From b530fcfc022ca9b10b87556a8d7bfb168ae2e89c Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Tue, 8 Nov 2022 01:45:26 -0500
Subject: [PATCH] import python-jinja2-2.11.3-1.module+el8.7.0+15575+d005caff

---
 .gitignore                   |   2 +-
 .python-jinja2.metadata      |   2 +-
 SOURCES/CVE-2020-28493.patch | 133 -----------------------------------
 SPECS/python-jinja2.spec     |  19 ++---
 4 files changed, 12 insertions(+), 144 deletions(-)
 delete mode 100644 SOURCES/CVE-2020-28493.patch

diff --git a/.gitignore b/.gitignore
index 5baafd7..3676349 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-SOURCES/Jinja2-2.10.3.tar.gz
+SOURCES/Jinja2-2.11.3.tar.gz
diff --git a/.python-jinja2.metadata b/.python-jinja2.metadata
index 668504d..3a4d536 100644
--- a/.python-jinja2.metadata
+++ b/.python-jinja2.metadata
@@ -1 +1 @@
-fbb6a03ad01b766d816650147d1fccfc145de9e0 SOURCES/Jinja2-2.10.3.tar.gz
+034173d87c9c5d1c2000f337be45b582dc0eb172 SOURCES/Jinja2-2.11.3.tar.gz
diff --git a/SOURCES/CVE-2020-28493.patch b/SOURCES/CVE-2020-28493.patch
deleted file mode 100644
index bec09e2..0000000
--- a/SOURCES/CVE-2020-28493.patch
+++ /dev/null
@@ -1,133 +0,0 @@
-From 42d67347988a9d09b940d550f1ffa32a8d7e43b2 Mon Sep 17 00:00:00 2001
-From: Lumir Balhar <lbalhar@redhat.com>
-Date: Fri, 12 Mar 2021 16:04:15 +0100
-Subject: [PATCH] CVE-2020-28493
-
----
- jinja2/utils.py | 94 +++++++++++++++++++++++++++++--------------------
- 1 file changed, 56 insertions(+), 38 deletions(-)
-
-diff --git a/jinja2/utils.py b/jinja2/utils.py
-index db9c5d0..6ab77f7 100644
---- a/jinja2/utils.py
-+++ b/jinja2/utils.py
-@@ -12,24 +12,12 @@ import re
- import json
- import errno
- from collections import deque
-+from string import ascii_letters as _letters
-+from string import digits as _digits
- from threading import Lock
- from jinja2._compat import text_type, string_types, implements_iterator, \
-      url_quote, abc
- 
--
--_word_split_re = re.compile(r'(\s+)')
--_punctuation_re = re.compile(
--    '^(?P<lead>(?:%s)*)(?P<middle>.*?)(?P<trail>(?:%s)*)$' % (
--        '|'.join(map(re.escape, ('(', '<', '&lt;'))),
--        '|'.join(map(re.escape, ('.', ',', ')', '>', '\n', '&gt;')))
--    )
--)
--_simple_email_re = re.compile(r'^\S+@[a-zA-Z0-9._-]+\.[a-zA-Z0-9._-]+$')
--_striptags_re = re.compile(r'(<!--.*?-->|<[^>]*>)')
--_entity_re = re.compile(r'&([^;]+);')
--_letters = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
--_digits = '0123456789'
--
- # special singleton representing missing values for the runtime
- missing = type('MissingType', (), {'__repr__': lambda x: 'missing'})()
- 
-@@ -203,35 +191,65 @@ def urlize(text, trim_url_limit=None, rel=None, target=None):
-     trim_url = lambda x, limit=trim_url_limit: limit is not None \
-                          and (x[:limit] + (len(x) >=limit and '...'
-                          or '')) or x
--    words = _word_split_re.split(text_type(escape(text)))
-+    words = re.split(r"(\s+)", text_type(escape(text)))
-     rel_attr = rel and ' rel="%s"' % text_type(escape(rel)) or ''
-     target_attr = target and ' target="%s"' % escape(target) or ''
- 
-     for i, word in enumerate(words):
--        match = _punctuation_re.match(word)
-+        head, middle, tail = "", word, ""
-+        match = re.match(r"^([(<]|&lt;)+", middle)
-+
-         if match:
--            lead, middle, trail = match.groups()
--            if middle.startswith('www.') or (
--                '@' not in middle and
--                not middle.startswith('http://') and
--                not middle.startswith('https://') and
--                len(middle) > 0 and
--                middle[0] in _letters + _digits and (
--                    middle.endswith('.org') or
--                    middle.endswith('.net') or
--                    middle.endswith('.com')
--                )):
--                middle = '<a href="http://%s"%s%s>%s</a>' % (middle,
--                    rel_attr, target_attr, trim_url(middle))
--            if middle.startswith('http://') or \
--               middle.startswith('https://'):
--                middle = '<a href="%s"%s%s>%s</a>' % (middle,
--                    rel_attr, target_attr, trim_url(middle))
--            if '@' in middle and not middle.startswith('www.') and \
--               not ':' in middle and _simple_email_re.match(middle):
--                middle = '<a href="mailto:%s">%s</a>' % (middle, middle)
--            if lead + middle + trail != word:
--                words[i] = lead + middle + trail
-+            head = match.group()
-+            middle = middle[match.end() :]
-+
-+        # Unlike lead, which is anchored to the start of the string,
-+        # need to check that the string ends with any of the characters
-+        # before trying to match all of them, to avoid backtracking.
-+        if middle.endswith((")", ">", ".", ",", "\n", "&gt;")):
-+            match = re.search(r"([)>.,\n]|&gt;)+$", middle)
-+
-+            if match:
-+                tail = match.group()
-+                middle = middle[: match.start()]
-+
-+        if middle.startswith("www.") or (
-+            "@" not in middle
-+            and not middle.startswith("http://")
-+            and not middle.startswith("https://")
-+            and len(middle) > 0
-+            and middle[0] in _letters + _digits
-+            and (
-+                middle.endswith(".org")
-+                or middle.endswith(".net")
-+                or middle.endswith(".com")
-+            )
-+        ):
-+            middle = '<a href="http://%s"%s%s>%s</a>' % (
-+                middle,
-+                rel_attr,
-+                target_attr,
-+                trim_url(middle),
-+            )
-+
-+        if middle.startswith("http://") or middle.startswith("https://"):
-+            middle = '<a href="%s"%s%s>%s</a>' % (
-+                middle,
-+                rel_attr,
-+                target_attr,
-+                trim_url(middle),
-+            )
-+
-+        if (
-+            "@" in middle
-+            and not middle.startswith("www.")
-+            and ":" not in middle
-+            and re.match(r"^\S@\w[\w.-]*\.\w$", middle)
-+        ):
-+            middle = '<a href="mailto:%s">%s</a>' % (middle, middle)
-+
-+        words[i] = head + middle + tail
-+
-     return u''.join(words)
- 
- 
--- 
-2.29.2
-
diff --git a/SPECS/python-jinja2.spec b/SPECS/python-jinja2.spec
index a6a27dc..334ebec 100644
--- a/SPECS/python-jinja2.spec
+++ b/SPECS/python-jinja2.spec
@@ -1,18 +1,13 @@
 %global srcname Jinja2
 
 Name:           python-jinja2
-Version:        2.10.3
-Release:        5%{?dist}
+Version:        2.11.3
+Release:        1%{?dist}
 Summary:        General purpose template engine
 License:        BSD
-URL:            http://jinja.pocoo.org/
+URL:            https://palletsprojects.com/p/jinja/
 Source0:        %{pypi_source}
 
-# CVE-2020-28493: ReDOS vulnerability due to the sub-pattern
-# The patch is rebased to the old project structure.
-# Upstream commit: https://github.com/pallets/jinja/pull/1343/commits/ef658dc3b6389b091d608e710a810ce8b87995b3
-# Tracking bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1928707
-Patch0:         CVE-2020-28493.patch
 
 %if 0%{?fedora} || 0%{?rhel} > 7
 # Enable python3 build by default
@@ -158,7 +153,7 @@ rm %{buildroot}%{python3_sitelib}/jinja2/asyncfilters.py
 
 %check
 %if %{with python3}
-%{__python3} -m pytest tests
+PYTHONPATH=%{buildroot}%{python3_sitelib} %{__python3} -m pytest tests
 %endif # with python3
 
 
@@ -191,6 +186,12 @@ rm %{buildroot}%{python3_sitelib}/jinja2/asyncfilters.py
 
 
 %changelog
+* Fri May 20 2022 Maxwell G <gotmax@e.email> - 2.11.3-1
+- Update to 2.11.3.
+- Fix URL.
+- Remove patch that is included in this release.
+Resolves: rhbz#2086141.
+
 * Fri Mar 12 2021 Lumír Balhar <lbalhar@redhat.com> - 2.10.3-5
 - Fix CVE-2020-28493: ReDOS vulnerability due to the sub-pattern
 Resolves: rhbz#1928707