Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2194906/?format=api
{ "id": 2194906, "url": "http://patchwork.ozlabs.org/api/patches/2194906/?format=api", "web_url": "http://patchwork.ozlabs.org/project/buildroot/patch/20260210080153.767847-1-peter@korsgaard.com/", "project": { "id": 27, "url": "http://patchwork.ozlabs.org/api/projects/27/?format=api", "name": "Buildroot development", "link_name": "buildroot", "list_id": "buildroot.buildroot.org", "list_email": "buildroot@buildroot.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260210080153.767847-1-peter@korsgaard.com>", "list_archive_url": null, "date": "2026-02-10T08:01:52", "name": "package/gnutls: security bump to version 3.8.12", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": false, "hash": "edcb1ded61033fb75a0ab061bfa52b3c5ef8783a", "submitter": { "id": 42365, "url": "http://patchwork.ozlabs.org/api/people/42365/?format=api", "name": "Peter Korsgaard", "email": "peter@korsgaard.com" }, "delegate": { "id": 89618, "url": "http://patchwork.ozlabs.org/api/users/89618/?format=api", "username": "juju", "first_name": "Julien", "last_name": "Olivain", "email": "juju@cotds.org" }, "mbox": "http://patchwork.ozlabs.org/project/buildroot/patch/20260210080153.767847-1-peter@korsgaard.com/mbox/", "series": [ { "id": 491617, "url": "http://patchwork.ozlabs.org/api/series/491617/?format=api", "web_url": "http://patchwork.ozlabs.org/project/buildroot/list/?series=491617", "date": "2026-02-10T08:01:52", "name": "package/gnutls: security bump to version 3.8.12", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/491617/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2194906/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2194906/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<buildroot-bounces@buildroot.org>", "X-Original-To": [ "incoming-buildroot@patchwork.ozlabs.org", "buildroot@buildroot.org" ], "Delivered-To": [ "patchwork-incoming-buildroot@legolas.ozlabs.org", "buildroot@buildroot.org" ], "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=P0spQH9k;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)" ], "Received": [ "from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4f9DYV293nz1xvb\n\tfor <incoming-buildroot@patchwork.ozlabs.org>;\n Tue, 10 Feb 2026 19:02:06 +1100 (AEDT)", "from localhost (localhost [127.0.0.1])\n\tby smtp1.osuosl.org (Postfix) with ESMTP id 8120D813FE;\n\tTue, 10 Feb 2026 08:02:04 +0000 (UTC)", "from smtp1.osuosl.org ([127.0.0.1])\n by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id cEzPrtm-O2HH; Tue, 10 Feb 2026 08:02:03 +0000 (UTC)", "from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp1.osuosl.org (Postfix) with ESMTP id 7437F81545;\n\tTue, 10 Feb 2026 08:02:03 +0000 (UTC)", "from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])\n by lists1.osuosl.org (Postfix) with ESMTP id 88FCDF2\n for <buildroot@buildroot.org>; Tue, 10 Feb 2026 08:02:01 +0000 (UTC)", "from localhost (localhost [127.0.0.1])\n by smtp1.osuosl.org (Postfix) with ESMTP id 791648156A\n for <buildroot@buildroot.org>; Tue, 10 Feb 2026 08:02:01 +0000 (UTC)", "from smtp1.osuosl.org ([127.0.0.1])\n by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id 3pHlFJDuAHWK for <buildroot@buildroot.org>;\n Tue, 10 Feb 2026 08:02:00 +0000 (UTC)", "from sendmail.purelymail.com (sendmail.purelymail.com\n [34.202.193.197])\n by smtp1.osuosl.org (Postfix) with ESMTPS id E2410813FE\n for <buildroot@buildroot.org>; Tue, 10 Feb 2026 08:01:59 +0000 (UTC)", "by smtp.purelymail.com (Purelymail SMTP) with ESMTPSA id 1098891293;\n (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384);\n Tue, 10 Feb 2026 08:01:56 +0000 (UTC)", "from peko by dell.be.48ers.dk with local (Exim 4.98.2)\n (envelope-from <peko@dell.be.48ers.dk>) id 1vpih0-00000003DlQ-2rdy;\n Tue, 10 Feb 2026 09:01:54 +0100" ], "X-Virus-Scanned": [ "amavis at osuosl.org", "amavis at osuosl.org" ], "X-Comment": "SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver=<UNKNOWN> ", "DKIM-Filter": [ "OpenDKIM Filter v2.11.0 smtp1.osuosl.org 7437F81545", "OpenDKIM Filter v2.11.0 smtp1.osuosl.org E2410813FE" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1770710523;\n\tbh=vNoukGwTdWOcglMn1dPhUxUdYzidXSSfxfE0Wp5jwz4=;\n\th=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:\n\t List-Post:List-Help:List-Subscribe:From;\n\tb=P0spQH9kJGiHFT3ZuYX9ejAd/Mdg6qBalMYAZH3GFLv7GXx3fy0BNX6lR/Ld9/vXw\n\t dGRUWyJkouXHVF1VKqrJtKR2/0Ltr5g3GRoih/htY3m6fLRRzDxyweP6g9ds+VhZC0\n\t LAU1ORxRRpAmznsIGwE6sgiB6J6j7WS3yYDOCO00HMRjdUNFLpBuUT/aMoLdlv58iq\n\t k2hiDVe8ZHLqCHXveKIYcXXWsOg78woP2wM6kZ4n1ESNLxcElVnPZ7oHSxp81SoJ2h\n\t omvGmtZFD/adveG9sphSrR49iAuzszZL4e85LOSs2ghUCV33+bJdf3MkufoBWcCnir\n\t IIc7J8EhO8AkQ==", "Received-SPF": "Pass (mailfrom) identity=mailfrom; client-ip=34.202.193.197;\n helo=sendmail.purelymail.com; envelope-from=peko@korsgaard.com;\n receiver=<UNKNOWN>", "DMARC-Filter": "OpenDMARC Filter v1.4.2 smtp1.osuosl.org E2410813FE", "Feedback-ID": "21632:4007:null:purelymail", "X-Pm-Original-To": "buildroot@buildroot.org", "From": "Peter Korsgaard <peter@korsgaard.com>", "To": "buildroot@buildroot.org", "Date": "Tue, 10 Feb 2026 09:01:52 +0100", "Message-ID": "<20260210080153.767847-1-peter@korsgaard.com>", "X-Mailer": "git-send-email 2.47.3", "MIME-Version": "1.0", "X-MIME-Autoconverted": "from 8bit to quoted-printable by Purelymail", "X-Mailman-Original-DKIM-Signature": "a=rsa-sha256;\n b=brlCsBpzQPhCY2xW60G+ukOA9P7TRqJLDiwTNr0kg+LLbnhiGUmH7y8TshKMKa+yxQWLEEPhafyKZ4pg/w2T+aCizl3wPiGqQX+a33OkMDzIr22N65mxlnp5DdO3Wol+RxH24351nUDmVgAPoILLnaIyFRtCSvHvtlsPKV3BDpcxwepDX30x1xh6HEd8qmiZmKvSwEn5a9AYOdcPjbMr2SalCN5Qho4dKh4oRkukALgAt/54VKsZvk0pGeNSuC0wODocLUvidfuanPBGi6Zv+o4IP3EgfkFF+U6w+0G76hwOZBffxJAklPJKKhIu8tVeaqmqoU7bW8Ht39vymfkyww==;\n s=purelymail3; d=purelymail.com; v=1;\n bh=PLz63v8KR+tzX58AvXYKrX/wuZVCJsqaUrFqhB68s3g=;\n h=Feedback-ID:Received:Received:From:To:Subject:Date;", "X-Mailman-Original-Authentication-Results": [ "smtp1.osuosl.org;\n dmarc=none (p=none dis=none)\n header.from=korsgaard.com", "smtp1.osuosl.org;\n dkim=pass (2048-bit key,\n unprotected) header.d=purelymail.com header.i=@purelymail.com\n header.a=rsa-sha256 header.s=purelymail3 header.b=brlCsBpz", "purelymail.com; auth=pass" ], "Subject": "[Buildroot] [PATCH] package/gnutls: security bump to version 3.8.12", "X-BeenThere": "buildroot@buildroot.org", "X-Mailman-Version": "2.1.30", "Precedence": "list", "List-Id": "Discussion and development of buildroot <buildroot.buildroot.org>", "List-Unsubscribe": "<https://lists.buildroot.org/mailman/options/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=unsubscribe>", "List-Archive": "<http://lists.buildroot.org/pipermail/buildroot/>", "List-Post": "<mailto:buildroot@buildroot.org>", "List-Help": "<mailto:buildroot-request@buildroot.org?subject=help>", "List-Subscribe": "<https://lists.buildroot.org/mailman/listinfo/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=subscribe>", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit", "Errors-To": "buildroot-bounces@buildroot.org", "Sender": "\"buildroot\" <buildroot-bounces@buildroot.org>" }, "content": "Fixes the following security vulnerabilities:\n\nCVE-2026-1584: libgnutls: Fix NULL pointer dereference in PSK binder\nverification\n\nA TLS 1.3 resumption attempt with an invalid PSK binder value in ClientHello\ncould lead to a denial of service attack via crashing the server.\nThe updated code guards against the problematic dereference.\n\nCVE-2025-14831: libgnutls: Fix name constraint processing performance issue\n\nVerifying certificates with pathological amounts of name constraints\ncould lead to a denial of service attack via resource exhaustion.\nReworked processing algorithms exhibit better performance characteristics.\n\nFor more details, see the release notes:\nhttps://lists.gnupg.org/pipermail/gnutls-help/2026-February/004914.html\n\nDrop now upstreamed 0001-audit-crau-fix-compilation-with-gcc-11.patch:\nhttps://gitlab.com/gnutls/gnutls/-/commit/f5666f8f1f653cfe2bef808a9c9b61534f279ed1\n\nSigned-off-by: Peter Korsgaard <peter@korsgaard.com>\n---\n ...dit-crau-fix-compilation-with-gcc-11.patch | 67 -------------------\n package/gnutls/gnutls.hash | 4 +-\n package/gnutls/gnutls.mk | 2 +-\n 3 files changed, 3 insertions(+), 70 deletions(-)\n delete mode 100644 package/gnutls/0001-audit-crau-fix-compilation-with-gcc-11.patch", "diff": "diff --git a/package/gnutls/0001-audit-crau-fix-compilation-with-gcc-11.patch b/package/gnutls/0001-audit-crau-fix-compilation-with-gcc-11.patch\ndeleted file mode 100644\nindex 0551d5c4fd..0000000000\n--- a/package/gnutls/0001-audit-crau-fix-compilation-with-gcc-11.patch\n+++ /dev/null\n@@ -1,67 +0,0 @@\n-From 2bbae7644a2292410b53f98fd0035c40bf8750a5 Mon Sep 17 00:00:00 2001\n-From: Julien Olivain <ju.o@free.fr>\n-Date: Sun, 23 Nov 2025 18:17:19 +0100\n-Subject: [PATCH] audit: crau: fix compilation with gcc < 11\n-\n-If the CRAU_MAYBE_UNUSED macro is unset, the crau.h file tries to\n-automatically detect an appropriate value for it.\n-\n-This autodetection is using the cpp special operator\n-`__has_c_attribute` [1], introduced in gcc 11 [2].\n-\n-When compiling with a gcc older than version 11, the compilation fails\n-with the error:\n-\n- In file included from audit.h:22,\n- from audit.c:26:\n- crau/crau.h:255:23: error: missing binary operator before token \"(\"\n- __has_c_attribute (__maybe_unused__)\n- ^\n-\n-This has been observed, for example, in Rocky Linux 8.10, which\n-contains a gcc v8.5.0.\n-\n-The issue happens because the test for the `__has_c_attribute`\n-availability and the test for the `__maybe_unused__` attribute\n-are in the same directive. Those tests should be separated in\n-two different directives, following the same logic described in\n-the `__has_builtin` documentation [3].\n-\n-This issue was found in Buildroot, after updating gnutls to\n-version 3.8.11 in [4].\n-\n-This commit fixes the issue by splitting the test in two.\n-\n-[1] https://gcc.gnu.org/onlinedocs/cpp/_005f_005fhas_005fc_005fattribute.html\n-[2] https://gcc.gnu.org/gcc-11/changes.html#c\n-[3] https://gcc.gnu.org/onlinedocs/cpp/_005f_005fhas_005fbuiltin.html\n-[4] https://gitlab.com/buildroot.org/buildroot/-/commit/81dbfe1c2ae848b4eb1f896198d13455df50e548\n-\n-Upstream: https://gitlab.com/gnutls/gnutls/-/merge_requests/2045\n-Reported-by: Neal Frager <neal.frager@amd.com>\n-Signed-off-by: Julien Olivain <ju.o@free.fr>\n----\n- lib/crau/crau.h | 7 ++++---\n- 1 file changed, 4 insertions(+), 3 deletions(-)\n-\n-diff --git a/lib/crau/crau.h b/lib/crau/crau.h\n-index 0d4f9f13e..53d33555b 100644\n---- a/lib/crau/crau.h\n-+++ b/lib/crau/crau.h\n-@@ -251,9 +251,10 @@ void crau_data(struct crau_context_stack_st *stack, ...)\n- # else\n- \n- # ifndef CRAU_MAYBE_UNUSED\n--# if defined(__has_c_attribute) && \\\n-- __has_c_attribute (__maybe_unused__)\n--# define CRAU_MAYBE_UNUSED [[__maybe_unused__]]\n-+# if defined(__has_c_attribute)\n-+# if __has_c_attribute (__maybe_unused__)\n-+# define CRAU_MAYBE_UNUSED [[__maybe_unused__]]\n-+# endif\n- # elif defined(__GNUC__)\n- # define CRAU_MAYBE_UNUSED __attribute__((__unused__))\n- # endif\n--- \n-2.51.1\n-\ndiff --git a/package/gnutls/gnutls.hash b/package/gnutls/gnutls.hash\nindex 03297c3321..209b6aa220 100644\n--- a/package/gnutls/gnutls.hash\n+++ b/package/gnutls/gnutls.hash\n@@ -1,6 +1,6 @@\n # Locally calculated after checking pgp signature\n-# https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.11.tar.xz.sig\n-sha256 91bd23c4a86ebc6152e81303d20cf6ceaeb97bc8f84266d0faec6e29f17baa20 gnutls-3.8.11.tar.xz\n+# https://www.gnupg.org/ftp/gcrypt/gnutls/v3.8/gnutls-3.8.12.tar.xz.sig\n+sha256 a7b341421bfd459acf7a374ca4af3b9e06608dcd7bd792b2bf470bea012b8e51 gnutls-3.8.12.tar.xz\n # Locally calculated\n sha256 3972dc9744f6499f0f9b2dbf76696f2ae7ad8af9b23dde66d6af86c9dfb36986 COPYING\n sha256 20e50fe7aae3e56378ebf0417d9de904f55a0e61e4df315333e632a4d3555d95 COPYING.LESSERv2\ndiff --git a/package/gnutls/gnutls.mk b/package/gnutls/gnutls.mk\nindex 9eef594cc9..0844bfe50d 100644\n--- a/package/gnutls/gnutls.mk\n+++ b/package/gnutls/gnutls.mk\n@@ -6,7 +6,7 @@\n \n # When bumping, make sure *all* --without-libfoo-prefix options are in GNUTLS_CONF_OPTS\n GNUTLS_VERSION_MAJOR = 3.8\n-GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).11\n+GNUTLS_VERSION = $(GNUTLS_VERSION_MAJOR).12\n GNUTLS_SOURCE = gnutls-$(GNUTLS_VERSION).tar.xz\n GNUTLS_SITE = https://www.gnupg.org/ftp/gcrypt/gnutls/v$(GNUTLS_VERSION_MAJOR)\n GNUTLS_LICENSE = LGPL-2.1+ (core library)\n", "prefixes": [] }