From 548716d9e79082bbc708f0d7e9ca2bc8f1114ce4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20N=C3=A9ri?= <dne+alpine@mayonnaise.net>
Date: Wed, 12 Mar 2025 22:58:32 +0100
Subject: [PATCH] main/py3-jinja2: security upgrade to 3.1.6

CVE-2025-27516: Sandbox breakout through attr filter selecting format
method.

- https://github.com/pallets/jinja/security/advisories/GHSA-cpwx-vrp4-4pq7
- https://raw.githubusercontent.com/pallets/jinja/refs/tags/3.1.6/CHANGES.rst
---
 main/py3-jinja2/APKBUILD | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/main/py3-jinja2/APKBUILD b/main/py3-jinja2/APKBUILD
index 32835721a36a..3cb72a359342 100644
--- a/main/py3-jinja2/APKBUILD
+++ b/main/py3-jinja2/APKBUILD
@@ -2,7 +2,7 @@
 # Maintainer: Matt Smith <mcs@darkregion.net>
 pkgname=py3-jinja2
 _pkgname=jinja2
-pkgver=3.1.5
+pkgver=3.1.6
 pkgrel=0
 pkgdesc="A small but fast and easy to use stand-alone python template engine"
 url="https://palletsprojects.com/p/jinja/"
@@ -16,6 +16,8 @@ source="https://files.pythonhosted.org/packages/source/${_pkgname:0:1}/$_pkgname
 builddir="$srcdir/$_pkgname-$pkgver"
 
 # secfixes:
+#   3.1.6-r0:
+#     - CVE-2025-27516 GHSA-cpwx-vrp4-4pq7
 #   3.1.5-r0:
 #     - CVE-2024-56326 GHSA-q2x7-8rv6-6q7h
 #     - CVE-2024-56201 GHSA-gmj6-6f8f-6699
@@ -54,5 +56,5 @@ package() {
 }
 
 sha512sums="
-75ad0094482c69d45fcd3aa8ee32e249931e53fee3f804f6ddfd5b6da0ed16962d8f1fced811e7dcb4d8401fadd828e77528d6d1280547a7d4f5f77cccf9bbd4  jinja2-3.1.5.tar.gz
+bddd5e142f1462426c57b2efafdfafdfc6b66de257668707940896feae71eabdf19e0b6e34ef49b965153baf9b1eb59bb5a97349bb287ea0921dd2a751e967ab  jinja2-3.1.6.tar.gz
 "
-- 
GitLab