pool/python-orjson
SHA256
17
0
Fork 2
Code Issues Pull Requests Activity

Compare commits

base: pool:slfo-main
Branches Tags
pool:factory pool:slfo-main pool:slfo-1.2 python:main
..
compare: python:main
Branches Tags
python:main pool:factory pool:slfo-main pool:slfo-1.2

8 Commits
slfo-main ... main

Author SHA256 Message Date
Dominique Leuenberger
9133a87d84 Accepting request 1244153 from devel:languages:python 
OBS-URL: https://build.opensuse.org/request/show/1244153
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-orjson?expand=0&rev=11
 2025-02-09 18:59:07 +00:00
Markéta Machová
95ba3897cd Accepting request 1244147 from home:glaubitz:branches:devel:languages:python 
- Update to 3.10.15
  * Publish PyPI manylinux aarch64 wheels built and tested on aarch64.
  * Publish PyPI musllinux aarch64 and arm7l wheels built and tested on aarch64.
  * Publish PyPI manylinux Python 3.13 wheels for i686, arm7l, ppc64le, and s390x.

OBS-URL: https://build.opensuse.org/request/show/1244147
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-orjson?expand=0&rev=25
 2025-02-07 13:11:05 +00:00
Ana Guerrero
000a9991dd Accepting request 1236919 from devel:languages:python 
OBS-URL: https://build.opensuse.org/request/show/1236919
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-orjson?expand=0&rev=10
 2025-01-12 10:09:19 +00:00
Markéta Machová
4efac99aff Accepting request 1236886 from home:bnavigator:branches:devel:languages:python 
- Update to 3.10.14
  * Specify build system dependency on maturin>=1,<2 again.
  * Allocate memory using PyMem_Malloc() and similar APIs for
    integration with pymalloc, mimalloc, and tracemalloc.
  * Source distribution does not ship compressed test documents and
    relevant tests skip if fixtures are not present.
  * Build now depends on Rust 1.82 or later instead of 1.72.
- Release 3.10.13
  * Fix compatibility with maturin introducing a breaking change in
    1.8.0 and specify a fixed version of maturin. Projects relying
    on any previous version being buildable from source by end
    users (via PEP 517) must upgrade to at least this version.
- Remove pendulum from tests: Not desired in Ring1 and not
  maintained upstream. It's only supported on x86_64.

OBS-URL: https://build.opensuse.org/request/show/1236886
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-orjson?expand=0&rev=23
 2025-01-10 16:55:16 +00:00
Ana Guerrero
ecc314e35b Accepting request 1227755 from devel:languages:python 
OBS-URL: https://build.opensuse.org/request/show/1227755
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-orjson?expand=0&rev=9
 2024-12-03 19:45:41 +00:00
Markéta Machová
8d0af6c357 Accepting request 1227739 from home:ojkastl_buildservice:Branch_devel_languages_python 
update to 3.10.12

OBS-URL: https://build.opensuse.org/request/show/1227739
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-orjson?expand=0&rev=21
 2024-12-02 12:29:44 +00:00
Ana Guerrero
1a661b797c Accepting request 1199665 from devel:languages:python 
OBS-URL: https://build.opensuse.org/request/show/1199665
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-orjson?expand=0&rev=8
 2024-09-10 19:12:25 +00:00
Markéta Machová
c245fc9689 Accepting request 1199661 from home:glaubitz:branches:devel:languages:python 
- Update to 3.10.7
  * Improve performance of stable Rust amd64 builds.
- from version 3.10.6
  * Improve performance.
- from version 3.10.5
  * Improve performance.
- from version 3.10.4
  * Improve performance.
- from version 3.10.3
  * `manylinux` amd64 builds include runtime-detected AVX-512 `str`
    implementation.
  * Tests now compatible with numpy v2.
- from version 3.10.2
  * Fix crash serializing `str` introduced in 3.10.1.
  * Improve performance.
  * Drop support for arm7.
- from version 3.10.1
  * Serializing `numpy.ndarray` with non-native endianness raises
    `orjson.JSONEncodeError`.
  * Improve performance of serializing.
- from version 3.10.0
  * Support serializing `numpy.float16` (`numpy.half`).
  * sdist uses metadata 2.3 instead of 2.1.
  * Improve Windows PyPI builds.

OBS-URL: https://build.opensuse.org/request/show/1199661
OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-orjson?expand=0&rev=19
 2024-09-09 10:52:17 +00:00
3 changed files with 1 additions and 54 deletions
Expand all files Collapse all files

45
CVE-2025-67221.patch
View File

@@ -1,45 +0,0 @@
From e959d90ac722022b781b19f86e6ea9adaba8e383 Mon Sep 17 00:00:00 2001
From: Daniel Garcia Moreno <dani@danigm.net>
Date: Fri, 23 Jan 2026 20:22:23 +0100
Subject: [PATCH] formatter: reserve_minimum in end_ methods
In highly nested json objects it's possible to have a lot of consecutive
closing characters that are added by end_array and end_object. These
methods adds one byte without checking the buffer capacity, so it's
possible to try to write when there's no capacity.
This patch makes sure that the buffer has at least minimum space before
writing.
This is the upstream commit that removes this check: c369ea44820e2e0798f17f99a0dff65bec2186a9
```
$ git log -p c369ea44820e2e0798f17f99a0dff65bec2186a9 -- src/serialize/writer/formatter.rs
```
Fix https://github.com/ijl/orjson/issues/636
---
src/serialize/writer/formatter.rs | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
Index: orjson-3.10.15/src/serialize/writer/formatter.rs
===================================================================
--- orjson-3.10.15.orig/src/serialize/writer/formatter.rs
+++ orjson-3.10.15/src/serialize/writer/formatter.rs
@@ -202,7 +202,7 @@ pub trait Formatter {
where
W: ?Sized + io::Write + WriteExt,
{
- debug_assert_has_capacity!(writer);
+ reserve_minimum!(writer);
unsafe { writer.write_reserved_punctuation(b']').unwrap() };
Ok(())
}
@@ -244,7 +244,7 @@ pub trait Formatter {
where
W: ?Sized + io::Write + WriteExt,
{
- debug_assert_has_capacity!(writer);
+ reserve_minimum!(writer);
unsafe {
writer.write_reserved_punctuation(b'}').unwrap();
}

6
python-orjson.changes
View File

@@ -1,9 +1,3 @@
-------------------------------------------------------------------
Mon Jan 26 08:53:23 UTC 2026 - Daniel Garcia <daniel.garcia@suse.com>
- Add CVE-2025-67221.patch to fix write outsize of allocated memory
on json dump (bsc#1257121, gh#ijl/orjson#637)
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Feb 7 12:53:21 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com> Fri Feb 7 12:53:21 UTC 2025 - John Paul Adrian Glaubitz <adrian.glaubitz@suse.com>

4
python-orjson.spec
View File

@@ -29,8 +29,6 @@ Source1: vendor.tar.xz
Source2: https://files.pythonhosted.org/packages/source/o/orjson/orjson-%{version}.tar.gz Source2: https://files.pythonhosted.org/packages/source/o/orjson/orjson-%{version}.tar.gz
Source3: devendor-sdist.sh Source3: devendor-sdist.sh
Source4: PACKAGING_README.md Source4: PACKAGING_README.md
# PATCH-FIX-OPENSUSE CVE-2025-67221.patch gh#ijl/orjson#637
Patch0: CVE-2025-67221.patch
BuildRequires: %{python_module base >= 3.8} BuildRequires: %{python_module base >= 3.8}
BuildRequires: %{python_module maturin >= 1} BuildRequires: %{python_module maturin >= 1}
BuildRequires: %{python_module pip} BuildRequires: %{python_module pip}
@@ -55,7 +53,7 @@ orjson is a fast JSON library for Python.
It benchmarks as the fastest Python library for JSON. It benchmarks as the fastest Python library for JSON.
%prep %prep
%autosetup -p1 -a1 -n orjson-%{version} %autosetup -a1 -n orjson-%{version}
%build %build
%pyproject_wheel %pyproject_wheel