[meta-python,30/63] python3-cbor2: upgrade 5.8.0 -> 5.9.0

Message ID	20260326115634.1199-30-wangmy@fujitsu.com
State	Accepted
Headers	show Return-Path: <wangmy@fujitsu.com> ip: 207.54.90.49, mailfrom: wangmy@fujitsu.com) From: Wang Mingyu < wangmy@fujitsu.com> To: openembedded-devel@lists.openembedded.org Cc: Wang Mingyu <wangmy@fujitsu.com> Subject: [oe] [meta-python] [PATCH 30/63] python3-cbor2: upgrade 5.8.0 -> 5.9.0 Date: Thu, 26 Mar 2026 19:56:00 +0800 Message-ID: <20260326115634.1199-30-wangmy@fujitsu.com> In-Reply-To: <20260326115634.1199-1-wangmy@fujitsu.com> References: <20260326115634.1199-1-wangmy@fujitsu.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-oe,01/63] b4: upgrade 0.14.3 -> 0.15.0 \| expand [meta-oe,01/63] b4: upgrade 0.14.3 -> 0.15.0 [meta-gnome,02/63] babl: upgrade 0.1.122 -> 0.1.124 [meta-oe,03/63] bmap-writer: upgrade 1.0.2 -> 1.0.3 [meta-oe,04/63] botan: upgrade 3.10.0 -> 3.11.0 [meta-oe,05/63] bubblewrap: upgrade 0.11.0 -> 0.11.1 [meta-oe,06/63] ctags: upgrade 6.2.20260308.0 -> 6.2.20260322.0 [meta-oe,07/63] dash: upgrade 0.5.13.1 -> 0.5.13.2 [meta-oe,08/63] fuse3: upgrade 3.18.1 -> 3.18.2 [meta-gnome,09/63] gdm: upgrade 49.2 -> 50.0 [meta-gnome,10/63] gegl: upgrade 0.4.66 -> 0.4.68 [meta-oe,11/63] glaze: upgrade 7.1.1 -> 7.2.1 [meta-gnome,12/63] gnome-backgrounds: upgrade 48.0 -> 50.0 [meta-gnome,13/63] gnome-system-monitor: upgrade 49.1 -> 50.0 [meta-gnome,14/63] gnome-text-editor: upgrade 49.1 -> 50.0 [meta-gnome,15/63] gparted: upgrade 1.8.0 -> 1.8.1 [meta-oe,16/63] graphviz: upgrade 14.1.3 -> 14.1.4 [meta-oe,17/63] iwd: upgrade 3.11 -> 3.12 [meta-networking,18/63] libdaq: upgrade 3.0.25 -> 3.0.27 [meta-gnome,19/63] libgsf: upgrade 1.14.55 -> 1.14.56 [meta-perl,20/63] libio-compress-perl: upgrade 2.218 -> 2.219 [meta-oe,21/63] libtorrent: upgrade 0.16.7 -> 0.16.8 [meta-networking,22/63] lldpd: upgrade 1.0.20 -> 1.0.21 [meta-oe,23/63] ndctl: upgrade v83 -> v84 [meta-oe,24/63] openldap: upgrade 2.6.12 -> 2.6.13 [meta-python,25/63] python3-aenum: upgrade 3.1.16 -> 3.1.17 [meta-python,26/63] python3-apiflask: upgrade 3.0.0 -> 3.1.0 [meta-python,27/63] python3-astroid: upgrade 4.1.1 -> 4.1.2 [meta-python,28/63] python3-bitstring: upgrade 4.3.1 -> 4.4.0 [meta-python,29/63] python3-bleak: upgrade 2.1.1 -> 3.0.0 [meta-python,30/63] python3-cbor2: upgrade 5.8.0 -> 5.9.0 [meta-python,31/63] python3-coverage: upgrade 7.13.4 -> 7.13.5 [meta-python,32/63] python3-faker: upgrade 40.8.0 -> 40.11.0 [meta-python,33/63] python3-filelock: upgrade 3.25.0 -> 3.25.2 [meta-python,34/63] python3-google-auth-oauthlib: upgrade 1.2.3 -> 1.3.0 [meta-python,35/63] python3-icu: upgrade 2.16.1 -> 2.16.2 [meta-python,36/63] python3-identify: upgrade 2.6.17 -> 2.6.18 [meta-python,37/63] python3-imageio: upgrade 2.37.2 -> 2.37.3 [meta-python,38/63] python3-importlib-metadata: upgrade 8.7.1 -> 9.0.0 [meta-python,39/63] python3-inline-snapshot: upgrade 0.32.4 -> 0.32.5 [meta-python,40/63] python3-kiwisolver: upgrade 1.4.9 -> 1.5.0 [meta-python,41/63] python3-mdit-py-plugins: upgrade 0.4.2 -> 0.5.0 [meta-python,42/63] python3-mpmath: upgrade 1.4.0 -> 1.4.1 [meta-python,43/63] python3-myst-parser: upgrade 4.0.1 -> 5.0.0 [meta-python,44/63] python3-pikepdf: upgrade 10.3.0 -> 10.5.1 [meta-python,45/63] python3-pint: upgrade 0.25.2 -> 0.25.3 [meta-python,46/63] python3-pre-commit: upgrade 4.3.0 -> 4.5.1 [meta-python,47/63] python3-pytest-cov: upgrade 7.0.0 -> 7.1.0 [meta-python,48/63] python3-pytest-env: upgrade 1.5.0 -> 1.6.0 [meta-python,49/63] python3-rich-toolkit: upgrade 0.15.1 -> 0.19.7 [meta-python,50/63] python3-sentry-sdk: upgrade 1.45.1 -> 2.55.0 [meta-python,51/63] python3-simpleeval: upgrade 1.0.3 -> 1.0.7 [meta-python,52/63] python3-starlette: upgrade 0.52.1 -> 1.0.0 [meta-python,53/63] python3-ujson: upgrade 5.11.0 -> 5.12.0 [meta-python,54/63] python3-uswid: upgrade 0.5.2 -> 0.6.0 [meta-python,55/63] python3-uvicorn: upgrade 0.41.0 -> 0.42.0 [meta-python,56/63] python3-virtualenv: upgrade 20.36.1 -> 21.2.0 [meta-oe,57/63] qcbor: upgrade 1.6 -> 1.6.1 [meta-oe,58/63] rtorrent: upgrade 0.16.7 -> 0.16.8 [meta-oe,59/63] sip: upgrade 6.15.1 -> 6.15.2 [meta-webserver,60/63] swagger-ui: upgrade 5.32.0 -> 5.32.1 [meta-gnome,61/63] tecla: upgrade 49.0 -> 50.0 [meta-gnome,62/63] tinysparql: upgrade 3.10.1 -> 3.11.0 [meta-oe,63/63] tree: upgrade 2.3.1 -> 2.3.2

Message ID

20260326115634.1199-30-wangmy@fujitsu.com

State

Accepted

Headers

From: Wang Mingyu < wangmy@fujitsu.com>
To: openembedded-devel@lists.openembedded.org
Cc: Wang Mingyu <wangmy@fujitsu.com>
Subject: [oe] [meta-python] [PATCH 30/63] python3-cbor2: upgrade 5.8.0 ->
 5.9.0
Date: Thu, 26 Mar 2026 19:56:00 +0800
Message-ID: <20260326115634.1199-30-wangmy@fujitsu.com>
In-Reply-To: <20260326115634.1199-1-wangmy@fujitsu.com>
References: <20260326115634.1199-1-wangmy@fujitsu.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-oe,01/63] b4: upgrade 0.14.3 -> 0.15.0 | expand

Commit Message

Wang Mingyu March 26, 2026, 11:56 a.m. UTC

From: Wang Mingyu <wangmy@fujitsu.com>

Changelog:
=========
- Added the max_depth decoder parameter to limit the maximum allowed nesting
  level of containers, with a default value of 400 levels (CVE-2026-26209)
- Changed the default read_size from 4096 to 1 for backwards compatibility. The
  buffered reads introduced in 5.8.0 could cause issues when code needs to
  access the stream position after decoding. Users can opt-in to faster decoding
  by passing read_size=4096 when they don't need to access the stream directly
  after decoding. Added a direct read path for read_size=1 to avoid buffer
  management overhead.
- Fixed C encoder not respecting string referencing when encoding string-type
  datetimes (tag 0)
- Fixed a missed check for an exception in the C implementation of
  CBOREncoder.encode_shared()
- Fixed two reference/memory leaks in the C extension's long string decoder
- Fixed C decoder ignoring the str_errors setting when decoding strings, and
  improved string decoding performance by using stack allocation for small
  strings and eliminating unnecessary conditionals. Benchmarks show 9-17% faster
  deserialization.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
---
 .../python/{python3-cbor2_5.8.0.bb => python3-cbor2_5.9.0.bb}   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta-python/recipes-devtools/python/{python3-cbor2_5.8.0.bb => python3-cbor2_5.9.0.bb} (84%)

diff --git a/meta-python/recipes-devtools/python/python3-cbor2_5.8.0.bb b/meta-python/recipes-devtools/python/python3-cbor2_5.9.0.bb
similarity index 84%
rename from meta-python/recipes-devtools/python/python3-cbor2_5.8.0.bb
rename to meta-python/recipes-devtools/python/python3-cbor2_5.9.0.bb
index c0a7061657..42d661ead3 100644
--- a/meta-python/recipes-devtools/python/python3-cbor2_5.8.0.bb
+++ b/meta-python/recipes-devtools/python/python3-cbor2_5.9.0.bb
@@ -3,7 +3,7 @@  LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=a79e64179819c7ce293372c059f1dbd8"
 DEPENDS += "python3-setuptools-scm-native"
 
-SRC_URI[sha256sum] = "b19c35fcae9688ac01ef75bad5db27300c2537eb4ee00ed07e05d8456a0d4931"
+SRC_URI[sha256sum] = "85c7a46279ac8f226e1059275221e6b3d0e370d2bb6bd0500f9780781615bcea"
 
 inherit pypi python_setuptools_build_meta ptest-python-pytest

[meta-python,30/63] python3-cbor2: upgrade 5.8.0 -> 5.9.0

Commit Message

Patch