-
python-pip (23.0.1+dfsg-1ubuntu0.2) lunar-security; urgency=medium
* SECURITY UPDATE: http cookie leakage via http redirect
- debian/patches/CVE-2023-43804.patch: removes the cookie from the
http request when it is redirected to a different origin.
- CVE-2023-43804
* SECURITY UPDATE: http body leakage via http redirect
- debian/patches/CVE-2023-45803.patch: removes the body from the
http request when it is redirected to a different origin and the
http verb is changed to GET.
- CVE-2023-45803
-- Jorge Sancho Larraz <email address hidden> Fri, 10 Nov 2023 13:27:56 +0100
-
python-pip (23.0.1+dfsg-1ubuntu0.1) lunar-security; urgency=medium
* No-change rebuild for requests update.
-- Marc Deslauriers <email address hidden> Mon, 05 Jun 2023 14:18:59 -0400
-
python-pip (23.0.1+dfsg-1) unstable; urgency=medium
* New upstream bug-fix release.
* Update NEWS to reflect the true PEP-668 rollout in cpython3.
* Drop patches superseded upstream: break-system-packages, and
default-sysconfig-scheme.
-- Stefano Rivera <email address hidden> Sun, 19 Feb 2023 10:19:33 -0400
-
python-pip (23.0+dfsg-2) unstable; urgency=medium
* Patch: Implement ``--break-system-packages`` to permit installing packages
into EXTERNALLY-MANAGED Python installations. (Closes: #1030335)
* Use --break-system-packages in our autopkgtests.
* Bump the NEWS entry, to document --break-system-packages.
-- Stefano Rivera <email address hidden> Sun, 05 Feb 2023 18:07:04 -0400
-
python-pip (23.0+dfsg-1) unstable; urgency=medium
* New upstream release.
- Supports PEP-668. Add a NEWS file explaining the implications of this.
* Refresh patches.
* Replace default-sysconfig-scheme.patch with the new upstream proposed
solution.
* Explicitly Depend on python3-pip in autopkgtests for it.
* Remove EXTERNALLY-MANAGED markers in existing autopkgtests, to test
system-wide installation.
* Add new autopkgtests that run in a venv.
* Bump copyright.
* Bump Standards-Version to 4.6.2, no changes needed.
-- Stefano Rivera <email address hidden> Thu, 02 Feb 2023 09:32:03 -0400
-
python-pip (22.3.1+dfsg-2) unstable; urgency=medium
* Patch: Use the default sysconfig scheme, in isolated environments.
(Closes: #1019293)
-- Stefano Rivera <email address hidden> Fri, 20 Jan 2023 15:26:49 -0400
-
python-pip (22.3.1+dfsg-1) unstable; urgency=medium
[ Stefano Rivera ]
* New upstream release.
[ Scott Kitterman ]
* Remove deleted --build option from pip man page (Closes: #1020556)
-- Stefano Rivera <email address hidden> Wed, 14 Dec 2022 20:11:14 -0400
-
python-pip (22.3+dfsg-1) unstable; urgency=medium
* New upstream release.
* Refresh patches.
* Drop unnecessary Build-Depends on python3-wheel.
* Use execute_{before,after} instead of overrides, where possible, in
debian/rules.
* Support the nodoc build profile.
* Update copyright years.
-- Stefano Rivera <email address hidden> Mon, 17 Oct 2022 21:44:22 +0200
-
python-pip (22.2+dfsg-1) unstable; urgency=medium
* New upstream release.
* Refresh patches.
* Update copyright.
* Bump Standards-Version to 0.6.1, no changes needed.
-- Stefano Rivera <email address hidden> Fri, 22 Jul 2022 15:48:44 +0200