[Buildroot] [PATCH 1/2] syslog-ng: bump version to 4.3.1

[Buildroot] [PATCH 1/2] syslog-ng: bump version to 4.3.1

[Chris Packham]

Update to latest version. This includes a fix for CVE-2022-38725.

Release notes:
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.3.1

Signed-off-by: Chris Packham <judge.packham@gmail.com>
---
 package/syslog-ng/syslog-ng.conf | 2 +-
 package/syslog-ng/syslog-ng.hash | 2 +-
 package/syslog-ng/syslog-ng.mk   | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package/syslog-ng/syslog-ng.conf b/package/syslog-ng/syslog-ng.conf
index a3cfa8dacf..06e48cdd50 100644
--- a/package/syslog-ng/syslog-ng.conf
+++ b/package/syslog-ng/syslog-ng.conf
@@ -1,4 +1,4 @@
-@version: 4.2
+@version: 4.3
 
 source s_sys {
 	file("/proc/kmsg" program_override("kernel"));
diff --git a/package/syslog-ng/syslog-ng.hash b/package/syslog-ng/syslog-ng.hash
index a917331580..6841ed5eb1 100644
--- a/package/syslog-ng/syslog-ng.hash
+++ b/package/syslog-ng/syslog-ng.hash
@@ -1,5 +1,5 @@
 # Locally computed
-sha256  092bd17fd47002c988aebdf81d0ed3f3cfd0e82b388d2453bcaa5e67934f4dda  syslog-ng-4.2.0.tar.gz
+sha256  999dbab62982c3cffba02c0be22c596ee1ce81d6954689dc9b3a6afeb513cce3  syslog-ng-4.3.1.tar.gz
 sha256  c75dcbfc17ccf742f12042a370f825a40951085d2352dfc9d07e715dae3ca9bd  COPYING
 sha256  ce3324c9f22299cfc7c281e5a6ab40fbe9c2ea1a67cee87226cb8cd39db1e1d2  GPL.txt
 sha256  dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551  LGPL.txt
diff --git a/package/syslog-ng/syslog-ng.mk b/package/syslog-ng/syslog-ng.mk
index 39433185b4..ff5aaee429 100644
--- a/package/syslog-ng/syslog-ng.mk
+++ b/package/syslog-ng/syslog-ng.mk
@@ -6,7 +6,7 @@
 
 # When updating the version, please check at runtime if the version in
 # syslog-ng.conf header needs to be updated
-SYSLOG_NG_VERSION = 4.2.0
+SYSLOG_NG_VERSION = 4.3.1
 SYSLOG_NG_SITE = https://github.com/balabit/syslog-ng/releases/download/syslog-ng-$(SYSLOG_NG_VERSION)
 SYSLOG_NG_LICENSE = LGPL-2.1+ (syslog-ng core), GPL-2.0+ (modules)
 SYSLOG_NG_LICENSE_FILES = COPYING GPL.txt LGPL.txt
-- 
2.42.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

[Buildroot] [PATCH 2/2] gst1-shark: Update to v0.8.1

[Chris Packham]

Update to the latest release.

Release notes:
https://github.com/RidgeRun/gst-shark/releases/tag/v0.8.1
https://github.com/RidgeRun/gst-shark/releases/tag/v0.8.0

Signed-off-by: Chris Packham <judge.packham@gmail.com>
---
 package/gstreamer1/gst1-shark/gst1-shark.hash | 2 +-
 package/gstreamer1/gst1-shark/gst1-shark.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/gstreamer1/gst1-shark/gst1-shark.hash b/package/gstreamer1/gst1-shark/gst1-shark.hash
index cfd72dd2a6..37276cc93d 100644
--- a/package/gstreamer1/gst1-shark/gst1-shark.hash
+++ b/package/gstreamer1/gst1-shark/gst1-shark.hash
@@ -1,5 +1,5 @@
 # locally computed hash
-sha256  413dbd8b6be1b09751e8d00abf9784de18cb74283c95ac078f6fb7d8750de26a  gst1-shark-v0.7.5-br1.tar.gz
+sha256  07587922dc49d12abe2444590a88c530409854b02904ad50357b312f9b6ea736  gst1-shark-v0.8.1-br1.tar.gz
 
 # Hashes for license files:
 sha256  6d191b8f1fa03cabced18b8e48fddbf960a19f965bed8491e76ed62238f92f0b  COPYING
diff --git a/package/gstreamer1/gst1-shark/gst1-shark.mk b/package/gstreamer1/gst1-shark/gst1-shark.mk
index 17df001cef..a059d41cb8 100644
--- a/package/gstreamer1/gst1-shark/gst1-shark.mk
+++ b/package/gstreamer1/gst1-shark/gst1-shark.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-GST1_SHARK_VERSION = v0.7.5
+GST1_SHARK_VERSION = v0.8.1
 GST1_SHARK_SITE =  https://github.com/RidgeRun/gst-shark.git
 GST1_SHARK_SITE_METHOD = git
 GST1_SHARK_GIT_SUBMODULES = YES
-- 
2.42.0

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 2/2] gst1-shark: Update to v0.8.1

[Thomas Petazzoni via buildroot]

On Mon, 11 Sep 2023 20:50:00 +1200
Chris Packham <judge.packham@gmail.com> wrote:

> Update to the latest release.
> 
> Release notes:
> https://github.com/RidgeRun/gst-shark/releases/tag/v0.8.1
> https://github.com/RidgeRun/gst-shark/releases/tag/v0.8.0
> 
> Signed-off-by: Chris Packham <judge.packham@gmail.com>
> ---
>  package/gstreamer1/gst1-shark/gst1-shark.hash | 2 +-
>  package/gstreamer1/gst1-shark/gst1-shark.mk   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)

Adjust commit title to:

	package/gstreamer1/gst1-shark: bump version to v0.8.1

and applied to master. Thanks!

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 1/2] syslog-ng: bump version to 4.3.1

[Thomas Petazzoni via buildroot]

On Mon, 11 Sep 2023 20:49:59 +1200
Chris Packham <judge.packham@gmail.com> wrote:

> Update to latest version. This includes a fix for CVE-2022-38725.

So this is a security bump?

Thomas
-- 
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 1/2] syslog-ng: bump version to 4.3.1

[Thomas Petazzoni via buildroot]

Hello Chris,

On Mon, 11 Sep 2023 15:52:25 +0200
Thomas Petazzoni via buildroot <buildroot@buildroot.org> wrote:

> On Mon, 11 Sep 2023 20:49:59 +1200
> Chris Packham <judge.packham@gmail.com> wrote:
> 
> > Update to latest version. This includes a fix for CVE-2022-38725.  
> 
> So this is a security bump?

Actually, are you sure it is related to CVE-2022-38725. According to
https://nvd.nist.gov/vuln/detail/CVE-2022-38725, this CVE only affects
versions up to 3.38, and we're at 4.2.0. In addition,
https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.3.1
does not mention "CVE" anywhere. Could you clarify this?

Thanks!

Thomas
-- 
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [PATCH 1/2] syslog-ng: bump version to 4.3.1

[Chris Packham]

[-- Attachment #1.1: Type: text/plain, Size: 917 bytes --]

On Tue, 12 Sept 2023, 7:41 am Thomas Petazzoni, <
thomas.petazzoni@bootlin.com> wrote:

> Hello Chris,
>
> On Mon, 11 Sep 2023 15:52:25 +0200
> Thomas Petazzoni via buildroot <buildroot@buildroot.org> wrote:
>
> > On Mon, 11 Sep 2023 20:49:59 +1200
> > Chris Packham <judge.packham@gmail.com> wrote:
> >
> > > Update to latest version. This includes a fix for CVE-2022-38725.
> >
> > So this is a security bump?
>
> Actually, are you sure it is related to CVE-2022-38725. According to
> https://nvd.nist.gov/vuln/detail/CVE-2022-38725, this CVE only affects
> versions up to 3.38, and we're at 4.2.0. In addition,
> https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.3.1
> does not mention "CVE" anywhere. Could you clarify this?
>

I was going on the Debian issue that said 4.3.1 was fixed. But perhaps it
was actually unaffected.

I can resubmit without the mention. My intent was just a feature bump.

[-- Attachment #1.2: Type: text/html, Size: 1785 bytes --]

[-- Attachment #2: Type: text/plain, Size: 150 bytes --]

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot