diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..e502645
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+SOURCES/Jinja2-2.7.2.tar.gz
diff --git a/.python-jinja2.metadata b/.python-jinja2.metadata
new file mode 100644
index 0000000..7b5ebf1
--- /dev/null
+++ b/.python-jinja2.metadata
@@ -0,0 +1 @@
+1ce4c8bc722444ec3e77ef9db76faebbd17a40d8 SOURCES/Jinja2-2.7.2.tar.gz
diff --git a/SOURCES/python-jinja2-align-jinjaext-with-compatibility-cleanups.patch b/SOURCES/python-jinja2-align-jinjaext-with-compatibility-cleanups.patch
new file mode 100644
index 0000000..e95d938
--- /dev/null
+++ b/SOURCES/python-jinja2-align-jinjaext-with-compatibility-cleanups.patch
@@ -0,0 +1,25 @@
+From 99d0f3165ace0befd9eafd661be6e0c23d5f9ba5 Mon Sep 17 00:00:00 2001
+From: Gabi Davar <grizzly.nyo@gmail.com>
+Date: Fri, 16 Aug 2013 16:18:35 +0300
+Subject: [PATCH] align jinjaext with the rest of the computability cleanups
+
+---
+ docs/jinjaext.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/docs/jinjaext.py b/docs/jinjaext.py
+index 8395a55..3c217f8 100644
+--- a/docs/jinjaext.py
++++ b/docs/jinjaext.py
+@@ -23,7 +23,7 @@
+ from pygments.token import Keyword, Name, Comment, String, Error, \
+ Number, Operator, Generic
+ from jinja2 import Environment, FileSystemLoader
+-from jinja2.utils import next
++from jinja2._compat import next
+
+
+ def parse_rst(state, content_offset, doc):
+--
+1.8.1.6
+
diff --git a/SOURCES/python-jinja2-fix-CVE-2014-0012.patch b/SOURCES/python-jinja2-fix-CVE-2014-0012.patch
new file mode 100644
index 0000000..7ba16db
--- /dev/null
+++ b/SOURCES/python-jinja2-fix-CVE-2014-0012.patch
@@ -0,0 +1,27 @@
+diff --git a/jinja2/bccache.py b/jinja2/bccache.py
+index 09ff845..c31a905 100644
+--- a/jinja2/bccache.py
++++ b/jinja2/bccache.py
+@@ -16,6 +16,7 @@
+ """
+ from os import path, listdir
+ import os
++import stat
+ import sys
+ import errno
+ import marshal
+@@ -230,6 +231,14 @@ class FileSystemBytecodeCache(BytecodeCache):
+ if e.errno != errno.EEXIST:
+ raise
+
++ if os.lstat(actual_dir).st_uid != os.getuid():
++ raise RuntimeError('Someone else owns temp directory with your '
++ 'uid. You need to explicitly provide another.')
++
++ if stat.S_IMODE(os.lstat(actual_dir).st_mode) != 448:
++ raise RuntimeError('Bad permission flags on temp directory, '
++ 'shoud be 0700. You need to fix this.')
++
+ return actual_dir
+
+ def _get_cache_filename(self, bucket):
diff --git a/SOURCES/python-jinja2-fix-CVE-2016-10745.patch b/SOURCES/python-jinja2-fix-CVE-2016-10745.patch
new file mode 100644
index 0000000..143b67e
--- /dev/null
+++ b/SOURCES/python-jinja2-fix-CVE-2016-10745.patch
@@ -0,0 +1,218 @@
+diff --git a/jinja2/nodes.py b/jinja2/nodes.py
+index c5697e6..9465943 100644
+--- a/jinja2/nodes.py
++++ b/jinja2/nodes.py
+@@ -599,7 +599,7 @@ class Call(Expr):
+
+ def as_const(self, eval_ctx=None):
+ eval_ctx = get_eval_context(self, eval_ctx)
+- if eval_ctx.volatile:
++ if eval_ctx.volatile or eval_ctx.environment.sandboxed:
+ raise Impossible()
+ obj = self.node.as_const(eval_ctx)
+
+diff --git a/jinja2/sandbox.py b/jinja2/sandbox.py
+index da479c1..7e31a7a 100644
+--- a/jinja2/sandbox.py
++++ b/jinja2/sandbox.py
+@@ -12,12 +12,19 @@
+ :copyright: (c) 2010 by the Jinja Team.
+ :license: BSD.
+ """
++import types
+ import operator
++from collections import Mapping
+ from jinja2.environment import Environment
+ from jinja2.exceptions import SecurityError
+ from jinja2._compat import string_types, function_type, method_type, \
+- traceback_type, code_type, frame_type, generator_type, PY2
++ traceback_type, code_type, frame_type, generator_type, text_type, PY2
++from jinja2.utils import Markup
+
++has_format = False
++if hasattr(text_type, 'format'):
++ from string import Formatter
++ has_format = True
+
+ #: maximum number of items a range may produce
+ MAX_RANGE = 100000
+@@ -32,6 +39,12 @@ UNSAFE_METHOD_ATTRIBUTES = set(['im_class', 'im_func', 'im_self'])
+ #: unsafe generator attirbutes.
+ UNSAFE_GENERATOR_ATTRIBUTES = set(['gi_frame', 'gi_code'])
+
++#: unsafe attributes on coroutines
++UNSAFE_COROUTINE_ATTRIBUTES = set(['cr_frame', 'cr_code'])
++
++#: unsafe attributes on async generators
++UNSAFE_ASYNC_GENERATOR_ATTRIBUTES = set(['ag_code', 'ag_frame'])
++
+ # On versions > python 2 the special attributes on functions are gone,
+ # but they remain on methods and generators for whatever reason.
+ if not PY2:
+@@ -92,6 +105,79 @@ _mutable_spec = (
+ ]))
+ )
+
++# Bundled EscapeFormatter class from markupsafe >= 0.21 which is used by
++# jinja2 for fixing CVE-2016-10745
++# Copyright 2010 Pallets
++# BSD 3-Clause License
++# https://github.com/pallets/markupsafe/blob/79ee6ce0ed93c6da73512f069d7db866d955df04/LICENSE.rst
++if hasattr(text_type, "format"):
++
++ class EscapeFormatter(Formatter):
++ def __init__(self, escape):
++ self.escape = escape
++
++ def format_field(self, value, format_spec):
++ if hasattr(value, "__html_format__"):
++ rv = value.__html_format__(format_spec)
++ elif hasattr(value, "__html__"):
++ if format_spec:
++ raise ValueError(
++ "Format specifier {0} given, but {1} does not"
++ " define __html_format__. A class that defines"
++ " __html__ must define __html_format__ to work"
++ " with format specifiers.".format(format_spec, type(value))
++ )
++ rv = value.__html__()
++ else:
++ # We need to make sure the format spec is unicode here as
++ # otherwise the wrong callback methods are invoked. For
++ # instance a byte string there would invoke __str__ and
++ # not __unicode__.
++ rv = Formatter.format_field(self, value, text_type(format_spec))
++ return text_type(self.escape(rv))
++
++class _MagicFormatMapping(Mapping):
++ """This class implements a dummy wrapper to fix a bug in the Python
++ standard library for string formatting.
++
++ See http://bugs.python.org/issue13598 for information about why
++ this is necessary.
++ """
++
++ def __init__(self, args, kwargs):
++ self._args = args
++ self._kwargs = kwargs
++ self._last_index = 0
++
++ def __getitem__(self, key):
++ if key == '':
++ idx = self._last_index
++ self._last_index += 1
++ try:
++ return self._args[idx]
++ except LookupError:
++ pass
++ key = str(idx)
++ return self._kwargs[key]
++
++ def __iter__(self):
++ return iter(self._kwargs)
++
++ def __len__(self):
++ return len(self._kwargs)
++
++
++def inspect_format_method(callable):
++ if not has_format:
++ return None
++ if not isinstance(callable, (types.MethodType,
++ types.BuiltinMethodType)) or \
++ callable.__name__ != 'format':
++ return None
++ obj = callable.__self__
++ if isinstance(obj, string_types):
++ return obj
++
+
+ def safe_range(*args):
+ """A range that can't generate ranges with a length of more than
+@@ -146,6 +232,12 @@ def is_internal_attribute(obj, attr):
+ elif isinstance(obj, generator_type):
+ if attr in UNSAFE_GENERATOR_ATTRIBUTES:
+ return True
++ elif hasattr(types, 'CoroutineType') and isinstance(obj, types.CoroutineType):
++ if attr in UNSAFE_COROUTINE_ATTRIBUTES:
++ return True
++ elif hasattr(types, 'AsyncGeneratorType') and isinstance(obj, types.AsyncGeneratorType):
++ if attri in UNSAFE_ASYNC_GENERATOR_ATTRIBUTES:
++ return True
+ return attr.startswith('__')
+
+
+@@ -184,8 +276,8 @@ class SandboxedEnvironment(Environment):
+ attributes or functions are safe to access.
+
+ If the template tries to access insecure code a :exc:`SecurityError` is
+- raised. However also other exceptions may occour during the rendering so
+- the caller has to ensure that all exceptions are catched.
++ raised. However also other exceptions may occur during the rendering so
++ the caller has to ensure that all exceptions are caught.
+ """
+ sandboxed = True
+
+@@ -347,8 +439,24 @@ class SandboxedEnvironment(Environment):
+ obj.__class__.__name__
+ ), name=attribute, obj=obj, exc=SecurityError)
+
++ def format_string(self, s, args, kwargs):
++ """If a format call is detected, then this is routed through this
++ method so that our safety sandbox can be used for it.
++ """
++ if isinstance(s, Markup):
++ formatter = SandboxedEscapeFormatter(self, s.escape)
++ else:
++ formatter = SandboxedFormatter(self)
++ kwargs = _MagicFormatMapping(args, kwargs)
++ rv = formatter.vformat(s, args, kwargs)
++ return type(s)(rv)
++
+ def call(__self, __context, __obj, *args, **kwargs):
+ """Call an object from sandboxed code."""
++ fmt = inspect_format_method(__obj)
++ if fmt is not None:
++ return __self.format_string(fmt, args, kwargs)
++
+ # the double prefixes are to avoid double keyword argument
+ # errors when proxying the call.
+ if not __self.is_safe_callable(__obj):
+@@ -366,3 +474,37 @@ class ImmutableSandboxedEnvironment(SandboxedEnvironment):
+ if not SandboxedEnvironment.is_safe_attribute(self, obj, attr, value):
+ return False
+ return not modifies_known_mutable(obj, attr)
++
++
++if has_format:
++ # This really is not a public API apparenlty.
++ try:
++ from _string import formatter_field_name_split
++ except ImportError:
++ def formatter_field_name_split(field_name):
++ return field_name._formatter_field_name_split()
++
++ class SandboxedFormatterMixin(object):
++
++ def __init__(self, env):
++ self._env = env
++
++ def get_field(self, field_name, args, kwargs):
++ first, rest = formatter_field_name_split(field_name)
++ obj = self.get_value(first, args, kwargs)
++ for is_attr, i in rest:
++ if is_attr:
++ obj = self._env.getattr(obj, i)
++ else:
++ obj = self._env.getitem(obj, i)
++ return obj, first
++
++ class SandboxedFormatter(SandboxedFormatterMixin, Formatter):
++ def __init__(self, env):
++ SandboxedFormatterMixin.__init__(self, env)
++ Formatter.__init__(self)
++
++ class SandboxedEscapeFormatter(SandboxedFormatterMixin, EscapeFormatter):
++ def __init__(self, env, escape):
++ SandboxedFormatterMixin.__init__(self, env)
++ EscapeFormatter.__init__(self, escape)
diff --git a/SPECS/python-jinja2.spec b/SPECS/python-jinja2.spec
new file mode 100644
index 0000000..e823f41
--- /dev/null
+++ b/SPECS/python-jinja2.spec
@@ -0,0 +1,294 @@
+%if 0%{?fedora} > 12
+%global with_python3 1
+%else
+%{!?python_sitelib: %global python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
+%endif
+
+# Enable building without docs to avoid a circular dependency between this
+# and python-sphinx:
+%global with_docs 1
+
+Name: python-jinja2
+Version: 2.7.2
+Release: 3%{?dist}
+Summary: General purpose template engine
+Group: Development/Languages
+License: BSD
+URL: http://jinja.pocoo.org/
+Source0: http://pypi.python.org/packages/source/J/Jinja2/Jinja2-%{version}.tar.gz
+
+Patch1: %{name}-align-jinjaext-with-compatibility-cleanups.patch
+
+# Patch for CVE-2014-0012, see https://bugzilla.redhat.com/show_bug.cgi?id=1051421
+# for discussion (not yet sent upstream)
+Patch2: python-jinja2-fix-CVE-2014-0012.patch
+
+# Fix CVE-2016-10745
+# Also bundling the EscapeFormatter class from markupsafe >= 0.21, as we don't ship
+# that version in RHEL7 and it's required for the CVE fix
+# https://github.com/pallets/jinja/commit/9b53045c34e61013dc8f09b7e52a555fa16bed16
+# https://bugzilla.redhat.com/show_bug.cgi?id=1701309
+Patch4: python-jinja2-fix-CVE-2016-10745.patch
+
+BuildArch: noarch
+BuildRequires: python2-devel
+BuildRequires: python2-setuptools
+BuildRequires: python-markupsafe
+%if 0%{?with_docs}
+BuildRequires: python-sphinx
+%endif # with_docs
+Requires: python-babel >= 0.8
+Requires: python-markupsafe
+%if 0%{?with_python3}
+BuildRequires: python3-devel
+BuildRequires: python3-setuptools
+BuildRequires: python3-markupsafe
+%endif # with_python3
+
+Provides: python2-jinja2 = %{version}-%{release}
+
+%description
+Jinja2 is a template engine written in pure Python. It provides a
+Django inspired non-XML syntax but supports inline expressions and an
+optional sandboxed environment.
+
+If you have any exposure to other text-based template languages, such
+as Smarty or Django, you should feel right at home with Jinja2. It's
+both designer and developer friendly by sticking to Python's
+principles and adding functionality useful for templating
+environments.
+
+
+%if 0%{?with_python3}
+%package -n python3-jinja2
+Summary: General purpose template engine
+Group: Development/Languages
+Requires: python3-markupsafe
+# babel isn't py3k ready yet, and is only a weak dependency
+#Requires: python3-babel >= 0.8
+
+
+%description -n python3-jinja2
+Jinja2 is a template engine written in pure Python. It provides a
+Django inspired non-XML syntax but supports inline expressions and an
+optional sandboxed environment.
+
+If you have any exposure to other text-based template languages, such
+as Smarty or Django, you should feel right at home with Jinja2. It's
+both designer and developer friendly by sticking to Python's
+principles and adding functionality useful for templating
+environments.
+%endif # with_python3
+
+
+%prep
+%setup -q -n Jinja2-%{version}
+%patch1 -p1
+%patch2 -p1
+%patch4 -p1
+
+# cleanup
+find . -name '*.pyo' -o -name '*.pyc' -delete
+
+# fix EOL
+sed -i 's|\r$||g' LICENSE
+
+%if 0%{?with_python3}
+cp -a . %{py3dir}
+%endif # with_python3
+
+
+%build
+%py2_build
+
+# for now, we build docs using Python 2.x and use that for both
+# packages.
+%if 0%{?with_docs}
+make -C docs html PYTHONPATH=$(pwd)
+%endif # with_docs
+
+%if 0%{?with_python3}
+pushd %{py3dir}
+%{__python3} setup.py build
+popd
+%endif # with_python3
+
+
+%install
+%py2_install
+
+# remove hidden file
+rm -rf docs/_build/html/.buildinfo
+
+%if 0%{?with_python3}
+pushd %{py3dir}
+%{__python3} setup.py install -O1 --skip-build \
+ --root %{buildroot}
+popd
+%endif # with_python3
+
+
+%check
+make test
+
+
+%if 0%{?with_python3}
+pushd %{py3dir}
+make test
+popd
+%endif # with_python3
+
+
+%files
+%doc AUTHORS CHANGES
+%license LICENSE
+%if 0%{?with_docs}
+%doc docs/_build/html
+%endif # with_docs
+%doc ext
+%doc examples
+%{python2_sitelib}/*
+%exclude %{python2_sitelib}/jinja2/_debugsupport.c
+
+
+%if 0%{?with_python3}
+%files -n python3-jinja2
+%doc AUTHORS CHANGES LICENSE
+%if 0%{?with_docs}
+%doc docs/_build/html
+%endif # with_docs
+%doc ext
+%doc examples
+%{python3_sitelib}/*
+%exclude %{python3_sitelib}/jinja2/_debugsupport.c
+%endif # with_python3
+
+
+%changelog
+* Thu May 02 2019 Charalampos Stratakis <cstratak@redhat.com> - 2.7.2-3
+- Fix for CVE-2016-10745
+Resolves: rhbz#1701308
+
+* Tue Jan 28 2014 Bohuslav Kabrda <bkabrda@redhat.com> - 2.7.2-2
+- Fix CVE-2014-0012.
+Resolves: rhbz#1051427
+
+* Wed Jan 15 2014 Bohuslav Kabrda <bkabrda@redhat.com> - 2.7.2-1
+- Reverted flawed patch for #1051427 (this reintroduces #1052102).
+- Spec cleanup (removed rhel < 7 specific stuff).
+- Update to 2.7.2.
+Resolves: rhbz#1052777
+
+* Tue Jan 14 2014 Tomas Radej <tradej@redhat.com> - 2.6-8
+- Using secure tmp dir
+- Replaced tabs with spaces
+Resolves: rhbz#1051427
+
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com> - 2.6-7
+- Mass rebuild 2013-12-27
+
+* Thu Feb 14 2013 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_19_Mass_Rebuild
+
+* Sat Aug 04 2012 David Malcolm <dmalcolm@redhat.com> - 2.6-5
+- rebuild for https://fedoraproject.org/wiki/Features/Python_3.3
+
+* Fri Aug 3 2012 David Malcolm <dmalcolm@redhat.com> - 2.6-4
+- remove rhel logic from with_python3 conditional
+
+* Sat Jul 21 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild
+
+* Sat Jan 14 2012 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.6-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
+
+* Mon Jul 25 2011 Thomas Moschny <thomas.moschny@gmx.de> - 2.6-1
+- Update to 2.6.
+
+* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.5.5-4
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
+
+* Tue Jan 18 2011 Thomas Moschny <thomas.moschny@gmx.de> - 2.5.5-3
+- Re-enable html doc generation.
+- Remove conditional for F-12 and below.
+- Do not silently fail the testsuite for with py3k.
+
+* Mon Nov 1 2010 Michel Salim <salimma@fedoraproject.org> - 2.5.5-2
+- Move python3 runtime requirements to python3 subpackage
+
+* Wed Oct 27 2010 Thomas Moschny <thomas.moschny@gmx.de> - 2.5.5-1
+- Update to 2.5.5.
+
+* Wed Aug 25 2010 Thomas Moschny <thomas.moschny@gmx.de> - 2.5.2-4
+- Revert to previous behavior: fail the build on failed test.
+- Rebuild for Python 3.2.
+
+* Wed Aug 25 2010 Dan Horák <dan[at]danny.cz> - 2.5.2-3
+- %%ifnarch doesn't work on noarch package so don't fail the build on failed tests
+
+* Wed Aug 25 2010 Dan Horák <dan[at]danny.cz> - 2.5.2-2
+- disable the testsuite on s390(x)
+
+* Thu Aug 19 2010 Thomas Moschny <thomas.moschny@gmx.de> - 2.5.2-1
+- Update to upstream version 2.5.2.
+- Package depends on python-markupsafe and is noarch now.
+
+* Thu Jul 22 2010 David Malcolm <dmalcolm@redhat.com> - 2.5-4
+- add explicit build-requirement on python-setuptools
+- fix doc disablement for python3 subpackage
+
+* Thu Jul 22 2010 David Malcolm <dmalcolm@redhat.com> - 2.5-3
+- support disabling documentation in the build to break a circular build-time
+dependency with python-sphinx; disable docs for now
+
+* Thu Jul 22 2010 David Malcolm <dmalcolm@redhat.com> - 2.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild
+
+* Tue Jul 13 2010 Thomas Moschny <thomas.moschny@gmx.de> - 2.5-1
+- Update to upstream version 2.5.
+- Create python3 subpackage.
+- Minor specfile fixes.
+- Add examples directory.
+- Thanks to Gareth Armstrong for additional hints.
+
+* Wed Apr 21 2010 Thomas Moschny <thomas.moschny@gmx.de> - 2.4.1-1
+- Update to 2.4.1.
+
+* Tue Apr 13 2010 Thomas Moschny <thomas.moschny@gmx.de> - 2.4-1
+- Update to 2.4.
+
+* Tue Feb 23 2010 Thomas Moschny <thomas.moschny@gmx.de> - 2.3.1-1
+- Update to 2.3.1.
+- Docs are built using Sphinx now.
+- Run the testsuite.
+
+* Sat Sep 19 2009 Thomas Moschny <thomas.moschny@gmx.de> - 2.2.1-1
+- Update to 2.2.1, mainly a bugfix release.
+- Remove patch no longer needed.
+- Remove conditional for FC-8.
+- Compilation of speedup module has to be explicitly requested now.
+
+* Sun Jul 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.1-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
+
+* Thu Feb 26 2009 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 2.1.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Sat Jan 10 2009 Thomas Moschny <thomas.moschny@gmx.de> - 2.1.1-1
+- Update to 2.1.1 (bugfix release).
+
+* Thu Dec 18 2008 Thomas Moschny <thomas.moschny@gmx.de> - 2.1-1
+- Update to 2.1, which fixes a number of bugs.
+ See http://jinja.pocoo.org/2/documentation/changelog#version-2-1.
+
+* Sat Nov 29 2008 Ignacio Vazquez-Abrams <ivazqueznet+rpm@gmail.com> - 2.0-3
+- Rebuild for Python 2.6
+
+* Tue Jul 22 2008 Thomas Moschny <thomas.moschny@gmx.de> - 2.0-2
+- Use rpm buildroot macro instead of RPM_BUILD_ROOT.
+
+* Sun Jul 20 2008 Thomas Moschny <thomas.moschny@gmx.de> - 2.0-1
+- Upstream released 2.0.
+
+* Sun Jun 29 2008 Thomas Moschny <thomas.moschny@gmx.de> - 2.0-0.1.rc1
+- Modified specfile from the existing python-jinja package.