diff --git a/SPECS/python-wheel/Use-vendored-packaging-to-canonicalize-requirements.patch b/SPECS/python-wheel/Use-vendored-packaging-to-canonicalize-requirements.patch new file mode 100644 index 00000000000..7d7e37d91e3 --- /dev/null +++ b/SPECS/python-wheel/Use-vendored-packaging-to-canonicalize-requirements.patch @@ -0,0 +1,38 @@ +From c35c77748f7ed54c0deee7dcf874a7acb4856008 Mon Sep 17 00:00:00 2001 +From: Archana Shettigar +Date: Tue, 3 Feb 2026 12:59:16 +0530 +Subject: [PATCH] Use vendored packaging to canonicalize requirements +Upstream Reference Patch: https://github.com/pypa/wheel/commit/4ec2ae368bb30b0a92617824f833ae615aca18cf + +--- + tests/test_metadata.py | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/tests/test_metadata.py b/tests/test_metadata.py +index db0ab0c..3719c6f 100644 +--- a/tests/test_metadata.py ++++ b/tests/test_metadata.py +@@ -12,9 +12,9 @@ def test_pkginfo_to_metadata(tmp_path: Path) -> None: + ("Metadata-Version", "2.1"), + ("Name", "spam"), + ("Version", "0.1"), +- ("Requires-Dist", "pip @ https://github.com/pypa/pip/archive/1.3.1.zip"), ++ ("Requires-Dist", "pip@ https://github.com/pypa/pip/archive/1.3.1.zip"), + ("Requires-Dist", 'pywin32; sys_platform == "win32"'), +- ("Requires-Dist", 'foo @ http://host/foo.zip ; sys_platform == "win32"'), ++ ("Requires-Dist", 'foo@ http://host/foo.zip ; sys_platform == "win32"'), + ("Provides-Extra", "signatures"), + ( + "Requires-Dist", +@@ -22,7 +22,7 @@ def test_pkginfo_to_metadata(tmp_path: Path) -> None: + ), + ("Provides-Extra", "empty_extra"), + ("Provides-Extra", "extra"), +- ("Requires-Dist", 'bar @ http://host/bar.zip ; extra == "extra"'), ++ ("Requires-Dist", 'bar@ http://host/bar.zip ; extra == "extra"'), + ("Provides-Extra", "faster-signatures"), + ("Requires-Dist", 'ed25519ll; extra == "faster-signatures"'), + ("Provides-Extra", "rest"), +-- +2.45.4 + diff --git a/SPECS/python-wheel/python-wheel.signatures.json b/SPECS/python-wheel/python-wheel.signatures.json index 204e84b55c9..e37c83f8aa1 100644 --- a/SPECS/python-wheel/python-wheel.signatures.json +++ b/SPECS/python-wheel/python-wheel.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "wheel-0.43.0.tar.gz": "23060d7cc8afafc2930554624b4bae7d58031830672048622c926675ab91e3b0" + "wheel-0.46.3.tar.gz": "36327d3bba035d9c3509421a42b59914fe9aab79d894b21cb9be17353abf6d2c" } -} \ No newline at end of file +} diff --git a/SPECS/python-wheel/python-wheel.spec b/SPECS/python-wheel/python-wheel.spec index c6880ac23ce..2f212f5516d 100644 --- a/SPECS/python-wheel/python-wheel.spec +++ b/SPECS/python-wheel/python-wheel.spec @@ -1,15 +1,17 @@ # The function of bootstrap is that it disables the wheel subpackage %bcond_with bootstrap +%global pypi_name wheel %bcond main_python 1 Summary: Built-package format for Python Name: python-%{pypi_name} -Version: 0.43.0 +Version: 0.46.3 Release: 1%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Azure Linux URL: https://github.com/pypa/wheel Source0: %{url}/archive/%{version}/%{pypi_name}-%{version}.tar.gz +Patch0: Use-vendored-packaging-to-canonicalize-requirements.patch %global pypi_name wheel %global python_wheel_name %{pypi_name}-%{version}-py3-none-any.whl %global python_wheeldir %{_datadir}/python-wheels @@ -58,6 +60,9 @@ A Python wheel of wheel to use with virtualenv. %prep %autosetup -n %{pypi_name}-%{version} -p1 +# flit_core expects [project].license to be a table/dict, not a string +sed -i 's/^license = "MIT"$/license = { text = "MIT" }/' pyproject.toml + %generate_buildrequires %pyproject_buildrequires @@ -115,6 +120,9 @@ pip3 install iniconfig %endif %changelog +* Wed Jan 28 2026 Azure Linux Security Servicing Account - 0.46.3-1 +- Updated to 0.46.3 to fix CVE-2026-24049 + * Fri May 10 2024 Betty Lakes - 0.43.0-1 - Updated to 0.43.0 diff --git a/cgmanifest.json b/cgmanifest.json index c9d8288d244..b7c19529835 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -25573,8 +25573,8 @@ "type": "other", "other": { "name": "python-wheel", - "version": "0.43.0", - "downloadUrl": "https://github.com/pypa/wheel/archive/0.43.0/wheel-0.43.0.tar.gz" + "version": "0.46.3", + "downloadUrl": "https://github.com/pypa/wheel/archive/0.46.3/wheel-0.46.3.tar.gz" } } }, diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 150323cea33..a146de63062 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -530,7 +530,7 @@ procps-ng-lang-4.0.4-1.azl3.aarch64.rpm pyproject-rpm-macros-1.12.0-2.azl3.noarch.rpm pyproject-srpm-macros-1.12.0-2.azl3.noarch.rpm python-markupsafe-debuginfo-2.1.3-1.azl3.aarch64.rpm -python-wheel-wheel-0.43.0-1.azl3.noarch.rpm +python-wheel-wheel-0.46.3-1.azl3.noarch.rpm python3-3.12.9-9.azl3.aarch64.rpm python3-audit-3.1.2-1.azl3.aarch64.rpm python3-cracklib-2.9.11-1.azl3.aarch64.rpm @@ -557,7 +557,7 @@ python3-rpm-generators-14-11.azl3.noarch.rpm python3-setuptools-69.0.3-5.azl3.noarch.rpm python3-test-3.12.9-9.azl3.aarch64.rpm python3-tools-3.12.9-9.azl3.aarch64.rpm -python3-wheel-0.43.0-1.azl3.noarch.rpm +python3-wheel-0.46.3-1.azl3.noarch.rpm readline-8.2-2.azl3.aarch64.rpm readline-debuginfo-8.2-2.azl3.aarch64.rpm readline-devel-8.2-2.azl3.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 66479e5bcc7..dd12462c102 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -538,7 +538,7 @@ procps-ng-lang-4.0.4-1.azl3.x86_64.rpm pyproject-rpm-macros-1.12.0-2.azl3.noarch.rpm pyproject-srpm-macros-1.12.0-2.azl3.noarch.rpm python-markupsafe-debuginfo-2.1.3-1.azl3.x86_64.rpm -python-wheel-wheel-0.43.0-1.azl3.noarch.rpm +python-wheel-wheel-0.46.3-1.azl3.noarch.rpm python3-3.12.9-9.azl3.x86_64.rpm python3-audit-3.1.2-1.azl3.x86_64.rpm python3-cracklib-2.9.11-1.azl3.x86_64.rpm @@ -565,7 +565,7 @@ python3-rpm-generators-14-11.azl3.noarch.rpm python3-setuptools-69.0.3-5.azl3.noarch.rpm python3-test-3.12.9-9.azl3.x86_64.rpm python3-tools-3.12.9-9.azl3.x86_64.rpm -python3-wheel-0.43.0-1.azl3.noarch.rpm +python3-wheel-0.46.3-1.azl3.noarch.rpm readline-8.2-2.azl3.x86_64.rpm readline-debuginfo-8.2-2.azl3.x86_64.rpm readline-devel-8.2-2.azl3.x86_64.rpm