.gitignore

@@ -1 +1 @@
-SOURCES/pip-21.3.1.tar.gz
+SOURCES/pip-21.2.3.tar.gz

.python-pip.metadata

@@ -1 +1 @@
-5f98a502c4ae2fec713eda155bf5994196d97cd9 SOURCES/pip-21.3.1.tar.gz
+c899dfeece28336424046e097bc48783a5d4264b SOURCES/pip-21.2.3.tar.gz

SOURCES/cve-2007-4559-tarfile.patch

@@ -1,20 +1,9 @@
-From 1819805f2019c731bcaefd6b12fd814790f88fcd Mon Sep 17 00:00:00 2001
-From: Lumir Balhar <lbalhar@redhat.com>
-Date: Tue, 19 Mar 2024 12:43:07 +0100
-Subject: [PATCH] cve-2007-4559-tarfile
-
 Minimal patch for pip
----
- src/pip/_internal/utils/unpacking.py |  7 +++++++
- src/pip/_vendor/distlib/util.py      | 13 +++++++++++++
- tests/unit/test_utils_unpacking.py   | 17 +++++++++++++++++
- 3 files changed, 37 insertions(+)
 
-diff --git a/src/pip/_internal/utils/unpacking.py b/src/pip/_internal/utils/unpacking.py
+diff -rU3 pip-orig/src/pip/_internal/utils/unpacking.py pip/src/pip/_internal/utils/unpacking.py
-index 5f63f97..c31542f 100644
+--- pip-orig/src/pip/_internal/utils/unpacking.py	2022-11-05 16:25:43.000000000 +0100
---- a/src/pip/_internal/utils/unpacking.py
++++ pip/src/pip/_internal/utils/unpacking.py	2023-08-08 13:17:47.705613554 +0200
-+++ b/src/pip/_internal/utils/unpacking.py
+@@ -184,6 +184,13 @@
-@@ -184,6 +184,13 @@ def untar_file(filename: str, location: str) -> None:
                      "outside target directory ({})"
                  )
                  raise InstallationError(message.format(filename, path, location))
@@ -28,36 +17,15 @@ index 5f63f97..c31542f 100644
              if member.isdir():
                  ensure_dir(path)
              elif member.issym():
-diff --git a/src/pip/_vendor/distlib/util.py b/src/pip/_vendor/distlib/util.py
-index 80bfc86..7e0941a 100644
---- a/src/pip/_vendor/distlib/util.py
-+++ b/src/pip/_vendor/distlib/util.py
-@@ -1249,6 +1249,19 @@ def unarchive(archive_filename, dest_dir, format=None, check=True):
-             for tarinfo in archive.getmembers():
-                 if not isinstance(tarinfo.name, text_type):
-                     tarinfo.name = tarinfo.name.decode('utf-8')
-+
-+        # Limit extraction of dangerous items, if this Python
-+        # allows it easily. If not, just trust the input.
-+        # See: https://docs.python.org/3/library/tarfile.html#extraction-filters
-+        def extraction_filter(member, path):
-+            """Run tarfile.tar_fillter, but raise the expected ValueError"""
-+            # This is only called if the current Python has tarfile filters
-+            try:
-+                return tarfile.tar_filter(member, path)
-+            except tarfile.FilterError as exc:
-+                raise ValueError(str(exc))
-+        archive.extraction_filter = extraction_filter
-+
-         archive.extractall(dest_dir)
 
-     finally:
+
-diff --git a/tests/unit/test_utils_unpacking.py b/tests/unit/test_utils_unpacking.py
+Test from https://github.com/pypa/pip/pull/12214
-index ccb7a30..05324ad 100644
+
---- a/tests/unit/test_utils_unpacking.py
+diff -rU3 pip-orig/tests/unit/test_utils_unpacking.py pip/tests/unit/test_utils_unpacking.py
-+++ b/tests/unit/test_utils_unpacking.py
+--- pip-orig/tests/unit/test_utils_unpacking.py	2022-11-05 16:25:43.000000000 +0100
-@@ -171,6 +171,23 @@ class TestUnpackArchives:
++++ pip/tests/unit/test_utils_unpacking.py	2023-08-08 13:17:35.151540108 +0200
-         test_tar = self.make_tar_file("test_tar.tar", files)
+@@ -167,6 +167,23 @@
+         test_tar = self.make_tar_file('test_tar.tar', files)
          untar_file(test_tar, self.tempdir)
  
 +    def test_unpack_tar_filter(self) -> None:
@@ -78,8 +46,33 @@ index ccb7a30..05324ad 100644
 +
 +
  
- def test_unpack_tar_unicode(tmpdir: Path) -> None:
+ def test_unpack_tar_unicode(tmpdir):
      test_tar = tmpdir / "test.tar"
--- 
-2.44.0
 
+
+Patch for vendored distlib from https://github.com/pypa/distlib/pull/201
+
+diff --git a/distlib/util.py b/distlib/util.py
+index e0622e4..4349d0b 100644
+--- a/src/pip/_vendor/distlib/util.py
++++ b/src/pip/_vendor/distlib/util.py
+@@ -1249,6 +1249,19 @@ def check_path(path):
+             for tarinfo in archive.getmembers():
+                 if not isinstance(tarinfo.name, text_type):
+                     tarinfo.name = tarinfo.name.decode('utf-8')
++
++        # Limit extraction of dangerous items, if this Python
++        # allows it easily. If not, just trust the input.
++        # See: https://docs.python.org/3/library/tarfile.html#extraction-filters
++        def extraction_filter(member, path):
++            """Run tarfile.tar_fillter, but raise the expected ValueError"""
++            # This is only called if the current Python has tarfile filters
++            try:
++                return tarfile.tar_filter(member, path)
++            except tarfile.FilterError as exc:
++                raise ValueError(str(exc))
++        archive.extraction_filter = extraction_filter
++
+         archive.extractall(dest_dir)
+ 
+     finally:

SOURCES/remove-existing-dist-only-if-path-conflicts.patch

@@ -1,11 +1,10 @@
-From f5c7cdc676e6884580fde4689a296ff50a9847a5 Mon Sep 17 00:00:00 2001
+From aca0c9df4ef54f70a3fedb07f4faac463f88a331 Mon Sep 17 00:00:00 2001
-From: Lumir Balhar <lbalhar@redhat.com>
+From: Karolina Surma <ksurma@redhat.com>
-Date: Wed, 20 Mar 2024 13:43:12 +0100
+Date: Mon, 10 May 2021 18:16:20 +0200
 Subject: [PATCH] Prevent removing of the system packages installed under
- /usr/lib when pip install -U is executed.
+ /usr/lib
-MIME-Version: 1.0
+
-Content-Type: text/plain; charset=UTF-8
+when pip install -U is executed.
-Content-Transfer-Encoding: 8bit
 
 Resolves: rhbz#1550368
 
@@ -22,10 +21,10 @@ Co-Authored-By: Miro Hrončok <miro@hroncok.cz>
  4 files changed, 27 insertions(+), 2 deletions(-)
 
 diff --git a/src/pip/_internal/req/req_install.py b/src/pip/_internal/req/req_install.py
-index 95dacab..b9679fa 100644
+index 4c58cdb..3570e17 100644
 --- a/src/pip/_internal/req/req_install.py
 +++ b/src/pip/_internal/req/req_install.py
-@@ -47,6 +47,7 @@ from pip._internal.utils.misc import (
+@@ -43,6 +43,7 @@ from pip._internal.utils.misc import (
      ask_path_exists,
      backup_dir,
      display_path,
@@ -33,9 +32,9 @@ index 95dacab..b9679fa 100644
      dist_in_site_packages,
      dist_in_usersite,
      get_distribution,
-@@ -442,7 +443,7 @@ class InstallRequirement:
+@@ -426,7 +427,7 @@ class InstallRequirement:
-                             existing_dist.project_name, existing_dist.location
+                         "lack sys.path precedence to {} in {}".format(
-                         )
+                             existing_dist.project_name, existing_dist.location)
                      )
 -            else:
 +            elif dist_in_install_path(existing_dist):
@@ -43,18 +42,18 @@ index 95dacab..b9679fa 100644
          else:
              if self.editable:
 diff --git a/src/pip/_internal/resolution/legacy/resolver.py b/src/pip/_internal/resolution/legacy/resolver.py
-index 09caaa6..c1542ec 100644
+index 4df8f7e..dda2292 100644
 --- a/src/pip/_internal/resolution/legacy/resolver.py
 +++ b/src/pip/_internal/resolution/legacy/resolver.py
-@@ -44,6 +44,7 @@ from pip._internal.resolution.base import BaseResolver, InstallRequirementProvid
+@@ -42,6 +42,7 @@ from pip._internal.resolution.base import BaseResolver, InstallRequirementProvid
  from pip._internal.utils.compatibility_tags import get_supported
  from pip._internal.utils.logging import indent_log
  from pip._internal.utils.misc import dist_in_usersite, normalize_version_info
 +from pip._internal.utils.misc import dist_in_install_path
- from pip._internal.utils.packaging import check_requires_python
+ from pip._internal.utils.packaging import check_requires_python, get_requires_python
  
  logger = logging.getLogger(__name__)
-@@ -203,7 +204,9 @@ class Resolver(BaseResolver):
+@@ -194,7 +195,9 @@ class Resolver(BaseResolver):
          """
          # Don't uninstall the conflict if doing a user install and the
          # conflict is not a user install.
@@ -66,7 +65,7 @@ index 09caaa6..c1542ec 100644
          req.satisfied_by = None
  
 diff --git a/src/pip/_internal/resolution/resolvelib/factory.py b/src/pip/_internal/resolution/resolvelib/factory.py
-index 766dc26..baf61ba 100644
+index e7fd344..555e657 100644
 --- a/src/pip/_internal/resolution/resolvelib/factory.py
 +++ b/src/pip/_internal/resolution/resolvelib/factory.py
 @@ -1,6 +1,7 @@
@@ -77,7 +76,7 @@ index 766dc26..baf61ba 100644
  from typing import (
      TYPE_CHECKING,
      Dict,
-@@ -33,6 +34,7 @@ from pip._internal.exceptions import (
+@@ -34,6 +35,7 @@ from pip._internal.exceptions import (
      UnsupportedWheel,
  )
  from pip._internal.index.package_finder import PackageFinder
@@ -85,15 +84,15 @@ index 766dc26..baf61ba 100644
  from pip._internal.metadata import BaseDistribution, get_default_environment
  from pip._internal.models.link import Link
  from pip._internal.models.wheel import Wheel
-@@ -45,6 +47,7 @@ from pip._internal.req.req_install import (
+@@ -46,6 +48,7 @@ from pip._internal.req.req_install import (
  from pip._internal.resolution.base import InstallRequirementProvider
  from pip._internal.utils.compatibility_tags import get_supported
  from pip._internal.utils.hashes import Hashes
 +from pip._internal.utils.misc import dist_location
- from pip._internal.utils.packaging import get_requirement
  from pip._internal.utils.virtualenv import running_under_virtualenv
  
-@@ -526,6 +529,13 @@ class Factory:
+ from .base import Candidate, CandidateVersion, Constraint, Requirement
+@@ -525,6 +528,13 @@ class Factory:
          if dist is None:  # Not installed, no uninstallation required.
              return None
  
@@ -108,18 +107,18 @@ index 766dc26..baf61ba 100644
          # be uninstalled, no matter it's in global or user site, because the
          # user site installation has precedence over global.
 diff --git a/src/pip/_internal/utils/misc.py b/src/pip/_internal/utils/misc.py
-index d3e9053..d25d1c3 100644
+index 99ebea3..5901687 100644
 --- a/src/pip/_internal/utils/misc.py
 +++ b/src/pip/_internal/utils/misc.py
-@@ -38,6 +38,7 @@ from pip._vendor.tenacity import retry, stop_after_delay, wait_fixed
+@@ -40,6 +40,7 @@ from pip._vendor.tenacity import retry, stop_after_delay, wait_fixed
  from pip import __version__
  from pip._internal.exceptions import CommandError
  from pip._internal.locations import get_major_minor_version, site_packages, user_site
 +from pip._internal.locations import get_scheme
- from pip._internal.utils.compat import WINDOWS
+ from pip._internal.utils.compat import WINDOWS, stdlib_pkgs
- from pip._internal.utils.egg_link import egg_link_path_from_location
+ from pip._internal.utils.virtualenv import (
- from pip._internal.utils.virtualenv import running_under_virtualenv
+     running_under_virtualenv,
-@@ -354,6 +355,16 @@ def dist_in_site_packages(dist: Distribution) -> bool:
+@@ -382,6 +383,16 @@ def dist_in_site_packages(dist):
      return dist_location(dist).startswith(normalize_path(site_packages))
  
  
@@ -133,9 +132,9 @@ index d3e9053..d25d1c3 100644
 +        get_scheme("").purelib.split('python')[0]))
 +
 +
- def get_distribution(req_name: str) -> Optional[Distribution]:
+ def dist_is_editable(dist):
-     """Given a requirement name, return the installed Distribution object.
+     # type: (Distribution) -> bool
- 
+     """
 -- 
-2.44.0
+2.32.0
 

SPECS/python-pip.spec

@@ -13,7 +13,7 @@
 %endif
 
 %global srcname pip
-%global base_version 21.3.1
+%global base_version 21.2.3
 %global upstream_version %{base_version}%{?prerel}
 %global python_wheel_name %{srcname}-%{upstream_version}-py3-none-any.whl
 
@@ -21,7 +21,7 @@
 
 Name:           python-%{srcname}
 Version:        %{base_version}%{?prerel:~%{prerel}}
-Release:        1%{?dist}
+Release:        7%{?dist}.1
 Summary:        A tool for installing and managing Python packages
 
 # We bundle a lot of libraries with pip, which itself is under MIT license.
@@ -128,27 +128,27 @@ Packages" or "Pip Installs Python".
 # You can generate it with:
 # %%{_rpmconfigdir}/pythonbundles.py --namespace 'python%%{1}dist' src/pip/_vendor/vendor.txt
 %global bundled() %{expand:
+Provides: bundled(python%{1}dist(appdirs)) = 1.4.4
 Provides: bundled(python%{1}dist(cachecontrol)) = 0.12.6
 Provides: bundled(python%{1}dist(certifi)) = 2021.5.30
 Provides: bundled(python%{1}dist(chardet)) = 4
 Provides: bundled(python%{1}dist(colorama)) = 0.4.4
-Provides: bundled(python%{1}dist(distlib)) = 0.3.3
+Provides: bundled(python%{1}dist(distlib)) = 0.3.2
-Provides: bundled(python%{1}dist(distro)) = 1.6
+Provides: bundled(python%{1}dist(distro)) = 1.5
 Provides: bundled(python%{1}dist(html5lib)) = 1.1
 Provides: bundled(python%{1}dist(idna)) = 3.2
 Provides: bundled(python%{1}dist(msgpack)) = 1.0.2
 Provides: bundled(python%{1}dist(packaging)) = 21
-Provides: bundled(python%{1}dist(pep517)) = 0.12
+Provides: bundled(python%{1}dist(pep517)) = 0.11
-Provides: bundled(python%{1}dist(platformdirs)) = 2.4
+Provides: bundled(python%{1}dist(progress)) = 1.5
-Provides: bundled(python%{1}dist(progress)) = 1.6
 Provides: bundled(python%{1}dist(pyparsing)) = 2.4.7
 Provides: bundled(python%{1}dist(requests)) = 2.26
-Provides: bundled(python%{1}dist(resolvelib)) = 0.8
+Provides: bundled(python%{1}dist(resolvelib)) = 0.7.1
 Provides: bundled(python%{1}dist(setuptools)) = 44
 Provides: bundled(python%{1}dist(six)) = 1.16
 Provides: bundled(python%{1}dist(tenacity)) = 8.0.1
 Provides: bundled(python%{1}dist(tomli)) = 1.0.3
-Provides: bundled(python%{1}dist(urllib3)) = 1.26.7
+Provides: bundled(python%{1}dist(urllib3)) = 1.26.6
 Provides: bundled(python%{1}dist(webencodings)) = 0.5.1
 }
 
@@ -248,7 +248,7 @@ Obsoletes:      %{name}-wheel < %{version}-%{release}
 # Older versions of python3-libs (< 3.9.9-2) expect Python wheels at the old unversioned
 # location, so we conflict with the old Python versions that wouldn't work with
 # the new wheel location.
-# Moreover, Python older than (3.9.16-2) does not provide tarfile filters (fix for CVE-2007-4559).
+# Moreover, Python older than (3.9.17-2) does not provide tarfile filters (fix for CVE-2007-4559).
 Conflicts:      python3-libs < 3.9.17-2
 
 # Virtual provides for the packages bundled by pip:
@@ -375,13 +375,11 @@ pytest_k='not completion and
           not test_from_link_vcs_without_source_dir and
           not test_should_cache_git_sha'
 
-# test_pep517 and test_pep660 are ignored entirely, as they import tomli_w and we don't have that packaged yet
 # --deselect'ed tests are not compatible with the latest virtualenv
 # These files contain almost 500 tests so we should enable them back
 # as soon as pip will be compatible upstream
 # https://github.com/pypa/pip/pull/8441
 %pytest -m 'not network' -k "$(echo $pytest_k)" \
-    --ignore tests/functional/test_pep660.py --ignore tests/functional/test_pep517.py \
     --deselect tests/functional --deselect tests/lib/test_lib.py --deselect tests/unit/test_build_env.py
 %endif
 
@@ -418,16 +416,9 @@ pytest_k='not completion and
 %{python_wheel_dir}/%{python_wheel_name}
 
 %changelog
-* Tue Mar 19 2024 Lumír Balhar <lbalhar@redhat.com> - 21.3.1-1
+* Wed Feb 14 2024 Lumír Balhar <lbalhar@redhat.com> - 21.2.3-7.1
-- Update to 21.3.1
-Resolves: RHEL-29310
-
-* Wed Feb 14 2024 Lumír Balhar <lbalhar@redhat.com> - 21.2.3-8
 - Require Python with tarfile filters
-Resolves: RHEL-25451
+Resolves: RHEL-25452
-
-* Fri Sep 22 2023 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 21.2.3-7
-- Rebuilt for MSVSphere 9.3 beta
 
 * Tue Aug 08 2023 Petr Viktorin <pviktori@redhat.com> - 21.2.3-7
 - Use tarfile.data_filter for extracting (CVE-2007-4559, PEP-721, PEP-706)