Update to 26.0.1 (bsc#1257599, CVE-2026-1703)

OBS-URL: https://build.opensuse.org/request/show/1271132
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-pip?expand=0&rev=70

disable-ssl-context-in-buildenv.patch

@@ -1,21 +1,8 @@
-Index: pip-24.2/src/pip/_vendor/requests/adapters.py
+Index: pip-26.0/src/pip/_internal/cli/index_command.py
 ===================================================================
---- pip-24.2.orig/src/pip/_vendor/requests/adapters.py
+--- pip-26.0.orig/src/pip/_internal/cli/index_command.py
-+++ pip-24.2/src/pip/_vendor/requests/adapters.py
++++ pip-26.0/src/pip/_internal/cli/index_command.py
-@@ -81,7 +81,7 @@ try:
+@@ -49,7 +49,11 @@ def _create_truststore_ssl_context() ->
-     _preloaded_ssl_context.load_verify_locations(
-         extract_zipped_paths(DEFAULT_CA_BUNDLE_PATH)
-     )
--except ImportError:
-+except (ImportError, FileNotFoundError, ssl.SSLError):
-     # Bypass default SSLContext creation when Python
-     # interpreter isn't built with the ssl module.
-     _preloaded_ssl_context = None
-Index: pip-24.2/src/pip/_internal/cli/index_command.py
-===================================================================
---- pip-24.2.orig/src/pip/_internal/cli/index_command.py
-+++ pip-24.2/src/pip/_internal/cli/index_command.py
-@@ -43,7 +43,11 @@ def _create_truststore_ssl_context() ->
          return None
  
      ctx = truststore.SSLContext(ssl.PROTOCOL_TLS_CLIENT)

flit-core.patch

@@ -1,369 +0,0 @@
-From 9abe08127cb666e9eef9e231d4bec0e89afdc830 Mon Sep 17 00:00:00 2001
-From: Damian Shaw <damian.peter.shaw@gmail.com>
-Date: Fri, 1 Aug 2025 20:59:08 -0400
-Subject: [PATCH 1/5] Use flit to build pip distributions
-
----
- .github/workflows/ci.yml                      |  2 +-
- MANIFEST.in                                   | 34 -----------
- build-project/build-requirements.in           |  2 +-
- build-project/build-requirements.txt          | 16 +++--
- .../html/development/architecture/anatomy.rst |  1 -
- pyproject.toml                                | 60 +++++++++++--------
- 6 files changed, 44 insertions(+), 71 deletions(-)
- delete mode 100644 MANIFEST.in
-
-diff --git a/MANIFEST.in b/MANIFEST.in
-deleted file mode 100644
-index 998cb4f485e..00000000000
---- a/MANIFEST.in
-+++ /dev/null
-@@ -1,34 +0,0 @@
--include NEWS.rst
--include README.rst
--include SECURITY.md
--include pyproject.toml
--
--include build-project/build-requirements.in
--include build-project/build-requirements.txt
--include build-project/build-project.py
--include build-project/.python-version
--
--include src/pip/_vendor/README.rst
--include src/pip/_vendor/vendor.txt
--
--include docs/requirements.txt
--
--exclude .git-blame-ignore-revs
--exclude .mailmap
--exclude .readthedocs.yml
--exclude .pre-commit-config.yaml
--exclude .readthedocs-custom-redirects.yml
--exclude noxfile.py
--
--recursive-include src/pip/_vendor *.pem
--recursive-include src/pip/_vendor py.typed
--recursive-include docs *.css *.py *.rst *.md
--recursive-include docs *.dot *.png
--
--recursive-exclude src/pip/_vendor *.pyi
--
--prune .github
--prune docs/build
--prune news
--prune tests
--prune tools
-diff --git a/build-project/build-requirements.in b/build-project/build-requirements.in
-index 4bc215a28d0..07a76cea647 100644
---- a/build-project/build-requirements.in
-+++ b/build-project/build-requirements.in
-@@ -1,2 +1,2 @@
- build
--setuptools
-+flit-core
-diff --git a/build-project/build-requirements.txt b/build-project/build-requirements.txt
-index c0cf0575088..65b647daf2c 100644
---- a/build-project/build-requirements.txt
-+++ b/build-project/build-requirements.txt
-@@ -8,17 +8,15 @@ build==1.2.2.post1 \
-     --hash=sha256:1d61c0887fa860c01971625baae8bdd338e517b836a2f70dd1f7aa3a6b2fc5b5 \
-     --hash=sha256:b36993e92ca9375a219c99e606a122ff365a760a2d4bba0caa09bd5278b608b7
-     # via -r build-requirements.in
--packaging==24.2 \
--    --hash=sha256:09abb1bccd265c01f4a3aa3f7a7db064b36514d2cba19a2f694fe6150451a759 \
--    --hash=sha256:c228a6dc5e932d346bc5739379109d49e8853dd8223571c7c5b55260edc0b97f
-+flit-core==3.12.0 \
-+    --hash=sha256:18f63100d6f94385c6ed57a72073443e1a71a4acb4339491615d0f16d6ff01b2 \
-+    --hash=sha256:e7a0304069ea895172e3c7bb703292e992c5d1555dd1233ab7b5621b5b69e62c
-+    # via -r build-requirements.in
-+packaging==25.0 \
-+    --hash=sha256:29572ef2b1f17581046b3a2227d5c611fb25ec70ca1ba8554b24b0e69331a484 \
-+    --hash=sha256:d443872c98d677bf60f6a1f2f8c1cb748e8fe762d2bf9d3148b5599295b0fc4f
-     # via build
- pyproject-hooks==1.2.0 \
-     --hash=sha256:1e859bd5c40fae9448642dd871adf459e5e2084186e8d2c2a79a824c970da1f8 \
-     --hash=sha256:9e5c6bfa8dcc30091c74b0cf803c81fdd29d94f01992a7707bc97babb1141913
-     # via build
--
--# The following packages are considered to be unsafe in a requirements file:
--setuptools==80.9.0 \
--    --hash=sha256:062d34222ad13e0cc312a4c02d73f059e86a4acbfbdea8f8f76b28c99f306922 \
--    --hash=sha256:f36b47402ecde768dbfafc46e8e4207b4360c654f1f3bb84475f0a28628fb19c
--    # via -r build-requirements.in
-diff --git a/docs/html/development/architecture/anatomy.rst b/docs/html/development/architecture/anatomy.rst
-index d5e205654ff..7a0fefbfa63 100644
---- a/docs/html/development/architecture/anatomy.rst
-+++ b/docs/html/development/architecture/anatomy.rst
-@@ -18,7 +18,6 @@ The ``README``, license, ``pyproject.toml``, and so on are in the top level.
- 
- * ``AUTHORS.txt``
- * ``LICENSE.txt``
--* ``MANIFEST.in``
- * ``NEWS.rst``
- * ``pyproject.toml``
- * ``README.rst``
-diff --git a/pyproject.toml b/pyproject.toml
-index 2da4e4aa2b5..7c68cc64433 100644
---- a/pyproject.toml
-+++ b/pyproject.toml
-@@ -1,6 +1,5 @@
- [project]
- dynamic = ["version"]
--
- name = "pip"
- description = "The PyPA recommended tool for installing Python packages."
- readme = "README.rst"
-@@ -46,12 +45,13 @@ Source = "https://github.com/pypa/pip"
- Changelog = "https://pip.pypa.io/en/stable/news/"
- 
- [build-system]
--requires = ["setuptools>=77"]
--build-backend = "setuptools.build_meta"
-+requires = ["flit-core >=3.11,<4"]
-+build-backend = "flit_core.buildapi"
- 
- [dependency-groups]
- test = [
-     "cryptography",
-+    "flit-core >= 3.11, < 4",
-     "freezegun",
-     "installer",
-     # pytest-subket requires 7.0+
-@@ -73,37 +73,35 @@ test = [
- ]
- 
- test-common-wheels = [
-+    "flit-core >= 3.11, < 4",
-     # We pin setuptools<80 because our test suite currently
-     # depends on setup.py develop to generate egg-link files.
-     "setuptools >= 40.8.0, != 60.6.0, <80",
-     "wheel",
-+    "flit-core",
-     # As required by pytest-cov.
-     "coverage >= 4.4",
-     "pytest-subket >= 0.8.1",
- ]
- 
--[tool.setuptools]
--package-dir = {"" = "src"}
--include-package-data = false
--
--[tool.setuptools.dynamic]
--version = {attr = "pip.__version__"}
--
--[tool.setuptools.packages.find]
--where = ["src"]
--exclude = ["contrib", "docs", "tests*", "tasks"]
--
--[tool.setuptools.package-data]
--"pip" = ["py.typed"]
--"pip._vendor" = ["vendor.txt"]
--"pip._vendor.certifi" = ["*.pem"]
--"pip._vendor.distlib" = [
--    "t32.exe",
--    "t64.exe",
--    "t64-arm.exe",
--    "w32.exe",
--    "w64.exe",
--    "w64-arm.exe",
-+[tool.flit.sdist]
-+include = [
-+    "NEWS.rst",
-+    "SECURITY.md",
-+    "build-project/.python-version",
-+    "build-project/build-project.py",
-+    "build-project/build-requirements.in",
-+    "build-project/build-requirements.txt",
-+    "docs/requirements.txt",
-+    "docs/**/*.css",
-+    "docs/**/*.dot",
-+    "docs/**/*.md",
-+    "docs/**/*.png",
-+    "docs/**/*.py",
-+    "docs/**/*.rst",
-+]
-+exclude = [
-+    "src/pip/_vendor/**/*.pyi",
- ]
- 
- ######################################################################################
-@@ -362,3 +360,15 @@ exclude_also = [
-     # This excludes typing-specific code, which will be validated by mypy anyway.
-     "if TYPE_CHECKING",
- ]
-+
-+[tool.check-sdist]
-+git-only = [
-+  "tests/**",
-+  "tools/**",
-+  "news/.gitignore",
-+  ".gitattributes",
-+  ".gitignore",
-+  ".git-blame-ignore-revs",
-+  ".mailmap",
-+  ".readthedocs-custom-redirects.yml"
-+]
-
-From 95f685d279473a401314a4b583ebbcf6ce4720af Mon Sep 17 00:00:00 2001
-From: Damian Shaw <damian.peter.shaw@gmail.com>
-Date: Fri, 1 Aug 2025 20:59:19 -0400
-Subject: [PATCH 2/5] Fix tests for flit
-
----
- tests/functional/test_freeze.py      | 41 ++++++++++++----------------
- tests/functional/test_self_update.py |  3 ++
- 2 files changed, 21 insertions(+), 23 deletions(-)
-
-diff --git a/tests/functional/test_freeze.py b/tests/functional/test_freeze.py
-index 0a7cedd11cb..9883beb87fd 100644
---- a/tests/functional/test_freeze.py
-+++ b/tests/functional/test_freeze.py
-@@ -99,38 +99,33 @@ def test_freeze_with_pip(script: PipTestEnvironment) -> None:
- 
- def test_freeze_with_setuptools(script: PipTestEnvironment) -> None:
-     """
--    Test that pip shows setuptools only when --all is used
--    or _should_suppress_build_backends() returns false
-+    Test that pip shows setuptools only when --all is used on Python < 3.12,
-+    otherwise it should be shown in default freeze output.
-     """
- 
-     result = script.pip("freeze", "--all")
-     assert "setuptools==" in result.stdout
- 
--    (script.site_packages_path / "mock.pth").write_text("import mock\n")
--
--    (script.site_packages_path / "mock.py").write_text(
--        textwrap.dedent(
--            """\
--                import pip._internal.commands.freeze as freeze
--                freeze._should_suppress_build_backends = lambda: False
--            """
--        )
--    )
--
-+    # Test the default behavior (without --all)
-     result = script.pip("freeze")
--    assert "setuptools==" in result.stdout
- 
--    (script.site_packages_path / "mock.py").write_text(
--        textwrap.dedent(
--            """\
--                import pip._internal.commands.freeze as freeze
--                freeze._should_suppress_build_backends = lambda: True
--            """
-+    should_suppress = sys.version_info < (3, 12)
-+    if should_suppress:
-+        # setuptools should be hidden in default freeze output
-+        assert "setuptools==" not in result.stdout, (
-+            f"setuptools should be suppressed in Python {sys.version_info[:2]} "
-+            f"but was found in freeze output: {result.stdout}"
-+        )
-+    else:
-+        # setuptools should be shown in default freeze output
-+        assert "setuptools==" in result.stdout, (
-+            f"setuptools should be shown in Python {sys.version_info[:2]} "
-+            f"but was not found in freeze output: {result.stdout}"
-         )
--    )
- 
--    result = script.pip("freeze")
--    assert "setuptools==" not in result.stdout
-+    # --all should always show setuptools regardless of version
-+    result_all = script.pip("freeze", "--all")
-+    assert "setuptools==" in result_all.stdout
- 
- 
- def test_exclude_and_normalization(script: PipTestEnvironment, tmpdir: Path) -> None:
-diff --git a/tests/functional/test_self_update.py b/tests/functional/test_self_update.py
-index 1331a87c319..9019e89211d 100644
---- a/tests/functional/test_self_update.py
-+++ b/tests/functional/test_self_update.py
-@@ -8,6 +8,9 @@ def test_self_update_editable(script: Any, pip_src: Any) -> None:
-     # mode, that pip can safely update itself to an editable install.
-     # See https://github.com/pypa/pip/issues/12666 for details.
- 
-+    # Install flit-core (build backend) since we use --no-build-isolation
-+    script.pip("install", "flit-core")
-+
-     # Step 1. Install pip as non-editable. This is expected to succeed as
-     # the existing pip in the environment is installed in editable mode, so
-     # it only places a .pth file in the environment.
-
-From 41352dfaae2b518b361158748303bf6b6a821336 Mon Sep 17 00:00:00 2001
-From: Damian Shaw <damian.peter.shaw@gmail.com>
-Date: Fri, 1 Aug 2025 20:59:26 -0400
-Subject: [PATCH 3/5] News entry
-
----
- news/13743.feature.rst | 2 ++
- 1 file changed, 2 insertions(+)
- create mode 100644 news/13743.feature.rst
-
-diff --git a/news/13743.feature.rst b/news/13743.feature.rst
-new file mode 100644
-index 00000000000..37f7db147f8
---- /dev/null
-+++ b/news/13743.feature.rst
-@@ -0,0 +1,2 @@
-+Building pip itself from source now uses flit-core instead of setuptools.
-+This does not affect how pip installs or builds packages you use.
-
-From a7807befc6905429eb4127b6765283155d0e97f3 Mon Sep 17 00:00:00 2001
-From: Damian Shaw <damian.peter.shaw@gmail.com>
-Date: Sat, 2 Aug 2025 13:04:24 -0400
-Subject: [PATCH 4/5] Install flit-core offline for `test_self_update_editable`
-
----
- tests/functional/test_self_update.py | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-
-diff --git a/tests/functional/test_self_update.py b/tests/functional/test_self_update.py
-index 9019e89211d..bd09736aead 100644
---- a/tests/functional/test_self_update.py
-+++ b/tests/functional/test_self_update.py
-@@ -1,15 +1,16 @@
- # Check that pip can update itself correctly
- 
-+from pathlib import Path
- from typing import Any
- 
- 
--def test_self_update_editable(script: Any, pip_src: Any) -> None:
-+def test_self_update_editable(script: Any, pip_src: Any, common_wheels: Path) -> None:
-     # Test that if we have an environment with pip installed in non-editable
-     # mode, that pip can safely update itself to an editable install.
-     # See https://github.com/pypa/pip/issues/12666 for details.
- 
-     # Install flit-core (build backend) since we use --no-build-isolation
--    script.pip("install", "flit-core")
-+    script.pip("install", "--no-index", "-f", common_wheels, "flit-core")
- 
-     # Step 1. Install pip as non-editable. This is expected to succeed as
-     # the existing pip in the environment is installed in editable mode, so
-
-From d652eb9a847e061818ef07ba3e8e2f795a959c0f Mon Sep 17 00:00:00 2001
-From: Damian Shaw <damian.peter.shaw@gmail.com>
-Date: Wed, 6 Aug 2025 20:54:24 -0400
-Subject: [PATCH 5/5] Update pyproject.toml
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Co-authored-by: Stéphane Bidoul <stephane.bidoul@acsone.eu>
----
- pyproject.toml | 1 -
- 1 file changed, 1 deletion(-)
-
-diff --git a/pyproject.toml b/pyproject.toml
-index 7c68cc64433..56180b9d4a0 100644
---- a/pyproject.toml
-+++ b/pyproject.toml
-@@ -78,7 +78,6 @@ test-common-wheels = [
-     # depends on setup.py develop to generate egg-link files.
-     "setuptools >= 40.8.0, != 60.6.0, <80",
-     "wheel",
--    "flit-core",
-     # As required by pytest-cov.
-     "coverage >= 4.4",
-     "pytest-subket >= 0.8.1",

pip-25.2-gh.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:d09e469f9c6d829eb5094f8369912519c025868a772077e826afd161abd67aee
-size 9121715

pip-shipped-requests-cabundle.patch

@@ -3,10 +3,10 @@
  tests/unit/test_options.py      |    5 +
  2 files changed, 13 insertions(+), 97 deletions(-)
 
-Index: pip-25.2/src/pip/_vendor/certifi/core.py
+Index: pip-26.0/src/pip/_vendor/certifi/core.py
 ===================================================================
---- pip-25.2.orig/src/pip/_vendor/certifi/core.py
+--- pip-26.0.orig/src/pip/_vendor/certifi/core.py
-+++ pip-25.2/src/pip/_vendor/certifi/core.py
++++ pip-26.0/src/pip/_vendor/certifi/core.py
 @@ -3,81 +3,14 @@ certifi.py
  ~~~~~~~~~~
  
@@ -97,10 +97,10 @@ Index: pip-25.2/src/pip/_vendor/certifi/core.py
 -        return read_text("pip._vendor.certifi", "cacert.pem", encoding="ascii")
 +def contents() -> str:
 +    return read_text(encoding="ascii")
-Index: pip-25.2/tests/unit/test_options.py
+Index: pip-26.0/tests/unit/test_options.py
 ===================================================================
---- pip-25.2.orig/tests/unit/test_options.py
+--- pip-26.0.orig/tests/unit/test_options.py
-+++ pip-25.2/tests/unit/test_options.py
++++ pip-26.0/tests/unit/test_options.py
 @@ -1,6 +1,7 @@
  from __future__ import annotations
  
@@ -109,15 +109,15 @@ Index: pip-25.2/tests/unit/test_options.py
  from collections.abc import Iterator
  from contextlib import contextmanager
  from optparse import Values
-@@ -13,6 +14,7 @@ import pip._internal.configuration
+@@ -15,6 +16,7 @@ from pip._internal.cli.main import main
- from pip._internal.cli.main import main
  from pip._internal.commands import create_command
  from pip._internal.commands.configuration import ConfigurationCommand
+ from pip._internal.exceptions import CommandError, PipError
 +from pip._vendor.certifi import where
- from pip._internal.exceptions import PipError
  
  from tests.lib.options_helpers import AddFakeCommandMixin
-@@ -621,6 +623,9 @@ class TestOptionsConfigFiles:
+ 
+@@ -537,6 +539,9 @@ class TestOptionsConfigFiles:
          else:
              assert expect == cmd._determine_file(options, need_value=False)
  

python-pip.changes

@@ -1,3 +1,122 @@
+-------------------------------------------------------------------
+Thu Feb  5 06:51:28 UTC 2026 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Update to 26.0.1:
+  * Fix --pre not being respected from the command line when a
+    requirement file includes an option e.g. -extra-index-url.
+    (#13788)
+
+-------------------------------------------------------------------
+Tue Feb  3 09:10:32 UTC 2026 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Add %{?pythons_for_pypi} macro, to be used in Leap 16.x for short
+  term interpreter.
+- Drop upstreamed patch flit-core.patch
+
+- Update to 26.0 (bsc#1257599, CVE-2026-1703):
+  # Deprecations and Removals
+  - Remove support for non-bare project names in egg fragments.
+    Affected users should use the Direct URL requirement syntax.
+    (#13157)
+  # Features
+  - Display pip’s command-line help in colour, if possible. (#12134)
+  - Support installing dependencies declared with inline script
+    metadata (PEP 723) with --requirements-from-script. (#12891)
+  - Add --all-releases and --only-final options to control pre-release
+    and final release selection during package installation. (#13221)
+  - Add --uploaded-prior-to option to only consider packages uploaded
+    prior to a given datetime when the upload-time field is available
+    from a remote index. (#13625)
+  - Add --use-feature inprocess-build-deps to request that build
+    dependencies are installed within the same pip install process.
+    This new mechanism is faster, supports --no-clean and
+    --no-cache-dir reliably, and supports prompting for
+    authentication.
+  - Enabling this feature will also enable --use-feature
+    build-constraints. This feature will become the default in a
+    future pip version. (#9081)
+  - pip cache purge and pip cache remove now clean up empty
+    directories and legacy files left by older pip versions. (#9058)
+  # Bug Fixes
+  - Fix selecting pre-release versions when only pre-releases match.
+    For example, package>1.0 with versions 1.0, 2.0rc1 now installs
+    2.0rc1 instead of failing. (#13746)
+  - Revisions in version control URLs now must be percent-encoded. For
+    example, use git+https://example.com/repo.git@issue%231 to specify
+    the branch issue#1. If you previously used a branch name
+    containing a % character in a version control URL, you now need to
+    replace it with %25 to ensure correct percent-encoding. (#13407)
+  - Preserve original casing when a path is displayed. (#6823)
+  - Fix bash completion when the $IFS variable has been modified from
+    its default. (#13555)
+  - Precompute Python requirements on each candidate, reducing time of
+    long resolutions. (#13656)
+  - Skip redundant work converting version objects to strings when
+    using the importlib.metadata backend. (#13660)
+  - Fix pip index versions to honor only-binary/no-binary options.
+    (#13682)
+  - Fix fallthrough logic for options, allowing overriding global
+    options with defaults from user config. (#13703)
+  - Use a path-segment prefix comparison, not char-by-char. (#13777)
+
+- 25.3:
+  # Deprecations and Removals
+  - Remove support for the legacy setup.py develop editable method in
+    setuptools editable installs; setuptools >= 64 is now required.
+    (#11457)
+  - Remove the deprecated --global-option and --build-option.
+    --config-setting is now the only way to pass options to the build
+    backend. (#11859)
+  - Deprecate the PIP_CONSTRAINT environment variable for specifying
+    build constraints.
+  - Use the --build-constraint option or the PIP_BUILD_CONSTRAINT
+    environment variable instead. When build constraints are used,
+    PIP_CONSTRAINT no longer affects isolated build environments. To
+    enable this behavior without specifying any build constraints, use
+    --use-feature=build-constraint. (#13534)
+  - Remove support for non-standard legacy wheel filenames. (#13581)
+  - Remove support for the deprecated setup.py bdist_wheel mechanism.
+    Consequently, --use-pep517 is now always on, and --no-use-pep517
+    has been removed. (#6334)
+  # Features
+  - When PEP 658 metadata is available, full distribution files are no
+    longer downloaded when using pip lock or pip install --dry-run.
+    (#12603)
+  - Add support for installing an editable requirement written as a
+    Direct URL (PackageName @ URL). (#13495)
+  - Add support for build constraints via the --build-constraint
+    option. This allows constraining the versions of packages used
+    during the build process (e.g., setuptools) without affecting the
+    final installation. (#13534)
+  - On ResolutionImpossible errors, include a note about causes with
+    no candidates. (#13588)
+  - Building pip itself from source now uses flit-core instead of
+    setuptools. This does not affect how pip installs or builds
+    packages you use. (#13473)
+  # Bug Fixes
+  - Handle malformed Version metadata entries and show a sensible
+    error message instead of crashing. (#13443)
+  - Permit spaces between a filepath and extras in an install
+    requirement. (#13523)
+  - Ensure the self-check files in the cache have the same permissions
+    as the rest of the cache. (#13528)
+  - Avoid concurrency issues and improve performance when caching
+    locally built wheels, especially when the temporary build
+    directory is on a different filesystem than the cache. The wheel
+    directory passed to the build backend is now a temporary
+    subdirectory inside the cache directory. (#13540)
+  - Include relevant user-supplied constraints in logs when reporting
+    dependency conflicts. (#13545)
+  - Fix a regression in configuration parsing that was turning a
+    single value into a list and thus leading to a validation error.
+    (#13548)
+  - For Python versions that do not support PEP 706, pip will now
+    raise an installation error for a source distribution when it
+    includes a symlink that points outside the source distribution
+    archive. (#13550)
+  - Prevent --user installs if site.ENABLE_USER_SITE is set to False.
+    (#8794)
+
 -------------------------------------------------------------------
 Wed Aug 13 12:25:02 UTC 2025 - Markéta Machová <mmachova@suse.com>
 

python-pip.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package python-pip
 #
-# Copyright (c) 2025 SUSE LLC
+# Copyright (c) 2026 SUSE LLC and contributors
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -31,9 +31,10 @@
 %endif
 # in order to avoid rewriting for subpackage generator
 %define mypython python
+%{?pythons_for_pypi}
 %{?sle15_python_module_pythons}
 Name:           python-pip%{psuffix}
-Version:        25.2
+Version:        26.0.1
 Release:        0
 Summary:        A Python package management system
 License:        MIT
@@ -44,9 +45,6 @@ Source:         https://github.com/pypa/pip/archive/%{version}.tar.gz#/pip-%{ver
 Patch0:         pip-shipped-requests-cabundle.patch
 # PATCH-FIX-OPENSUSE: deal missing ca-certificates as "ssl not available"
 Patch1:         disable-ssl-context-in-buildenv.patch
-# PATCH-FIX-UPSTREAM https://github.com/pypa/pip/pull/13473 Use flit-core to build pip distributions
-# setuptools was unable to handle the new license expression for some reason
-Patch2:         flit-core.patch
 BuildRequires:  %{python_module base >= 3.9}
 BuildRequires:  %{python_module flit-core >= 3.11}
 # The rpm python-wheel build is bootstrap friendly since 0.42