diff --git a/_service b/_service
index f0b22d8..5dce196 100644
--- a/_service
+++ b/_service
@@ -1,9 +1,8 @@
-
- orjson-*.tar.gz
+
+ orjson-*-devendored.tar.xz
xz
true
-
+
-
diff --git a/cargo_config b/cargo_config
deleted file mode 100644
index 6fb4ff4..0000000
--- a/cargo_config
+++ /dev/null
@@ -1,5 +0,0 @@
-[source.crates-io]
-replace-with = "vendored-sources"
-
-[source.vendored-sources]
-directory = "vendor"
\ No newline at end of file
diff --git a/devendor-sdist.sh b/devendor-sdist.sh
new file mode 100644
index 0000000..ccc29de
--- /dev/null
+++ b/devendor-sdist.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+file=$(find . -maxdepth 1 -name 'orjson-*.tar.gz' -print | sort -rn | tail -1)
+echo "Removing the cargo vendoring from upstream ${file}"
+dir=${file%.tar.gz}
+tar -x -z -f $file
+rm ${dir}/Cargo.lock
+rm -r ${dir}/include/cargo
+rm -r ${dir}/.cargo
+outfile=${dir}-devendored.tar.xz
+echo "Repackaging to ${outfile}"
+tar -c -J -f ${outfile} ${dir}
diff --git a/orjson-3.8.10.tar.gz b/orjson-3.8.10.tar.gz
deleted file mode 100644
index 978a0d4..0000000
--- a/orjson-3.8.10.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:dcf6adb4471b69875034afab51a14b64f1026bc968175a2bb02c5f6b358bd413
-size 836541
diff --git a/orjson-3.9.15-devendored.tar.xz b/orjson-3.9.15-devendored.tar.xz
new file mode 100644
index 0000000..6691749
--- /dev/null
+++ b/orjson-3.9.15-devendored.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:609e03e86406062447b20255722b039c6b743f01fb4faf62e87006fcb384a790
+size 623404
diff --git a/orjson-3.9.15.tar.gz b/orjson-3.9.15.tar.gz
new file mode 100644
index 0000000..a984aec
--- /dev/null
+++ b/orjson-3.9.15.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:95cae920959d772f30ab36d3b25f83bb0f3be671e986c72ce22f8fa700dae061
+size 4854933
diff --git a/python-orjson.changes b/python-orjson.changes
index e1054d0..b4c9c8d 100644
--- a/python-orjson.changes
+++ b/python-orjson.changes
@@ -1,3 +1,78 @@
+-------------------------------------------------------------------
+Thu Feb 29 06:46:24 UTC 2024 - Daniel Garcia
+
+- Update to 3.9.15 (bsc#1220489, CVE-2024-27454):
+ * Implement recursion limit of 1024 on orjson.loads().
+ * Use byte-exact read on str formatting SIMD path to avoid crash.
+- 3.9.14:
+ * Fix crash serializing str introduced in 3.9.11.
+ * Build now depends on Rust 1.72 or later.
+- 3.9.13:
+ * Serialization str escape uses only 128-bit SIMD.
+ * Fix compatibility with CPython 3.13 alpha 3.
+ * Publish musllinux_1_2 instead of musllinux_1_1 wheels.
+ * Serialization uses small integer optimization in CPython 3.12 or later.
+- 3.9.12:
+ * Minimal musllinux_1_1 build due to sporadic CI failure.
+- 3.9.11:
+ * Improve performance of serializing. str is significantly faster. Documents
+ using dict, list, and tuple are somewhat faster.
+
+-------------------------------------------------------------------
+Sun Jan 14 14:46:13 UTC 2024 - Ben Greiner
+
+- Update to 3.9.10
+ * Fix debug assert failure on 3.12 --profile=dev build.
+- Release 3.9.9
+ * orjson module metadata explicitly marks subinterpreters as not
+ supported.
+- Release 3.9.8
+ * Improve performance.
+ * Drop support for Python 3.7.
+- Release 3.9.7
+ * Fix crash in orjson.loads() due to non-reentrant handling of
+ persistent buffer. This was introduced in 3.9.3.
+ * Handle some FFI removals in CPython 3.13.
+- Release 3.9.6
+ * Fix numpy reference leak on unsupported array dtype.
+ * Fix numpy.datetime64 reference handling.
+ * Minor performance improvements.
+- Release 3.9.5
+ * Remove futex from module import and initialization path.
+- Release 3.9.4
+ * Fix hash builder using default values.
+ * Fix non-release builds of orjson copying large deserialization
+ buffer from stack to heap. This was introduced in 3.9.3.
+- Release 3.9.3
+ * Fix compatibility with CPython 3.12.
+ * Support i686/x86 32-bit Python installs on Windows.
+- Release 3.9.2
+ * Fix the __cause__ exception on orjson.JSONEncodeError possibly
+ being denormalized, i.e., of type str instead of Exception.
+- Release 3.9.1
+ * Fix memory leak on chained tracebacks of exceptions raised in
+ default. This was introduced in 3.8.12.
+- Release 3.9.0
+ * orjson.Fragment includes already-serialized JSON in a document.
+- Release 3.8.13
+ * Source distribution contains all source code required for an
+ offline build.
+ * Build uses maturin v1.
+- Release 3.8.12
+ * Exceptions raised in default are now chained as the __cause__
+ attribute on orjson.JSONEncodeError.
+- Release 3.8.11
+ * orjson.loads() on an empty document has a specific error
+ message.
+- Avoid cargo_audit error because of shipped old vulnerable
+ zerocopy: Devendor the shipped cargo and update the cargo_vendor
+ service
+
+-------------------------------------------------------------------
+Sat Jun 10 17:38:51 UTC 2023 - ecsos
+
+- Add %{?sle15_python_module_pythons}
+
-------------------------------------------------------------------
Thu Apr 13 19:01:31 UTC 2023 - Matej Cepl
diff --git a/python-orjson.spec b/python-orjson.spec
index e184925..ee5068f 100644
--- a/python-orjson.spec
+++ b/python-orjson.spec
@@ -1,7 +1,7 @@
#
# spec file for package python-orjson
#
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -16,17 +16,20 @@
#
-%{?!python_module:%define python_module() python-%{**} python3-%{**}}
+%{?sle15_python_module_pythons}
Name: python-orjson
-Version: 3.8.10
+Version: 3.9.15
Release: 0
Summary: Fast, correct Python JSON library supporting dataclasses, datetimes, and numpy
License: Apache-2.0 OR MIT
URL: https://github.com/ijl/orjson
-Source: https://files.pythonhosted.org/packages/source/o/orjson/orjson-%{version}.tar.gz
+# Update: Run `osc service runall download_files && sh ./devendor-sdist.sh && osc service runall cargo_vendor`
+Source0: orjson-%{version}-devendored.tar.xz
Source1: vendor.tar.xz
-Source2: cargo_config
-BuildRequires: %{python_module maturin >= 0.12.19}
+Source2: https://files.pythonhosted.org/packages/source/o/orjson/orjson-%{version}.tar.gz
+Source3: devendor-sdist.sh
+BuildRequires: %{python_module base >= 3.8}
+BuildRequires: %{python_module maturin >= 1}
BuildRequires: %{python_module pip}
BuildRequires: %{python_module setuptools}
BuildRequires: %{python_module wheel}
@@ -51,8 +54,6 @@ It benchmarks as the fastest Python library for JSON.
%prep
%autosetup -a1 -n orjson-%{version}
-mkdir .cargo
-cp %{SOURCE2} .cargo/config
%build
%pyproject_wheel
@@ -62,13 +63,22 @@ cp %{SOURCE2} .cargo/config
%python_expand %fdupes %{buildroot}%{$python_sitearch}
%check
+donttest="bydefaultnothingfails"
+%ifarch %ix86 %arm32
# test_numpy_array_d1_uintp and test_numpy_array_d1_intp fail on 32bit
+donttest="$donttest or test_numpy_array_d1_intp or test_numpy_array_d1_uintp"
+%endif
+%ifarch ppc64le
# test_memory_loads_keys occasionally fails on crashes on ppc64le
-%pytest_arch -k "not (test_numpy_array_d1_intp or test_numpy_array_d1_uintp or test_memory_loads_keys)"
+donttest="$donttest or test_memory_loads_keys"
+%endif
+
+%pytest_arch -k "not ($donttest)"
%files %{python_files}
%doc README.md CHANGELOG.md
%license LICENSE-APACHE LICENSE-MIT
-%{python_sitearch}/orjson*
+%{python_sitearch}/orjson
+%{python_sitearch}/orjson-%{version}.dist-info
%changelog
diff --git a/vendor.tar.xz b/vendor.tar.xz
index e9e47b7..d2d3b28 100644
--- a/vendor.tar.xz
+++ b/vendor.tar.xz
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:4212333980ea33f43d2d9713e375d4a5dca888b1908ee3ced90d6d3b1dd8e21e
-size 1641596
+oid sha256:30ee8cdebdf05db352574669e33b95b367903a4aca4e9d02597324667846a278
+size 2085860