diff --git a/pip-23.3.1.tar.gz b/pip-23.3.1.tar.gz deleted file mode 100644 index 6eb1137a5b69926108d80f741a0c2186a2d514b7..0000000000000000000000000000000000000000 Binary files a/pip-23.3.1.tar.gz and /dev/null differ diff --git a/pip-24.2.tar.gz b/pip-24.2.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..7a27773f77e46b0d8eb5c86eba2db992a6516a6a Binary files /dev/null and b/pip-24.2.tar.gz differ diff --git a/pip-allow-older-versions.patch b/pip-allow-older-versions.patch deleted file mode 100644 index 4a1151743787811004ff3c6314013d7392d9bc2d..0000000000000000000000000000000000000000 --- a/pip-allow-older-versions.patch +++ /dev/null @@ -1,27 +0,0 @@ ---- /usr/bin/pip3 2019-11-12 17:37:34.793131862 +0100 -+++ pip3 2019-11-12 17:40:42.014107134 +0100 -@@ -2,7 +2,23 @@ - # -*- coding: utf-8 -*- - import re - import sys --from pip._internal.cli.main import main -+ -+try: -+ from pip._internal.cli.main import main -+except ImportError: -+ try: -+ from pip._internal.main import main -+ except ImportError: -+ try: -+ # If the user has downgraded pip, the above import will fail. -+ # Let's try older methods of invoking it: -+ -+ # pip 19 uses this -+ from pip._internal import main -+ except ImportError: -+ # older pip versions use this -+ from pip import main -+ - if __name__ == '__main__': - sys.argv[0] = re.sub(r'(-script\.pyw|\.exe)?$', '', sys.argv[0]) - sys.exit(main()) diff --git a/python-pip.spec b/python-pip.spec index 3f8a4f26233ac3be51cf8d3b5763da659d2ca1c6..21283ddeaa8e28cdfb3492c32e264efa535f85c5 100644 --- a/python-pip.spec +++ b/python-pip.spec @@ -5,8 +5,8 @@ pip is the package installer for Python. You can use pip to install packages from the Python Package Index and other indexes. %global bashcompdir %(b=$(pkg-config --variable=completionsdir bash-completion 2>/dev/null); echo ${b:-%{_sysconfdir}/bash_completion.d}) Name: python-%{srcname} -Version: 23.3.1 -Release: 2 +Version: 24.2 +Release: 1 Summary: A tool for installing and managing Python packages License: MIT and Python and ASL 2.0 and BSD and ISC and LGPLv2 and MPLv2.0 and (ASL 2.0 or BSD) URL: http://www.pip-installer.org @@ -18,7 +18,6 @@ Patch6000: dummy-certifi.patch Patch6001: backport-CVE-2023-45803-Made-body-stripped-from-HTTP-requests.patch Patch6002: backport-CVE-2024-37891-Strip-Proxy-Authorization-header-on-redirects.patch -Source10: pip-allow-older-versions.patch %description %{_description} @@ -134,6 +133,23 @@ install -D -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/pip.conf %{python_wheeldir}/%{python_wheelname} %changelog +* Tue Sep 3 2024 guojunding - 24.2-1 +- update version to 24.2 +- Check unsupported packages for the current platform. (`#11054 `_) +- Use system certificates *and* certifi certificates to verify HTTPS connections on Python 3.10+. + Python 3.9 and earlier only use certifi. +- Set ``no_color`` to global ``rich.Console`` instance. (`#11045 `_) +- Fix resolution to respect ``--python-version`` when checking ``Requires-Python``. (`#12216 `_) +- Perform hash comparisons in a case-insensitive manner. (`#12680 `_) +- Avoid ``dlopen`` failure for glibc detection in musl builds (`#12716 `_) +- Avoid keyring logging crashes when pip is run in verbose mode. (`#12751 `_) +- Fix finding hardlink targets in tar files with an ignored top-level directory. (`#12781 `_) +- Improve pip install performance by only creating required parent + directories once, instead of before extracting every file in the wheel. (`#12782 `_) +- Improve pip install performance by calculating installed packages printout + in linear time instead of quadratic time. (`#12791 `_) + + * Sat Jul 13 2024 yangyuan - 23.3.1-2 - Fix CVE-2023-45803 and CVE-2024-37891