From f2cfe8d06923218f90b2e97376355a0d1aed16fe Mon Sep 17 00:00:00 2001 From: Wang Mingyu Date: Thu, 26 Mar 2026 19:56:00 +0800 Subject: python3-cbor2: upgrade 5.8.0 -> 5.9.0 Changelog: ========= - Added the max_depth decoder parameter to limit the maximum allowed nesting level of containers, with a default value of 400 levels (CVE-2026-26209) - Changed the default read_size from 4096 to 1 for backwards compatibility. The buffered reads introduced in 5.8.0 could cause issues when code needs to access the stream position after decoding. Users can opt-in to faster decoding by passing read_size=4096 when they don't need to access the stream directly after decoding. Added a direct read path for read_size=1 to avoid buffer management overhead. - Fixed C encoder not respecting string referencing when encoding string-type datetimes (tag 0) - Fixed a missed check for an exception in the C implementation of CBOREncoder.encode_shared() - Fixed two reference/memory leaks in the C extension's long string decoder - Fixed C decoder ignoring the str_errors setting when decoding strings, and improved string decoding performance by using stack allocation for small strings and eliminating unnecessary conditionals. Benchmarks show 9-17% faster deserialization. Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --- .../recipes-devtools/python/python3-cbor2_5.8.0.bb | 20 -------------------- .../recipes-devtools/python/python3-cbor2_5.9.0.bb | 20 ++++++++++++++++++++ 2 files changed, 20 insertions(+), 20 deletions(-) delete mode 100644 meta-python/recipes-devtools/python/python3-cbor2_5.8.0.bb create mode 100644 meta-python/recipes-devtools/python/python3-cbor2_5.9.0.bb (limited to 'meta-python/recipes-devtools/python') diff --git a/meta-python/recipes-devtools/python/python3-cbor2_5.8.0.bb b/meta-python/recipes-devtools/python/python3-cbor2_5.8.0.bb deleted file mode 100644 index c0a7061657..0000000000 --- a/meta-python/recipes-devtools/python/python3-cbor2_5.8.0.bb +++ /dev/null @@ -1,20 +0,0 @@ -DESCRIPTION = "An implementation of RFC 7049 - Concise Binary Object Representation (CBOR)." -LICENSE = "MIT" -LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=a79e64179819c7ce293372c059f1dbd8" -DEPENDS += "python3-setuptools-scm-native" - -SRC_URI[sha256sum] = "b19c35fcae9688ac01ef75bad5db27300c2537eb4ee00ed07e05d8456a0d4931" - -inherit pypi python_setuptools_build_meta ptest-python-pytest - -RDEPENDS:${PN}-ptest += " \ - python3-hypothesis \ - python3-unixadmin \ -" -RDEPENDS:${PN} += " \ - python3-datetime \ -" - -CVE_PRODUCT = "cbor2" - -BBCLASSEXTEND = "native nativesdk" diff --git a/meta-python/recipes-devtools/python/python3-cbor2_5.9.0.bb b/meta-python/recipes-devtools/python/python3-cbor2_5.9.0.bb new file mode 100644 index 0000000000..42d661ead3 --- /dev/null +++ b/meta-python/recipes-devtools/python/python3-cbor2_5.9.0.bb @@ -0,0 +1,20 @@ +DESCRIPTION = "An implementation of RFC 7049 - Concise Binary Object Representation (CBOR)." +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=a79e64179819c7ce293372c059f1dbd8" +DEPENDS += "python3-setuptools-scm-native" + +SRC_URI[sha256sum] = "85c7a46279ac8f226e1059275221e6b3d0e370d2bb6bd0500f9780781615bcea" + +inherit pypi python_setuptools_build_meta ptest-python-pytest + +RDEPENDS:${PN}-ptest += " \ + python3-hypothesis \ + python3-unixadmin \ +" +RDEPENDS:${PN} += " \ + python3-datetime \ +" + +CVE_PRODUCT = "cbor2" + +BBCLASSEXTEND = "native nativesdk" -- cgit v1.2.3-54-g00ecf