Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package python-jsonpickle for
openSUSE:Factory checked in at 2025-02-25 16:47:13
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/python-jsonpickle (Old)
and /work/SRC/openSUSE:Factory/.python-jsonpickle.new.1873 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-jsonpickle"
Tue Feb 25 16:47:13 2025 rev:21 rq:1248171 version:4.0.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/python-jsonpickle/python-jsonpickle.changes
2025-02-05 17:32:23.028471271 +0100
+++
/work/SRC/openSUSE:Factory/.python-jsonpickle.new.1873/python-jsonpickle.changes
2025-02-25 16:47:36.898979550 +0100
@@ -1,0 +2,8 @@
+Mon Feb 24 13:37:56 UTC 2025 - John Paul Adrian Glaubitz
<adrian.glaub...@suse.com>
+
+- Update to 4.0.2
+ * The unpickler is now more resilient to malformed "py/id" and "py/repr"
data. (+546)
+ * The unpickler is now more resilient to invalid "py/b85" and "py/b64" data.
(+547)
+ * The unpickler's support for read-only str attributes was improved. (+548)
(#478)
+
+-------------------------------------------------------------------
Old:
----
jsonpickle-4.0.1.tar.gz
New:
----
jsonpickle-4.0.2.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ python-jsonpickle.spec ++++++
--- /var/tmp/diff_new_pack.uClwE3/_old 2025-02-25 16:47:38.775057958 +0100
+++ /var/tmp/diff_new_pack.uClwE3/_new 2025-02-25 16:47:38.791058627 +0100
@@ -18,7 +18,7 @@
%{?sle15_python_module_pythons}
Name: python-jsonpickle
-Version: 4.0.1
+Version: 4.0.2
Release: 0
Summary: Python library for serializing any arbitrary object graph into
JSON
License: BSD-3-Clause
++++++ jsonpickle-4.0.1.tar.gz -> jsonpickle-4.0.2.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jsonpickle-4.0.1/CHANGES.rst
new/jsonpickle-4.0.2/CHANGES.rst
--- old/jsonpickle-4.0.1/CHANGES.rst 2024-12-14 21:07:37.000000000 +0100
+++ new/jsonpickle-4.0.2/CHANGES.rst 2025-02-17 19:59:20.000000000 +0100
@@ -1,3 +1,12 @@
+v4.0.2
+======
+ * The unpickler is now more resilient to malformed "py/id" and "py/repr"
data.
+ (+546)
+ * The unpickler is now more resilient to invalid "py/b85" and "py/b64"
data.
+ (+547)
+ * The unpickler's support for read-only str attributes was improved.
+ (+548) (#478)
+
v4.0.1
======
* The unpickler is now more resilient to malformed "py/reduce", "py/set",
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jsonpickle-4.0.1/PKG-INFO
new/jsonpickle-4.0.2/PKG-INFO
--- old/jsonpickle-4.0.1/PKG-INFO 2024-12-14 21:10:13.347022800 +0100
+++ new/jsonpickle-4.0.2/PKG-INFO 2025-02-17 20:02:21.003934400 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: jsonpickle
-Version: 4.0.1
+Version: 4.0.2
Summary: jsonpickle encodes/decodes any Python object to/from JSON
Author: Theelx
Author-email: David Aguilar <davvid+jsonpic...@gmail.com>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jsonpickle-4.0.1/jsonpickle/unpickler.py
new/jsonpickle-4.0.2/jsonpickle/unpickler.py
--- old/jsonpickle-4.0.1/jsonpickle/unpickler.py 2024-12-14
21:06:59.000000000 +0100
+++ new/jsonpickle-4.0.2/jsonpickle/unpickler.py 2025-02-17
09:53:30.000000000 +0100
@@ -162,7 +162,10 @@
self._objs = objs
def get(self):
- return self._objs[self._index]
+ try:
+ return self._objs[self._index]
+ except IndexError:
+ return None
def _obj_setattr(obj, attr, proxy):
@@ -310,8 +313,15 @@
"""
module, identifier = module_str.split('/')
- result = __import__(module)
- for name in identifier.split('.')[1:]:
+ try:
+ result = __import__(module)
+ except ImportError:
+ return None
+ identifier_parts = identifier.split('.')
+ first_identifier = identifier_parts[0]
+ if first_identifier != module and not
module.startswith(f'{first_identifier}.'):
+ return None
+ for name in identifier_parts[1:]:
try:
result = getattr(result, name)
except AttributeError:
@@ -435,13 +445,13 @@
def _restore_base64(self, obj):
try:
return util.b64decode(obj[tags.B64].encode('utf-8'))
- except AttributeError:
+ except (AttributeError, UnicodeEncodeError):
return b''
def _restore_base85(self, obj):
try:
return util.b85decode(obj[tags.B85].encode('utf-8'))
- except AttributeError:
+ except (AttributeError, UnicodeEncodeError):
return b''
def _refname(self):
@@ -591,6 +601,8 @@
return self._objs[idx]
except IndexError:
return _IDProxy(self._objs, idx)
+ except TypeError:
+ return None
def _restore_type(self, obj):
typeref = loadclass(obj[tags.TYPE], classes=self._classes)
@@ -713,10 +725,9 @@
if (
hasattr(instance, '__slots__')
and not len(instance.__slots__)
- and issubclass(instance.__class__, int)
- and self.handle_readonly
# we have to handle this separately because of +483
- and issubclass(instance.__class__, str)
+ and issubclass(instance.__class__, (int, str))
+ and self.handle_readonly
):
continue
raise e
@@ -917,7 +928,9 @@
else:
str_k = k
self._namestack.append(str_k)
- data[k] = self._restore(v)
+ data[k] = result = self._restore(v)
+ if isinstance(result, _Proxy):
+ self._proxies.append((data, k, result, _obj_setvalue))
self._namestack.pop()
return data
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jsonpickle-4.0.1/jsonpickle.egg-info/PKG-INFO
new/jsonpickle-4.0.2/jsonpickle.egg-info/PKG-INFO
--- old/jsonpickle-4.0.1/jsonpickle.egg-info/PKG-INFO 2024-12-14
21:10:13.000000000 +0100
+++ new/jsonpickle-4.0.2/jsonpickle.egg-info/PKG-INFO 2025-02-17
20:02:20.000000000 +0100
@@ -1,6 +1,6 @@
Metadata-Version: 2.1
Name: jsonpickle
-Version: 4.0.1
+Version: 4.0.2
Summary: jsonpickle encodes/decodes any Python object to/from JSON
Author: Theelx
Author-email: David Aguilar <davvid+jsonpic...@gmail.com>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/jsonpickle-4.0.1/tests/jsonpickle_test.py
new/jsonpickle-4.0.2/tests/jsonpickle_test.py
--- old/jsonpickle-4.0.1/tests/jsonpickle_test.py 2024-12-14
21:06:59.000000000 +0100
+++ new/jsonpickle-4.0.2/tests/jsonpickle_test.py 2025-02-17
09:53:30.000000000 +0100
@@ -217,7 +217,7 @@
assert unpickler.restore(pickled) == expected
-@pytest.mark.parametrize('value', ['', '/', 1, True, False, None, [], {}])
+@pytest.mark.parametrize('value', ['', '/', '\udc00', 1, True, False, None,
[], {}])
def test_decode_invalid_b85(value, unpickler):
"""Invalid base85 data restores to an empty string"""
expected = b''
@@ -232,7 +232,9 @@
assert unpickler.restore(pickled) == expected
-@pytest.mark.parametrize('value', ['', 'x', '!', 0, 1, True, False, None, [],
{}])
+@pytest.mark.parametrize(
+ 'value', ['', 'x', '!', '\udc00', 0, 1, True, False, None, [], {}]
+)
def test_decode_invalid_b64(value, unpickler):
"""Invalid base85 data restores to an empty string"""
expected = b''
@@ -346,6 +348,13 @@
assert result == []
+@pytest.mark.parametrize('value', ['', 'x', 1, True, [], {}])
+def test_restore_id_with_invalid_data(value, unpickler):
+ """Invalid serialized ID data results in None"""
+ result = unpickler.restore({'ref': {tags.ID: value}})
+ assert result['ref'] is None
+
+
def test_dict(pickler, unpickler):
"""Our custom keys are preserved when user dicts contain them"""
dict_a = {'key1': 1.0, 'key2': 20, 'key3': 'thirty', tags.JSON_KEY + '6':
6}
@@ -606,6 +615,21 @@
assert cls is int
+@pytest.mark.parametrize(
+ 'value,expect',
+ [
+ ('module_does_not_exist/ignored', None),
+ ('builtins/int', None),
+ ('builtins/invalid.int', None),
+ ('builtins/builtinsx.int', None),
+ ],
+)
+def test_restore_invalid_repr(value, expect, unpickler):
+ """Test restoring invalid repr tags"""
+ result = unpickler.restore({tags.REPR: value})
+ assert result is expect
+
+
def test_unpickler_on_missing():
"""Emit warnings when decoding objects whose classes are missing"""
encoded = jsonpickle.encode(Outer.Middle.Inner())
@@ -1161,6 +1185,20 @@
assert safe_str == unpickled
+def test_readonly_str_attrs():
+ """Objects with readonly string attributes can roundtrip"""
+ safe_str = SafeString('test')
+ # We'll first try setting handle_readonly=True when encoding.
+ encoded = jsonpickle.encode(safe_str, handle_readonly=True)
+ actual = jsonpickle.decode(encoded, handle_readonly=True)
+ assert safe_str == actual
+ # Next we'll ensure that we can decode a payload that contains readonly
attributes
+ # by omitting the handle_readonly option when pickling.
+ encoded = jsonpickle.encode(safe_str)
+ actual = jsonpickle.decode(encoded, handle_readonly=True)
+ assert safe_str == actual
+
+
class PicklableNamedTuple:
"""A namedtuple wrapper that uses ``__getnewargs__``
