Patch Detail
get:
Show a patch.
patch:
Update a patch.
put:
Update a patch.
GET /api/patches/2217612/?format=api
{ "id": 2217612, "url": "http://patchwork.ozlabs.org/api/patches/2217612/?format=api", "web_url": "http://patchwork.ozlabs.org/project/buildroot/patch/20260330090648.14672-1-titouan.christophe@mind.be/", "project": { "id": 27, "url": "http://patchwork.ozlabs.org/api/projects/27/?format=api", "name": "Buildroot development", "link_name": "buildroot", "list_id": "buildroot.buildroot.org", "list_email": "buildroot@buildroot.org", "web_url": "", "scm_url": "", "webscm_url": "", "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20260330090648.14672-1-titouan.christophe@mind.be>", "list_archive_url": null, "date": "2026-03-30T09:06:48", "name": "[for,2025.02.x] package/python-django: security bump to v5.2.12", "commit_ref": null, "pull_url": null, "state": "new", "archived": false, "hash": "3e8e02c538c594ef287e1003c500372f169ffcc4", "submitter": { "id": 90763, "url": "http://patchwork.ozlabs.org/api/people/90763/?format=api", "name": "Titouan Christophe", "email": "titouan.christophe@mind.be" }, "delegate": null, "mbox": "http://patchwork.ozlabs.org/project/buildroot/patch/20260330090648.14672-1-titouan.christophe@mind.be/mbox/", "series": [ { "id": 497981, "url": "http://patchwork.ozlabs.org/api/series/497981/?format=api", "web_url": "http://patchwork.ozlabs.org/project/buildroot/list/?series=497981", "date": "2026-03-30T09:06:48", "name": "[for,2025.02.x] package/python-django: security bump to v5.2.12", "version": 1, "mbox": "http://patchwork.ozlabs.org/series/497981/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/patches/2217612/comments/", "check": "pending", "checks": "http://patchwork.ozlabs.org/api/patches/2217612/checks/", "tags": {}, "related": [], "headers": { "Return-Path": "<buildroot-bounces@buildroot.org>", "X-Original-To": [ "incoming-buildroot@patchwork.ozlabs.org", "buildroot@buildroot.org" ], "Delivered-To": [ "patchwork-incoming-buildroot@legolas.ozlabs.org", "buildroot@buildroot.org" ], "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=qe1BZI0B;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)" ], "Received": [ "from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fklkV1DQwz1yG8\n\tfor <incoming-buildroot@patchwork.ozlabs.org>;\n Mon, 30 Mar 2026 20:07:11 +1100 (AEDT)", "from localhost (localhost [127.0.0.1])\n\tby smtp4.osuosl.org (Postfix) with ESMTP id 4958F4080E;\n\tMon, 30 Mar 2026 09:07:04 +0000 (UTC)", "from smtp4.osuosl.org ([127.0.0.1])\n by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id zRoYYDgTz2ro; Mon, 30 Mar 2026 09:07:00 +0000 (UTC)", "from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp4.osuosl.org (Postfix) with ESMTP id 7FF9F40816;\n\tMon, 30 Mar 2026 09:07:00 +0000 (UTC)", "from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133])\n by lists1.osuosl.org (Postfix) with ESMTP id 855362C5\n for <buildroot@buildroot.org>; Mon, 30 Mar 2026 09:06:59 +0000 (UTC)", "from localhost (localhost [127.0.0.1])\n by smtp2.osuosl.org (Postfix) with ESMTP id 713F8400FE\n for <buildroot@buildroot.org>; Mon, 30 Mar 2026 09:06:59 +0000 (UTC)", "from smtp2.osuosl.org ([127.0.0.1])\n by localhost (smtp2.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id vKMBSne5qX3K for <buildroot@buildroot.org>;\n Mon, 30 Mar 2026 09:06:56 +0000 (UTC)", "from mail-wm1-x329.google.com (mail-wm1-x329.google.com\n [IPv6:2a00:1450:4864:20::329])\n by smtp2.osuosl.org (Postfix) with ESMTPS id 24FBD4041B\n for <buildroot@buildroot.org>; Mon, 30 Mar 2026 09:06:54 +0000 (UTC)", "by mail-wm1-x329.google.com with SMTP id\n 5b1f17b1804b1-48702d51cd0so50547735e9.2\n for <buildroot@buildroot.org>; Mon, 30 Mar 2026 02:06:54 -0700 (PDT)", "from dragon (ip-94-140-185-241.reverse.destiny.be. [94.140.185.241])\n by smtp.gmail.com with ESMTPSA id\n 5b1f17b1804b1-487270f1943sm95773575e9.7.2026.03.30.02.06.51\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Mon, 30 Mar 2026 02:06:52 -0700 (PDT)" ], "X-Virus-Scanned": [ "amavis at osuosl.org", "amavis at osuosl.org" ], "X-Comment": "SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver=<UNKNOWN> ", "DKIM-Filter": [ "OpenDKIM Filter v2.11.0 smtp4.osuosl.org 7FF9F40816", "OpenDKIM Filter v2.11.0 smtp2.osuosl.org 24FBD4041B" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1774861620;\n\tbh=1fxLC6EbG8+NBgcQTiSYhQLLTX4Ug9FFKf5Gtx3VvLc=;\n\th=To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:\n\t List-Help:List-Subscribe:From:Reply-To:Cc:From;\n\tb=qe1BZI0BP7dkji73xUlXpc5MXP9cvlFvXYX7pv1jtwnyuZJEINC7wTyrR4Ru5X8mE\n\t qrGMo+PnfceehZgi6Z/t58jnIfnAaNG5dJx7akA9aiJ56/L5GvjjG/T1af2Gekr9Ip\n\t aThjOKafuc4MYXMUwgb4p5s31fJmzsO4ltS6Vbgoi2HD0nne1HfmaiWsmnzhx2noHt\n\t FjhqBSDvjCAV0WV3xF2xrD/3pRnwEnz8/z8q3kcHG4Wa9vX7Xp9lm53a6b9pmEJDpx\n\t lrBnxPNetVPyGYuI3g91Kb4gNm6YsE76Q9ohW7nqfXkdOMPGTjz/It18D7eBcz4Xoj\n\t d+v94qsbuuGVg==", "Received-SPF": "Pass (mailfrom) identity=mailfrom;\n client-ip=2a00:1450:4864:20::329; helo=mail-wm1-x329.google.com;\n envelope-from=titouan.christophe@essensium.com; receiver=<UNKNOWN>", "DMARC-Filter": "OpenDMARC Filter v1.4.2 smtp2.osuosl.org 24FBD4041B", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1774861612; x=1775466412;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date\n :message-id:reply-to;\n bh=N2l4hc8DOXqstpi52hNIMZwhUDvEnqdzp/QIou/vezQ=;\n b=XgKVWY5dcn256d9vkyu58ZgS+2UbfXJVlp0IjROnslfbfvVtUU5qspue37mwOP8D/H\n e9t3ouDVJhrfEuW8STEXFGz2a68bHKxSgJQRvvh9NYqj63vC9uUDPyB4x2y0lduDLPJ0\n 8Dd8jeNRFFUfFuBErLhYIdHDTJGgr85PybvHvswEBQTmJOAQsqCHtzSGv38LiB7ROD69\n y+Ccuq1utIGhj3brlb+Ug35zZLl9jDbeGRMXz3YrK8L+ctc01U7jyU53b7WCU7T0lMia\n 2fgtGymsJefMUkYlBaj3zI3Xm8xy7TPneFZuSO2KSzsST5jqhnjKHfaUSjO+zTriCfKM\n y3OA==", "X-Gm-Message-State": "AOJu0Yw4kVspbEolL8pFqeWv8JlxsqFxUwUqg84GiJNUCedNfp78usXo\n d6J7YOQYz5CReTB/o3KrRkdlcc0n7TQim5YPEQAqPmzVeM64EssUH24Bp4QLSb5o5fFVxxNWxOM\n Iov4OARY=", "X-Gm-Gg": "ATEYQzykWznLeRbsGnndxgl9K4Vg6IPzo57WMziisvCTOU43//tp0+B2ygz18vVfdnE\n w74K8RCWtTGiHTCllzm9j7gcpI5XGApzQU+lxrGRw5t3yBV+zdlOxzfYOoOnckly/O8V1VDMlOk\n Sl+yoNR//g0qvzitwDjtImWI2kIV1Hhjg3tm2duXUSTF3SYCD9G0JcMvKn/x0H0i4/AXMqZB5hn\n 7L8fSSs1kkdZs3fvP5mD7BLoicHiGytU5U7pET9LGMNMhRMOh90M3nbkLuWSpg3kVjNt6ta3Ppj\n kCoMKp3nmX11nf0FiszEwoVoMRP0pFCDdnrHvSMuXiIPReDfTWpHvR40pLcZV4upvL16LJ71nwx\n UHPDB8L3ME6x5miezubXaQbdN12Da0lOOHU343lQYwRJy/R7L8M1dhz7Az+cTnnJoLfrnKXLqny\n 015Inr/xkAIcw03uuUUf8Nn+EVro4UtvjvaUS5hvt2jIYrE+xzBfN/TNsQ7eF8e7QuJuTmuE2Vq\n VyQ", "X-Received": "by 2002:a05:600c:a00b:b0:485:34b3:8587 with SMTP id\n 5b1f17b1804b1-48727d8ffc5mr198755425e9.10.1774861612440;\n Mon, 30 Mar 2026 02:06:52 -0700 (PDT)", "To": "buildroot@buildroot.org", "Date": "Mon, 30 Mar 2026 11:06:48 +0200", "Message-ID": "<20260330090648.14672-1-titouan.christophe@mind.be>", "X-Mailer": "git-send-email 2.53.0", "MIME-Version": "1.0", "X-Mailman-Original-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=mind.be; s=google; t=1774861612; x=1775466412; darn=buildroot.org;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:from:to:cc:subject:date:message-id:reply-to;\n bh=N2l4hc8DOXqstpi52hNIMZwhUDvEnqdzp/QIou/vezQ=;\n b=FOQbZraVWD/dCj6vKSnbFPQjG6azZVSYx6/KQtFeLpbcP23CdJuqcwArV3GfylwXN1\n BdA9HXfOmoB5YbKFUky52Ssx8W8sF63Ko4B1TcLhR3jXnApuyjAthoqKcdJMWpBcRSsc\n fDm+aRGbW0RWqzGPd+gptN2B1wDwzTcjHwu+eoZI1gxRUsjbUeqr/q/O5rJQpsBLHL65\n 0t1UUz5SSdDrEaRGDWENBE4hKraAS3qxvXI4N2B7aZIikwjNPHoKeWp7KIkpcoZAsYR7\n AyfWhR0xaclo0EH7nnc3KFpR0xBAKVreFsZd355TuCyFi+aji+Lbd9nuMfm8rWSRe4Ls\n DOQg==", "X-Mailman-Original-Authentication-Results": [ "smtp2.osuosl.org;\n dmarc=pass (p=quarantine dis=none)\n header.from=mind.be", "smtp2.osuosl.org;\n dkim=pass (2048-bit key,\n unprotected) header.d=mind.be header.i=@mind.be header.a=rsa-sha256\n header.s=google header.b=FOQbZraV" ], "Subject": "[Buildroot] [PATCH for 2025.02.x] package/python-django: security\n bump to v5.2.12", "X-BeenThere": "buildroot@buildroot.org", "X-Mailman-Version": "2.1.30", "Precedence": "list", "List-Id": "Discussion and development of buildroot <buildroot.buildroot.org>", "List-Unsubscribe": "<https://lists.buildroot.org/mailman/options/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=unsubscribe>", "List-Archive": "<http://lists.buildroot.org/pipermail/buildroot/>", "List-Post": "<mailto:buildroot@buildroot.org>", "List-Help": "<mailto:buildroot-request@buildroot.org?subject=help>", "List-Subscribe": "<https://lists.buildroot.org/mailman/listinfo/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=subscribe>", "From": "Titouan Christophe via buildroot <buildroot@buildroot.org>", "Reply-To": "Titouan Christophe <titouan.christophe@mind.be>", "Cc": "James Hilliard <james.hilliard1@gmail.com>,\n Manuel Diener <manuel.diener@oss.othermo.de>,\n Oli Vogt <oli.vogt.pub01@gmail.com>, Marcus Hoffmann <bubu@bubu1.eu>", "Content-Type": "text/plain; charset=\"us-ascii\"", "Content-Transfer-Encoding": "7bit", "Errors-To": "buildroot-bounces@buildroot.org", "Sender": "\"buildroot\" <buildroot-bounces@buildroot.org>" }, "content": "See the release notes:\nhttps://docs.djangoproject.com/en/5.2/releases/5.2.12/\n\nThis fixes the following vulnerabilities:\n\n- CVE-2026-25673:\n An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and\n 4.2 before 4.2.29. `URLField.to_python()` in Django calls\n `urllib.parse.urlsplit()`, which performs NFKC normalization on\n Windows that is disproportionately slow for certain Unicode\n characters, allowing a remote attacker to cause denial of service via\n large URL inputs containing these characters. Earlier, unsupported\n Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and\n may also be affected. Django would like to thank Seokchan Yoon for\n reporting this issue.\n https://www.cve.org/CVERecord?id=CVE-2026-25673\n\n- CVE-2026-25674:\n An issue was discovered in 6.0 before 6.0.3, 5.2 before 5.2.12, and\n 4.2 before 4.2.29. Race condition in file-system storage and file-\n based cache backends in Django allows an attacker to cause file system\n objects to be created with incorrect permissions via concurrent\n requests, where one thread's temporary `umask` change affects other\n threads in multi-threaded environments. Earlier, unsupported Django\n series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may\n also be affected. Django would like to thank Tarek Nakkouch for\n reporting this issue.\n https://www.cve.org/CVERecord?id=CVE-2026-25674\n\nSigned-off-by: Titouan Christophe <titouan.christophe@mind.be>\n---\n package/python-django/python-django.hash | 4 ++--\n package/python-django/python-django.mk | 4 ++--\n 2 files changed, 4 insertions(+), 4 deletions(-)", "diff": "diff --git a/package/python-django/python-django.hash b/package/python-django/python-django.hash\nindex 1cd2959b69..b1859b0647 100644\n--- a/package/python-django/python-django.hash\n+++ b/package/python-django/python-django.hash\n@@ -1,6 +1,6 @@\n # md5, sha256 from https://pypi.org/pypi/django/json\n-md5 051357d45eb71a115a64e6d2a79c7c51 django-5.2.11.tar.gz\n-sha256 7f2d292ad8b9ee35e405d965fbbad293758b858c34bbf7f3df551aeeac6f02d3 django-5.2.11.tar.gz\n+md5 9b60bb1145abcc97d276694f3f82a3b8 django-5.2.12.tar.gz\n+sha256 6b809af7165c73eff5ce1c87fdae75d4da6520d6667f86401ecf55b681eb1eeb django-5.2.12.tar.gz\n # Locally computed sha256 checksums\n sha256 b846415d1b514e9c1dff14a22deb906d794bc546ca6129f950a18cd091e2a669 LICENSE\n sha256 dcac1c86cb7ab491702bdb4c41be680fafde51536748cc8aaee3840eec53ed17 django/contrib/gis/measure.py\ndiff --git a/package/python-django/python-django.mk b/package/python-django/python-django.mk\nindex 4b840701f4..52d0a2b740 100644\n--- a/package/python-django/python-django.mk\n+++ b/package/python-django/python-django.mk\n@@ -4,10 +4,10 @@\n #\n ################################################################################\n \n-PYTHON_DJANGO_VERSION = 5.2.11\n+PYTHON_DJANGO_VERSION = 5.2.12\n PYTHON_DJANGO_SOURCE = django-$(PYTHON_DJANGO_VERSION).tar.gz\n # The official Django site has an unpractical URL\n-PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/17/f2/3e57ef696b95067e05ae206171e47a8e53b9c84eec56198671ef9eaa51a6\n+PYTHON_DJANGO_SITE = https://files.pythonhosted.org/packages/bd/55/b9445fc0695b03746f355c05b2eecc54c34e05198c686f4fc4406b722b52\n PYTHON_DJANGO_LICENSE = BSD-3-Clause, MIT (jquery, utils/archive.py), BSD-2-Clause (inlines.js)\n PYTHON_DJANGO_LICENSE_FILES = LICENSE \\\n \tdjango/contrib/gis/measure.py \\\n", "prefixes": [ "for", "2025.02.x" ] }