From 7383ed8bc957b3a65bcc112563fe5781377885b9 Mon Sep 17 00:00:00 2001
From: hongjinghao <hongjinghao@huawei.com>
Date: Sat, 24 Dec 2022 15:25:56 +0800
Subject: [PATCH] sync by 22.03-lts-sp1

(cherry picked from commit 7bd409e4ac89cc0e0a8bad3afd0d86675d1575fd)
---
 CVE-2022-40023.patch | 33 +++++++++++++++++++++++++++++++++
 python-mako.spec     | 21 +++++++++++++++++----
 2 files changed, 50 insertions(+), 4 deletions(-)
 create mode 100644 CVE-2022-40023.patch

diff --git a/CVE-2022-40023.patch b/CVE-2022-40023.patch
new file mode 100644
index 0000000..b07af6d
--- /dev/null
+++ b/CVE-2022-40023.patch
@@ -0,0 +1,33 @@
+diff -urN mako/lexer.py mako.new/lexer.py
+--- mako/lexer.py	2021-01-15 02:28:51.000000000 +0800
++++ mako.new/lexer.py	2022-09-22 11:19:51.277358075 +0800
+@@ -295,20 +295,24 @@
+         return self.template
+ 
+     def match_tag_start(self):
+-        match = self.match(
+-            r"""
++        reg = r"""
+             \<%     # opening tag
+ 
+             ([\w\.\:]+)   # keyword
+ 
+-            ((?:\s+\w+|\s*=\s*|".*?"|'.*?')*)  # attrname, = \
+-                                               #        sign, string expression
++            ((?:\s+\w+|\s*=\s*|"[^"]*?"|'[^']*?'|\s*,\s*)*)  # attrname, = \
++                                     #        sign, string expression
++                                     # comma is for backwards compat
++                                     # identified in #366
+ 
+             \s*     # more whitespace
+ 
+             (/)?>   # closing
+ 
+-            """,
++        """
++
++        match = self.match(
++            reg,
+             re.I | re.S | re.X,
+         )
+ 
diff --git a/python-mako.spec b/python-mako.spec
index c7fc669..62f1432 100644
--- a/python-mako.spec
+++ b/python-mako.spec
@@ -1,15 +1,19 @@
+%bcond_with test
+
 Name: python-mako
 Version: 1.1.4
-Release: 2
+Release: 5
 Summary: Mako template library for Python
 License: MIT
 Group: Development/Languages
 URL: http://www.makotemplates.org/
 Source0: https://files.pythonhosted.org/packages/source/M/Mako/Mako-%{version}.tar.gz
+Patch0:CVE-2022-40023.patch
 BuildArch: noarch
 
-BuildRequires: python3-devel python3-pytest python3-setuptools
+BuildRequires: python3-devel python3-setuptools
 BuildRequires: python3-markupsafe python3-mock
+BuildRequires:  python3-pytest
 
 %description
 Python-mako is a template library for Python. It provides a familiar, non-XML
@@ -35,7 +39,7 @@ Requires:   python3-mako = %{version}-%{release}
 Help file of Mako library for Python in text and HTML formats.
 
 %prep
-%autosetup -n Mako-%{version}
+%autosetup -n Mako-%{version} -p0
 
 %build
 %py3_build
@@ -58,9 +62,18 @@ rm -rf doc/build
 %doc doc
 
 %changelog
-* Fri Jan 07 2022 tianwei <tianwei12@huawei.com> 1.1.4-2
+* Thu Sep 22 2022 dillon chen <dillon.chen@gmail.com> 1.1.4-5
+- CVE-2022-40023
+
+* Wed Mar 30 2022 wangjiang <wangjiang37@h-partners.com> 1.1.4-4
 - remove python-nose build required
 
+* Wed Feb 23 2022 yuanxin <yuanxin24@h-partners.com> - 1.1.4-3
+- enable %check
+
+* Sat Nov 27 2021 shixuantong <shixuantong@huawei.com> - 1.1.4-2
+- disable %check
+
 * Thu Jul 15 2021 huangtianhua <huangtianhua@huawei.com> 1.1.4-1
 - Upgrade to 1.1.4 to support OpenStack-W
 
-- 
Gitee