new file mode 100644
@@ -0,0 +1,261 @@
+From 25ad481c19fdb006e20485ef3fc2e5b3eff30ef0 Mon Sep 17 00:00:00 2001
+From: Simon Pichugin <simon.pichugin@gmail.com>
+Date: Mon, 16 Mar 2026 17:23:11 -0700
+Subject: [PATCH] Merge commit from fork
+
+CVE: CVE-2026-30922
+Upstream-Status: Backport [https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0]
+Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+---
+ pyasn1/codec/ber/decoder.py | 10 +++
+ tests/codec/ber/test_decoder.py | 116 ++++++++++++++++++++++++++++++++
+ tests/codec/cer/test_decoder.py | 24 +++++++
+ tests/codec/der/test_decoder.py | 42 ++++++++++++
+ 4 files changed, 192 insertions(+)
+
+diff --git a/pyasn1/codec/ber/decoder.py b/pyasn1/codec/ber/decoder.py
+index 853e837..47da67c 100644
+--- a/pyasn1/codec/ber/decoder.py
++++ b/pyasn1/codec/ber/decoder.py
+@@ -36,6 +36,7 @@ SubstrateUnderrunError = error.SubstrateUnderrunError
+ # Maximum number of continuation octets (high-bit set) allowed per OID arc.
+ # 20 octets allows up to 140-bit integers, supporting UUID-based OIDs
+ MAX_OID_ARC_CONTINUATION_OCTETS = 20
++MAX_NESTING_DEPTH = 100
+
+
+ class AbstractPayloadDecoder(object):
+@@ -1565,6 +1566,15 @@ class SingleItemDecoder(object):
+ decodeFun=None, substrateFun=None,
+ **options):
+
++ _nestingLevel = options.get('_nestingLevel', 0)
++
++ if _nestingLevel > MAX_NESTING_DEPTH:
++ raise error.PyAsn1Error(
++ 'ASN.1 structure nesting depth exceeds limit (%d)' % MAX_NESTING_DEPTH
++ )
++
++ options['_nestingLevel'] = _nestingLevel + 1
++
+ allowEoo = options.pop('allowEoo', False)
+
+ if LOG:
+diff --git a/tests/codec/ber/test_decoder.py b/tests/codec/ber/test_decoder.py
+index 741605f..3e0e09a 100644
+--- a/tests/codec/ber/test_decoder.py
++++ b/tests/codec/ber/test_decoder.py
+@@ -2117,6 +2117,122 @@ class CompressedFilesTestCase(BaseTestCase):
+ os.remove(path)
+
+
++class NestingDepthLimitTestCase(BaseTestCase):
++ """Test protection against deeply nested ASN.1 structures (CVE prevention)."""
++
++ def testIndefLenSequenceNesting(self):
++ """Deeply nested indefinite-length SEQUENCEs must raise PyAsn1Error."""
++ # Each \x30\x80 opens a new indefinite-length SEQUENCE
++ payload = b'\x30\x80' * 200
++ try:
++ decoder.decode(payload)
++ except error.PyAsn1Error:
++ pass
++ else:
++ assert False, 'Deeply nested indef-length SEQUENCEs not rejected'
++
++ def testIndefLenSetNesting(self):
++ """Deeply nested indefinite-length SETs must raise PyAsn1Error."""
++ # Each \x31\x80 opens a new indefinite-length SET
++ payload = b'\x31\x80' * 200
++ try:
++ decoder.decode(payload)
++ except error.PyAsn1Error:
++ pass
++ else:
++ assert False, 'Deeply nested indef-length SETs not rejected'
++
++ def testDefiniteLenNesting(self):
++ """Deeply nested definite-length SEQUENCEs must raise PyAsn1Error."""
++ inner = b'\x05\x00' # NULL
++ for _ in range(200):
++ length = len(inner)
++ if length < 128:
++ inner = b'\x30' + bytes([length]) + inner
++ else:
++ length_bytes = length.to_bytes(
++ (length.bit_length() + 7) // 8, 'big')
++ inner = b'\x30' + bytes([0x80 | len(length_bytes)]) + \
++ length_bytes + inner
++ try:
++ decoder.decode(inner)
++ except error.PyAsn1Error:
++ pass
++ else:
++ assert False, 'Deeply nested definite-length SEQUENCEs not rejected'
++
++ def testNestingUnderLimitWorks(self):
++ """Nesting within the limit must decode successfully."""
++ inner = b'\x05\x00' # NULL
++ for _ in range(50):
++ length = len(inner)
++ if length < 128:
++ inner = b'\x30' + bytes([length]) + inner
++ else:
++ length_bytes = length.to_bytes(
++ (length.bit_length() + 7) // 8, 'big')
++ inner = b'\x30' + bytes([0x80 | len(length_bytes)]) + \
++ length_bytes + inner
++ asn1Object, _ = decoder.decode(inner)
++ assert asn1Object is not None, 'Valid nested structure rejected'
++
++ def testSiblingsDontIncreaseDepth(self):
++ """Sibling elements at the same level must not inflate depth count."""
++ # SEQUENCE containing 200 INTEGER siblings - should decode fine
++ components = b'\x02\x01\x01' * 200 # 200 x INTEGER(1)
++ length = len(components)
++ length_bytes = length.to_bytes(
++ (length.bit_length() + 7) // 8, 'big')
++ payload = b'\x30' + bytes([0x80 | len(length_bytes)]) + \
++ length_bytes + components
++ asn1Object, _ = decoder.decode(payload)
++ assert asn1Object is not None, 'Siblings incorrectly rejected'
++
++ def testErrorMessageContainsLimit(self):
++ """Error message must indicate the nesting depth limit."""
++ payload = b'\x30\x80' * 200
++ try:
++ decoder.decode(payload)
++ except error.PyAsn1Error as exc:
++ assert 'nesting depth' in str(exc).lower(), \
++ 'Error message missing depth info: %s' % exc
++ else:
++ assert False, 'Expected PyAsn1Error'
++
++ def testNoRecursionError(self):
++ """Must raise PyAsn1Error, not RecursionError."""
++ payload = b'\x30\x80' * 50000
++ try:
++ decoder.decode(payload)
++ except error.PyAsn1Error:
++ pass
++ except RecursionError:
++ assert False, 'Got RecursionError instead of PyAsn1Error'
++
++ def testMixedNesting(self):
++ """Mixed SEQUENCE and SET nesting must be caught."""
++ # Alternate SEQUENCE (0x30) and SET (0x31) with indef length
++ payload = b''
++ for i in range(200):
++ payload += b'\x30\x80' if i % 2 == 0 else b'\x31\x80'
++ try:
++ decoder.decode(payload)
++ except error.PyAsn1Error:
++ pass
++ else:
++ assert False, 'Mixed nesting not rejected'
++
++ def testWithSchema(self):
++ """Deeply nested structures must be caught even with schema."""
++ payload = b'\x30\x80' * 200
++ try:
++ decoder.decode(payload, asn1Spec=univ.Sequence())
++ except error.PyAsn1Error:
++ pass
++ else:
++ assert False, 'Deeply nested with schema not rejected'
++
++
+ class NonStreamingCompatibilityTestCase(BaseTestCase):
+ def setUp(self):
+ from pyasn1 import debug
+diff --git a/tests/codec/cer/test_decoder.py b/tests/codec/cer/test_decoder.py
+index 864bffb..24d1999 100644
+--- a/tests/codec/cer/test_decoder.py
++++ b/tests/codec/cer/test_decoder.py
+@@ -363,6 +363,30 @@ class SequenceDecoderWithExplicitlyTaggedSetOfOpenTypesTestCase(BaseTestCase):
+ assert s[1][0] == univ.OctetString(hexValue='02010C')
+
+
++class NestingDepthLimitTestCase(BaseTestCase):
++ """Test CER decoder protection against deeply nested structures."""
++
++ def testIndefLenNesting(self):
++ """Deeply nested indefinite-length SEQUENCEs must raise PyAsn1Error."""
++ payload = b'\x30\x80' * 200
++ try:
++ decoder.decode(payload)
++ except PyAsn1Error:
++ pass
++ else:
++ assert False, 'Deeply nested indef-length SEQUENCEs not rejected'
++
++ def testNoRecursionError(self):
++ """Must raise PyAsn1Error, not RecursionError."""
++ payload = b'\x30\x80' * 50000
++ try:
++ decoder.decode(payload)
++ except PyAsn1Error:
++ pass
++ except RecursionError:
++ assert False, 'Got RecursionError instead of PyAsn1Error'
++
++
+ suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__])
+
+ if __name__ == '__main__':
+diff --git a/tests/codec/der/test_decoder.py b/tests/codec/der/test_decoder.py
+index 96eb3cd..ab24c07 100644
+--- a/tests/codec/der/test_decoder.py
++++ b/tests/codec/der/test_decoder.py
+@@ -361,6 +361,48 @@ class SequenceDecoderWithExplicitlyTaggedSetOfOpenTypesTestCase(BaseTestCase):
+ assert s[1][0] == univ.OctetString(hexValue='02010C')
+
+
++class NestingDepthLimitTestCase(BaseTestCase):
++ """Test DER decoder protection against deeply nested structures."""
++
++ def testDefiniteLenNesting(self):
++ """Deeply nested definite-length SEQUENCEs must raise PyAsn1Error."""
++ inner = b'\x05\x00' # NULL
++ for _ in range(200):
++ length = len(inner)
++ if length < 128:
++ inner = b'\x30' + bytes([length]) + inner
++ else:
++ length_bytes = length.to_bytes(
++ (length.bit_length() + 7) // 8, 'big')
++ inner = b'\x30' + bytes([0x80 | len(length_bytes)]) + \
++ length_bytes + inner
++ try:
++ decoder.decode(inner)
++ except PyAsn1Error:
++ pass
++ else:
++ assert False, 'Deeply nested definite-length SEQUENCEs not rejected'
++
++ def testNoRecursionError(self):
++ """Must raise PyAsn1Error, not RecursionError."""
++ inner = b'\x05\x00'
++ for _ in range(200):
++ length = len(inner)
++ if length < 128:
++ inner = b'\x30' + bytes([length]) + inner
++ else:
++ length_bytes = length.to_bytes(
++ (length.bit_length() + 7) // 8, 'big')
++ inner = b'\x30' + bytes([0x80 | len(length_bytes)]) + \
++ length_bytes + inner
++ try:
++ decoder.decode(inner)
++ except PyAsn1Error:
++ pass
++ except RecursionError:
++ assert False, 'Got RecursionError instead of PyAsn1Error'
++
++
+ suite = unittest.TestLoader().loadTestsFromModule(sys.modules[__name__])
+
+ if __name__ == '__main__':
+--
+2.34.1
+
@@ -7,6 +7,10 @@ SRC_URI[sha256sum] = "9b59a2b25ba7e4f8197db7686c09fb33e658b98339fadb826e95126290
inherit pypi python_setuptools_build_meta ptest-python-pytest
+SRC_URI += " \
+ file://CVE-2026-30922.patch \
+"
+
RDEPENDS:${PN}:class-target += " \
python3-codecs \
python3-logging \
Pick patch from [1] also mentioned at Debian report in [2] [1] https://github.com/pyasn1/pyasn1/commit/25ad481c19fdb006e20485ef3fc2e5b3eff30ef0 [2] https://security-tracker.debian.org/tracker/CVE-2026-30922 References: https://nvd.nist.gov/vuln/detail/CVE-2026-30922 Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> --- .../python3-pyasn1/CVE-2026-30922.patch | 261 ++++++++++++++++++ .../python/python3-pyasn1_0.6.2.bb | 4 + 2 files changed, 265 insertions(+) create mode 100644 meta/recipes-devtools/python/python3-pyasn1/CVE-2026-30922.patch