diff --git a/4356.patch b/4356.patch deleted file mode 100644 index 3f980e303a795f4789d8a8d28e273b0c58258f71..0000000000000000000000000000000000000000 --- a/4356.patch +++ /dev/null @@ -1,40 +0,0 @@ -From d53bf1509f40c8e84feb62ac13e91b76074a063a Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= -Date: Tue, 14 May 2024 16:19:02 +0200 -Subject: [PATCH] Explicitly disallow resource paths starting with single - backslash - -Previously, such paths were disallowed implicitly -as they were treated as Windows absolute paths. - -Since Python 3.13, paths starting with a single backslash are not considered -Windows-absolute, so we treat them specially. - -This change makes the existing doctest pass with Python 3.13. - -Partially fixes https://github.com/pypa/setuptools/issues/4196 ---- - pkg_resources/__init__.py | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/pkg_resources/__init__.py b/pkg_resources/__init__.py -index 713d9bdfa3..faee7dec79 100644 ---- a/pkg_resources/__init__.py -+++ b/pkg_resources/__init__.py -@@ -1604,6 +1604,7 @@ def _validate_resource_path(path): - os.path.pardir in path.split(posixpath.sep) - or posixpath.isabs(path) - or ntpath.isabs(path) -+ or path.startswith("\\") - ) - if not invalid: - return -@@ -1611,7 +1612,7 @@ def _validate_resource_path(path): - msg = "Use of .. or absolute path in a resource path is not allowed." - - # Aggressively disallow Windows absolute paths -- if ntpath.isabs(path) and not posixpath.isabs(path): -+ if (path.startswith("\\") or ntpath.isabs(path)) and not posixpath.isabs(path): - raise ValueError(msg) - - # for compatibility, warn; in future diff --git a/4357.patch b/4357.patch deleted file mode 100644 index 7222d3dba26638f4015a99da3f9fc5d3bce631ae..0000000000000000000000000000000000000000 --- a/4357.patch +++ /dev/null @@ -1,30 +0,0 @@ -From c6266e423fa26aafa01f1df71de7c6613273155e Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Miro=20Hron=C4=8Dok?= -Date: Tue, 14 May 2024 16:24:07 +0200 -Subject: [PATCH] Make the validation test for entry-points work with Python - 3.13+ - -The exception in importlib.metadata has changed. -See https://github.com/python/importlib_metadata/issues/488 - -This makes an existing test pass with Python 3.13. - -Partially fixes https://github.com/pypa/setuptools/issues/4196 ---- - setuptools/_entry_points.py | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/setuptools/_entry_points.py b/setuptools/_entry_points.py -index 747a69067e..b244e78387 100644 ---- a/setuptools/_entry_points.py -+++ b/setuptools/_entry_points.py -@@ -17,7 +17,8 @@ def ensure_valid(ep): - """ - try: - ep.extras -- except AttributeError as ex: -+ except (AttributeError, AssertionError) as ex: -+ # Why both? See https://github.com/python/importlib_metadata/issues/488 - msg = ( - f"Problems to parse {ep}.\nPlease ensure entry-point follows the spec: " - "https://packaging.python.org/en/latest/specifications/entry-points/" diff --git a/backport-CVE-2024-6345.patch b/backport-CVE-2024-6345.patch deleted file mode 100644 index d3f50741540067d04e94d17b0546a1f6fcff96e1..0000000000000000000000000000000000000000 --- a/backport-CVE-2024-6345.patch +++ /dev/null @@ -1,116 +0,0 @@ -From 472528deea4063f20c5d9525f0faf64ae0cd0a90 Mon Sep 17 00:00:00 2001 -From: Lumir Balhar -Date: Wed, 24 Jul 2024 14:26:09 +0200 -Subject: [PATCH] CVE-2024-6345 - ---- - setuptools/package_index.py | 21 +++++---------------- - setuptools/tests/test_packageindex.py | 20 ++++++++++---------- - 2 files changed, 15 insertions(+), 26 deletions(-) - -diff --git a/setuptools/package_index.py b/setuptools/package_index.py -index 7095585..1368bde 100644 ---- a/setuptools/package_index.py -+++ b/setuptools/package_index.py -@@ -1,5 +1,6 @@ - """PyPI and direct package downloading.""" - -+import subprocess - import sys - import os - import re -@@ -881,17 +882,11 @@ class PackageIndex(Environment): - url, rev = self._vcs_split_rev_from_url(url, pop_prefix=True) - - self.info("Doing git clone from %s to %s", url, filename) -- os.system("git clone --quiet %s %s" % (url, filename)) -+ subprocess.check_call(["git", "clone", "--quiet", url, filename]) - - if rev is not None: - self.info("Checking out %s", rev) -- os.system( -- "git -C %s checkout --quiet %s" -- % ( -- filename, -- rev, -- ) -- ) -+ subprocess.check_call(["git", "-C", filename, "checkout", "--quiet", rev]) - - return filename - -@@ -900,17 +895,11 @@ class PackageIndex(Environment): - url, rev = self._vcs_split_rev_from_url(url, pop_prefix=True) - - self.info("Doing hg clone from %s to %s", url, filename) -- os.system("hg clone --quiet %s %s" % (url, filename)) -+ subprocess.check_call(["hg", "clone", "--quiet", url, filename]) - - if rev is not None: - self.info("Updating to %s", rev) -- os.system( -- "hg --cwd %s up -C -r %s -q" -- % ( -- filename, -- rev, -- ) -- ) -+ subprocess.check_call(["hg", "--cwd", filename, "up", "-C", "-r", rev, "-q"]) - - return filename - -diff --git a/setuptools/tests/test_packageindex.py b/setuptools/tests/test_packageindex.py -index 0287063..c136e8d 100644 ---- a/setuptools/tests/test_packageindex.py -+++ b/setuptools/tests/test_packageindex.py -@@ -190,37 +190,37 @@ class TestPackageIndex: - url = 'git+https://github.example/group/project@master#egg=foo' - index = setuptools.package_index.PackageIndex() - -- with mock.patch("os.system") as os_system_mock: -+ with mock.patch("subprocess.check_call") as subprocess_check_call_mock: - result = index.download(url, str(tmpdir)) - -- os_system_mock.assert_called() -+ subprocess_check_call_mock.assert_called() - - expected_dir = str(tmpdir / 'project@master') - expected = ( - 'git clone --quiet ' 'https://github.example/group/project {expected_dir}' -- ).format(**locals()) -- first_call_args = os_system_mock.call_args_list[0][0] -+ ).format(**locals()).split() -+ first_call_args = subprocess_check_call_mock.call_args_list[0][0] - assert first_call_args == (expected,) - - tmpl = 'git -C {expected_dir} checkout --quiet master' -- expected = tmpl.format(**locals()) -- assert os_system_mock.call_args_list[1][0] == (expected,) -+ expected = tmpl.format(**locals()).split() -+ assert subprocess_check_call_mock.call_args_list[1][0] == (expected,) - assert result == expected_dir - - def test_download_git_no_rev(self, tmpdir): - url = 'git+https://github.example/group/project#egg=foo' - index = setuptools.package_index.PackageIndex() - -- with mock.patch("os.system") as os_system_mock: -+ with mock.patch("subprocess.check_call") as subprocess_check_call_mock: - result = index.download(url, str(tmpdir)) - -- os_system_mock.assert_called() -+ subprocess_check_call_mock.assert_called() - - expected_dir = str(tmpdir / 'project') - expected = ( - 'git clone --quiet ' 'https://github.example/group/project {expected_dir}' -- ).format(**locals()) -- os_system_mock.assert_called_once_with(expected) -+ ).format(**locals()).split() -+ subprocess_check_call_mock.assert_called_once_with(expected) - - def test_download_svn(self, tmpdir): - url = 'svn+https://svn.example/project#egg=foo' --- -2.45.2 - diff --git a/python-setuptools.spec b/python-setuptools.spec index cbe9f243ba6130ff1aac51b5e45c3a5a9b8b2f8a..2123a257c0cb07b7d808632ca01e9ac821266f07 100644 --- a/python-setuptools.spec +++ b/python-setuptools.spec @@ -7,7 +7,7 @@ %global python_whlname setuptools-%{version}-py3-none-any.whl Name: python-setuptools -Version: 69.5.0 +Version: 78.1.1 Release: 1 Summary: Easily build and distribute Python packages @@ -15,13 +15,6 @@ License: MIT and (BSD or ASL 2.0) URL: https://pypi.python.org/pypi/setuptools Source0: %{pypi_source setuptools %{version}} -Patch9001: backport-CVE-2024-6345.patch -# Python 3.13 compatibility patches, merged upstream -#https://github.com/pypa/setuptools/pull/4356.patch -#https://github.com/pypa/setuptools/pull/4357.patch -Patch9002: 4356.patch -Patch9003: 4357.patch - BuildArch: noarch BuildRequires: python3-devel @@ -35,7 +28,6 @@ BuildRequires: python3-pip, python3-wheel %endif Provides: python-distribute = %{version}-%{release}, %{name}-wheel -Obsoletes: python-distribute < 0.6.36-2, %{name}-wheel %description Setuptools is a collection of enhancements to the Python distutils that allow @@ -65,7 +57,6 @@ execute the software that requires pkg_resources.py. find setuptools pkg_resources -name \*.py | xargs sed -i -e '1 {/^#!\//d}' rm -f setuptools/*.exe -rm setuptools/tests/test_integration.py %build %if %{without bootstrap} @@ -115,6 +106,9 @@ PYTHONDONTWRITEBYTECODE=1 PYTHONPATH=$(pwd) py.test-%{python3_version} --ignore= %changelog +* Thu May 29 2025 Dongxing Wang - 78.1.1-1 +- Update package to version 78.1.1 + * Wed May 28 2025 Dongxing Wang - 69.5.0-1 - Update package to version 69.5.0 diff --git a/setuptools-69.5.0.tar.gz b/setuptools-69.5.0.tar.gz deleted file mode 100644 index c35f8e4b9a3503af714e4881323e4e2e8b1e5185..0000000000000000000000000000000000000000 Binary files a/setuptools-69.5.0.tar.gz and /dev/null differ diff --git a/setuptools-78.1.1.tar.gz b/setuptools-78.1.1.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..a6becac7c518245774a9026d9641ddd7f26b8f84 Binary files /dev/null and b/setuptools-78.1.1.tar.gz differ