linux/meta-openembedded.git/meta-python/recipes-devtools/python/python3-cbor2_5.8.0.bb, branch wrynose Mirror of git.openembedded.org/meta-openembedded https://git.enea.com/cgit/linux/meta-openembedded.git/atom?h=wrynose 2026-03-27T16:08:56+00:00 python3-cbor2: upgrade 5.8.0 -> 5.9.0 2026-03-27T16:08:56+00:00 Wang Mingyu wangmy@fujitsu.com 2026-03-26T11:56:00+00:00 urn:sha1:f2cfe8d06923218f90b2e97376355a0d1aed16fe Changelog: ========= - Added the max_depth decoder parameter to limit the maximum allowed nesting level of containers, with a default value of 400 levels (CVE-2026-26209) - Changed the default read_size from 4096 to 1 for backwards compatibility. The buffered reads introduced in 5.8.0 could cause issues when code needs to access the stream position after decoding. Users can opt-in to faster decoding by passing read_size=4096 when they don't need to access the stream directly after decoding. Added a direct read path for read_size=1 to avoid buffer management overhead. - Fixed C encoder not respecting string referencing when encoding string-type datetimes (tag 0) - Fixed a missed check for an exception in the C implementation of CBOREncoder.encode_shared() - Fixed two reference/memory leaks in the C extension's long string decoder - Fixed C decoder ignoring the str_errors setting when decoding strings, and improved string decoding performance by using stack allocation for small strings and eliminating unnecessary conditionals. Benchmarks show 9-17% faster deserialization. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com> python3-cbor2: upgrade 5.7.1 -> 5.8.0 2026-01-06T02:16:18+00:00 Gyorgy Sarvari skandigraun@gmail.com 2026-01-05T11:53:43+00:00 urn:sha1:1d7c7549b397f072ec5dea3641172e1b7ce6407d Contains fix for CVE-2025-68131 Changelog: - Added readahead buffering to C decoder for improved performance. The decoder now uses a 4 KB buffer by default to reduce the number of read calls. Benchmarks show 20-140% performance improvements for decoding operations. - Fixed Python decoder not preserving share index when decoding array items containing nested shareable tags, causing shared references to resolve to wrong objects - Reset shared reference state at the start of each top-level encode/decode operation Ptests passed: ... PASS: tests/test_tool.py:test_dtypes_from_file PASS: tests/test_tool.py:test_ignore_tag PASS: tests/test_types.py:test_frozendict ============================================================================ Testsuite summary DURATION: 4 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>