diff --git a/backport-Fixed-parsing-of-wheel-file-names-with-multiple-platform-tags.patch b/backport-Fixed-parsing-of-wheel-file-names-with-multiple-platform-tags.patch new file mode 100644 index 0000000000000000000000000000000000000000..e212c7de5051d6a5ceaedf9723dbe7fe8f3bed66 --- /dev/null +++ b/backport-Fixed-parsing-of-wheel-file-names-with-multiple-platform-tags.patch @@ -0,0 +1,66 @@ +From 44193907eb308930de05deed863fb4d157c5c866 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Alex=20Gr=C3=B6nholm?= +Date: Sat, 5 Nov 2022 01:17:22 +0200 +Subject: [PATCH] Fixed parsing of wheel file names with multiple platform tags + +Reference:https://github.com/pypa/wheel/commit/44193907eb308930de05deed863fb4d157c5c866 + +Fixes #485. +--- + src/wheel/wheelfile.py | 4 ++-- + tests/test_wheelfile.py | 16 ++++++++++++---- + 2 files changed, 14 insertions(+), 6 deletions(-) + +diff --git a/src/wheel/wheelfile.py b/src/wheel/wheelfile.py +index 3c3d9f5..bce7ab3 100644 +--- a/src/wheel/wheelfile.py ++++ b/src/wheel/wheelfile.py +@@ -16,8 +16,8 @@ from wheel.util import urlsafe_b64decode, as_unicode, native, urlsafe_b64encode, + # Non-greedy matching of an optional build number may be too clever (more + # invalid wheel filenames will match). Separate regex for .dist-info? + WHEEL_INFO_RE = re.compile( +- r"""^(?P(?P[^-]+?)-(?P[^-]+?))(-(?P\d[^-]*))? +- -(?P[^-]+?)-(?P[^-]+?)-(?P[^.]+?)\.whl$""", ++ r"""^(?P(?P[^\s-]+?)-(?P[^\s-]+?))(-(?P\d[^\s-]*))? ++ -(?P[^\s-]+?)-(?P[^\s-]+?)-(?P\S+)\.whl$""", + re.VERBOSE) + + +diff --git a/tests/test_wheelfile.py b/tests/test_wheelfile.py +index db11bcd..91e8aab 100644 +--- a/tests/test_wheelfile.py ++++ b/tests/test_wheelfile.py +@@ -16,9 +16,16 @@ def wheel_path(tmpdir): + return str(tmpdir.join('test-1.0-py2.py3-none-any.whl')) + + +-def test_wheelfile_re(tmpdir): +- # Regression test for #208 +- path = tmpdir.join('foo-2-py3-none-any.whl') ++@pytest.mark.parametrize( ++ "filename", ++ [ ++ "foo-2-py3-none-any.whl", ++ "foo-2-py2.py3-none-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", ++ ], ++) ++def test_wheelfile_re(filename, tmpdir): ++ # Regression test for #208 and #485 ++ path = tmpdir.join(filename) + with WheelFile(str(path), 'w') as wf: + assert wf.parsed_filename.group('namever') == 'foo-2' + +@@ -28,7 +35,8 @@ def test_wheelfile_re(tmpdir): + 'test-1.0.whl', + 'test-1.0-py2.whl', + 'test-1.0-py2-none.whl', +- 'test-1.0-py2-none-any' ++ 'test-1.0-py2-none-any', ++ "test-1.0-py 2-none-any.whl", + ]) + def test_bad_wheel_filename(filename): + exc = pytest.raises(WheelError, WheelFile, filename) +-- +2.33.0 + + diff --git a/python-wheel.spec b/python-wheel.spec index 0f76dbcef652015d909df0504dadea7bde0f059c..8b65cffbd952f1686a85d0096e14710c7b19e4ee 100644 --- a/python-wheel.spec +++ b/python-wheel.spec @@ -1,7 +1,7 @@ %bcond_with bootstrap Name: python-wheel Version: 0.37.0 -Release: 6 +Release: 7 Epoch: 1 Summary: Built-package format for Python License: MIT @@ -12,6 +12,7 @@ BuildArch: noarch Patch01: 0001-Fixed-wheel-pack-duplicating-WHEEL-contents-on-build.patch Patch02: 0001-Support-unpacking-wheels-that-contain-files-with-com.patch Patch03: CVE-2022-40898.patch +Patch04: backport-Fixed-parsing-of-wheel-file-names-with-multiple-platform-tags.patch %description A built-package format for Python. @@ -83,6 +84,9 @@ PYTHONPATH=%{buildroot}%{python3_sitelib} py.test-3 -v --ignore build %endif %changelog +* Tue Dec 19 2023 shixuantong - 1:0.37.0-7 +- Fixed parsing of wheel file names with multiple platform tags + * Thu Dec 07 2023 wangkai <13474090681@163.com> - 1:0.37.0-6 - Fix CVE-2022-40898