From 5c62385612babc0093e163dab05ba2e08892fd6c6576ea4e6d33d2c2b0675b82 Mon Sep 17 00:00:00 2001
From: Steve Kowalik <steven.kowalik@suse.com>
Date: Wed, 3 May 2023 02:25:57 +0000
Subject: [PATCH] =?UTF-8?q?-=20Update=20to=2067.7.2:=20=20=20*=20#3902:=20?=
 =?UTF-8?q?Fixed=20wrong=20URLs=20used=20in=20warnings=20and=20logs.=20=20?=
 =?UTF-8?q?=20*=20#3898:=20Fixes=20setuptools.dist:invalid=5Funless=5Ffals?=
 =?UTF-8?q?e=20when=20value=20is=20false=20=20=20=20=20don=E2=80=99t=20rai?=
 =?UTF-8?q?se=20error=20=20=20*=20#3849:=20Overhaul=20warning=20system=20f?=
 =?UTF-8?q?or=20better=20visibility.=20=20=20*=20#3884:=20Add=20a=20stackl?=
 =?UTF-8?q?evel=20parameter=20to=20warnings.warn()=20to=20provide=20more?=
 =?UTF-8?q?=20=20=20=20=20information=20to=20the=20user.=20-=20Add=20patch?=
 =?UTF-8?q?=20use-tarfile-extraction=5Ffilter.patch:=20=20=20*=20Set=20an?=
 =?UTF-8?q?=20extraction=5Ffilter=20to=20avoid=20a=20warning.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-setuptools?expand=0&rev=240
---
 python-setuptools.changes           | 13 +++++++++++++
 python-setuptools.spec              |  4 +++-
 setuptools-67.6.1.tar.gz            |  3 ---
 setuptools-67.7.2.tar.gz            |  3 +++
 use-tarfile-extraction_filter.patch | 26 ++++++++++++++++++++++++++
 5 files changed, 45 insertions(+), 4 deletions(-)
 delete mode 100644 setuptools-67.6.1.tar.gz
 create mode 100644 setuptools-67.7.2.tar.gz
 create mode 100644 use-tarfile-extraction_filter.patch

diff --git a/python-setuptools.changes b/python-setuptools.changes
index 3f56a7b..0512c22 100644
--- a/python-setuptools.changes
+++ b/python-setuptools.changes
@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Wed May  3 02:23:58 UTC 2023 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Update to 67.7.2:
+  * #3902: Fixed wrong URLs used in warnings and logs.
+  * #3898: Fixes setuptools.dist:invalid_unless_false when value is false
+    don’t raise error
+  * #3849: Overhaul warning system for better visibility.
+  * #3884: Add a stacklevel parameter to warnings.warn() to provide more
+    information to the user. 
+- Add patch use-tarfile-extraction_filter.patch:
+  * Set an extraction_filter to avoid a warning.
+
 -------------------------------------------------------------------
 Sun Apr 16 08:13:23 UTC 2023 - Dirk Müller <dmueller@suse.com>
 
diff --git a/python-setuptools.spec b/python-setuptools.spec
index eac1975..26d47d5 100644
--- a/python-setuptools.spec
+++ b/python-setuptools.spec
@@ -37,7 +37,7 @@
 # in order to avoid rewriting for subpackage generator
 %define mypython python
 Name:           python-setuptools%{psuffix}
-Version:        67.6.1
+Version:        67.7.2
 Release:        0
 Summary:        Download, build, install, upgrade, and uninstall Python packages
 License:        Apache-2.0 AND MIT AND BSD-2-Clause AND Python-2.0
@@ -46,6 +46,8 @@ Source:         https://files.pythonhosted.org/packages/source/s/setuptools/setu
 Patch0:         sort-for-reproducibility.patch
 # PATCH-FIX-OPENSUSE fix-get-python-lib-python38.patch bsc#1204395
 Patch2:         fix-get-python-lib-python38.patch
+# PATCH-FIX-UPSTREAM gh#pypa/setuptools#3917
+Patch3:         use-tarfile-extraction_filter.patch
 BuildRequires:  %{python_module base >= 3.7}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
diff --git a/setuptools-67.6.1.tar.gz b/setuptools-67.6.1.tar.gz
deleted file mode 100644
index 59bb706..0000000
--- a/setuptools-67.6.1.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:257de92a9d50a60b8e22abfcbb771571fde0dbf3ec234463212027a4eeecbe9a
-size 2486256
diff --git a/setuptools-67.7.2.tar.gz b/setuptools-67.7.2.tar.gz
new file mode 100644
index 0000000..cc5c34a
--- /dev/null
+++ b/setuptools-67.7.2.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:f104fa03692a2602fa0fec6c6a9e63b6c8a968de13e17c026957dd1f53d80990
+size 2491608
diff --git a/use-tarfile-extraction_filter.patch b/use-tarfile-extraction_filter.patch
new file mode 100644
index 0000000..223795d
--- /dev/null
+++ b/use-tarfile-extraction_filter.patch
@@ -0,0 +1,26 @@
+From 788a7601c88db28435a70e5bb17e6eba23a31e4c Mon Sep 17 00:00:00 2001
+From: Steve Kowalik <steven@wedontsleep.org>
+Date: Wed, 3 May 2023 12:02:19 +1000
+Subject: [PATCH] tests: Add extraction_filter for tarfile
+
+Python 3.12, and earlier via security backports now issue an
+DeprecationWarning when calling tarfile.extractall without an extraction
+filter set. Since the only place we've called extractall is literally
+right after we've created the archive, use a fully trusted filter. This
+can be replaced with a filter argument to extractall in future.
+---
+ setuptools/tests/test_easy_install.py | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/setuptools/tests/test_easy_install.py b/setuptools/tests/test_easy_install.py
+index bca86066ad..edc9af8252 100644
+--- a/setuptools/tests/test_easy_install.py
++++ b/setuptools/tests/test_easy_install.py
+@@ -615,6 +615,7 @@ def test_setup_requires_override_nspkg(self, use_setup_cfg):
+                 foobar_1_dir = os.path.join(temp_dir, 'foo.bar-0.1')
+                 os.mkdir(foobar_1_dir)
+                 with tarfile.open(foobar_1_archive) as tf:
++                    tf.extraction_filter = (lambda member, path: member)
+                     tf.extractall(foobar_1_dir)
+                 sys.path.insert(1, foobar_1_dir)
+