summaryrefslogtreecommitdiffstats
path: root/meta-python/recipes-devtools/python/python3-cbor2
diff options
context:
space:
mode:
Diffstat (limited to 'meta-python/recipes-devtools/python/python3-cbor2')
-rw-r--r--meta-python/recipes-devtools/python/python3-cbor2/CVE-2025-68131.patch43
1 files changed, 28 insertions, 15 deletions
diff --git a/meta-python/recipes-devtools/python/python3-cbor2/CVE-2025-68131.patch b/meta-python/recipes-devtools/python/python3-cbor2/CVE-2025-68131.patch
index 4c5310edfa..8556c5bdbc 100644
--- a/meta-python/recipes-devtools/python/python3-cbor2/CVE-2025-68131.patch
+++ b/meta-python/recipes-devtools/python/python3-cbor2/CVE-2025-68131.patch
@@ -21,18 +21,18 @@ CVE: CVE-2025-68131
21Upstream-Status: Backport [https://github.com/agronholm/cbor2/commit/f1d701cd2c411ee40bb1fe383afe7f365f35abf0] 21Upstream-Status: Backport [https://github.com/agronholm/cbor2/commit/f1d701cd2c411ee40bb1fe383afe7f365f35abf0]
22Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> 22Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
23--- 23---
24 cbor2/decoder.py | 26 ++++++++++++++-- 24 cbor2/decoder.py | 38 +++++++++++++++++++-----
25 cbor2/encoder.py | 42 +++++++++++++++++++++----- 25 cbor2/encoder.py | 43 ++++++++++++++++++++++-----
26 source/decoder.c | 28 +++++++++++++++++- 26 source/decoder.c | 28 +++++++++++++++++-
27 source/decoder.h | 1 + 27 source/decoder.h | 1 +
28 source/encoder.c | 23 +++++++++++++-- 28 source/encoder.c | 23 +++++++++++++--
29 source/encoder.h | 1 + 29 source/encoder.h | 1 +
30 tests/test_decoder.py | 62 ++++++++++++++++++++++++++++++++++++++ 30 tests/test_decoder.py | 62 ++++++++++++++++++++++++++++++++++++++
31 tests/test_encoder.py | 69 +++++++++++++++++++++++++++++++++++++++++++ 31 tests/test_encoder.py | 69 +++++++++++++++++++++++++++++++++++++++++++
32 8 files changed, 239 insertions(+), 13 deletions(-) 32 8 files changed, 246 insertions(+), 19 deletions(-)
33 33
34diff --git a/cbor2/decoder.py b/cbor2/decoder.py 34diff --git a/cbor2/decoder.py b/cbor2/decoder.py
35index be7198b..f2d818c 100644 35index be7198b..6cdd752 100644
36--- a/cbor2/decoder.py 36--- a/cbor2/decoder.py
37+++ b/cbor2/decoder.py 37+++ b/cbor2/decoder.py
38@@ -2,6 +2,7 @@ import re 38@@ -2,6 +2,7 @@ import re
@@ -94,16 +94,28 @@ index be7198b..f2d818c 100644
94 94
95 def decode_from_bytes(self, buf): 95 def decode_from_bytes(self, buf):
96 """ 96 """
97@@ -190,6 +211,7 @@ class CBORDecoder: 97@@ -190,12 +211,13 @@ class CBORDecoder:
98 object needs to be decoded separately from the rest but while still 98 object needs to be decoded separately from the rest but while still
99 taking advantage of the shared value registry. 99 taking advantage of the shared value registry.
100 """ 100 """
101- with BytesIO(buf) as fp:
102- old_fp = self.fp
103- self.fp = fp
104- retval = self._decode()
105- self.fp = old_fp
106- return retval
101+ with self._decoding_context(): 107+ with self._decoding_context():
102 with BytesIO(buf) as fp: 108+ with BytesIO(buf) as fp:
103 old_fp = self.fp 109+ old_fp = self.fp
104 self.fp = fp 110+ self.fp = fp
111+ retval = self._decode()
112+ self.fp = old_fp
113+ return retval
114
115 def _decode_length(self, subtype, allow_indefinite=False):
116 if subtype < 24:
105diff --git a/cbor2/encoder.py b/cbor2/encoder.py 117diff --git a/cbor2/encoder.py b/cbor2/encoder.py
106index 42526c0..0a5722d 100644 118index 42526c0..fc22458 100644
107--- a/cbor2/encoder.py 119--- a/cbor2/encoder.py
108+++ b/cbor2/encoder.py 120+++ b/cbor2/encoder.py
109@@ -109,7 +109,7 @@ class CBOREncoder: 121@@ -109,7 +109,7 @@ class CBOREncoder:
@@ -147,13 +159,14 @@ index 42526c0..0a5722d 100644
147 def encode(self, obj): 159 def encode(self, obj):
148 """ 160 """
149 Encode the given object using CBOR. 161 Encode the given object using CBOR.
150@@ -243,6 +261,14 @@ class CBOREncoder: 162@@ -243,6 +261,15 @@ class CBOREncoder:
151 :param obj: 163 :param obj:
152 the object to encode 164 the object to encode
153 """ 165 """
154+ with self._encoding_context(): 166+ with self._encoding_context():
155+ self._encode_value(obj) 167+ self._encode_value(obj)
156+ def _encode_value(self, obj: Any) -> None: 168+
169+ def _encode_value(self, obj) -> None:
157+ """ 170+ """
158+ Internal fast path for encoding - used by built-in encoders. 171+ Internal fast path for encoding - used by built-in encoders.
159+ External code should use encode() instead, which properly manages 172+ External code should use encode() instead, which properly manages
@@ -162,7 +175,7 @@ index 42526c0..0a5722d 100644
162 obj_type = obj.__class__ 175 obj_type = obj.__class__
163 encoder = ( 176 encoder = (
164 self._encoders.get(obj_type) or 177 self._encoders.get(obj_type) or
165@@ -390,14 +416,14 @@ class CBOREncoder: 178@@ -390,14 +417,14 @@ class CBOREncoder:
166 def encode_array(self, value): 179 def encode_array(self, value):
167 self.encode_length(4, len(value)) 180 self.encode_length(4, len(value))
168 for item in value: 181 for item in value:
@@ -180,7 +193,7 @@ index 42526c0..0a5722d 100644
180 193
181 def encode_sortable_key(self, value): 194 def encode_sortable_key(self, value):
182 """ 195 """
183@@ -422,10 +448,10 @@ class CBOREncoder: 196@@ -422,10 +449,10 @@ class CBOREncoder:
184 # String referencing requires that the order encoded is 197 # String referencing requires that the order encoded is
185 # the same as the order emitted so string references are 198 # the same as the order emitted so string references are
186 # generated after an order is determined 199 # generated after an order is determined
@@ -193,7 +206,7 @@ index 42526c0..0a5722d 100644
193 206
194 def encode_semantic(self, value): 207 def encode_semantic(self, value):
195 # Nested string reference domains are distinct 208 # Nested string reference domains are distinct
196@@ -436,7 +462,7 @@ class CBOREncoder: 209@@ -436,7 +463,7 @@ class CBOREncoder:
197 self._string_references = {} 210 self._string_references = {}
198 211
199 self.encode_length(6, value.tag) 212 self.encode_length(6, value.tag)
@@ -202,7 +215,7 @@ index 42526c0..0a5722d 100644
202 215
203 self.string_referencing = old_string_referencing 216 self.string_referencing = old_string_referencing
204 self._string_references = old_string_references 217 self._string_references = old_string_references
205@@ -489,7 +515,7 @@ class CBOREncoder: 218@@ -489,7 +516,7 @@ class CBOREncoder:
206 def encode_stringref(self, value): 219 def encode_stringref(self, value):
207 # Semantic tag 25 220 # Semantic tag 25
208 if not self._stringref(value): 221 if not self._stringref(value):
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-06-20 16:26:04 +0000