diff --git a/python-simplejson.changes b/python-simplejson.changes index 543d691..8b348fc 100644 --- a/python-simplejson.changes +++ b/python-simplejson.changes @@ -1,3 +1,36 @@ +------------------------------------------------------------------- +Thu May 4 20:11:39 UTC 2023 - Dirk Müller + +- update to 3.19.1: + * This release contains security hardening measures based on + recommendations by a security audit sponsored by OSTIF and + conducted by X41 D-Sec GmbH. + Several of these measures include changing defaults to be + more strict, by default simplejson will now only consume + and produce compliant JSON, but the flags still exist for + any backwards compatibility needs. + No high priority issues were discovered, the reference + count leak is thought to be unreachable since the digits of the + float are checked before PyOS_string_to_double is called. + * Fix invalid handling of unicode escape sequences in the pure + Python implementation of the decoder (SJ-PT-23-01) + * Fix missing reference count decrease if PyOS_string_to_double + raises an exception in Python 2.x; was probably unreachable (SJ- + PT-23-02) + * Backport the integer string length limitation from Python + 3.11 to limit quadratic number parsing (SJ-PT-23-03) + * Fix inconsistencies with error messages between the C and + Python implementations (SJ-PT-23-100) + * Remove unused unichr import from encoder (SJ-PT-23-101) + * Remove unused namedtuple_as_object and tuple_as_array + arguments from simplejson.load (SJ-PT-23-102) + * Remove vestigial _one_shot code from iterencode (SJ- + PT-23-103) + * Change default of allow_nan from True to False and add + allow_nan to decoder (SJ-PT-23-107) + * Test the sdist to prevent future regressions + * Fix regression in sdist archive + ------------------------------------------------------------------- Fri Apr 21 12:34:05 UTC 2023 - Dirk Müller diff --git a/python-simplejson.spec b/python-simplejson.spec index 638356b..38bdc8e 100644 --- a/python-simplejson.spec +++ b/python-simplejson.spec @@ -19,7 +19,7 @@ %{?!python_module:%define python_module() python-%{**} python3-%{**}} %{?sle15_python_module_pythons} Name: python-simplejson -Version: 3.18.1 +Version: 3.19.1 Release: 0 Summary: Extensible JSON encoder/decoder for Python License: AFL-2.1 OR MIT diff --git a/simplejson-3.18.1.tar.gz b/simplejson-3.18.1.tar.gz deleted file mode 100644 index d7f53c3..0000000 --- a/simplejson-3.18.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:746086e3ef6d74b53599df31b491d88a355abf2e31c837137dd90f8c4561cafa -size 83603 diff --git a/simplejson-3.19.1.tar.gz b/simplejson-3.19.1.tar.gz new file mode 100644 index 0000000..826b3bf --- /dev/null +++ b/simplejson-3.19.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6277f60848a7d8319d27d2be767a7546bc965535b28070e310b3a9af90604a4c +size 85207