From 6f4e373cc09e192c70e0cd91b4c71f9975846129 Mon Sep 17 00:00:00 2001 From: Himaja Kesari Date: Wed, 18 Sep 2024 09:32:48 -0700 Subject: [PATCH 1/2] upgrade setuptools to fix CVE-2024-6345 --- SPECS/python-setuptools/python-setuptools.signatures.json | 2 +- SPECS/python-setuptools/python-setuptools.spec | 7 +++++-- cgmanifest.json | 4 ++-- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/SPECS/python-setuptools/python-setuptools.signatures.json b/SPECS/python-setuptools/python-setuptools.signatures.json index d4f49340e93..3b2c3410bb9 100644 --- a/SPECS/python-setuptools/python-setuptools.signatures.json +++ b/SPECS/python-setuptools/python-setuptools.signatures.json @@ -1,5 +1,5 @@ { "Signatures": { - "setuptools-69.0.3.tar.gz": "be1af57fc409f93647f2e8e4573a142ed38724b8cdd389706a867bb4efcf1e78" + "setuptools-70.0.0.tar.gz": "f211a66637b8fa059bb28183da127d4e86396c991a942b028c6650d4319c3fd0" } } diff --git a/SPECS/python-setuptools/python-setuptools.spec b/SPECS/python-setuptools/python-setuptools.spec index 507500c5dc9..56c13713b24 100644 --- a/SPECS/python-setuptools/python-setuptools.spec +++ b/SPECS/python-setuptools/python-setuptools.spec @@ -5,8 +5,8 @@ Setuptools is a fully-featured, actively-maintained, and stable library designed Summary: Easily build and distribute Python packages Name: python-setuptools -Version: 69.0.3 -Release: 3%{?dist} +Version: 70.0.0 +Release: 1%{?dist} License: MIT Vendor: Microsoft Corporation Distribution: Azure Linux @@ -57,6 +57,9 @@ EOF %{python3_sitelib}/setuptools-%{version}.dist-info/* %changelog +* Web Sep 18 2024 Himaja Kesari - 70.0.0-1 +- Bump release to fix CVE-2024-6345 + * Thu Aug 29 2024 Andrew Phelps - 69.0.3-3 - Bump release to rebuild and resolve python3dist provides issue diff --git a/cgmanifest.json b/cgmanifest.json index 30723ca1b9e..5dccfbd4608 100644 --- a/cgmanifest.json +++ b/cgmanifest.json @@ -24253,8 +24253,8 @@ "type": "other", "other": { "name": "python-setuptools", - "version": "69.0.3", - "downloadUrl": "https://pypi.org/packages/source/s/setuptools/setuptools-69.0.3.tar.gz" + "version": "70.0.0", + "downloadUrl": "https://pypi.org/packages/source/s/setuptools/setuptools-70.0.0.tar.gz" } } }, From 9a7d26382d1133cda443f9d6e886a2fa800b283b Mon Sep 17 00:00:00 2001 From: Himaja Kesari Date: Wed, 18 Sep 2024 09:57:06 -0700 Subject: [PATCH 2/2] change toolkit resources --- toolkit/resources/manifests/package/pkggen_core_aarch64.txt | 2 +- toolkit/resources/manifests/package/pkggen_core_x86_64.txt | 2 +- toolkit/resources/manifests/package/toolchain_aarch64.txt | 2 +- toolkit/resources/manifests/package/toolchain_x86_64.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index 31e566a11e9..20b07f3af78 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -243,7 +243,7 @@ unzip-6.0-20.azl3.aarch64.rpm python3-3.12.3-3.azl3.aarch64.rpm python3-devel-3.12.3-3.azl3.aarch64.rpm python3-libs-3.12.3-3.azl3.aarch64.rpm -python3-setuptools-69.0.3-3.azl3.noarch.rpm +python3-setuptools-70.0.0-1.azl3.noarch.rpm python3-pygments-2.7.4-2.azl3.noarch.rpm which-2.21-8.azl3.aarch64.rpm libselinux-3.6-3.azl3.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 06efa9d02bf..3560ce3c6e6 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -243,7 +243,7 @@ unzip-6.0-20.azl3.x86_64.rpm python3-3.12.3-3.azl3.x86_64.rpm python3-devel-3.12.3-3.azl3.x86_64.rpm python3-libs-3.12.3-3.azl3.x86_64.rpm -python3-setuptools-69.0.3-3.azl3.noarch.rpm +python3-setuptools-70.0.0-1.azl3.noarch.rpm python3-pygments-2.7.4-2.azl3.noarch.rpm which-2.21-8.azl3.x86_64.rpm libselinux-3.6-3.azl3.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index f6bd0b6c5ba..0cf6d66958b 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -551,7 +551,7 @@ python3-pip-24.0-2.azl3.noarch.rpm python3-pygments-2.7.4-2.azl3.noarch.rpm python3-rpm-4.18.2-1.azl3.aarch64.rpm python3-rpm-generators-14-11.azl3.noarch.rpm -python3-setuptools-69.0.3-3.azl3.noarch.rpm +python3-setuptools-70.0.0-1.azl3.noarch.rpm python3-test-3.12.3-3.azl3.aarch64.rpm python3-tools-3.12.3-3.azl3.aarch64.rpm python3-wheel-0.43.0-1.azl3.noarch.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 8826bb7eb40..5ed118c7156 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -557,7 +557,7 @@ python3-pip-24.0-2.azl3.noarch.rpm python3-pygments-2.7.4-2.azl3.noarch.rpm python3-rpm-4.18.2-1.azl3.x86_64.rpm python3-rpm-generators-14-11.azl3.noarch.rpm -python3-setuptools-69.0.3-3.azl3.noarch.rpm +python3-setuptools-70.0.0-1.azl3.noarch.rpm python3-test-3.12.3-3.azl3.x86_64.rpm python3-tools-3.12.3-3.azl3.x86_64.rpm python3-wheel-0.43.0-1.azl3.noarch.rpm