[FFe] python-pip 1.5.4 for Ubuntu 14.04 LTS
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
python-pip (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
python-pip 1.5.4 has many improvements over 1.4.1 and it behooves us to carry this version in 14.04 instead. See below for more information. We should syncpackage it over to Ubuntu. Note that we should also syncpackage distlib once that clears Debian NEW (it'll be the same upstream version, Ubuntu is just a little ahead). pip 1.5.4 has a considerable number of important security fixes which alone should make it more appropriate to carry in an LTS. Yes, there are some backward incompatibilities, but pip is a leaf package and the security improvements outweigh any incompatibilities.
1.5.4 builds and installs just fine in trusty.
From upstream:
**1.5.4 (2014-02-21)**
* Correct deprecation warning for ``pip install --build`` to only notify when
the `--build` value is different than the default.
**1.5.3 (2014-02-20)**
* **DEPRECATION** ``pip install --build`` and ``pip install --no-clean`` are now
deprecated. See Issue #906 for discussion.
* Fixed #1112. Couldn't download directly from wheel paths/urls, and when wheel
downloads did occur using requirement specifiers, dependencies weren't
downloaded (PR #1527)
* Fixed #1320. ``pip wheel`` was not downloading wheels that already existed (PR
#1524)
* Fixed #1111. ``pip install --download`` was failing using local
``--find-links`` (PR #1524)
* Workaround for Python bug http://
* Don't pass a unicode __file__ to setup.py on Python 2.x (PR #1583)
* Verify that the Wheel version is compatible with this pip (PR #1569)
**1.5.2 (2014-01-26)**
* Upgraded the vendored ``pkg_resources`` and ``_markerlib`` to setuptools 2.1.
* Fixed an error that prevented accessing PyPI when pyopenssl, ndg-httpsclient,
and pyasn1 are installed
* Fixed an issue that caused trailing comments to be incorrectly included as
part of the URL in a requirements file
**1.5.1 (2014-01-20)**
* pip now only requires setuptools (any setuptools, not a certain version) when
installing distributions from src (i.e. not from wheel). (Pull #1434).
* `get-pip.py` now installs setuptools, when it's not already installed (Pull
#1475)
* Don't decode downloaded files that have a ``Content-
#1435)
* Fix to correctly parse wheel filenames with single digit versions. (Pull
#1445)
* If `--allow-
#1457)
**1.5 (2014-01-01)**
* **BACKWARD INCOMPATIBLE** pip no longer supports the ``--use-mirrors``,
``-M``, and ``--mirrors`` flags. The mirroring support has been removed. In
order to use a mirror specify it as the primary index with ``-i`` or
``--index-url``, or as an additional index with ``--extra-
* **BACKWARD INCOMPATIBLE** pip no longer will scrape insecure external urls by
default nor will it install externally hosted files by default. Users may opt
into installing externally hosted or insecure files or urls using
``--allow-
* **BACKWARD INCOMPATIBLE** pip no longer respects dependency links by default.
Users may opt into respecting them again using ``--process-
* **DEPRECATION** ``pip install --no-install`` and ``pip install
--no-download`` are now formally deprecated. See Issue #906 for discussion on
possible alternatives, or lack thereof, in future releases.
* **DEPRECATION** ``pip zip`` and ``pip unzip`` are now formally deprecated.
* pip will now install Mac OSX platform wheels from PyPI. (Pull #1278)
* pip now generates the appropriate platform-specific console scripts when
installing wheels. (Pull #1251)
* Pip now confirms a wheel is supported when installing directly from a path or
url. (Pull #1315)
* Fixed #1097, ``--ignore-
unintentionally broke in v0.8.3 when fixing Issue #14 (Pull #1352).
* Fixed a bug where global scripts were being removed when uninstalling --user
installed packages (Pull #1353).
* Fixed #1163, --user wasn't being respected when installing scripts from wheels (Pull #1176).
* Fixed #1150, we now assume '_' means '-' in versions from wheel filenames (Pull #1158).
* Fixed #219, error when using --log with a failed install (Pull #1205).
* Fixed #1131, logging was buffered and choppy in Python 3.
* Fixed #70, --timeout was being ignored (Pull #1202).
* Fixed #772, error when setting PIP_EXISTS_ACTION (Pull #1201).
* Added colors to the logging output in order to draw attention to important
warnings and errors. (Pull #1109)
* Added warnings when using an insecure index, find-link, or dependency link. (Pull #1121)
* Added support for installing packages from a subdirectory using the ``subdirectory``
editable option. ( Pull #1082 )
* Fixed #1192. "TypeError: bad operand type for unary" in some cases when
installing wheels using --find-links (Pull #1218).
* Fixed #1133 and #317. Archive contents are now written based on system
defaults and umask (i.e. permissions are not preserved), except that regular
files with any execute permissions have the equivalent of "chmod +x" applied
after being written (Pull #1146).
* PreviousBuildDi
previous build dir from being cleaned in all cases (Pull #1162).
* Renamed --allow-insecure to --allow-unverified, however the old name will
continue to work for a period of time (Pull #1257).
* Fixed #1006, error when installing local projects with symlinks in
Python 3. (Pull #1311)
* The previously hidden ``--log-file`` otion, is now shown as a general option.
(Pull #1316)
Ack. Approved.