--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/python/pip/patches/01-unbundle-requests.patch	Thu Jun 04 14:18:25 2015 -0700
@@ -0,0 +1,125 @@
+In-house patch to 'unbundle' requests v2.5.1 (which has a known CVE) to
+instead use requests v2.6.0 which is already available in Solaris.
+
+--- pip-6.0.8/pip/__init__.py.orig	2015-06-03 20:10:13.002501253 -0700
++++ pip-6.0.8/pip/__init__.py	2015-06-03 20:10:57.018903229 -0700
+@@ -16,9 +16,7 @@ from pip.vcs import git, mercurial, subv
+ from pip.baseparser import ConfigOptionParser, UpdatingDefaultsHelpFormatter
+ from pip.commands import get_summaries, get_similar_commands
+ from pip.commands import commands_dict
+-from pip._vendor.requests.packages.urllib3.exceptions import (
+-    InsecureRequestWarning,
+-)
++from requests.packages.urllib3.exceptions import InsecureRequestWarning
+ 
+ 
+ # assignment for flake8 to be happy
+
+--- pip-6.0.8/pip/_vendor/cachecontrol/adapter.py.orig    2015-06-03 20:13:32.884043045 -0700
++++ pip-6.0.8/pip/_vendor/cachecontrol/adapter.py  2015-06-03 20:13:51.401124573 -0700
+@@ -1,6 +1,6 @@
+ import functools
+
+-from pip._vendor.requests.adapters import HTTPAdapter
++from requests.adapters import HTTPAdapter
+
+ from .controller import CacheController
+ from .cache import DictCache
+
+--- pip-6.0.8/pip/_vendor/cachecontrol/compat.py.orig       2015-06-03 20:14:32.456221635 -0700
++++ pip-6.0.8/pip/_vendor/cachecontrol/compat.py   2015-06-03 20:15:13.070994049 -0700
+@@ -12,5 +12,5 @@ except ImportError:
+
+ # Handle the case where the requests has been patched to not have urllib3
+ # bundled as part of it's source.
+-from pip._vendor.requests.packages.urllib3.response import HTTPResponse
+-from pip._vendor.requests.packages.urllib3.util import is_fp_closed
++from requests.packages.urllib3.response import HTTPResponse
++from requests.packages.urllib3.util import is_fp_closed
+
+--- pip-6.0.8/pip/_vendor/cachecontrol/controller.py.orig   2015-06-03 20:15:52.523400877 -0700
++++ pip-6.0.8/pip/_vendor/cachecontrol/controller.py       2015-06-03 20:16:13.267223970 -0700
+@@ -6,7 +6,7 @@ import calendar
+ import time
+ from email.utils import parsedate_tz
+
+-from pip._vendor.requests.structures import CaseInsensitiveDict
++from requests.structures import CaseInsensitiveDict
+
+ from .cache import DictCache
+ from .serialize import Serializer
+
+--- pip-6.0.8/pip/_vendor/cachecontrol/serialize.py.orig      2015-06-03 20:17:00.074044178 -0700
++++ pip-6.0.8/pip/_vendor/cachecontrol/serialize.py        2015-06-03 20:17:09.414723163 -0700
+@@ -3,7 +3,7 @@ import io
+ import json
+ import zlib
+
+-from pip._vendor.requests.structures import CaseInsensitiveDict
++from requests.structures import CaseInsensitiveDict
+
+ from .compat import HTTPResponse, pickle
+
+--- pip-6.0.8/pip/download.py.orig 2015-06-03 20:19:11.208085248 -0700
++++ pip-6.0.8/pip/download.py 2015-06-03 20:21:09.714266385 -0700
+@@ -27,17 +27,19 @@ from pip.utils.filesystem import check_p
+ from pip.utils.ui import DownloadProgressBar, DownloadProgressSpinner
+ from pip.locations import write_delete_marker_file
+ from pip.vcs import vcs
+-from pip._vendor import requests, six
+-from pip._vendor.requests.adapters import BaseAdapter, HTTPAdapter
+-from pip._vendor.requests.auth import AuthBase, HTTPBasicAuth
+-from pip._vendor.requests.models import Response
+-from pip._vendor.requests.structures import CaseInsensitiveDict
+-from pip._vendor.requests.packages import urllib3
++from pip._vendor import six
+ from pip._vendor.cachecontrol import CacheControlAdapter
+ from pip._vendor.cachecontrol.caches import FileCache
+ from pip._vendor.lockfile import LockError
+ from pip._vendor.six.moves import xmlrpc_client
+
++import requests
++from requests.adapters import BaseAdapter, HTTPAdapter
++from requests.auth import AuthBase, HTTPBasicAuth
++from requests.models import Response
++from requests.structures import CaseInsensitiveDict
++from requests.packages import urllib3
++
+
+ __all__ = ['get_file_content',
+            'is_url', 'url_to_path', 'path_to_url',
+
+--- pip-6.0.8/pip/index.py.orig  2015-06-03 20:21:43.458489848 -0700
++++ pip-6.0.8/pip/index.py    2015-06-03 20:22:16.929267163 -0700
+@@ -26,9 +26,10 @@ from pip.models import PyPI
+ from pip.wheel import Wheel, wheel_ext
+ from pip.pep425tags import supported_tags, supported_tags_noarch, get_platform
+ from pip.req.req_requirement import InstallationCandidate
+-from pip._vendor import html5lib, requests, pkg_resources, six
++from pip._vendor import html5lib, pkg_resources, six
+ from pip._vendor.packaging.version import parse as parse_version
+-from pip._vendor.requests.exceptions import SSLError
++import requests
++from requests.exceptions import SSLError
+
+
+ __all__ = ['PackageFinder']
+
+--- pip-6.0.8/pip/req/req_set.py.orig    2015-06-03 20:23:31.735567930 -0700
++++ pip-6.0.8/pip/req/req_set.py  2015-06-03 20:23:55.732059685 -0700
+@@ -4,7 +4,6 @@ import logging
+ import os
+
+ from pip._vendor import pkg_resources
+-from pip._vendor import requests
+
+ from pip.download import (url_to_path, unpack_url)
+ from pip.exceptions import (InstallationError, BestVersionAlreadyInstalled,
+@@ -16,6 +15,7 @@ from pip.utils import (display_path, rmt
+ from pip.utils.logging import indent_log
+ from pip.vcs import vcs
+ from pip.wheel import wheel_ext
++import requests
+
+
+ logger = logging.getLogger(__name__)