mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-06-13 17:39:57 +00:00
Jon Mason
66bb701b2e
The patch for CVE-2025-68131 does not actually match https://github.com/agronholm/cbor2/commit/f1d701cd2c411ee40bb1fe383afe7f365f35abf0 Specifically, the indenting in decode_from_bytes This is causing an error in trusted-firmware-m of | Traceback (most recent call last): | File "/builder/meta-arm/build/tmp/work/corstone1000_fvp-poky-linux-musl/trusted-firmware-m/1.5.0+gitAUTOINC+f8c7e5361b-r0/git/tfm/bl2/ext/mcuboot/scripts/wrapper/wrapper.py", line 21, in <module> | import imgtool.main | File "/builder/meta-arm/build/tmp/work/corstone1000_fvp-poky-linux-musl/trusted-firmware-m/1.5.0+gitAUTOINC+f8c7e5361b-r0/git/mcuboot/scripts/imgtool/main.py", line 25, in <module> | from imgtool import image, imgtool_version | File "/builder/meta-arm/build/tmp/work/corstone1000_fvp-poky-linux-musl/trusted-firmware-m/1.5.0+gitAUTOINC+f8c7e5361b-r0/git/mcuboot/scripts/imgtool/image.py", line 24, in <module> | from .boot_record import create_sw_component_data | File "/builder/meta-arm/build/tmp/work/corstone1000_fvp-poky-linux-musl/trusted-firmware-m/1.5.0+gitAUTOINC+f8c7e5361b-r0/git/mcuboot/scripts/imgtool/boot_record.py", line 21, in <module> | from cbor2 import dumps | File "/builder/meta-arm/build/tmp/work/corstone1000_fvp-poky-linux-musl/trusted-firmware-m/1.5.0+gitAUTOINC+f8c7e5361b-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cbor2/__init__.py", line 1, in <module> | from .decoder import load, loads, CBORDecoder # noqa | File "/builder/meta-arm/build/tmp/work/corstone1000_fvp-poky-linux-musl/trusted-firmware-m/1.5.0+gitAUTOINC+f8c7e5361b-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cbor2/decoder.py", line 215 | with BytesIO(buf) as fp: | ^ | IndentationError: expected an indented block after 'with' statement on line 214 Indenting to match the original patch fixes this. Also, because this version of cbor2 is older, it doesn't include commit 53e21063ed1d72ac8f911044dd598a7f9ef72406, which adds 'Any' to encode.py Because that is missing, we see the following error: | File "/builder/meta-arm/build/tmp/work/corstone1000_fvp-poky-linux-musl/trusted-firmware-m/1.5.0+gitAUTOINC+f8c7e5361b-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cbor2/__init__.py", line 2, in <module> | from .encoder import dump, dumps, CBOREncoder, shareable_encoder # noqa | File "/builder/meta-arm/build/tmp/work/corstone1000_fvp-poky-linux-musl/trusted-firmware-m/1.5.0+gitAUTOINC+f8c7e5361b-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cbor2/encoder.py", line 68, in <module> | class CBOREncoder: | File "/builder/meta-arm/build/tmp/work/corstone1000_fvp-poky-linux-musl/trusted-firmware-m/1.5.0+gitAUTOINC+f8c7e5361b-r0/recipe-sysroot-native/usr/lib/python3.10/site-packages/cbor2/encoder.py", line 266, in CBOREncoder | def _encode_value(self, obj: Any) -> None: To get around this issue, remove the "Any" from the encoder.py. The logic behind this (instead of importing typing) is that this is the only instance, and since this is not something that will be updated frequently with patches from upstream. Signed-off-by: Jon Mason <jon.mason@arm.com> Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Collection of layers for the OE-core universe Main layer maintainer: Gyorgy Sarvari <skandigraun@gmail.com> Layer maintainer emeritus: Armin Kuster <akuster808@gmail.com> This repository is a collection of layers to supplement OE-Core with additional packages, Each layer have designated maintainer Please see the respective READMEs in the layer subdirectories