From a801bb98df052995d07792e20985498d95ae47bad3489972704e7cb0328f1012 Mon Sep 17 00:00:00 2001
From: Dirk Mueller <dmueller@suse.com>
Date: Fri, 8 Jul 2022 11:58:48 +0000
Subject: [PATCH] - update to 5.4.0 (CVE-2022-31116, bsc#1201255,
 CVE-2022-31117, bsc#1201254):   * Replace wchar_t string decoding
 implementation with a uint32_t-based one   * Fix handling of surrogates on
 decoding   * CVE-2022-31117: Potential double free of buffer during string
 decoding   * Fix memory leak on encoding errors when the buffer was resized  
 * Integer parsing: always detect overflows   * Fix handling of surrogates on
 encoding

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-ujson?expand=0&rev=32
---
 python-ujson.changes | 11 +++++++++++
 python-ujson.spec    |  2 +-
 ujson-5.3.0.tar.gz   |  3 ---
 ujson-5.4.0.tar.gz   |  3 +++
 4 files changed, 15 insertions(+), 4 deletions(-)
 delete mode 100644 ujson-5.3.0.tar.gz
 create mode 100644 ujson-5.4.0.tar.gz

diff --git a/python-ujson.changes b/python-ujson.changes
index 1f94fe2..9d2a45f 100644
--- a/python-ujson.changes
+++ b/python-ujson.changes
@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Fri Jul  8 11:55:32 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 5.4.0 (CVE-2022-31116, bsc#1201255, CVE-2022-31117, bsc#1201254):
+  * Replace wchar_t string decoding implementation with a uint32_t-based one
+  * Fix handling of surrogates on decoding
+  * CVE-2022-31117: Potential double free of buffer during string decoding
+  * Fix memory leak on encoding errors when the buffer was resized
+  * Integer parsing: always detect overflows
+  * Fix handling of surrogates on encoding
+
 -------------------------------------------------------------------
 Tue May 24 16:34:36 UTC 2022 - Gayane Osipyan <Gayane.Osipyan@suse.com>
 
diff --git a/python-ujson.spec b/python-ujson.spec
index d6778a5..0cc2403 100644
--- a/python-ujson.spec
+++ b/python-ujson.spec
@@ -19,7 +19,7 @@
 %{?!python_module:%define python_module() python3-%{**}}
 %define skip_python2 1
 Name:           python-ujson
-Version:        5.3.0
+Version:        5.4.0
 Release:        0
 Summary:        JSON encoder and decoder for Python
 License:        BSD-3-Clause
diff --git a/ujson-5.3.0.tar.gz b/ujson-5.3.0.tar.gz
deleted file mode 100644
index b5cdc89..0000000
--- a/ujson-5.3.0.tar.gz
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ab938777b3ac0372231ee654a7f6a13787e587b1ca268d8aa7e6fb6846e477d0
-size 7137499
diff --git a/ujson-5.4.0.tar.gz b/ujson-5.4.0.tar.gz
new file mode 100644
index 0000000..922994a
--- /dev/null
+++ b/ujson-5.4.0.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6b953e09441e307504130755e5bd6b15850178d591f66292bba4608c4f7f9b00
+size 7139576