From 60d1d9af0f05bdbb200776392adac1addd93032ae3b05fb6cf5cc524fd64cda2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adrian=20Schr=C3=B6ter?= Date: Wed, 25 Sep 2024 17:15:26 +0200 Subject: [PATCH] Sync from SUSE:SLFO:Main python-orjson revision a50b0e18851eef3d84d8d1e581064d55 --- _service | 7 ++- cargo_config | 5 --- devendor-sdist.sh | 11 +++++ orjson-3.8.10.tar.gz | 3 -- orjson-3.9.15-devendored.tar.xz | 3 ++ orjson-3.9.15.tar.gz | 3 ++ python-orjson.changes | 75 +++++++++++++++++++++++++++++++++ python-orjson.spec | 30 ++++++++----- vendor.tar.xz | 4 +- 9 files changed, 117 insertions(+), 24 deletions(-) delete mode 100644 cargo_config create mode 100644 devendor-sdist.sh delete mode 100644 orjson-3.8.10.tar.gz create mode 100644 orjson-3.9.15-devendored.tar.xz create mode 100644 orjson-3.9.15.tar.gz diff --git a/_service b/_service index f0b22d8..5dce196 100644 --- a/_service +++ b/_service @@ -1,9 +1,8 @@ - - orjson-*.tar.gz + + orjson-*-devendored.tar.xz xz true - + - diff --git a/cargo_config b/cargo_config deleted file mode 100644 index 6fb4ff4..0000000 --- a/cargo_config +++ /dev/null @@ -1,5 +0,0 @@ -[source.crates-io] -replace-with = "vendored-sources" - -[source.vendored-sources] -directory = "vendor" \ No newline at end of file diff --git a/devendor-sdist.sh b/devendor-sdist.sh new file mode 100644 index 0000000..ccc29de --- /dev/null +++ b/devendor-sdist.sh @@ -0,0 +1,11 @@ +#!/bin/sh +file=$(find . -maxdepth 1 -name 'orjson-*.tar.gz' -print | sort -rn | tail -1) +echo "Removing the cargo vendoring from upstream ${file}" +dir=${file%.tar.gz} +tar -x -z -f $file +rm ${dir}/Cargo.lock +rm -r ${dir}/include/cargo +rm -r ${dir}/.cargo +outfile=${dir}-devendored.tar.xz +echo "Repackaging to ${outfile}" +tar -c -J -f ${outfile} ${dir} diff --git a/orjson-3.8.10.tar.gz b/orjson-3.8.10.tar.gz deleted file mode 100644 index 978a0d4..0000000 --- a/orjson-3.8.10.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:dcf6adb4471b69875034afab51a14b64f1026bc968175a2bb02c5f6b358bd413 -size 836541 diff --git a/orjson-3.9.15-devendored.tar.xz b/orjson-3.9.15-devendored.tar.xz new file mode 100644 index 0000000..6691749 --- /dev/null +++ b/orjson-3.9.15-devendored.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:609e03e86406062447b20255722b039c6b743f01fb4faf62e87006fcb384a790 +size 623404 diff --git a/orjson-3.9.15.tar.gz b/orjson-3.9.15.tar.gz new file mode 100644 index 0000000..a984aec --- /dev/null +++ b/orjson-3.9.15.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:95cae920959d772f30ab36d3b25f83bb0f3be671e986c72ce22f8fa700dae061 +size 4854933 diff --git a/python-orjson.changes b/python-orjson.changes index e1054d0..b4c9c8d 100644 --- a/python-orjson.changes +++ b/python-orjson.changes @@ -1,3 +1,78 @@ +------------------------------------------------------------------- +Thu Feb 29 06:46:24 UTC 2024 - Daniel Garcia + +- Update to 3.9.15 (bsc#1220489, CVE-2024-27454): + * Implement recursion limit of 1024 on orjson.loads(). + * Use byte-exact read on str formatting SIMD path to avoid crash. +- 3.9.14: + * Fix crash serializing str introduced in 3.9.11. + * Build now depends on Rust 1.72 or later. +- 3.9.13: + * Serialization str escape uses only 128-bit SIMD. + * Fix compatibility with CPython 3.13 alpha 3. + * Publish musllinux_1_2 instead of musllinux_1_1 wheels. + * Serialization uses small integer optimization in CPython 3.12 or later. +- 3.9.12: + * Minimal musllinux_1_1 build due to sporadic CI failure. +- 3.9.11: + * Improve performance of serializing. str is significantly faster. Documents + using dict, list, and tuple are somewhat faster. + +------------------------------------------------------------------- +Sun Jan 14 14:46:13 UTC 2024 - Ben Greiner + +- Update to 3.9.10 + * Fix debug assert failure on 3.12 --profile=dev build. +- Release 3.9.9 + * orjson module metadata explicitly marks subinterpreters as not + supported. +- Release 3.9.8 + * Improve performance. + * Drop support for Python 3.7. +- Release 3.9.7 + * Fix crash in orjson.loads() due to non-reentrant handling of + persistent buffer. This was introduced in 3.9.3. + * Handle some FFI removals in CPython 3.13. +- Release 3.9.6 + * Fix numpy reference leak on unsupported array dtype. + * Fix numpy.datetime64 reference handling. + * Minor performance improvements. +- Release 3.9.5 + * Remove futex from module import and initialization path. +- Release 3.9.4 + * Fix hash builder using default values. + * Fix non-release builds of orjson copying large deserialization + buffer from stack to heap. This was introduced in 3.9.3. +- Release 3.9.3 + * Fix compatibility with CPython 3.12. + * Support i686/x86 32-bit Python installs on Windows. +- Release 3.9.2 + * Fix the __cause__ exception on orjson.JSONEncodeError possibly + being denormalized, i.e., of type str instead of Exception. +- Release 3.9.1 + * Fix memory leak on chained tracebacks of exceptions raised in + default. This was introduced in 3.8.12. +- Release 3.9.0 + * orjson.Fragment includes already-serialized JSON in a document. +- Release 3.8.13 + * Source distribution contains all source code required for an + offline build. + * Build uses maturin v1. +- Release 3.8.12 + * Exceptions raised in default are now chained as the __cause__ + attribute on orjson.JSONEncodeError. +- Release 3.8.11 + * orjson.loads() on an empty document has a specific error + message. +- Avoid cargo_audit error because of shipped old vulnerable + zerocopy: Devendor the shipped cargo and update the cargo_vendor + service + +------------------------------------------------------------------- +Sat Jun 10 17:38:51 UTC 2023 - ecsos + +- Add %{?sle15_python_module_pythons} + ------------------------------------------------------------------- Thu Apr 13 19:01:31 UTC 2023 - Matej Cepl diff --git a/python-orjson.spec b/python-orjson.spec index e184925..ee5068f 100644 --- a/python-orjson.spec +++ b/python-orjson.spec @@ -1,7 +1,7 @@ # # spec file for package python-orjson # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -16,17 +16,20 @@ # -%{?!python_module:%define python_module() python-%{**} python3-%{**}} +%{?sle15_python_module_pythons} Name: python-orjson -Version: 3.8.10 +Version: 3.9.15 Release: 0 Summary: Fast, correct Python JSON library supporting dataclasses, datetimes, and numpy License: Apache-2.0 OR MIT URL: https://github.com/ijl/orjson -Source: https://files.pythonhosted.org/packages/source/o/orjson/orjson-%{version}.tar.gz +# Update: Run `osc service runall download_files && sh ./devendor-sdist.sh && osc service runall cargo_vendor` +Source0: orjson-%{version}-devendored.tar.xz Source1: vendor.tar.xz -Source2: cargo_config -BuildRequires: %{python_module maturin >= 0.12.19} +Source2: https://files.pythonhosted.org/packages/source/o/orjson/orjson-%{version}.tar.gz +Source3: devendor-sdist.sh +BuildRequires: %{python_module base >= 3.8} +BuildRequires: %{python_module maturin >= 1} BuildRequires: %{python_module pip} BuildRequires: %{python_module setuptools} BuildRequires: %{python_module wheel} @@ -51,8 +54,6 @@ It benchmarks as the fastest Python library for JSON. %prep %autosetup -a1 -n orjson-%{version} -mkdir .cargo -cp %{SOURCE2} .cargo/config %build %pyproject_wheel @@ -62,13 +63,22 @@ cp %{SOURCE2} .cargo/config %python_expand %fdupes %{buildroot}%{$python_sitearch} %check +donttest="bydefaultnothingfails" +%ifarch %ix86 %arm32 # test_numpy_array_d1_uintp and test_numpy_array_d1_intp fail on 32bit +donttest="$donttest or test_numpy_array_d1_intp or test_numpy_array_d1_uintp" +%endif +%ifarch ppc64le # test_memory_loads_keys occasionally fails on crashes on ppc64le -%pytest_arch -k "not (test_numpy_array_d1_intp or test_numpy_array_d1_uintp or test_memory_loads_keys)" +donttest="$donttest or test_memory_loads_keys" +%endif + +%pytest_arch -k "not ($donttest)" %files %{python_files} %doc README.md CHANGELOG.md %license LICENSE-APACHE LICENSE-MIT -%{python_sitearch}/orjson* +%{python_sitearch}/orjson +%{python_sitearch}/orjson-%{version}.dist-info %changelog diff --git a/vendor.tar.xz b/vendor.tar.xz index e9e47b7..d2d3b28 100644 --- a/vendor.tar.xz +++ b/vendor.tar.xz @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:4212333980ea33f43d2d9713e375d4a5dca888b1908ee3ced90d6d3b1dd8e21e -size 1641596 +oid sha256:30ee8cdebdf05db352574669e33b95b367903a4aca4e9d02597324667846a278 +size 2085860