diff --git a/SOURCES/python-mako-1.0.6-CVE-2022-40023.patch b/SOURCES/python-mako-1.0.6-CVE-2022-40023.patch
new file mode 100644
index 0000000..ad93c73
--- /dev/null
+++ b/SOURCES/python-mako-1.0.6-CVE-2022-40023.patch
@@ -0,0 +1,89 @@
+From fae3baa78626f420a963abcd7426092423a2b71b Mon Sep 17 00:00:00 2001
+From: Mike Bayer <mike_mp@zzzcomputing.com>
+Date: Mon, 29 Aug 2022 12:28:52 -0400
+Subject: [PATCH] fix tag regexp to match quoted groups correctly
+
+Fixed issue in lexer where the regexp used to match tags would not
+correctly interpret quoted sections individually. While this parsing issue
+still produced the same expected tag structure later on, the mis-handling
+of quoted sections was also subject to a regexp crash if a tag had a large
+number of quotes within its quoted sections.
+
+Fixes: #366
+Change-Id: I74e0d71ff7f419970711a7cd51adcf1bb90a44c0
+---
+ doc/build/unreleased/366.rst | 9 +++++++++
+ mako/lexer.py | 13 +++++++++----
+ test/test_lexer.py | 4 ++++
+ 3 files changed, 22 insertions(+), 4 deletions(-)
+ create mode 100644 doc/build/unreleased/366.rst
+
+diff --git a/doc/build/unreleased/366.rst b/doc/build/unreleased/366.rst
+new file mode 100644
+index 0000000..27b0278
+--- /dev/null
++++ b/doc/build/unreleased/366.rst
+@@ -0,0 +1,9 @@
++.. change::
++ :tags: bug, lexer
++ :tickets: 366
++
++ Fixed issue in lexer where the regexp used to match tags would not
++ correctly interpret quoted sections individually. While this parsing issue
++ still produced the same expected tag structure later on, the mis-handling
++ of quoted sections was also subject to a regexp crash if a tag had a large
++ number of quotes within its quoted sections.
+\ No newline at end of file
+diff --git a/mako/lexer.py b/mako/lexer.py
+index cf4187f..2224e77 100644
+--- a/mako/lexer.py
++++ b/mako/lexer.py
+@@ -271,21 +271,26 @@ class Lexer(object):
+ return self.template
+
+ def match_tag_start(self):
+- match = self.match(r'''
++ reg = r"""
+ \<% # opening tag
+
+ ([\w\.\:]+) # keyword
+
+- ((?:\s+\w+|\s*=\s*|".*?"|'.*?')*) # attrname, = \
++ ((?:\s+\w+|\s*=\s*|"[^"]*?"|'[^']*?'|\s*,\s*)*) # attrname, = \
+ # sign, string expression
++ # comma is for backwards compat
++ # identified in #366
+
+ \s* # more whitespace
+
+ (/)?> # closing
+
+- ''',
++ """
+
+- re.I | re.S | re.X)
++ match = self.match(
++ reg,
++ re.I | re.S | re.X
++ )
+
+ if match:
+ keyword, attr, isend = match.groups()
+diff --git a/test/test_lexer.py b/test/test_lexer.py
+index 06ebb05..bcf787e 100644
+--- a/test/test_lexer.py
++++ b/test/test_lexer.py
+@@ -105,6 +105,10 @@ class LexerTest(TemplateTest):
+ self.assertRaises(exceptions.CompileException,
+ Lexer(template).parse)
+
++ def test_tag_many_quotes(self):
++ template = "<%0" + '"' * 3000
++ self.assertRaises(exceptions.SyntaxException, Lexer(template).parse)
++
+ def test_unmatched_tag(self):
+ template = \
+ """
+--
+2.39.0
+
diff --git a/SPECS/python-mako.spec b/SPECS/python-mako.spec
index 0851a7f..0064564 100644
--- a/SPECS/python-mako.spec
+++ b/SPECS/python-mako.spec
@@ -16,7 +16,7 @@
Name: python-mako
Version: 1.0.6
-Release: 13%{?dist}
+Release: 14%{?dist}
BuildArch: noarch
# Mostly MIT, but _ast_util.py is Python licensed.
@@ -27,6 +27,9 @@ Summary: Mako template library for Python
URL: http://www.makotemplates.org/
Source0: https://bitbucket.org/zzzeek/mako/get/rel_%(echo %{version} | sed "s/\./_/g").tar.bz2
+# https://bugzilla.redhat.com/show_bug.cgi?id=2133606
+Patch0: python-mako-1.0.6-CVE-2022-40023.patch
+
%if %{with python2}
BuildRequires: python2-devel
BuildRequires: python2-pytest
@@ -130,7 +133,7 @@ This package contains the mako module built for use with python3.
%endif #{with python3}
%prep
-%autosetup -n zzzeek-mako-8e83c7561e3c
+%autosetup -p1 -n zzzeek-mako-8e83c7561e3c
%build
export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
@@ -186,6 +189,9 @@ export RHEL_ALLOW_PYTHON2_FOR_BUILD=1
%changelog
+* Thu Nov 17 2022 David King <amigadave@amigadave.com> - 1.0.6-14
+- Fix CVE-2022-40023 (#2128977)
+
* Wed Jul 11 2018 Petr Viktorin <pviktori@redhat.com> - 1.0.6-13
- Disable the Python 2 subpackage again
https://bugzilla.redhat.com/show_bug.cgi?id=1590397