- Update jinja2 to 3.1.5

2025-01-15 10:25:45 +03:00 · 2025-01-15 10:25:45 +03:00 · 42ba2b95db
commit 42ba2b95db
parent 3e7b877292
4 changed files with 7 additions and 71 deletions
--- a/.fence-agents.metadata
+++ b/.fence-agents.metadata
@ -1,4 +1,4 @@
-a9db54d91b53f76f546afa1414dd015c0574ebeb SOURCES/Jinja2-3.1.3.tar.gz
+6399fa2cf3e71269d1b0e6b59434616fd4c9d142 SOURCES/Jinja2-3.1.5.tar.gz
 e1b766b2b1601fde67b3b19ed2f13b9746bb1cca SOURCES/MarkupSafe-2.0.1.tar.gz
 e1fb5dc6f95a85e7d1f93c6701b331201e8b5479 SOURCES/PyJWT-2.1.0-py3-none-any.whl
 53fc16036940089ceadd4127381e40fd6106a7ed SOURCES/PyYAML-5.1.tar.gz
--- a/.gitignore
+++ b/.gitignore
@ -1,4 +1,4 @@
-SOURCES/Jinja2-3.1.3.tar.gz
+SOURCES/Jinja2-3.1.5.tar.gz
 SOURCES/MarkupSafe-2.0.1.tar.gz
 SOURCES/PyJWT-2.1.0-py3-none-any.whl
 SOURCES/PyYAML-5.1.tar.gz
--- a/SOURCES/RHEL-35649-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch
+++ b/SOURCES/RHEL-35649-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch
@ -1,65 +0,0 @@
 From d655030770081e2dfe46f90e27620472a502289d Mon Sep 17 00:00:00 2001
 From: David Lord <davidism@gmail.com>
 Date: Thu, 2 May 2024 09:14:00 -0700
 Subject: [PATCH] disallow invalid characters in keys to xmlattr filter
 ---
 CHANGES.rst           |  6 ++++++
 src/jinja2/filters.py | 22 +++++++++++++++++-----
 tests/test_filters.py | 11 ++++++-----
 3 files changed, 29 insertions(+), 10 deletions(-)
 diff --git a/kubevirt/jinja2/filters.py b/kubevirt/jinja2/filters.py
 index 4cf3c11fb..acd11976e 100644
 --- a/kubevirt/jinja2/filters.py
 +++ b/kubevirt/jinja2/filters.py
@@ -250,7 +250,9 @@ def do_items(value: t.Union[t.Mapping[K, V], Undefined]) -> t.Iterator[t.Tuple[K
     yield from value.items()
 -_space_re = re.compile(r"\s", flags=re.ASCII)
 +# Check for characters that would move the parser state from key to value.
 +# https://html.spec.whatwg.org/#attribute-name-state
 +_attr_key_re = re.compile(r"[\s/>=]", flags=re.ASCII)
 @pass_eval_context
@@ -259,8 +261,14 @@ def do_xmlattr(
 ) -> str:
     """Create an SGML/XML attribute string based on the items in a dict.
 -    If any key contains a space, this fails with a ``ValueError``. Values that
 -    are neither ``none`` nor ``undefined`` are automatically escaped.
 +    **Values** that are neither ``none`` nor ``undefined`` are automatically
 +    escaped, safely allowing untrusted user input.
 +
 +    User input should not be used as **keys** to this filter. If any key
 +    contains a space, ``/`` solidus, ``>`` greater-than sign, or ``=`` equals
 +    sign, this fails with a ``ValueError``. Regardless of this, user input
 +    should never be used as keys to this filter, or must be separately validated
 +    first.
     .. sourcecode:: html+jinja
@@ -280,6 +288,10 @@ def do_xmlattr(
     As you can see it automatically prepends a space in front of the item
     if the filter returned something unless the second parameter is false.
 +    .. versionchanged:: 3.1.4
 +        Keys with ``/`` solidus, ``>`` greater-than sign, or ``=`` equals sign
 +        are not allowed.
 +
     .. versionchanged:: 3.1.3
         Keys with spaces are not allowed.
     """
@@ -289,8 +301,8 @@ def do_xmlattr(
         if value is None or isinstance(value, Undefined):
             continue
 -        if _space_re.search(key) is not None:
 -            raise ValueError(f"Spaces are not allowed in attributes: '{key}'")
 +        if _attr_key_re.search(key) is not None:
 +            raise ValueError(f"Invalid character in attribute name: {key!r}")
         items.append(f'{escape(key)}="{escape(value)}"')
--- a/SPECS/fence-agents.spec
+++ b/SPECS/fence-agents.spec
@ -38,7 +38,7 @@
 %global websocketclient 	websocket-client
 %global websocketclient_version 1.2.1
 %global jinja2			Jinja2
-%global jinja2_version		3.1.3
+%global jinja2_version		3.1.5
 %global markupsafe		MarkupSafe
 %global markupsafe_version	2.0.1
 %global stringutils		string-utils
@ -57,7 +57,7 @@
 Name: fence-agents
 Summary: Set of unified programs capable of host isolation ("fencing")
 Version: 4.10.0
-Release: 76%{?alphatag:.%{alphatag}}%{?dist}.1.alma.1
+Release: 76%{?alphatag:.%{alphatag}}%{?dist}.4.alma.1
 License: GPLv2+ and LGPLv2+
 URL: https://github.com/ClusterLabs/fence-agents
 Source0: https://fedorahosted.org/releases/f/e/fence-agents/%{name}-%{version}.tar.gz
@ -262,7 +262,6 @@ Patch58: RHEL-59878-fence_scsi-only-preempt-once-for-mpath-devices.patch
 ### HA support libs/utils ###
 # all archs
 Patch1000: bz2217902-1-kubevirt-fix-bundled-dateutil-CVE-2007-4559.patch
 Patch1001: RHEL-35649-kubevirt-fix-bundled-jinja2-CVE-2024-34064.patch
 # cloud (x86_64 only)
 Patch2000: bz2217902-2-aws-awscli-azure-fix-bundled-dateutil-CVE-2007-4559.patch
 Patch2001: RHEL-43562-fix-bundled-urllib3-CVE-2024-37891.patch
@ -494,7 +493,6 @@ rm -rf kubevirt/rsa*
 # regular patch doesnt work in build-section
 pushd support
 /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH1000}
 /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=0 < %{PATCH1001}
 %ifarch x86_64
 /usr/bin/patch --no-backup-if-mismatch -p1 --fuzz=2 < %{PATCH2000}
@ -1535,6 +1533,9 @@ are located on corosync cluster nodes.
 %endif
 %changelog
 * Wed Jan 15 2025 Eduard Abdullin <eabdullin@almalinux.org> - 4.10.0-76.4.alma.1
 - Update jinja2 to 3.1.5
 * Tue Nov 12 2024 Eduard Abdullin <eabdullin@almalinux.org> - 4.10.0-76.1.alma.1
 - fence_scsi: preempt clears all devices on the mpath device,
 so only run it for the first device