From ce38beab26a8e7434f863c3d143bf07fab980f53 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Aug 06 2019 11:04:25 +0000 Subject: import python-jinja2-2.7.2-4.el7 --- diff --git a/SOURCES/python-jinja2-lambda-to-dict.patch b/SOURCES/python-jinja2-lambda-to-dict.patch new file mode 100644 index 0000000..9d7723a --- /dev/null +++ b/SOURCES/python-jinja2-lambda-to-dict.patch @@ -0,0 +1,26 @@ +From 6179c02c91800d220de03006117afa5e6d60f0f6 Mon Sep 17 00:00:00 2001 +From: Peter Harris +Date: Fri, 23 Jan 2015 10:12:10 +0000 +Subject: [PATCH] Replace lambda for 'dict' in with dict itself + +lambda **kw: kw is not equivalent to the dict constructor. It is much less useful. +In particular it doesn't accept a sequence of pairs. +Why not put dict itself into the DEFAULT_NAMESPACE? +Principle of least surprise, etc. +--- + jinja2/defaults.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/jinja2/defaults.py b/jinja2/defaults.py +index a27cb80c..3717a722 100644 +--- a/jinja2/defaults.py ++++ b/jinja2/defaults.py +@@ -32,7 +32,7 @@ + from jinja2.tests import TESTS as DEFAULT_TESTS + DEFAULT_NAMESPACE = { + 'range': range_type, +- 'dict': lambda **kw: kw, ++ 'dict': dict, + 'lipsum': generate_lorem_ipsum, + 'cycler': Cycler, + 'joiner': Joiner diff --git a/SPECS/python-jinja2.spec b/SPECS/python-jinja2.spec index e823f41..6d12183 100644 --- a/SPECS/python-jinja2.spec +++ b/SPECS/python-jinja2.spec @@ -10,7 +10,7 @@ Name: python-jinja2 Version: 2.7.2 -Release: 3%{?dist} +Release: 4%{?dist} Summary: General purpose template engine Group: Development/Languages License: BSD @@ -23,6 +23,12 @@ Patch1: %{name}-align-jinjaext-with-compatibility-cleanups.patch # for discussion (not yet sent upstream) Patch2: python-jinja2-fix-CVE-2014-0012.patch +# Replace lambda for 'dict' with dict itself to support all dict constructors +# Backported from Jinja2 2.8 +# https://github.com/pallets/jinja/commit/6179c02c91800d220de03006117afa5e6d60f0f6 +# https://bugzilla.redhat.com/show_bug.cgi?id=1697237 +Patch3: python-jinja2-lambda-to-dict.patch + # Fix CVE-2016-10745 # Also bundling the EscapeFormatter class from markupsafe >= 0.21, as we don't ship # that version in RHEL7 and it's required for the CVE fix @@ -85,6 +91,7 @@ environments. %setup -q -n Jinja2-%{version} %patch1 -p1 %patch2 -p1 +%patch3 -p1 %patch4 -p1 # cleanup @@ -165,9 +172,13 @@ popd %changelog -* Thu May 02 2019 Charalampos Stratakis - 2.7.2-3 +* Thu May 02 2019 Charalampos Stratakis - 2.7.2-4 - Fix for CVE-2016-10745 -Resolves: rhbz#1701308 +Resolves: rhbz#1701309 + +* Wed Apr 10 2019 Miro HronĨok - 2.7.2-3 +- Replace lambda for 'dict' with dict itself to support all dict constructors +Resolves: rhbz#1697237 * Tue Jan 28 2014 Bohuslav Kabrda - 2.7.2-2 - Fix CVE-2014-0012.