From 42f3faf9b60f9079c37e23ce565ffad9fbd0b143 Mon Sep 17 00:00:00 2001
From: lxpzero <lxp01404969@alibaba-inc.com>
Date: Wed, 17 Apr 2024 15:18:59 +0800
Subject: [PATCH 1/2] update to python-pip-9.0.3-23.1

---
 0001-add-pip-loongarch.conf.patch | 49 -------------------------------
 pip-loongarch.conf                |  8 -----
 python-pip.spec                   | 38 ++++++++++++++----------
 3 files changed, 22 insertions(+), 73 deletions(-)
 delete mode 100644 0001-add-pip-loongarch.conf.patch
 delete mode 100644 pip-loongarch.conf

diff --git a/0001-add-pip-loongarch.conf.patch b/0001-add-pip-loongarch.conf.patch
deleted file mode 100644
index b527f6d..0000000
--- a/0001-add-pip-loongarch.conf.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From 50fc975fe0f6dfca8cdfa95985543b1661e23b78 Mon Sep 17 00:00:00 2001
-From: Jingyun Hua <huajingyun@loongson.cn>
-Date: Tue, 26 Jul 2022 01:40:05 +0000
-Subject: [PATCH] add pip-loongarch.conf
-
-Signed-off-by: Jingyun Hua <huajingyun@loongson.cn>
----
- pip/locations.py | 12 ++++++++++++
- 1 file changed, 12 insertions(+)
-
-diff --git a/pip/locations.py b/pip/locations.py
-index e598ef1..3db0391 100644
---- a/pip/locations.py
-+++ b/pip/locations.py
-@@ -5,6 +5,7 @@ import os
- import os.path
- import site
- import sys
-+import platform
- 
- from distutils import sysconfig
- from distutils.command.install import install, SCHEME_KEYS  # noqa
-@@ -83,6 +84,7 @@ src_prefix = os.path.abspath(src_prefix)
- site_packages = sysconfig.get_python_lib()
- user_site = site.USER_SITE
- user_dir = expanduser('~')
-+os_arch = platform.machine()
- if WINDOWS:
-     bin_py = os.path.join(sys.prefix, 'Scripts')
-     bin_user = os.path.join(user_site, 'Scripts')
-@@ -98,6 +100,16 @@ if WINDOWS:
-         legacy_storage_dir,
-         config_basename,
-     )
-+elif os_arch == 'loongarch64':
-+    bin_py = os.path.join(sys.prefix, 'bin')
-+    bin_user = os.path.join(user_site, 'bin')
-+    user_conf = os.path.join(user_dir,'.pip/pip.conf')
-+    if os.path.exists(user_conf):
-+        config_basename = 'pip.conf'
-+        legacy_config_file = user_conf
-+    else:
-+        config_basename = 'pip-loongarch.conf'
-+        legacy_config_file = '/etc/pip3/pip-loongarch.conf'
- else:
-     bin_py = os.path.join(sys.prefix, 'bin')
-     bin_user = os.path.join(user_site, 'bin')
--- 
-2.27.0
diff --git a/pip-loongarch.conf b/pip-loongarch.conf
deleted file mode 100644
index fd77def..0000000
--- a/pip-loongarch.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-[global]
-timeout = 60
-index-url = https://pypi.loongnix.cn/loongson/pypi
-extra-index-url = https://pypi.org/simple
-[install]
-trusted-host =
-    pypi.loongnix.cn
-    pypi.org
diff --git a/python-pip.spec b/python-pip.spec
index 2681318..f3dcdd8 100644
--- a/python-pip.spec
+++ b/python-pip.spec
@@ -10,12 +10,11 @@
 %endif
 
 %global bashcompdir %(b=$(pkg-config --variable=completionsdir bash-completion 2>/dev/null); echo ${b:-%{_sysconfdir}/bash_completion.d})
-%define anolis_release .0.1
 
 Name:           python-%{srcname}
 # When updating, update the bundled libraries versions bellow!
 Version:        9.0.3
-Release:        23%{anolis_release}%{?dist}
+Release:        23%{?dist}.1
 Summary:        A tool for installing and managing Python packages
 
 Group:          Development/Libraries
@@ -61,7 +60,6 @@ BuildRequires:  bzr
 %if %{with tests}
 Source1:        pip-%{version}-tests.tar.gz
 %endif
-Source100:        pip-loongarch.conf
 
 # Patch until the following issue gets implemented upstream:
 # https://github.com/pypa/pip/issues/1351
@@ -130,9 +128,13 @@ Patch11:        CVE-2021-3572.patch
 #   https://www.python.org/dev/peps/pep-0592/
 # Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2000135
 Patch12:        skip_yanked_releases.patch
-Patch13:        CVE-2007-4559-tarfile.patch
 
-Patch1000:        0001-add-pip-loongarch.conf.patch
+# CVE-2007-4559, PEP-721, PEP-706: Use tarfile.data_filter for extracting
+# - Minimal downstream-only patch, to be replaced by upstream solution
+#   proposed in https://github.com/pypa/pip/pull/12214
+# - Patch for vendored distlib, accepted upstream:
+#   https://github.com/pypa/distlib/pull/201
+Patch13:        CVE-2007-4559-tarfile.patch
 
 %global _description \
 pip is a package management system used to install and manage software packages \
@@ -169,6 +171,9 @@ Requires:  platform-python-setuptools
 
 BuildRequires:  ca-certificates
 Requires:       ca-certificates
+# pip has to require explicit version of platform-python that provides
+# filters in tarfile module (fix for CVE-2007-4559).
+Requires:       platform-python >= 3.6.8-55
 
 # Virtual provides for the packages bundled by pip.
 # See the python2 list above for instructions.
@@ -221,6 +226,8 @@ A documentation for a tool for installing and managing Python packages
 %if %{without bootstrap}
 %package -n python3-%{srcname}-wheel
 Summary:        The pip wheel
+# Older Python does not provide tarfile filters (fix for CVE-2007-4559).
+Conflicts:      platform-python < 3.6.8-55
 
 # Virtual provides for the packages bundled by pip.
 # You can find the versions in pip/_vendor/vendor.txt file.
@@ -279,8 +286,6 @@ popd
 %patch12 -p1
 %patch13 -p1
 
-%patch1000 -p1
-
 # this goes together with patch4
 rm pip/_vendor/certifi/*.pem
 rm pip/_vendor/requests/*.pem
@@ -295,6 +300,10 @@ rm pip/_vendor/ordereddict.py
 rm -v pip/_vendor/distlib/*.exe
 sed -i '/\.exe/d' setup.py
 
+# Backports for Python 2
+rm pip/_vendor/distlib/_backport/tarfile.py
+rm pip/_vendor/distlib/_backport/shutil.py
+
 %build
 %if %{without bootstrap}
 %py3_build_wheel
@@ -320,9 +329,6 @@ popd
 
 rm %{buildroot}%{_bindir}/pip
 
-install -d %{buildroot}%{_sysconfdir}/pip3/
-install %{SOURCE100} %{buildroot}%{_sysconfdir}/pip3/
-
 %if %{with doc}
 install -d %{buildroot}%{_mandir}/man1
 install -pm0644 docs/_build/man/*.1 %{buildroot}%{_mandir}/man1/pip3.1
@@ -376,7 +382,6 @@ py.test-%{python3_version} -m 'not network'
 %{_bindir}/pip-%{python3_version}
 %dir %{bashcompdir}
 %{bashcompdir}/pip*
-%{_sysconfdir}/pip3/*
 
 %if %{with doc}
 %files doc
@@ -394,12 +399,13 @@ py.test-%{python3_version} -m 'not network'
 %endif
 
 %changelog
-* Mon Dec 18 2023 Kaiqiang Wang <wangkaiqiang@inspur.com> - 9.0.3-23.0.1
-- Use tarfile.data_filter for extracting (CVE-2007-4559, PEP-721, PEP-706)
-- Resolves: RHBZ#2218241
+* Wed Feb 14 2024 Lumír Balhar <lbalhar@redhat.com> - 9.0.3-23.1
+- Require Python with tarfile filters
+Resolves: RHEL-25449
 
-* Fri Jul 22 2022 huajingyun <huajingyun@loongson.cn> - 9.0.3-22.0.1
-- Add pypi.loongnix.cn
+* Tue Aug 08 2023 Petr Viktorin <pviktori@redhat.com> - 9.0.3-23
+- Use tarfile.data_filter for extracting (CVE-2007-4559, PEP-721, PEP-706)
+Resolves: RHBZ#2218241
 
 * Wed Oct 06 2021 Charalampos Stratakis <cstratak@redhat.com> - 9.0.3-22
 - Remove bundled windows executables
-- 
Gitee


From c930c6133e3415998a3a265aebc0584aea0a595e Mon Sep 17 00:00:00 2001
From: Jingyun Hua <huajingyun@loongson.cn>
Date: Fri, 22 Jul 2022 07:59:45 +0000
Subject: [PATCH 2/2] Default use pypi.loongnix.cn on loongarch64

Signed-off-by: Jingyun Hua <huajingyun@loongson.cn>

# Conflicts:
#	python-pip.spec
---
 0001-add-pip-loongarch.conf.patch | 49 +++++++++++++++++++++++++++++++
 pip-loongarch.conf                |  8 +++++
 python-pip.spec                   | 15 +++++++++-
 3 files changed, 71 insertions(+), 1 deletion(-)
 create mode 100644 0001-add-pip-loongarch.conf.patch
 create mode 100644 pip-loongarch.conf

diff --git a/0001-add-pip-loongarch.conf.patch b/0001-add-pip-loongarch.conf.patch
new file mode 100644
index 0000000..b527f6d
--- /dev/null
+++ b/0001-add-pip-loongarch.conf.patch
@@ -0,0 +1,49 @@
+From 50fc975fe0f6dfca8cdfa95985543b1661e23b78 Mon Sep 17 00:00:00 2001
+From: Jingyun Hua <huajingyun@loongson.cn>
+Date: Tue, 26 Jul 2022 01:40:05 +0000
+Subject: [PATCH] add pip-loongarch.conf
+
+Signed-off-by: Jingyun Hua <huajingyun@loongson.cn>
+---
+ pip/locations.py | 12 ++++++++++++
+ 1 file changed, 12 insertions(+)
+
+diff --git a/pip/locations.py b/pip/locations.py
+index e598ef1..3db0391 100644
+--- a/pip/locations.py
++++ b/pip/locations.py
+@@ -5,6 +5,7 @@ import os
+ import os.path
+ import site
+ import sys
++import platform
+ 
+ from distutils import sysconfig
+ from distutils.command.install import install, SCHEME_KEYS  # noqa
+@@ -83,6 +84,7 @@ src_prefix = os.path.abspath(src_prefix)
+ site_packages = sysconfig.get_python_lib()
+ user_site = site.USER_SITE
+ user_dir = expanduser('~')
++os_arch = platform.machine()
+ if WINDOWS:
+     bin_py = os.path.join(sys.prefix, 'Scripts')
+     bin_user = os.path.join(user_site, 'Scripts')
+@@ -98,6 +100,16 @@ if WINDOWS:
+         legacy_storage_dir,
+         config_basename,
+     )
++elif os_arch == 'loongarch64':
++    bin_py = os.path.join(sys.prefix, 'bin')
++    bin_user = os.path.join(user_site, 'bin')
++    user_conf = os.path.join(user_dir,'.pip/pip.conf')
++    if os.path.exists(user_conf):
++        config_basename = 'pip.conf'
++        legacy_config_file = user_conf
++    else:
++        config_basename = 'pip-loongarch.conf'
++        legacy_config_file = '/etc/pip3/pip-loongarch.conf'
+ else:
+     bin_py = os.path.join(sys.prefix, 'bin')
+     bin_user = os.path.join(user_site, 'bin')
+-- 
+2.27.0
diff --git a/pip-loongarch.conf b/pip-loongarch.conf
new file mode 100644
index 0000000..fd77def
--- /dev/null
+++ b/pip-loongarch.conf
@@ -0,0 +1,8 @@
+[global]
+timeout = 60
+index-url = https://pypi.loongnix.cn/loongson/pypi
+extra-index-url = https://pypi.org/simple
+[install]
+trusted-host =
+    pypi.loongnix.cn
+    pypi.org
diff --git a/python-pip.spec b/python-pip.spec
index f3dcdd8..aba78b5 100644
--- a/python-pip.spec
+++ b/python-pip.spec
@@ -10,11 +10,12 @@
 %endif
 
 %global bashcompdir %(b=$(pkg-config --variable=completionsdir bash-completion 2>/dev/null); echo ${b:-%{_sysconfdir}/bash_completion.d})
+%define anolis_release .0.1
 
 Name:           python-%{srcname}
 # When updating, update the bundled libraries versions bellow!
 Version:        9.0.3
-Release:        23%{?dist}.1
+Release:        23%{anolis_release}%{?dist}.1
 Summary:        A tool for installing and managing Python packages
 
 Group:          Development/Libraries
@@ -60,6 +61,7 @@ BuildRequires:  bzr
 %if %{with tests}
 Source1:        pip-%{version}-tests.tar.gz
 %endif
+Source100:        pip-loongarch.conf
 
 # Patch until the following issue gets implemented upstream:
 # https://github.com/pypa/pip/issues/1351
@@ -136,6 +138,8 @@ Patch12:        skip_yanked_releases.patch
 #   https://github.com/pypa/distlib/pull/201
 Patch13:        CVE-2007-4559-tarfile.patch
 
+Patch1000:        0001-add-pip-loongarch.conf.patch
+
 %global _description \
 pip is a package management system used to install and manage software packages \
 written in Python. Many packages can be found in the Python Package Index \
@@ -286,6 +290,8 @@ popd
 %patch12 -p1
 %patch13 -p1
 
+%patch1000 -p1
+
 # this goes together with patch4
 rm pip/_vendor/certifi/*.pem
 rm pip/_vendor/requests/*.pem
@@ -329,6 +335,9 @@ popd
 
 rm %{buildroot}%{_bindir}/pip
 
+install -d %{buildroot}%{_sysconfdir}/pip3/
+install %{SOURCE100} %{buildroot}%{_sysconfdir}/pip3/
+
 %if %{with doc}
 install -d %{buildroot}%{_mandir}/man1
 install -pm0644 docs/_build/man/*.1 %{buildroot}%{_mandir}/man1/pip3.1
@@ -382,6 +391,7 @@ py.test-%{python3_version} -m 'not network'
 %{_bindir}/pip-%{python3_version}
 %dir %{bashcompdir}
 %{bashcompdir}/pip*
+%{_sysconfdir}/pip3/*
 
 %if %{with doc}
 %files doc
@@ -399,6 +409,9 @@ py.test-%{python3_version} -m 'not network'
 %endif
 
 %changelog
+* Wed Apr 17 2024 huajingyun <huajingyun@loongson.cn> - 9.0.3-23.0.1.1
+- Add pypi.loongnix.cn
+
 * Wed Feb 14 2024 Lumír Balhar <lbalhar@redhat.com> - 9.0.3-23.1
 - Require Python with tarfile filters
 Resolves: RHEL-25449
-- 
Gitee