Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2194908/?format=api
{ "id": 2194908, "url": "http://patchwork.ozlabs.org/api/patches/2194908/?format=api", "web_url": "http://patchwork.ozlabs.org/project/buildroot/patch/20260210081137.807581-1-peter@korsgaard.com/", "project": { "id": 27, "url": "http://patchwork.ozlabs.org/api/projects/27/?format=api", "name": "Buildroot development", "link_name": "buildroot", "list_id": "buildroot.buildroot.org", "list_email": "buildroot@buildroot.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260210081137.807581-1-peter@korsgaard.com>", "list_archive_url": null, "date": "2026-02-10T08:11:36", "name": "package/libpng: security bump to version 1.6.55", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": false, "hash": "9b7d32c944d440649a872f1c97f674853d4f0b15", "submitter": { "id": 42365, "url": "http://patchwork.ozlabs.org/api/people/42365/?format=api", "name": "Peter Korsgaard", "email": "peter@korsgaard.com" }, "delegate": { "id": 89618, "url": "http://patchwork.ozlabs.org/api/users/89618/?format=api", "username": "juju", "first_name": "Julien", "last_name": "Olivain", "email": "juju@cotds.org" }, "mbox": "http://patchwork.ozlabs.org/project/buildroot/patch/20260210081137.807581-1-peter@korsgaard.com/mbox/", "series": [ { "id": 491619, "url": "http://patchwork.ozlabs.org/api/series/491619/?format=api", "web_url": "http://patchwork.ozlabs.org/project/buildroot/list/?series=491619", "date": "2026-02-10T08:11:36", "name": "package/libpng: security bump to version 1.6.55", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/491619/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2194908/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2194908/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<buildroot-bounces@buildroot.org>", "X-Original-To": [ "incoming-buildroot@patchwork.ozlabs.org", "buildroot@buildroot.org" ], "Delivered-To": [ "patchwork-incoming-buildroot@legolas.ozlabs.org", "buildroot@buildroot.org" ], "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=WKnQPo3J;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)" ], "Received": [ "from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4f9Dmh6rlvz1xtV\n\tfor <incoming-buildroot@patchwork.ozlabs.org>;\n Tue, 10 Feb 2026 19:11:48 +1100 (AEDT)", "from localhost (localhost [127.0.0.1])\n\tby smtp4.osuosl.org (Postfix) with ESMTP id 479B34043B;\n\tTue, 10 Feb 2026 08:11:46 +0000 (UTC)", "from smtp4.osuosl.org ([127.0.0.1])\n by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id Q3oYqPnudhrs; Tue, 10 Feb 2026 08:11:44 +0000 (UTC)", "from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp4.osuosl.org (Postfix) with ESMTP id C82D6403A8;\n\tTue, 10 Feb 2026 08:11:44 +0000 (UTC)", "from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])\n by lists1.osuosl.org (Postfix) with ESMTP id E43451A9\n for <buildroot@buildroot.org>; Tue, 10 Feb 2026 08:11:42 +0000 (UTC)", "from localhost (localhost [127.0.0.1])\n by smtp3.osuosl.org (Postfix) with ESMTP id D289460891\n for <buildroot@buildroot.org>; Tue, 10 Feb 2026 08:11:42 +0000 (UTC)", "from smtp3.osuosl.org ([127.0.0.1])\n by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id nkDIIxTjtVdF for <buildroot@buildroot.org>;\n Tue, 10 Feb 2026 08:11:42 +0000 (UTC)", "from sendmail.purelymail.com (sendmail.purelymail.com\n [34.202.193.197])\n by smtp3.osuosl.org (Postfix) with ESMTPS id ABDB2607F7\n for <buildroot@buildroot.org>; Tue, 10 Feb 2026 08:11:41 +0000 (UTC)", "by smtp.purelymail.com (Purelymail SMTP) with ESMTPSA id -221582504;\n (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384);\n Tue, 10 Feb 2026 08:11:39 +0000 (UTC)", "from peko by dell.be.48ers.dk with local (Exim 4.98.2)\n (envelope-from <peko@dell.be.48ers.dk>) id 1vpiqQ-00000003O63-0Xfv;\n Tue, 10 Feb 2026 09:11:38 +0100" ], "X-Virus-Scanned": [ "amavis at osuosl.org", "amavis at osuosl.org" ], "X-Comment": "SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver=<UNKNOWN> ", "DKIM-Filter": [ "OpenDKIM Filter v2.11.0 smtp4.osuosl.org C82D6403A8", "OpenDKIM Filter v2.11.0 smtp3.osuosl.org ABDB2607F7" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1770711104;\n\tbh=g6zf3LmL7chEJEDiLIa9qnVd6RNZKtHl3M/6jPKiyFA=;\n\th=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:\n\t List-Post:List-Help:List-Subscribe:Cc:From;\n\tb=WKnQPo3Ja54pKmFUm9Tx9e8gQjBDPnKmF6jMFM/VGTWtT+7rDiYxyJyRXwtB5APS4\n\t DH51f0gB8kADegL8G7ZRWD7QJgktMaDxoDkRVas2RIlXTvWz3KeejKBMQ4n6n5Ro1/\n\t uhpui/jE7HlC4Guhj6Nf7O/mr+jjxmFcLxaoX+JmBlgIFRJAlZrHj/G+0vsC4j6Gf6\n\t 5DT/od+hZWd20pBhMHdhvxKGAsfB6e9VPM6hToBsOYOsioGeUVcUhaI1vz7xn6Ef91\n\t LGYF22VWqkW67AzGkPX8gSyNiuOL3/SVg0zWlfy0kq+fnkLGmdCb3+npK0f42hQgft\n\t kONOd809LLmWw==", "Received-SPF": "Pass (mailfrom) identity=mailfrom; client-ip=34.202.193.197;\n helo=sendmail.purelymail.com; envelope-from=peko@korsgaard.com;\n receiver=<UNKNOWN>", "DMARC-Filter": "OpenDMARC Filter v1.4.2 smtp3.osuosl.org ABDB2607F7", "Feedback-ID": "21632:4007:null:purelymail", "X-Pm-Original-To": "buildroot@buildroot.org", "From": "Peter Korsgaard <peter@korsgaard.com>", "To": "buildroot@buildroot.org", "Date": "Tue, 10 Feb 2026 09:11:36 +0100", "Message-ID": "<20260210081137.807581-1-peter@korsgaard.com>", "X-Mailer": "git-send-email 2.47.3", "MIME-Version": "1.0", "X-MIME-Autoconverted": "from 8bit to quoted-printable by Purelymail", "X-Mailman-Original-DKIM-Signature": "a=rsa-sha256;\n b=XkhH7bN+2vmWpG3w02atGvO4l1WPZUcZpqso1TVd08TLtOCXeCTB+CD3LYTbwrwB8GIs1R7GI0sIM+fgIed9HRs05Ql6iuoCRmCssID1AQIvbA49uO64BNgfWvT5xePeX0MTMmDJ7aw2qjSCJ1OyvB2gbdoyEJ+XIluCrIT9gXeHa0ubx5rsGh583K5oUddVjMNA/4jcD9mSXegdyni2ogDm5PE0SI/BeCYjcShF5fDoub5u/dPhXVA/bm8pSDa6pzKFMZ6zFc70bBdcIby9XnPHBUqkE2nNx6dxiUdqaEf2jkYd14+7paYHeFjsBcss31oquN14S5h3HVBk2xHaBQ==;\n s=purelymail3; d=purelymail.com; v=1;\n bh=QS1DBDvzcDc1N9wO944/xtg1iMQl5RUhwD+8wx9BPQY=;\n h=Feedback-ID:Received:Received:From:To:Subject:Date;", "X-Mailman-Original-Authentication-Results": [ "smtp3.osuosl.org;\n dmarc=none (p=none dis=none)\n header.from=korsgaard.com", "smtp3.osuosl.org;\n dkim=pass (2048-bit key,\n unprotected) header.d=purelymail.com header.i=@purelymail.com\n header.a=rsa-sha256 header.s=purelymail3 header.b=XkhH7bN+", "purelymail.com; auth=pass" ], "Subject": "[Buildroot] [PATCH] package/libpng: security bump to version 1.6.55", "X-BeenThere": "buildroot@buildroot.org", "X-Mailman-Version": "2.1.30", "Precedence": "list", "List-Id": "Discussion and development of buildroot <buildroot.buildroot.org>", "List-Unsubscribe": "<https://lists.buildroot.org/mailman/options/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=unsubscribe>", "List-Archive": "<http://lists.buildroot.org/pipermail/buildroot/>", "List-Post": "<mailto:buildroot@buildroot.org>", "List-Help": "<mailto:buildroot-request@buildroot.org?subject=help>", "List-Subscribe": "<https://lists.buildroot.org/mailman/listinfo/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=subscribe>", "Cc": "Bernd Kuhls <bernd@kuhls.net>", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit", "Errors-To": "buildroot-bounces@buildroot.org", "Sender": "\"buildroot\" <buildroot-bounces@buildroot.org>" }, "content": "Fixes the following security vulnerability:\n\nCVE-2026-25646 (High): Heap buffer overflow in png_set_quantize when called\nwith no histogram and a palette larger than twice the requested maximum\nnumber of colors.\n\nFor more details, see the advisory:\nhttps://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3\n\nRelease notes:\nhttps://github.com/pnggroup/libpng/blob/v1.6.55/ANNOUNCE\n\nSigned-off-by: Peter Korsgaard <peter@korsgaard.com>\n---\n package/libpng/libpng.hash | 6 +++---\n package/libpng/libpng.mk | 2 +-\n 2 files changed, 4 insertions(+), 4 deletions(-)", "diff": "diff --git a/package/libpng/libpng.hash b/package/libpng/libpng.hash\nindex 4cf8718cc6..7901f82c3a 100644\n--- a/package/libpng/libpng.hash\n+++ b/package/libpng/libpng.hash\n@@ -1,5 +1,5 @@\n-# From https://sourceforge.net/projects/libpng/files/libpng16/1.6.54/\n-sha1 3dcffaeb58daa7b754bebe93cb008342964d9f39 libpng-1.6.54.tar.xz\n+# From https://sourceforge.net/projects/libpng/files/libpng16/1.6.55/\n+sha1 13f7bedf27009e59961f823cc779a5f9f5341a91 libpng-1.6.55.tar.xz\n # Locally computed:\n-sha256 01c9d8a303c941ec2c511c14312a3b1d36cedb41e2f5168ccdaa85d53b887805 libpng-1.6.54.tar.xz\n+sha256 d925722864837ad5ae2a82070d4b2e0603dc72af44bd457c3962298258b8e82d libpng-1.6.55.tar.xz\n sha256 bdb0a645ea18c60507d0368379b1ac5474b92255fcc2d115e07486a7672ba526 LICENSE\ndiff --git a/package/libpng/libpng.mk b/package/libpng/libpng.mk\nindex d052fa7862..01c1cbbec7 100644\n--- a/package/libpng/libpng.mk\n+++ b/package/libpng/libpng.mk\n@@ -4,7 +4,7 @@\n #\n ################################################################################\n \n-LIBPNG_VERSION = 1.6.54\n+LIBPNG_VERSION = 1.6.55\n LIBPNG_SERIES = 16\n LIBPNG_SOURCE = libpng-$(LIBPNG_VERSION).tar.xz\n LIBPNG_SITE = https://downloads.sourceforge.net/project/libpng/libpng$(LIBPNG_SERIES)/$(LIBPNG_VERSION)\n", "prefixes": [] }