From daacf501a1834d0a09b9fca20988b5e28e5bd173 Mon Sep 17 00:00:00 2001
From: Ankur Tyagi <ankur.tyagi85@gmail.com>
Date: Sun, 25 Jan 2026 13:36:23 +1300
Subject: python3-cbor2: patch CVE-2025-68131

Backport the patch[1] which fixes this vulnerability as mentioned in the
comment[2].
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-68131

[1] https://github.com/agronholm/cbor2/commit/f1d701cd2c411ee40bb1fe383afe7f365f35abf0
[2] https://github.com/agronholm/cbor2/pull/268#issuecomment-3719179000

Dropped changes to the changelog from the original commit.

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 meta-python/recipes-devtools/python/python3-cbor2_5.6.4.bb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta-python/recipes-devtools/python/python3-cbor2_5.6.4.bb')

diff --git a/meta-python/recipes-devtools/python/python3-cbor2_5.6.4.bb b/meta-python/recipes-devtools/python/python3-cbor2_5.6.4.bb
index a5c4154e49..69e5daba2a 100644
--- a/meta-python/recipes-devtools/python/python3-cbor2_5.6.4.bb
+++ b/meta-python/recipes-devtools/python/python3-cbor2_5.6.4.bb
@@ -13,6 +13,7 @@ DEPENDS += "python3-setuptools-scm-native"
 SRC_URI += " \
         file://run-ptest \
         file://CVE-2025-64076.patch \
+        file://CVE-2025-68131.patch \
 "
 
 RDEPENDS:${PN}-ptest += " \
-- 
cgit v1.2.3-54-g00ecf