GET

Patch Detail

get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/patches/2218755/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2218755,
    "url": "http://patchwork.ozlabs.org/api/patches/2218755/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/buildroot/patch/20260401203524.595554-1-titouan.christophe@mind.be/",
    "project": {
        "id": 27,
        "url": "http://patchwork.ozlabs.org/api/projects/27/?format=api",
        "name": "Buildroot development",
        "link_name": "buildroot",
        "list_id": "buildroot.buildroot.org",
        "list_email": "buildroot@buildroot.org",
        "web_url": "",
        "scm_url": "",
        "webscm_url": "",
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20260401203524.595554-1-titouan.christophe@mind.be>",
    "list_archive_url": null,
    "date": "2026-04-01T20:35:24",
    "name": "[for,2025.02.x] package/ruby: security bump to v3.4.9",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "23cd04330ca522261f62156ffffb2247b5437ac2",
    "submitter": {
        "id": 90763,
        "url": "http://patchwork.ozlabs.org/api/people/90763/?format=api",
        "name": "Titouan Christophe",
        "email": "titouan.christophe@mind.be"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/buildroot/patch/20260401203524.595554-1-titouan.christophe@mind.be/mbox/",
    "series": [
        {
            "id": 498387,
            "url": "http://patchwork.ozlabs.org/api/series/498387/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/buildroot/list/?series=498387",
            "date": "2026-04-01T20:35:24",
            "name": "[for,2025.02.x] package/ruby: security bump to v3.4.9",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/498387/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/2218755/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/2218755/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<buildroot-bounces@buildroot.org>",
        "X-Original-To": [
            "incoming-buildroot@patchwork.ozlabs.org",
            "buildroot@buildroot.org"
        ],
        "Delivered-To": [
            "patchwork-incoming-buildroot@legolas.ozlabs.org",
            "buildroot@buildroot.org"
        ],
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=Y37AtPWT;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)"
        ],
        "Received": [
            "from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fmGvt3TR9z1yFv\n\tfor <incoming-buildroot@patchwork.ozlabs.org>;\n Thu, 02 Apr 2026 07:35:36 +1100 (AEDT)",
            "from localhost (localhost [127.0.0.1])\n\tby smtp4.osuosl.org (Postfix) with ESMTP id C9A05406C6;\n\tWed,  1 Apr 2026 20:35:34 +0000 (UTC)",
            "from smtp4.osuosl.org ([127.0.0.1])\n by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id 2IGhT-pr0Dmp; Wed,  1 Apr 2026 20:35:33 +0000 (UTC)",
            "from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp4.osuosl.org (Postfix) with ESMTP id 97986406C9;\n\tWed,  1 Apr 2026 20:35:33 +0000 (UTC)",
            "from smtp2.osuosl.org (smtp2.osuosl.org [IPv6:2605:bc80:3010::133])\n by lists1.osuosl.org (Postfix) with ESMTP id E68992E9\n for <buildroot@buildroot.org>; Wed,  1 Apr 2026 20:35:31 +0000 (UTC)",
            "from localhost (localhost [127.0.0.1])\n by smtp2.osuosl.org (Postfix) with ESMTP id D6DE040026\n for <buildroot@buildroot.org>; Wed,  1 Apr 2026 20:35:30 +0000 (UTC)",
            "from smtp2.osuosl.org ([127.0.0.1])\n by localhost (smtp2.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id fXhIKpWAMl3D for <buildroot@buildroot.org>;\n Wed,  1 Apr 2026 20:35:30 +0000 (UTC)",
            "from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com\n [IPv6:2a00:1450:4864:20::52b])\n by smtp2.osuosl.org (Postfix) with ESMTPS id 55B8C40012\n for <buildroot@buildroot.org>; Wed,  1 Apr 2026 20:35:28 +0000 (UTC)",
            "by mail-ed1-x52b.google.com with SMTP id\n 4fb4d7f45d1cf-66bb6eb28acso398803a12.0\n for <buildroot@buildroot.org>; Wed, 01 Apr 2026 13:35:28 -0700 (PDT)",
            "from dragon.home ([2a02:a03f:73a7:c001:1291:d1ff:fe92:3b5a])\n by smtp.gmail.com with ESMTPSA id\n a640c23a62f3a-b9c3cec6c3csm21379166b.29.2026.04.01.13.35.25\n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Wed, 01 Apr 2026 13:35:26 -0700 (PDT)"
        ],
        "X-Virus-Scanned": [
            "amavis at osuosl.org",
            "amavis at osuosl.org"
        ],
        "X-Comment": "SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver=<UNKNOWN> ",
        "DKIM-Filter": [
            "OpenDKIM Filter v2.11.0 smtp4.osuosl.org 97986406C9",
            "OpenDKIM Filter v2.11.0 smtp2.osuosl.org 55B8C40012"
        ],
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1775075733;\n\tbh=om0z4Is6Hx4uAUhsskDnxgcqFsTWgnz0oYguTbpeJvU=;\n\th=To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:\n\t List-Help:List-Subscribe:From:Reply-To:Cc:From;\n\tb=Y37AtPWTgo7AjSmLZkUb0Q/4o8uCFoxDIXLISKMcEuq9B+2SbExH+4JdkIcubR/7Q\n\t CGU0+DgM7xN2k6tmPQzJwZmo+yIDQYYUFc7mRoLHMmU3OPjj+biFg5JKu5g6pZ+AqW\n\t rLw4SazpEhRTT3NJYQGgP4gIgNpk2wBvvwJTn6sbICsFRkzHlGIQIl3wQtn+q+zccH\n\t ivKeyvJ3wtRpgHBTn8rwpPrVk/notzTD0Bao96qcrcqOavNlTCVXPoOY2PEj2dm2Mi\n\t pTKRYqlwMO0pCD7SDBgBeCP8G/9hIy6JR27vMf/UazUbIgi559ly5WqJJI1NSC10nV\n\t hfyJPzEUBJ5Ig==",
        "Received-SPF": "Pass (mailfrom) identity=mailfrom;\n client-ip=2a00:1450:4864:20::52b; helo=mail-ed1-x52b.google.com;\n envelope-from=titouan.christophe@essensium.com; receiver=<UNKNOWN>",
        "DMARC-Filter": "OpenDMARC Filter v1.4.2 smtp2.osuosl.org 55B8C40012",
        "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1775075727; x=1775680527;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date\n :message-id:reply-to;\n bh=YJn/z3979YLzKWK6Tnag3ScQkIxGy4rK3icanR6S0Ys=;\n b=IoA0VwG6SqJ2VRzhWGrcBGMN555gOSOUzipwlVYtu6JjfGyHTQZwCECjMcCdanCYEk\n z4Mvp842deZyUuO4wg2o+HPnMZmC8P1Toi6zJCt8oEKHJZXI4l+PLQG7z68lBb50mcwB\n ibMSd/K9hp461t3rdqfJga1Mvz+Pm+Q06QJJqHZeLJ4pmCHh3HkSx0kw0Rs0HHxHZzoy\n wN+zrlp73oBqdY+A5PptcPKcI44fG3Ec0s3pgNr6RtmlKMLR5ogsmwlG/7gldWho1M7u\n pSDoAX4bqjkE35P1lfw6UJB1gf+w6lJS0nhv7HfVmWQ0xuyDZUAi8N1TZqP90O/UP8W/\n XkOw==",
        "X-Gm-Message-State": "AOJu0Ywp208MDbtpr5+mawBlQ06RIcH/cvQhs1IH0wofugUc6astSvAj\n TiqRW16dCegUbAzZGIDlV5Xw0n9Yt5Tvt0LQhsYx+my/ZXXZTXOtVQNrb3ZjT5TRbwdTjy4LEbQ\n 47wFjKOk=",
        "X-Gm-Gg": "ATEYQzyKvK/HvX7CP5/cokTyxwh/m+BrNWg8C/Kw1/ZZu3Ijdpsa3xA0E2gU48bhgG0\n 4AO7I8KyKuluhu0cboDnER+RUbLMVnvUqzrc3wWRNNPWiaSrfi/siY0ZZoO8UATINimYfs0m5rd\n PfepxZP2NmsgUuHnMIO4cmG7HV0tRgJGaz+O+l0H07v1I97asugA1Ajz0392ODu4hWNG/SBaj3a\n X2unf7RBZXLCpFcoAM6h3jR8vC0+TmGgPX7duJLuDRYdkSTm4Tq7wcAdNoVKN8XgSrC7YYjJDEw\n EG0hBw6pc5QakAQqlsvGoBwlKN14pRzYEoeikSBIHTaCG9Z4UAgTxJ/I18QMtlQAoXVefZhrx9J\n QOOWDA5fansacj0K6Hkdfl6zokuNTSLS41Y/u0x81G04lvQSEvwt0Cy0DC98v0vDDeIUUJCUAxf\n DUX9QfFBKk0snoxZfxzNYxNElQlzLjSvazkZS0",
        "X-Received": "by 2002:a17:907:1983:b0:b8f:f08a:4b80 with SMTP id\n a640c23a62f3a-b9c3edf6a6dmr43133266b.3.1775075726638;\n Wed, 01 Apr 2026 13:35:26 -0700 (PDT)",
        "To": "buildroot@buildroot.org",
        "Date": "Wed,  1 Apr 2026 22:35:24 +0200",
        "Message-ID": "<20260401203524.595554-1-titouan.christophe@mind.be>",
        "X-Mailer": "git-send-email 2.53.0",
        "MIME-Version": "1.0",
        "X-Mailman-Original-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=mind.be; s=google; t=1775075727; x=1775680527; darn=buildroot.org;\n h=content-transfer-encoding:mime-version:message-id:date:subject:cc\n :to:from:from:to:cc:subject:date:message-id:reply-to;\n bh=YJn/z3979YLzKWK6Tnag3ScQkIxGy4rK3icanR6S0Ys=;\n b=d+scwjEqz7AQlw1SIy3iFRyNBIyn2V9C+8+ucPEjIRZCey8OkOZhLFQyvC/eKBJRQy\n i1MCezUdbH38EzM8CyQEabw4V5qOgoGAm9gqpfabn3oPRdy5L88bem80Cq0ATGH7uXu8\n SAIRKLGXWZL8Aj0ePHzoSWsMtzApPh8fmhw9QD3vVPk4qdi3zTLyCYh+eCVmGXXttyVo\n hGpoPBrzT6Z4eYRw9tctr8uabibaffFeGrgLAALPwQnhmkAg8CT+o1xzfdG+FgoODest\n W5b4Igcelp92PS/IQMcg97Fbs4mKXCRbh4V4qk+dk+Hy7lHbjWy1yNwlYfEctezWOZ0P\n PxmA==",
        "X-Mailman-Original-Authentication-Results": [
            "smtp2.osuosl.org;\n dmarc=pass (p=quarantine dis=none)\n header.from=mind.be",
            "smtp2.osuosl.org;\n dkim=pass (2048-bit key,\n unprotected) header.d=mind.be header.i=@mind.be header.a=rsa-sha256\n header.s=google header.b=d+scwjEq"
        ],
        "Subject": "[Buildroot] [PATCH for 2025.02.x] package/ruby: security bump to\n v3.4.9",
        "X-BeenThere": "buildroot@buildroot.org",
        "X-Mailman-Version": "2.1.30",
        "Precedence": "list",
        "List-Id": "Discussion and development of buildroot <buildroot.buildroot.org>",
        "List-Unsubscribe": "<https://lists.buildroot.org/mailman/options/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=unsubscribe>",
        "List-Archive": "<http://lists.buildroot.org/pipermail/buildroot/>",
        "List-Post": "<mailto:buildroot@buildroot.org>",
        "List-Help": "<mailto:buildroot-request@buildroot.org?subject=help>",
        "List-Subscribe": "<https://lists.buildroot.org/mailman/listinfo/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=subscribe>",
        "From": "Titouan Christophe via buildroot <buildroot@buildroot.org>",
        "Reply-To": "Titouan Christophe <titouan.christophe@mind.be>",
        "Cc": "thomas.perale@mind.be",
        "Content-Type": "text/plain; charset=\"us-ascii\"",
        "Content-Transfer-Encoding": "7bit",
        "Errors-To": "buildroot-bounces@buildroot.org",
        "Sender": "\"buildroot\" <buildroot-bounces@buildroot.org>"
    },
    "content": "Read the announcements:\n\n- https://www.ruby-lang.org/en/news/2025/10/07/ruby-3-4-7-released/\n- https://www.ruby-lang.org/en/news/2025/12/17/ruby-3-4-8-released/\n- https://www.ruby-lang.org/en/news/2026/03/11/ruby-3-4-9-released/\n\nThis fixes a few vulnerabilities in bundled gems (ruby libraires):\n\n- CVE-2025-27221:\n    In the URI gem before 1.0.3 for Ruby, the URI handling methods\n    (URI.join, URI#merge, URI#+) have an inadvertent leakage of\n    authentication credentials because userinfo is retained even after\n    changing the host.\n    https://www.cve.org/CVERecord?id=CVE-2025-27221\n\n- CVE-2025-58767:\n    REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1\n    has a DoS vulnerability when parsing XML containing multiple XML\n    declarations. If you need to parse untrusted XMLs, you may be impacted\n    to these vulnerabilities. The REXML gem 3.4.2 or later include the\n    patches to fix these vulnerabilities.\n    https://www.cve.org/CVERecord?id=CVE-2025-58767\n\n- CVE-2025-61594:\n    URI is a module providing classes to handle Uniform Resource\n    Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4, a bypass\n    exists for the fix to CVE-2025-27221 that can expose user credentials.\n    When using the `+` operator to combine URIs, sensitive information\n    like passwords from the original URI can be leaked, violating RFC3986\n    and making applications vulnerable to credential exposure. Versions\n    0.12.5, 0.13.3, and 1.0.4 fix the issue.\n    https://www.cve.org/CVERecord?id=CVE-2025-61594\n\n- CVE-2026-27820:\n\tThe zstream_buffer_ungets function prepends caller-provided bytes\n\tahead of previously produced output but fails to guarantee the backing\n\tRuby string has enough capacity before the memmove shifts the existing\n\tdata. This can lead to memory corruption when the buffer length exceeds\n\tcapacity.\n\nSigned-off-by: Titouan Christophe <titouan.christophe@mind.be>\n---\n package/ruby/ruby.hash | 4 ++--\n package/ruby/ruby.mk   | 2 +-\n 2 files changed, 3 insertions(+), 3 deletions(-)",
    "diff": "diff --git a/package/ruby/ruby.hash b/package/ruby/ruby.hash\nindex 90faed4c32..e8bf51ea43 100644\n--- a/package/ruby/ruby.hash\n+++ b/package/ruby/ruby.hash\n@@ -1,5 +1,5 @@\n-# https://www.ruby-lang.org/en/news/2025/09/16/ruby-3-4-6-released/\n-sha512  29000b3396ab95fc2dc13d2d78441ff5c34258e5421115181c54b1b4d55d5c0d4f3d0c3cec6b32b9a1bb8de5c51b383fcad4369ec3fb244fd0ce182afbe79ba4  ruby-3.4.6.tar.xz\n+# https://www.ruby-lang.org/en/news/2026/03/11/ruby-3-4-9-released/\n+sha512  356fb47cc56f2d25198cb95253fc20ff7d9a6fd1fa53bc475e5c440012aebe27562537c399d271357235114ade263fd625029b66cb0f9b526f9c04f169fb9580  ruby-3.4.9.tar.xz\n \n # License files, Locally calculated\n sha256  a2021e52d5d6adf7e3f45aab9d2b860ce03cdf6153776853e11d5668193eecfd  LEGAL\ndiff --git a/package/ruby/ruby.mk b/package/ruby/ruby.mk\nindex ffe42968b5..c56d2510be 100644\n--- a/package/ruby/ruby.mk\n+++ b/package/ruby/ruby.mk\n@@ -5,7 +5,7 @@\n ################################################################################\n \n RUBY_VERSION_MAJOR = 3.4\n-RUBY_VERSION = $(RUBY_VERSION_MAJOR).6\n+RUBY_VERSION = $(RUBY_VERSION_MAJOR).9\n RUBY_VERSION_EXT = 3.4.0\n RUBY_SITE = http://cache.ruby-lang.org/pub/ruby/$(RUBY_VERSION_MAJOR)\n RUBY_SOURCE = ruby-$(RUBY_VERSION).tar.xz\n",
    "prefixes": [
        "for",
        "2025.02.x"
    ]
}