JSON-XS-4.03.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:515536f45f2fa1a7e88c8824533758d0121d267ab9cb453a1b5887c8a56b9068
-size 86749

perl-JSON-XS.changes

@@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Mon Sep  8 16:53:42 UTC 2025 - Tina Müller <tina.mueller@suse.com>
+
+- updated to 4.40.0 (4.04)
+   see /usr/share/doc/packages/perl-JSON-XS/Changes
+
+  4.04 Fri 05 Sep 2025 23:59:48 CEST
+          - fix heap overflow causing crashes, possibly information
+            disclosure or worse (CVE-2025-40928), and causes JSON::XS to
+            accept invalid JSON texts as valid in some cases. Thanks to
+            Michael Hudak for finding this, the CPAN Security Group for
+            coordinating this, and Reini Urban for double-checking the patch
+            (and Peter Juhasz for potentially reporting this much earlier).
+  (bsc#1249330)
+
 -------------------------------------------------------------------
 Wed Oct 28 03:07:22 UTC 2020 - Tina Müller <timueller+perl@suse.de>
 

perl-JSON-XS.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package perl-JSON-XS
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2025 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,25 +16,28 @@
 #
 
 
-Name:           perl-JSON-XS
-Version:        4.03
-Release:        0
 %define cpan_name JSON-XS
-Summary:        JSON serialising/deserialising, done correctly and fast
+Name:           perl-JSON-XS
+Version:        4.40.0
+Release:        0
+# 4.04 -> normalize -> 4.40.0
+%define cpan_version 4.04
 License:        Artistic-1.0 OR GPL-1.0-or-later
-Group:          Development/Libraries/Perl
+Summary:        JSON serialising/deserialising, done correctly and fast
 URL:            https://metacpan.org/release/%{cpan_name}
-Source0:        https://cpan.metacpan.org/authors/id/M/ML/MLEHMANN/%{cpan_name}-%{version}.tar.gz
+Source0:        https://cpan.metacpan.org/authors/id/M/ML/MLEHMANN/%{cpan_name}-%{cpan_version}.tar.gz
 Source1:        cpanspec.yml
 Source100:      README.md
-BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  perl
 BuildRequires:  perl-macros
 BuildRequires:  perl(Canary::Stability)
+BuildRequires:  perl(ExtUtils::MakeMaker) >= 6.52
 BuildRequires:  perl(Types::Serialiser)
 BuildRequires:  perl(common::sense)
 Requires:       perl(Types::Serialiser)
 Requires:       perl(common::sense)
+Provides:       perl(JSON::XS) = %{version}
+%undefine       __perllib_provides
 %{perl_requires}
 
 %description
@@ -46,12 +49,11 @@ See MAPPING, below, on how JSON::XS maps perl values to JSON values and
 vice versa.
 
 %prep
-%setup -q -n %{cpan_name}-%{version}
+%autosetup -n %{cpan_name}-%{cpan_version} -p1
-find . -type f ! -path "*/t/*" ! -name "*.pl" ! -path "*/bin/*" ! -path "*/script/*" ! -name "configure" -print0 | xargs -0 chmod 644
 
 %build
 perl Makefile.PL INSTALLDIRS=vendor OPTIMIZE="%{optflags}"
-make %{?_smp_mflags}
+%make_build
 
 %check
 make test
@@ -62,7 +64,6 @@ make test
 %perl_gen_filelist
 
 %files -f %{name}.files
-%defattr(-,root,root,755)
 %doc Changes README
 %license COPYING