From 5f30de9be5268095e73bcbec318b63bd64ee0d1189570929fc14c827cf38d2c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Fri, 13 Sep 2024 16:17:16 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main python-Jinja2 revision 51fcc694bc22fd2fd20acd6b67cd74e7 --- Jinja2-3.1.2.tar.gz | 3 --- jinja2-3.1.4.tar.gz | 3 +++ python-Jinja2.changes | 42 ++++++++++++++++++++++++++++++++++-------- python-Jinja2.spec | 29 ++++++++++++++++------------- 4 files changed, 53 insertions(+), 24 deletions(-) delete mode 100644 Jinja2-3.1.2.tar.gz create mode 100644 jinja2-3.1.4.tar.gz diff --git a/Jinja2-3.1.2.tar.gz b/Jinja2-3.1.2.tar.gz deleted file mode 100644 index 5055b6a..0000000 --- a/Jinja2-3.1.2.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:31351a702a408a9e7595a8fc6150fc3f43bb6bf7e319770cbc0db9df9437e852 -size 268239 diff --git a/jinja2-3.1.4.tar.gz b/jinja2-3.1.4.tar.gz new file mode 100644 index 0000000..617efb2 --- /dev/null +++ b/jinja2-3.1.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4a3aee7acbbe7303aede8e9648d13b8bf88a429282aa6122a993f0ac800cb369 +size 240245 diff --git a/python-Jinja2.changes b/python-Jinja2.changes index 2047152..559f166 100644 --- a/python-Jinja2.changes +++ b/python-Jinja2.changes @@ -1,3 +1,28 @@ +------------------------------------------------------------------- +Mon May 6 18:10:40 UTC 2024 - Dirk Müller + +- update to 3.1.4 (bsc#1223980, CVE-2024-34064): + * The xmlattr filter does not allow keys with / solidus, > + greater-than sign, or = equals sign, in addition to disallowing + spaces. Regardless of any validation done by Jinja, user input + should never be used as keys to this filter, or must be separately + validated first. + +------------------------------------------------------------------- +Mon Jan 29 10:10:29 UTC 2024 - Daniel Garcia + +- Disable broken test with latest version of MarkupSafe (2.1.4) + (gh#pallets/jinja#1930, gh#pallets/markupsafe#417) + +------------------------------------------------------------------- +Fri Jan 12 09:35:16 UTC 2024 - Dirk Müller + +- update to 3.1.3 (bsc#1218722, CVE-2024-22195): + * Fix compiler error when checking if required blocks in parent + templates are xmlattr filter does not allow keys with spaces. + * Make error messages stemming from invalid nesting of {% trans + %} blocks more helpful. :pr:`1916` + ------------------------------------------------------------------- Fri Apr 21 12:20:44 UTC 2023 - Dirk Müller @@ -131,10 +156,11 @@ Mon May 31 06:38:35 UTC 2021 - Adrian Schröter ------------------------------------------------------------------- Tue Feb 9 15:42:40 UTC 2021 - Alexandros Toptsoglou -- update to 2.11.3 - * Improve the speed of the urlize filter by reducing regex backtracking. +- update to 2.11.3 + * Improve the speed of the urlize filter by reducing regex backtracking. Email matching requires a word character at the start of the domain part - and only word characters in the TLD (CVE-2020-28493 bsc#1181944). + and only word characters in the TLD (CVE-2020-28493 bsc#1181944). +- drops CVE-2020-28493.patch in older dists ------------------------------------------------------------------- Mon May 4 09:35:51 UTC 2020 - Johannes Grassler @@ -166,7 +192,7 @@ Mon May 4 09:35:51 UTC 2020 - Johannes Grassler intermediate strings during rendering. This prevents early evaluation which could change the value of an expression. :issue:1186 - + ------------------------------------------------------------------- Wed Apr 8 11:59:35 UTC 2020 - Tomáš Chvátal @@ -180,7 +206,7 @@ Fri Feb 21 18:56:05 UTC 2020 - Ondřej Súkup ------------------------------------------------------------------- Tue Feb 18 17:26:13 UTC 2020 - Ondřej Súkup - + - update to 2.11.1 * Fix a bug that prevented looking up a key after an attribute ({{ data.items[1:] }}) in an async template @@ -426,7 +452,7 @@ Fri Aug 15 12:29:35 UTC 2014 - mcihar@suse.cz Tue Jul 15 10:41:00 UTC 2014 - toddrme2178@gmail.com - Update to 2.7.3 (bnc#858239, CVE-2014-0012) - - Security issue: Corrected the security fix for the cache folder. + - Security issue: Corrected the security fix for the cache folder. This fix was provided by RedHat. ------------------------------------------------------------------- @@ -437,7 +463,7 @@ Thu May 8 21:21:45 UTC 2014 - hpj@urpla.net ------------------------------------------------------------------- Sat Apr 26 19:38:39 UTC 2014 - dmueller@suse.com -- avoid rebuildcycle with vim +- avoid rebuildcycle with vim ------------------------------------------------------------------- Mon Jan 13 13:18:53 UTC 2014 - dmueller@suse.com @@ -521,7 +547,7 @@ Mon Apr 23 12:00:49 UTC 2012 - toddrme2178@gmail.com - Add python 3 package - Simplify vim plugin packaging -- Add suggests for vim and emacs in their respective +- Add suggests for vim and emacs in their respective packages - Removed test for obsolete openSUSE version diff --git a/python-Jinja2.spec b/python-Jinja2.spec index d935ebd..4027981 100644 --- a/python-Jinja2.spec +++ b/python-Jinja2.spec @@ -1,7 +1,7 @@ # # spec file for package python-Jinja2 # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,7 +16,6 @@ # -%define skip_python2 1 %ifarch %{ix86} armv7l %bcond_with test %else @@ -24,16 +23,18 @@ %endif %{?sle15_python_module_pythons} Name: python-Jinja2 -Version: 3.1.2 +Version: 3.1.4 Release: 0 Summary: A template engine written in pure Python License: BSD-3-Clause URL: https://jinja.palletsprojects.com -Source: https://files.pythonhosted.org/packages/source/J/Jinja2/Jinja2-%{version}.tar.gz +Source: https://files.pythonhosted.org/packages/source/J/Jinja2/jinja2-%{version}.tar.gz BuildRequires: %{python_module MarkupSafe >= 0.23} BuildRequires: %{python_module base >= 3.7} +BuildRequires: %{python_module flit-core} +BuildRequires: %{python_module pip} BuildRequires: %{python_module pytest} -BuildRequires: %{python_module setuptools} +BuildRequires: %{python_module wheel} BuildRequires: dos2unix BuildRequires: fdupes BuildRequires: python-rpm-macros @@ -51,25 +52,27 @@ inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. %prep -%setup -q -n Jinja2-%{version} -dos2unix LICENSE.rst # Fix wrong EOL encoding +%setup -q -n jinja2-%{version} %build -%python_build +%pyproject_wheel %install -%python_install +%pyproject_install %python_expand %fdupes %{buildroot}%{$python_sitelib} %check %if %{with test} -%pytest -W ignore:'Support for nose tests is deprecated' +# Test broken with latest version of MarkupSafe (2.1.4) +# gh#pallets/jinja#1930, gh#pallets/markupsafe#417 +donttest="test_striptags" +%pytest -W ignore:'Support for nose tests is deprecated' -k "not ($donttest)" %endif %files %{python_files} -%license LICENSE.rst -%doc README.rst CHANGES.rst artwork examples +%license LICENSE.txt +%doc README.md docs/changes.rst docs/examples %{python_sitelib}/jinja2 -%{python_sitelib}/Jinja2-%{version}-py%{python_version}.egg-info +%{python_sitelib}/jinja2-%{version}.dist-info %changelog