From: Wang Mingyu <[email protected]> Changelog: ========= - Added the max_depth decoder parameter to limit the maximum allowed nesting level of containers, with a default value of 400 levels (CVE-2026-26209) - Changed the default read_size from 4096 to 1 for backwards compatibility. The buffered reads introduced in 5.8.0 could cause issues when code needs to access the stream position after decoding. Users can opt-in to faster decoding by passing read_size=4096 when they don't need to access the stream directly after decoding. Added a direct read path for read_size=1 to avoid buffer management overhead. - Fixed C encoder not respecting string referencing when encoding string-type datetimes (tag 0) - Fixed a missed check for an exception in the C implementation of CBOREncoder.encode_shared() - Fixed two reference/memory leaks in the C extension's long string decoder - Fixed C decoder ignoring the str_errors setting when decoding strings, and improved string decoding performance by using stack allocation for small strings and eliminating unnecessary conditionals. Benchmarks show 9-17% faster deserialization.
Signed-off-by: Wang Mingyu <[email protected]> --- .../python/{python3-cbor2_5.8.0.bb => python3-cbor2_5.9.0.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename meta-python/recipes-devtools/python/{python3-cbor2_5.8.0.bb => python3-cbor2_5.9.0.bb} (84%) diff --git a/meta-python/recipes-devtools/python/python3-cbor2_5.8.0.bb b/meta-python/recipes-devtools/python/python3-cbor2_5.9.0.bb similarity index 84% rename from meta-python/recipes-devtools/python/python3-cbor2_5.8.0.bb rename to meta-python/recipes-devtools/python/python3-cbor2_5.9.0.bb index c0a7061657..42d661ead3 100644 --- a/meta-python/recipes-devtools/python/python3-cbor2_5.8.0.bb +++ b/meta-python/recipes-devtools/python/python3-cbor2_5.9.0.bb @@ -3,7 +3,7 @@ LICENSE = "MIT" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=a79e64179819c7ce293372c059f1dbd8" DEPENDS += "python3-setuptools-scm-native" -SRC_URI[sha256sum] = "b19c35fcae9688ac01ef75bad5db27300c2537eb4ee00ed07e05d8456a0d4931" +SRC_URI[sha256sum] = "85c7a46279ac8f226e1059275221e6b3d0e370d2bb6bd0500f9780781615bcea" inherit pypi python_setuptools_build_meta ptest-python-pytest -- 2.43.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#125685): https://lists.openembedded.org/g/openembedded-devel/message/125685 Mute This Topic: https://lists.openembedded.org/mt/118516690/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
