Patch Detail

HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2226470,
    "url": "http://patchwork.ozlabs.org/api/patches/2226470/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/buildroot/patch/20260422125721.3193186-1-peter@korsgaard.com/",
    "project": {
        "id": 27,
        "url": "http://patchwork.ozlabs.org/api/projects/27/?format=api",
        "name": "Buildroot development",
        "link_name": "buildroot",
        "list_id": "buildroot.buildroot.org",
        "list_email": "buildroot@buildroot.org",
        "web_url": "",
        "scm_url": "",
        "webscm_url": "",
        "list_archive_url": "",
        "list_archive_url_format": "",
        "commit_url_format": ""
    },
    "msgid": "<20260422125721.3193186-1-peter@korsgaard.com>",
    "list_archive_url": null,
    "date": "2026-04-22T12:57:20",
    "name": "[PATCH-2025.02.x] package/python3: security bump to version 3.12.13",
    "commit_ref": null,
    "pull_url": null,
    "state": "new",
    "archived": false,
    "hash": "471f80130bf7a89f5f36f550be4cd667ecfb0bdb",
    "submitter": {
        "id": 42365,
        "url": "http://patchwork.ozlabs.org/api/people/42365/?format=api",
        "name": "Peter Korsgaard",
        "email": "peter@korsgaard.com"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/buildroot/patch/20260422125721.3193186-1-peter@korsgaard.com/mbox/",
    "series": [
        {
            "id": 501009,
            "url": "http://patchwork.ozlabs.org/api/series/501009/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/buildroot/list/?series=501009",
            "date": "2026-04-22T12:57:20",
            "name": "[PATCH-2025.02.x] package/python3: security bump to version 3.12.13",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/501009/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/2226470/comments/",
    "check": "pending",
    "checks": "http://patchwork.ozlabs.org/api/patches/2226470/checks/",
    "tags": {},
    "related": [],
    "headers": {
        "Return-Path": "<buildroot-bounces@buildroot.org>",
        "X-Original-To": [
            "incoming-buildroot@patchwork.ozlabs.org",
            "buildroot@buildroot.org"
        ],
        "Delivered-To": [
            "patchwork-incoming-buildroot@legolas.ozlabs.org",
            "buildroot@buildroot.org"
        ],
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=Ou7/3AIs;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=140.211.166.138; helo=smtp1.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)"
        ],
        "Received": [
            "from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g0zm84mVPz1yCv\n\tfor <incoming-buildroot@patchwork.ozlabs.org>;\n Wed, 22 Apr 2026 22:58:00 +1000 (AEST)",
            "from localhost (localhost [127.0.0.1])\n\tby smtp1.osuosl.org (Postfix) with ESMTP id 06DCB848A8;\n\tWed, 22 Apr 2026 12:57:58 +0000 (UTC)",
            "from smtp1.osuosl.org ([127.0.0.1])\n by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id uAo4D4kgnjt4; Wed, 22 Apr 2026 12:57:54 +0000 (UTC)",
            "from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp1.osuosl.org (Postfix) with ESMTP id DCEE4848BE;\n\tWed, 22 Apr 2026 12:57:53 +0000 (UTC)",
            "from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])\n by lists1.osuosl.org (Postfix) with ESMTP id B56E4183\n for <buildroot@buildroot.org>; Wed, 22 Apr 2026 12:57:52 +0000 (UTC)",
            "from localhost (localhost [127.0.0.1])\n by smtp4.osuosl.org (Postfix) with ESMTP id B2CE342746\n for <buildroot@buildroot.org>; Wed, 22 Apr 2026 12:57:52 +0000 (UTC)",
            "from smtp4.osuosl.org ([127.0.0.1])\n by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id Qu92rYfsHRyJ for <buildroot@buildroot.org>;\n Wed, 22 Apr 2026 12:57:48 +0000 (UTC)",
            "from sendmail.purelymail.com (sendmail.purelymail.com\n [34.202.193.197])\n by smtp4.osuosl.org (Postfix) with ESMTPS id D4FCD42745\n for <buildroot@buildroot.org>; Wed, 22 Apr 2026 12:57:47 +0000 (UTC)",
            "by smtp.purelymail.com (Purelymail SMTP) with ESMTPSA id -530940237;\n (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384);\n Wed, 22 Apr 2026 12:57:45 +0000 (UTC)",
            "from peko by dell.be.48ers.dk with local (Exim 4.98.2)\n (envelope-from <peko@dell.be.48ers.dk>) id 1wFX9E-0000000DOj5-01pR;\n Wed, 22 Apr 2026 14:57:44 +0200"
        ],
        "X-Virus-Scanned": [
            "amavis at osuosl.org",
            "amavis at osuosl.org"
        ],
        "X-Comment": "SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver=<UNKNOWN> ",
        "DKIM-Filter": [
            "OpenDKIM Filter v2.11.0 smtp1.osuosl.org DCEE4848BE",
            "OpenDKIM Filter v2.11.0 smtp4.osuosl.org D4FCD42745"
        ],
        "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1776862674;\n\tbh=eI6SKD6ZMMzOtGaozT4T50sBGIZ0z8L6P06uj/aLq/4=;\n\th=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:\n\t List-Post:List-Help:List-Subscribe:Cc:From;\n\tb=Ou7/3AIsGytNJrI3xuhRbxq+NFyf11kupgvh+n5vUdSA5pube6wjNow6bW454S0FS\n\t XyWIyJeY6WNoJeQSHk0SOozl9TTleDvC0sYwAIoyjrrD6l9R9Be3sIXpIwFgTcXseV\n\t are2e/SnPfJVKQMV7XuCLuF/p5Jjzo6mLcDzEyipuLlQzlnGsxwwyqRCw6gaVoCjKh\n\t nPuzLTs7TnUtjJJUIDsqbomEWau3Le6CSM/FM4NfRlcaM2rZMg0eN7+qmDDUTwfG2u\n\t S6YKuV5f32ielF4z9n+ZHwQTzJdtHdSqejR5XEIrXlkegvgF6uH1ouDu9GKB1qWkBp\n\t w0wcYmC+Z9eXg==",
        "Received-SPF": "Pass (mailfrom) identity=mailfrom; client-ip=34.202.193.197;\n helo=sendmail.purelymail.com; envelope-from=peko@korsgaard.com;\n receiver=<UNKNOWN>",
        "DMARC-Filter": "OpenDMARC Filter v1.4.2 smtp4.osuosl.org D4FCD42745",
        "Feedback-ID": "21632:4007:null:purelymail",
        "X-Pm-Original-To": "buildroot@buildroot.org",
        "From": "Peter Korsgaard <peter@korsgaard.com>",
        "To": "buildroot@buildroot.org",
        "Date": "Wed, 22 Apr 2026 14:57:20 +0200",
        "Message-ID": "<20260422125721.3193186-1-peter@korsgaard.com>",
        "X-Mailer": "git-send-email 2.47.3",
        "MIME-Version": "1.0",
        "X-MIME-Autoconverted": "from 8bit to quoted-printable by Purelymail",
        "X-Mailman-Original-DKIM-Signature": "a=rsa-sha256;\n b=GRt22PDp+YD5Q8LYzLky5+YQBXoSAYknsrd4HVu4kK0cTK43DCbxfoCop+rQQwfEjIrUfG/0+vo4dhXXTiBbUyHsIxWgUUT6ZUBwy7iH68pIZDu6tpCmD9WsPlauGxr73VVzZNuavPIOCZKLcQqsef1pm88eML2okdq9XeoHpwFF0wJSvgE598iuxWJTtsvhWJTxc2T4eNMIQWCaiaK3dtJDUTgzEIHDMOlL6l5d6o71IsyQNH0i9QkAC4VmtuWkwylc9vnhNICEN1XPYLZpfgCVpVW81TVVtRRzmk8lUkSy0QdIUtFXC4NGYfdOormbXQmSBhIbH9pY3LdW7eiEkQ==;\n s=purelymail2; d=purelymail.com; v=1;\n bh=EN/SG3zmfL8qHIFNoMFldCnEhS1wWm9SNa1/CFBEeB0=;\n h=Feedback-ID:Received:Received:From:To:Subject:Date;",
        "X-Mailman-Original-Authentication-Results": [
            "smtp4.osuosl.org;\n dmarc=none (p=none dis=none)\n header.from=korsgaard.com",
            "smtp4.osuosl.org;\n dkim=pass (2048-bit key,\n unprotected) header.d=purelymail.com header.i=@purelymail.com\n header.a=rsa-sha256 header.s=purelymail2 header.b=GRt22PDp",
            "purelymail.com; auth=pass"
        ],
        "Subject": "[Buildroot] [PATCH-2025.02.x] package/python3: security bump to\n version 3.12.13",
        "X-BeenThere": "buildroot@buildroot.org",
        "X-Mailman-Version": "2.1.30",
        "Precedence": "list",
        "List-Id": "Discussion and development of buildroot <buildroot.buildroot.org>",
        "List-Unsubscribe": "<https://lists.buildroot.org/mailman/options/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=unsubscribe>",
        "List-Archive": "<http://lists.buildroot.org/pipermail/buildroot/>",
        "List-Post": "<mailto:buildroot@buildroot.org>",
        "List-Help": "<mailto:buildroot-request@buildroot.org?subject=help>",
        "List-Subscribe": "<https://lists.buildroot.org/mailman/listinfo/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=subscribe>",
        "Cc": "James Hilliard <james.hilliard1@gmail.com>,\n Thomas Petazzoni <thomas.petazzoni@bootlin.com>",
        "Content-Type": "text/plain; charset=\"us-ascii\"",
        "Content-Transfer-Encoding": "7bit",
        "Errors-To": "buildroot-bounces@buildroot.org",
        "Sender": "\"buildroot\" <buildroot-bounces@buildroot.org>"
    },
    "content": "Fixes a number of security issues:\n\nEmail and header-related:\n\ngh-144125: email.generator.BytesGenerator now refuses to serialize headers\nthat are unsafely folded or delimited (see\nemail.policy.Policy.verify_generated_headers); addressing CVE-2024-6923.\n\ngh-143935: Fixed comment folding in modern email policies to prevent header\ninjection when very long non-foldable comment text is wrapped.\n\ngh-136063: email.message now ensures linear complexity for legacy HTTP\nparameter parsing.\n\nHTTP, cookies, and URL parsing-related:\n\ngh-143916: wsgiref.headers.Headers now rejects C0 control characters in\nfields, values, and parameters.\n\ngh-143919: http.cookies.Morsel now rejects control characters in fields and\nvalues.\n\ngh-143925: data: URL media types now reject control characters.\n\nXML-related:\n\ngh-144363: Upgraded bundled libexpat to 2.7.4 to fix CVE-2026-24515 and\nCVE-2026-25210.\n\ngh-90949: Added Expat allocation-tracker APIs to xml.parsers.expat parser\nobjects to limit memory amplification from malicious XML input; includes\nmitigation for CVE-2025-59375.\n\ngh-142145: Removed quadratic behavior in xml.dom.minidom node ID cache\nclearing.\n\nDenial-of-service hardening:\n\ngh-119342: Fixed a potential memory denial of service in plistlib.\n\ngh-119451: Fixed a potential memory denial of service in http.client.\n\ngh-119452: Fixed a potential memory denial of service in http.server (CGI\nserver on Windows).\n\ngh-136065: Fixed quadratic complexity in os.path.expandvars().\n\nHTML parsing-related:\n\ngh-137836: Hardened html.parser.HTMLParser with support for additional\nRAWTEXT/PLAINTEXT elements (plaintext, xmp, iframe, noembed, noframes,\noptional noscript), improving robust handling of hostile markup.\n\nSSL memory-safety fixes:\n\ngh-144833: Fixed a use-after-free in ssl when SSL_new() fails.\n\nFor details, see the announcement:\nhttps://www.python.org/downloads/release/python-31213/\n\nUpstream now provides a sha256 hash, so use that instead of md5.\n\nSigned-off-by: Peter Korsgaard <peter@korsgaard.com>\n---\n package/python3/python3.hash | 5 ++---\n package/python3/python3.mk   | 2 +-\n 2 files changed, 3 insertions(+), 4 deletions(-)",
    "diff": "diff --git a/package/python3/python3.hash b/package/python3/python3.hash\nindex ed0d879f11..6964789262 100644\n--- a/package/python3/python3.hash\n+++ b/package/python3/python3.hash\n@@ -1,5 +1,4 @@\n-# From https://www.python.org/downloads/release/python-31211/\n-md5  04feb01316c7bb1b448001adbc63dd23  Python-3.12.12.tar.xz\n+# From https://www.python.org/downloads/release/python-31213/\n+sha256  c08bc65a81971c1dd5783182826503369466c7e67374d1646519adf05207b684  Python-3.12.13.tar.xz\n # Locally computed\n-sha256  fb85a13414b028c49ba18bbd523c2d055a30b56b18b92ce454ea2c51edc656c4  Python-3.12.12.tar.xz\n sha256  3b2f81fe21d181c499c59a256c8e1968455d6689d269aa85373bfb6af41da3bf  LICENSE\ndiff --git a/package/python3/python3.mk b/package/python3/python3.mk\nindex 4ace4d8573..60ab5b0cbc 100644\n--- a/package/python3/python3.mk\n+++ b/package/python3/python3.mk\n@@ -5,7 +5,7 @@\n ################################################################################\n \n PYTHON3_VERSION_MAJOR = 3.12\n-PYTHON3_VERSION = $(PYTHON3_VERSION_MAJOR).12\n+PYTHON3_VERSION = $(PYTHON3_VERSION_MAJOR).13\n PYTHON3_SOURCE = Python-$(PYTHON3_VERSION).tar.xz\n PYTHON3_SITE = https://python.org/ftp/python/$(PYTHON3_VERSION)\n PYTHON3_LICENSE = Python-2.0, others\n",
    "prefixes": [
        "PATCH-2025.02.x"
    ]
}