Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.1/patches/2225180/?format=api
{ "id": 2225180, "url": "http://patchwork.ozlabs.org/api/1.1/patches/2225180/?format=api", "web_url": "http://patchwork.ozlabs.org/project/buildroot/patch/20260420142814.753135-1-buildroot@bubu1.eu/", "project": { "id": 27, "url": "http://patchwork.ozlabs.org/api/1.1/projects/27/?format=api", "name": "Buildroot development", "link_name": "buildroot", "list_id": "buildroot.buildroot.org", "list_email": "buildroot@buildroot.org", "web_url": "", "scm_url": "", "webscm_url": "" }, "msgid": "<20260420142814.753135-1-buildroot@bubu1.eu>", "date": "2026-04-20T14:28:10", "name": "package/util-linux: security bump to 2.41.4", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": false, "hash": "d80a664362c86e83129bbf29176129102a8c1a68", "submitter": { "id": 87807, "url": "http://patchwork.ozlabs.org/api/1.1/people/87807/?format=api", "name": "Marcus Hoffmann", "email": "buildroot@bubu1.eu" }, "delegate": { "id": 89618, "url": "http://patchwork.ozlabs.org/api/1.1/users/89618/?format=api", "username": "juju", "first_name": "Julien", "last_name": "Olivain", "email": "juju@cotds.org" }, "mbox": "http://patchwork.ozlabs.org/project/buildroot/patch/20260420142814.753135-1-buildroot@bubu1.eu/mbox/", "series": [ { "id": 500614, "url": "http://patchwork.ozlabs.org/api/1.1/series/500614/?format=api", "web_url": "http://patchwork.ozlabs.org/project/buildroot/list/?series=500614", "date": "2026-04-20T14:28:10", "name": "package/util-linux: security bump to 2.41.4", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/500614/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2225180/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2225180/checks/", "tags": {}, "headers": { "Return-Path": "<buildroot-bounces@buildroot.org>", "X-Original-To": [ "incoming-buildroot@patchwork.ozlabs.org", "buildroot@buildroot.org" ], "Delivered-To": [ "patchwork-incoming-buildroot@legolas.ozlabs.org", "buildroot@buildroot.org" ], "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=jPwMyw/S;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)" ], "Received": [ "from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fznth3Nnyz1yD4\n\tfor <incoming-buildroot@patchwork.ozlabs.org>;\n Tue, 21 Apr 2026 00:29:30 +1000 (AEST)", "from localhost (localhost [127.0.0.1])\n\tby smtp4.osuosl.org (Postfix) with ESMTP id 32E39410FD;\n\tMon, 20 Apr 2026 14:29:28 +0000 (UTC)", "from smtp4.osuosl.org ([127.0.0.1])\n by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id Pi1U2fh1TcV4; Mon, 20 Apr 2026 14:29:27 +0000 (UTC)", "from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp4.osuosl.org (Postfix) with ESMTP id 4F6E041100;\n\tMon, 20 Apr 2026 14:29:27 +0000 (UTC)", "from smtp2.osuosl.org (smtp2.osuosl.org [140.211.166.133])\n by lists1.osuosl.org (Postfix) with ESMTP id 348D124D\n for <buildroot@buildroot.org>; Mon, 20 Apr 2026 14:29:25 +0000 (UTC)", "from localhost (localhost [127.0.0.1])\n by smtp2.osuosl.org (Postfix) with ESMTP id 11AE940514\n for <buildroot@buildroot.org>; Mon, 20 Apr 2026 14:29:25 +0000 (UTC)", "from smtp2.osuosl.org ([127.0.0.1])\n by localhost (smtp2.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id KuXuLT5b9tiV for <buildroot@buildroot.org>;\n Mon, 20 Apr 2026 14:29:24 +0000 (UTC)", "from smtp.bubu1.eu (smtp.bubu1.eu [176.9.145.28])\n by smtp2.osuosl.org (Postfix) with ESMTPS id 1C99040082\n for <buildroot@buildroot.org>; Mon, 20 Apr 2026 14:29:23 +0000 (UTC)", "from bubutux.fritz.box (unknown [212.37.174.96])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519MLKEM768 server-signature RSA-PSS (4096 bits)\n server-digest\n SHA256) (No client certificate requested)\n by smtp.bubu1.eu (Postfix) with ESMTPSA id 2E5982C838ED;\n Mon, 20 Apr 2026 16:29:21 +0200 (CEST)" ], "X-Virus-Scanned": [ "amavis at osuosl.org", "amavis at osuosl.org" ], "X-Comment": "SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver=<UNKNOWN> ", "DKIM-Filter": [ "OpenDKIM Filter v2.11.0 smtp4.osuosl.org 4F6E041100", "OpenDKIM Filter v2.11.0 smtp2.osuosl.org 1C99040082" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1776695367;\n\tbh=1jI4qTefLoJpj082io1Gx9wfI/uumXWqm04blihLRmY=;\n\th=To:Cc:Date:Subject:List-Id:List-Unsubscribe:List-Archive:\n\t List-Post:List-Help:List-Subscribe:From:Reply-To:From;\n\tb=jPwMyw/SyxRNDFjPjoF6x4DtxBmesUF1bSUk9uVaAd/wTm8inu8QPfrrHnfeTtaZN\n\t +EpJhboeuNsIaS3hBwbWvRLL6yteYnU+We2L72s01tut+F4KUYApTKUKvGbSyASGRx\n\t m64gKwhbm2h1/AZCKXLMC3wpNVguM9pVW3oJ1ixLY/VQ72Kbars5ECfoNyN/Y3In1M\n\t ET63r28k/aJ7ZXjSNqu9YOdWDHaQA8H/sOcFomqOfaMBr5cC7mxSn7gkYkMqNsmMZZ\n\t 4YhZnyJTznmqtZis6yT78QHT0dssMhRWO0fPR5dXPviVUkICRF6NIUVM+g+XGA77NI\n\t ZjSzwxy8oyPYw==", "Received-SPF": "Pass (mailfrom) identity=mailfrom; client-ip=176.9.145.28;\n helo=smtp.bubu1.eu; envelope-from=buildroot@bubu1.eu; receiver=<UNKNOWN>", "DMARC-Filter": "OpenDMARC Filter v1.4.2 smtp2.osuosl.org 1C99040082", "To": "buildroot@buildroot.org", "Cc": "Giulio Benetti <giulio.benetti@benettiengineering.com>", "Date": "Mon, 20 Apr 2026 16:28:10 +0200", "Message-ID": "<20260420142814.753135-1-buildroot@bubu1.eu>", "X-Mailer": "git-send-email 2.53.0", "MIME-Version": "1.0", "X-Mailman-Original-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/simple;\n d=bubu1.eu; s=bubu;\n t=1776695361; bh=ItZs15DzjLWxqTNN2KwGWV5W+mmcOc70yNlcuOC6dIw=;\n h=From:To:Cc:Subject:Date;\n b=PZyRP3zJyi86sQFmIuZUsC9UfK1dpcCNb16iBO65QenpN7uEEUeIgASQjwzb4cN6f\n nL91pjvoEIUmF7ifWB9NeQi1EQdYKUzb74IahVWZ/B2yVPv/WixBYWAZ548TiapaCN\n mLH8A/lvtlEkwWqV4t0RuoYF9vbd+r6PEpVkYpYbpVYtFCEomCA0O1BXOnx11Qxtb2\n FZ9OTspnjKt4d23PpmHC5tq5S6YSQsq8DTRk95Om0x4EYYBD0dMitPF1NHz+UCE7Yq\n Gd6tG5y/EqjYV6AeGvQABHjJ5GBNxSu5ut0QEdyX4vLj96/8MkXpD8jg09CpjJWRe6\n xh6X8IxbXH2fA==", "X-Mailman-Original-Authentication-Results": [ "smtp2.osuosl.org;\n dmarc=pass (p=reject dis=none)\n header.from=bubu1.eu", "smtp2.osuosl.org;\n dkim=pass (2048-bit key) header.d=bubu1.eu header.i=@bubu1.eu\n header.a=rsa-sha256 header.s=bubu header.b=PZyRP3zJ" ], "Subject": "[Buildroot] [PATCH] package/util-linux: security bump to 2.41.4", "X-BeenThere": "buildroot@buildroot.org", "X-Mailman-Version": "2.1.30", "Precedence": "list", "List-Id": "Discussion and development of buildroot <buildroot.buildroot.org>", "List-Unsubscribe": "<https://lists.buildroot.org/mailman/options/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=unsubscribe>", "List-Archive": "<http://lists.buildroot.org/pipermail/buildroot/>", "List-Post": "<mailto:buildroot@buildroot.org>", "List-Help": "<mailto:buildroot-request@buildroot.org?subject=help>", "List-Subscribe": "<https://lists.buildroot.org/mailman/listinfo/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=subscribe>", "From": "Marcus Hoffmann via buildroot <buildroot@buildroot.org>", "Reply-To": "Marcus Hoffmann <buildroot@bubu1.eu>", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit", "Errors-To": "buildroot-bounces@buildroot.org", "Sender": "\"buildroot\" <buildroot-bounces@buildroot.org>" }, "content": "Security fixes:\n\n CVE-2026-27456 - mount(8) TOCTOU symlink attack via loop device.\n The SUID mount follows symlinks when resolving loop backing file\n paths. On systems where non-root users are permitted to mount loop\n devices (via 'user' option in fstab), this allows access to\n arbitrary files.\n\n CWE-190 - Integer overflow in libblkid parse_dos_extended().\n A crafted MBR disk image can cause uint32_t wraparound in EBR\n chain processing, causing reported partitions to not match the\n on-disk layout. Tools like udisks may then register a partition\n at logical sector 0.\n\nFull release notes: https://www.kernel.org/pub/linux/utils/util-linux/v2.41/v2.41.4-ReleaseNotes\n\nSigned-off-by: Marcus Hoffmann <buildroot@bubu1.eu>\n---\n package/util-linux/util-linux.hash | 2 +-\n package/util-linux/util-linux.mk | 2 +-\n 2 files changed, 2 insertions(+), 2 deletions(-)", "diff": "diff --git a/package/util-linux/util-linux.hash b/package/util-linux/util-linux.hash\nindex eab8a0c3b5..5a5656212c 100644\n--- a/package/util-linux/util-linux.hash\n+++ b/package/util-linux/util-linux.hash\n@@ -1,5 +1,5 @@\n # From https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/v2.41/sha256sums.asc\n-sha256 3330d873f0fceb5560b89a7dc14e4f3288bbd880e96903ed9b50ec2b5799e58b util-linux-2.41.3.tar.xz\n+sha256 a8c213cc06048862602a42b2d299b340001f6d05c4407b549f3e03521df83688 util-linux-2.41.4.tar.xz\n # License files, locally calculated\n sha256 4c2db318192bda62f3f8fcf71488bb5e602ae4385eba281d711b46cc13a40bb3 README.licensing\n sha256 527f738966ca396cd5a68c1509390de2a780c6b614d9ee57f7544a6161938ed1 Documentation/licenses/COPYING.BSD-2-Clause\ndiff --git a/package/util-linux/util-linux.mk b/package/util-linux/util-linux.mk\nindex 7617041a46..1271bc7dc0 100644\n--- a/package/util-linux/util-linux.mk\n+++ b/package/util-linux/util-linux.mk\n@@ -8,7 +8,7 @@\n # util-linux-libs/util-linux-libs.mk needs to be updated accordingly as well.\n \n UTIL_LINUX_VERSION_MAJOR = 2.41\n-UTIL_LINUX_VERSION = $(UTIL_LINUX_VERSION_MAJOR).3\n+UTIL_LINUX_VERSION = $(UTIL_LINUX_VERSION_MAJOR).4\n UTIL_LINUX_SOURCE = util-linux-$(UTIL_LINUX_VERSION).tar.xz\n UTIL_LINUX_SITE = $(BR2_KERNEL_MIRROR)/linux/utils/util-linux/v$(UTIL_LINUX_VERSION_MAJOR)\n \n", "prefixes": [] }