[Python-modules-commits] r24621 - in packages/python-pip/trunk/debian (10 files)

stefanor at users.alioth.debian.org stefanor at users.alioth.debian.org
Sun Jun 2 10:08:28 UTC 2013


    Date: Sunday, June 2, 2013 @ 10:08:26
  Author: stefanor
Revision: 24621

* New upstream release.
  - pip now performs SSL certificate validation.
    CVE-2013-1629 (Closes: #710163)
* Refresh patches.
* Drop test_urlparse_uses_fragment.patch - superseded upstream.
* Switch debian/watch to use https.
* Updated Homepage.
* Install the upstream changelog (Closes: #710134)
* debian/copyright:
  - Update authors and years.
  - The pip license is Expat.
  - Reformat as valid machine-readable copyright format 1.0.
  - Add pip/cacert.pem.
* debian/patches/system-ca-certificates.patch: Use the CA bundle provided by
  ca-certificates.

Added:
  packages/python-pip/trunk/debian/patches/system-ca-certificates.patch
Modified:
  packages/python-pip/trunk/debian/changelog
  packages/python-pip/trunk/debian/control
  packages/python-pip/trunk/debian/copyright
  packages/python-pip/trunk/debian/patches/format_egg_string.patch
  packages/python-pip/trunk/debian/patches/remove_hardcoded_python_version.patch
  packages/python-pip/trunk/debian/patches/series
  packages/python-pip/trunk/debian/rules
  packages/python-pip/trunk/debian/watch
Deleted:
  packages/python-pip/trunk/debian/patches/test_urlparse_uses_fragment.patch

Modified: packages/python-pip/trunk/debian/changelog
===================================================================
--- packages/python-pip/trunk/debian/changelog	2013-05-31 14:36:44 UTC (rev 24620)
+++ packages/python-pip/trunk/debian/changelog	2013-06-02 10:08:26 UTC (rev 24621)
@@ -1,17 +1,33 @@
-python-pip (1.1-4) UNRELEASED; urgency=low
+python-pip (1.3.1-1) UNRELEASED; urgency=low
 
+  [ Stefano Rivera ]
   * Team upload.
+  * New upstream release.
+    - pip now performs SSL certificate validation.
+      CVE-2013-1629 (Closes: #710163)
+  * Refresh patches.
+  * Drop test_urlparse_uses_fragment.patch - superseded upstream.
+  * Switch debian/watch to use https.
+  * Updated Homepage.
+  * Install the upstream changelog (Closes: #710134)
+  * debian/copyright:
+    - Update authors and years.
+    - The pip license is Expat.
+    - Reformat as valid machine-readable copyright format 1.0.
+    - Add pip/cacert.pem.
+  * debian/patches/system-ca-certificates.patch: Use the CA bundle provided by
+    ca-certificates.
 
   [ Jakub Wilk ]
   * Use canonical URIs for Vcs-* fields.
 
   [ Dmitrijs Ledkovs ]
   * Build depend on python3-all, fixes FTBFS against multiple supported
-    python3 versions (closes: #692384).
+    python3 versions (Closes: #692384).
 
   [ Dmitry Shachnev ]
   * Rebuild without python2.6, and drop the manpage for pip-2.6
-    (closes: #679196).
+    (Closes: #679196).
 
  -- Jakub Wilk <jwilk at debian.org>  Sun, 05 May 2013 16:03:05 +0200
 

Modified: packages/python-pip/trunk/debian/control
===================================================================
--- packages/python-pip/trunk/debian/control	2013-05-31 14:36:44 UTC (rev 24620)
+++ packages/python-pip/trunk/debian/control	2013-06-02 10:08:26 UTC (rev 24621)
@@ -3,7 +3,7 @@
 Priority: optional
 Maintainer: Debian Python Modules Team <python-modules-team at lists.alioth.debian.org>
 Uploaders: Carl Chenet <chaica at debian.org>, Jeff Licquia <licquia at debian.org>
-Homepage: http://pip.openplans.org/
+Homepage: http://www.pip-installer.org/
 Build-Depends: debhelper (>= 7.0.50~), python-all (>= 2.6), python3-all (>= 3.2)
 Build-Depends-Indep: python-setuptools (>= 0.6c1), python3-setuptools
 Standards-Version: 3.9.3
@@ -15,7 +15,7 @@
 Package: python-pip
 Architecture: all
 Depends: ${python:Depends}, ${misc:Depends}, python-pkg-resources, python-setuptools (>= 0.6c1)
-Recommends: python-dev-all (>= 2.6), build-essential
+Recommends: python-dev-all (>= 2.6), build-essential, ca-certificates
 Description: alternative Python package installer
  pip is a replacement for easy_install, and is intended to be an improved
  Python package installer.  It integrates with virtualenv, doesn't do partial
@@ -25,7 +25,7 @@
 Package: python3-pip
 Architecture: all
 Depends: ${python3:Depends}, ${misc:Depends}, python3-pkg-resources, python3-setuptools
-Recommends: python3-dev (>= 3.2), build-essential
+Recommends: python3-dev (>= 3.2), build-essential, ca-certificates
 Description: alternative Python package installer - Python 3 version of the package
  pip is a replacement for easy_install, and is intended to be an improved
  Python package installer.  It integrates with virtualenv, doesn't do partial

Modified: packages/python-pip/trunk/debian/copyright
===================================================================
--- packages/python-pip/trunk/debian/copyright	2013-05-31 14:36:44 UTC (rev 24620)
+++ packages/python-pip/trunk/debian/copyright	2013-06-02 10:08:26 UTC (rev 24621)
@@ -1,53 +1,96 @@
-Original source may be found at: http://pip.openplans.org/
-Files: debian/*
-Copyright: Copyright 2009 Jeff Licquia <licquia at debian.org>
-License: other
-    The Debian packaging information is licensed under the same license
-    as the rest of pip.
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Source: http://www.pip-installer.org/
 
 Files: *
-Copyright: Copyright © 2008-2011 The pip developers
+Copyright: Copyright © 2008-2013 The pip developers:
+    Alex Grönholm
+    Alex Morega
+    Alexandre Conrad
+    Andrey Bulgakov
+    Antti Kaihola
+    Armin Ronacher
+    Aziz Köksal
+    Ben Rosser
+    Brian Rosner
+    Carl Meyer
+    Chris McDonough
+    Christian Oudard
+    Clay McClure
+    Cody Soyland
+    Daniel Holth
+    Dave Abrahams
+    David (d1b)
+    Dmitry Gladkov
+    Donald Stufft
+    Francesco
+    Geoffrey Lehée
+    Georgi Valkov
+    Hugo Lopes Tavares
+    Ian Bicking
+    Igor Sobreira
+    Ionel Maries Cristian
+    Jakub Vysoky
+    James Cleveland
+    Jannis Leidel
+    Jay Graves
+    John-Scott Atlakson
+    Jon Parise
+    Jonas Nockert
+    Josh Bronson
+    Kamal Bin Mustafa
+    Kelsey Hightower
+    Kenneth Belitzky
+    Kumar McMillan
+    Luke Macken
+    Masklinn
+    Marc Abramowitz
+    Marcus Smith
+    Markus Hametner
+    Matt Maker
+    Maxime R.
+    Miguel Araujo
+    Nick Stenning
+    Nowell Strite
+    Oliver Tonnhofer
+    Olivier Girardot
+    Patrick Jenkins
+    Paul Moore
+    Paul Nasrat
+    Paul Oswald
+    Paul van der Linden
+    Peter Waller
+    Phil Whelan
+    Piet Delport
+    Przemek Wrzos
+    Qiangning Hong
+    Rafael Caricio
+    Rene Dudfield
+    Roey Berman
+    Ronny Pfannschmidt
+    Rory McCann
+    Simon Cross
+    Stavros Korokithakis
+    Thomas Fenzl
+    Thomas Johansson
+    Vinay Sajip
+    Vitaly Babiy
+    W Trevor King
+    Wil Tan
+    Hsiaoming Yang
+License: Expat
 
-pip developers are:
-Alex Grönholm
-Alex Morega
-Alexandre Conrad
-Armin Ronacher
-Brian Rosner
-Carl Meyer
-Christian Oudard
-Cody Soyland
-Daniel Holth
-Dave Abrahams
-Francesco
-Hugo Lopes Tavares
-Ian Bicking
-Igor Sobreira
-Ionel Maries Cristian
-Jakub Vysoky
-Jannis Leidel
-Jay Graves
-John-Scott Atlakson
-Jon Parise
-Josh Bronson
-Kelsey Hightower
-Kenneth Belitzky
-Kumar McMillan
-Luke Macken
-Masklinn
-Nowell Strite
-Oliver Tonnhofer
-Patrick Jenkins
-Paul Nasrat
-Peter Waller
-Ronny Pfannschmidt
-Simon Cross
-Thomas Johansson
-Vinay Sajip
-Vitaly Babiy
-Wil Tan
+Files: pip/cacert.pem
+Copyright: No copyrightable material
+License: public-domain
+    Upstream declares that this bundle is licensed, but it seems unreasonable
+    to think that CA certificates would be protected by copyright.
+    Forwarded: https://github.com/pypa/pip/pull/971
 
-License: other
+Files: debian/*
+Copyright: Copyright 2009 Jeff Licquia <licquia at debian.org>
+License: Expat
+
+License: Expat
     Permission is hereby granted, free of charge, to any person obtaining
     a copy of this software and associated documentation files (the
     "Software"), to deal in the Software without restriction, including
@@ -66,4 +109,3 @@
     LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
     OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
     WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-

Modified: packages/python-pip/trunk/debian/patches/format_egg_string.patch
===================================================================
--- packages/python-pip/trunk/debian/patches/format_egg_string.patch	2013-05-31 14:36:44 UTC (rev 24620)
+++ packages/python-pip/trunk/debian/patches/format_egg_string.patch	2013-06-02 10:08:26 UTC (rev 24621)
@@ -1,16 +1,14 @@
 # Description: use the same .egg string format than Debian python-setuptools
 # Author: Carl Chenet <chaica at ohmytux.com>
 
-Index: pip-1.0/pip/req.py
-===================================================================
---- pip-1.0.orig/pip/req.py	2011-04-13 03:38:11.000000000 +0200
-+++ pip-1.0/pip/req.py	2011-04-13 03:40:17.000000000 +0200
-@@ -403,7 +403,7 @@
+--- a/pip/req.py
++++ b/pip/req.py
+@@ -420,7 +420,7 @@
          paths_to_remove = UninstallPathSet(dist)
  
          pip_egg_info_path = os.path.join(dist.location,
 -                                         dist.egg_name()) + '.egg-info'
-+                                        dist.egg_name().split('-py')[0]) + '.egg-info'
++                                         dist.egg_name().split('-py')[0]) + '.egg-info'
          # workaround for http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618367
          debian_egg_info_path = pip_egg_info_path.replace(
              '-py%s' % pkg_resources.PY_MAJOR, '')

Modified: packages/python-pip/trunk/debian/patches/remove_hardcoded_python_version.patch
===================================================================
--- packages/python-pip/trunk/debian/patches/remove_hardcoded_python_version.patch	2013-05-31 14:36:44 UTC (rev 24620)
+++ packages/python-pip/trunk/debian/patches/remove_hardcoded_python_version.patch	2013-06-02 10:08:26 UTC (rev 24621)
@@ -1,25 +1,14 @@
 # Description: remove the harcoded python version in console exe
 # Author: Carl Chenet <chaica at debian.org>
 
-Index: pip-1.1/pip.egg-info/entry_points.txt
-===================================================================
---- pip-1.1.orig/pip.egg-info/entry_points.txt	2012-02-16 21:08:06.000000000 +0100
-+++ pip-1.1/pip.egg-info/entry_points.txt	2012-05-27 02:26:21.000000000 +0200
-@@ -1,4 +1,3 @@
- [console_scripts]
--pip = pip:main
- pip-2.7 = pip:main
- 
-Index: pip-1.1/setup.py
-===================================================================
---- pip-1.1.orig/setup.py	2012-02-16 21:05:03.000000000 +0100
-+++ pip-1.1/setup.py	2012-05-27 02:26:36.000000000 +0200
-@@ -49,7 +49,7 @@
-       url='http://www.pip-installer.org',
+--- a/setup.py
++++ b/setup.py
+@@ -51,7 +51,7 @@
        license='MIT',
-       packages=['pip', 'pip.commands', 'pip.vcs'],
+       packages=['pip', 'pip.commands', 'pip.vcs', 'pip.backwardcompat'],
+       package_data={'pip': ['*.pem']},
 -      entry_points=dict(console_scripts=['pip=pip:main', 'pip-%s=pip:main' % sys.version[:3]]),
 +      entry_points=dict(console_scripts=['pip-%s=pip:main' % sys.version[:3]]),
        test_suite='nose.collector',
-       tests_require=['nose', 'virtualenv>=1.7', 'scripttest>=1.1.1', 'mock'],
-       zip_safe=False)
+       tests_require=tests_require,
+       zip_safe=False,

Modified: packages/python-pip/trunk/debian/patches/series
===================================================================
--- packages/python-pip/trunk/debian/patches/series	2013-05-31 14:36:44 UTC (rev 24620)
+++ packages/python-pip/trunk/debian/patches/series	2013-06-02 10:08:26 UTC (rev 24621)
@@ -1,3 +1,3 @@
 format_egg_string.patch
 remove_hardcoded_python_version.patch
-test_urlparse_uses_fragment.patch
+system-ca-certificates.patch

Added: packages/python-pip/trunk/debian/patches/system-ca-certificates.patch
===================================================================
--- packages/python-pip/trunk/debian/patches/system-ca-certificates.patch	                        (rev 0)
+++ packages/python-pip/trunk/debian/patches/system-ca-certificates.patch	2013-06-02 10:08:26 UTC (rev 24621)
@@ -0,0 +1,39 @@
+Description: Get CA certificates from the Debian ca-certificates package
+Forwarded: not-needed
+Author: Stefano Rivera <stefanor at debian.org>
+
+--- a/pip/locations.py
++++ b/pip/locations.py
+@@ -8,7 +8,7 @@
+ from pip.backwardcompat import get_python_lib
+ import pip.exceptions
+ 
+-default_cert_path = os.path.join(os.path.dirname(__file__), 'cacert.pem')
++default_cert_path = '/etc/ssl/certs/ca-certificates.crt'
+ 
+ def running_under_virtualenv():
+     """
+--- a/setup.py
++++ b/setup.py
+@@ -50,7 +50,6 @@
+       url='http://www.pip-installer.org',
+       license='MIT',
+       packages=['pip', 'pip.commands', 'pip.vcs', 'pip.backwardcompat'],
+-      package_data={'pip': ['*.pem']},
+       entry_points=dict(console_scripts=['pip-%s=pip:main' % sys.version[:3]]),
+       test_suite='nose.collector',
+       tests_require=tests_require,
+--- a/pip/download.py
++++ b/pip/download.py
+@@ -96,6 +96,11 @@
+ 
+         # get alternate bundle or use our included bundle
+         cert_path = os.environ.get('PIP_CERT', '') or default_cert_path
++        if (cert_path == default_cert_path
++                and not os.path.exists(default_cert_path)):
++            logger.fatal('No CA bundle available. '
++                         'Install the Debian "ca-certificates" package to '
++                         'allow pip to use https.')
+ 
+         self.sock = ssl.wrap_socket(sock,
+                                 self.key_file,

Deleted: packages/python-pip/trunk/debian/patches/test_urlparse_uses_fragment.patch
===================================================================
--- packages/python-pip/trunk/debian/patches/test_urlparse_uses_fragment.patch	2013-05-31 14:36:44 UTC (rev 24620)
+++ packages/python-pip/trunk/debian/patches/test_urlparse_uses_fragment.patch	2013-06-02 10:08:26 UTC (rev 24621)
@@ -1,36 +0,0 @@
-Description: fix the improper use of urllib.parse.uses_fragment
-Since  Python >= 2.7.3, 3.2.3 the module urlparse/urllib.parse (python3) do not
-have a uses_fragment attribute. This patch tests if it exists before using it.
-Origin: upstream
-Bug: https://github.com/pypa/pip/issues/552
-Bug-Debian: http://bugs.debian.org/677801
-Last-Update: 2012-06-19
-
---- python-pip-1.1.orig/pip/vcs/__init__.py
-+++ python-pip-1.1/pip/vcs/__init__.py
-@@ -19,7 +19,9 @@ class VcsSupport(object):
-     def __init__(self):
-         # Register more schemes with urlparse for various version control systems
-         urlparse.uses_netloc.extend(self.schemes)
--        urlparse.uses_fragment.extend(self.schemes)
-+        # Python >= 2.7.4, 3.3 doesn't have uses_fragment
-+        if getattr(urlparse, 'uses_fragment', None):
-+            urlparse.uses_fragment.extend(self.schemes)
-         super(VcsSupport, self).__init__()
- 
-     def __iter__(self):
---- python-pip-1.1.orig/pip/vcs/bazaar.py
-+++ python-pip-1.1/pip/vcs/bazaar.py
-@@ -20,8 +20,10 @@ class Bazaar(VersionControl):
- 
-     def __init__(self, url=None, *args, **kwargs):
-         super(Bazaar, self).__init__(url, *args, **kwargs)
--        urlparse.non_hierarchical.extend(['lp'])
--        urlparse.uses_fragment.extend(['lp'])
-+        # Python >= 2.7.4, 3.3 doesn't have uses_fragment or non_hierarchical
-+        if getattr(urlparse, 'uses_fragment', None):
-+            urlparse.uses_fragment.extend(self.schemes)
-+            urlparse.non_hierarchical.extend(['lp'])
- 
-     def parse_vcs_bundle_file(self, content):
-         url = rev = None

Modified: packages/python-pip/trunk/debian/rules
===================================================================
--- packages/python-pip/trunk/debian/rules	2013-05-31 14:36:44 UTC (rev 24620)
+++ packages/python-pip/trunk/debian/rules	2013-06-02 10:08:26 UTC (rev 24621)
@@ -22,3 +22,6 @@
 	dh_auto_clean
 	rm -rf build
 	rm -rf *.egg-info
+
+override_dh_installchangelogs:
+	dh_installchangelogs CHANGES.txt

Modified: packages/python-pip/trunk/debian/watch
===================================================================
--- packages/python-pip/trunk/debian/watch	2013-05-31 14:36:44 UTC (rev 24620)
+++ packages/python-pip/trunk/debian/watch	2013-06-02 10:08:26 UTC (rev 24621)
@@ -1,3 +1,2 @@
 version=3
-http://pypi.python.org/packages/source/p/pip/ pip-(.*)\.tar\.gz
-
+https://pypi.python.org/packages/source/p/pip/ pip-(.*)\.tar\.gz




More information about the Python-modules-commits mailing list