Sync from SUSE:SLFO:Main python-orjson revision a50b0e18851eef3d84d8d1e581064d55

2024-09-25 17:15:26 +02:00 · 2024-09-25 17:15:26 +02:00 · 60d1d9af0f
commit 60d1d9af0f
parent 4435ef5926
9 changed files with 117 additions and 24 deletions
--- a/7
+++ b/7
@ -1,9 +1,8 @@
 <services>
-  <service name="cargo_vendor" mode="disabled">
-    <param name="srctar">orjson-*.tar.gz</param>
+  <service name="cargo_vendor" mode="manual">
+    <param name="srctar">orjson-*-devendored.tar.xz</param>
    <param name="compression">xz</param>
    <param name="update">true</param>
  </service>
-  <service name="cargo_audit" mode="disabled"></service>
+  <service name="cargo_audit" mode="manual"></service>
 </services>
-
--- a/5
+++ b/5
@ -1,5 +0,0 @@
-[source.crates-io]
-replace-with = "vendored-sources"
-
-[source.vendored-sources]
-directory = "vendor"
--- a/devendor-sdist.sh
+++ b/devendor-sdist.sh
@ -0,0 +1,11 @@
+#!/bin/sh
+file=$(find . -maxdepth 1 -name 'orjson-*.tar.gz' -print | sort -rn | tail -1)
+echo "Removing the cargo vendoring from upstream ${file}"
+dir=${file%.tar.gz}
+tar -x -z -f $file
+rm ${dir}/Cargo.lock
+rm -r ${dir}/include/cargo
+rm -r ${dir}/.cargo
+outfile=${dir}-devendored.tar.xz
+echo "Repackaging to ${outfile}"
+tar -c -J -f ${outfile} ${dir}
--- a/orjson-3.8.10.tar.gz
+++ b/orjson-3.8.10.tar.gz
--- a/orjson-3.9.15-devendored.tar.xz
+++ b/orjson-3.9.15-devendored.tar.xz
--- a/orjson-3.9.15.tar.gz
+++ b/orjson-3.9.15.tar.gz
--- a/python-orjson.changes
+++ b/python-orjson.changes
@ -1,3 +1,78 @@
+-------------------------------------------------------------------
+Thu Feb 29 06:46:24 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Update to 3.9.15 (bsc#1220489, CVE-2024-27454):
+  * Implement recursion limit of 1024 on orjson.loads().
+  * Use byte-exact read on str formatting SIMD path to avoid crash.
+- 3.9.14:
+  * Fix crash serializing str introduced in 3.9.11.
+  * Build now depends on Rust 1.72 or later.
+- 3.9.13:
+  * Serialization str escape uses only 128-bit SIMD.
+  * Fix compatibility with CPython 3.13 alpha 3.
+  * Publish musllinux_1_2 instead of musllinux_1_1 wheels.
+  * Serialization uses small integer optimization in CPython 3.12 or later.
+- 3.9.12:
+  * Minimal musllinux_1_1 build due to sporadic CI failure.
+- 3.9.11:
+  * Improve performance of serializing. str is significantly faster. Documents
+    using dict, list, and tuple are somewhat faster.
+
+-------------------------------------------------------------------
+Sun Jan 14 14:46:13 UTC 2024 - Ben Greiner <code@bnavigator.de>
+
+- Update to 3.9.10
+  * Fix debug assert failure on 3.12 --profile=dev build.
+- Release 3.9.9
+  * orjson module metadata explicitly marks subinterpreters as not
+    supported.
+- Release 3.9.8
+  * Improve performance.
+  * Drop support for Python 3.7.
+- Release 3.9.7
+  * Fix crash in orjson.loads() due to non-reentrant handling of
+    persistent buffer. This was introduced in 3.9.3.
+  * Handle some FFI removals in CPython 3.13.
+- Release 3.9.6
+  * Fix numpy reference leak on unsupported array dtype.
+  * Fix numpy.datetime64 reference handling.
+  * Minor performance improvements.
+- Release 3.9.5
+  * Remove futex from module import and initialization path.
+- Release 3.9.4
+  * Fix hash builder using default values.
+  * Fix non-release builds of orjson copying large deserialization
+    buffer from stack to heap. This was introduced in 3.9.3.
+- Release 3.9.3
+  * Fix compatibility with CPython 3.12.
+  * Support i686/x86 32-bit Python installs on Windows.
+- Release 3.9.2
+  * Fix the __cause__ exception on orjson.JSONEncodeError possibly
+    being denormalized, i.e., of type str instead of Exception.
+- Release 3.9.1
+  * Fix memory leak on chained tracebacks of exceptions raised in
+    default. This was introduced in 3.8.12.
+- Release 3.9.0
+  * orjson.Fragment includes already-serialized JSON in a document.
+- Release 3.8.13
+  * Source distribution contains all source code required for an
+    offline build.
+  * Build uses maturin v1.
+- Release 3.8.12
+    * Exceptions raised in default are now chained as the __cause__
+      attribute on orjson.JSONEncodeError.
+- Release 3.8.11
+  * orjson.loads() on an empty document has a specific error
+    message.
+- Avoid cargo_audit error because of shipped old vulnerable
+  zerocopy: Devendor the shipped cargo and update the cargo_vendor
+  service
+
+-------------------------------------------------------------------
+Sat Jun 10 17:38:51 UTC 2023 - ecsos <ecsos@opensuse.org>
+
+- Add %{?sle15_python_module_pythons}
+
 -------------------------------------------------------------------
 Thu Apr 13 19:01:31 UTC 2023 - Matej Cepl <mcepl@suse.com>

--- a/python-orjson.spec
+++ b/python-orjson.spec
@ -1,7 +1,7 @@
 #
 # spec file for package python-orjson
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -16,17 +16,20 @@
 #


-%{?!python_module:%define python_module() python-%{**} python3-%{**}}
+%{?sle15_python_module_pythons}
 Name:           python-orjson
-Version:        3.8.10
+Version:        3.9.15
 Release:        0
 Summary:        Fast, correct Python JSON library supporting dataclasses, datetimes, and numpy
 License:        Apache-2.0 OR MIT
 URL:            https://github.com/ijl/orjson
-Source:         https://files.pythonhosted.org/packages/source/o/orjson/orjson-%{version}.tar.gz
+# Update: Run `osc service runall download_files && sh ./devendor-sdist.sh && osc service runall cargo_vendor`
+Source0:        orjson-%{version}-devendored.tar.xz
 Source1:        vendor.tar.xz
-Source2:        cargo_config
-BuildRequires:  %{python_module maturin >= 0.12.19}
+Source2:        https://files.pythonhosted.org/packages/source/o/orjson/orjson-%{version}.tar.gz
+Source3:        devendor-sdist.sh
+BuildRequires:  %{python_module base >= 3.8}
+BuildRequires:  %{python_module maturin >= 1}
 BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module setuptools}
 BuildRequires:  %{python_module wheel}
@ -51,8 +54,6 @@ It benchmarks as the fastest Python library for JSON.

 %prep
 %autosetup -a1 -n orjson-%{version}
-mkdir .cargo
-cp %{SOURCE2} .cargo/config

 %build
 %pyproject_wheel
@ -62,13 +63,22 @@ cp %{SOURCE2} .cargo/config
 %python_expand %fdupes %{buildroot}%{$python_sitearch}

 %check
+donttest="bydefaultnothingfails"
+%ifarch %ix86 %arm32
 # test_numpy_array_d1_uintp and test_numpy_array_d1_intp fail on 32bit
+donttest="$donttest or test_numpy_array_d1_intp or test_numpy_array_d1_uintp"
+%endif
+%ifarch ppc64le
 # test_memory_loads_keys occasionally fails on crashes on ppc64le
-%pytest_arch -k "not (test_numpy_array_d1_intp or test_numpy_array_d1_uintp or test_memory_loads_keys)"
+donttest="$donttest or test_memory_loads_keys"
+%endif
+
+%pytest_arch -k "not ($donttest)"

 %files %{python_files}
 %doc README.md CHANGELOG.md
 %license LICENSE-APACHE LICENSE-MIT
-%{python_sitearch}/orjson*
+%{python_sitearch}/orjson
+%{python_sitearch}/orjson-%{version}.dist-info

 %changelog
--- a/vendor.tar.xz
+++ b/vendor.tar.xz