Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2217159/?format=api
{ "id": 2217159, "url": "http://patchwork.ozlabs.org/api/patches/2217159/?format=api", "web_url": "http://patchwork.ozlabs.org/project/buildroot/patch/20260327182155.192855-1-peter@korsgaard.com/", "project": { "id": 27, "url": "http://patchwork.ozlabs.org/api/projects/27/?format=api", "name": "Buildroot development", "link_name": "buildroot", "list_id": "buildroot.buildroot.org", "list_email": "buildroot@buildroot.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260327182155.192855-1-peter@korsgaard.com>", "list_archive_url": null, "date": "2026-03-27T18:21:53", "name": "package/rauc: security bump to version 1.15.2", "commit_ref": null, "pull_url": null, "state": "accepted", "archived": false, "hash": "53443fb94a90f2349512670f7a8f66e019517f72", "submitter": { "id": 42365, "url": "http://patchwork.ozlabs.org/api/people/42365/?format=api", "name": "Peter Korsgaard", "email": "peter@korsgaard.com" }, "delegate": { "id": 89618, "url": "http://patchwork.ozlabs.org/api/users/89618/?format=api", "username": "juju", "first_name": "Julien", "last_name": "Olivain", "email": "juju@cotds.org" }, "mbox": "http://patchwork.ozlabs.org/project/buildroot/patch/20260327182155.192855-1-peter@korsgaard.com/mbox/", "series": [ { "id": 497817, "url": "http://patchwork.ozlabs.org/api/series/497817/?format=api", "web_url": "http://patchwork.ozlabs.org/project/buildroot/list/?series=497817", "date": "2026-03-27T18:21:53", "name": "package/rauc: security bump to version 1.15.2", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/497817/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2217159/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2217159/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<buildroot-bounces@buildroot.org>", "X-Original-To": [ "incoming-buildroot@patchwork.ozlabs.org", "buildroot@buildroot.org" ], "Delivered-To": [ "patchwork-incoming-buildroot@legolas.ozlabs.org", "buildroot@buildroot.org" ], "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=Ll0qg44P;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=140.211.166.138; helo=smtp1.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)" ], "Received": [ "from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fj8BP6HZQz1yFp\n\tfor <incoming-buildroot@patchwork.ozlabs.org>;\n Sat, 28 Mar 2026 05:22:21 +1100 (AEDT)", "from localhost (localhost [127.0.0.1])\n\tby smtp1.osuosl.org (Postfix) with ESMTP id E6DF083E3C;\n\tFri, 27 Mar 2026 18:22:17 +0000 (UTC)", "from smtp1.osuosl.org ([127.0.0.1])\n by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id FdqlapzA51ch; Fri, 27 Mar 2026 18:22:16 +0000 (UTC)", "from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp1.osuosl.org (Postfix) with ESMTP id 77DFB83E29;\n\tFri, 27 Mar 2026 18:22:16 +0000 (UTC)", "from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])\n by lists1.osuosl.org (Postfix) with ESMTP id 7E3EB1D3\n for <buildroot@buildroot.org>; Fri, 27 Mar 2026 18:22:14 +0000 (UTC)", "from localhost (localhost [127.0.0.1])\n by smtp3.osuosl.org (Postfix) with ESMTP id 63D5460FDC\n for <buildroot@buildroot.org>; Fri, 27 Mar 2026 18:22:14 +0000 (UTC)", "from smtp3.osuosl.org ([127.0.0.1])\n by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id yrkye6-AxaGb for <buildroot@buildroot.org>;\n Fri, 27 Mar 2026 18:22:13 +0000 (UTC)", "from sendmail.purelymail.com (sendmail.purelymail.com\n [34.202.193.197])\n by smtp3.osuosl.org (Postfix) with ESMTPS id C0E3C605A7\n for <buildroot@buildroot.org>; Fri, 27 Mar 2026 18:22:12 +0000 (UTC)", "by smtp.purelymail.com (Purelymail SMTP) with ESMTPSA id\n -1960693743;\n (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384);\n Fri, 27 Mar 2026 18:22:10 +0000 (UTC)", "from peko by dell.be.48ers.dk with local (Exim 4.98.2)\n (envelope-from <peko@dell.be.48ers.dk>) id 1w6Bos-00000000oBa-3P0w;\n Fri, 27 Mar 2026 19:22:06 +0100" ], "X-Virus-Scanned": [ "amavis at osuosl.org", "amavis at osuosl.org" ], "X-Comment": "SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver=<UNKNOWN> ", "DKIM-Filter": [ "OpenDKIM Filter v2.11.0 smtp1.osuosl.org 77DFB83E29", "OpenDKIM Filter v2.11.0 smtp3.osuosl.org C0E3C605A7" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1774635736;\n\tbh=kkFYs64XRbROINzackA96AFgUyDKkaEj99I1lmXh/Dk=;\n\th=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:\n\t List-Post:List-Help:List-Subscribe:Cc:From;\n\tb=Ll0qg44Pl11/eD4+vNxwLUbDooALY3AFfbXML/AzV3gcEWWv4WW3KGFFGr3z0fq9T\n\t 914Zt6iVeNsCXBCwpfbRuUhsELhnL2PLaCnmsQc0wSo101h/W8tamjGw3QfIf9/koB\n\t dDkmkl9rgg7fCEwS9dXvj0RK0toufOBkkUP37ZbgvFss8q1ALeuhc2nAeDYQGX1X4U\n\t o24L7rD8VxEK3tl47ABcOsYG6E8kDJFTP9bC1ZbbFlkt9TlnxcbY20vG2eLBDeB1Dx\n\t MiG3zaZ6JtIeYRFaNeFE9wU4M3SMHgAA2HxQF0jbL7sg6MOqJTXUCDT625LEosJKWf\n\t WhJRvHkZxStEg==", "Received-SPF": "Pass (mailfrom) identity=mailfrom; client-ip=34.202.193.197;\n helo=sendmail.purelymail.com; envelope-from=peko@korsgaard.com;\n receiver=<UNKNOWN>", "DMARC-Filter": "OpenDMARC Filter v1.4.2 smtp3.osuosl.org C0E3C605A7", "Feedback-ID": "21632:4007:null:purelymail", "X-Pm-Original-To": "buildroot@buildroot.org", "From": "Peter Korsgaard <peter@korsgaard.com>", "To": "buildroot@buildroot.org", "Date": "Fri, 27 Mar 2026 19:21:53 +0100", "Message-ID": "<20260327182155.192855-1-peter@korsgaard.com>", "X-Mailer": "git-send-email 2.47.3", "MIME-Version": "1.0", "X-MIME-Autoconverted": "from 8bit to quoted-printable by Purelymail", "X-Mailman-Original-DKIM-Signature": "a=rsa-sha256;\n b=byX+3QKPRMyBZb7sh8GR6JQUbXmYFn9AnkXeGjDA/FrpzkMGnDpYFBUaWSc+OIRdK5plPTxz+us2qbUI5ZisJSpwxJEXwCu+5xskkWAdG5TdhHWaMQexg8nxLKJPDNgy9y9rpYy7Glw+xavM1jRegx8KGEXOO5XhYSN4Oun4azZ8BrRos6AhP8l2+7/tv4L3IVpnEeDcpi1EhGhBaQTFObTFbkkFuFPHzunKsgnEQAwu+QzbT3GuSUNbREoZNVj73cZxcnxByk+SPlVnTWrg1p+7c6O+hRoWKgKDPApKk91zZmRYPXahlBLzq00zOc2BK+/3lypsFK/+WrfDNAlkFw==;\n s=purelymail1; d=purelymail.com; v=1;\n bh=hn6UV5AlWGDyix01BUJbtFwXXZm8H/onW+0tHLw0uBg=;\n h=Feedback-ID:Received:Received:From:To:Subject:Date;", "X-Mailman-Original-Authentication-Results": [ "smtp3.osuosl.org;\n dmarc=none (p=none dis=none)\n header.from=korsgaard.com", "smtp3.osuosl.org;\n dkim=pass (2048-bit key,\n unprotected) header.d=purelymail.com header.i=@purelymail.com\n header.a=rsa-sha256 header.s=purelymail1 header.b=byX+3QKP", "purelymail.com; auth=pass" ], "Subject": "[Buildroot] [PATCH] package/rauc: security bump to version 1.15.2", "X-BeenThere": "buildroot@buildroot.org", "X-Mailman-Version": "2.1.30", "Precedence": "list", "List-Id": "Discussion and development of buildroot <buildroot.buildroot.org>", "List-Unsubscribe": "<https://lists.buildroot.org/mailman/options/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=unsubscribe>", "List-Archive": "<http://lists.buildroot.org/pipermail/buildroot/>", "List-Post": "<mailto:buildroot@buildroot.org>", "List-Help": "<mailto:buildroot-request@buildroot.org?subject=help>", "List-Subscribe": "<https://lists.buildroot.org/mailman/listinfo/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=subscribe>", "Cc": "Heiko Thiery <heiko.thiery@gmail.com>,\n Andrey Yurovsky <yurovsky@gmail.com>", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit", "Errors-To": "buildroot-bounces@buildroot.org", "Sender": "\"buildroot\" <buildroot-bounces@buildroot.org>" }, "content": "Fixes the following security issue:\n\nCVE-2026-34155: Improper Signing of Plain Bundles Exceeding 2 GiB\n\nRAUC bundles using the 'plain' format exceeding a payload size of 2 GiB\ncause an integer overflow which results in a signature which covers only the\nfirst few bytes of the payload. Given such a bundle with a legitimate\nsignature, an attacker can modify the part of the payload which is not\ncovered by the signature.\n\nBundles using the recommended 'verity' or 'crypt' formats are not affected.\n\nFor more details, see the advisory:\nhttps://github.com/rauc/rauc/security/advisories/GHSA-6hj7-q844-m2hx\n\nhttps://github.com/rauc/rauc/releases/tag/v1.15.2\n\nSigned-off-by: Peter Korsgaard <peter@korsgaard.com>\n---\n package/rauc/rauc.hash | 2 +-\n package/rauc/rauc.mk | 2 +-\n 2 files changed, 2 insertions(+), 2 deletions(-)", "diff": "diff --git a/package/rauc/rauc.hash b/package/rauc/rauc.hash\nindex ea537c63b6..edfefb5a7b 100644\n--- a/package/rauc/rauc.hash\n+++ b/package/rauc/rauc.hash\n@@ -1,3 +1,3 @@\n # Locally calculated after checking pgp signature\n-sha256 603dafa5085b6b964c74d5f57a154a1489af2b415dd20c6ff1447815d02c094f rauc-1.15.1.tar.xz\n+sha256 127a24cde208c65b837ae978c695a00730f1094ee8b6c7d48cf58ef846eae340 rauc-1.15.2.tar.xz\n sha256 20e50fe7aae3e56378ebf0417d9de904f55a0e61e4df315333e632a4d3555d95 COPYING\ndiff --git a/package/rauc/rauc.mk b/package/rauc/rauc.mk\nindex ba30c70dad..54974abc09 100644\n--- a/package/rauc/rauc.mk\n+++ b/package/rauc/rauc.mk\n@@ -4,7 +4,7 @@\n #\n ################################################################################\n \n-RAUC_VERSION = 1.15.1\n+RAUC_VERSION = 1.15.2\n RAUC_SITE = https://github.com/rauc/rauc/releases/download/v$(RAUC_VERSION)\n RAUC_SOURCE = rauc-$(RAUC_VERSION).tar.xz\n RAUC_LICENSE = LGPL-2.1\n", "prefixes": [] }