Revert "[MEDIUM] Upgrade python-wheel to 0.46.3 for CVE-2026-24049" (#16013)

Author: Kanishk-Bansal

SPECS/python-wheel/Use-vendored-packaging-to-canonicalize-requirements.patch

@@ -1,5 +1,5 @@
 {
  "Signatures": {
-  "wheel-0.46.3.tar.gz": "36327d3bba035d9c3509421a42b59914fe9aab79d894b21cb9be17353abf6d2c"
+  "wheel-0.43.0.tar.gz": "23060d7cc8afafc2930554624b4bae7d58031830672048622c926675ab91e3b0"
  }
-}
+}

SPECS/python-wheel/python-wheel.signatures.json

@@ -1,17 +1,15 @@
 # The function of bootstrap is that it disables the wheel subpackage
 %bcond_with bootstrap
-%global pypi_name wheel
 %bcond main_python 1
 Summary:        Built-package format for Python
 Name:           python-%{pypi_name}
-Version:        0.46.3
+Version:        0.43.0
 Release:        1%{?dist}
 License:        MIT
 Vendor:         Microsoft Corporation
 Distribution:   Azure Linux
 URL:            https://github.com/pypa/wheel
 Source0:        %{url}/archive/%{version}/%{pypi_name}-%{version}.tar.gz
-Patch0:         Use-vendored-packaging-to-canonicalize-requirements.patch
 %global pypi_name wheel
 %global python_wheel_name %{pypi_name}-%{version}-py3-none-any.whl
 %global python_wheeldir %{_datadir}/python-wheels
@@ -60,9 +58,6 @@ A Python wheel of wheel to use with virtualenv.
 %prep
 %autosetup -n %{pypi_name}-%{version} -p1
 
-# flit_core expects [project].license to be a table/dict, not a string
-sed -i 's/^license = "MIT"$/license = { text = "MIT" }/' pyproject.toml
-
 %generate_buildrequires
 %pyproject_buildrequires
 
@@ -120,9 +115,6 @@ pip3 install iniconfig
 %endif
 
 %changelog
-* Wed Jan 28 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 0.46.3-1
-- Updated to 0.46.3 to fix CVE-2026-24049
-
 * Fri May 10 2024 Betty Lakes <bettylakes@microsoft.com> - 0.43.0-1
 - Updated to 0.43.0
 

SPECS/python-wheel/python-wheel.spec

@@ -25583,8 +25583,8 @@
         "type": "other",
         "other": {
           "name": "python-wheel",
-          "version": "0.46.3",
-          "downloadUrl": "https://github.com/pypa/wheel/archive/0.46.3/wheel-0.46.3.tar.gz"
+          "version": "0.43.0",
+          "downloadUrl": "https://github.com/pypa/wheel/archive/0.43.0/wheel-0.43.0.tar.gz"
         }
       }
     },

cgmanifest.json

@@ -530,7 +530,7 @@ procps-ng-lang-4.0.4-1.azl3.aarch64.rpm
 pyproject-rpm-macros-1.12.0-2.azl3.noarch.rpm
 pyproject-srpm-macros-1.12.0-2.azl3.noarch.rpm
 python-markupsafe-debuginfo-2.1.3-1.azl3.aarch64.rpm
-python-wheel-wheel-0.46.3-1.azl3.noarch.rpm
+python-wheel-wheel-0.43.0-1.azl3.noarch.rpm
 python3-3.12.9-9.azl3.aarch64.rpm
 python3-audit-3.1.2-1.azl3.aarch64.rpm
 python3-cracklib-2.9.11-1.azl3.aarch64.rpm
@@ -557,7 +557,7 @@ python3-rpm-generators-14-11.azl3.noarch.rpm
 python3-setuptools-69.0.3-5.azl3.noarch.rpm
 python3-test-3.12.9-9.azl3.aarch64.rpm
 python3-tools-3.12.9-9.azl3.aarch64.rpm
-python3-wheel-0.46.3-1.azl3.noarch.rpm
+python3-wheel-0.43.0-1.azl3.noarch.rpm
 readline-8.2-2.azl3.aarch64.rpm
 readline-debuginfo-8.2-2.azl3.aarch64.rpm
 readline-devel-8.2-2.azl3.aarch64.rpm

toolkit/resources/manifests/package/toolchain_aarch64.txt

@@ -538,7 +538,7 @@ procps-ng-lang-4.0.4-1.azl3.x86_64.rpm
 pyproject-rpm-macros-1.12.0-2.azl3.noarch.rpm
 pyproject-srpm-macros-1.12.0-2.azl3.noarch.rpm
 python-markupsafe-debuginfo-2.1.3-1.azl3.x86_64.rpm
-python-wheel-wheel-0.46.3-1.azl3.noarch.rpm
+python-wheel-wheel-0.43.0-1.azl3.noarch.rpm
 python3-3.12.9-9.azl3.x86_64.rpm
 python3-audit-3.1.2-1.azl3.x86_64.rpm
 python3-cracklib-2.9.11-1.azl3.x86_64.rpm
@@ -565,7 +565,7 @@ python3-rpm-generators-14-11.azl3.noarch.rpm
 python3-setuptools-69.0.3-5.azl3.noarch.rpm
 python3-test-3.12.9-9.azl3.x86_64.rpm
 python3-tools-3.12.9-9.azl3.x86_64.rpm
-python3-wheel-0.46.3-1.azl3.noarch.rpm
+python3-wheel-0.43.0-1.azl3.noarch.rpm
 readline-8.2-2.azl3.x86_64.rpm
 readline-debuginfo-8.2-2.azl3.x86_64.rpm
 readline-devel-8.2-2.azl3.x86_64.rpm