diff --git a/python-setuptools.changes b/python-setuptools.changes index 3f56a7b..0512c22 100644 --- a/python-setuptools.changes +++ b/python-setuptools.changes @@ -1,3 +1,16 @@ +------------------------------------------------------------------- +Wed May 3 02:23:58 UTC 2023 - Steve Kowalik + +- Update to 67.7.2: + * #3902: Fixed wrong URLs used in warnings and logs. + * #3898: Fixes setuptools.dist:invalid_unless_false when value is false + don’t raise error + * #3849: Overhaul warning system for better visibility. + * #3884: Add a stacklevel parameter to warnings.warn() to provide more + information to the user. +- Add patch use-tarfile-extraction_filter.patch: + * Set an extraction_filter to avoid a warning. + ------------------------------------------------------------------- Sun Apr 16 08:13:23 UTC 2023 - Dirk Müller diff --git a/python-setuptools.spec b/python-setuptools.spec index eac1975..26d47d5 100644 --- a/python-setuptools.spec +++ b/python-setuptools.spec @@ -37,7 +37,7 @@ # in order to avoid rewriting for subpackage generator %define mypython python Name: python-setuptools%{psuffix} -Version: 67.6.1 +Version: 67.7.2 Release: 0 Summary: Download, build, install, upgrade, and uninstall Python packages License: Apache-2.0 AND MIT AND BSD-2-Clause AND Python-2.0 @@ -46,6 +46,8 @@ Source: https://files.pythonhosted.org/packages/source/s/setuptools/setu Patch0: sort-for-reproducibility.patch # PATCH-FIX-OPENSUSE fix-get-python-lib-python38.patch bsc#1204395 Patch2: fix-get-python-lib-python38.patch +# PATCH-FIX-UPSTREAM gh#pypa/setuptools#3917 +Patch3: use-tarfile-extraction_filter.patch BuildRequires: %{python_module base >= 3.7} BuildRequires: fdupes BuildRequires: python-rpm-macros diff --git a/setuptools-67.6.1.tar.gz b/setuptools-67.6.1.tar.gz deleted file mode 100644 index 59bb706..0000000 --- a/setuptools-67.6.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:257de92a9d50a60b8e22abfcbb771571fde0dbf3ec234463212027a4eeecbe9a -size 2486256 diff --git a/setuptools-67.7.2.tar.gz b/setuptools-67.7.2.tar.gz new file mode 100644 index 0000000..cc5c34a --- /dev/null +++ b/setuptools-67.7.2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:f104fa03692a2602fa0fec6c6a9e63b6c8a968de13e17c026957dd1f53d80990 +size 2491608 diff --git a/use-tarfile-extraction_filter.patch b/use-tarfile-extraction_filter.patch new file mode 100644 index 0000000..223795d --- /dev/null +++ b/use-tarfile-extraction_filter.patch @@ -0,0 +1,26 @@ +From 788a7601c88db28435a70e5bb17e6eba23a31e4c Mon Sep 17 00:00:00 2001 +From: Steve Kowalik +Date: Wed, 3 May 2023 12:02:19 +1000 +Subject: [PATCH] tests: Add extraction_filter for tarfile + +Python 3.12, and earlier via security backports now issue an +DeprecationWarning when calling tarfile.extractall without an extraction +filter set. Since the only place we've called extractall is literally +right after we've created the archive, use a fully trusted filter. This +can be replaced with a filter argument to extractall in future. +--- + setuptools/tests/test_easy_install.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/setuptools/tests/test_easy_install.py b/setuptools/tests/test_easy_install.py +index bca86066ad..edc9af8252 100644 +--- a/setuptools/tests/test_easy_install.py ++++ b/setuptools/tests/test_easy_install.py +@@ -615,6 +615,7 @@ def test_setup_requires_override_nspkg(self, use_setup_cfg): + foobar_1_dir = os.path.join(temp_dir, 'foo.bar-0.1') + os.mkdir(foobar_1_dir) + with tarfile.open(foobar_1_archive) as tf: ++ tf.extraction_filter = (lambda member, path: member) + tf.extractall(foobar_1_dir) + sys.path.insert(1, foobar_1_dir) +