diff --git a/Revert-Always-rewrite-a-Python-shebang-to-python.patch b/Revert-Always-rewrite-a-Python-shebang-to-python.patch new file mode 100644 index 0000000000000000000000000000000000000000..608098d8d22194dd71e66457d5976b0ee601aef1 --- /dev/null +++ b/Revert-Always-rewrite-a-Python-shebang-to-python.patch @@ -0,0 +1,45 @@ +From 06a246f1fbd79d70951488d65d5fe6bfa4afd4ef Mon Sep 17 00:00:00 2001 +From: Lumir Balhar +Date: Thu, 13 Mar 2025 11:52:42 +0100 +Subject: [PATCH] Revert "Always rewrite a Python shebang to #!python." + +This reverts commit c71266345c64fd662b5f95bbbc6e4536172f496d. +--- + setuptools/_distutils/command/build_scripts.py | 13 ++++++++++++- + 1 file changed, 12 insertions(+), 1 deletion(-) + +diff --git a/setuptools/_distutils/command/build_scripts.py b/setuptools/_distutils/command/build_scripts.py +index 127c51d8d..05ba2c93c 100644 +--- a/setuptools/_distutils/command/build_scripts.py ++++ b/setuptools/_distutils/command/build_scripts.py +@@ -5,6 +5,7 @@ Implements the Distutils 'build_scripts' command.""" + import os + import re + import tokenize ++from distutils import sysconfig + from distutils._log import log + from stat import ST_MODE + from typing import ClassVar +@@ -105,8 +106,18 @@ class build_scripts(Command): + if shebang_match: + log.info("copying and adjusting %s -> %s", script, self.build_dir) + if not self.dry_run: ++ if not sysconfig.python_build: ++ executable = self.executable ++ else: ++ executable = os.path.join( ++ sysconfig.get_config_var("BINDIR"), ++ "python{}{}".format( ++ sysconfig.get_config_var("VERSION"), ++ sysconfig.get_config_var("EXE"), ++ ), ++ ) + post_interp = shebang_match.group(1) or '' +- shebang = f"#!python{post_interp}\n" ++ shebang = "#!" + executable + post_interp + "\n" + self._validate_shebang(shebang, f.encoding) + with open(outfile, "w", encoding=f.encoding) as outf: + outf.write(shebang) +-- +2.48.1 + diff --git a/backport-CVE-2024-6345.patch b/backport-CVE-2024-6345.patch deleted file mode 100644 index ed179030d694d79b3e42459425c0af32ca078bae..0000000000000000000000000000000000000000 --- a/backport-CVE-2024-6345.patch +++ /dev/null @@ -1,317 +0,0 @@ -From 88807c7062788254f654ea8c03427adc859321f0 Mon Sep 17 00:00:00 2001 -From: jaraco -Date: Tue, 30 Apr 2024 15:02:00 +0800 -Subject: [PATCH] Modernize package_index VCS handling -https://github.com/pypa/setuptools/commit/88807c7062788254f654ea8c03427adc859321f0 -https://github.com/pypa/setuptools/pull/4332 - ---- - changelog.d/4332.feature.rst | 1 + - setup.cfg | 1 + - setuptools/package_index.py | 146 ++++++++++++++------------ - setuptools/tests/test_packageindex.py | 56 +++++----- - 4 files changed, 108 insertions(+), 96 deletions(-) - create mode 100644 changelog.d/4332.feature.rst - -diff --git a/changelog.d/4332.feature.rst b/changelog.d/4332.feature.rst -new file mode 100644 -index 0000000..1e612ec ---- /dev/null -+++ b/changelog.d/4332.feature.rst -@@ -0,0 +1 @@ -+Modernized and refactored VCS handling in package_index. -diff --git a/setup.cfg b/setup.cfg -index c1d8a69..6787594 100644 ---- a/setup.cfg -+++ b/setup.cfg -@@ -63,6 +63,7 @@ testing = - tomli-w>=1.0.0 - pytest-timeout - pytest-perf -+ pytest-subprocess - testing-integration = - pytest - pytest-xdist -diff --git a/setuptools/package_index.py b/setuptools/package_index.py -index 3130ace..ae50db5 100644 ---- a/setuptools/package_index.py -+++ b/setuptools/package_index.py -@@ -1,6 +1,7 @@ - """PyPI and direct package downloading.""" - - import sys -+import subprocess - import os - import re - import io -@@ -586,7 +587,7 @@ class PackageIndex(Environment): - scheme = URL_SCHEME(spec) - if scheme: - # It's a url, download it to tmpdir -- found = self._download_url(scheme.group(1), spec, tmpdir) -+ found = self._download_url(spec, tmpdir) - base, fragment = egg_info_for_url(spec) - if base.endswith('.py'): - found = self.gen_setup(found, fragment, tmpdir) -@@ -813,7 +814,7 @@ class PackageIndex(Environment): - else: - raise DistutilsError("Download error for %s: %s" % (url, v)) from v - -- def _download_url(self, scheme, url, tmpdir): -+ def _download_url(self, url, tmpdir): - # Determine download filename - # - name, fragment = egg_info_for_url(url) -@@ -828,19 +829,60 @@ class PackageIndex(Environment): - - filename = os.path.join(tmpdir, name) - -- # Download the file -- # -- if scheme == 'svn' or scheme.startswith('svn+'): -- return self._download_svn(url, filename) -- elif scheme == 'git' or scheme.startswith('git+'): -- return self._download_git(url, filename) -- elif scheme.startswith('hg+'): -- return self._download_hg(url, filename) -- elif scheme == 'file': -- return urllib.request.url2pathname(urllib.parse.urlparse(url)[2]) -- else: -- self.url_ok(url, True) # raises error if not allowed -- return self._attempt_download(url, filename) -+ return self._download_vcs(url, filename) or self._download_other(url, filename) -+ -+ -+ @staticmethod -+ def _resolve_vcs(url): -+ """ -+ >>> rvcs = PackageIndex._resolve_vcs -+ >>> rvcs('git+http://foo/bar') -+ 'git' -+ >>> rvcs('hg+https://foo/bar') -+ 'hg' -+ >>> rvcs('git:myhost') -+ 'git' -+ >>> rvcs('hg:myhost') -+ >>> rvcs('http://foo/bar') -+ """ -+ scheme = urllib.parse.urlsplit(url).scheme -+ pre, sep, post = scheme.partition('+') -+ # svn and git have their own protocol; hg does not -+ allowed = set(['svn', 'git'] + ['hg'] * bool(sep)) -+ return next(iter({pre} & allowed), None) -+ -+ def _download_vcs(self, url, spec_filename): -+ vcs = self._resolve_vcs(url) -+ if not vcs: -+ return -+ if vcs == 'svn': -+ raise DistutilsError( -+ f"Invalid config, SVN download is not supported: {url}" -+ ) -+ -+ filename, _, _ = spec_filename.partition('#') -+ url, rev = self._vcs_split_rev_from_url(url) -+ -+ self.info(f"Doing {vcs} clone from {url} to {filename}") -+ subprocess.check_call([vcs, 'clone', '--quiet', url, filename]) -+ -+ co_commands = dict( -+ git=[vcs, '-C', filename, 'checkout', '--quiet', rev], -+ hg=[vcs, '--cwd', filename, 'up', '-C', '-r', rev, '-q'], -+ ) -+ if rev is not None: -+ self.info(f"Checking out {rev}") -+ subprocess.check_call(co_commands[vcs]) -+ -+ return filename -+ -+ def _download_other(self, url, filename): -+ scheme = urllib.parse.urlsplit(url).scheme -+ if scheme == 'file': # pragma: no cover -+ return urllib.request.url2pathname(urllib.parse.urlparse(url).path) -+ # raise error if not allowed -+ self.url_ok(url, True) -+ return self._attempt_download(url, filename) - - def scan_url(self, url): - self.process_url(url, True) -@@ -856,64 +898,36 @@ class PackageIndex(Environment): - os.unlink(filename) - raise DistutilsError(f"Unexpected HTML page found at {url}") - -- def _download_svn(self, url, _filename): -- raise DistutilsError(f"Invalid config, SVN download is not supported: {url}") -- - @staticmethod -- def _vcs_split_rev_from_url(url, pop_prefix=False): -- scheme, netloc, path, query, frag = urllib.parse.urlsplit(url) -+ def _vcs_split_rev_from_url(url): -+ """ -+ Given a possible VCS URL, return a clean URL and resolved revision if any. -+ >>> vsrfu = PackageIndex._vcs_split_rev_from_url -+ >>> vsrfu('git+https://github.com/pypa/setuptools@v69.0.0#egg-info=setuptools') -+ ('https://github.com/pypa/setuptools', 'v69.0.0') -+ >>> vsrfu('git+https://github.com/pypa/setuptools#egg-info=setuptools') -+ ('https://github.com/pypa/setuptools', None) -+ >>> vsrfu('http://foo/bar') -+ ('http://foo/bar', None) -+ """ -+ parts = urllib.parse.urlsplit(url) - -- scheme = scheme.split('+', 1)[-1] -+ clean_scheme = parts.scheme.split('+', 1)[-1] - - # Some fragment identification fails -- path = path.split('#', 1)[0] -- -- rev = None -- if '@' in path: -- path, rev = path.rsplit('@', 1) -- -- # Also, discard fragment -- url = urllib.parse.urlunsplit((scheme, netloc, path, query, '')) -+ no_fragment_path, _, _ = parts.path.partition('#') - -- return url, rev -+ pre, sep, post = no_fragment_path.rpartition('@') -+ clean_path, rev = (pre, post) if sep else (post, None) - -- def _download_git(self, url, filename): -- filename = filename.split('#', 1)[0] -- url, rev = self._vcs_split_rev_from_url(url, pop_prefix=True) -- -- self.info("Doing git clone from %s to %s", url, filename) -- os.system("git clone --quiet %s %s" % (url, filename)) -- -- if rev is not None: -- self.info("Checking out %s", rev) -- os.system( -- "git -C %s checkout --quiet %s" -- % ( -- filename, -- rev, -- ) -- ) -+ resolved = parts._replace( -+ scheme=clean_scheme, -+ path=clean_path, -+ # discard the fragment -+ fragment='', -+ ).geturl() - -- return filename -- -- def _download_hg(self, url, filename): -- filename = filename.split('#', 1)[0] -- url, rev = self._vcs_split_rev_from_url(url, pop_prefix=True) -- -- self.info("Doing hg clone from %s to %s", url, filename) -- os.system("hg clone --quiet %s %s" % (url, filename)) -- -- if rev is not None: -- self.info("Updating to %s", rev) -- os.system( -- "hg --cwd %s up -C -r %s -q" -- % ( -- filename, -- rev, -- ) -- ) -- -- return filename -+ return resolved, rev - - def debug(self, msg, *args): - log.debug(msg, *args) -diff --git a/setuptools/tests/test_packageindex.py b/setuptools/tests/test_packageindex.py -index f1fa745..a7d2b5d 100644 ---- a/setuptools/tests/test_packageindex.py -+++ b/setuptools/tests/test_packageindex.py -@@ -5,7 +5,6 @@ import platform - import urllib.request - import urllib.error - import http.client --from unittest import mock - - import pytest - -@@ -186,49 +185,46 @@ class TestPackageIndex: - assert dists[0].version == '' - assert dists[1].version == vc - -- def test_download_git_with_rev(self, tmpdir): -+ def test_download_git_with_rev(self, tmp_path, fp): - url = 'git+https://github.example/group/project@master#egg=foo' - index = setuptools.package_index.PackageIndex() - -- with mock.patch("os.system") as os_system_mock: -- result = index.download(url, str(tmpdir)) -+ expected_dir = tmp_path / 'project@master' -+ fp.register([ -+ 'git', -+ 'clone', -+ '--quiet', -+ 'https://github.example/group/project', -+ expected_dir, -+ ]) -+ fp.register(['git', '-C', expected_dir, 'checkout', '--quiet', 'master']) - -- os_system_mock.assert_called() -+ result = index.download(url, tmp_path) - -- expected_dir = str(tmpdir / 'project@master') -- expected = ( -- 'git clone --quiet ' 'https://github.example/group/project {expected_dir}' -- ).format(**locals()) -- first_call_args = os_system_mock.call_args_list[0][0] -- assert first_call_args == (expected,) -+ assert result == str(expected_dir) -+ assert len(fp.calls) == 2 - -- tmpl = 'git -C {expected_dir} checkout --quiet master' -- expected = tmpl.format(**locals()) -- assert os_system_mock.call_args_list[1][0] == (expected,) -- assert result == expected_dir -- -- def test_download_git_no_rev(self, tmpdir): -+ def test_download_git_no_rev(self, tmp_path, fp): - url = 'git+https://github.example/group/project#egg=foo' - index = setuptools.package_index.PackageIndex() - -- with mock.patch("os.system") as os_system_mock: -- result = index.download(url, str(tmpdir)) -- -- os_system_mock.assert_called() -- -- expected_dir = str(tmpdir / 'project') -- expected = ( -- 'git clone --quiet ' 'https://github.example/group/project {expected_dir}' -- ).format(**locals()) -- os_system_mock.assert_called_once_with(expected) -- -- def test_download_svn(self, tmpdir): -+ expected_dir = tmp_path / 'project' -+ fp.register([ -+ 'git', -+ 'clone', -+ '--quiet', -+ 'https://github.example/group/project', -+ expected_dir, -+ ]) -+ index.download(url, tmp_path) -+ -+ def test_download_svn(self, tmp_path): - url = 'svn+https://svn.example/project#egg=foo' - index = setuptools.package_index.PackageIndex() - - msg = r".*SVN download is not supported.*" - with pytest.raises(distutils.errors.DistutilsError, match=msg): -- index.download(url, str(tmpdir)) -+ index.download(url, tmp_path) - - - class TestContentCheckers: --- -2.33.0 - diff --git a/bugfix-eliminate-random-order-in-metadata.patch b/bugfix-eliminate-random-order-in-metadata.patch deleted file mode 100644 index f103434ea9cf13f1db8d235d8e1e376e58184fe5..0000000000000000000000000000000000000000 --- a/bugfix-eliminate-random-order-in-metadata.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 99ba862948c27f8851ae2131ff36daee0195ae4a Mon Sep 17 00:00:00 2001 -From: chengzihan2 -Date: Thu, 4 Jun 2020 17:29:07 +0800 -Subject: [PATCH] bugfix eliminate random order in metadata - ---- - setuptools/dist.py | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/setuptools/dist.py b/setuptools/dist.py -index fb16886..86a5402 100644 ---- a/setuptools/dist.py -+++ b/setuptools/dist.py -@@ -208,7 +208,7 @@ def write_pkg_file(self, file): # noqa: C901 # is too complex (14) # FIXME - if self.long_description_content_type: - write_field('Description-Content-Type', self.long_description_content_type) - if self.provides_extras: -- for extra in self.provides_extras: -+ for extra in sorted(self.provides_extras): - write_field('Provides-Extra', extra) - - self._write_list(file, 'License-File', self.license_files or []) --- -1.8.3.1 - diff --git a/python-setuptools.spec b/python-setuptools.spec index 0cfb03f9dace6b663f7156f2d503137377759835..a56df504c9b17a1c69c786346a576aa1b04264eb 100644 --- a/python-setuptools.spec +++ b/python-setuptools.spec @@ -7,16 +7,14 @@ %global python_whlname setuptools-%{version}-py3-none-any.whl Name: python-setuptools -Version: 68.0.0 -Release: 2 +Version: 78.1.1 +Release: 4 Summary: Easily build and distribute Python packages -License: MIT and (BSD or ASL 2.0) +License: MIT AND Apache-2.0 AND (BSD-2-Clause OR Apache-2.0) AND Python-2.0 AND LGPL-3.0-only URL: https://pypi.python.org/pypi/setuptools Source0: %{pypi_source setuptools %{version}} - -Patch9000: bugfix-eliminate-random-order-in-metadata.patch -Patch9001: backport-CVE-2024-6345.patch +Patch1: Revert-Always-rewrite-a-Python-shebang-to-python.patch BuildArch: noarch @@ -31,7 +29,6 @@ BuildRequires: python3-pip, python3-wheel %endif Provides: python-distribute = %{version}-%{release}, %{name}-wheel -Obsoletes: python-distribute < 0.6.36-2, %{name}-wheel %description Setuptools is a collection of enhancements to the Python distutils that allow @@ -45,6 +42,7 @@ Summary: Easily build and distribute Python 3 packages Conflicts: python-setuptools < %{version}-%{release} Provides: python%{python3_pkgversion}dist(setuptools) = %{version} Provides: python%{python3_version}dist(setuptools) = %{version} +Requires: (gobject-introspection-devel >= 1.81.2 if gobject-introspection-devel) %description -n python3-setuptools Setuptools is a collection of enhancements to the Python 3 distutils that allow @@ -61,8 +59,6 @@ execute the software that requires pkg_resources.py. find setuptools pkg_resources -name \*.py | xargs sed -i -e '1 {/^#!\//d}' rm -f setuptools/*.exe -rm setuptools/tests/test_integration.py -chmod -x README.rst %build %if %{without bootstrap} @@ -108,10 +104,28 @@ PYTHONDONTWRITEBYTECODE=1 PYTHONPATH=$(pwd) py.test-%{python3_version} --ignore= %files help %defattr(-,root,root) -%doc docs/* CHANGES.rst README.rst +%doc docs/* README.rst %changelog +* Thu Aug 28 2025 fuanan - 78.1.1-4 +- update License + +* Thu Jul 03 2025 Dongxing Wang - 78.1.1-3 +- Revert Always rewrite a Python shebang to python + +* Tue Jun 10 2025 Funda Wang - 78.1.1-2 +- force gobject-introspection version for upgrade + +* Thu May 29 2025 Dongxing Wang - 78.1.1-1 +- Update package to version 78.1.1 + +* Wed May 28 2025 Dongxing Wang - 69.5.0-1 +- Update package to version 69.5.0 + +* Mon Aug 26 2024 dillon chen - 69.2.0-1 +- back package to version 69.2.0 + * Mon Jul 15 2024 zhangxianting - 68.0.0-2 - Fix CVE-2024-6345 diff --git a/setuptools-68.0.0.tar.gz b/setuptools-68.0.0.tar.gz deleted file mode 100644 index b2d8822260df88c3b4013337986da29fe6875451..0000000000000000000000000000000000000000 Binary files a/setuptools-68.0.0.tar.gz and /dev/null differ diff --git a/setuptools-78.1.1.tar.gz b/setuptools-78.1.1.tar.gz new file mode 100644 index 0000000000000000000000000000000000000000..a6becac7c518245774a9026d9641ddd7f26b8f84 Binary files /dev/null and b/setuptools-78.1.1.tar.gz differ