diff --git a/.babel.metadata b/.babel.metadata
new file mode 100644
index 0000000..6b5396b
--- /dev/null
+++ b/.babel.metadata
@@ -0,0 +1 @@
+9adbd49864392713c6a3080aeb0a9e6432577277 SOURCES/Babel-2.5.1.tar.gz
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..57db03c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/Babel-2.5.1.tar.gz
diff --git a/SOURCES/CVE-2021-20095.patch b/SOURCES/CVE-2021-20095.patch
new file mode 100644
index 0000000..8b4c079
--- /dev/null
+++ b/SOURCES/CVE-2021-20095.patch
@@ -0,0 +1,128 @@
+diff --git a/babel/localedata.py b/babel/localedata.py
+index 4b6d3b6..080b723 100644
+--- a/babel/localedata.py
++++ b/babel/localedata.py
+@@ -13,6 +13,8 @@
+ """
+ 
+ import os
++import re
++import sys
+ import threading
+ from collections import MutableMapping
+ from itertools import chain
+@@ -33,6 +35,7 @@ def get_base_dir():
+ _cache = {}
+ _cache_lock = threading.RLock()
+ _dirname = os.path.join(get_base_dir(), 'locale-data')
++_windows_reserved_name_re = re.compile("^(con|prn|aux|nul|com[0-9]|lpt[0-9])$", re.I)
+ 
+ 
+ def normalize_locale(name):
+@@ -49,6 +52,22 @@ def normalize_locale(name):
+             return locale_id
+ 
+ 
++def resolve_locale_filename(name):
++    """
++    Resolve a locale identifier to a `.dat` path on disk.
++    """
++
++    # Clean up any possible relative paths.
++    name = os.path.basename(name)
++
++    # Ensure we're not left with one of the Windows reserved names.
++    if sys.platform == "win32" and _windows_reserved_name_re.match(os.path.splitext(name)[0]):
++        raise ValueError("Name %s is invalid on Windows" % name)
++
++    # Build the path.
++    return os.path.join(_dirname, '%s.dat' % name)
++
++
+ def exists(name):
+     """Check whether locale data is available for the given locale.
+ 
+@@ -60,7 +79,7 @@ def exists(name):
+         return False
+     if name in _cache:
+         return True
+-    file_found = os.path.exists(os.path.join(_dirname, '%s.dat' % name))
++    file_found = os.path.exists(resolve_locale_filename(name))
+     return True if file_found else bool(normalize_locale(name))
+ 
+ 
+@@ -102,6 +121,7 @@ def load(name, merge_inherited=True):
+     :raise `IOError`: if no locale data file is found for the given locale
+                       identifer, or one of the locales it inherits from
+     """
++    name = os.path.basename(name)
+     _cache_lock.acquire()
+     try:
+         data = _cache.get(name)
+@@ -119,7 +139,7 @@ def load(name, merge_inherited=True):
+                     else:
+                         parent = '_'.join(parts[:-1])
+                 data = load(parent).copy()
+-            filename = os.path.join(_dirname, '%s.dat' % name)
++            filename = resolve_locale_filename(name)
+             with open(filename, 'rb') as fileobj:
+                 if name != 'root' and merge_inherited:
+                     merge(data, pickle.load(fileobj))
+diff --git a/tests/test_localedata.py b/tests/test_localedata.py
+index 3599b21..173e7a3 100644
+--- a/tests/test_localedata.py
++++ b/tests/test_localedata.py
+@@ -11,12 +11,18 @@
+ # individuals. For the exact contribution history, see the revision
+ # history and logs, available at http://babel.edgewall.org/log/.
+ 
++import os
++import pickle
++import sys
++import tempfile
+ import unittest
+ import random
+ from operator import methodcaller
+ import sys
+ 
+-from babel import localedata, numbers
++import pytest
++
++from babel import localedata, Locale, UnknownLocaleError, numbers
+ 
+ class MergeResolveTestCase(unittest.TestCase):
+ 
+@@ -117,3 +123,33 @@ def test_locale_argument_acceptance():
+     assert normalized_locale == None
+     locale_exist = localedata.exists(['en_us', None])
+     assert locale_exist == False
++
++def test_locale_name_cleanup():
++    """
++    Test that locale identifiers are cleaned up to avoid directory traversal.
++    """
++    no_exist_name = os.path.join(tempfile.gettempdir(), "babel%d.dat" % random.randint(1, 99999))
++    with open(no_exist_name, "wb") as f:
++        pickle.dump({}, f)
++
++    try:
++        name = os.path.splitext(os.path.relpath(no_exist_name, localedata._dirname))[0]
++    except ValueError:
++        if sys.platform == "win32":
++            pytest.skip("unable to form relpath")
++        raise
++
++    assert not localedata.exists(name)
++    with pytest.raises(IOError):
++        localedata.load(name)
++    with pytest.raises(UnknownLocaleError):
++        Locale(name)
++
++
++@pytest.mark.skipif(sys.platform != "win32", reason="windows-only test")
++def test_reserved_locale_names():
++    for name in ("con", "aux", "nul", "prn", "com8", "lpt5"):
++        with pytest.raises(ValueError):
++            localedata.load(name)
++        with pytest.raises(ValueError):
++            Locale(name)
diff --git a/SOURCES/babel-2.3.4-remove-pytz-version.patch b/SOURCES/babel-2.3.4-remove-pytz-version.patch
new file mode 100644
index 0000000..9025179
--- /dev/null
+++ b/SOURCES/babel-2.3.4-remove-pytz-version.patch
@@ -0,0 +1,15 @@
+diff -up Babel-2.3.4/setup.py.orig Babel-2.3.4/setup.py
+--- Babel-2.3.4/setup.py.orig	2016-04-11 11:58:25.000000000 +0200
++++ Babel-2.3.4/setup.py	2016-04-25 13:35:54.458765892 +0200
+@@ -59,7 +59,10 @@ setup(
+         # This version identifier is currently necessary as
+         # pytz otherwise does not install on pip 1.4 or
+         # higher.
+-        'pytz>=0a',
++        ### But the version confuses setuptools 8 and higher so remove it in the
++        ### system package
++        #'pytz>=0a',
++        'pytz',
+     ],
+ 
+     cmdclass={'import_cldr': import_cldr},
diff --git a/SPECS/babel.spec b/SPECS/babel.spec
new file mode 100644
index 0000000..78fc79f
--- /dev/null
+++ b/SPECS/babel.spec
@@ -0,0 +1,396 @@
+%global srcname Babel
+%global sum Library for internationalizing Python applications
+
+# On fedora 24 and beyond we want to use the python3 version by default
+# (Only reason earlier versions aren't switched is that we didn't push it out
+# before the release)
+%if 0%{?fedora} >= 24 || 0%{?rhel} > 7
+%global default_python 3
+%else
+%global default_python 2
+%endif
+
+# There is some bootstrapping involved when upgrading Python 3
+# First of all we need babel (this package) to use sphinx
+# And pytest is at this point not yet ready
+%global bootstrap 0
+
+Name:           babel
+Version:        2.5.1
+Release:        6%{?dist}
+Summary:        Tools for internationalizing Python applications
+
+License:        BSD
+URL:            http://babel.pocoo.org/
+Source0:        https://files.pythonhosted.org/packages/source/B/%{srcname}/%{srcname}-%{version}.tar.gz
+Patch0:         babel-2.3.4-remove-pytz-version.patch
+
+# Fix CVE-2021-20095: relative path traversal allows an attacker to load
+# arbitrary locale files on disk and execute arbitrary code
+# Resolved upstream: https://github.com/python-babel/babel/pull/782/
+# CVE bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1955615
+Patch1:         CVE-2021-20095.patch
+
+BuildArch:      noarch
+
+%if 0%{?rhel} && 0%{?rhel} <= 7
+BuildRequires:  python2-devel
+BuildRequires:  python2-setuptools
+BuildRequires:  python2-pytz
+BuildRequires:  python2-pytest
+%endif
+BuildRequires:  python3-devel
+BuildRequires:  platform-python-setuptools
+%if !%{bootstrap}
+BuildRequires:  python3-pytz
+BuildRequires:  python3-pytest
+%endif
+
+# build the documentation
+BuildRequires:  make
+
+%if %{default_python} >= 3
+%if %{bootstrap}
+BuildRequires:  python2-sphinx
+%else
+BuildRequires:  python3-sphinx
+%endif
+Requires:       python3-babel
+Requires:       platform-python-setuptools
+%else
+BuildRequires:  python2-sphinx
+Requires:       python2-babel
+Requires:       python2-setuptools
+%endif
+
+
+%description
+Babel is composed of two major parts:
+
+* tools to build and work with gettext message catalogs
+
+* a Python interface to the CLDR (Common Locale Data Repository),
+  providing access to various locale display names, localized number
+  and date formatting, etc.
+
+%package -n python2-babel
+Summary:        %sum
+
+Requires:       python2-setuptools
+Requires:       pytz
+
+%{?python_provide:%python_provide python2-babel}
+
+%description -n python2-babel
+Babel is composed of two major parts:
+
+* tools to build and work with gettext message catalogs
+
+* a Python interface to the CLDR (Common Locale Data Repository),
+  providing access to various locale display names, localized number
+  and date formatting, etc.
+
+%package -n python3-babel
+Summary:        %sum
+
+Requires:       platform-python-setuptools
+Requires:       python3-pytz
+
+%{?python_provide:%python_provide python3-babel}
+
+%description -n python3-babel
+Babel is composed of two major parts:
+
+* tools to build and work with gettext message catalogs
+
+* a Python interface to the CLDR (Common Locale Data Repository),
+  providing access to various locale display names, localized number
+  and date formatting, etc.
+
+%package doc
+Summary:        Documentation for Babel
+Provides:       python-babel-doc = %{version}-%{release}
+Provides:       python2-babel-doc = %{version}-%{release}
+Provides:       python3-babel-doc = %{version}-%{release}
+
+%description doc
+Documentation for Babel
+
+%prep
+%autosetup -n %{srcname}-%{version} -p1
+
+%build
+%if 0%{?rhel} && 0%{?rhel} <= 7
+%py2_build
+%endif
+%py3_build
+
+BUILDDIR="$PWD/built-docs"
+rm -rf "$BUILDDIR"
+pushd docs
+make \
+%if %{default_python} >= 3 && !%{bootstrap}
+    SPHINXBUILD=sphinx-build-3 \
+%else
+    SPHINXBUILD=sphinx-build \
+%endif
+    BUILDDIR="$BUILDDIR" \
+    html
+popd
+rm -f "$BUILDDIR/html/.buildinfo"
+
+%install
+%if %{default_python} >= 3
+%if 0%{?rhel} && 0%{?rhel} <= 7
+%py2_install
+%endif
+%py3_install
+%else
+%py3_install
+%py2_install
+%endif
+
+%check
+
+# test_frontend needs python-freezegun
+rm tests/messages/test_frontend.py
+
+export TZ=America/New_York
+%if 0%{?rhel} && 0%{?rhel} <= 7
+%{__python2} -m pytest
+%endif
+%if !%{bootstrap}
+%{__python3} -m pytest
+%endif
+
+%files
+%doc CHANGES AUTHORS
+%license LICENSE
+%{_bindir}/pybabel
+
+%if 0%{?rhel} && 0%{?rhel} <= 7
+%files -n python2-babel
+%{python2_sitelib}/Babel-%{version}-py*.egg-info
+%{python2_sitelib}/babel
+%endif
+
+%files -n python3-babel
+%{python3_sitelib}/Babel-%{version}-py*.egg-info
+%{python3_sitelib}/babel
+
+%files doc
+%doc built-docs/html/*
+
+%changelog
+* Fri May 07 2021 Charalampos Stratakis <cstratak@redhat.com> - 2.5.1-6
+- Fix CVE-2021-20095
+Resolves: rhbz#1955615
+
+* Thu Mar 28 2019 Nils Philippsen <nils@redhat.com> - 2.5.1-5
+- make spec file work without %%rhel being defined
+
+* Tue Mar 26 2019 Nils Philippsen <nils@redhat.com> - 2.5.1-4
+- depend on platform-python-setuptools rather than python3-setuptools (#1650487)
+
+* Mon Jun 18 2018 Petr Viktorin <pviktori@redhat.com> - 2.5.1-3
+- Remove the freezegun dependency
+
+* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.5.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Fri Dec 15 2017 Felix Schwarz <fschwarz@fedoraproject.org> - 2.5.1-1
+- update to upstream version 2.5.1
+
+* Fri Dec 15 2017 Iryna Shcherbina <ishcherb@redhat.com> - 2.3.4-7
+- Update Python 2 dependency declarations to new packaging standards
+  (See https://fedoraproject.org/wiki/FinalizingFedoraSwitchtoPython3)
+
+* Wed Jul 26 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Fri Feb 10 2017 Fedora Release Engineering <releng@fedoraproject.org> - 2.3.4-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Tue Dec 13 2016 Miro Hrončok <mhroncok@redhat.com> - 2.3.4-4
+- Finish bootstrapping for Python 3.6
+
+* Tue Dec 13 2016 Miro Hrončok <mhroncok@redhat.com> - 2.3.4-3
+- Rebuild for Python 3.6
+- Add "bootstrap" conditions
+
+* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.3.4-2
+- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
+
+* Tue May 31 2016 Nils Philippsen <nils@redhat.com>
+- fix source URL
+
+* Mon Apr 25 2016 Nils Philippsen <nils@redhat.com> - 2.3.4-1
+- version 2.3.4
+- always build Python3 subpackages
+- remove obsolete packaging constructs
+- update to current Python packaging guidelines
+- build docs non-destructively
+- tag license file as %%license
+- use %%python_provide macro only if present
+- update remove-pytz-version patch
+- fix build dependencies
+- set TZ in %%check
+
+* Wed Feb 03 2016 Fedora Release Engineering <releng@fedoraproject.org> - 1.3-12
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Tue Nov 10 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3-11
+- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5
+
+* Fri Nov  6 2015 Toshio Kuratomi <toshio@fedoraproject.org> - 1.3-10
+- Also make sure that the babel package that has pybabel depends on the correct
+  packages (python2 packages on F23 or less and python3 packages on F24 and
+  greater.)
+
+* Wed Nov  4 2015 Toshio Kuratomi <toshio@fedoraproject.org> - 1.3-9
+- Install the python3 version of pybabel on Fedora 24+ to match with Fedora's
+  default python version
+
+* Wed Jun 17 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3-8
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Wed Dec 17 2014 Toshio Kuratomi <toshio@fedoraproject.org> - 1.3-7
+- Remove pytz version requirement in egginfo as it confuses newer setuptools
+
+* Mon Jun 30 2014 Toshio Kuratomi <toshio@fedoraproject.org> - 1.3-6
+- Change python-setuptools-devel BR into python-setuptools
+
+* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.3-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Wed May 28 2014 Kalev Lember <kalevlember@gmail.com> - 1.3-4
+- Rebuilt for https://fedoraproject.org/wiki/Changes/Python_3.4
+
+* Wed Apr 02 2014 Nils Philippsen <nils@redhat.com> - 1.3-3
+- fix dependencies (#1083470)
+
+* Sun Oct 06 2013 Felix Schwarz <fschwarz@fedoraproject.org> - 1.3-2
+- enable python3 subpackage
+
+* Wed Oct 02 2013 Felix Schwarz <fschwarz@fedoraproject.org> - 1.3-1
+- update to Babel 1.3
+- disabled %%check as it tries to download the CLDR
+
+* Sat Aug 03 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.6-9
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
+
+* Wed Jun 26 2013 Jeffrey C. Ollie <jeff@ocjtech.us> - 0.9.6-8
+- split documentation off to a separate subpackage
+
+* Wed Feb 13 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.6-7
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Thu Oct 18 2012 Nils Philippsen <nils@redhat.com> - 0.9.6-6
+- run tests in %%check
+- add pytz build requirement for tests
+
+* Sat Aug 04 2012 David Malcolm <dmalcolm@redhat.com> - 0.9.6-5
+- rebuild for https://fedoraproject.org/wiki/Features/Python_3.3
+
+* Wed Aug 01 2012 Felix Schwarz <felix.schwarz@oss.schwarz.eu> - 0.9.6-4
+- disable building of non-functional python3 subpackage (#761583)
+
+* Wed Jul 18 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.6-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Thu Jan 12 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Tue Jun 07 2011 Nils Philippsen <nils@redhat.com> - 0.9.6-1
+- version 0.9.6:
+  * Backport r493-494: documentation typo fixes.
+  * Make the CLDR import script work with Python 2.7.
+  * Fix various typos.
+  * Fixed Python 2.3 compatibility (ticket #146, #233).
+  * Sort output of list-locales.
+  * Make the POT-Creation-Date of the catalog being updated equal to
+    POT-Creation-Date of the template used to update (ticket #148).
+  * Use a more explicit error message if no option or argument (command) is
+    passed to pybabel (ticket #81).
+  * Keep the PO-Revision-Date if it is not the default value (ticket #148).
+  * Make --no-wrap work by reworking --width's default and mimic xgettext's
+    behaviour of always wrapping comments (ticket #145).
+  * Fixed negative offset handling of Catalog._set_mime_headers (ticket #165).
+  * Add --project and --version options for commandline (ticket #173).
+  * Add a __ne__() method to the Local class.
+  * Explicitly sort instead of using sorted() and don't assume ordering
+    (Python 2.3 and Jython compatibility).
+  * Removed ValueError raising for string formatting message checkers if the
+    string does not contain any string formattings (ticket #150).
+  * Fix Serbian plural forms (ticket #213).
+  * Small speed improvement in format_date() (ticket #216).
+  * Fix number formatting for locales where CLDR specifies alt or draft
+    items (ticket #217)
+  * Fix bad check in format_time (ticket #257, reported with patch and tests by
+    jomae)
+  * Fix so frontend.CommandLineInterface.run does not accumulate logging
+    handlers (#227, reported with initial patch by dfraser)
+  * Fix exception if environment contains an invalid locale setting (#200)
+- install python2 rather than python3 executable (#710880)
+
+* Mon Feb 07 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.5-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Thu Aug 26 2010 Jeffrey C. Ollie <jeff@ocjtech.us> - 0.9.5-3
+- Add python3 subpackage
+
+* Wed Jul 21 2010 David Malcolm <dmalcolm@redhat.com> - 0.9.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
+
+* Wed Apr  7 2010 Jeffrey C. Ollie <jeff@ocjtech.us> - 0.9.5-1
+- This release contains a small number of bugfixes over the 0.9.4
+- release.
+-
+- What's New:
+- -----------
+- * Fixed the case where messages containing square brackets would break
+-  with an unpack error
+- * Fuzzy matching regarding plurals should *NOT* be checked against
+-  len(message.id) because this is always 2, instead, it's should be
+-  checked against catalog.num_plurals (ticket #212).
+
+* Fri Jul 24 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.4-5
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Sat Mar 28 2009 Robert Scheck <robert@fedoraproject.org> - 0.9.4-4
+- Added missing requires to python-setuptools for pkg_resources
+
+* Mon Feb 23 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 0.9.4-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 0.9.4-2
+- Rebuild for Python 2.6
+
+* Mon Aug 25 2008 Jeffrey C. Ollie <jeff@ocjtech.us> - 0.9.4-1
+- Update to 0.9.4
+
+* Thu Jul 10 2008 Jeffrey C. Ollie <jeff@ocjtech.us> - 0.9.3-1
+- Update to 0.9.3
+
+* Sun Dec 16 2007 Jeffrey C. Ollie <jeff@ocjtech.us> - 0.9.1-1
+- Update to 0.9.1
+
+* Tue Aug 28 2007 Jeffrey C. Ollie <jeff@ocjtech.us> - 0.9-2
+- BR python-setuptools-devel
+
+* Mon Aug 27 2007 Jeffrey C. Ollie <jeff@ocjtech.us> - 0.9-1
+- Update to 0.9
+
+* Mon Jul  2 2007 Jeffrey C. Ollie <jeff@ocjtech.us> - 0.8.1-1
+- Update to 0.8.1
+- Remove upstreamed patch.
+
+* Fri Jun 29 2007 Jeffrey C. Ollie <jeff@ocjtech.us> - 0.8-3
+- Replace patch with one that actually applies.
+
+* Fri Jun 29 2007 Jeffrey C. Ollie <jeff@ocjtech.us> - 0.8-2
+- Apply upstream patch to rename command line script to "pybabel" - BZ#246208
+
+* Thu Jun 21 2007 Jeffrey C. Ollie <jeff@ocjtech.us> - 0.8-1
+- First version for Fedora
+