Bug 215651 - devel/py-Jinja2: Update to 2.8.2
Summary: devel/py-Jinja2: Update to 2.8.2
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Po-Chuan Hsieh
URL: http://jinja.pocoo.org/docs/2.9/chang...
Keywords: needs-patch, needs-qa, security
Depends on:
Blocks:
 
Reported: 2016-12-29 13:57 UTC by Olivier Duchateau
Modified: 2017-04-04 07:58 UTC (History)
3 users (show)

See Also:
vlad-fbsd: maintainer-feedback-
vlad-fbsd: merge-quarterly?


Attachments
Patch to update devel/py-Jinja2 (1.09 KB, patch)
2016-12-29 13:57 UTC, Olivier Duchateau
no flags Details | Diff
Patch to update devel/py-Jinja2 (1.63 KB, patch)
2017-01-09 18:23 UTC, Olivier Duchateau
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Olivier Duchateau freebsd_committer freebsd_triage 2016-12-29 13:57:39 UTC
Created attachment 178376 [details]
Patch to update devel/py-Jinja2

Update to 2.8.1
Comment 1 Olivier Duchateau freebsd_committer freebsd_triage 2017-01-07 18:04:09 UTC
Superseded by bug #215858
Comment 2 Olivier Duchateau freebsd_committer freebsd_triage 2017-01-08 07:45:22 UTC
Re-open, because Jinja2 > 2.9 works only with Python >= 3.5 (it uses async keyword in jinja2/asyncfilters.py file).
Comment 3 Olivier Duchateau freebsd_committer freebsd_triage 2017-01-09 18:23:03 UTC
Created attachment 178672 [details]
Patch to update devel/py-Jinja2

New patch:

- Limit to Python 2.7
- Remove reference to Python 3
Comment 4 VK freebsd_triage 2017-01-09 19:42:43 UTC
Uh, wait. If Jinja2 >= 2.9 uses async, then 2.8.1 is still py3 compliant. We're using 2.8.1 in production with Python 3.5 (pip installed in virtualenv, tho', it's one of few packages we haven't yet switched to ports) and there's no problem, at least not to our use case (main HTML/XML renderer for a rather large flask web app).

As for update from 2.8 to 2.8.1, I'm adding merge-quarterly request, these are the changes:

(bugfix release, released on December 29th 2016)

- Fixed the `for_qs` flag for `urlencode`.
- Fixed regression when applying `int` to non-string values.
- SECURITY: if the sandbox mode is used format expressions are now sandboxed
  with the same rules as in Jinja.  This solves various information leakage
problems that can occur with format strings.

* https://github.com/pallets/jinja/blob/master/CHANGES

Please revise the change and leave Python3 support for 2.8.1.
Comment 5 Olivier Duchateau freebsd_committer freebsd_triage 2017-01-09 20:38:00 UTC
(In reply to Vladimir Krstulja from comment #4)

No I keep my diff unchanged, it's maintainer's choice, if he wants to keep Python3 support.
Comment 6 VK freebsd_triage 2017-01-09 21:23:44 UTC
(In reply to Olivier Duchateau from comment #5)

Ok. Let me just add this too, it appears that the asyncsupport.py is imported only if there's async support (environment.is_async == True), there's a conditional import for the template in compiler.py. I just ran a quick and dirty test in a py27 virtualenv, and Jinja2 2.9.3 imports fine. I have to test it with actual templates used, but I don't think there's a need to hard-limit Jinja2 to python2.7 only.

Please correct me if I'm wrong.

Also please be aware that there are 29 reverse dependencies of py-Jinja2, some of which, to my knowledge as I haven't tested all of them, build and work fine at the moment with DEFAULT_VERSIONS= python=3.5, most notably Sphinx and Flask. And only a handful of py3-Jinja2, I presume for some cases where those rdeps must be forced to py35-*

So another question is why is py3-Jinja2 an entirely separate port and not a slave? If a sweeping change like this is to be done, perhaps it should be done closer to the next Quarterly cut-off, and we can combine the ports and fully switch to 2.9.x?
Comment 7 VK freebsd_triage 2017-02-17 09:41:05 UTC
Olivier,

the maintainer has timed out. Jinja 2.8 branch is now at 2.8.2. Could you please rework your original patch to update to 2.8.2, which is MFH-able and contains bugfixes over 2.8 currently in port. Then we can push HEAD's jinja to 2.9.5.

No need to limit it for Python2 only, all currently supported Jinja versions work for both Pythons.

I guess you can commit is straight away, since this is in timeout.

Thanks.
Comment 8 VK freebsd_triage 2017-02-17 11:32:40 UTC
Maintainer timeout, back to pool. Sorry, missed to do that earlier.
Comment 9 Martin Wilke freebsd_committer freebsd_triage 2017-02-18 08:40:58 UTC
Submitter is Committer.
Comment 10 Rene Ladan freebsd_committer freebsd_triage 2017-03-19 13:48:28 UTC
reset assignee
Comment 11 commit-hook freebsd_committer freebsd_triage 2017-04-01 10:55:46 UTC
A commit references this bug:

Author: sunpoet
Date: Sat Apr  1 10:53:25 UTC 2017
New revision: 437424
URL: https://svnweb.freebsd.org/changeset/ports/437424

Log:
  Update to 2.9.5

  - While I'm here:
    - Remove 2to3 stuff
    - Simplify PKGNAMESUFFIX check

  Changes:	https://github.com/pallets/jinja/blob/master/CHANGES
  PR:		215651 (based on)
  Submitted by:	olivierd
  Approved by:	maintainer (timeout, 3 months)

Changes:
  head/devel/py-Jinja2/Makefile
  head/devel/py-Jinja2/distinfo
Comment 12 Po-Chuan Hsieh freebsd_committer freebsd_triage 2017-04-01 10:56:51 UTC
Committed. Thanks!
Comment 13 VK freebsd_triage 2017-04-03 16:31:53 UTC
Please reopen for two reasons:

1. The merge-quarterly request was ignored. 2017Q2 just got branched off and there will otherwise be three more months of unpatched Jinja.

2. This update broke the port on Python 3, because 2to3 conversion was removed from the post-build step:

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=218336
Comment 14 Po-Chuan Hsieh freebsd_committer freebsd_triage 2017-04-04 07:58:45 UTC
2to3 stuff has been restored in r437710.