Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/1.2/patches/2230251/?format=api
{ "id": 2230251, "url": "http://patchwork.ozlabs.org/api/1.2/patches/2230251/?format=api", "web_url": "http://patchwork.ozlabs.org/project/buildroot/patch/20260429141129.248078-1-titouan.christophe@mind.be/", "project": { "id": 27, "url": "http://patchwork.ozlabs.org/api/1.2/projects/27/?format=api", "name": "Buildroot development", "link_name": "buildroot", "list_id": "buildroot.buildroot.org", "list_email": "buildroot@buildroot.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260429141129.248078-1-titouan.christophe@mind.be>", "list_archive_url": null, "date": "2026-04-29T14:11:29", "name": "[for,2025.02.x] package/libspdm: add patches for security issues fixed in libspdm 3.8.2", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": false, "hash": "1e1b2e424e95dbc23011b84054f516b40650ba83", "submitter": { "id": 90763, "url": "http://patchwork.ozlabs.org/api/1.2/people/90763/?format=api", "name": "Titouan Christophe", "email": "titouan.christophe@mind.be" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/buildroot/patch/20260429141129.248078-1-titouan.christophe@mind.be/mbox/", "series": [ { "id": 502076, "url": "http://patchwork.ozlabs.org/api/1.2/series/502076/?format=api", "web_url": "http://patchwork.ozlabs.org/project/buildroot/list/?series=502076", "date": "2026-04-29T14:11:29", "name": "[for,2025.02.x] package/libspdm: add patches for security issues fixed in libspdm 3.8.2", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/502076/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2230251/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2230251/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<buildroot-bounces@buildroot.org>", "X-Original-To": [ "incoming-buildroot@patchwork.ozlabs.org", "buildroot@buildroot.org" ], "Delivered-To": [ "patchwork-incoming-buildroot@legolas.ozlabs.org", "buildroot@buildroot.org" ], "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=AtInnc3x;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=2605:bc80:3010::136; helo=smtp3.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)" ], "Received": [ "from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g5K7t4jgzz1yHX\n\tfor <incoming-buildroot@patchwork.ozlabs.org>;\n Thu, 30 Apr 2026 00:15:04 +1000 (AEST)", "from localhost (localhost [127.0.0.1])\n\tby smtp3.osuosl.org (Postfix) with ESMTP id B5E556158D;\n\tWed, 29 Apr 2026 14:15:01 +0000 (UTC)", "from smtp3.osuosl.org ([127.0.0.1])\n by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id V7SvY8efhNmZ; Wed, 29 Apr 2026 14:15:00 +0000 (UTC)", "from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp3.osuosl.org (Postfix) with ESMTP id 9821A60FB2;\n\tWed, 29 Apr 2026 14:15:00 +0000 (UTC)", "from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138])\n by lists1.osuosl.org (Postfix) with ESMTP id 34C8223D\n for <buildroot@buildroot.org>; Wed, 29 Apr 2026 14:14:59 +0000 (UTC)", "from localhost (localhost [127.0.0.1])\n by smtp1.osuosl.org (Postfix) with ESMTP id 2624381416\n for <buildroot@buildroot.org>; Wed, 29 Apr 2026 14:14:59 +0000 (UTC)", "from smtp1.osuosl.org ([127.0.0.1])\n by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id mMtroKaeTfb4 for <buildroot@buildroot.org>;\n Wed, 29 Apr 2026 14:14:56 +0000 (UTC)", "from mail-wm1-x335.google.com (mail-wm1-x335.google.com\n [IPv6:2a00:1450:4864:20::335])\n by smtp1.osuosl.org (Postfix) with ESMTPS id DFA308120D\n for <buildroot@buildroot.org>; Wed, 29 Apr 2026 14:14:55 +0000 (UTC)", "by mail-wm1-x335.google.com with SMTP id\n 5b1f17b1804b1-48a3e9862f0so6059975e9.1\n for <buildroot@buildroot.org>; Wed, 29 Apr 2026 07:14:55 -0700 (PDT)", "from dragon (ip-94-140-185-241.reverse.destiny.be. [94.140.185.241])\n by smtp.gmail.com with ESMTPSA id\n 5b1f17b1804b1-48a7c57b5fcsm59207875e9.5.2026.04.29.07.14.52\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Wed, 29 Apr 2026 07:14:52 -0700 (PDT)" ], "X-Virus-Scanned": [ "amavis at osuosl.org", "amavis at osuosl.org" ], "X-Comment": "SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver=<UNKNOWN> ", "DKIM-Filter": [ "OpenDKIM Filter v2.11.0 smtp3.osuosl.org 9821A60FB2", "OpenDKIM Filter v2.11.0 smtp1.osuosl.org DFA308120D" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1777472100;\n\tbh=pmasoNNS7WvpZdlcd/qnc8LN/DCGnH2lRbmEz4r9fP4=;\n\th=To:Cc:Date:Subject:List-Id:List-Unsubscribe:List-Archive:\n\t List-Post:List-Help:List-Subscribe:From:Reply-To:From;\n\tb=AtInnc3x09Q0DD6q5vQpmozTSEvsu4PANqQIxClDt1+eZYOtrJrRd2jkQWEPMI8+e\n\t zunQKCoVt1g/P1HNxiczuL3dBdqnjFnt4qc7ZU1pH3LuGgHLAcqIQFYWme3GWf/GDI\n\t TIRmKJ/YFSUHFRQEdpwMvpWFiA3hjFZtpWsPObla/5eSyVQiLtmQbggRPqufnnAAB3\n\t GgM2UjesTtwVeiJx8ZNS9UfeEce2cMmy18TP25dF+tCKHvSqm4UKj146zR3ibX5wEk\n\t xkUcALly8Zxa/ab8ALXVXTyZDx6cZhhJX6a1Ox/ugfnlIQYlVTl/weWgRTQBlIj230\n\t x08X+BMfX7JSQ==", "Received-SPF": "Pass (mailfrom) identity=mailfrom;\n client-ip=2a00:1450:4864:20::335; helo=mail-wm1-x335.google.com;\n envelope-from=titouan.christophe@essensium.com; receiver=<UNKNOWN>", "DMARC-Filter": "OpenDMARC Filter v1.4.2 smtp1.osuosl.org DFA308120D", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1777472093; x=1778076893;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date\n :message-id:reply-to;\n bh=fTsu0SSTQskFh7ruVWS0jesOcgTzM7bwVjaJtaMIPM4=;\n b=RHg+RF4LTl8PCc0x9CCvpB9OlyBtf04qjV8ZB7vhbNCVi0+ZclBqPbmTgGP6jRVFRo\n R4MSZjfP/zI6Y+g5MJaG0LYlu8TkWvbPuEEE2RGJcP0J2IW0y3t3JFlXbvQsWD0UMNqo\n 7b8ZpuNR9oeW4eF7pWVQzl0B6Jr9r2IjoT5GXeffa/B+FcRmJfPFIMaqD2p36U//jbGf\n ZoQM6D51NPlqJvAPNLRz4PUQo7P9Uj45o6PZSm33/BU+UkbvnvzbhwfkdnUfXWjSpb4K\n Ds2wsFjIJiTRPZg0GQ2XN+kak+YMr6FnpUr5vkfvwwNWl6FVU1NCIVjm2HoeROD6ioJu\n 7NsA==", "X-Gm-Message-State": "AOJu0YylfC1E2TamkdY1uKW8ANNNN0XOcEEqfC/qfjmlYTYEgAJtNOAc\n gVgV7s4GBYSm4ZCMs052pvR3RnQS3kMMEZmDDtyrkYu2z2Z1nNOpNVSGMJxckKVWJoCbh1AU+gW\n e5uJsRcs=", "X-Gm-Gg": "AeBDievTH1BNrHEuzh/W46XSMUgpQAgDTIYofrT789BH5nBbYazm0lRcDDMaHiTW7fz\n jKDFoKyeOlx4LqJGZGby2piUSyJp9xrGnx40MNVxbpwgHXQbdzuZ48MewT8bam6wYTH9YzWxWVO\n 0Qqy82LT7468Q6H/VmtXQDtLiQW5QXqbmbaNSACXuEllc7ubgKU+esrJkSRjqy7T8Pon1bAgeyr\n s4QOH5T8TaUWkf3H5+usCTAdKjLtYaJbhBmYoNDUMbJiyEhucOfIVGUaQ401Id17bLoxOkEldtZ\n BZ0nzb1GKuHWLuhC7PQPp1XgqCZ6Sjnuhtywl+Jw192WkNQnMFKUy1wIqJo1NQEbZ+KJ0HeFJje\n 21vac0trqTVhWHLk7Ty1/sv2qXOA53mR6vj8Km7tD+bLNMWknDfhONsnMORhseVpNJGzuAZ76Ko\n Ttsiv984Snhd90wU2tImuLtkwJOm/R/d9hIxTstT+MbMRE8T4wWBNpk22TBktF0vfvQTQu5T9Ry\n PQO", "X-Received": "by 2002:a05:600c:3e86:b0:48a:53cb:8604 with SMTP id\n 5b1f17b1804b1-48a7c1bcc18mr59495775e9.14.1777472093297;\n Wed, 29 Apr 2026 07:14:53 -0700 (PDT)", "To": "buildroot@buildroot.org", "Cc": "Alistair Francis <alistair@alistair23.me>,\n\tthomas.perale@mind.be", "Date": "Wed, 29 Apr 2026 16:11:29 +0200", "Message-ID": "<20260429141129.248078-1-titouan.christophe@mind.be>", "X-Mailer": "git-send-email 2.53.0", "MIME-Version": "1.0", "X-Mailman-Original-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=mind.be; s=google; t=1777472093; x=1778076893; darn=buildroot.org;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:from:to:cc:subject:date:message-id:reply-to;\n bh=fTsu0SSTQskFh7ruVWS0jesOcgTzM7bwVjaJtaMIPM4=;\n b=cBIvyJ6l7HLLEUlHxMNTs2DTxVOrDY7zMHb6rzWx346kFhxFWPuTOqjNZMZ4lHaLG/\n MPvSFgNDIuQ/dlHnGEn2ZAeUmgOj5gVFqMr/U7m8fE0fjjXjK/CQoPSOZQpr4o79WQE4\n iPagGXK20MditJwCwZRE9S/4qaVgmzCz2oJSqni8lDCWi+2LUb9mXp1onqTLm/YL7Tni\n FCmfTrcMCeQ2eaGcmDeumF6CYNyBsjIFkC6GGAjoGHWgPVeP6wbXlBwg/GsxiZMdwYpg\n l4lYQjm4OrX1gTY6DKGase7us4igC6Q5KsG2FS6h0dvAEBmmafRQKwQYgX6j1xCAzlWQ\n Qpsg==", "X-Mailman-Original-Authentication-Results": [ "smtp1.osuosl.org;\n dmarc=pass (p=quarantine dis=none)\n header.from=mind.be", "smtp1.osuosl.org;\n dkim=pass (2048-bit key) header.d=mind.be header.i=@mind.be\n header.a=rsa-sha256 header.s=google header.b=cBIvyJ6l" ], "Subject": "[Buildroot] [PATCH for 2025.02.x] package/libspdm: add patches for\n security issues fixed in libspdm 3.8.2", "X-BeenThere": "buildroot@buildroot.org", "X-Mailman-Version": "2.1.30", "Precedence": "list", "List-Id": "Discussion and development of buildroot <buildroot.buildroot.org>", "List-Unsubscribe": "<https://lists.buildroot.org/mailman/options/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=unsubscribe>", "List-Archive": "<http://lists.buildroot.org/pipermail/buildroot/>", "List-Post": "<mailto:buildroot@buildroot.org>", "List-Help": "<mailto:buildroot-request@buildroot.org?subject=help>", "List-Subscribe": "<https://lists.buildroot.org/mailman/listinfo/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=subscribe>", "From": "Titouan Christophe via buildroot <buildroot@buildroot.org>", "Reply-To": "Titouan Christophe <titouan.christophe@mind.be>", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit", "Errors-To": "buildroot-bounces@buildroot.org", "Sender": "\"buildroot\" <buildroot-bounces@buildroot.org>" }, "content": "Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>\n---\n ...ulnerability-in-GET_CSR-parsing-code.patch | 65 +++++++++++++++++++\n ...ibspdm_rsp_measurement_extension_log.patch | 29 +++++++++\n 2 files changed, 94 insertions(+)\n create mode 100644 package/libspdm/0002-Fix-security-vulnerability-in-GET_CSR-parsing-code.patch\n create mode 100644 package/libspdm/0003-Update-libspdm_rsp_measurement_extension_log.patch", "diff": "diff --git a/package/libspdm/0002-Fix-security-vulnerability-in-GET_CSR-parsing-code.patch b/package/libspdm/0002-Fix-security-vulnerability-in-GET_CSR-parsing-code.patch\nnew file mode 100644\nindex 0000000000..6d10f33564\n--- /dev/null\n+++ b/package/libspdm/0002-Fix-security-vulnerability-in-GET_CSR-parsing-code.patch\n@@ -0,0 +1,65 @@\n+From 704bc9916ccd8c034f912f13b75fd890a19eb3f3 Mon Sep 17 00:00:00 2001\n+From: Steven Bellock <sbellock@nvidia.com>\n+Date: Tue, 27 Jan 2026 12:02:37 -0800\n+Subject: [PATCH] Fix security vulnerability in GET_CSR parsing code\n+\n+Signed-off-by: Steven Bellock <sbellock@nvidia.com>\n+Co-Authored-By: Nicholas Carlini <nicholas@carlini.com>\n+\n+Fixes: https://github.com/DMTF/libspdm/security/advisories/GHSA-j54w-759w-xj3m\n+Upstream: https://github.com/DMTF/libspdm/commit/704bc9916ccd8c034f912f13b75fd890a19eb3f3\n+Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>\n+---\n+ os_stub/cryptlib_mbedtls/pk/x509.c | 25 +++++++++++++------------\n+ 1 file changed, 13 insertions(+), 12 deletions(-)\n+\n+diff --git a/os_stub/cryptlib_mbedtls/pk/x509.c b/os_stub/cryptlib_mbedtls/pk/x509.c\n+index 65eff62bfd5..1b5d60d4f92 100644\n+--- a/os_stub/cryptlib_mbedtls/pk/x509.c\n++++ b/os_stub/cryptlib_mbedtls/pk/x509.c\n+@@ -1768,6 +1768,19 @@ static bool libspdm_convert_subject_to_string(uint8_t *ptr, size_t obj_len,\n+ (libspdm_consttime_is_mem_equal(cur->oid, internal_p, obj_len))) {\n+ /*Concat subject string*/\n+ \n++ /*move to string*/\n++ internal_p += obj_len;\n++ ret = libspdm_asn1_get_tag(&internal_p, end, &obj_len, cur->default_tag);\n++ if (!ret) {\n++ return false;\n++ }\n++\n++ /*check total space needed: name + '=' + value + ',' + '\\0'*/\n++ if (buff_len < (int32_t)(cur->name_len + 1 + obj_len + 1 + 1)) {\n++ LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO,\"the buffer is too small\"));\n++ return false;\n++ }\n++\n+ /*for example: CN=*/\n+ libspdm_copy_mem(buffer, buff_len, cur->name, cur->name_len);\n+ buff_len = (int32_t)(buff_len - cur->name_len);\n+@@ -1776,13 +1789,6 @@ static bool libspdm_convert_subject_to_string(uint8_t *ptr, size_t obj_len,\n+ buff_len--;\n+ buffer++;\n+ \n+- /*move to string*/\n+- internal_p += obj_len;\n+- ret = libspdm_asn1_get_tag(&internal_p, end, &obj_len, cur->default_tag);\n+- if (!ret) {\n+- return false;\n+- }\n+-\n+ /*for example: AU,*/\n+ libspdm_copy_mem(buffer, buff_len, internal_p, obj_len);\n+ buff_len = (int32_t)(buff_len - obj_len);\n+@@ -1790,11 +1796,6 @@ static bool libspdm_convert_subject_to_string(uint8_t *ptr, size_t obj_len,\n+ *buffer = ',';\n+ buff_len--;\n+ buffer++;\n+-\n+- if (buff_len < 0) {\n+- LIBSPDM_DEBUG((LIBSPDM_DEBUG_INFO,\"the buffer is too small\"));\n+- return false;\n+- }\n+ break;\n+ }\n+ }\ndiff --git a/package/libspdm/0003-Update-libspdm_rsp_measurement_extension_log.patch b/package/libspdm/0003-Update-libspdm_rsp_measurement_extension_log.patch\nnew file mode 100644\nindex 0000000000..c1a0f7eefc\n--- /dev/null\n+++ b/package/libspdm/0003-Update-libspdm_rsp_measurement_extension_log.patch\n@@ -0,0 +1,29 @@\n+From f55cf6d48ec69b4ac60a63903e9c6a2cb0fd155d Mon Sep 17 00:00:00 2001\n+From: Steven Bellock <sbellock@nvidia.com>\n+Date: Fri, 3 Apr 2026 11:00:07 -0700\n+Subject: [PATCH] Update libspdm_rsp_measurement_extension_log.c\n+\n+Fix #3584 in 3.8.\n+\n+Signed-off-by: Steven Bellock <sbellock@nvidia.com>\n+\n+Fixes: https://github.com/DMTF/libspdm/security/advisories/GHSA-m4wc-xmvg-369f\n+Upstream: https://github.com/DMTF/libspdm/commit/f55cf6d48ec69b4ac60a63903e9c6a2cb0fd155d\n+Signed-off-by: Titouan Christophe <titouan.christophe@mind.be>\n+---\n+ .../spdm_responder_lib/libspdm_rsp_measurement_extension_log.c | 2 +-\n+ 1 file changed, 1 insertion(+), 1 deletion(-)\n+\n+diff --git a/library/spdm_responder_lib/libspdm_rsp_measurement_extension_log.c b/library/spdm_responder_lib/libspdm_rsp_measurement_extension_log.c\n+index 6dcb3a54bac..c5f2efa8c88 100644\n+--- a/library/spdm_responder_lib/libspdm_rsp_measurement_extension_log.c\n++++ b/library/spdm_responder_lib/libspdm_rsp_measurement_extension_log.c\n+@@ -125,7 +125,7 @@ libspdm_return_t libspdm_get_response_measurement_extension_log(libspdm_context_\n+ response_size, response);\n+ }\n+ \n+- if ((uint64_t)(offset + length) > spdm_mel_len) {\n++ if (((uint64_t)offset + length) > spdm_mel_len) {\n+ length = (uint32_t)(spdm_mel_len - offset);\n+ }\n+ remainder_length = spdm_mel_len - (length + offset);\n", "prefixes": [ "for", "2025.02.x" ] }