Sync from SUSE:ALP:Source:Standard:1.0 python-Jinja2 revision 1c38a1df7fac177a9a09d229df058bea
This commit is contained in:
commit
0d2f1aeffa
23
.gitattributes
vendored
Normal file
23
.gitattributes
vendored
Normal file
@ -0,0 +1,23 @@
|
||||
## Default LFS
|
||||
*.7z filter=lfs diff=lfs merge=lfs -text
|
||||
*.bsp filter=lfs diff=lfs merge=lfs -text
|
||||
*.bz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.gem filter=lfs diff=lfs merge=lfs -text
|
||||
*.gz filter=lfs diff=lfs merge=lfs -text
|
||||
*.jar filter=lfs diff=lfs merge=lfs -text
|
||||
*.lz filter=lfs diff=lfs merge=lfs -text
|
||||
*.lzma filter=lfs diff=lfs merge=lfs -text
|
||||
*.obscpio filter=lfs diff=lfs merge=lfs -text
|
||||
*.oxt filter=lfs diff=lfs merge=lfs -text
|
||||
*.pdf filter=lfs diff=lfs merge=lfs -text
|
||||
*.png filter=lfs diff=lfs merge=lfs -text
|
||||
*.rpm filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz filter=lfs diff=lfs merge=lfs -text
|
||||
*.tbz2 filter=lfs diff=lfs merge=lfs -text
|
||||
*.tgz filter=lfs diff=lfs merge=lfs -text
|
||||
*.ttf filter=lfs diff=lfs merge=lfs -text
|
||||
*.txz filter=lfs diff=lfs merge=lfs -text
|
||||
*.whl filter=lfs diff=lfs merge=lfs -text
|
||||
*.xz filter=lfs diff=lfs merge=lfs -text
|
||||
*.zip filter=lfs diff=lfs merge=lfs -text
|
||||
*.zst filter=lfs diff=lfs merge=lfs -text
|
104
CVE-2024-34064.patch
Normal file
104
CVE-2024-34064.patch
Normal file
@ -0,0 +1,104 @@
|
||||
From d655030770081e2dfe46f90e27620472a502289d Mon Sep 17 00:00:00 2001
|
||||
From: David Lord <davidism@gmail.com>
|
||||
Date: Thu, 2 May 2024 09:14:00 -0700
|
||||
Subject: [PATCH] disallow invalid characters in keys to xmlattr filter
|
||||
|
||||
---
|
||||
CHANGES.rst | 6 ++++++
|
||||
src/jinja2/filters.py | 22 +++++++++++++++++-----
|
||||
tests/test_filters.py | 11 ++++++-----
|
||||
3 files changed, 29 insertions(+), 10 deletions(-)
|
||||
|
||||
Index: Jinja2-3.1.2/CHANGES.rst
|
||||
===================================================================
|
||||
--- Jinja2-3.1.2.orig/CHANGES.rst
|
||||
+++ Jinja2-3.1.2/CHANGES.rst
|
||||
@@ -9,6 +9,12 @@ Released 2022-04-28
|
||||
:issue:`1645`
|
||||
- Handle race condition in ``FileSystemBytecodeCache``. :issue:`1654`
|
||||
|
||||
+- The ``xmlattr`` filter does not allow keys with ``/`` solidus, ``>``
|
||||
+ greater-than sign, or ``=`` equals sign, in addition to disallowing spaces.
|
||||
+ Regardless of any validation done by Jinja, user input should never be used
|
||||
+ as keys to this filter, or must be separately validated first.
|
||||
+ GHSA-h75v-3vvj-5mfj
|
||||
+
|
||||
|
||||
Version 3.1.1
|
||||
-------------
|
||||
Index: Jinja2-3.1.2/src/jinja2/filters.py
|
||||
===================================================================
|
||||
--- Jinja2-3.1.2.orig/src/jinja2/filters.py
|
||||
+++ Jinja2-3.1.2/src/jinja2/filters.py
|
||||
@@ -248,13 +248,25 @@ def do_items(value: t.Union[t.Mapping[K,
|
||||
yield from value.items()
|
||||
|
||||
|
||||
+# Check for characters that would move the parser state from key to value.
|
||||
+# https://html.spec.whatwg.org/#attribute-name-state
|
||||
+_attr_key_re = re.compile(r"[\s/>=]", flags=re.ASCII)
|
||||
+
|
||||
+
|
||||
@pass_eval_context
|
||||
def do_xmlattr(
|
||||
eval_ctx: "EvalContext", d: t.Mapping[str, t.Any], autospace: bool = True
|
||||
) -> str:
|
||||
"""Create an SGML/XML attribute string based on the items in a dict.
|
||||
- All values that are neither `none` nor `undefined` are automatically
|
||||
- escaped:
|
||||
+
|
||||
+ **Values** that are neither ``none`` nor ``undefined`` are automatically
|
||||
+ escaped, safely allowing untrusted user input.
|
||||
+
|
||||
+ User input should not be used as **keys** to this filter. If any key
|
||||
+ contains a space, ``/`` solidus, ``>`` greater-than sign, or ``=`` equals
|
||||
+ sign, this fails with a ``ValueError``. Regardless of this, user input
|
||||
+ should never be used as keys to this filter, or must be separately validated
|
||||
+ first.
|
||||
|
||||
.. sourcecode:: html+jinja
|
||||
|
||||
@@ -273,12 +285,23 @@ def do_xmlattr(
|
||||
|
||||
As you can see it automatically prepends a space in front of the item
|
||||
if the filter returned something unless the second parameter is false.
|
||||
+
|
||||
+ Keys with ``/`` solidus, ``>`` greater-than sign, or ``=`` equals sign
|
||||
+ are not allowed.
|
||||
+
|
||||
+ Keys with spaces are not allowed.
|
||||
"""
|
||||
- rv = " ".join(
|
||||
- f'{escape(key)}="{escape(value)}"'
|
||||
- for key, value in d.items()
|
||||
- if value is not None and not isinstance(value, Undefined)
|
||||
- )
|
||||
+ items = []
|
||||
+ for key, value in d.items():
|
||||
+ if value is None or isinstance(value, Undefined):
|
||||
+ continue
|
||||
+
|
||||
+ if _attr_key_re.search(key) is not None:
|
||||
+ raise ValueError("Invalid character in attribute name: {key!r}")
|
||||
+
|
||||
+ items.append(f'{escape(key)}="{escape(value)}"')
|
||||
+
|
||||
+ rv = " ".join(items)
|
||||
|
||||
if autospace and rv:
|
||||
rv = " " + rv
|
||||
Index: Jinja2-3.1.2/tests/test_filters.py
|
||||
===================================================================
|
||||
--- Jinja2-3.1.2.orig/tests/test_filters.py
|
||||
+++ Jinja2-3.1.2/tests/test_filters.py
|
||||
@@ -871,3 +871,10 @@ class TestFilter:
|
||||
with pytest.raises(TemplateRuntimeError, match="No filter named 'f'"):
|
||||
t1.render(x=42)
|
||||
t2.render(x=42)
|
||||
+
|
||||
+ @pytest.mark.parametrize("sep", ("\t", "\n", "\f", " ", "/", ">", "="))
|
||||
+ def test_xmlattr_key_invalid(self, env: Environment, sep: str) -> None:
|
||||
+ with pytest.raises(ValueError, match="Invalid character"):
|
||||
+ env.from_string("{{ {key: 'my_class'}|xmlattr }}").render(
|
||||
+ key=f"class{sep}onclick=alert(1)"
|
||||
+ )
|
BIN
Jinja2-3.1.2.tar.gz
(Stored with Git LFS)
Normal file
BIN
Jinja2-3.1.2.tar.gz
(Stored with Git LFS)
Normal file
Binary file not shown.
622
python-Jinja2.changes
Normal file
622
python-Jinja2.changes
Normal file
@ -0,0 +1,622 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 3 07:16:34 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
|
||||
|
||||
- Add CVE-2024-34064.patch upstream patch
|
||||
(CVE-2024-34064, bsc#1223980, gh#pallets/jinja@0668239dc6b4)
|
||||
Also fixes (CVE-2024-22195, bsc#1218722)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Apr 21 12:20:44 UTC 2023 - Dirk Müller <dmueller@suse.com>
|
||||
|
||||
- add sle15_python_module_pythons (jsc#PED-68)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 13 22:42:17 UTC 2023 - Matej Cepl <mcepl@suse.com>
|
||||
|
||||
- Make calling of %{sle15modernpython} optional.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Dec 2 07:35:08 UTC 2022 - Johannes Kastl <kastl@b1-systems.de>
|
||||
|
||||
- ignore 'pytest.PytestRemovedIn8Warning: Support for nose tests is
|
||||
deprecated and will be removed in a future release.' error from
|
||||
pytest 7.2
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Jun 4 11:35:44 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
||||
|
||||
- update to 3.1.2:
|
||||
* Add parameters to ``Environment.overlay`` to match ``__init__``.
|
||||
* Handle race condition in ``FileSystemBytecodeCache``. :issue:`1654`
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Mar 27 18:03:52 UTC 2022 - Arun Persaud <arun@gmx.de>
|
||||
|
||||
- specfile:
|
||||
* update copyright year
|
||||
* require python-base >= 3.7
|
||||
|
||||
- update to version 3.1.1:
|
||||
* The template filename on Windows uses the primary path separator.
|
||||
:issue:`1637`
|
||||
|
||||
- changes from version 3.1.0:
|
||||
* Drop support for Python 3.6. :pr:`1534`
|
||||
* Remove previously deprecated code. :pr:`1544`
|
||||
+ "WithExtension" and "AutoEscapeExtension" are built-in now.
|
||||
+ "contextfilter" and "contextfunction" are replaced by
|
||||
"pass_context". "evalcontextfilter" and "evalcontextfunction"
|
||||
are replaced by "pass_eval_context". "environmentfilter" and
|
||||
"environmentfunction" are replaced by "pass_environment".
|
||||
+ "Markup" and "escape" should be imported from MarkupSafe.
|
||||
+ Compiled templates from very old Jinja versions may need to be
|
||||
recompiled.
|
||||
+ Legacy resolve mode for "Context" subclasses is no longer
|
||||
supported. Override "resolve_or_missing" instead of "resolve".
|
||||
+ "unicode_urlencode" is renamed to "url_quote".
|
||||
* Add support for native types in macros. :issue:`1510`
|
||||
* The "{% trans %}" tag can use "pgettext" and "npgettext" by
|
||||
passing a context string as the first token in the tag, like "{%
|
||||
trans "title" %}". :issue:`1430`
|
||||
* Update valid identifier characters from Python 3.6 to 3.7.
|
||||
:pr:`1571`
|
||||
* Filters and tests decorated with "@async_variant" are pickleable.
|
||||
:pr:`1612`
|
||||
* Add "items" filter. :issue:`1561`
|
||||
* Subscriptions ("[0]", etc.) can be used after filters, tests, and
|
||||
calls when the environment is in async mode. :issue:`1573`
|
||||
* The "groupby" filter is case-insensitive by default, matching
|
||||
other comparison filters. Added the "case_sensitive" parameter
|
||||
to control this. :issue:`1463`
|
||||
* Windows drive-relative path segments in template names will not
|
||||
result in "FileSystemLoader" and "PackageLoader" loading from
|
||||
drive-relative paths. :pr:`1621`
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Nov 14 14:59:31 UTC 2021 - Michael Ströder <michael@stroeder.com>
|
||||
|
||||
- update to 3.0.3
|
||||
* Fix traceback rewriting internals for Python 3.10 and 3.11. (#1535)
|
||||
* Fix how the native environment treats leading and trailing spaces
|
||||
when parsing values on Python 3.10. (PR#1537)
|
||||
* Improve async performance by avoiding checks for common types. (#1514)
|
||||
* Revert change to ``hash(Node)`` behavior. Nodes are hashed by id again (#1521)
|
||||
* ``PackageLoader`` works when the package is a single module file. (#1512)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Oct 10 00:16:28 UTC 2021 - Michael Ströder <michael@stroeder.com>
|
||||
|
||||
- dropped obsolete no-warnings-as-errors.patch
|
||||
- update to 3.0.2
|
||||
* Fix a loop scoping bug that caused assignments in nested loops to still
|
||||
be referenced outside of it. #1427
|
||||
* Make compile_templates deterministic for filter and import names. #1452, #1453
|
||||
* Revert an unintended change that caused Undefined to act like
|
||||
StrictUndefined for the in operator. #1448
|
||||
* Imported macros have access to the current template globals in async
|
||||
environments. #1494
|
||||
* PackageLoader will not include a current directory (.) path segment.
|
||||
This allows loading templates from the root of a zip import. #1467
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Sep 10 08:07:58 UTC 2021 - Steve Kowalik <steven.kowalik@suse.com>
|
||||
|
||||
- Add no-warnings-as-errors.patch:
|
||||
* Do not treat warnings as errors until upstream fix using async loops.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Aug 6 07:34:44 UTC 2021 - Markéta Machová <mmachova@suse.com>
|
||||
|
||||
- Babel is not required
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jul 9 11:03:56 UTC 2021 - Ben Greiner <code@bnavigator.de>
|
||||
|
||||
- clean up single-spec: Remove python2 remnants
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Jun 19 12:42:15 UTC 2021 - Michael Ströder <michael@stroeder.com>
|
||||
|
||||
- updated upstream project URL
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Jun 13 13:55:29 UTC 2021 - Michael Ströder <michael@stroeder.com>
|
||||
|
||||
- skip building for Python 2.x
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon May 31 06:38:35 UTC 2021 - Adrian Schröter <adrian@suse.de>
|
||||
|
||||
- update to 3.0.1
|
||||
Read the announcement:
|
||||
https://palletsprojects.com/blog/flask-2-0-released/
|
||||
Read the full list of changes:
|
||||
https://jinja.palletsprojects.com/changes/#version-3-0-0
|
||||
- python-Jinja2-vim subpackage dropped
|
||||
vim highlight rule files do not exist anymore
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 9 15:42:40 UTC 2021 - Alexandros Toptsoglou <atoptsoglou@suse.com>
|
||||
|
||||
- update to 2.11.3
|
||||
* Improve the speed of the urlize filter by reducing regex backtracking.
|
||||
Email matching requires a word character at the start of the domain part
|
||||
and only word characters in the TLD (CVE-2020-28493 bsc#1181944).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon May 4 09:35:51 UTC 2020 - Johannes Grassler <johannes.grassler@suse.com>
|
||||
|
||||
- update to 2.11.2
|
||||
* Fix a bug that caused callable objects with __getattr__, like
|
||||
:class:~unittest.mock.Mock to be treated as a
|
||||
:func:contextfunction. :issue:1145
|
||||
* Update wordcount filter to trigger :class:Undefined methods
|
||||
by wrapping the input in :func:soft_unicode. :pr:1160
|
||||
* Fix a hang when displaying tracebacks on Python 32-bit.
|
||||
:issue:1162
|
||||
* Showing an undefined error for an object that raises
|
||||
AttributeError on access doesn't cause a recursion error.
|
||||
:issue:1177
|
||||
* Revert changes to :class:~loaders.PackageLoader from 2.10 which
|
||||
removed the dependency on setuptools and pkg_resources, and added
|
||||
limited support for namespace packages. The changes caused issues
|
||||
when using Pytest. Due to the difficulty in supporting Python 2 and
|
||||
:pep:451 simultaneously, the changes are reverted until 3.0.
|
||||
:pr:1182
|
||||
* Fix line numbers in error messages when newlines are stripped.
|
||||
:pr:1178
|
||||
* The special namespace() assignment object in templates works in
|
||||
async environments. :issue:1180
|
||||
* Fix whitespace being removed before tags in the middle of lines when
|
||||
lstrip_blocks is enabled. :issue:1138
|
||||
* :class:~nativetypes.NativeEnvironment doesn't evaluate
|
||||
intermediate strings during rendering. This prevents early
|
||||
evaluation which could change the value of an expression.
|
||||
:issue:1186
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Apr 8 11:59:35 UTC 2020 - Tomáš Chvátal <tchvatal@suse.com>
|
||||
|
||||
- Enable testing on other archs again
|
||||
- Do not pull in py2 package on vim syntax
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 21 18:56:05 UTC 2020 - Ondřej Súkup <mimi.vx@gmail.com>
|
||||
|
||||
- disable tests on 32bit archs
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 18 17:26:13 UTC 2020 - Ondřej Súkup <mimi.vx@gmail.com>
|
||||
|
||||
- update to 2.11.1
|
||||
* Fix a bug that prevented looking up a key after an attribute
|
||||
({{ data.items[1:] }}) in an async template
|
||||
* Drop support for Python 2.6, 3.3, and 3.4. This will be the last version
|
||||
to support Python 2.7 and 3.5.
|
||||
* Added a new ChainableUndefined class to support getitem and getattr
|
||||
on an undefined object.
|
||||
* Allow {%+ syntax (with NOP behavior) when lstrip_blocks is disabled.
|
||||
* Added a default parameter for the map filter.
|
||||
* Exclude environment globals from meta.find_undeclared_variables().
|
||||
* Float literals can be written with scientific notation, like 2.56e-3.
|
||||
* Int and float literals can be written with the ‘_’ separator
|
||||
for legibility, like 12_345.
|
||||
* Fix a bug causing deadlocks in LRUCache.setdefault
|
||||
* The trim filter takes an optional string of characters to trim.
|
||||
* A new jinja2.ext.debug extension adds a {% debug %} tag to quickly dump
|
||||
the current context and available filters and tests.
|
||||
* Lexing templates with large amounts of whitespace is much faster.
|
||||
* Parentheses around comparisons are preserved, so {{ 2 * (3 < 5) }} outputs
|
||||
“2” instead of “False”.
|
||||
* Add new boolean, false, true, integer and float tests.
|
||||
* The environment’s finalize function is only applied to the output of expressions
|
||||
(constant or not), not static template data.
|
||||
* When providing multiple paths to FileSystemLoader, a template can have
|
||||
the same name as a directory.
|
||||
* Always return Undefined when omitting the else clause in a {{ 'foo' if bar }}
|
||||
expression, regardless of the environment’s undefined class. Omitting
|
||||
the else clause is a valid shortcut and should not raise an error when using
|
||||
StrictUndefined.
|
||||
* Fix behavior of loop control variables such as length and revindex0 when
|
||||
looping over a generator.
|
||||
* Async support is only loaded the first time an environment enables it,
|
||||
in order to avoid a slow initial import.
|
||||
* In async environments, the |map filter will await the filter call if needed.
|
||||
* In for loops that access loop attributes, the iterator is not advanced ahead
|
||||
of the current iteration unless length, revindex, nextitem, or last are accessed.
|
||||
This makes it less likely to break groupby results.
|
||||
* In async environments, the loop attributes length and revindex work for async iterators.
|
||||
* In async environments, values from attribute/property access will be awaited if needed.
|
||||
* PackageLoader doesn’t depend on setuptools or pkg_resources.
|
||||
* PackageLoader has limited support for PEP 420 namespace packages.
|
||||
* Support os.PathLike objects in FileSystemLoader and ModuleLoader
|
||||
* NativeTemplate correctly handles quotes between expressions. "'{{ a }}', '{{ b }}'"
|
||||
renders as the tuple ('1', '2') rather than the string '1, 2'.
|
||||
* Creating a NativeTemplate directly creates a NativeEnvironment instead
|
||||
of a default Environment.
|
||||
* After calling LRUCache.copy(), the copy’s queue methods point to the correct queue.
|
||||
* Compiling templates always writes UTF-8 instead of defaulting to the system encoding.
|
||||
* |wordwrap filter treats existing newlines as separate paragraphs to be wrapped
|
||||
individually, rather than creating short intermediate lines.
|
||||
* Add break_on_hyphens parameter to |wordwrap filter.
|
||||
* Cython compiled functions decorated as context functions will be passed the context.
|
||||
* When chained comparisons of constants are evaluated at compile time,
|
||||
the result follows Python’s behavior of returning False if any comparison
|
||||
returns False, rather than only the last one
|
||||
* Tracebacks for exceptions in templates show the correct line numbers
|
||||
and source for Python >= 3.7.
|
||||
* Tracebacks for template syntax errors in Python 3 no longer show
|
||||
internal compiler frames
|
||||
* Add a DerivedContextReference node that can be used by extensions to get
|
||||
the current context and local variables such as loop
|
||||
* Constant folding during compilation is applied to some node types
|
||||
that were previously overlooked
|
||||
* TemplateSyntaxError.source is not empty when raised from an included template.
|
||||
* Passing an Undefined value to get_template (such as through extends, import,
|
||||
or include), raises an UndefinedError consistently. select_template will show
|
||||
the undefined message in the list of attempts rather than the empty string.
|
||||
* TemplateSyntaxError can be pickled.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Oct 7 13:37:05 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||||
|
||||
- Update to 2.10.3:
|
||||
* Fix Python 3.7 deprecation warnings.
|
||||
* Using range in the sandboxed environment uses xrange on Python 2 to avoid memory use. :issue:`933`
|
||||
* Use Python 3.7's better traceback support to avoid a core dump when using debug builds of Python 3.7. :issue:`1050`
|
||||
* Fix a typo in Babel entry point in setup.py that was preventing installation.
|
||||
- Remove merged python38.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 24 11:06:41 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
|
||||
|
||||
- Add patch to work with python 3.8:
|
||||
* python38.patch
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Apr 13 16:46:23 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
||||
|
||||
- Trim bias from descriptions. Make sure % is escaped.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Apr 13 03:06:31 UTC 2019 - Arun Persaud <arun@gmx.de>
|
||||
|
||||
- update to version 2.10.1 (bsc#1132323, CVE-2019-10906, bsc#1125815, CVE-2019-8341):
|
||||
* "SandboxedEnvironment" securely handles "str.format_map" in order
|
||||
to prevent code execution through untrusted format strings. The
|
||||
sandbox already handled "str.format".
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 19 03:45:55 UTC 2019 - John Vandenberg <jayvdb@gmail.com>
|
||||
|
||||
- Activate test suite
|
||||
- Add minimum build dependency to match runtime dependency
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Dec 10 12:43:01 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
|
||||
|
||||
- Fix fdupes call
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Dec 4 12:49:28 UTC 2018 - Matej Cepl <mcepl@suse.com>
|
||||
|
||||
- Remove superfluous devel dependency for noarch package
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Mar 6 15:52:17 UTC 2018 - aplanas@suse.com
|
||||
|
||||
- Allows Recommends and Suggest in Fedora
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 27 17:41:33 UTC 2018 - aplanas@suse.com
|
||||
|
||||
- Recommends only for SUSE
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 9 06:26:51 UTC 2017 - arun@gmx.de
|
||||
|
||||
- specfile:
|
||||
* CHANGES -> CHANGES.rst
|
||||
* added README.rst to %doc section
|
||||
|
||||
- update to version 2.10:
|
||||
* Added a new extension node called "OverlayScope" which can be used
|
||||
to create an unoptimized scope that will look up all variables
|
||||
from a derived context.
|
||||
* Added an "in" test that works like the in operator. This can be
|
||||
used in combination with "reject" and "select".
|
||||
* Added "previtem" and "nextitem" to loop contexts, providing access
|
||||
to the previous/next item in the loop. If such an item does not
|
||||
exist, the value is undefined.
|
||||
* Added "changed(*values)" to loop contexts, providing an easy way
|
||||
of checking whether a value has changed since the last iteration
|
||||
(or rather since the last call of the method)
|
||||
* Added a "namespace" function that creates a special object which
|
||||
allows attribute assignment using the "set" tag. This can be used
|
||||
to carry data across scopes, e.g. from a loop body to code that
|
||||
comes after the loop.
|
||||
* Added a "trimmed" modifier to "{% trans %}" to strip linebreaks
|
||||
and surrounding whitespace. Also added a new policy to enable this
|
||||
for all "trans" blocks.
|
||||
* The "random" filter is no longer incorrectly constant folded and
|
||||
will produce a new random choice each time the template is
|
||||
rendered. (`#478`_)
|
||||
* Added a "unique" filter. (`#469`_)
|
||||
* Added "min" and "max" filters. (`#475`_)
|
||||
* Added tests for all comparison operators: "eq", "ne", "lt", "le",
|
||||
"gt", "ge". (`#665`_)
|
||||
* "import" statement cannot end with a trailing comma. (`#617`_,
|
||||
`#618`_)
|
||||
* "indent" filter will not indent blank lines by default. (`#685`_)
|
||||
* Add "reverse" argument for "dictsort" filter. (`#692`_)
|
||||
* Add a "NativeEnvironment" that renders templates to native Python
|
||||
types instead of strings. (`#708`_)
|
||||
* Added filter support to the block "set" tag. (`#489`_)
|
||||
* "tojson" filter marks output as safe to match documented behavior.
|
||||
(`#718`_)
|
||||
* Resolved a bug where getting debug locals for tracebacks could
|
||||
modify template context.
|
||||
* Fixed a bug where having many "{% elif ... %}" blocks resulted in
|
||||
a "too many levels of indentation" error. These blocks now
|
||||
compile to native "elif ..:" instead of "else: if ..:" (`#759`_)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Apr 4 14:56:17 UTC 2017 - jmatejek@suse.com
|
||||
|
||||
- update for singlespec
|
||||
- update to 2.9.6
|
||||
* fixed custom context behavior in fast resolve mode
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 22 04:39:40 UTC 2017 - dmueller@suse.com
|
||||
|
||||
- fix requires
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Mar 15 13:55:57 UTC 2017 - michael@stroeder.com
|
||||
|
||||
- Update to 2.9.5 (bsc#1132174, CVE-2016-10745)
|
||||
(see the changes in /usr/share/doc/packages/python-Jinja2/CHANGES)
|
||||
- updated source URL
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Nov 19 13:18:12 UTC 2015 - aplanas@suse.com
|
||||
|
||||
- Update to 2.8
|
||||
- Added `target` parameter to urlize function.
|
||||
- Added support for `followsymlinks` to the file system loader.
|
||||
- The truncate filter now counts the length.
|
||||
- Added equalto filter that helps with select filters.
|
||||
- Changed cache keys to use absolute file names if available
|
||||
instead of load names.
|
||||
- Fixed loop length calculation for some iterators.
|
||||
- Changed how Jinja2 enforces strings to be native strings in
|
||||
Python 2 to work when people break their default encoding.
|
||||
- Added :func:`make_logging_undefined` which returns an undefined
|
||||
object that logs failures into a logger.
|
||||
- If unmarshalling of cached data fails the template will be
|
||||
reloaded now.
|
||||
- Implemented a block ``set`` tag.
|
||||
- Default cache size was incrased to 400 from a low 50.
|
||||
- Fixed ``is number`` test to accept long integers in all Python versions.
|
||||
- Changed ``is number`` to accept Decimal as a number.
|
||||
- Added a check for default arguments followed by non-default arguments. This
|
||||
change makes ``{% macro m(x, y=1, z) %}...{% endmacro %}`` a syntax error. The
|
||||
previous behavior for this code was broken anyway (resulting in the default
|
||||
value being applied to `y`).
|
||||
- Add ability to use custom subclasses of ``jinja2.compiler.CodeGenerator`` and
|
||||
``jinja2.runtime.Context`` by adding two new attributes to the environment
|
||||
(`code_generator_class` and `context_class`) (pull request ``#404``).
|
||||
- added support for context/environment/evalctx decorator functions on
|
||||
the finalize callback of the environment.
|
||||
- escape query strings for urlencode properly. Previously slashes were not
|
||||
escaped in that place.
|
||||
- Add 'base' parameter to 'int' filter.
|
||||
- Tests are removed from the package (not distributed in the tar.gz)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 22 14:20:45 UTC 2015 - jengelh@inai.de
|
||||
|
||||
- Use %python_version over %py_ver: better portability to RHEL
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Aug 15 12:30:58 UTC 2014 - mcihar@suse.cz
|
||||
|
||||
- run testsuite during build
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Aug 15 12:29:35 UTC 2014 - mcihar@suse.cz
|
||||
|
||||
- adjust dependency to use up to date package name for python-MarkupSafe
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Jul 15 10:41:00 UTC 2014 - toddrme2178@gmail.com
|
||||
|
||||
- Update to 2.7.3 (bnc#858239, CVE-2014-0012)
|
||||
- Security issue: Corrected the security fix for the cache folder.
|
||||
This fix was provided by RedHat.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu May 8 21:21:45 UTC 2014 - hpj@urpla.net
|
||||
|
||||
- fix package build (file selection missing)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Apr 26 19:38:39 UTC 2014 - dmueller@suse.com
|
||||
|
||||
- avoid rebuildcycle with vim
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 13 13:18:53 UTC 2014 - dmueller@suse.com
|
||||
|
||||
- update to 2.7.2:
|
||||
- Prefix loader was not forwarding the locals properly to
|
||||
inner loaders. This is now fixed.
|
||||
- Security issue: Changed the default folder for the filesystem cache to be
|
||||
user specific and read and write protected on UNIX systems. See `Debian bug
|
||||
734747`_ for more information.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Oct 24 11:07:20 UTC 2013 - speilicke@suse.com
|
||||
|
||||
- Require python-setuptools instead of distribute (upstreams merged)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Sep 2 15:03:25 UTC 2013 - speilicke@suse.com
|
||||
|
||||
- Avoid "Recommends:" on old rpm distros
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Aug 13 09:56:18 UTC 2013 - dmueller@suse.com
|
||||
|
||||
- update to 2.7.1:
|
||||
- Fixed a bug with ``call_filter`` not working properly on environment
|
||||
and context filters.
|
||||
- Fixed lack of Python 3 support for bytecode caches.
|
||||
- Reverted support for defining blocks in included templates as this
|
||||
broke existing templates for users.
|
||||
- Fixed some warnings with hashing of undefineds and nodes if Python
|
||||
is run with warnings for Python 3.
|
||||
- Added support for properly hashing undefined objects.
|
||||
- Fixed a bug with the title filter not working on already uppercase
|
||||
strings.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Jul 11 14:37:06 UTC 2013 - dmueller@suse.com
|
||||
|
||||
- update to 2.7:
|
||||
- Choice and prefix loaders now dispatch source and template lookup
|
||||
separately in order to work in combination with module loaders as
|
||||
advertised.
|
||||
- Fixed filesizeformat.
|
||||
- Added a non-silent option for babel extraction.
|
||||
- Added `urlencode` filter that automatically quotes values for
|
||||
URL safe usage with utf-8 as only supported encoding. If applications
|
||||
want to change this encoding they can override the filter.
|
||||
- Added `keep-trailing-newline` configuration to environments and
|
||||
templates to optionally preserve the final trailing newline.
|
||||
- Accessing `last` on the loop context no longer causes the iterator
|
||||
to be consumed into a list.
|
||||
- Python requirement changed: 2.6, 2.7 or >= 3.3 are required now,
|
||||
supported by same source code, using the "six" compatibility library.
|
||||
- Allow `contextfunction` and other decorators to be applied to `__call__`.
|
||||
- Added support for changing from newline to different signs in the `wordwrap`
|
||||
filter.
|
||||
- Added support for ignoring memcache errors silently.
|
||||
- Added support for keeping the trailing newline in templates.
|
||||
- Added finer grained support for stripping whitespace on the left side
|
||||
of blocks.
|
||||
- Added `map`, `select`, `reject`, `selectattr` and `rejectattr`
|
||||
filters.
|
||||
- Added support for `loop.depth` to figure out how deep inside a recursive
|
||||
loop the code is.
|
||||
- Disabled py_compile for pypy and python 3.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 30 13:06:58 UTC 2012 - toddrme2178@gmail.com
|
||||
|
||||
- Fix building python 3 package on openSUSE 11.4 x86_64
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 26 14:08:18 UTC 2012 - toddrme2178@gmail.com
|
||||
|
||||
- Add 2to3 buildrequires to allow for proper conversion of python 3
|
||||
version
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Apr 23 12:00:49 UTC 2012 - toddrme2178@gmail.com
|
||||
|
||||
- Add python 3 package
|
||||
- Simplify vim plugin packaging
|
||||
- Add suggests for vim and emacs in their respective
|
||||
packages
|
||||
- Removed test for obsolete openSUSE version
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Feb 23 13:44:50 UTC 2012 - saschpe@suse.de
|
||||
|
||||
- Simplified macro usage
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 22 12:00:51 UTC 2011 - saschpe@suse.de
|
||||
|
||||
- Split of 'vim' and 'emacs' sub-packages that contain syntax highlighting
|
||||
support for both editors
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 22 09:13:19 UTC 2011 - saschpe@suse.de
|
||||
|
||||
- Set license to BSD-3-Clause (SPDX style)
|
||||
- Require python-distribute instead of python-setuptools
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Tue Sep 20 12:57:24 UTC 2011 - saschpe@suse.de
|
||||
|
||||
- Update to version 2.6:
|
||||
* internal attributes now raise an internal attribute error now instead
|
||||
of returning an undefined. This fixes problems when passing undefined
|
||||
objects to Python semantics expecting APIs.
|
||||
* traceback support now works properly for PyPy. (Tested with 1.4)
|
||||
* implemented operator intercepting for sandboxed environments. This
|
||||
allows application developers to disable builtin operators for better
|
||||
security. (For instance limit the mathematical operators to actual
|
||||
integers instead of longs)
|
||||
* groupby filter now supports dotted notation for grouping by attributes
|
||||
of attributes.
|
||||
* scoped blocks not properly treat toplevel assignments and imports.
|
||||
Previously an import suddenly "disappeared" in a scoped block.
|
||||
* automatically detect newer Python interpreter versions before loading code
|
||||
from bytecode caches to prevent segfaults on invalid opcodes. The segfault
|
||||
in earlier Jinja2 versions here was not a Jinja2 bug but a limitation in
|
||||
the underlying Python interpreter. If you notice Jinja2 segfaulting in
|
||||
earlier versions after an upgrade of the Python interpreter you don't have
|
||||
to upgrade, it's enough to flush the bytecode cache. This just no longer
|
||||
makes this necessary, Jinja2 will automatically detect these cases now.
|
||||
* the sum filter can now sum up values by attribute. This is a backwards
|
||||
incompatible change. The argument to the filter previously was the
|
||||
optional starting index which defaultes to zero. This now became the
|
||||
second argument to the function because it's rarely used.
|
||||
* like sum, sort now also makes it possible to order items by attribute.
|
||||
* like sum and sort, join now also is able to join attributes of objects
|
||||
as string.
|
||||
* the internal eval context now has a reference to the environment.
|
||||
* added a mapping test to see if an object is a dict or an object with
|
||||
a similar interface.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jul 20 20:27:08 UTC 2011 - saschpe@gmx.de
|
||||
|
||||
- Renamed to python-Jinja2
|
||||
- Fix wrong EOL encodings
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Apr 7 14:56:33 UTC 2011 - saschpe@suse.de
|
||||
|
||||
- Do not require python-setuptools, buildrequires is sufficient
|
||||
- Removed authors from description
|
||||
- Changed license to BSD3c
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sun Dec 12 17:45:39 UTC 2010 - saschpe@gmx.de
|
||||
|
||||
- rpmlint issues cleanup
|
||||
* fdupes, tar.bz2 tarball, ...
|
||||
- package docs again (lost with last revision)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Sat Dec 11 23:23:05 UTC 2010 - saschpe@gmx.de
|
||||
|
||||
- re-generated spec file with py2pack
|
||||
* now builds for Fedora and Mandriva
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Thu Sep 17 20:33:11 UTC 2009 - alexandre@exatati.com.br
|
||||
|
||||
- Update to 2.2.1;
|
||||
- Fixed changes file name.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 8 14:05:51 CEST 2009 - poeml@suse.de
|
||||
|
||||
- initial package (2.1.1)
|
||||
|
77
python-Jinja2.spec
Normal file
77
python-Jinja2.spec
Normal file
@ -0,0 +1,77 @@
|
||||
#
|
||||
# spec file for package python-Jinja2
|
||||
#
|
||||
# Copyright (c) 2023 SUSE LLC
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
# upon. The license for this file, and modifications and additions to the
|
||||
# file, is the same license as for the pristine package itself (unless the
|
||||
# license for the pristine package is not an Open Source License, in which
|
||||
# case the license is the MIT License). An "Open Source License" is a
|
||||
# license that conforms to the Open Source Definition (Version 1.9)
|
||||
# published by the Open Source Initiative.
|
||||
|
||||
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
||||
#
|
||||
|
||||
|
||||
%define skip_python2 1
|
||||
%ifarch %{ix86} armv7l
|
||||
%bcond_with test
|
||||
%else
|
||||
%bcond_without test
|
||||
%endif
|
||||
%{?sle15_python_module_pythons}
|
||||
Name: python-Jinja2
|
||||
Version: 3.1.2
|
||||
Release: 0
|
||||
Summary: A template engine written in pure Python
|
||||
License: BSD-3-Clause
|
||||
URL: https://jinja.palletsprojects.com
|
||||
Source: https://files.pythonhosted.org/packages/source/J/Jinja2/Jinja2-%{version}.tar.gz
|
||||
# PATCH-FIX-UPSTREAM CVE-2024-34064.patch gh#pallets/jinja@0668239dc6b4
|
||||
Patch0: CVE-2024-34064.patch
|
||||
BuildRequires: %{python_module MarkupSafe >= 0.23}
|
||||
BuildRequires: %{python_module base >= 3.7}
|
||||
BuildRequires: %{python_module pytest}
|
||||
BuildRequires: %{python_module setuptools}
|
||||
BuildRequires: dos2unix
|
||||
BuildRequires: fdupes
|
||||
BuildRequires: python-rpm-macros
|
||||
Requires: python-MarkupSafe >= 0.23
|
||||
Recommends: python-Babel >= 0.8
|
||||
# Do not declare buildarch as the tests are arch specific
|
||||
#BuildArch: noarch
|
||||
Provides: python-jinja2 = %{version}-%{release}
|
||||
Obsoletes: python-jinja2 < %{version}-%{release}
|
||||
%python_subpackages
|
||||
|
||||
%description
|
||||
Jinja2 is a template engine written in pure Python. It provides a Django
|
||||
inspired non-XML syntax but supports inline expressions and an optional
|
||||
sandboxed environment.
|
||||
|
||||
%prep
|
||||
%autosetup -p1 -n Jinja2-%{version}
|
||||
dos2unix LICENSE.rst # Fix wrong EOL encoding
|
||||
|
||||
%build
|
||||
%python_build
|
||||
|
||||
%install
|
||||
%python_install
|
||||
%python_expand %fdupes %{buildroot}%{$python_sitelib}
|
||||
|
||||
%check
|
||||
%if %{with test}
|
||||
%pytest -W ignore:'Support for nose tests is deprecated'
|
||||
%endif
|
||||
|
||||
%files %{python_files}
|
||||
%license LICENSE.rst
|
||||
%doc README.rst CHANGES.rst artwork examples
|
||||
%{python_sitelib}/jinja2
|
||||
%{python_sitelib}/Jinja2-%{version}-py%{python_version}.egg-info
|
||||
|
||||
%changelog
|
Loading…
Reference in New Issue
Block a user