- Update jinja2 to 3.1.5

2025-01-15 10:25:45 +03:00 · 2025-01-15 10:25:45 +03:00 · 42ba2b95db
commit 42ba2b95db
parent 3e7b877292
4 changed files with 7 additions and 71 deletions
--- a/.fence-agents.metadata
+++ b/.fence-agents.metadata
@ -1,4 +1,4 @@
-a9db54d91b53f76f546afa1414dd015c0574ebeb SOURCES/Jinja2-3.1.3.tar.gz
+6399fa2cf3e71269d1b0e6b59434616fd4c9d142 SOURCES/Jinja2-3.1.5.tar.gz
 e1b766b2b1601fde67b3b19ed2f13b9746bb1cca SOURCES/MarkupSafe-2.0.1.tar.gz
 e1fb5dc6f95a85e7d1f93c6701b331201e8b5479 SOURCES/PyJWT-2.1.0-py3-none-any.whl
 53fc16036940089ceadd4127381e40fd6106a7ed SOURCES/PyYAML-5.1.tar.gz
--- a/.gitignore
+++ b/.gitignore
@ -1,4 +1,4 @@
-SOURCES/Jinja2-3.1.3.tar.gz
+SOURCES/Jinja2-3.1.5.tar.gz
 SOURCES/MarkupSafe-2.0.1.tar.gz
 SOURCES/PyJWT-2.1.0-py3-none-any.whl
 SOURCES/PyYAML-5.1.tar.gz
--- a/SOURCES/RHEL-35649-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch
+++ b/SOURCES/RHEL-35649-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch
@ -1,65 +0,0 @@
-From d655030770081e2dfe46f90e27620472a502289d Mon Sep 17 00:00:00 2001
-From: David Lord <davidism@gmail.com>
-Date: Thu, 2 May 2024 09:14:00 -0700
-Subject: [PATCH] disallow invalid characters in keys to xmlattr filter
-
---
- CHANGES.rst           |  6 ++++++
- src/jinja2/filters.py | 22 +++++++++++++++++-----
- tests/test_filters.py | 11 ++++++-----
- 3 files changed, 29 insertions(+), 10 deletions(-)
-
-diff --git a/kubevirt/jinja2/filters.py b/kubevirt/jinja2/filters.py
-index 4cf3c11fb..acd11976e 100644
--- a/kubevirt/jinja2/filters.py
-+++ b/kubevirt/jinja2/filters.py
-@@ -250,7 +250,9 @@ def do_items(value: t.Union[t.Mapping[K, V], Undefined]) -> t.Iterator[t.Tuple[K
-     yield from value.items()
- 
- 
-_space_re = re.compile(r"\s", flags=re.ASCII)
-+# Check for characters that would move the parser state from key to value.
-+# https://html.spec.whatwg.org/#attribute-name-state
-+_attr_key_re = re.compile(r"[\s/>=]", flags=re.ASCII)
- 
- 
- @pass_eval_context
-@@ -259,8 +261,14 @@ def do_xmlattr(
- ) -> str:
-     """Create an SGML/XML attribute string based on the items in a dict.
- 
-    If any key contains a space, this fails with a ``ValueError``. Values that
-    are neither ``none`` nor ``undefined`` are automatically escaped.
-+    **Values** that are neither ``none`` nor ``undefined`` are automatically
-+    escaped, safely allowing untrusted user input.
-+
-+    User input should not be used as **keys** to this filter. If any key
-+    contains a space, ``/`` solidus, ``>`` greater-than sign, or ``=`` equals
-+    sign, this fails with a ``ValueError``. Regardless of this, user input
-+    should never be used as keys to this filter, or must be separately validated
-+    first.
- 
-     .. sourcecode:: html+jinja
- 
-@@ -280,6 +288,10 @@ def do_xmlattr(
-     As you can see it automatically prepends a space in front of the item
-     if the filter returned something unless the second parameter is false.
- 
-+    .. versionchanged:: 3.1.4
-+        Keys with ``/`` solidus, ``>`` greater-than sign, or ``=`` equals sign
-+        are not allowed.
-+
-     .. versionchanged:: 3.1.3
-         Keys with spaces are not allowed.
-     """
-@@ -289,8 +301,8 @@ def do_xmlattr(
-         if value is None or isinstance(value, Undefined):
-             continue
- 
-        if _space_re.search(key) is not None:
-            raise ValueError(f"Spaces are not allowed in attributes: '{key}'")
-+        if _attr_key_re.search(key) is not None:
-+            raise ValueError(f"Invalid character in attribute name: {key!r}")
- 
-         items.append(f'{escape(key)}="{escape(value)}"')
- 
--- a/SPECS/fence-agents.spec
+++ b/SPECS/fence-agents.spec
@ -38,7 +38,7 @@
 %global websocketclient 	websocket-client
 %global websocketclient_version 1.2.1
 %global jinja2			Jinja2
-%global jinja2_version		3.1.3
+%global jinja2_version		3.1.5
 %global markupsafe		MarkupSafe
 %global markupsafe_version	2.0.1
 %global stringutils		string-utils
@ -57,7 +57,7 @@
 Name: fence-agents
 Summary: Set of unified programs capable of host isolation ("fencing")
 Version: 4.10.0
-Release: 76%{?alphatag:.%{alphatag}}%{?dist}.1.alma.1
+Release: 76%{?alphatag:.%{alphatag}}%{?dist}.4.alma.1
 License: GPLv2+ and LGPLv2+
 URL: https://github.com/ClusterLabs/fence-agents
 Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz
@ -262,7 +262,6 @@ Patch58: RHEL-59878-fence_scsi-only-preempt-once-for-mpath-devices.patch
 ### HA support libs/utils ###
 # all archs
 Patch1000: bz2217902-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch
-Patch1001: RHEL-35649-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch
 # cloud (x86_64 only)
 Patch2000: bz2217902-2-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch
 Patch2001: RHEL-43562-fix-bundled-urllib3-CVE-2024-37891.patch
@ -494,7 +493,6 @@ rm -rf kubevirt/rsa*
 # regular patch doesnt work in build-section
 pushd support
 /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH1000}
-/usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH1001}

 %ifarch x86_64
 /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH2000}
@ -1535,6 +1533,9 @@ are located on corosync cluster nodes.
 %endif

 %changelog
+* Wed Jan 15 2025 Eduard Abdullin <eabdullin@almalinux.org> - 4.10.0-76.4.alma.1
+- Update jinja2 to 3.1.5
+
 * Tue Nov 12 2024 Eduard Abdullin <eabdullin@almalinux.org> - 4.10.0-76.1.alma.1
 - fence_scsi: preempt clears all devices on the mpath device,
 so only run it for the first device