{"id":2231493,"url":"http://patchwork.ozlabs.org/api/patches/2231493/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/patch/20260430185635.2999959-1-bernd@kuhls.net/","project":{"id":27,"url":"http://patchwork.ozlabs.org/api/projects/27/?format=json","name":"Buildroot development","link_name":"buildroot","list_id":"buildroot.buildroot.org","list_email":"buildroot@buildroot.org","web_url":"","scm_url":"","webscm_url":"","list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20260430185635.2999959-1-bernd@kuhls.net>","list_archive_url":null,"date":"2026-04-30T18:56:35","name":"[1/1] package/thrift: security bump version to 0.23.0","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"97c44dddd399c72358d183ab7540dbdb6a145405","submitter":{"id":86624,"url":"http://patchwork.ozlabs.org/api/people/86624/?format=json","name":"Bernd Kuhls","email":"bernd@kuhls.net"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/buildroot/patch/20260430185635.2999959-1-bernd@kuhls.net/mbox/","series":[{"id":502361,"url":"http://patchwork.ozlabs.org/api/series/502361/?format=json","web_url":"http://patchwork.ozlabs.org/project/buildroot/list/?series=502361","date":"2026-04-30T18:56:35","name":"[1/1] package/thrift: security bump version to 0.23.0","version":1,"mbox":"http://patchwork.ozlabs.org/series/502361/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/2231493/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/2231493/checks/","tags":{},"related":[],"headers":{"Return-Path":"<buildroot-bounces@buildroot.org>","X-Original-To":["incoming-buildroot@patchwork.ozlabs.org","buildroot@buildroot.org"],"Delivered-To":["patchwork-incoming-buildroot@legolas.ozlabs.org","buildroot@buildroot.org"],"Authentication-Results":["legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=buildroot.org header.i=@buildroot.org\n header.a=rsa-sha256 header.s=default header.b=oigja4Ed;\n\tdkim-atps=neutral","legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=buildroot.org\n (client-ip=140.211.166.136; helo=smtp3.osuosl.org;\n envelope-from=buildroot-bounces@buildroot.org; receiver=patchwork.ozlabs.org)"],"Received":["from smtp3.osuosl.org (smtp3.osuosl.org [140.211.166.136])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g63LM0NDJz1yHv\n\tfor <incoming-buildroot@patchwork.ozlabs.org>;\n Fri, 01 May 2026 04:56:43 +1000 (AEST)","from localhost (localhost [127.0.0.1])\n\tby smtp3.osuosl.org (Postfix) with ESMTP id 163436F4DA;\n\tThu, 30 Apr 2026 18:56:41 +0000 (UTC)","from smtp3.osuosl.org ([127.0.0.1])\n by localhost (smtp3.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id MJ8Z9Rtm7mMq; Thu, 30 Apr 2026 18:56:40 +0000 (UTC)","from lists1.osuosl.org (lists1.osuosl.org [140.211.166.142])\n\tby smtp3.osuosl.org (Postfix) with ESMTP id 1E9046F4DD;\n\tThu, 30 Apr 2026 18:56:40 +0000 (UTC)","from smtp4.osuosl.org (smtp4.osuosl.org [140.211.166.137])\n by lists1.osuosl.org (Postfix) with ESMTP id 21E65127\n for <buildroot@buildroot.org>; Thu, 30 Apr 2026 18:56:39 +0000 (UTC)","from localhost (localhost [127.0.0.1])\n by smtp4.osuosl.org (Postfix) with ESMTP id 1F9B541C26\n for <buildroot@buildroot.org>; Thu, 30 Apr 2026 18:56:39 +0000 (UTC)","from smtp4.osuosl.org ([127.0.0.1])\n by localhost (smtp4.osuosl.org [127.0.0.1]) (amavis, port 10024) with ESMTP\n id 6F1NxKXjNJ8p for <buildroot@buildroot.org>;\n Thu, 30 Apr 2026 18:56:38 +0000 (UTC)","from dd20012.kasserver.com (dd20012.kasserver.com [85.13.140.57])\n by smtp4.osuosl.org (Postfix) with ESMTPS id 4196541BD3\n for <buildroot@buildroot.org>; Thu, 30 Apr 2026 18:56:37 +0000 (UTC)","from fli4l.lan.fli4l (p4fd6c2eb.dip0.t-ipconnect.de\n [79.214.194.235])\n by dd20012.kasserver.com (Postfix) with ESMTPSA id 0ED4EA4C11E2\n for <buildroot@buildroot.org>; Thu, 30 Apr 2026 20:56:36 +0200 (CEST)","from bruckner.lan.fli4l ([192.168.1.1]:36606)\n by fli4l.lan.fli4l with esmtp (Exim 4.99.2)\n (envelope-from <bernd@kuhls.net>) id 1wIWYu-0000000073H-0gZb\n for buildroot@buildroot.org; Thu, 30 Apr 2026 18:56:35 +0000"],"X-Virus-Scanned":["amavis at osuosl.org","amavis at osuosl.org"],"X-Comment":"SPF check N/A for local connections - client-ip=140.211.166.142;\n helo=lists1.osuosl.org; envelope-from=buildroot-bounces@buildroot.org;\n receiver=<UNKNOWN> ","DKIM-Filter":["OpenDKIM Filter v2.11.0 smtp3.osuosl.org 1E9046F4DD","OpenDKIM Filter v2.11.0 smtp4.osuosl.org 4196541BD3"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed; d=buildroot.org;\n\ts=default; t=1777575400;\n\tbh=2vKBHHIjQJi5KjspdvJNv0C17Ku90QjOGFfRPJto/OM=;\n\th=From:To:Date:Subject:List-Id:List-Unsubscribe:List-Archive:\n\t List-Post:List-Help:List-Subscribe:From;\n\tb=oigja4EdllSRE2cPrqwsMzs/ifjwUOLozj8WdUhgtKHGZxPps4yjh9N1paVZOkSJU\n\t VRt0BVdAT0FeobMyNzvgSYfEnC8hM0QRWVAoHTfpIuGV+WJ+U9cGmVCyeL1ekRYpJV\n\t BUgtRpCWIMcBr5Beq1jKwtOj4hmq5rH0lOVNgQFR6XP2DRc7mAJGFIJ37Co6x7eVV4\n\t nLzbimw39vMuVRsUP+qqF6h/rgR2Xe/J+dH62WfcK2feLQ4Tg9WMmfQI8nkmo7jZHF\n\t 4/TkoZgI7KFJXoFG/1kn1PVfHAThWfvWwbT3xvvulgTUf1d6ViCRh01y6JAvtnSPB0\n\t ixcv1FY1XxKmQ==","Received-SPF":"Pass (mailfrom) identity=mailfrom; client-ip=85.13.140.57;\n helo=dd20012.kasserver.com; envelope-from=bernd@kuhls.net;\n receiver=<UNKNOWN>","DMARC-Filter":"OpenDMARC Filter v1.4.2 smtp4.osuosl.org 4196541BD3","From":"Bernd Kuhls <bernd@kuhls.net>","To":"buildroot@buildroot.org","Date":"Thu, 30 Apr 2026 20:56:35 +0200","Message-ID":"<20260430185635.2999959-1-bernd@kuhls.net>","X-Mailer":"git-send-email 2.47.3","MIME-Version":"1.0","X-Spamd-Bar":"/","X-Mailman-Original-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=kuhls.net;\n s=kas202511301023; t=1777575396;\n bh=2Xo2bfev6Gqe+IJNoipfbLqzC+z49Il9Iq6aBT2f0dg=;\n h=From:To:Subject:Date:From;\n b=Btx7hTcq52oLs427ZyfsQFBfvMU8G/zfFlxB+CJjvsuRQO4nAzEEqHT93+e+e1Ooo\n hlmaTFQHuJMJbAx/XA511sJWkDeiR4IpBJALibFomkC1tkBwIRMnA3nLMAnqlO8NhJ\n jdn6HowtJzouvet9ZKxc5MCNy+zBzSfFJlYx/T1qtdJqThEYgrSasFFXluxbq4XKB7\n uc+HfoCNv0cTjZDhXtPG/rDeUzhN6jP18Sah0lW6Zt2CDADSwg3zD8n/Qx4Dzez6Sm\n wUTZ2FgT9aTSgKDk9iaOZlJ12Ethh2EFqAGnDMACu5YIBGHcRB5CcjXzXh/G+nYWoD\n QRDKvD9HV8Udg==","X-Mailman-Original-Authentication-Results":["smtp4.osuosl.org;\n dmarc=pass (p=none dis=none)\n header.from=kuhls.net","smtp4.osuosl.org;\n dkim=pass (2048-bit key) header.d=kuhls.net header.i=@kuhls.net\n header.a=rsa-sha256 header.s=kas202511301023 header.b=Btx7hTcq"],"Subject":"[Buildroot] [PATCH 1/1] package/thrift: security bump version to\n 0.23.0","X-BeenThere":"buildroot@buildroot.org","X-Mailman-Version":"2.1.30","Precedence":"list","List-Id":"Discussion and development of buildroot <buildroot.buildroot.org>","List-Unsubscribe":"<https://lists.buildroot.org/mailman/options/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=unsubscribe>","List-Archive":"<http://lists.buildroot.org/pipermail/buildroot/>","List-Post":"<mailto:buildroot@buildroot.org>","List-Help":"<mailto:buildroot-request@buildroot.org?subject=help>","List-Subscribe":"<https://lists.buildroot.org/mailman/listinfo/buildroot>,\n <mailto:buildroot-request@buildroot.org?subject=subscribe>","Content-Type":"text/plain; charset=\"us-ascii\"","Content-Transfer-Encoding":"7bit","Errors-To":"buildroot-bounces@buildroot.org","Sender":"\"buildroot\" <buildroot-bounces@buildroot.org>"},"content":"https://github.com/apache/thrift/blob/v0.23.0/CHANGES.md\n\nFixes the following CVEs:\n\nCVE-2026-41636: https://seclists.org/oss-sec/2026/q2/236\nCVE-2026-41607: https://seclists.org/oss-sec/2026/q2/237\nCVE-2026-41606: https://seclists.org/oss-sec/2026/q2/238\nCVE-2026-41605: https://seclists.org/oss-sec/2026/q2/239\nCVE-2026-41604: https://seclists.org/oss-sec/2026/q2/240\nCVE-2026-41602: https://seclists.org/oss-sec/2026/q2/241\nCVE-2026-41603: https://seclists.org/oss-sec/2026/q2/242\nCVE-2025-48431: https://seclists.org/oss-sec/2026/q2/243\n\nSigned-off-by: Bernd Kuhls <bernd@kuhls.net>\n---\n package/thrift/thrift.hash | 4 ++--\n package/thrift/thrift.mk   | 2 +-\n 2 files changed, 3 insertions(+), 3 deletions(-)","diff":"diff --git a/package/thrift/thrift.hash b/package/thrift/thrift.hash\nindex a517900c82..ff69f16849 100644\n--- a/package/thrift/thrift.hash\n+++ b/package/thrift/thrift.hash\n@@ -1,4 +1,4 @@\n-# From https://downloads.apache.org/thrift/0.22.0/thrift-0.22.0.tar.gz.sha256\n-sha256  794a0e455787960d9f27ab92c38e34da27e8deeda7a5db0e59dc64a00df8a1e5  thrift-0.22.0.tar.gz\n+# From https://downloads.apache.org/thrift/0.23.0/thrift-0.23.0.tar.gz.sha256\n+sha256  1859d932d2ae1f13d16c5a196931208c116310a5ff50f2bfd11d3db03be8f46f  thrift-0.23.0.tar.gz\n # License files, locally calculated\n sha256  d315e6cdedc07c478de6992027bfb66f220886c6216fd7e9885ced30c3703646  LICENSE\ndiff --git a/package/thrift/thrift.mk b/package/thrift/thrift.mk\nindex cee7adb8ed..68b9faa3e4 100644\n--- a/package/thrift/thrift.mk\n+++ b/package/thrift/thrift.mk\n@@ -4,7 +4,7 @@\n #\n ################################################################################\n \n-THRIFT_VERSION = 0.22.0\n+THRIFT_VERSION = 0.23.0\n THRIFT_SITE = https://downloads.apache.org/thrift/$(THRIFT_VERSION)\n THRIFT_LICENSE = Apache-2.0\n THRIFT_LICENSE_FILES = LICENSE\n","prefixes":["1/1"]}