{"id":2224427,"url":"http://patchwork.ozlabs.org/api/1.2/patches/2224427/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/patch/20260417120641.174060-1-thomas.perale@mind.be/","project":{"id":27,"url":"http://patchwork.ozlabs.org/api/1.2/projects/27/?format=json","name":"Buildroot development","link_name":"buildroot","list_id":"buildroot.buildroot.org","list_email":"buildroot@buildroot.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260417120641.174060-1-thomas.perale@mind.be>","list_archive_url":null,"date":"2026-04-17T12:06:40","name":"[1/2,2025.02.x] package/xz: add patch trailer","commit_ref":null,"pull_url":null,"state":"accepted","archived":false,"hash":"8845da707ed6c87c487b58bfa6f9da8ba3062280","submitter":{"id":87308,"url":"http://patchwork.ozlabs.org/api/1.2/people/87308/?format=json","name":"Thomas Perale","email":"thomas.perale@mind.be"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/buildroot/patch/20260417120641.174060-1-thomas.perale@mind.be/mbox/","series":[{"id":500317,"url":"http://patchwork.ozlabs.org/api/1.2/series/500317/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/list/?series=500317","date":"2026-04-17T12:06:40","name":"[1/2,2025.02.x] package/xz: add patch trailer","version":1,"mbox":"http://patchwork.ozlabs.org/series/500317/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2224427/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2224427/checks/","tags":{},"related":[],"headers":{"Return-Path":"","X-Original-To":["incoming-buildroot@patchwork.ozlabs.org","buildroot@buildroot.org"],"Delivered-To":["patchwork-incoming-buildroot@legolas.ozlabs.org","buildroot@buildroot.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=oiUfEi90;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=2605:bc80:3010::138; helo=smtp1.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)"],"Received":["from smtp1.osuosl.org (smtp1.osuosl.org [IPv6:2605:bc80:3010::138])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4fxtsS1S25z1yDF\n\tfor ;\n Fri, 17 Apr 2026 22:06:51 +1000 (AEST)","from localhost (localhost [127.0.0.1])\n\tby smtp1.osuosl.org (Postfix) with ESMTP id 3295281460;\n\tFri, 17 Apr 2026 12:06:50 +0000 (UTC)","from smtp1.osuosl.org ([127.0.0.1])\n by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id z96t6saUIuZG; Fri, 17 Apr 2026 12:06:49 +0000 (UTC)","from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp1.osuosl.org (Postfix) with ESMTP id 4E5AE8145C;\n\tFri, 17 Apr 2026 12:06:49 +0000 (UTC)","from smtp1.osuosl.org (smtp1.osuosl.org [140.211.166.138])\n by lists1.osuosl.org (Postfix) with ESMTP id 62C93396\n for ; Fri, 17 Apr 2026 12:06:48 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n by smtp1.osuosl.org (Postfix) with ESMTP id 6050E8145C\n for ; Fri, 17 Apr 2026 12:06:48 +0000 (UTC)","from smtp1.osuosl.org ([127.0.0.1])\n by localhost (smtp1.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id eyu6l_vsLZdg for ;\n Fri, 17 Apr 2026 12:06:47 +0000 (UTC)","from mail-wr1-x436.google.com (mail-wr1-x436.google.com\n [IPv6:2a00:1450:4864:20::436])\n by smtp1.osuosl.org (Postfix) with ESMTPS id 54D958145B\n for ; Fri, 17 Apr 2026 12:06:46 +0000 (UTC)","by mail-wr1-x436.google.com with SMTP id\n ffacd0b85a97d-43d70c30767so994210f8f.0\n for ; Fri, 17 Apr 2026 05:06:46 -0700 (PDT)","from arch ([79.132.232.220]) by smtp.gmail.com with ESMTPSA id\n ffacd0b85a97d-43fe4e3a341sm4421878f8f.24.2026.04.17.05.06.43\n for \n (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);\n Fri, 17 Apr 2026 05:06:43 -0700 (PDT)"],"X-Virus-Scanned":["amavis at osuosl.org","amavis at osuosl.org"],"X-Comment":"SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver= ","DKIM-Filter":["OpenDKIM Filter v2.11.0 smtp1.osuosl.org 4E5AE8145C","OpenDKIM Filter v2.11.0 smtp1.osuosl.org 54D958145B"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1776427609;\n\tbh=NKq2GIK1xNzov68THfe0IWMxFh+NcCc1BMWHj8LAL/c=;\n\th=To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:\n\t List-Help:List-Subscribe:From:Reply-To:From;\n\tb=oiUfEi90yYabeKuXZUF4uDNEcHqilzFA+SJu7L++i29XL+tNOb0C3CJVyL3oftHEc\n\t KfmFYTgZoycXgoEF4D6wFOSShgAMxOY2ik/EXkuXr/cP2tUnStgSvT6G+GX1QEDdmI\n\t E6L+9l/ywWjZKmWVbeuUKrYRO+aLKEUU8pxZZbfAJ0E5k37pxcEM6qUBmPaKMq8byw\n\t i+7rimZstSYUJVumendN31xagpgumtIkg9P6cpHJ4gs3eUfe8tUFjsBwkGeO+ZUyx8\n\t n1KmKWBiAcLtI4QnKxmto5WIDPmHfv8IrPoMmJz/bq7ZI7QUlzpwOiDmd1cvieSHhh\n\t UnERwIeYKDhdw==","Received-SPF":"Pass (mailfrom) identity=mailfrom;\n client-ip=2a00:1450:4864:20::436; helo=mail-wr1-x436.google.com;\n envelope-from=thomas.perale@essensium.com; receiver=","DMARC-Filter":"OpenDMARC Filter v1.4.2 smtp1.osuosl.org 54D958145B","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20251104; t=1776427604; x=1777032404;\n h=content-transfer-encoding:mime-version:message-id:date:subject:to\n :from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id\n :reply-to;\n bh=1oJZQztYI/4Fy36/ni5sv+6HWszuTEfPoUNTgI9F07s=;\n b=OftOaYyUD7tkkLrcFy997Ftu4y40w6x5MC/Iqg5bzZh47AiW1hq58wITQ3gkBNWv15\n OTU/lUQF9KUYF8nHUy7VjWsdPVWU7J+4C3eM7YslEwPTCaOZWw9pmG6QR3GHKfA5FxuW\n KroARQVn26E7n+ZAQxI5vlDMLapGNQ8d4/IeXTs2JTIHIF7E6FdIUSzXEbru3mQERQR4\n R8s4vZrZXjPbgVxxlZF+5XZZNHU+YNq1a64LN9gyaCFWPWHi2yPDWG2eKSHNoLupc6oN\n /NnWbrvzJdl2Ix68YF4Wcu2as6hCgezdngKKyAy2abXU8a4YKfFpbxd/EUaBQ+4dotDd\n qmWg==","X-Gm-Message-State":"AOJu0YzKOlXrYHIUplbzFVAx2UMbN7msHSpsNbGK5JSlCt3qStKBP8KV\n 2QYNXOnyf/l5k+5WWktcl5Xl9Ekt5eD86YO4qp+g04EblN+qE7FsFys67Np7A92L9OOw+R1aKw0\n tTM18","X-Gm-Gg":"AeBDietuaotIqVlLQY3aWPqVOmYf/+trWSbczbZc4uZ1FtcEOgetW3u4K23ML4LA7Ci\n 7bb3nkNyT1F7voJuHyFVeQMFj0PvF44m6wwuweirFBo56J6iYNvD/EjLe63PbFXlEUMr/FhUPGB\n 8B++CktlnonG5qtrjI+xMHYVBvreJE8tPrPRubDKXbboHtWmZKsvvXKhZaM3kbkTBP89ClKCFzP\n xvV77p64XsMfVi5P+7jv1Ua939NxdYMwMqQ1pxmYW9OBNeuNQ1LG5qpLDcm0TYVhgXFJm7CsdIM\n DLlfxO3Eao5Tv9eEsTfVFp6m8KUBGsChpjeCFJAmQoUhfwz1818LJVpnUpu96cV+CTIU5ZcK7NP\n eqvVCoDSqDIrCVXx3k2aa2B8/NbPx0g4tfEr6oMlXUOcByxPrM815tluhMOvaSiZA7tzQJXeNK3\n dVABJcDjL71Uxw3NOFT7jin5HBYqM=","X-Received":"by 2002:a5d:6f14:0:b0:43d:7086:b03 with SMTP id\n ffacd0b85a97d-43fe4032b76mr3317587f8f.1.1776427603876;\n Fri, 17 Apr 2026 05:06:43 -0700 (PDT)","To":"buildroot@buildroot.org","Date":"Fri, 17 Apr 2026 14:06:40 +0200","Message-ID":"<20260417120641.174060-1-thomas.perale@mind.be>","X-Mailer":"git-send-email 2.53.0","MIME-Version":"1.0","X-Mailman-Original-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=mind.be; s=google; t=1776427604; x=1777032404; darn=buildroot.org;\n h=content-transfer-encoding:mime-version:message-id:date:subject:to\n :from:from:to:cc:subject:date:message-id:reply-to;\n bh=1oJZQztYI/4Fy36/ni5sv+6HWszuTEfPoUNTgI9F07s=;\n b=Bexwa7rirfwnpmeF3GuZvCvYQ9nylhF+7MIDr2uEWIflbcvLaWeT2+BcBw18ImIJPv\n Xaml9ZmZJnvZRr7I3pqg6tfbYLT5bHp2H6W+2b16p4rwVCrt5BM+NjqtPyEOgRqpZsIP\n dXH9XDQDfnYdR0CHPhqV4I9b1BIiedobL43SC1lQjqnk0bXL+lLd5gomhoFjogKRgSJf\n pxF67rMTwDQZ43VGEe+zSXa+g/zkUJvPbVE0IBfqJBkIAHy6o0lnBmoUmDwrnsbkSl4c\n oM1Ec8dWLuyhYmMStxqsM1nPyl9YJeIepsr0oRPWop43av21BxUL3A0FmMulcBNa8M8V\n adPA==","X-Mailman-Original-Authentication-Results":["smtp1.osuosl.org;\n dmarc=pass (p=quarantine dis=none)\n header.from=mind.be","smtp1.osuosl.org;\n dkim=pass (2048-bit key) header.d=mind.be header.i=@mind.be\n header.a=rsa-sha256 header.s=google header.b=Bexwa7ri"],"Subject":"[Buildroot] [PATCH 1/2 2025.02.x] package/xz: add patch trailer","X-BeenThere":"buildroot@buildroot.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"Discussion and development of buildroot ","List-Unsubscribe":",\n ","List-Archive":"","List-Post":"","List-Help":"","List-Subscribe":",\n ","From":"Thomas Perale via buildroot ","Reply-To":"Thomas Perale ","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@buildroot.org","Sender":"\"buildroot\" "},"content":"Commit [1] introduced a set of patches to fix CVE-2025-31115.\nSince [2] the security patches neeed to reference the vulnerability with\nthe `CVE: ` trailer in the patch header.\n\nThis set of patch is no longer present on master branch with xz bump [3]\nbut hasn't been cherry picked to 2025.02.x branch.\n\n[1] 06c6c49fe8 package/xz: add security patches fixing CVE-2025-31115\n[2] 1167d0ff3d docs/manual: mention CVE trailer\n[3] aaa50b0e61 package/xz: bump to version 5.8.1\n\nSigned-off-by: Thomas Perale \n---\n package/xz/0001-liblzma-mt-dec-Fix-a-comment.patch | 1 +\n ...02-liblzma-mt-dec-Simplify-by-removing-the-THR_STOP-sta.patch | 1 +\n ...03-liblzma-mt-dec-Don-t-free-the-input-buffer-too-early.patch | 1 +\n ...04-liblzma-mt-dec-Don-t-modify-thr-in_size-in-the-worke.patch | 1 +\n 4 files changed, 4 insertions(+)","diff":"diff --git a/package/xz/0001-liblzma-mt-dec-Fix-a-comment.patch b/package/xz/0001-liblzma-mt-dec-Fix-a-comment.patch\nindex 2424fb0d13..41870a8282 100644\n--- a/package/xz/0001-liblzma-mt-dec-Fix-a-comment.patch\n+++ b/package/xz/0001-liblzma-mt-dec-Fix-a-comment.patch\n@@ -5,6 +5,7 @@ Subject: [PATCH] liblzma: mt dec: Fix a comment\n \n Reviewed-by: Sebastian Andrzej Siewior \n Thanks-to: Sam James \n+CVE: CVE-2025-31115\n Upstream: https://github.com/tukaani-project/xz/commit/831b55b971cf579ee16a854f177c36b20d3c6999\n Signed-off-by: Julien Olivain \n ---\ndiff --git a/package/xz/0002-liblzma-mt-dec-Simplify-by-removing-the-THR_STOP-sta.patch b/package/xz/0002-liblzma-mt-dec-Simplify-by-removing-the-THR_STOP-sta.patch\nindex 7845380a8c..14985ebc8f 100644\n--- a/package/xz/0002-liblzma-mt-dec-Simplify-by-removing-the-THR_STOP-sta.patch\n+++ b/package/xz/0002-liblzma-mt-dec-Simplify-by-removing-the-THR_STOP-sta.patch\n@@ -12,6 +12,7 @@ called (reinitializing the decoder always calls threads_end()).\n \n Reviewed-by: Sebastian Andrzej Siewior \n Thanks-to: Sam James \n+CVE: CVE-2025-31115\n Upstream: https://github.com/tukaani-project/xz/commit/c0c835964dfaeb2513a3c0bdb642105152fe9f34\n Signed-off-by: Julien Olivain \n ---\ndiff --git a/package/xz/0003-liblzma-mt-dec-Don-t-free-the-input-buffer-too-early.patch b/package/xz/0003-liblzma-mt-dec-Don-t-free-the-input-buffer-too-early.patch\nindex 9915e6b275..d370d8b613 100644\n--- a/package/xz/0003-liblzma-mt-dec-Don-t-free-the-input-buffer-too-early.patch\n+++ b/package/xz/0003-liblzma-mt-dec-Don-t-free-the-input-buffer-too-early.patch\n@@ -26,6 +26,7 @@ Fixes: 4cce3e27f529 (\"liblzma: Add threaded .xz decompressor.\")\n Reported-by: Harri K. Koskinen \n Reviewed-by: Sebastian Andrzej Siewior \n Thanks-to: Sam James \n+CVE: CVE-2025-31115\n Upstream: https://github.com/tukaani-project/xz/commit/d5a2ffe41bb77b918a8c96084885d4dbe4bf6480\n Signed-off-by: Julien Olivain \n ---\ndiff --git a/package/xz/0004-liblzma-mt-dec-Don-t-modify-thr-in_size-in-the-worke.patch b/package/xz/0004-liblzma-mt-dec-Don-t-modify-thr-in_size-in-the-worke.patch\nindex 1a914e08db..b3fd11b29d 100644\n--- a/package/xz/0004-liblzma-mt-dec-Don-t-modify-thr-in_size-in-the-worke.patch\n+++ b/package/xz/0004-liblzma-mt-dec-Don-t-modify-thr-in_size-in-the-worke.patch\n@@ -21,6 +21,7 @@ Block before the worker thread is activated.\n Fixes: 4cce3e27f529 (\"liblzma: Add threaded .xz decompressor.\")\n Reviewed-by: Sebastian Andrzej Siewior \n Thanks-to: Sam James \n+CVE: CVE-2025-31115\n Upstream: https://github.com/tukaani-project/xz/commit/8188048854e8d11071b8a50d093c74f4c030acc9\n Signed-off-by: Julien Olivain \n ---\n","prefixes":["1/2","2025.02.x"]}