From 3e785a3c5f71bdc41bb66c622ff3faddde3408d644c557f0c896709be25406cd Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Mon, 6 May 2024 18:11:54 +0000 Subject: [PATCH] - update to 3.1.4 (bsc#1223980, CVE-2024-34064): * The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-Jinja2?expand=0&rev=110 --- Jinja2-3.1.3.tar.gz | 3 --- jinja2-3.1.4.tar.gz | 3 +++ python-Jinja2.changes | 10 ++++++++++ python-Jinja2.spec | 22 +++++++++++----------- 4 files changed, 24 insertions(+), 14 deletions(-) delete mode 100644 Jinja2-3.1.3.tar.gz create mode 100644 jinja2-3.1.4.tar.gz diff --git a/Jinja2-3.1.3.tar.gz b/Jinja2-3.1.3.tar.gz deleted file mode 100644 index ec9b62a..0000000 --- a/Jinja2-3.1.3.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:ac8bd6544d4bb2c9792bf3a159e80bba8fda7f07e81bc3aed565432d5925ba90 -size 268261 diff --git a/jinja2-3.1.4.tar.gz b/jinja2-3.1.4.tar.gz new file mode 100644 index 0000000..617efb2 --- /dev/null +++ b/jinja2-3.1.4.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:4a3aee7acbbe7303aede8e9648d13b8bf88a429282aa6122a993f0ac800cb369 +size 240245 diff --git a/python-Jinja2.changes b/python-Jinja2.changes index ca12fc5..559f166 100644 --- a/python-Jinja2.changes +++ b/python-Jinja2.changes @@ -1,3 +1,13 @@ +------------------------------------------------------------------- +Mon May 6 18:10:40 UTC 2024 - Dirk Müller + +- update to 3.1.4 (bsc#1223980, CVE-2024-34064): + * The xmlattr filter does not allow keys with / solidus, > + greater-than sign, or = equals sign, in addition to disallowing + spaces. Regardless of any validation done by Jinja, user input + should never be used as keys to this filter, or must be separately + validated first. + ------------------------------------------------------------------- Mon Jan 29 10:10:29 UTC 2024 - Daniel Garcia diff --git a/python-Jinja2.spec b/python-Jinja2.spec index c4832c0..4027981 100644 --- a/python-Jinja2.spec +++ b/python-Jinja2.spec @@ -16,7 +16,6 @@ # -%define skip_python2 1 %ifarch %{ix86} armv7l %bcond_with test %else @@ -24,16 +23,18 @@ %endif %{?sle15_python_module_pythons} Name: python-Jinja2 -Version: 3.1.3 +Version: 3.1.4 Release: 0 Summary: A template engine written in pure Python License: BSD-3-Clause URL: https://jinja.palletsprojects.com -Source: https://files.pythonhosted.org/packages/source/J/Jinja2/Jinja2-%{version}.tar.gz +Source: https://files.pythonhosted.org/packages/source/J/Jinja2/jinja2-%{version}.tar.gz BuildRequires: %{python_module MarkupSafe >= 0.23} BuildRequires: %{python_module base >= 3.7} +BuildRequires: %{python_module flit-core} +BuildRequires: %{python_module pip} BuildRequires: %{python_module pytest} -BuildRequires: %{python_module setuptools} +BuildRequires: %{python_module wheel} BuildRequires: dos2unix BuildRequires: fdupes BuildRequires: python-rpm-macros @@ -51,14 +52,13 @@ inspired non-XML syntax but supports inline expressions and an optional sandboxed environment. %prep -%setup -q -n Jinja2-%{version} -dos2unix LICENSE.rst # Fix wrong EOL encoding +%setup -q -n jinja2-%{version} %build -%python_build +%pyproject_wheel %install -%python_install +%pyproject_install %python_expand %fdupes %{buildroot}%{$python_sitelib} %check @@ -70,9 +70,9 @@ donttest="test_striptags" %endif %files %{python_files} -%license LICENSE.rst -%doc README.rst CHANGES.rst artwork examples +%license LICENSE.txt +%doc README.md docs/changes.rst docs/examples %{python_sitelib}/jinja2 -%{python_sitelib}/Jinja2-%{version}-py%{python_version}.egg-info +%{python_sitelib}/jinja2-%{version}.dist-info %changelog