From 4810cd8c5bbc0b4349a78eac85a6a882bc0b03a2 Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Tue, 31 Mar 2026 11:45:06 +0530
Subject: python3-cbor2: patch CVE-2026-26209

Backport the patch[1] which fixes this vulnerability as mentioned in the
comment[3].

Details: https://nvd.nist.gov/vuln/detail/CVE-2026-26209

[1] https://github.com/agronholm/cbor2/commit/e61a5f365ba610d5907a0ae1bc72769bba34294b
[2] https://github.com/agronholm/cbor2/commit/fb4ee1612a8a1ac0dbd8cf2f2f6f931a4e06d824 (pre patch)
[3] https://github.com/agronholm/cbor2/pull/275

Dropped changes to the changelog from the original commit.

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 meta-python/recipes-devtools/python/python3-cbor2_5.6.4.bb | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'meta-python/recipes-devtools/python/python3-cbor2_5.6.4.bb')

diff --git a/meta-python/recipes-devtools/python/python3-cbor2_5.6.4.bb b/meta-python/recipes-devtools/python/python3-cbor2_5.6.4.bb
index 69e5daba2a..90688ced20 100644
--- a/meta-python/recipes-devtools/python/python3-cbor2_5.6.4.bb
+++ b/meta-python/recipes-devtools/python/python3-cbor2_5.6.4.bb
@@ -14,6 +14,8 @@ SRC_URI += " \
         file://run-ptest \
         file://CVE-2025-64076.patch \
         file://CVE-2025-68131.patch \
+        file://CVE-2026-26209-pre1.patch \
+        file://CVE-2026-26209.patch \
 "
 
 RDEPENDS:${PN}-ptest += " \
-- 
cgit v1.2.3-54-g00ecf