Public bug reported:

python-pip 1.5.4 has many improvements over 1.4.1 and it behooves us to
carry this version in 14.04 instead.  See below for more information.
We should syncpackage it over to Ubuntu.  Note that we should also
syncpackage distlib once that clears Debian NEW (it'll be the same
upstream version, Ubuntu is just a little ahead).  pip 1.5.4 has a
considerable number of important security fixes which alone should make
it more appropriate to carry in an LTS.  Yes, there are some backward
incompatibilities, but pip is a leaf package and the security
improvements outweigh any incompatibilities.

1.5.4 builds and installs just fine in trusty.

>From upstream:

**1.5.4 (2014-02-21)**


* Correct deprecation warning for ``pip install --build`` to only notify when
  the `--build` value is different than the default.


**1.5.3 (2014-02-20)**


* **DEPRECATION** ``pip install --build`` and ``pip install --no-clean`` are now
  deprecated.  See Issue #906 for discussion.

* Fixed #1112. Couldn't download directly from wheel paths/urls, and when wheel
  downloads did occur using requirement specifiers, dependencies weren't
  downloaded (PR #1527)

* Fixed #1320. ``pip wheel`` was not downloading wheels that already existed (PR
  #1524)

* Fixed #1111. ``pip install --download`` was failing using local
  ``--find-links`` (PR #1524)

* Workaround for Python bug http://bugs.python.org/issue20053 (PR #1544)

* Don't pass a unicode __file__ to setup.py on Python 2.x (PR #1583)

* Verify that the Wheel version is compatible with this pip (PR #1569)


**1.5.2 (2014-01-26)**


* Upgraded the vendored ``pkg_resources`` and ``_markerlib`` to setuptools 2.1.

* Fixed an error that prevented accessing PyPI when pyopenssl, ndg-httpsclient,
  and pyasn1 are installed

* Fixed an issue that caused trailing comments to be incorrectly included as
  part of the URL in a requirements file


**1.5.1 (2014-01-20)**


* pip now only requires setuptools (any setuptools, not a certain version) when
  installing distributions from src (i.e. not from wheel). (Pull #1434).

* `get-pip.py` now installs setuptools, when it's not already installed (Pull
  #1475)

* Don't decode downloaded files that have a ``Content-Encoding`` header. (Pull
  #1435)

* Fix to correctly parse wheel filenames with single digit versions. (Pull
  #1445)

* If `--allow-unverified` is used assume it also means `--allow-external`. (Pull
  #1457)


**1.5 (2014-01-01)**


* **BACKWARD INCOMPATIBLE** pip no longer supports the ``--use-mirrors``,
  ``-M``, and ``--mirrors`` flags. The mirroring support has been removed. In
  order to use a mirror specify it as the primary index with ``-i`` or
  ``--index-url``, or as an additional index with ``--extra-index-url``. (Pull 
#1098, CVE-2013-5123)

* **BACKWARD INCOMPATIBLE** pip no longer will scrape insecure external urls by
  default nor will it install externally hosted files by default. Users may opt
  into installing externally hosted or insecure files or urls using
  ``--allow-external PROJECT`` and ``--allow-unverified PROJECT``. (Pull #1055)

* **BACKWARD INCOMPATIBLE** pip no longer respects dependency links by default.
  Users may opt into respecting them again using ``--process-dependency-links``.

* **DEPRECATION** ``pip install --no-install`` and ``pip install
  --no-download`` are now formally deprecated.  See Issue #906 for discussion on
  possible alternatives, or lack thereof, in future releases.

* **DEPRECATION** ``pip zip`` and ``pip unzip`` are now formally
deprecated.

* pip will now install Mac OSX platform wheels from PyPI. (Pull #1278)

* pip now generates the appropriate platform-specific console scripts when
  installing wheels. (Pull #1251)

* Pip now confirms a wheel is supported when installing directly from a path or
  url. (Pull #1315)

* Fixed #1097, ``--ignore-installed`` now behaves again as designed, after it 
was
  unintentionally broke in v0.8.3 when fixing Issue #14 (Pull #1352).

* Fixed a bug where global scripts were being removed when uninstalling --user
  installed packages (Pull #1353).

* Fixed #1163, --user wasn't being respected when installing scripts
from wheels (Pull #1176).

* Fixed #1150, we now assume '_' means '-' in versions from wheel
filenames (Pull #1158).

* Fixed #219, error when using --log with a failed install (Pull #1205).

* Fixed #1131, logging was buffered and choppy in Python 3.

* Fixed #70,  --timeout was being ignored (Pull #1202).

* Fixed #772, error when setting PIP_EXISTS_ACTION (Pull #1201).

* Added colors to the logging output in order to draw attention to important
  warnings and errors. (Pull #1109)

* Added warnings when using an insecure index, find-link, or dependency
link. (Pull #1121)

* Added support for installing packages from a subdirectory using the 
``subdirectory``
  editable option. ( Pull #1082 )

* Fixed #1192. "TypeError: bad operand type for unary" in some cases when
  installing wheels using --find-links (Pull #1218).

* Fixed #1133 and #317. Archive contents are now written based on system
  defaults and umask (i.e. permissions are not preserved), except that regular
  files with any execute permissions have the equivalent of "chmod +x" applied
  after being written (Pull #1146).

* PreviousBuildDirError now returns a non-zero exit code and prevents the
  previous build dir from being cleaned in all cases (Pull #1162).

* Renamed --allow-insecure to --allow-unverified, however the old name will
  continue to work for a period of time (Pull #1257).

* Fixed #1006, error when installing local projects with symlinks in
  Python 3. (Pull #1311)

* The previously hidden ``--log-file`` otion, is now shown as a general option.
  (Pull #1316)

** Affects: python-pip (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1300389

Title:
  [FFe] python-pip 1.5.4 for Ubuntu 14.04 LTS

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/python-pip/+bug/1300389/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to