5 changed files with 3 additions and 220 deletions
--- a/Jinja2-2.11.3.tar.gz
+++ b/Jinja2-2.11.3.tar.gz
--- a/Jinja2-3.0.3.tar.gz
+++ b/Jinja2-3.0.3.tar.gz
--- a/backport-CVE-2024-22195.patch
+++ b/backport-CVE-2024-22195.patch
@ -1,82 +0,0 @@
 From f560975d61cfe4de1111c05cfd6b8c2210845148 Mon Sep 17 00:00:00 2001
 From: Calum Hutton <calum.hutton@snyk.io>
 Date: Thu, 26 Oct 2023 12:08:53 +0100
 Subject: [PATCH] xmlattr filter disallows keys with spaces
 Reference:https://github.com/pallets/jinja/commit/7dd3680e6eea0d77fde024763657aa4d884ddb23
 Conflict:remove CHANGES.rst
 ---
 Jinja2-3.0.3/src/jinja2/filters.py | 24 ++++++++++++++++++------
 Jinja2-3.0.3/tests/test_filters.py |  6 ++++++
 2 files changed, 24 insertions(+), 6 deletions(-)
 diff --git a/Jinja2-3.0.3/src/jinja2/filters.py b/Jinja2-3.0.3/src/jinja2/filters.py
 index ffb98bf..002e129 100644
 --- a/Jinja2-3.0.3/src/jinja2/filters.py
 +++ b/Jinja2-3.0.3/src/jinja2/filters.py
@@ -270,6 +270,7 @@ def do_lower(s: str) -> str:
     """Convert a value to lowercase."""
     return soft_str(s).lower()
 +_space_re = re.compile(r"\s", flags=re.ASCII)
 @pass_eval_context
 def do_xmlattr(
@@ -278,7 +279,8 @@ def do_xmlattr(
     """Create an SGML/XML attribute string based on the items in a dict.
     All values that are neither `none` nor `undefined` are automatically
     escaped:
 -
 +    If any key contains a space, this fails with a ``ValueError``. Values that
 +    are neither ``none`` nor ``undefined`` are automatically escaped.
     .. sourcecode:: html+jinja
         <ul{{ {'class': 'my_list', 'missing': none,
@@ -296,12 +298,22 @@ def do_xmlattr(
     As you can see it automatically prepends a space in front of the item
     if the filter returned something unless the second parameter is false.
 +
 +    .. versionchanged:: 3.1.3
 +        Keys with spaces are not allowed.
     """
 -    rv = " ".join(
 -        f'{escape(key)}="{escape(value)}"'
 -        for key, value in d.items()
 -        if value is not None and not isinstance(value, Undefined)
 -    )
 +    items = []
 +
 +    for key, value in d.items():
 +        if value is None or isinstance(value, Undefined):
 +            continue
 +
 +        if _space_re.search(key) is not None:
 +            raise ValueError(f"Spaces are not allowed in attributes: '{key}'")
 +
 +        items.append(f'{escape(key)}="{escape(value)}"')
 +
 +    rv = " ".join(items)
     if autospace and rv:
         rv = " " + rv
 diff --git a/Jinja2-3.0.3/tests/test_filters.py b/Jinja2-3.0.3/tests/test_filters.py
 index 2195157..45843fd 100644
 --- a/Jinja2-3.0.3/tests/test_filters.py
 +++ b/Jinja2-3.0.3/tests/test_filters.py
@@ -463,6 +463,12 @@ class TestFilter:
         assert 'bar="23"' in out
         assert 'blub:blub="&lt;?&gt;"' in out
 +    def test_xmlattr_key_with_spaces(self, env):
 +        with pytest.raises(ValueError, match="Spaces are not allowed"):
 +            env.from_string(
 +                "{{ {'src=1 onerror=alert(1)': 'my_class'}|xmlattr }}"
 +            ).render()
 +
     def test_sort1(self, env):
         tmpl = env.from_string("{{ [2, 3, 1]|sort }}|{{ [2, 3, 1]|sort(true) }}")
         assert tmpl.render() == "[1, 2, 3]|[3, 2, 1]"
 -- 
 2.33.0
--- a/backport-CVE-2024-34064.patch
+++ b/backport-CVE-2024-34064.patch
@ -1,109 +0,0 @@
 From 0668239dc6b44ef38e7a6c9f91f312fd4ca581cb Mon Sep 17 00:00:00 2001
 From: David Lord <davidism@gmail.com>
 Date: Thu, 2 May 2024 09:14:00 -0700
 Subject: [PATCH] disallow invalid characters in keys to xmlattr filter
 Reference:https://github.com/pallets/jinja/commit/0668239dc6b44ef38e7a6c9f91f312fd4ca581cb
 Conflict:NA
 ---
 Jinja2-3.0.3/CHANGES.rst           |  6 ++++++
 Jinja2-3.0.3/src/jinja2/filters.py | 22 +++++++++++++++++-----
 Jinja2-3.0.3/tests/test_filters.py | 11 ++++++-----
 3 files changed, 29 insertions(+), 10 deletions(-)
 diff --git a/Jinja2-3.0.3/CHANGES.rst b/Jinja2-3.0.3/CHANGES.rst
 index 9c58019..a62255b 100644
 --- a/Jinja2-3.0.3/CHANGES.rst
 +++ b/Jinja2-3.0.3/CHANGES.rst
@@ -1,5 +1,11 @@
 .. currentmodule:: jinja2
 +-   The ``xmlattr`` filter does not allow keys with ``/`` solidus, ``>``
 +    greater-than sign, or ``=`` equals sign, in addition to disallowing spaces.
 +    Regardless of any validation done by Jinja, user input should never be used
 +    as keys to this filter, or must be separately validated first.
 +    GHSA-h75v-3vvj-5mfj
 +
 Version 3.0.3
 -------------
 diff --git a/Jinja2-3.0.3/src/jinja2/filters.py b/Jinja2-3.0.3/src/jinja2/filters.py
 index 002e129..f3d4fca 100644
 --- a/Jinja2-3.0.3/src/jinja2/filters.py
 +++ b/Jinja2-3.0.3/src/jinja2/filters.py
@@ -270,7 +270,9 @@ def do_lower(s: str) -> str:
     """Convert a value to lowercase."""
     return soft_str(s).lower()
 -_space_re = re.compile(r"\s", flags=re.ASCII)
 +# Check for characters that would move the parser state from key to value.
 +# https://html.spec.whatwg.org/#attribute-name-state
 +_attr_key_re = re.compile(r"[\s/>=]", flags=re.ASCII)
 @pass_eval_context
 def do_xmlattr(
@@ -279,8 +281,14 @@ def do_xmlattr(
     """Create an SGML/XML attribute string based on the items in a dict.
     All values that are neither `none` nor `undefined` are automatically
     escaped:
 -    If any key contains a space, this fails with a ``ValueError``. Values that
 -    are neither ``none`` nor ``undefined`` are automatically escaped.
 +    **Values** that are neither ``none`` nor ``undefined`` are automatically
 +    escaped, safely allowing untrusted user input.
 +
 +    User input should not be used as **keys** to this filter. If any key
 +    contains a space, ``/`` solidus, ``>`` greater-than sign, or ``=`` equals
 +    sign, this fails with a ``ValueError``. Regardless of this, user input
 +    should never be used as keys to this filter, or must be separately validated
 +    first.
     .. sourcecode:: html+jinja
         <ul{{ {'class': 'my_list', 'missing': none,
@@ -299,6 +307,10 @@ def do_xmlattr(
     As you can see it automatically prepends a space in front of the item
     if the filter returned something unless the second parameter is false.
 +    .. versionchanged:: 3.1.4
 +        Keys with ``/`` solidus, ``>`` greater-than sign, or ``=`` equals sign
 +        are not allowed.
 +
     .. versionchanged:: 3.1.3
         Keys with spaces are not allowed.
     """
@@ -308,8 +320,8 @@ def do_xmlattr(
         if value is None or isinstance(value, Undefined):
             continue
 -        if _space_re.search(key) is not None:
 -            raise ValueError(f"Spaces are not allowed in attributes: '{key}'")
 +        if _attr_key_re.search(key) is not None:
 +            raise ValueError(f"Invalid character in attribute name: {key!r}")
         items.append(f'{escape(key)}="{escape(value)}"')
 diff --git a/Jinja2-3.0.3/tests/test_filters.py b/Jinja2-3.0.3/tests/test_filters.py
 index 45843fd..6533370 100644
 --- a/Jinja2-3.0.3/tests/test_filters.py
 +++ b/Jinja2-3.0.3/tests/test_filters.py
@@ -463,11 +463,12 @@ class TestFilter:
         assert 'bar="23"' in out
         assert 'blub:blub="&lt;?&gt;"' in out
 -    def test_xmlattr_key_with_spaces(self, env):
 -        with pytest.raises(ValueError, match="Spaces are not allowed"):
 -            env.from_string(
 -                "{{ {'src=1 onerror=alert(1)': 'my_class'}|xmlattr }}"
 -            ).render()
 +    @pytest.mark.parametrize("sep", ("\t", "\n", "\f", " ", "/", ">", "="))
 +    def test_xmlattr_key_invalid(self, env: Environment, sep: str) -> None:
 +        with pytest.raises(ValueError, match="Invalid character"):
 +            env.from_string("{{ {key: 'my_class'}|xmlattr }}").render(
 +                key=f"class{sep}onclick=alert(1)"
 +            )
     def test_sort1(self, env):
         tmpl = env.from_string("{{ [2, 3, 1]|sort }}|{{ [2, 3, 1]|sort(true) }}")
 -- 
 2.33.0
--- a/python-jinja2.spec
+++ b/python-jinja2.spec
@ -1,16 +1,13 @@
 %global _name Jinja2
 Name:           python-jinja2
-Version:        3.0.3
+Version:        2.11.3
-Release:        4
+Release:        1
 Summary:        A full-featured template engine for Python
 License:        BSD
 URL:            http://jinja.pocoo.org/
 Source0:        https://files.pythonhosted.org/packages/source/J/Jinja2/Jinja2-%{version}.tar.gz
 Patch6000:      backport-CVE-2024-22195.patch
 Patch6001:      backport-CVE-2024-34064.patch
 BuildArch:      noarch
 %description
@ -50,11 +47,6 @@ pushd python3
 %py3_install
 popd
 %check
 pushd python3
 PYTHONPATH=$(pwd)/src %{__python3} -m pytest tests
 popd
 %files -n python3-jinja2
 %license Jinja2-%{version}/LICENSE.rst
 %{python3_sitelib}/jinja2
@ -62,27 +54,9 @@ popd
 %files help
 %doc Jinja2-%{version}/CHANGES.rst Jinja2-%{version}/PKG-INFO
-%doc Jinja2-%{version}/examples
+%doc Jinja2-%{version}/ext Jinja2-%{version}/examples
 %changelog
 * Fri May 10 2024 weihaohao <weihaohao2@huawei.com> - 3.0.3-4
 - Type:CVE
 - CVE:CVE-2024-34064
 - SUG:NA
 - DESC:fix CVE-2024-34064
 * Mon Jan 22 2024 weihaohao <weihaohao2@huawei.com> - 3.0.3-3
 - Type:CVE
 - CVE:CVE-2024-22195
 - SUG:NA
 - DESC:fix CVE-2024-22195
 * Thu Jun 30 2022 wangjiang <wangjiang37@h-partners.com> - 3.0.3-2
 - enable check test suite
 * Sun Dec 25 2021 tianwei <tianwei12@huawei.com> - 3.0.3
 - Upgrade version to 3.0.3
 * Mon Jul 12 2021 huangtianhua <huangtianhua@huawei.com> - 2.11.3
 - Upgrade to 2.11.3 to support OpenStack-W