[Python-modules-commits] r24621 - in packages/python-pip/trunk/debian (10 files)
stefanor at users.alioth.debian.org
stefanor at users.alioth.debian.org
Sun Jun 2 10:08:28 UTC 2013
Date: Sunday, June 2, 2013 @ 10:08:26
Author: stefanor
Revision: 24621
* New upstream release.
- pip now performs SSL certificate validation.
CVE-2013-1629 (Closes: #710163)
* Refresh patches.
* Drop test_urlparse_uses_fragment.patch - superseded upstream.
* Switch debian/watch to use https.
* Updated Homepage.
* Install the upstream changelog (Closes: #710134)
* debian/copyright:
- Update authors and years.
- The pip license is Expat.
- Reformat as valid machine-readable copyright format 1.0.
- Add pip/cacert.pem.
* debian/patches/system-ca-certificates.patch: Use the CA bundle provided by
ca-certificates.
Added:
packages/python-pip/trunk/debian/patches/system-ca-certificates.patch
Modified:
packages/python-pip/trunk/debian/changelog
packages/python-pip/trunk/debian/control
packages/python-pip/trunk/debian/copyright
packages/python-pip/trunk/debian/patches/format_egg_string.patch
packages/python-pip/trunk/debian/patches/remove_hardcoded_python_version.patch
packages/python-pip/trunk/debian/patches/series
packages/python-pip/trunk/debian/rules
packages/python-pip/trunk/debian/watch
Deleted:
packages/python-pip/trunk/debian/patches/test_urlparse_uses_fragment.patch
Modified: packages/python-pip/trunk/debian/changelog
===================================================================
--- packages/python-pip/trunk/debian/changelog 2013-05-31 14:36:44 UTC (rev 24620)
+++ packages/python-pip/trunk/debian/changelog 2013-06-02 10:08:26 UTC (rev 24621)
@@ -1,17 +1,33 @@
-python-pip (1.1-4) UNRELEASED; urgency=low
+python-pip (1.3.1-1) UNRELEASED; urgency=low
+ [ Stefano Rivera ]
* Team upload.
+ * New upstream release.
+ - pip now performs SSL certificate validation.
+ CVE-2013-1629 (Closes: #710163)
+ * Refresh patches.
+ * Drop test_urlparse_uses_fragment.patch - superseded upstream.
+ * Switch debian/watch to use https.
+ * Updated Homepage.
+ * Install the upstream changelog (Closes: #710134)
+ * debian/copyright:
+ - Update authors and years.
+ - The pip license is Expat.
+ - Reformat as valid machine-readable copyright format 1.0.
+ - Add pip/cacert.pem.
+ * debian/patches/system-ca-certificates.patch: Use the CA bundle provided by
+ ca-certificates.
[ Jakub Wilk ]
* Use canonical URIs for Vcs-* fields.
[ Dmitrijs Ledkovs ]
* Build depend on python3-all, fixes FTBFS against multiple supported
- python3 versions (closes: #692384).
+ python3 versions (Closes: #692384).
[ Dmitry Shachnev ]
* Rebuild without python2.6, and drop the manpage for pip-2.6
- (closes: #679196).
+ (Closes: #679196).
-- Jakub Wilk <jwilk at debian.org> Sun, 05 May 2013 16:03:05 +0200
Modified: packages/python-pip/trunk/debian/control
===================================================================
--- packages/python-pip/trunk/debian/control 2013-05-31 14:36:44 UTC (rev 24620)
+++ packages/python-pip/trunk/debian/control 2013-06-02 10:08:26 UTC (rev 24621)
@@ -3,7 +3,7 @@
Priority: optional
Maintainer: Debian Python Modules Team <python-modules-team at lists.alioth.debian.org>
Uploaders: Carl Chenet <chaica at debian.org>, Jeff Licquia <licquia at debian.org>
-Homepage: http://pip.openplans.org/
+Homepage: http://www.pip-installer.org/
Build-Depends: debhelper (>= 7.0.50~), python-all (>= 2.6), python3-all (>= 3.2)
Build-Depends-Indep: python-setuptools (>= 0.6c1), python3-setuptools
Standards-Version: 3.9.3
@@ -15,7 +15,7 @@
Package: python-pip
Architecture: all
Depends: ${python:Depends}, ${misc:Depends}, python-pkg-resources, python-setuptools (>= 0.6c1)
-Recommends: python-dev-all (>= 2.6), build-essential
+Recommends: python-dev-all (>= 2.6), build-essential, ca-certificates
Description: alternative Python package installer
pip is a replacement for easy_install, and is intended to be an improved
Python package installer. It integrates with virtualenv, doesn't do partial
@@ -25,7 +25,7 @@
Package: python3-pip
Architecture: all
Depends: ${python3:Depends}, ${misc:Depends}, python3-pkg-resources, python3-setuptools
-Recommends: python3-dev (>= 3.2), build-essential
+Recommends: python3-dev (>= 3.2), build-essential, ca-certificates
Description: alternative Python package installer - Python 3 version of the package
pip is a replacement for easy_install, and is intended to be an improved
Python package installer. It integrates with virtualenv, doesn't do partial
Modified: packages/python-pip/trunk/debian/copyright
===================================================================
--- packages/python-pip/trunk/debian/copyright 2013-05-31 14:36:44 UTC (rev 24620)
+++ packages/python-pip/trunk/debian/copyright 2013-06-02 10:08:26 UTC (rev 24621)
@@ -1,53 +1,96 @@
-Original source may be found at: http://pip.openplans.org/
-Files: debian/*
-Copyright: Copyright 2009 Jeff Licquia <licquia at debian.org>
-License: other
- The Debian packaging information is licensed under the same license
- as the rest of pip.
+Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Source: http://www.pip-installer.org/
Files: *
-Copyright: Copyright © 2008-2011 The pip developers
+Copyright: Copyright © 2008-2013 The pip developers:
+ Alex Grönholm
+ Alex Morega
+ Alexandre Conrad
+ Andrey Bulgakov
+ Antti Kaihola
+ Armin Ronacher
+ Aziz Köksal
+ Ben Rosser
+ Brian Rosner
+ Carl Meyer
+ Chris McDonough
+ Christian Oudard
+ Clay McClure
+ Cody Soyland
+ Daniel Holth
+ Dave Abrahams
+ David (d1b)
+ Dmitry Gladkov
+ Donald Stufft
+ Francesco
+ Geoffrey Lehée
+ Georgi Valkov
+ Hugo Lopes Tavares
+ Ian Bicking
+ Igor Sobreira
+ Ionel Maries Cristian
+ Jakub Vysoky
+ James Cleveland
+ Jannis Leidel
+ Jay Graves
+ John-Scott Atlakson
+ Jon Parise
+ Jonas Nockert
+ Josh Bronson
+ Kamal Bin Mustafa
+ Kelsey Hightower
+ Kenneth Belitzky
+ Kumar McMillan
+ Luke Macken
+ Masklinn
+ Marc Abramowitz
+ Marcus Smith
+ Markus Hametner
+ Matt Maker
+ Maxime R.
+ Miguel Araujo
+ Nick Stenning
+ Nowell Strite
+ Oliver Tonnhofer
+ Olivier Girardot
+ Patrick Jenkins
+ Paul Moore
+ Paul Nasrat
+ Paul Oswald
+ Paul van der Linden
+ Peter Waller
+ Phil Whelan
+ Piet Delport
+ Przemek Wrzos
+ Qiangning Hong
+ Rafael Caricio
+ Rene Dudfield
+ Roey Berman
+ Ronny Pfannschmidt
+ Rory McCann
+ Simon Cross
+ Stavros Korokithakis
+ Thomas Fenzl
+ Thomas Johansson
+ Vinay Sajip
+ Vitaly Babiy
+ W Trevor King
+ Wil Tan
+ Hsiaoming Yang
+License: Expat
-pip developers are:
-Alex Grönholm
-Alex Morega
-Alexandre Conrad
-Armin Ronacher
-Brian Rosner
-Carl Meyer
-Christian Oudard
-Cody Soyland
-Daniel Holth
-Dave Abrahams
-Francesco
-Hugo Lopes Tavares
-Ian Bicking
-Igor Sobreira
-Ionel Maries Cristian
-Jakub Vysoky
-Jannis Leidel
-Jay Graves
-John-Scott Atlakson
-Jon Parise
-Josh Bronson
-Kelsey Hightower
-Kenneth Belitzky
-Kumar McMillan
-Luke Macken
-Masklinn
-Nowell Strite
-Oliver Tonnhofer
-Patrick Jenkins
-Paul Nasrat
-Peter Waller
-Ronny Pfannschmidt
-Simon Cross
-Thomas Johansson
-Vinay Sajip
-Vitaly Babiy
-Wil Tan
+Files: pip/cacert.pem
+Copyright: No copyrightable material
+License: public-domain
+ Upstream declares that this bundle is licensed, but it seems unreasonable
+ to think that CA certificates would be protected by copyright.
+ Forwarded: https://github.com/pypa/pip/pull/971
-License: other
+Files: debian/*
+Copyright: Copyright 2009 Jeff Licquia <licquia at debian.org>
+License: Expat
+
+License: Expat
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
@@ -66,4 +109,3 @@
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
-
Modified: packages/python-pip/trunk/debian/patches/format_egg_string.patch
===================================================================
--- packages/python-pip/trunk/debian/patches/format_egg_string.patch 2013-05-31 14:36:44 UTC (rev 24620)
+++ packages/python-pip/trunk/debian/patches/format_egg_string.patch 2013-06-02 10:08:26 UTC (rev 24621)
@@ -1,16 +1,14 @@
# Description: use the same .egg string format than Debian python-setuptools
# Author: Carl Chenet <chaica at ohmytux.com>
-Index: pip-1.0/pip/req.py
-===================================================================
---- pip-1.0.orig/pip/req.py 2011-04-13 03:38:11.000000000 +0200
-+++ pip-1.0/pip/req.py 2011-04-13 03:40:17.000000000 +0200
-@@ -403,7 +403,7 @@
+--- a/pip/req.py
++++ b/pip/req.py
+@@ -420,7 +420,7 @@
paths_to_remove = UninstallPathSet(dist)
pip_egg_info_path = os.path.join(dist.location,
- dist.egg_name()) + '.egg-info'
-+ dist.egg_name().split('-py')[0]) + '.egg-info'
++ dist.egg_name().split('-py')[0]) + '.egg-info'
# workaround for http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=618367
debian_egg_info_path = pip_egg_info_path.replace(
'-py%s' % pkg_resources.PY_MAJOR, '')
Modified: packages/python-pip/trunk/debian/patches/remove_hardcoded_python_version.patch
===================================================================
--- packages/python-pip/trunk/debian/patches/remove_hardcoded_python_version.patch 2013-05-31 14:36:44 UTC (rev 24620)
+++ packages/python-pip/trunk/debian/patches/remove_hardcoded_python_version.patch 2013-06-02 10:08:26 UTC (rev 24621)
@@ -1,25 +1,14 @@
# Description: remove the harcoded python version in console exe
# Author: Carl Chenet <chaica at debian.org>
-Index: pip-1.1/pip.egg-info/entry_points.txt
-===================================================================
---- pip-1.1.orig/pip.egg-info/entry_points.txt 2012-02-16 21:08:06.000000000 +0100
-+++ pip-1.1/pip.egg-info/entry_points.txt 2012-05-27 02:26:21.000000000 +0200
-@@ -1,4 +1,3 @@
- [console_scripts]
--pip = pip:main
- pip-2.7 = pip:main
-
-Index: pip-1.1/setup.py
-===================================================================
---- pip-1.1.orig/setup.py 2012-02-16 21:05:03.000000000 +0100
-+++ pip-1.1/setup.py 2012-05-27 02:26:36.000000000 +0200
-@@ -49,7 +49,7 @@
- url='http://www.pip-installer.org',
+--- a/setup.py
++++ b/setup.py
+@@ -51,7 +51,7 @@
license='MIT',
- packages=['pip', 'pip.commands', 'pip.vcs'],
+ packages=['pip', 'pip.commands', 'pip.vcs', 'pip.backwardcompat'],
+ package_data={'pip': ['*.pem']},
- entry_points=dict(console_scripts=['pip=pip:main', 'pip-%s=pip:main' % sys.version[:3]]),
+ entry_points=dict(console_scripts=['pip-%s=pip:main' % sys.version[:3]]),
test_suite='nose.collector',
- tests_require=['nose', 'virtualenv>=1.7', 'scripttest>=1.1.1', 'mock'],
- zip_safe=False)
+ tests_require=tests_require,
+ zip_safe=False,
Modified: packages/python-pip/trunk/debian/patches/series
===================================================================
--- packages/python-pip/trunk/debian/patches/series 2013-05-31 14:36:44 UTC (rev 24620)
+++ packages/python-pip/trunk/debian/patches/series 2013-06-02 10:08:26 UTC (rev 24621)
@@ -1,3 +1,3 @@
format_egg_string.patch
remove_hardcoded_python_version.patch
-test_urlparse_uses_fragment.patch
+system-ca-certificates.patch
Added: packages/python-pip/trunk/debian/patches/system-ca-certificates.patch
===================================================================
--- packages/python-pip/trunk/debian/patches/system-ca-certificates.patch (rev 0)
+++ packages/python-pip/trunk/debian/patches/system-ca-certificates.patch 2013-06-02 10:08:26 UTC (rev 24621)
@@ -0,0 +1,39 @@
+Description: Get CA certificates from the Debian ca-certificates package
+Forwarded: not-needed
+Author: Stefano Rivera <stefanor at debian.org>
+
+--- a/pip/locations.py
++++ b/pip/locations.py
+@@ -8,7 +8,7 @@
+ from pip.backwardcompat import get_python_lib
+ import pip.exceptions
+
+-default_cert_path = os.path.join(os.path.dirname(__file__), 'cacert.pem')
++default_cert_path = '/etc/ssl/certs/ca-certificates.crt'
+
+ def running_under_virtualenv():
+ """
+--- a/setup.py
++++ b/setup.py
+@@ -50,7 +50,6 @@
+ url='http://www.pip-installer.org',
+ license='MIT',
+ packages=['pip', 'pip.commands', 'pip.vcs', 'pip.backwardcompat'],
+- package_data={'pip': ['*.pem']},
+ entry_points=dict(console_scripts=['pip-%s=pip:main' % sys.version[:3]]),
+ test_suite='nose.collector',
+ tests_require=tests_require,
+--- a/pip/download.py
++++ b/pip/download.py
+@@ -96,6 +96,11 @@
+
+ # get alternate bundle or use our included bundle
+ cert_path = os.environ.get('PIP_CERT', '') or default_cert_path
++ if (cert_path == default_cert_path
++ and not os.path.exists(default_cert_path)):
++ logger.fatal('No CA bundle available. '
++ 'Install the Debian "ca-certificates" package to '
++ 'allow pip to use https.')
+
+ self.sock = ssl.wrap_socket(sock,
+ self.key_file,
Deleted: packages/python-pip/trunk/debian/patches/test_urlparse_uses_fragment.patch
===================================================================
--- packages/python-pip/trunk/debian/patches/test_urlparse_uses_fragment.patch 2013-05-31 14:36:44 UTC (rev 24620)
+++ packages/python-pip/trunk/debian/patches/test_urlparse_uses_fragment.patch 2013-06-02 10:08:26 UTC (rev 24621)
@@ -1,36 +0,0 @@
-Description: fix the improper use of urllib.parse.uses_fragment
-Since Python >= 2.7.3, 3.2.3 the module urlparse/urllib.parse (python3) do not
-have a uses_fragment attribute. This patch tests if it exists before using it.
-Origin: upstream
-Bug: https://github.com/pypa/pip/issues/552
-Bug-Debian: http://bugs.debian.org/677801
-Last-Update: 2012-06-19
-
---- python-pip-1.1.orig/pip/vcs/__init__.py
-+++ python-pip-1.1/pip/vcs/__init__.py
-@@ -19,7 +19,9 @@ class VcsSupport(object):
- def __init__(self):
- # Register more schemes with urlparse for various version control systems
- urlparse.uses_netloc.extend(self.schemes)
-- urlparse.uses_fragment.extend(self.schemes)
-+ # Python >= 2.7.4, 3.3 doesn't have uses_fragment
-+ if getattr(urlparse, 'uses_fragment', None):
-+ urlparse.uses_fragment.extend(self.schemes)
- super(VcsSupport, self).__init__()
-
- def __iter__(self):
---- python-pip-1.1.orig/pip/vcs/bazaar.py
-+++ python-pip-1.1/pip/vcs/bazaar.py
-@@ -20,8 +20,10 @@ class Bazaar(VersionControl):
-
- def __init__(self, url=None, *args, **kwargs):
- super(Bazaar, self).__init__(url, *args, **kwargs)
-- urlparse.non_hierarchical.extend(['lp'])
-- urlparse.uses_fragment.extend(['lp'])
-+ # Python >= 2.7.4, 3.3 doesn't have uses_fragment or non_hierarchical
-+ if getattr(urlparse, 'uses_fragment', None):
-+ urlparse.uses_fragment.extend(self.schemes)
-+ urlparse.non_hierarchical.extend(['lp'])
-
- def parse_vcs_bundle_file(self, content):
- url = rev = None
Modified: packages/python-pip/trunk/debian/rules
===================================================================
--- packages/python-pip/trunk/debian/rules 2013-05-31 14:36:44 UTC (rev 24620)
+++ packages/python-pip/trunk/debian/rules 2013-06-02 10:08:26 UTC (rev 24621)
@@ -22,3 +22,6 @@
dh_auto_clean
rm -rf build
rm -rf *.egg-info
+
+override_dh_installchangelogs:
+ dh_installchangelogs CHANGES.txt
Modified: packages/python-pip/trunk/debian/watch
===================================================================
--- packages/python-pip/trunk/debian/watch 2013-05-31 14:36:44 UTC (rev 24620)
+++ packages/python-pip/trunk/debian/watch 2013-06-02 10:08:26 UTC (rev 24621)
@@ -1,3 +1,2 @@
version=3
-http://pypi.python.org/packages/source/p/pip/ pip-(.*)\.tar\.gz
-
+https://pypi.python.org/packages/source/p/pip/ pip-(.*)\.tar\.gz
More information about the Python-modules-commits
mailing list