{"id":2231827,"url":"http://patchwork.ozlabs.org/api/1.1/patches/2231827/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/patch/20260501123100.1918951-26-bernd@kuhls.net/","project":{"id":27,"url":"http://patchwork.ozlabs.org/api/1.1/projects/27/?format=json","name":"Buildroot development","link_name":"buildroot","list_id":"buildroot.buildroot.org","list_email":"buildroot@buildroot.org","web_url":"","scm_url":"","webscm_url":""},"msgid":"<20260501123100.1918951-26-bernd@kuhls.net>","date":"2026-05-01T12:30:11","name":"[26/75] package/python-lmdb: security bump version to 2.2.0","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"40926cc176766feb79d54306f48468c44ebfd1da","submitter":{"id":86624,"url":"http://patchwork.ozlabs.org/api/1.1/people/86624/?format=json","name":"Bernd Kuhls","email":"bernd@kuhls.net"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/buildroot/patch/20260501123100.1918951-26-bernd@kuhls.net/mbox/","series":[{"id":502454,"url":"http://patchwork.ozlabs.org/api/1.1/series/502454/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/list/?series=502454","date":"2026-05-01T12:29:46","name":"[01/75] package/python-aiohttp: bump version to 3.13.5","version":1,"mbox":"http://patchwork.ozlabs.org/series/502454/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2231827/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2231827/checks/","tags":{},"headers":{"Return-Path":"","X-Original-To":["incoming-buildroot@patchwork.ozlabs.org","buildroot@buildroot.org"],"Delivered-To":["patchwork-incoming-buildroot@legolas.ozlabs.org","buildroot@buildroot.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=H0oAX3Ka;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=2605:bc80:3010::137; helo=smtp4.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)"],"Received":["from smtp4.osuosl.org (smtp4.osuosl.org [IPv6:2605:bc80:3010::137])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g6VtG22kpz1y04\n\tfor ;\n Fri, 01 May 2026 22:37:26 +1000 (AEST)","from localhost (localhost [127.0.0.1])\n\tby smtp4.osuosl.org (Postfix) with ESMTP id DDFF841F51;\n\tFri, 1 May 2026 12:37:24 +0000 (UTC)","from smtp4.osuosl.org ([127.0.0.1])\n by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id Nb4RzDeR37YN; Fri, 1 May 2026 12:37:24 +0000 (UTC)","from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp4.osuosl.org (Postfix) with ESMTP id 04AAD424A3;\n\tFri, 1 May 2026 12:37:24 +0000 (UTC)","from smtp3.osuosl.org (smtp3.osuosl.org [IPv6:2605:bc80:3010::136])\n by lists1.osuosl.org (Postfix) with ESMTP id 2F0A8293\n for ; Fri, 1 May 2026 12:37:23 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n by smtp3.osuosl.org (Postfix) with ESMTP id 20E5E61B89\n for ; Fri, 1 May 2026 12:37:23 +0000 (UTC)","from smtp3.osuosl.org ([127.0.0.1])\n by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id FxPYr0F3R71Y for ;\n Fri, 1 May 2026 12:37:22 +0000 (UTC)","from dd20012.kasserver.com (dd20012.kasserver.com [85.13.140.57])\n by smtp3.osuosl.org (Postfix) with ESMTPS id 112A26176F\n for ; Fri, 1 May 2026 12:37:21 +0000 (UTC)","from fli4l.lan.fli4l (p4fd6c2eb.dip0.t-ipconnect.de\n [79.214.194.235])\n by dd20012.kasserver.com (Postfix) with ESMTPSA id 6D62BA4C2EC6;\n Fri, 1 May 2026 14:31:05 +0200 (CEST)","from bruckner.lan.fli4l ([192.168.1.1]:45080)\n by fli4l.lan.fli4l with esmtp (Exim 4.99.2)\n (envelope-from ) id 1wIn1K-000000008NC-3wnO;\n Fri, 01 May 2026 12:31:02 +0000"],"X-Virus-Scanned":["amavis at osuosl.org","amavis at osuosl.org"],"X-Comment":"SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver= ","DKIM-Filter":["OpenDKIM Filter v2.11.0 smtp4.osuosl.org 04AAD424A3","OpenDKIM Filter v2.11.0 smtp3.osuosl.org 112A26176F"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1777639044;\n\tbh=r0N03XxwRlryIsUh62ipKb7ZA/XVpRwtdn0F6viyRzc=;\n\th=From:To:Date:In-Reply-To:References:Subject:List-Id:\n\t List-Unsubscribe:List-Archive:List-Post:List-Help:List-Subscribe:\n\t Cc:From;\n\tb=H0oAX3KaKN0HI32IbrS5EgU+KXlPL8k3uf+fBiRXazk5Zmrm0jc+EKcjcTpNkXCoU\n\t Rl/Xyg2AVEQCuCGNI7ZHLmXt/BblpKeucKmpAIpfKh5V9Gk62PD6YC9zIjb9P5BAxh\n\t QQLIOajcD7mJf9tBRFmLvfG8pNQKq/aoFKuQX8CsotRs0RnQGwFx50VUE9AmJWnjHt\n\t EZ5I3ZhfN8ISpTcp/JBnZ/gLRUGPWu+dmdOyJTLTTI/e9QHumZ4rhukdPW21libRXr\n\t QHD8LF8iNgHo5pPNKcNosQZ87l+4046zUM10o58UoTs5sFGwDVWwNVQHJDownVqNtz\n\t INa08rjUOgQMw==","Received-SPF":"Pass (mailfrom) identity=mailfrom; client-ip=85.13.140.57;\n helo=dd20012.kasserver.com; envelope-from=bernd@kuhls.net;\n receiver=","DMARC-Filter":"OpenDMARC Filter v1.4.2 smtp3.osuosl.org 112A26176F","From":"Bernd Kuhls ","To":"buildroot@buildroot.org","Date":"Fri, 1 May 2026 14:30:11 +0200","Message-ID":"<20260501123100.1918951-26-bernd@kuhls.net>","X-Mailer":"git-send-email 2.47.3","In-Reply-To":"<20260501123100.1918951-1-bernd@kuhls.net>","References":"<20260501123100.1918951-1-bernd@kuhls.net>","MIME-Version":"1.0","X-Spamd-Bar":"++","X-Mailman-Original-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=kuhls.net;\n s=kas202511301023; t=1777638665;\n bh=NPKHVMAp3siakpqVR2BXJf/7nIx8U8kBv6QsLvWkHUA=;\n h=From:To:Cc:Subject:Date:In-Reply-To:From;\n b=kOv5Bzk8onx6q1GF01V2UyiBbeCfmbKVoYmn7VfrtQqpwBzjpYOBi6aYbkKhftHoG\n 7CW+ITsejF/Wlhn0KtGPfyYO3pgMELAk2oXlRBC62sR5VJEFeKB8Lp0xV/Z8H5kkU2\n Gd7aBwK2/3bVmD2mWYTGS6y0Eci0VpG1HnGOd9gpHxisxr0gUAMvyFjp7lwtNzaxMG\n 7hFwSFTOKLiUBS65Zmp24MIDdn4N6+VDnS9xT6BzBvsZiqYLJxG17FjVNH25BvXpXD\n DepYIG0lD2Edkvji8k7MSUYWDC/EBmSLiNXxFtSMS/RzjKenRbLZsW7HcgN/CFAYQc\n SlNjEkghSjBvQ==","X-Mailman-Original-Authentication-Results":["smtp3.osuosl.org;\n dmarc=pass (p=none dis=none)\n header.from=kuhls.net","smtp3.osuosl.org;\n dkim=pass (2048-bit key) header.d=kuhls.net header.i=@kuhls.net\n header.a=rsa-sha256 header.s=kas202511301023 header.b=kOv5Bzk8"],"Subject":"[Buildroot] [PATCH 26/75] package/python-lmdb: security bump\n version to 2.2.0","X-BeenThere":"buildroot@buildroot.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"Discussion and development of buildroot ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","Cc":"Joseph Kogut ,\n Christophe Vu-Brugier , =?utf-8?b?UmFwaGHDq2wgTcOp?=\n\t=?utf-8?b?bG90dGU=?= , =?utf-8?q?Fl=C3=A1vio_Tapaj?=\n\t=?utf-8?q?=C3=B3s?= , =?utf-8?q?Martin_Hunde?=\n\t=?utf-8?q?b=C3=B8ll?= ,\n Grzegorz Blach ,\n Marcin Niestroj ,\n Guillaume William Brs ,\n James Hilliard ,\n Ludovic Desroches ,\n Jagan Teki ,\n Thomas Petazzoni ,\n Falco Hyfing , Mauro Condarelli ,\n Fiona Klute ","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@buildroot.org","Sender":"\"buildroot\" "},"content":"https://github.com/jnwatson/py-lmdb/blob/py-lmdb_2.2.0/ChangeLog\n\nVersion 2.1.0 fixes the following CVEs:\n\n- **CVE-2019-16224**: heap buffer overflow via `MDB_DUPFIXED` without\n `MDB_DUPSORT` in on-disk `md_flags`. (#429)\n\n- **CVE-2019-16225**: `SIGSEGV` from `P_DIRTY` flag set on mmap'd disk pages,\n causing `mdb_page_touch()` to skip copy-on-write. (#429)\n\n- **CVE-2019-16226**: out-of-bounds `memmove` in `mdb_node_del` via corrupt\n `mn_hi` making `NODEDSZ()` huge. (#429)\n\n- **CVE-2019-16227**: NULL pointer dereference of `mc_xcursor` when\n `F_DUPDATA` is set on a node in a non-DUPSORT database. (#429)\n\n- **CVE-2019-16228**: divide-by-zero from zero `mm_psize` in meta page\n header. (#429)\n\nSigned-off-by: Bernd Kuhls \n---\n package/python-lmdb/python-lmdb.hash | 4 ++--\n package/python-lmdb/python-lmdb.mk | 4 ++--\n 2 files changed, 4 insertions(+), 4 deletions(-)","diff":"diff --git a/package/python-lmdb/python-lmdb.hash b/package/python-lmdb/python-lmdb.hash\nindex 679d552d1c..ad111605bc 100644\n--- a/package/python-lmdb/python-lmdb.hash\n+++ b/package/python-lmdb/python-lmdb.hash\n@@ -1,5 +1,5 @@\n # md5, sha256 from https://pypi.org/pypi/lmdb/json\n-md5 de895e4a88eeb179aa0c185a08523d62 lmdb-1.8.1.tar.gz\n-sha256 44ef24033929e9cc227a7e17287473c452b462d716f118db885c667c80f57429 lmdb-1.8.1.tar.gz\n+md5 f6f491b825302966f63b3fdee2ef80fd lmdb-2.2.0.tar.gz\n+sha256 53020e20305c043ea6e68089bc242d744fba6073cdb268332299ba6dda2886d4 lmdb-2.2.0.tar.gz\n # Locally computed sha256 checksums\n sha256 310fe25c858a9515fc8c8d7d1f24a67c9496f84a91e0a0e41ea9975b1371e569 LICENSE\ndiff --git a/package/python-lmdb/python-lmdb.mk b/package/python-lmdb/python-lmdb.mk\nindex dbdc80bfda..ba3d257fdd 100644\n--- a/package/python-lmdb/python-lmdb.mk\n+++ b/package/python-lmdb/python-lmdb.mk\n@@ -4,9 +4,9 @@\n #\n ################################################################################\n \n-PYTHON_LMDB_VERSION = 1.8.1\n+PYTHON_LMDB_VERSION = 2.2.0\n PYTHON_LMDB_SOURCE = lmdb-$(PYTHON_LMDB_VERSION).tar.gz\n-PYTHON_LMDB_SITE = https://files.pythonhosted.org/packages/23/19/392f028e7ebcc1cc8212fe8a315a909b7a556278456f0bab9234d3a3b665\n+PYTHON_LMDB_SITE = https://files.pythonhosted.org/packages/21/44/d94934efaf8f887b6959f131fde740fcaa831edfd13eb5425574637cddd5\n PYTHON_LMDB_LICENSE = OLDAP-2.8\n PYTHON_LMDB_LICENSE_FILES = LICENSE\n PYTHON_LMDB_DEPENDENCIES = host-python-cffi host-python-patch-ng\n","prefixes":["26/75"]}