.fmf/version

@@ -0,0 +1 @@
+1

.gitignore

@@ -1 +1 @@
-SOURCES/Jinja2-2.11.3.tar.gz
+/Jinja2-*.tar.gz

.python-jinja2.metadata

@@ -1 +0,0 @@
-034173d87c9c5d1c2000f337be45b582dc0eb172 SOURCES/Jinja2-2.11.3.tar.gz

0001-add-linetable-to-the-preserved-CodeType-attributes-1.patch

@@ -0,0 +1,27 @@
+From 9a99db929323f60553b391c80d0395821121d593 Mon Sep 17 00:00:00 2001
+From: Thomas Moschny <thomas.moschny@gmx.de>
+Date: Tue, 19 Jan 2021 21:01:18 +0100
+Subject: [PATCH] add 'linetable' to the preserved CodeType attributes (#1334)
+
+add 'linetable' to the preserved CodeType attributes
+
+co_linetable replaces co_lnotab as part of PEP 626 in Python 3.10.
+---
+ src/jinja2/debug.py | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/jinja2/debug.py b/src/jinja2/debug.py
+index 5d8aec3..e256617 100644
+--- a/src/jinja2/debug.py
++++ b/src/jinja2/debug.py
+@@ -137,6 +137,7 @@ def fake_traceback(exc_value, tb, filename, lineno):
+             "lnotab",
+             "freevars",
+             "cellvars",
++            "linetable",  # Python 3.10
+         ):
+             if isinstance(attr, tuple):
+                 # Replace with given value.
+-- 
+2.29.2
+

0002-native_concat-pass-only-strings-to-literal_eval.patch

@@ -0,0 +1,49 @@
+From 58250a709532ccb3e6d92ca65b3d305d1464cb68 Mon Sep 17 00:00:00 2001
+From: Martin Krizek <martin.krizek@gmail.com>
+Date: Thu, 28 Jan 2021 10:08:50 +0100
+Subject: [PATCH] native_concat: pass only strings to literal_eval
+
+If there is only single node and it is not a string, there is no point
+in passing it into ``literal_eval``, just return it immediately.
+
+One of the examples where passing a non-string node into
+``literal_eval`` would actually cause problems is when the node is
+``Undefined``. On Python 3.10 this would cause ``UndefinedError``
+instead of just ``Undefined`` being returned.
+
+Fixes #1335
+---
+ CHANGES.rst               | 3 +++
+ src/jinja2/nativetypes.py | 2 ++
+ 2 files changed, 5 insertions(+)
+
+diff --git a/CHANGES.rst b/CHANGES.rst
+index 511b22b..a8a66ea 100644
+--- a/CHANGES.rst
++++ b/CHANGES.rst
+@@ -8,6 +8,9 @@ Released 2021-01-31
+ -   Improve the speed of the ``urlize`` filter by reducing regex
+     backtracking. Email matching requires a word character at the start
+     of the domain part, and only word characters in the TLD. :pr:`1343`
++-   Fix UndefinedError incorrectly being thrown on an undefined variable
++    instead of ``Undefined`` being returned on
++    ``NativeEnvironment`` on Python 3.10. :issue:`1335`
+ 
+ 
+ Version 2.11.2
+diff --git a/src/jinja2/nativetypes.py b/src/jinja2/nativetypes.py
+index a9ead4e..2fee17f 100644
+--- a/src/jinja2/nativetypes.py
++++ b/src/jinja2/nativetypes.py
+@@ -26,6 +26,8 @@ def native_concat(nodes):
+ 
+     if len(head) == 1:
+         raw = head[0]
++        if not isinstance(raw, str):
++            return raw
+     else:
+         raw = u"".join([text_type(v) for v in chain(head, nodes)])
+ 
+-- 
+2.29.2
+

0003-CVE-2024-22195.patch

@@ -0,0 +1,77 @@
+From d9835bd39a630ea74f719e1c76765ca2ec89f2f2 Mon Sep 17 00:00:00 2001
+From: Calum Hutton <calum.hutton@snyk.io>
+Date: Thu, 26 Oct 2023 12:08:53 +0100
+Subject: [PATCH] xmlattr filter disallows keys with spaces
+
+---
+ src/jinja2/filters.py | 26 +++++++++++++++++++-------
+ tests/test_filters.py |  6 ++++++
+ 2 files changed, 25 insertions(+), 7 deletions(-)
+
+diff --git a/src/jinja2/filters.py b/src/jinja2/filters.py
+index 74b108d..49f7d39 100644
+--- a/src/jinja2/filters.py
++++ b/src/jinja2/filters.py
+@@ -205,11 +205,15 @@ def do_lower(s):
+     return soft_unicode(s).lower()
+ 
+ 
++_space_re = re.compile(r"\s", flags=re.ASCII)
++
++
+ @evalcontextfilter
+ def do_xmlattr(_eval_ctx, d, autospace=True):
+     """Create an SGML/XML attribute string based on the items in a dict.
+-    All values that are neither `none` nor `undefined` are automatically
+-    escaped:
++
++    If any key contains a space, this fails with a ``ValueError``. Values that
++    are neither ``none`` nor ``undefined`` are automatically escaped.
+ 
+     .. sourcecode:: html+jinja
+ 
+@@ -229,11 +233,19 @@ def do_xmlattr(_eval_ctx, d, autospace=True):
+     As you can see it automatically prepends a space in front of the item
+     if the filter returned something unless the second parameter is false.
+     """
+-    rv = u" ".join(
+-        u'%s="%s"' % (escape(key), escape(value))
+-        for key, value in iteritems(d)
+-        if value is not None and not isinstance(value, Undefined)
+-    )
++    items = []
++
++    for key, value in d.items():
++        if value is None or isinstance(value, Undefined):
++            continue
++
++        if _space_re.search(key) is not None:
++            raise ValueError(f"Spaces are not allowed in attributes: '{key}'")
++
++        items.append(f'{escape(key)}="{escape(value)}"')
++
++    rv = " ".join(items)
++
+     if autospace and rv:
+         rv = u" " + rv
+     if _eval_ctx.autoescape:
+diff --git a/tests/test_filters.py b/tests/test_filters.py
+index 388c346..6e697f3 100644
+--- a/tests/test_filters.py
++++ b/tests/test_filters.py
+@@ -440,6 +440,12 @@ class TestFilter(object):
+         assert 'bar="23"' in out
+         assert 'blub:blub="&lt;?&gt;"' in out
+ 
++    def test_xmlattr_key_with_spaces(self, env):
++        with pytest.raises(ValueError, match="Spaces are not allowed"):
++            env.from_string(
++                "{{ {'src=1 onerror=alert(1)': 'my_class'}|xmlattr }}"
++            ).render()
++
+     def test_sort1(self, env):
+         tmpl = env.from_string("{{ [2, 3, 1]|sort }}|{{ [2, 3, 1]|sort(true) }}")
+         assert tmpl.render() == "[1, 2, 3]|[3, 2, 1]"
+-- 
+2.43.0
+

0004-CVE-2024-34064.patch

@@ -0,0 +1,77 @@
+From 7597efd51e740313e7e1ad08c3600dc49ce3981d Mon Sep 17 00:00:00 2001
+From: David Lord <davidism@gmail.com>
+Date: Tue, 7 May 2024 14:56:46 +0200
+Subject: [PATCH] disallow invalid characters in keys to xmlattr filter
+
+---
+ src/jinja2/filters.py | 18 +++++++++++++-----
+ tests/test_filters.py | 11 ++++++-----
+ 2 files changed, 19 insertions(+), 10 deletions(-)
+
+diff --git a/src/jinja2/filters.py b/src/jinja2/filters.py
+index 49f7d39..6d4f348 100644
+--- a/src/jinja2/filters.py
++++ b/src/jinja2/filters.py
+@@ -205,15 +205,23 @@ def do_lower(s):
+     return soft_unicode(s).lower()
+ 
+ 
+-_space_re = re.compile(r"\s", flags=re.ASCII)
++# Check for characters that would move the parser state from key to value.
++# https://html.spec.whatwg.org/#attribute-name-state
++_attr_key_re = re.compile(r"[\s/>=]", flags=re.ASCII)
+ 
+ 
+ @evalcontextfilter
+ def do_xmlattr(_eval_ctx, d, autospace=True):
+     """Create an SGML/XML attribute string based on the items in a dict.
+ 
+-    If any key contains a space, this fails with a ``ValueError``. Values that
+-    are neither ``none`` nor ``undefined`` are automatically escaped.
++    **Values** that are neither ``none`` nor ``undefined`` are automatically
++    escaped, safely allowing untrusted user input.
++
++    User input should not be used as **keys** to this filter. If any key
++    contains a space, ``/`` solidus, ``>`` greater-than sign, or ``=`` equals
++    sign, this fails with a ``ValueError``. Regardless of this, user input
++    should never be used as keys to this filter, or must be separately validated
++    first.
+ 
+     .. sourcecode:: html+jinja
+ 
+@@ -239,8 +247,8 @@ def do_xmlattr(_eval_ctx, d, autospace=True):
+         if value is None or isinstance(value, Undefined):
+             continue
+ 
+-        if _space_re.search(key) is not None:
+-            raise ValueError(f"Spaces are not allowed in attributes: '{key}'")
++        if _attr_key_re.search(key) is not None:
++            raise ValueError(f"Invalid character in attribute name: {key!r}")
+ 
+         items.append(f'{escape(key)}="{escape(value)}"')
+ 
+diff --git a/tests/test_filters.py b/tests/test_filters.py
+index 6e697f3..f0dc1b1 100644
+--- a/tests/test_filters.py
++++ b/tests/test_filters.py
+@@ -440,11 +440,12 @@ class TestFilter(object):
+         assert 'bar="23"' in out
+         assert 'blub:blub="&lt;?&gt;"' in out
+ 
+-    def test_xmlattr_key_with_spaces(self, env):
+-        with pytest.raises(ValueError, match="Spaces are not allowed"):
+-            env.from_string(
+-                "{{ {'src=1 onerror=alert(1)': 'my_class'}|xmlattr }}"
+-            ).render()
++    @pytest.mark.parametrize("sep", ("\t", "\n", "\f", " ", "/", ">", "="))
++    def test_xmlattr_key_invalid(self, env: Environment, sep: str) -> None:
++        with pytest.raises(ValueError, match="Invalid character"):
++            env.from_string("{{ {key: 'my_class'}|xmlattr }}").render(
++                key=f"class{sep}onclick=alert(1)"
++            )
+ 
+     def test_sort1(self, env):
+         tmpl = env.from_string("{{ [2, 3, 1]|sort }}|{{ [2, 3, 1]|sort(true) }}")
+-- 
+2.45.0
+

0005-CVE-2024-56326.patch

@@ -0,0 +1,151 @@
+From c3ea7d7def695cf09a07117b808da47639833954 Mon Sep 17 00:00:00 2001
+From: Lumir Balhar <lbalhar@redhat.com>
+Date: Wed, 22 Jan 2025 11:48:06 +0100
+Subject: [PATCH] CVE-2024-56326
+
+---
+ src/jinja2/sandbox.py  | 65 +++++++++++++++++++++++-------------------
+ tests/test_security.py | 17 +++++++++++
+ 2 files changed, 53 insertions(+), 29 deletions(-)
+
+diff --git a/src/jinja2/sandbox.py b/src/jinja2/sandbox.py
+index cfd7993..da26866 100644
+--- a/src/jinja2/sandbox.py
++++ b/src/jinja2/sandbox.py
+@@ -6,6 +6,7 @@ import operator
+ import types
+ import warnings
+ from collections import deque
++from functools import update_wrapper
+ from string import Formatter
+ 
+ from markupsafe import EscapeFormatter
+@@ -153,16 +154,6 @@ class _MagicFormatMapping(abc.Mapping):
+         return len(self._kwargs)
+ 
+ 
+-def inspect_format_method(callable):
+-    if not isinstance(
+-        callable, (types.MethodType, types.BuiltinMethodType)
+-    ) or callable.__name__ not in ("format", "format_map"):
+-        return None
+-    obj = callable.__self__
+-    if isinstance(obj, string_types):
+-        return obj
+-
+-
+ def safe_range(*args):
+     """A range that can't generate ranges with a length of more than
+     MAX_RANGE items.
+@@ -394,6 +385,9 @@ class SandboxedEnvironment(Environment):
+                     except AttributeError:
+                         pass
+                     else:
++                        fmt = self.wrap_str_format(value)
++                        if fmt is not None:
++                            return fmt
+                         if self.is_safe_attribute(obj, argument, value):
+                             return value
+                         return self.unsafe_undefined(obj, argument)
+@@ -411,6 +405,9 @@ class SandboxedEnvironment(Environment):
+             except (TypeError, LookupError):
+                 pass
+         else:
++            fmt = self.wrap_str_format(value)
++            if fmt is not None:
++                return fmt
+             if self.is_safe_attribute(obj, attribute, value):
+                 return value
+             return self.unsafe_undefined(obj, attribute)
+@@ -426,34 +423,44 @@ class SandboxedEnvironment(Environment):
+             exc=SecurityError,
+         )
+ 
+-    def format_string(self, s, args, kwargs, format_func=None):
+-        """If a format call is detected, then this is routed through this
+-        method so that our safety sandbox can be used for it.
++    def wrap_str_format(self, value):
++        """If the given value is a ``str.format`` or ``str.format_map`` method,
++        return a new function than handles sandboxing. This is done at access
++        rather than in :meth:`call`, so that calls made without ``call`` are
++        also sandboxed.
+         """
+-        if isinstance(s, Markup):
+-            formatter = SandboxedEscapeFormatter(self, s.escape)
++        if not isinstance(
++            value, (types.MethodType, types.BuiltinMethodType)
++        ) or value.__name__ not in ("format", "format_map"):
++            return None
++        f_self = value.__self__
++        if not isinstance(f_self, str):
++            return None
++        str_type = type(f_self)
++        is_format_map = value.__name__ == "format_map"
++        if isinstance(f_self, Markup):
++            formatter = SandboxedEscapeFormatter(self, escape=f_self.escape)
+         else:
+             formatter = SandboxedFormatter(self)
+ 
+-        if format_func is not None and format_func.__name__ == "format_map":
+-            if len(args) != 1 or kwargs:
+-                raise TypeError(
+-                    "format_map() takes exactly one argument %d given"
+-                    % (len(args) + (kwargs is not None))
+-                )
++        vformat = formatter.vformat
++        def wrapper(*args, **kwargs):
++            if is_format_map:
++                if kwargs:
++                    raise TypeError("format_map() takes no keyword arguments")
++                if len(args) != 1:
++                    raise TypeError(
++                        f"format_map() takes exactly one argument ({len(args)} given)"
++                    )
++                kwargs = args[0]
++                args = ()
+ 
+-            kwargs = args[0]
+-            args = None
++            return str_type(vformat(f_self, args, kwargs))
+ 
+-        kwargs = _MagicFormatMapping(args, kwargs)
+-        rv = formatter.vformat(s, args, kwargs)
+-        return type(s)(rv)
++        return update_wrapper(wrapper, value)
+ 
+     def call(__self, __context, __obj, *args, **kwargs):  # noqa: B902
+         """Call an object from sandboxed code."""
+-        fmt = inspect_format_method(__obj)
+-        if fmt is not None:
+-            return __self.format_string(fmt, args, kwargs, __obj)
+ 
+         # the double prefixes are to avoid double keyword argument
+         # errors when proxying the call.
+diff --git a/tests/test_security.py b/tests/test_security.py
+index 7e8974c..2e2af69 100644
+--- a/tests/test_security.py
++++ b/tests/test_security.py
+@@ -208,3 +208,20 @@ class TestStringFormatMap(object):
+             '{{ ("a{x.foo}b{y}"|safe).format_map({"x":{"foo": 42}, "y":"<foo>"}) }}'
+         )
+         assert t.render() == "a42b&lt;foo&gt;"
++
++    def test_indirect_call(self):
++        def run(value, arg):
++            return value.run(arg)
++
++        env = SandboxedEnvironment()
++        env.filters["run"] = run
++        t = env.from_string(
++            """{% set
++                ns = namespace(run="{0.__call__.__builtins__[__import__]}".format)
++            %}
++            {{ ns | run(not_here) }}
++            """
++        )
++
++        with pytest.raises(SecurityError):
++            t.render()
+-- 
+2.48.0
+

0006-CVE-2025-27516.patch

@@ -0,0 +1,87 @@
+From c630659347e6824a303e63a7706c23d248bf17cc Mon Sep 17 00:00:00 2001
+From: Lumir Balhar <lbalhar@redhat.com>
+Date: Wed, 26 Mar 2025 21:51:37 +0100
+Subject: [PATCH] CVE-2025-27516
+
+---
+ src/jinja2/filters.py  | 34 ++++++++++++++++------------------
+ tests/test_security.py | 10 ++++++++++
+ 2 files changed, 26 insertions(+), 18 deletions(-)
+
+diff --git a/src/jinja2/filters.py b/src/jinja2/filters.py
+index 6d4f348..bc6cab3 100644
+--- a/src/jinja2/filters.py
++++ b/src/jinja2/filters.py
+@@ -5,6 +5,7 @@ import random
+ import re
+ import warnings
+ from collections import namedtuple
++from inspect import getattr_static
+ from itertools import chain
+ from itertools import groupby
+ 
+@@ -1067,28 +1068,25 @@ def do_reverse(value):
+ 
+ @environmentfilter
+ def do_attr(environment, obj, name):
+-    """Get an attribute of an object.  ``foo|attr("bar")`` works like
+-    ``foo.bar`` just that always an attribute is returned and items are not
+-    looked up.
++    """Get an attribute of an object. ``foo|attr("bar")`` works like
++    ``foo.bar``, but returns undefined instead of falling back to ``foo["bar"]``
++    if the attribute doesn't exist.
+ 
+     See :ref:`Notes on subscriptions <notes-on-subscriptions>` for more details.
+     """
++    # Environment.getattr will fall back to obj[name] if obj.name doesn't exist.
++    # But we want to call env.getattr to get behavior such as sandboxing.
++    # Determine if the attr exists first, so we know the fallback won't trigger.
+     try:
+-        name = str(name)
+-    except UnicodeError:
+-        pass
+-    else:
+-        try:
+-            value = getattr(obj, name)
+-        except AttributeError:
+-            pass
+-        else:
+-            if environment.sandboxed and not environment.is_safe_attribute(
+-                obj, name, value
+-            ):
+-                return environment.unsafe_undefined(obj, name)
+-            return value
+-    return environment.undefined(obj=obj, name=name)
++        # This avoids executing properties/descriptors, but misses __getattr__
++        # and __getattribute__ dynamic attrs.
++        getattr_static(obj, name)
++    except AttributeError:
++        # This finds dynamic attrs, and we know it's not a descriptor at this point.
++        if not hasattr(obj, name):
++            return environment.undefined(obj=obj, name=name)
++
++    return environment.getattr(obj, name)
+ 
+ 
+ @contextfilter
+diff --git a/tests/test_security.py b/tests/test_security.py
+index 2e2af69..c1c71df 100644
+--- a/tests/test_security.py
++++ b/tests/test_security.py
+@@ -225,3 +225,13 @@ class TestStringFormatMap(object):
+ 
+         with pytest.raises(SecurityError):
+             t.render()
++
++    def test_attr_filter(self) -> None:
++        env = SandboxedEnvironment()
++        t = env.from_string(
++            """{{ "{0.__call__.__builtins__[__import__]}"
++                  | attr("format")(not_here) }}"""
++        )
++
++        with pytest.raises(SecurityError):
++            t.render()
+-- 
+2.49.0
+

gating.yaml

@@ -0,0 +1,6 @@
+--- !Policy
+product_versions:
+  - rhel-9
+decision_context: osci_compose_gate
+rules:
+  - !PassingTestCaseRule {test_case_name: osci.brew-build.tier0.functional}

plans.fmf

@@ -0,0 +1,4 @@
+discover:
+    how: fmf
+execute:
+    how: tmt

python-jinja2.spec

@@ -2,12 +2,34 @@
 
 Name:           python-jinja2
 Version:        2.11.3
-Release:        1%{?dist}
+Release:        8%{?dist}
 Summary:        General purpose template engine
 License:        BSD
 URL:            https://palletsprojects.com/p/jinja/
 Source0:        %{pypi_source}
+# cherry-picked patches to build with Python 3.10 (#1907442)
+Patch1:         0001-add-linetable-to-the-preserved-CodeType-attributes-1.patch
+Patch2:         0002-native_concat-pass-only-strings-to-literal_eval.patch
 
+# Security fix for CVE-2024-22195
+# Resolved upstream: https://github.com/pallets/jinja/commit/7dd3680e6eea0d77fde024763657aa4d884ddb23
+Patch3:         0003-CVE-2024-22195.patch
+
+# Security fix for CVE-2024-34064
+# Resolved upstream: https://github.com/pallets/jinja/commit/0668239dc6b44ef38e7a6c9f91f312fd4ca581cb
+Patch4:         0004-CVE-2024-34064.patch
+
+# Security fix for CVE-2024-56326
+# Resolved upstream: https://github.com/pallets/jinja/commit/91a972f5808973cd441f4dc06873b2f8378f30c7
+# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=2333856
+# Patch backported from upstream without changelog and typing.
+Patch5:         0005-CVE-2024-56326.patch
+
+# Security fix for CVE-2025-27516
+# Resolved upstream: https://github.com/pallets/jinja/commit/90457bbf33b8662926ae65cdde4c4c32e756e403
+# Tracking bug: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2025-27516
+# Patch backported from upstream without changelog.
+Patch6:         0006-CVE-2025-27516.patch
 
 %if 0%{?fedora} || 0%{?rhel} > 7
 # Enable python3 build by default
@@ -16,15 +38,14 @@ Source0:        %{pypi_source}
 %bcond_with python3
 %endif
 
-%if 0%{?rhel} > 7
+%if 0%{?fedora} > 33 || 0%{?rhel} > 7
 # Disable python2 build by default
 %bcond_with python2
 %else
 %bcond_without python2
 %endif
 
-# Enable building without docs to avoid a circular dependency between this
-# and python-sphinx:
+# No docs in RHEL 9: https://bugzilla.redhat.com/show_bug.cgi?id=1944567
 %bcond_with docs
 
 %if 0%{?fedora} || 0%{?rhel} > 7
@@ -34,10 +55,6 @@ Source0:        %{pypi_source}
 %endif
 
 BuildArch:      noarch
-# Exclude i686 arch. Due to a modularity issue it's being added to the
-# x86_64 compose of CRB, but we don't want to ship it at all.
-# See: https://projects.engineering.redhat.com/browse/RCM-72605
-ExcludeArch:    i686
 
 %description
 Jinja2 is a template engine written in pure Python.  It provides a
@@ -77,27 +94,26 @@ environments.
 
 
 %if %{with python3}
-%package -n python%{python3_pkgversion}-jinja2
+%package -n python3-jinja2
 Summary:        General purpose template engine for python3
-BuildRequires:  python%{python3_pkgversion}-devel
-BuildRequires:  python%{python3_pkgversion}-setuptools
-BuildRequires:  python%{python3_pkgversion}-babel >= 0.8
-BuildRequires:  python%{python3_pkgversion}-markupsafe >= 0.23
-BuildRequires:  python%{python3_pkgversion}-pytest
-BuildRequires:  python%{python3_pkgversion}-rpm-macros
+BuildRequires:  python3-devel
+BuildRequires:  python3-setuptools
+BuildRequires:  python3-babel >= 0.8
+BuildRequires:  python3-markupsafe >= 0.23
+BuildRequires:  python3-pytest
 %if %{with docs}
-BuildRequires:  %{_bindir}/sphinx-build-3.8
+BuildRequires:  %{_bindir}/sphinx-build-3
 BuildRequires:  make
-BuildRequires:  python%{python3_pkgversion}-Pallets-Sphinx-Themes
-BuildRequires:  python%{python3_pkgversion}-sphinxcontrib-log-cabinet
-BuildRequires:  python%{python3_pkgversion}-sphinx-issues
+BuildRequires:  python3-Pallets-Sphinx-Themes
+BuildRequires:  python3-sphinxcontrib-log-cabinet
+BuildRequires:  python3-sphinx-issues
 %endif
-Requires:       python%{python3_pkgversion}-babel >= 0.8
-Requires:       python%{python3_pkgversion}-markupsafe >= 0.23
-Requires:       python%{python3_pkgversion}-setuptools
-%{?python_provide:%python_provide python%{python3_pkgversion}-jinja2}
+Requires:       python3-babel >= 0.8
+Requires:       python3-markupsafe >= 0.23
+Requires:       python3-setuptools
+%{?python_provide:%python_provide python3-jinja2}
 
-%description -n python%{python3_pkgversion}-jinja2
+%description -n python3-jinja2
 Jinja2 is a template engine written in pure Python.  It provides a
 Django inspired non-XML syntax but supports inline expressions and an
 optional sandboxed environment.
@@ -124,7 +140,7 @@ find . -name '*.pyo' -o -name '*.pyc' -delete
 %if %{with python3}
 %py3_build
 %if %{with docs}
-make -C docs html PYTHONPATH=$(pwd) SPHINXBUILD=sphinx-build-3
+make -C docs html PYTHONPATH=$(pwd)/src SPHINXBUILD=sphinx-build-3
 # remove hidden file
 rm -rf docs/_build/html/.buildinfo
 %endif # with docs
@@ -153,7 +169,7 @@ rm %{buildroot}%{python3_sitelib}/jinja2/asyncfilters.py
 
 %check
 %if %{with python3}
-PYTHONPATH=%{buildroot}%{python3_sitelib} %{__python3} -m pytest tests
+PYTHONPATH=$(pwd)/src %{__python3} -m pytest tests
 %endif # with python3
 
 
@@ -166,13 +182,13 @@ PYTHONPATH=%{buildroot}%{python3_sitelib} %{__python3} -m pytest tests
 %if %{with docs}
 %doc docs/_build/html
 %endif
-%{python2_sitelib}/jinja2
-%{python2_sitelib}/Jinja2-%{version}-py?.?.egg-info
+%{python2_sitelib}/jinja2/
+%{python2_sitelib}/Jinja2-*.egg-info/
 %endif # with python2
 
 
 %if %{with python3}
-%files -n python%{python3_pkgversion}-jinja2
+%files -n python3-jinja2
 %doc CHANGES.rst
 %doc ext
 %doc examples
@@ -180,27 +196,78 @@ PYTHONPATH=%{buildroot}%{python3_sitelib} %{__python3} -m pytest tests
 %if %{with docs}
 %doc docs/_build/html
 %endif
-%{python3_sitelib}/jinja2
-%{python3_sitelib}/Jinja2-%{version}-py?.?.egg-info
+%{python3_sitelib}/jinja2/
+%{python3_sitelib}/Jinja2-*.egg-info/
 %endif # with python3
 
 
 %changelog
-* Fri May 20 2022 Maxwell G <gotmax@e.email> - 2.11.3-1
+* Wed Mar 26 2025 Lumír Balhar <lbalhar@redhat.com> - 2.11.3-8
+- Security fix for CVE-2025-27516
+Resolves: RHEL-85063
+
+* Wed Jan 22 2025 Lumír Balhar <lbalhar@redhat.com> - 2.11.3-7
+- Security fix for CVE-2024-56326
+Resolves: RHEL-74690
+
+* Tue May 07 2024 Lumír Balhar <lbalhar@redhat.com> - 2.11.3-6
+- Security fix for CVE-2024-34064
+Resolves: RHEL-35653
+
+* Tue Jan 30 2024 Charalampos Stratakis <cstratak@redhat.com> - 2.11.3-5
+- Security fix for CVE-2024-22195
+Resolves: RHEL-21349
+
+* Tue Aug 10 2021 Mohan Boddu <mboddu@redhat.com> - 2.11.3-4
+- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
+  Related: rhbz#1991688
+
+* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.11.3-3
+- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
+
+* Tue Apr 13 2021 Miro Hrončok <mhroncok@redhat.com> - 2.11.3-2
+- Disable documentation
+- Resolves: rhbz#1944567
+
+* Sat Feb  6 2021 Thomas Moschny <thomas.moschny@gmx.de> - 2.11.3-1
 - Update to 2.11.3.
-- Fix URL.
-- Remove patch that is included in this release.
-Resolves: rhbz#2086141.
+- Add patches to build with Python 3.10 (#1907442).
 
-* Fri Mar 12 2021 Lumír Balhar <lbalhar@redhat.com> - 2.10.3-5
-- Fix CVE-2020-28493: ReDOS vulnerability due to the sub-pattern
-Resolves: rhbz#1928707
+* Wed Jan 27 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2.11.2-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
 
-* Fri Dec 13 2019 Tomas Orsava <torsava@redhat.com> - 2.10.3-4
-- Exclude unsupported i686 arch
+* Mon Dec 21 2020 Miro Hrončok <mhroncok@redhat.com> - 2.11.2-7
+- Drop python2-jinja2 on Fedora 34+
 
-* Wed Nov 20 2019 Lumír Balhar <lbalhar@redhat.com> - 2.10.3-3
-- Adjusted for Python 3.8 module in RHEL 8
+* Wed Jul 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.11.2-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
+
+* Sun May 24 2020 Miro Hrončok <mhroncok@redhat.com> - 2.11.2-5
+- Rebuilt for Python 3.9
+
+* Fri May 22 2020 Miro Hrončok <mhroncok@redhat.com> - 2.11.2-4
+- Bootstrap for Python 3.9
+
+* Fri May 22 2020 Thomas Moschny <thomas.moschny@gmx.de> - 2.11.2-3
+- Re-add python2 subpackage (#1832057).
+
+* Wed May  6 2020 Thomas Moschny <thomas.moschny@gmx.de> - 2.11.2-2
+- Drop python2 subpackage from F33 on (#1832057).
+
+* Wed Apr 15 2020 Thomas Moschny <thomas.moschny@gmx.de> - 2.11.2-1
+- Re-add dependency on python-setuptools.
+
+* Wed Apr 15 2020 Dan Horák <dan[at]danny.cz> - 2.11.2-1
+- Update to 2.11.2
+
+* Mon Apr 06 2020 Igor Raits <ignatenkobrain@fedoraproject.org> - 2.11.1-2
+- Drop unneeded R: pythonX-setuptools
+
+* Sat Feb  8 2020 Thomas Moschny <thomas.moschny@gmx.de> - 2.11.1-1
+- Update to 2.11.1.
+
+* Thu Jan 30 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2.10.3-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
 
 * Wed Nov 20 2019 Thomas Moschny <thomas.moschny@gmx.de> - 2.10.3-2
 - Add missing BR on make.

sources

@@ -0,0 +1 @@
+SHA512 (Jinja2-2.11.3.tar.gz) = fce4f835795fe9afb622f8106f60344032a811f3f693806f31ba482f9b7c1400f93dfa1701b4db0b472cbed4b0793cb329778c8091811ef0e3b577150d28e004

tests/smoke.fmf

@@ -0,0 +1,7 @@
+description: |
+    Runs very simple jinja2 template which should always work
+test: python3 smoke.py
+framework: shell
+require:
+- python3
+- python3-jinja2

tests/smoke.py

@@ -0,0 +1,9 @@
+import jinja2
+
+
+TEMPLATE = "Text {{ variable }}"
+
+environment = jinja2.Environment()
+template = environment.from_string(TEMPLATE)
+output = template.render(variable="demo")
+assert output == "Text demo", f"got: {output}"