- update to 5.4.0 (CVE-2022-31116, bsc#1201255, CVE-2022-31117, bsc#1201254):

* Replace wchar_t string decoding implementation with a uint32_t-based one
  * Fix handling of surrogates on decoding
  * CVE-2022-31117: Potential double free of buffer during string decoding
  * Fix memory leak on encoding errors when the buffer was resized
  * Integer parsing: always detect overflows
  * Fix handling of surrogates on encoding

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-ujson?expand=0&rev=32

python-ujson.changes

@@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Fri Jul  8 11:55:32 UTC 2022 - Dirk Müller <dmueller@suse.com>
+
+- update to 5.4.0 (CVE-2022-31116, bsc#1201255, CVE-2022-31117, bsc#1201254):
+  * Replace wchar_t string decoding implementation with a uint32_t-based one
+  * Fix handling of surrogates on decoding
+  * CVE-2022-31117: Potential double free of buffer during string decoding
+  * Fix memory leak on encoding errors when the buffer was resized
+  * Integer parsing: always detect overflows
+  * Fix handling of surrogates on encoding
+
 -------------------------------------------------------------------
 Tue May 24 16:34:36 UTC 2022 - Gayane Osipyan <Gayane.Osipyan@suse.com>
 

python-ujson.spec

@@ -19,7 +19,7 @@
 %{?!python_module:%define python_module() python3-%{**}}
 %define skip_python2 1
 Name:           python-ujson
-Version:        5.3.0
+Version:        5.4.0
 Release:        0
 Summary:        JSON encoder and decoder for Python
 License:        BSD-3-Clause

ujson-5.3.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:ab938777b3ac0372231ee654a7f6a13787e587b1ca268d8aa7e6fb6846e477d0
-size 7137499

ujson-5.4.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:6b953e09441e307504130755e5bd6b15850178d591f66292bba4608c4f7f9b00
+size 7139576