} clone from {url} to {filename}") -+ subprocess.check_call([vcs, 'clone', '--quiet', url, filename]) -+ -+ co_commands = dict( -+ git=[vcs, '-C', filename, 'checkout', '--quiet', rev], -+ hg=[vcs, '--cwd', filename, 'up', '-C', '-r', rev, '-q'], -+ ) -+ if rev is not None: -+ self.info(f"Checking out {rev}") -+ subprocess.check_call(co_commands[vcs]) -+ -+ return filename -+ -+ def _download_other(self, url, filename): -+ scheme = urllib.parse.urlsplit(url).scheme -+ if scheme == 'file': # pragma: no cover -+ return urllib.request.url2pathname(urllib.parse.urlparse(url).path) -+ # raise error if not allowed -+ self.url_ok(url, True) -+ return self._attempt_download(url, filename) - - def scan_url(self, url): - self.process_url(url, True) -@@ -831,77 +872,37 @@ - os.unlink(filename) - raise DistutilsError("Unexpected HTML page found at " + url) - -- def _download_svn(self, url, filename): -- warnings.warn("SVN download support is deprecated", UserWarning) -- url = url.split('#', 1)[0] # remove any fragment for svn's sake -- creds = '' -- if url.lower().startswith('svn:') and '@' in url: -- scheme, netloc, path, p, q, f = urllib.parse.urlparse(url) -- if not netloc and path.startswith('//') and '/' in path[2:]: -- netloc, path = path[2:].split('/', 1) -- auth, host = _splituser(netloc) -- if auth: -- if ':' in auth: -- user, pw = auth.split(':', 1) -- creds = " --username=%s --password=%s" % (user, pw) -- else: -- creds = " --username=" + auth -- netloc = host -- parts = scheme, netloc, url, p, q, f -- url = urllib.parse.urlunparse(parts) -- self.info("Doing subversion checkout from %s to %s", url, filename) -- os.system("svn checkout%s -q %s %s" % (creds, url, filename)) -- return filename -- - @staticmethod -- def _vcs_split_rev_from_url(url, pop_prefix=False): -- scheme, netloc, path, query, frag = urllib.parse.urlsplit(url) -- -- scheme = scheme.split('+', 1)[-1] -- -- # Some fragment identification fails -- path = path.split('#', 1)[0] -- -- rev = None -- if '@' in path: -- path, rev = path.rsplit('@', 1) -- -- # Also, discard fragment -- url = urllib.parse.urlunsplit((scheme, netloc, path, query, '')) -- -- return url, rev -- -- def _download_git(self, url, filename): -- filename = filename.split('#', 1)[0] -- url, rev = self._vcs_split_rev_from_url(url, pop_prefix=True) -- -- self.info("Doing git clone from %s to %s", url, filename) -- os.system("git clone --quiet %s %s" % (url, filename)) -+ def _vcs_split_rev_from_url(url): -+ """ -+ Given a possible VCS URL, return a clean URL and resolved revision if any. - -- if rev is not None: -- self.info("Checking out %s", rev) -- os.system("git -C %s checkout --quiet %s" % ( -- filename, -- rev, -- )) -+ >>> vsrfu = PackageIndex._vcs_split_rev_from_url -+ >>> vsrfu('git+https://github.com/pypa/setuptools@v69.0.0#egg-info=setuptools') -+ ('https://github.com/pypa/setuptools', 'v69.0.0') -+ >>> vsrfu('git+https://github.com/pypa/setuptools#egg-info=setuptools') -+ ('https://github.com/pypa/setuptools', None) -+ >>> vsrfu('http://foo/bar') -+ ('http://foo/bar', None) -+ """ -+ parts = urllib.parse.urlsplit(url) - -- return filename -+ clean_scheme = parts.scheme.split('+', 1)[-1] - -- def _download_hg(self, url, filename): -- filename = filename.split('#', 1)[0] -- url, rev = self._vcs_split_rev_from_url(url, pop_prefix=True) -+ # Some fragment identification fails -+ no_fragment_path, _, _ = parts.path.partition('#') - -- self.info("Doing hg clone from %s to %s", url, filename) -- os.system("hg clone --quiet %s %s" % (url, filename)) -+ pre, sep, post = no_fragment_path.rpartition('@') -+ clean_path, rev = (pre, post) if sep else (post, None) - -- if rev is not None: -- self.info("Updating to %s", rev) -- os.system("hg --cwd %s up -C -r %s -q" % ( -- filename, -- rev, -- )) -+ resolved = parts._replace( -+ scheme=clean_scheme, -+ path=clean_path, -+ # discard the fragment -+ fragment='', -+ ).geturl() - -- return filename -+ return resolved, rev - - def debug(self, msg, *args): - log.debug(msg, *args) diff --git a/typing_extensions-3.10.0.2-py3-none-any.whl b/typing_extensions-3.10.0.2-py3-none-any.whl deleted file mode 100644 index 7d994c5ef03d22e66d317e923f491ad812f997c2..0000000000000000000000000000000000000000 Binary files a/typing_extensions-3.10.0.2-py3-none-any.whl and /dev/null differ diff --git a/urllib3-1.24.3-py2.py3-none-any.whl b/urllib3-1.24.3-py2.py3-none-any.whl deleted file mode 100644 index 8da9f547675f6c4b7c0bfe0e9078d0b03af4b378..0000000000000000000000000000000000000000 Binary files a/urllib3-1.24.3-py2.py3-none-any.whl and /dev/null differ diff --git a/zipp-3.5.0-py3-none-any.whl b/zipp-3.5.0-py3-none-any.whl deleted file mode 100644 index 9b606195459d3fa4808b0ad26caafe3a4a3d669d..0000000000000000000000000000000000000000 Binary files a/zipp-3.5.0-py3-none-any.whl and /dev/null differ