Accepting request 694206 from devel:languages:python

OBS-URL: https://build.opensuse.org/request/show/694206 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-Jinja2?expand=0&rev=34
2019-04-19 16:36:56 +00:00
parent 09bc184ac9 08a1273b8f
commit 2d3f3ad072
4 changed files with 25 additions and 12 deletions
--- a/Jinja2-2.10.1.tar.gz
+++ b/Jinja2-2.10.1.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:065c4f02ebe7f7cf559e49ee5a95fb800a9e4528727aec6f24402a5374c65013
+size 260956
--- a/Jinja2-2.10.tar.gz
+++ b/Jinja2-2.10.tar.gz
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:f84be1bb0040caca4cea721fcbbbbd61f9be9464ca236387158b0feea01914a4
-size 261631
--- a/python-Jinja2.changes
+++ b/python-Jinja2.changes
@@ -1,3 +1,16 @@
+-------------------------------------------------------------------
+Sat Apr 13 16:46:23 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
+
+- Trim bias from descriptions. Make sure % is escaped.
+
+-------------------------------------------------------------------
+Sat Apr 13 03:06:31 UTC 2019 - Arun Persaud <arun@gmx.de>
+
+- update to version 2.10.1 (bsc#1132323, CVE-2019-10906):
+  * "SandboxedEnvironment" securely handles "str.format_map" in order
+    to prevent code execution through untrusted format strings.  The
+    sandbox already handled "str.format".
+
 -------------------------------------------------------------------
 Tue Feb 19 03:45:55 UTC 2019 - John Vandenberg <jayvdb@gmail.com>

--- a/python-Jinja2.spec
+++ b/python-Jinja2.spec
@@ -19,9 +19,9 @@
 %{?!python_module:%define python_module() python-%{**} python3-%{**}}
 %define oldpython python
 Name:           python-Jinja2
-Version:        2.10
+Version:        2.10.1
 Release:        0
-Summary:        A fast and easy to use template engine written in pure Python
+Summary:        A template engine written in pure Python
 License:        BSD-3-Clause
 Group:          Development/Languages/Python
 URL:            http://jinja.pocoo.org/
@@ -45,15 +45,15 @@ Jinja2 is a template engine written in pure Python.  It provides a Django
 inspired non-XML syntax but supports inline expressions and an optional
 sandboxed environment.  Here a small example of a Jinja template:

-    {% extends 'base.html' %}
-    {% block title %}Memberlist{% endblock %}
-    {% block content %}
+    {%% extends 'base.html' %%}
+    {%% block title %%}Memberlist{%% endblock %%}
+    {%% block content %%}
      <ul>
-      {% for user in users %}
+      {%% for user in users %%}
        <li><a href="{{ user.url }}">{{ user.username }}</a></li>
-      {% endfor %}
+      {%% endfor %%}
      </ul>
-    {% endblock %}
+    {%% endblock %%}

 %package -n python-Jinja2-vim
 Summary:        Jinja2 syntax files for Vim
@@ -95,7 +95,7 @@ install -Dm644 ext/jinja.el %{buildroot}%{_datadir}/emacs/site-lisp/jinja.el # I
 %endif

 %check
-%python_exec -m pytest
+%pytest

 %files %{python_files}
 %license LICENSE