Update to 26.0.1 (bsc#1257599, CVE-2026-1703)

OBS-URL: https://build.opensuse.org/request/show/1271132
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-pip?expand=0&rev=70

disable-ssl-context-in-buildenv.patch

@@ -0,0 +1,17 @@
+Index: pip-26.0/src/pip/_internal/cli/index_command.py
+===================================================================
+--- pip-26.0.orig/src/pip/_internal/cli/index_command.py
++++ pip-26.0/src/pip/_internal/cli/index_command.py
+@@ -49,7 +49,11 @@ def _create_truststore_ssl_context() ->
+         return None
+ 
+     ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)
+-    ctx.load_verify_locations(certifi.where())
++    try:
++        ctx.load_verify_locations(certifi.where())
++    except (FileNotFoundError, ssl.SSLError):
++        logger.warning("Disabling truststore because of missing certificates")
++        return None
+     return ctx
+ 
+ 

distutils-reproducible-compile.patch

@@ -1,17 +0,0 @@
----
- src/pip/_vendor/distlib/wheel.py |    2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-Index: pip-22.3.1/src/pip/_vendor/distlib/wheel.py
-===================================================================
---- pip-22.3.1.orig/src/pip/_vendor/distlib/wheel.py
-+++ pip-22.3.1/src/pip/_vendor/distlib/wheel.py
-@@ -567,7 +567,7 @@ class Wheel(object):
-             maker.source_dir = workdir
-             maker.target_dir = None
-             try:
--                for zinfo in zf.infolist():
-+                for zinfo in sorted(zf.infolist()):
-                     arcname = zinfo.filename
-                     if isinstance(arcname, text_type):
-                         u_arcname = arcname

pip-24.0-gh.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ad0dfe75fb28092a8cbe18523391695ceb0c0d65a5c9a969349fcb13b12b84c7
-size 9398156

pip-shipped-requests-cabundle.patch

@@ -3,26 +3,32 @@
  tests/unit/test_options.py      |    5 +
  2 files changed, 13 insertions(+), 97 deletions(-)
 
---- a/src/pip/_vendor/certifi/core.py
-+++ b/src/pip/_vendor/certifi/core.py
-@@ -3,106 +3,17 @@ certifi.py
+Index: pip-26.0/src/pip/_vendor/certifi/core.py
+===================================================================
+--- pip-26.0.orig/src/pip/_vendor/certifi/core.py
++++ pip-26.0/src/pip/_vendor/certifi/core.py
+@@ -3,81 +3,14 @@ certifi.py
  ~~~~~~~~~~
  
  This module returns the installation location of cacert.pem or its contents.
 +Patched by openSUSE: return the system bundle
  """
 -import sys
- 
+-import atexit
 +def read_text(_module=None, _path=None, encoding="ascii"):
 +    with open(where(), "r", encoding=encoding) as data:
 +        return data.read()
  
--if sys.version_info >= (3, 11):
- 
--    from importlib.resources import as_file, files
+-def exit_cacert_ctx() -> None:
+-    _CACERT_CTX.__exit__(None, None, None)  # type: ignore[union-attr]
 +def where() -> str:
 +    return "/etc/ssl/ca-bundle.pem"
  
+-
+-if sys.version_info >= (3, 11):
+-
+-    from importlib.resources import as_file, files
+-
 -    _CACERT_CTX = None
 -    _CACERT_PATH = None
 -
@@ -47,13 +53,14 @@
 -            # we will also store that at the global level as well.
 -            _CACERT_CTX = as_file(files("pip._vendor.certifi").joinpath("cacert.pem"))
 -            _CACERT_PATH = str(_CACERT_CTX.__enter__())
+-            atexit.register(exit_cacert_ctx)
 -
 -        return _CACERT_PATH
 -
 -    def contents() -> str:
 -        return files("pip._vendor.certifi").joinpath("cacert.pem").read_text(encoding="ascii")
 -
--elif sys.version_info >= (3, 7):
+-else:
 -
 -    from importlib.resources import path as get_path, read_text
 -
@@ -82,61 +89,35 @@
 -            # we will also store that at the global level as well.
 -            _CACERT_CTX = get_path("pip._vendor.certifi", "cacert.pem")
 -            _CACERT_PATH = str(_CACERT_CTX.__enter__())
+-            atexit.register(exit_cacert_ctx)
 -
 -        return _CACERT_PATH
 -
 -    def contents() -> str:
 -        return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii")
--
--else:
--    import os
--    import types
--    from typing import Union
--
--    Package = Union[types.ModuleType, str]
--    Resource = Union[str, "os.PathLike"]
--
--    # This fallback will work for Python versions prior to 3.7 that lack the
--    # importlib.resources module but relies on the existing `where` function
--    # so won't address issues with environments like PyOxidizer that don't set
--    # __file__ on modules.
--    def read_text(
--        package: Package,
--        resource: Resource,
--        encoding: str = 'utf-8',
--        errors: str = 'strict'
--    ) -> str:
--        with open(where(), encoding=encoding) as data:
--            return data.read()
--
--    # If we don't have importlib.resources, then we will just do the old logic
--    # of assuming we're on the filesystem and munge the path directly.
--    def where() -> str:
--        f = os.path.dirname(__file__)
- 
--        return os.path.join(f, "cacert.pem")
--
--    def contents() -> str:
--        return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii")
 +def contents() -> str:
 +    return read_text(encoding="ascii")
---- a/tests/unit/test_options.py
-+++ b/tests/unit/test_options.py
-@@ -1,4 +1,5 @@
+Index: pip-26.0/tests/unit/test_options.py
+===================================================================
+--- pip-26.0.orig/tests/unit/test_options.py
++++ pip-26.0/tests/unit/test_options.py
+@@ -1,6 +1,7 @@
+ from __future__ import annotations
+ 
  import os
 +import os.path
+ from collections.abc import Iterator
  from contextlib import contextmanager
  from optparse import Values
- from tempfile import NamedTemporaryFile
-@@ -11,6 +12,7 @@ from pip._internal.cli.main import main
+@@ -15,6 +16,7 @@ from pip._internal.cli.main import main
  from pip._internal.commands import create_command
  from pip._internal.commands.configuration import ConfigurationCommand
- from pip._internal.exceptions import PipError
+ from pip._internal.exceptions import CommandError, PipError
 +from pip._vendor.certifi import where
+ 
  from tests.lib.options_helpers import AddFakeCommandMixin
  
- 
-@@ -618,6 +620,9 @@ class TestOptionsConfigFiles:
+@@ -537,6 +539,9 @@ class TestOptionsConfigFiles:
          else:
              assert expect == cmd._determine_file(options, need_value=False)
  

python-pip.changes

@@ -1,3 +1,401 @@
+-------------------------------------------------------------------
+Thu Feb  5 06:51:28 UTC 2026 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Update to 26.0.1:
+  * Fix --pre not being respected from the command line when a
+    requirement file includes an option e.g. -extra-index-url.
+    (#13788)
+
+-------------------------------------------------------------------
+Tue Feb  3 09:10:32 UTC 2026 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Add %{?pythons_for_pypi} macro, to be used in Leap 16.x for short
+  term interpreter.
+- Drop upstreamed patch flit-core.patch
+
+- Update to 26.0 (bsc#1257599, CVE-2026-1703):
+  # Deprecations and Removals
+  - Remove support for non-bare project names in egg fragments.
+    Affected users should use the Direct URL requirement syntax.
+    (#13157)
+  # Features
+  - Display pip’s command-line help in colour, if possible. (#12134)
+  - Support installing dependencies declared with inline script
+    metadata (PEP 723) with --requirements-from-script. (#12891)
+  - Add --all-releases and --only-final options to control pre-release
+    and final release selection during package installation. (#13221)
+  - Add --uploaded-prior-to option to only consider packages uploaded
+    prior to a given datetime when the upload-time field is available
+    from a remote index. (#13625)
+  - Add --use-feature inprocess-build-deps to request that build
+    dependencies are installed within the same pip install process.
+    This new mechanism is faster, supports --no-clean and
+    --no-cache-dir reliably, and supports prompting for
+    authentication.
+  - Enabling this feature will also enable --use-feature
+    build-constraints. This feature will become the default in a
+    future pip version. (#9081)
+  - pip cache purge and pip cache remove now clean up empty
+    directories and legacy files left by older pip versions. (#9058)
+  # Bug Fixes
+  - Fix selecting pre-release versions when only pre-releases match.
+    For example, package>1.0 with versions 1.0, 2.0rc1 now installs
+    2.0rc1 instead of failing. (#13746)
+  - Revisions in version control URLs now must be percent-encoded. For
+    example, use git+https://example.com/repo.git@issue%231 to specify
+    the branch issue#1. If you previously used a branch name
+    containing a % character in a version control URL, you now need to
+    replace it with %25 to ensure correct percent-encoding. (#13407)
+  - Preserve original casing when a path is displayed. (#6823)
+  - Fix bash completion when the $IFS variable has been modified from
+    its default. (#13555)
+  - Precompute Python requirements on each candidate, reducing time of
+    long resolutions. (#13656)
+  - Skip redundant work converting version objects to strings when
+    using the importlib.metadata backend. (#13660)
+  - Fix pip index versions to honor only-binary/no-binary options.
+    (#13682)
+  - Fix fallthrough logic for options, allowing overriding global
+    options with defaults from user config. (#13703)
+  - Use a path-segment prefix comparison, not char-by-char. (#13777)
+
+- 25.3:
+  # Deprecations and Removals
+  - Remove support for the legacy setup.py develop editable method in
+    setuptools editable installs; setuptools >= 64 is now required.
+    (#11457)
+  - Remove the deprecated --global-option and --build-option.
+    --config-setting is now the only way to pass options to the build
+    backend. (#11859)
+  - Deprecate the PIP_CONSTRAINT environment variable for specifying
+    build constraints.
+  - Use the --build-constraint option or the PIP_BUILD_CONSTRAINT
+    environment variable instead. When build constraints are used,
+    PIP_CONSTRAINT no longer affects isolated build environments. To
+    enable this behavior without specifying any build constraints, use
+    --use-feature=build-constraint. (#13534)
+  - Remove support for non-standard legacy wheel filenames. (#13581)
+  - Remove support for the deprecated setup.py bdist_wheel mechanism.
+    Consequently, --use-pep517 is now always on, and --no-use-pep517
+    has been removed. (#6334)
+  # Features
+  - When PEP 658 metadata is available, full distribution files are no
+    longer downloaded when using pip lock or pip install --dry-run.
+    (#12603)
+  - Add support for installing an editable requirement written as a
+    Direct URL (PackageName @ URL). (#13495)
+  - Add support for build constraints via the --build-constraint
+    option. This allows constraining the versions of packages used
+    during the build process (e.g., setuptools) without affecting the
+    final installation. (#13534)
+  - On ResolutionImpossible errors, include a note about causes with
+    no candidates. (#13588)
+  - Building pip itself from source now uses flit-core instead of
+    setuptools. This does not affect how pip installs or builds
+    packages you use. (#13473)
+  # Bug Fixes
+  - Handle malformed Version metadata entries and show a sensible
+    error message instead of crashing. (#13443)
+  - Permit spaces between a filepath and extras in an install
+    requirement. (#13523)
+  - Ensure the self-check files in the cache have the same permissions
+    as the rest of the cache. (#13528)
+  - Avoid concurrency issues and improve performance when caching
+    locally built wheels, especially when the temporary build
+    directory is on a different filesystem than the cache. The wheel
+    directory passed to the build backend is now a temporary
+    subdirectory inside the cache directory. (#13540)
+  - Include relevant user-supplied constraints in logs when reporting
+    dependency conflicts. (#13545)
+  - Fix a regression in configuration parsing that was turning a
+    single value into a list and thus leading to a validation error.
+    (#13548)
+  - For Python versions that do not support PEP 706, pip will now
+    raise an installation error for a source distribution when it
+    includes a symlink that points outside the source distribution
+    archive. (#13550)
+  - Prevent --user installs if site.ENABLE_USER_SITE is set to False.
+    (#8794)
+
+-------------------------------------------------------------------
+Wed Aug 13 12:25:02 UTC 2025 - Markéta Machová <mmachova@suse.com>
+
+- update to 25.2
+  # 25.1
+  * Drop support for Python 3.8.
+  * On python 3.14+, the pkg_resources metadata backend cannot be used
+    anymore.
+  * Hide --no-python-version-warning from CLI help and documentation
+    as it's useless since Python 2 support was removed.
+  * A warning is emitted when the deprecated pkg_resources library is
+    used to inspect and discover installed packages.
+  * Deprecate the legacy setup.py bdist_wheel mechanism. To silence
+    the warning, and future-proof their setup, users should enable
+    --use-pep517 or add a pyproject.toml file to the projects they
+    control.
+  * Using --debug also enables verbose logging.
+  * Display a transient progress bar during package installation.
+  * Add a --group option which allows installation from PEP 735
+    Dependency Groups.
+  * Use PEP 753 "Well-known Project URLs in Metadata" normalization
+    rules when identifying an equivalent project URL to replace
+    a missing Home-Page field in pip show.
+  * Add a new, experimental, pip lock command, implementing PEP 751.
+  * Resolvelib 1.1.0 fixes a known issue where pip would report a
+    ResolutionImpossible error even though there is a valid solution.
+    However, some very complex dependency resolutions that previously
+    resolved may resolve slower or fail with an ResolutionTooDeep error.
+  # 25.2
+  * Declare support for Python 3.14
+  * Automatic download resumption and retrying is enabled by default.
+  * Requires-Python error message displays version clauses in numerical
+    order.
+  * Show time taken instead of eta 0:00:00 at download completion.
+  * Remove warning when cloning from a Git reference that does not look
+    like a commit hash.
+  * pip's own licensing metadata now follows PEP 639. In addition, the
+    licenses of pip's vendored dependencies are now included in the
+    License-File metadata field and in the wheel.
+- Drop no-longer-applicable distutils-reproducible-compile.patch
+  * distlib was trimmed https://github.com/pypa/pip/pull/13342
+- Add upstream flit-core.patch to fix build
+
+-------------------------------------------------------------------
+Thu Apr 17 12:40:51 UTC 2025 - Felix Stegmeier <felix.stegmeier@suse.com>
+
+- update to 25.0.1
+  * Fix an unsupported type annotation on Python 3.10 and earlier. 
+    (#13181)
+  * Fix a regression where truststore would never be used while 
+    installing build dependencies. (#13186)
+  * Deprecate the no-python-version-warning flag as it has long done 
+    nothing since Python 2 support was removed in pip 21.0. (#13154)
+  * Prefer to display PEP 639 License-Expression in pip show if
+    metadata version is at least 2.4. (#13112)
+  * Support PEP 639 License-Expression and License-File metadata 
+    fields in JSON output. pip inspect and pip install --report now 
+    emit license_expression and license_file fields in the metadata 
+    object, if the corresponding fields are present in the installed 
+    METADATA file. (#13134)
+  * Files in the network cache will inherit the read/write permissions 
+    of pip’s cache directory (in addition to the current user retaining 
+    read/write access). This enables a single cache to be shared among 
+    multiple users. (#11012)
+  * Return the size, along with the number, of files cleared on pip 
+    cache purge and pip cache remove (#12176)
+  * Cache python-requires checks while filtering potential installation 
+    candidates. (#13128)
+  * Optimize package collection by avoiding unnecessary URL parsing and 
+    other processing. (#13132)
+  * Reorder the encoding detection when decoding a requirements file, 
+    relying on UTF-8 over the locale encoding by default, matching the 
+    documented behaviour. (#12771)
+  * The pip version self check is disabled on EXTERNALLY-MANAGED 
+    environments. (#11820)
+  * Fix a security bug allowing a specially crafted wheel to execute 
+    code during installation. (#13079)
+  * The inclusion of packaging 24.2 changes how pre-release specifiers 
+    with < and > behave. Including a pre-release version with these 
+    specifiers now implies accepting pre-releases (e.g., <2.0dev can 
+    include 1.0rc1). To avoid implying pre-releases, avoid specifying 
+    them (e.g., use <2.0). The exception is !=, which never implies 
+    pre-releases. (#13163)
+  * The --cert and --client-cert command-line options are now 
+    respected while installing build dependencies. Consequently, the 
+    private _PIP_STANDALONE_CERT environment variable is no longer 
+    used. (#5502)
+  * The --proxy command-line option is now respected while installing 
+    build dependencies. (#6018)
+
+
+-------------------------------------------------------------------
+Wed Oct 30 08:10:12 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 24.3.1:
+  * Allow multiple nested inclusions of the same requirements
+    file again.
+  * Deprecate wheel filenames that are not compliant with PEP
+    440.
+  * Detect recursively referencing requirements files and help
+    users identify the source.
+  * Support for PEP 730 iOS wheels.
+  * Display a better error message when an already installed
+    package has an invalid requirement.
+  * Ignore PIP_TARGET and pip.conf global.target when preparing a
+    build environment.
+  * Restore support for macOS 10.12 and older (via truststore).
+  * Allow installing pip in editable mode in a virtual
+    environment on Windows.
+  * Upgrade certifi to 2024.8.30
+  * Upgrade distlib to 0.3.9
+  * Upgrade truststore to 0.10.0
+  * Upgrade urllib3 to 1.26.20
+
+-------------------------------------------------------------------
+Mon Sep 23 11:21:24 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Adapt disable-ssl-context-in-buildenv.patch to make it compatible
+  with leap
+
+-------------------------------------------------------------------
+Mon Aug 12 16:49:06 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 24.2:
+  * Deprecate pip install --editable falling back to setup.py
+    develop when using a setuptools version that does not support
+    PEP 660 (setuptools v63 and older).
+  * Check unsupported packages for the current platform. (#11054)
+  * Check unsupported packages for the current platform.
+  * Use system certificates and certifi certificates to verify
+    HTTPS connections on Python 3.10+. Python 3.9 and earlier
+    only use certifi. To revert to previous behaviour, pass the
+    flag --use-deprecated=legacy-certs. (#11647)
+  * Use system certificates and certifi certificates to verify
+    HTTPS connections on Python 3.10+. Python 3.9 and earlier
+    only use certifi.
+  * To revert to previous behaviour, pass the flag --use-
+    deprecated=legacy-certs.
+  * Improve discovery performance of installed packages when the
+    importlib.metadata backend is used to load distribution
+    metadata (used by default under Python 3.11+). (#12656)
+  * Improve discovery performance of installed packages when the
+    importlib.metadata backend is used to load distribution
+    metadata (used by default under Python 3.11+).
+  * Improve performance when the same requirement string appears
+    many times during resolution, by consistently caching the
+    parsed requirement string. (#12663)
+  * Improve performance when the same requirement string appears
+    many times during resolution, by consistently caching the
+    parsed requirement string.
+  * Minor performance improvement of finding applicable package
+    candidates by not repeatedly calculating their versions
+    (#12664)
+  * Minor performance improvement of finding applicable package
+    candidates by not repeatedly calculating their versions
+  * Disable pip's self version check when invoking a pip
+    subprocess to install PEP 517 build requirements. (#12683)
+  * Disable pip's self version check when invoking a pip
+    subprocess to install PEP 517 build requirements.
+  * Improve dependency resolution performance by caching platform
+    compatibility tags during wheel cache lookup. (#12712)
+  * Improve dependency resolution performance by caching platform
+    compatibility tags during wheel cache lookup.
+  * wheel is no longer explicitly listed as a build dependency of
+    pip. setuptools injects this dependency in the
+    get_requires_for_build_wheel() hook and no longer needs it on
+    newer versions. (#12728)
+  * wheel is no longer explicitly listed as a build dependency of
+    pip. setuptools injects this dependency in the
+    get_requires_for_build_wheel() hook and no longer needs it on
+    newer versions.
+  * Ignore --require-virtualenv for pip check and pip freeze
+    (#12842)
+  * Ignore --require-virtualenv for pip check and pip freeze
+  * Improve package download and install performance. Increase
+    chunk sizes when downloading (256 kB, up from 10 kB) and
+    reading files (1 MB, up from 8 kB). This reduces the
+    frequency of updates to pip's progress bar. (#12810)
+  * Improve package download and install performance.
+  * Increase chunk sizes when downloading (256 kB, up from 10 kB)
+    and reading files (1 MB, up from 8 kB). This reduces the
+    frequency of updates to pip's progress bar.
+  * Improve pip install performance. Files are now extracted in
+    1MB blocks, or in one block matching the file size for
+    smaller files. A decompressor is no longer instantiated when
+    extracting 0 bytes files, it is not necessary because there
+    is no data to decompress. (#12803)
+  * Improve pip install performance.
+  * Files are now extracted in 1MB blocks, or in one block
+    matching the file size for smaller files. A decompressor is
+    no longer instantiated when extracting 0 bytes files, it is
+    not necessary because there is no data to decompress.
+  * Set no_color to global rich.Console instance.
+  * Fix resolution to respect --python-version when checking
+    Requires-Python.
+  * Perform hash comparisons in a case-insensitive manner.
+  * Avoid dlopen failure for glibc detection in musl builds
+  * Avoid keyring logging crashes when pip is run in verbose
+    mode.
+  * Fix finding hardlink targets in tar files with an ignored
+    top-level directory.
+  * Improve pip install performance by only creating required
+    parent directories once, instead of before extracting every
+    file in the wheel.
+  * Improve pip install performance by calculating installed
+    packages printout in linear time instead of quadratic time.
+  * Remove vendored tenacity.
+  * Update the preload list for the DEBUNDLED case, to replace
+    pep517 that has been renamed to pyproject_hooks.
+  * Use tomllib from the stdlib if available, rather than tomli
+  * Upgrade certifi to 2024.7.4
+  * Upgrade platformdirs to 4.2.2
+  * Upgrade pygments to 2.18.0
+  * Upgrade setuptools to 70.3.0
+  * Upgrade typing_extensions to 4.12.2
+  * Correct —-ignore-conflicts (including an em dash) to
+    --ignore-conflicts.
+  * Fix finding hardlink targets in tar files with an ignored
+    top-level directory.
+- add disable-ssl-context-in-buildenv.patch: treat missing
+  ca-certificates as "ssl not available" for buildenvs
+
+-------------------------------------------------------------------
+Sun Jun 30 18:45:16 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 24.1.1:
+  * Actually use system trust stores when the truststore feature
+    is enabled.
+  * Report informative messages about invalid requirements.
+  * Eagerly import the self version check logic to avoid crashes
+    while upgrading or downgrading pip at the same time.
+  * Accommodate for mismatches between different sources of truth
+    for extra names, for packages generated by setuptools.
+  * Accommodate for development versions of CPython ending in +
+    in the version string.
+  * requests provides optional character detection support on
+    some APIs when processing ambiguous bytes. This isn't
+    relevant for pip to function and we're able to remove it due
+    to recent upstream changes.
+  * Drop support for EOL Python 3.7.
+  * Remove support for legacy versions and dependency specifiers.
+  * Packages with non standard-compliant versions or dependency
+    specifiers are now ignored by the resolver. Already installed
+    packages with non standard-compliant versions or dependency
+    specifiers must be uninstalled before upgrading them.
+  * Improve performance of resolution of large dependency trees,
+    with more caching.
+  * Further improve resolution performance of large dependency
+    trees, by caching hash calculations.
+  * Reduce startup time of commands (e.g. show, freeze) that do
+    not access the network by 15-30%.
+  * Reword and improve presentation of uninstallation errors.
+  * Add a 'raw' progress_bar type for simple and parsable
+    download progress reports
+  * pip list no longer performs the pip version check unless
+    --outdated or --uptodate is given.
+  * Use the data_filter when extracting tarballs, if it's
+    available.
+  * Display the Project-URL value under key "Home-page" in pip
+    show when the Home-Page metadata field is not set.
+  * The Project-URL key detection is case-insensitive, and
+    ignores any dashes and underscores.
+  * Ensure -vv gets passed to any pip install build environment
+    subprocesses.
+  * Deduplicate entries in the Requires field of pip show.
+  * Fix error on checkout for subversion and bazaar with verbose
+    mode on.
+  * Fix exception with completions when COMP_CWORD is not set
+  * Fix intermittent "cannot locate t64.exe" errors when
+    upgrading pip.
+  * Remove duplication in invalid wheel error message
+  * Remove the incorrect pip3.x console entrypoint from the pip
+    wheel. This console script continues to be generated by pip
+    when it installs itself.
+  * Gracefully skip VCS detection in pip freeze when PATH points
+    to a non-directory path.
+  * Make the --proxy parameter take precedence over environment
+    variables.
+
 -------------------------------------------------------------------
 Sun Apr 28 19:10:12 UTC 2024 - Dirk Müller <dmueller@suse.com>
 

python-pip.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-pip
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2026 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -29,12 +29,12 @@
 %else
 %bcond_with libalternatives
 %endif
-
 # in order to avoid rewriting for subpackage generator
 %define mypython python
+%{?pythons_for_pypi}
 %{?sle15_python_module_pythons}
 Name:           python-pip%{psuffix}
-Version:        24.0
+Version:        26.0.1
 Release:        0
 Summary:        A Python package management system
 License:        MIT
@@ -43,11 +43,10 @@ URL:            https://pip.pypa.io
 Source:         https://github.com/pypa/pip/archive/%{version}.tar.gz#/pip-%{version}-gh.tar.gz
 # PATCH-FIX-OPENSUSE pip-shipped-requests-cabundle.patch -- adapted patch from python-certifi package
 Patch0:         pip-shipped-requests-cabundle.patch
-# PATCH-FIX-UPSTREAM distutils-reproducible-compile.patch gh#python/cpython#8057 mcepl@suse.com
-# To get reproducible builds, byte_compile() of distutils.util now sorts filenames.
-Patch1:         distutils-reproducible-compile.patch
-BuildRequires:  %{python_module base >= 3.7}
-BuildRequires:  %{python_module setuptools >= 40.8.0}
+# PATCH-FIX-OPENSUSE: deal missing ca-certificates as "ssl not available"
+Patch1:         disable-ssl-context-in-buildenv.patch
+BuildRequires:  %{python_module base >= 3.9}
+BuildRequires:  %{python_module flit-core >= 3.11}
 # The rpm python-wheel build is bootstrap friendly since 0.42
 BuildRequires:  %{python_module wheel}
 BuildRequires:  fdupes
@@ -64,20 +63,21 @@ Requires(post): update-alternatives
 Requires(postun): update-alternatives
 %endif
 %if %{with test}
-# Test requirements:
-BuildRequires:  %{python_module pip = %{version}}
 BuildRequires:  %{python_module PyYAML}
 BuildRequires:  %{python_module Werkzeug}
 BuildRequires:  %{python_module cryptography}
-BuildRequires:  %{python_module docutils}
 BuildRequires:  %{python_module freezegun}
 BuildRequires:  %{python_module installer}
+# Test requirements:
+BuildRequires:  %{python_module pip = %{version}}
 BuildRequires:  %{python_module pretend}
+BuildRequires:  %{python_module pytest-socket}
+BuildRequires:  %{python_module pytest-xdist}
 BuildRequires:  %{python_module pytest}
 BuildRequires:  %{python_module scripttest}
 BuildRequires:  %{python_module setuptools-wheel}
 BuildRequires:  %{python_module virtualenv >= 1.10}
-BuildRequires:  ca-certificates
+BuildRequires:  ca-certificates-mozilla
 BuildRequires:  git-core
 %endif
 %python_subpackages
@@ -100,8 +100,6 @@ the wheel needs to be used directly in test or install setups
 # Exception: Use our own cabundle. Adapted patch from python-certifi package
 %autosetup -p1 -n pip-%{version}
 
-rm src/pip/_vendor/certifi/cacert.pem
-
 %if %{with test}
 mkdir -p tests/data/common_wheels
 %python_expand cp %{$python_sitelib}/../wheels/setuptools*.whl tests/data/common_wheels/
@@ -114,7 +112,6 @@ done
 # Remove windows executable binaries
 # bsc#1212015
 rm -v src/pip/_vendor/distlib/*.exe
-sed -i '/\.exe/d' setup.py
 
 %build
 %if !%{with test}
@@ -136,7 +133,7 @@ install -D -m 0644 -t %{buildroot}%{$python_sitelib}/../wheels dist/*.whl
 }
 
 %{python_expand # Fix shebang path for "pip3.XX" binaries
-sed -i "1s|#\!.*python.*|#\!/usr/bin/$python|" %{buildroot}%{_bindir}/pip%{$python_bin_suffix}
+sed -i "1s|#\!.*python.*|#\!%{_bindir}/$python|" %{buildroot}%{_bindir}/pip%{$python_bin_suffix}
 }
 
 %python_clone -a %{buildroot}%{_bindir}/pip