From a0f90736f13c66bcbd1ef64f0a905892cf16623e9ca0b15f3186e629170c77c9 Mon Sep 17 00:00:00 2001
From: Daniel Garcia <daniel.garcia@suse.com>
Date: Thu, 29 Feb 2024 06:56:38 +0000
Subject: [PATCH] - Update to 3.9.15 (bsc#1220489, CVE-2024-27454):   *
 Implement recursion limit of 1024 on orjson.loads().   * Use byte-exact read
 on str formatting SIMD path to avoid crash. - 3.9.14:   * Fix crash
 serializing str introduced in 3.9.11.   * Build now depends on Rust 1.72 or
 later. - 3.9.13:   * Serialization str escape uses only 128-bit SIMD.   * Fix
 compatibility with CPython 3.13 alpha 3.   * Publish musllinux_1_2 instead of
 musllinux_1_1 wheels.   * Serialization uses small integer optimization in
 CPython 3.12 or later. - 3.9.12:   * Minimal musllinux_1_1 build due to
 sporadic CI failure. - 3.9.11:   * Improve performance of serializing. str is
 significantly faster. Documents     using dict, list, and tuple are somewhat
 faster. - Update to 3.9.10

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-orjson?expand=0&rev=17
---
 _service                        |  4 ++--
 orjson-3.9.10-devendored.tar.xz |  3 ---
 orjson-3.9.10.tar.gz            |  3 ---
 orjson-3.9.15-devendored.tar.xz |  3 +++
 orjson-3.9.15.tar.gz            |  3 +++
 python-orjson.changes           | 22 +++++++++++++++++++++-
 python-orjson.spec              |  2 +-
 vendor.tar.xz                   |  4 ++--
 8 files changed, 32 insertions(+), 12 deletions(-)
 delete mode 100644 orjson-3.9.10-devendored.tar.xz
 delete mode 100644 orjson-3.9.10.tar.gz
 create mode 100644 orjson-3.9.15-devendored.tar.xz
 create mode 100644 orjson-3.9.15.tar.gz

diff --git a/_service b/_service
index 5419ad0..5dce196 100644
--- a/_service
+++ b/_service
@@ -1,8 +1,8 @@
 <services>
-  <service name="cargo_vendor" mode="disabled">
+  <service name="cargo_vendor" mode="manual">
     <param name="srctar">orjson-*-devendored.tar.xz</param>
     <param name="compression">xz</param>
     <param name="update">true</param>
   </service>
-  <service name="cargo_audit" mode="disabled"></service>
+  <service name="cargo_audit" mode="manual"></service>
 </services>
diff --git a/orjson-3.9.10-devendored.tar.xz b/orjson-3.9.10-devendored.tar.xz
deleted file mode 100644
index 322c602..0000000
--- a/orjson-3.9.10-devendored.tar.xz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:c6c32df8331d4d6aa83a86a7eacc42c4ab74d7007dd85b999ca643a98c512fe8
-size 618568
diff --git a/orjson-3.9.10.tar.gz b/orjson-3.9.10.tar.gz
deleted file mode 100644
index aaa989c..0000000
--- a/orjson-3.9.10.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:9ebbdbd6a046c304b1845e96fbcc5559cd296b4dfd3ad2509e33c4d9ce07d6a1
-size 5361203
diff --git a/orjson-3.9.15-devendored.tar.xz b/orjson-3.9.15-devendored.tar.xz
new file mode 100644
index 0000000..6691749
--- /dev/null
+++ b/orjson-3.9.15-devendored.tar.xz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:609e03e86406062447b20255722b039c6b743f01fb4faf62e87006fcb384a790
+size 623404
diff --git a/orjson-3.9.15.tar.gz b/orjson-3.9.15.tar.gz
new file mode 100644
index 0000000..a984aec
--- /dev/null
+++ b/orjson-3.9.15.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:95cae920959d772f30ab36d3b25f83bb0f3be671e986c72ce22f8fa700dae061
+size 4854933
diff --git a/python-orjson.changes b/python-orjson.changes
index f58b114..b4c9c8d 100644
--- a/python-orjson.changes
+++ b/python-orjson.changes
@@ -1,7 +1,27 @@
+-------------------------------------------------------------------
+Thu Feb 29 06:46:24 UTC 2024 - Daniel Garcia <daniel.garcia@suse.com>
+
+- Update to 3.9.15 (bsc#1220489, CVE-2024-27454):
+  * Implement recursion limit of 1024 on orjson.loads().
+  * Use byte-exact read on str formatting SIMD path to avoid crash.
+- 3.9.14:
+  * Fix crash serializing str introduced in 3.9.11.
+  * Build now depends on Rust 1.72 or later.
+- 3.9.13:
+  * Serialization str escape uses only 128-bit SIMD.
+  * Fix compatibility with CPython 3.13 alpha 3.
+  * Publish musllinux_1_2 instead of musllinux_1_1 wheels.
+  * Serialization uses small integer optimization in CPython 3.12 or later.
+- 3.9.12:
+  * Minimal musllinux_1_1 build due to sporadic CI failure.
+- 3.9.11:
+  * Improve performance of serializing. str is significantly faster. Documents
+    using dict, list, and tuple are somewhat faster.
+
 -------------------------------------------------------------------
 Sun Jan 14 14:46:13 UTC 2024 - Ben Greiner <code@bnavigator.de>
 
-- Update to 3.8.10
+- Update to 3.9.10
   * Fix debug assert failure on 3.12 --profile=dev build.
 - Release 3.9.9
   * orjson module metadata explicitly marks subinterpreters as not
diff --git a/python-orjson.spec b/python-orjson.spec
index 3d15aeb..ee5068f 100644
--- a/python-orjson.spec
+++ b/python-orjson.spec
@@ -18,7 +18,7 @@
 
 %{?sle15_python_module_pythons}
 Name:           python-orjson
-Version:        3.9.10
+Version:        3.9.15
 Release:        0
 Summary:        Fast, correct Python JSON library supporting dataclasses, datetimes, and numpy
 License:        Apache-2.0 OR MIT
diff --git a/vendor.tar.xz b/vendor.tar.xz
index 87127d5..d2d3b28 100644
--- a/vendor.tar.xz
+++ b/vendor.tar.xz
@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:cd62c556274a51ac794081438ec9444bd979e91a6976383055804fec4fd82812
-size 2166832
+oid sha256:30ee8cdebdf05db352574669e33b95b367903a4aca4e9d02597324667846a278
+size 2085860