Sync from SUSE:SLFO:Main python-Jinja2 revision 51fcc694bc22fd2fd20acd6b67cd74e7

2024-09-13 16:17:16 +02:00 · 2024-09-13 16:17:16 +02:00 · 5f30de9be5
commit 5f30de9be5
parent 15972f3741
4 changed files with 53 additions and 24 deletions
--- a/Jinja2-3.1.2.tar.gz
+++ b/Jinja2-3.1.2.tar.gz
--- a/jinja2-3.1.4.tar.gz
+++ b/jinja2-3.1.4.tar.gz
--- a/python-Jinja2.changes
+++ b/python-Jinja2.changes
@ -1,3 +1,28 @@
+-------------------------------------------------------------------
+Mon May  6 18:10:40 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 3.1.4 (bsc#1223980, CVE-2024-34064):
+  * The xmlattr filter does not allow keys with / solidus, >
+    greater-than sign, or = equals sign, in addition to disallowing
+    spaces. Regardless of any validation done by Jinja, user input
+    should never be used as keys to this filter, or must be separately
+    validated first.
+
+-------------------------------------------------------------------
+Mon Jan 29 10:10:29 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Disable broken test with latest version of MarkupSafe (2.1.4)
+  (gh#pallets/jinja#1930, gh#pallets/markupsafe#417)
+
+-------------------------------------------------------------------
+Fri Jan 12 09:35:16 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 3.1.3 (bsc#1218722, CVE-2024-22195):
+  * Fix compiler error when checking if required blocks in parent
+    templates are xmlattr filter does not allow keys with spaces.
+  * Make error messages stemming from invalid nesting of {% trans
+    %} blocks more helpful. :pr:`1916`
+
 -------------------------------------------------------------------
 Fri Apr 21 12:20:44 UTC 2023 - Dirk Müller <dmueller@suse.com>

@ -135,6 +160,7 @@ Tue Feb  9 15:42:40 UTC 2021 - Alexandros Toptsoglou <atoptsoglou@suse.com>
  * Improve the speed of the urlize filter by reducing regex backtracking.
    Email matching requires a word character at the start of the domain part
    and only word characters in the TLD (CVE-2020-28493 bsc#1181944).
+- drops CVE-2020-28493.patch in older dists

 -------------------------------------------------------------------
 Mon May  4 09:35:51 UTC 2020 - Johannes Grassler <johannes.grassler@suse.com>
--- a/python-Jinja2.spec
+++ b/python-Jinja2.spec
@ -1,7 +1,7 @@
 #
 # spec file for package python-Jinja2
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -16,7 +16,6 @@
 #


-%define skip_python2 1
 %ifarch %{ix86} armv7l
 %bcond_with test
 %else
@ -24,16 +23,18 @@
 %endif
 %{?sle15_python_module_pythons}
 Name:           python-Jinja2
-Version:        3.1.2
+Version:        3.1.4
 Release:        0
 Summary:        A template engine written in pure Python
 License:        BSD-3-Clause
 URL:            https://jinja.palletsprojects.com
-Source:         https://files.pythonhosted.org/packages/source/J/Jinja2/Jinja2-%{version}.tar.gz
+Source:         https://files.pythonhosted.org/packages/source/J/Jinja2/jinja2-%{version}.tar.gz
 BuildRequires:  %{python_module MarkupSafe >= 0.23}
 BuildRequires:  %{python_module base >= 3.7}
+BuildRequires:  %{python_module flit-core}
+BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module pytest}
-BuildRequires:  %{python_module setuptools}
+BuildRequires:  %{python_module wheel}
 BuildRequires:  dos2unix
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
@ -51,25 +52,27 @@ inspired non-XML syntax but supports inline expressions and an optional
 sandboxed environment.

 %prep
-%setup -q -n Jinja2-%{version}
-dos2unix LICENSE.rst # Fix wrong EOL encoding
+%setup -q -n jinja2-%{version}

 %build
-%python_build
+%pyproject_wheel

 %install
-%python_install
+%pyproject_install
 %python_expand %fdupes %{buildroot}%{$python_sitelib}

 %check
 %if %{with test}
-%pytest -W ignore:'Support for nose tests is deprecated'
+# Test broken with latest version of MarkupSafe (2.1.4)
+# gh#pallets/jinja#1930, gh#pallets/markupsafe#417
+donttest="test_striptags"
+%pytest -W ignore:'Support for nose tests is deprecated' -k "not ($donttest)"
 %endif

 %files %{python_files}
-%license LICENSE.rst
-%doc README.rst CHANGES.rst artwork examples
+%license LICENSE.txt
+%doc README.md docs/changes.rst docs/examples
 %{python_sitelib}/jinja2
-%{python_sitelib}/Jinja2-%{version}-py%{python_version}.egg-info
+%{python_sitelib}/jinja2-%{version}.dist-info

 %changelog