{"id":2223781,"url":"http://patchwork.ozlabs.org/api/1.1/patches/2223781/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/patch/20260416073638.3605579-1-bernd@kuhls.net/","project":{"id":27,"url":"http://patchwork.ozlabs.org/api/1.1/projects/27/?format=json","name":"Buildroot development","link_name":"buildroot","list_id":"buildroot.buildroot.org","list_email":"buildroot@buildroot.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260416073638.3605579-1-bernd@kuhls.net>","date":"2026-04-16T07:36:37","name":"[1/1] package/libexif: security bump to version 0.6.26","commit_ref":null,"pull_url":null,"state":"accepted","archived":false,"hash":"4ba57a0f575d249b8068ca156419e08ae9ecf7d8","submitter":{"id":86624,"url":"http://patchwork.ozlabs.org/api/1.1/people/86624/?format=json","name":"Bernd Kuhls","email":"bernd@kuhls.net"},"delegate":{"id":89618,"url":"http://patchwork.ozlabs.org/api/1.1/users/89618/?format=json","username":"juju","first_name":"Julien","last_name":"Olivain","email":"juju@cotds.org"},"mbox":"http://patchwork.ozlabs.org/project/buildroot/patch/20260416073638.3605579-1-bernd@kuhls.net/mbox/","series":[{"id":500099,"url":"http://patchwork.ozlabs.org/api/1.1/series/500099/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/list/?series=500099","date":"2026-04-16T07:36:37","name":"[1/1] package/libexif: security bump to version 0.6.26","version":1,"mbox":"http://patchwork.ozlabs.org/series/500099/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2223781/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2223781/checks/","tags":{},"headers":{"Return-Path":"<buildroot-bounces@buildroot.org>","X-Original-To":["incoming-buildroot@patchwork.ozlabs.org","buildroot@buildroot.org"],"Delivered-To":["patchwork-incoming-buildroot@legolas.ozlabs.org","buildroot@buildroot.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=RkleUZSz;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=140.211.166.138; helo=smtp1.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)"],"Received":["from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fx8wH5bwfz1yG9\n\tfor <incoming-buildroot@patchwork.ozlabs.org>;\n Thu, 16 Apr 2026 17:36:47 +1000 (AEST)","from localhost (localhost [127.0.0.1])\n\tby smtp1.osuosl.org (Postfix) with ESMTP id B2B4280BB9;\n\tThu, 16 Apr 2026 07:36:44 +0000 (UTC)","from smtp1.osuosl.org ([127.0.0.1])\n by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id veeovd8ttZCR; Thu, 16 Apr 2026 07:36:44 +0000 (UTC)","from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp1.osuosl.org (Postfix) with ESMTP id D429480B20;\n\tThu, 16 Apr 2026 07:36:43 +0000 (UTC)","from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])\n by lists1.osuosl.org (Postfix) with ESMTP id 3BF412CF\n for <buildroot@buildroot.org>; Thu, 16 Apr 2026 07:36:42 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n by smtp4.osuosl.org (Postfix) with ESMTP id 562F1407E0\n for <buildroot@buildroot.org>; Thu, 16 Apr 2026 07:36:41 +0000 (UTC)","from smtp4.osuosl.org ([127.0.0.1])\n by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id 2EkK9-dFcs43 for <buildroot@buildroot.org>;\n Thu, 16 Apr 2026 07:36:40 +0000 (UTC)","from dd20012.kasserver.com (dd20012.kasserver.com [85.13.140.57])\n by smtp4.osuosl.org (Postfix) with ESMTPS id 4D7D240800\n for <buildroot@buildroot.org>; Thu, 16 Apr 2026 07:36:40 +0000 (UTC)","from fli4l.lan.fli4l (p4fd6cf3d.dip0.t-ipconnect.de [79.214.207.61])\n by dd20012.kasserver.com (Postfix) with ESMTPSA id 7A234A4C0BEA\n for <buildroot@buildroot.org>; Thu, 16 Apr 2026 09:36:38 +0200 (CEST)","from bruckner.lan.fli4l ([192.168.1.1]:35382)\n by fli4l.lan.fli4l with esmtp (Exim 4.99.1)\n (envelope-from <bernd@kuhls.net>) id 1wDHHC-000000007bH-0AnF\n for buildroot@buildroot.org; Thu, 16 Apr 2026 07:36:38 +0000"],"X-Virus-Scanned":["amavis at osuosl.org","amavis at osuosl.org"],"X-Comment":"SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver=<UNKNOWN> ","DKIM-Filter":["OpenDKIM Filter v2.11.0 smtp1.osuosl.org D429480B20","OpenDKIM Filter v2.11.0 smtp4.osuosl.org 4D7D240800"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1776325003;\n\tbh=lbuIrCYo0ROw/j7sh7LtM20oyU/e5Rp5HJsLRZxwCqg=;\n\th=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:\n\t List-Post:List-Help:List-Subscribe:From;\n\tb=RkleUZSzninwkgZul24v4Cv8Cm5Jp8d8j4SpNMHJpRM4pQ8aA5ynrArL7mBhYuWki\n\t macqiL/cO8r/gHGv7w4x65tX24oevzfl9krmOgTzs01XjSefhJidxh7bIp05+ZgnGT\n\t 4jOYlkZImZBe0TVYdD1pMiqdfPvIktoJuQwbsAojY01mPisCK16N3K84861t74Ykhb\n\t F0KLpalGszxnoeqST/Bn9dEPqgMHAqXwK11Wyvz9whrXJ3VnhEYdjkapqE9z3L9UVc\n\t XrEhR+JiHbeJ2g7XRQo9EhYMMp3+T0qX2DvMkwk85bX3917PE4/Fzt8v1bwZhtDxhH\n\t EmtewRLMwnVSA==","Received-SPF":"Pass (mailfrom) identity=mailfrom; client-ip=85.13.140.57;\n helo=dd20012.kasserver.com; envelope-from=bernd@kuhls.net;\n receiver=<UNKNOWN>","DMARC-Filter":"OpenDMARC Filter v1.4.2 smtp4.osuosl.org 4D7D240800","From":"Bernd Kuhls <bernd@kuhls.net>","To":"buildroot@buildroot.org","Date":"Thu, 16 Apr 2026 09:36:37 +0200","Message-ID":"<20260416073638.3605579-1-bernd@kuhls.net>","X-Mailer":"git-send-email 2.47.3","MIME-Version":"1.0","X-Spamd-Bar":"+","X-Mailman-Original-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=kuhls.net;\n s=kas202511301023; t=1776324998;\n bh=HTQvGFiX2g1wtvBKQtLea3OC8XnhKpnQ4FUyWrLi2NA=;\n h=From:To:Subject:Date:From;\n b=mb6I13QVVEkd/0XHiXyqA844F6whligTIvYLMsgOB6tR0Ayxu3x/5N2FQHXcUZFHq\n YoB7GwHALXO99kVwHN5RML1FADQ7kZs4/EmW1wafXPIoQIAusAZtkP9mXTOaD8M7Jc\n eAN5dpZ9zjzOPNZ1blqLOLU1wkc/SB7wL2CX9+bPSJDZZtG/2/rmbTl+GPSVHRvH+g\n QS41vRCsCw+3YzDIUh5vVifnwr9serxv3rBtBAlbocNzeFBjBKVKwVuLkFIhFkVkIR\n dQjF6/8r4qOHdeBKyKyoEepl6tgu1ioW9TH2qhmqX72XRzxC27OFLGVZQbpVbiw3AP\n sY2C9J3oJkSjA==","X-Mailman-Original-Authentication-Results":["smtp4.osuosl.org;\n dmarc=pass (p=none dis=none)\n header.from=kuhls.net","smtp4.osuosl.org;\n dkim=pass (2048-bit key) header.d=kuhls.net header.i=@kuhls.net\n header.a=rsa-sha256 header.s=kas202511301023 header.b=mb6I13QV"],"Subject":"[Buildroot] [PATCH 1/1] package/libexif: security bump to version\n 0.6.26","X-BeenThere":"buildroot@buildroot.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"Discussion and development of buildroot <buildroot.buildroot.org>","List-Unsubscribe":"<https://lists.buildroot.org/mailman/options/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=unsubscribe>","List-Archive":"<http://lists.buildroot.org/pipermail/buildroot/>","List-Post":"<mailto:buildroot@buildroot.org>","List-Help":"<mailto:buildroot-request@buildroot.org?subject=help>","List-Subscribe":"<https://lists.buildroot.org/mailman/listinfo/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=subscribe>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@buildroot.org","Sender":"\"buildroot\" <buildroot-bounces@buildroot.org>"},"content":"https://github.com/libexif/libexif/blob/v0.6.26/NEWS\n\n* Security issues fixed:\n  * CVE-2026-40386: An unsigned integer underflow in Fuji and Olympus\n    makernote handling\n  * CVE-2026-40385: An unsigned integer overflow on 32bit systems in\n    Nikon makernote handling\n  * CVE-2026-32775: A buffer overwrite via integer underflow in makernote\n    handling\n\nSwitched to xz tarball and tarball hash provided by upstream.\n\nSigned-off-by: Bernd Kuhls <bernd@kuhls.net>\n---\n package/libexif/libexif.hash | 3 ++-\n package/libexif/libexif.mk   | 4 ++--\n 2 files changed, 4 insertions(+), 3 deletions(-)","diff":"diff --git a/package/libexif/libexif.hash b/package/libexif/libexif.hash\nindex 9e95e27f3e..5949bfb36c 100644\n--- a/package/libexif/libexif.hash\n+++ b/package/libexif/libexif.hash\n@@ -1,3 +1,4 @@\n+# From https://github.com/libexif/libexif/releases/tag/v0.6.26\n+sha256  4a055ed6575e61ca46c3172be3c753cc16c9becd0f99ec71d58dd0e471476c0c  libexif-0.6.26.tar.xz\n # Locally computed:\n-sha256  7c9eba99aed3e6594d8c3e85861f1c6aaf450c218621528bc989d3b3e7a26307  libexif-0.6.25.tar.bz2\n sha256  36b6d3fa47916943fd5fec313c584784946047ec1337a78b440e5992cb595f89  COPYING\ndiff --git a/package/libexif/libexif.mk b/package/libexif/libexif.mk\nindex 0e50d78fbe..f434f9a922 100644\n--- a/package/libexif/libexif.mk\n+++ b/package/libexif/libexif.mk\n@@ -4,8 +4,8 @@\n #\n ################################################################################\n \n-LIBEXIF_VERSION = 0.6.25\n-LIBEXIF_SOURCE = libexif-$(LIBEXIF_VERSION).tar.bz2\n+LIBEXIF_VERSION = 0.6.26\n+LIBEXIF_SOURCE = libexif-$(LIBEXIF_VERSION).tar.xz\n LIBEXIF_SITE = \\\n \thttps://github.com/libexif/libexif/releases/download/v$(LIBEXIF_VERSION)\n LIBEXIF_INSTALL_STAGING = YES\n","prefixes":["1/1"]}