Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-Jinja2 for openSUSE:Factory
checked in at 2021-02-17 18:08:45
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-Jinja2 (Old)
and /work/SRC/openSUSE:Factory/.python-Jinja2.new.28504 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-Jinja2"
Wed Feb 17 18:08:45 2021 rev:41 rq:870631 version:2.11.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-Jinja2/python-Jinja2.changes
2020-05-04 18:33:48.164230349 +0200
+++ /work/SRC/openSUSE:Factory/.python-Jinja2.new.28504/python-Jinja2.changes
2021-02-17 18:09:08.497822875 +0100
@@ -1,0 +2,8 @@
+Tue Feb 9 15:42:40 UTC 2021 - Alexandros Toptsoglou <atoptsog...@suse.com>
+
+- update to 2.11.3
+ * Improve the speed of the urlize filter by reducing regex backtracking.
+ Email matching requires a word character at the start of the domain part
+ and only word characters in the TLD (CVE-2020-28493 bsc#1181944).
+
+-------------------------------------------------------------------
@@ -4 +12 @@
-- update to 2.11.1
+- update to 2.11.2
Old:
----
Jinja2-2.11.2.tar.gz
New:
----
Jinja2-2.11.3.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-Jinja2.spec ++++++
--- /var/tmp/diff_new_pack.X5wIiJ/_old 2021-02-17 18:09:08.973823264 +0100
+++ /var/tmp/diff_new_pack.X5wIiJ/_new 2021-02-17 18:09:08.977823268 +0100
@@ -1,7 +1,7 @@
#
# spec file for package python-Jinja2
#
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -24,7 +24,7 @@
%{?!python_module:%define python_module() python-%{**} python3-%{**}}
%define oldpython python
Name: python-Jinja2
-Version: 2.11.2
+Version: 2.11.3
Release: 0
Summary: A template engine written in pure Python
License: BSD-3-Clause
++++++ Jinja2-2.11.2.tar.gz -> Jinja2-2.11.3.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Jinja2-2.11.2/CHANGES.rst
new/Jinja2-2.11.3/CHANGES.rst
--- old/Jinja2-2.11.2/CHANGES.rst 2020-04-13 18:13:48.000000000 +0200
+++ new/Jinja2-2.11.3/CHANGES.rst 2021-01-31 17:19:46.000000000 +0100
@@ -1,5 +1,15 @@
.. currentmodule:: jinja2
+Version 2.11.3
+--------------
+
+Released 2021-01-31
+
+- Improve the speed of the ``urlize`` filter by reducing regex
+ backtracking. Email matching requires a word character at the start
+ of the domain part, and only word characters in the TLD. :pr:`1343`
+
+
Version 2.11.2
--------------
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Jinja2-2.11.2/PKG-INFO new/Jinja2-2.11.3/PKG-INFO
--- old/Jinja2-2.11.2/PKG-INFO 2020-04-13 18:14:13.635887100 +0200
+++ new/Jinja2-2.11.3/PKG-INFO 2021-01-31 17:28:38.933537000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: Jinja2
-Version: 2.11.2
+Version: 2.11.3
Summary: A very fast and expressive template engine.
Home-page: https://palletsprojects.com/p/jinja/
Author: Armin Ronacher
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Jinja2-2.11.2/docs/api.rst
new/Jinja2-2.11.3/docs/api.rst
--- old/Jinja2-2.11.2/docs/api.rst 2020-04-13 16:18:12.000000000 +0200
+++ new/Jinja2-2.11.3/docs/api.rst 2021-01-31 15:47:52.000000000 +0100
@@ -275,7 +275,7 @@
for all other extensions. You can use the :func:`~jinja2.select_autoescape`
function for this::
- from jinja2 import Environment, select_autoescape
+ from jinja2 import Environment, PackageLoader, select_autoescape
env = Environment(autoescape=select_autoescape(['html', 'htm', 'xml']),
loader=PackageLoader('mypackage'))
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Jinja2-2.11.2/src/Jinja2.egg-info/PKG-INFO
new/Jinja2-2.11.3/src/Jinja2.egg-info/PKG-INFO
--- old/Jinja2-2.11.2/src/Jinja2.egg-info/PKG-INFO 2020-04-13
18:14:13.000000000 +0200
+++ new/Jinja2-2.11.3/src/Jinja2.egg-info/PKG-INFO 2021-01-31
17:28:38.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: Jinja2
-Version: 2.11.2
+Version: 2.11.3
Summary: A very fast and expressive template engine.
Home-page: https://palletsprojects.com/p/jinja/
Author: Armin Ronacher
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Jinja2-2.11.2/src/jinja2/__init__.py
new/Jinja2-2.11.3/src/jinja2/__init__.py
--- old/Jinja2-2.11.2/src/jinja2/__init__.py 2020-04-13 18:12:03.000000000
+0200
+++ new/Jinja2-2.11.3/src/jinja2/__init__.py 2021-01-31 17:19:46.000000000
+0100
@@ -41,4 +41,4 @@
from .utils import is_undefined
from .utils import select_autoescape
-__version__ = "2.11.2"
+__version__ = "2.11.3"
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Jinja2-2.11.2/src/jinja2/filters.py
new/Jinja2-2.11.3/src/jinja2/filters.py
--- old/Jinja2-2.11.2/src/jinja2/filters.py 2020-04-13 16:18:12.000000000
+0200
+++ new/Jinja2-2.11.3/src/jinja2/filters.py 2021-01-31 15:47:52.000000000
+0100
@@ -268,16 +268,16 @@
.. sourcecode:: jinja
- {% for item in mydict|dictsort %}
+ {% for key, value in mydict|dictsort %}
sort the dict by key, case insensitive
- {% for item in mydict|dictsort(reverse=true) %}
+ {% for key, value in mydict|dictsort(reverse=true) %}
sort the dict by key, case insensitive, reverse order
- {% for item in mydict|dictsort(true) %}
+ {% for key, value in mydict|dictsort(true) %}
sort the dict by key, case sensitive
- {% for item in mydict|dictsort(false, 'value') %}
+ {% for key, value in mydict|dictsort(false, 'value') %}
sort the dict by value, case insensitive
"""
if by == "key":
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/Jinja2-2.11.2/src/jinja2/utils.py
new/Jinja2-2.11.3/src/jinja2/utils.py
--- old/Jinja2-2.11.2/src/jinja2/utils.py 2020-04-13 16:18:12.000000000
+0200
+++ new/Jinja2-2.11.3/src/jinja2/utils.py 2021-01-31 17:19:43.000000000
+0100
@@ -6,6 +6,8 @@
from collections import deque
from random import choice
from random import randrange
+from string import ascii_letters as _letters
+from string import digits as _digits
from threading import Lock
from markupsafe import escape
@@ -16,20 +18,6 @@
from ._compat import text_type
from ._compat import url_quote
-_word_split_re = re.compile(r"(\s+)")
-_punctuation_re = re.compile(
- "^(?P<lead>(?:%s)*)(?P<middle>.*?)(?P<trail>(?:%s)*)$"
- % (
- "|".join(map(re.escape, ("(", "<", "<"))),
- "|".join(map(re.escape, (".", ",", ")", ">", "\n", ">"))),
- )
-)
-_simple_email_re = re.compile(r"^\S+@[a-zA-Z0-9._-]+\.[a-zA-Z0-9._-]+$")
-_striptags_re = re.compile(r"(<!--.*?-->|<[^>]*>)")
-_entity_re = re.compile(r"&([^;]+);")
-_letters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
-_digits = "0123456789"
-
# special singleton representing missing values for the runtime
missing = type("MissingType", (), {"__repr__": lambda x: "missing"})()
@@ -210,48 +198,65 @@
and (x[:limit] + (len(x) >= limit and "..." or ""))
or x
)
- words = _word_split_re.split(text_type(escape(text)))
+ words = re.split(r"(\s+)", text_type(escape(text)))
rel_attr = rel and ' rel="%s"' % text_type(escape(rel)) or ""
target_attr = target and ' target="%s"' % escape(target) or ""
for i, word in enumerate(words):
- match = _punctuation_re.match(word)
+ head, middle, tail = "", word, ""
+ match = re.match(r"^([(<]|<)+", middle)
+
if match:
- lead, middle, trail = match.groups()
- if middle.startswith("www.") or (
- "@" not in middle
- and not middle.startswith("http://";)
- and not middle.startswith("https://";)
- and len(middle) > 0
- and middle[0] in _letters + _digits
- and (
- middle.endswith(".org")
- or middle.endswith(".net")
- or middle.endswith(".com")
- )
- ):
- middle = '<a href="http://%s"%s%s>%s</a>' % (
- middle,
- rel_attr,
- target_attr,
- trim_url(middle),
- )
- if middle.startswith("http://";) or middle.startswith("https://";):
- middle = '<a href="%s"%s%s>%s</a>' % (
- middle,
- rel_attr,
- target_attr,
- trim_url(middle),
- )
- if (
- "@" in middle
- and not middle.startswith("www.")
- and ":" not in middle
- and _simple_email_re.match(middle)
- ):
- middle = '<a href="mailto:%s";>%s</a>' % (middle, middle)
- if lead + middle + trail != word:
- words[i] = lead + middle + trail
+ head = match.group()
+ middle = middle[match.end() :]
+
+ # Unlike lead, which is anchored to the start of the string,
+ # need to check that the string ends with any of the characters
+ # before trying to match all of them, to avoid backtracking.
+ if middle.endswith((")", ">", ".", ",", "\n", ">")):
+ match = re.search(r"([)>.,\n]|>)+$", middle)
+
+ if match:
+ tail = match.group()
+ middle = middle[: match.start()]
+
+ if middle.startswith("www.") or (
+ "@" not in middle
+ and not middle.startswith("http://";)
+ and not middle.startswith("https://";)
+ and len(middle) > 0
+ and middle[0] in _letters + _digits
+ and (
+ middle.endswith(".org")
+ or middle.endswith(".net")
+ or middle.endswith(".com")
+ )
+ ):
+ middle = '<a href="http://%s"%s%s>%s</a>' % (
+ middle,
+ rel_attr,
+ target_attr,
+ trim_url(middle),
+ )
+
+ if middle.startswith("http://";) or middle.startswith("https://";):
+ middle = '<a href="%s"%s%s>%s</a>' % (
+ middle,
+ rel_attr,
+ target_attr,
+ trim_url(middle),
+ )
+
+ if (
+ "@" in middle
+ and not middle.startswith("www.")
+ and ":" not in middle
+ and re.match(r"^\S+@\w[\w.-]*\.\w+$", middle)
+ ):
+ middle = '<a href="mailto:%s";>%s</a>' % (middle, middle)
+
+ words[i] = head + middle + tail
+
return u"".join(words)
