From 1d7c7549b397f072ec5dea3641172e1b7ce6407d Mon Sep 17 00:00:00 2001 From: Gyorgy Sarvari Date: Mon, 5 Jan 2026 12:53:43 +0100 Subject: python3-cbor2: upgrade 5.7.1 -> 5.8.0 Contains fix for CVE-2025-68131 Changelog: - Added readahead buffering to C decoder for improved performance. The decoder now uses a 4 KB buffer by default to reduce the number of read calls. Benchmarks show 20-140% performance improvements for decoding operations. - Fixed Python decoder not preserving share index when decoding array items containing nested shareable tags, causing shared references to resolve to wrong objects - Reset shared reference state at the start of each top-level encode/decode operation Ptests passed: ... PASS: tests/test_tool.py:test_dtypes_from_file PASS: tests/test_tool.py:test_ignore_tag PASS: tests/test_types.py:test_frozendict ============================================================================ Testsuite summary DURATION: 4 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --- .../recipes-devtools/python/python3-cbor2_5.8.0.bb | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 meta-python/recipes-devtools/python/python3-cbor2_5.8.0.bb (limited to 'meta-python/recipes-devtools/python/python3-cbor2_5.8.0.bb') diff --git a/meta-python/recipes-devtools/python/python3-cbor2_5.8.0.bb b/meta-python/recipes-devtools/python/python3-cbor2_5.8.0.bb new file mode 100644 index 0000000000..c0a7061657 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-cbor2_5.8.0.bb @@ -0,0 +1,20 @@ +DESCRIPTION = "An implementation of RFC 7049 - Concise Binary Object Representation (CBOR)." +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=a79e64179819c7ce293372c059f1dbd8" +DEPENDS += "python3-setuptools-scm-native" + +SRC_URI[sha256sum] = "b19c35fcae9688ac01ef75bad5db27300c2537eb4ee00ed07e05d8456a0d4931" + +inherit pypi python_setuptools_build_meta ptest-python-pytest + +RDEPENDS:${PN}-ptest += " \ + python3-hypothesis \ + python3-unixadmin \ +" +RDEPENDS:${PN} += " \ + python3-datetime \ +" + +CVE_PRODUCT = "cbor2" + +BBCLASSEXTEND = "native nativesdk" -- cgit v1.2.3-54-g00ecf