* [Buildroot] [PATCH 1/2] package/libgpiod2: security bump to 2.2.4
@ 2026-04-10 14:57 Marcus Hoffmann via buildroot
2026-04-10 14:57 ` [Buildroot] [PATCH 2/2] package/python-gpiod: security bump to 2.4.2 Marcus Hoffmann via buildroot
0 siblings, 1 reply; 2+ messages in thread
From: Marcus Hoffmann via buildroot @ 2026-04-10 14:57 UTC (permalink / raw)
To: buildroot; +Cc: Boerge Struempfel
Bug fixes:
- fix buffer over-read bugs when translating uAPI structs to library types
- fix variable and argument types where necessary
- sanitize values returned by the kernel to avoid potential buffer overflows
- fix memory leaks in gpio-tools
- add missing return value checks in gpio-tools
- fix period parsing in gpio-tools
- use correct loop counter in error path in gpio-manager
Improvements:
- make tests work with newer coreutils by removing cases checking tools'
behavior on SIGINT which stopped working due to changes in behavior of the
timeout tool
See: https://git.kernel.org/pub/scm/libs/libgpiod/libgpiod.git/tree/NEWS?h=v2.2.4
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
---
package/libgpiod2/libgpiod2.hash | 2 +-
package/libgpiod2/libgpiod2.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/libgpiod2/libgpiod2.hash b/package/libgpiod2/libgpiod2.hash
index 157e605ed5..a12752261a 100644
--- a/package/libgpiod2/libgpiod2.hash
+++ b/package/libgpiod2/libgpiod2.hash
@@ -1,4 +1,4 @@
# From https://www.kernel.org/pub/software/libs/libgpiod/sha256sums.asc
-sha256 70012b0262e4b90f140431efa841ca89643b02ea6c09f507e23cec664a51b71a libgpiod-2.2.3.tar.xz
+sha256 13207176b0eb9b3e0f02552d5f49f5a6a449343ce47416158bb484d9d3019592 libgpiod-2.2.4.tar.xz
# Hash for license file
sha256 f646ad5159efb51c1130a4b43c31f0759750b1e254d2acf510f368ee2e2085c3 COPYING
diff --git a/package/libgpiod2/libgpiod2.mk b/package/libgpiod2/libgpiod2.mk
index 8803a282fe..d83fdbd94a 100644
--- a/package/libgpiod2/libgpiod2.mk
+++ b/package/libgpiod2/libgpiod2.mk
@@ -6,7 +6,7 @@
# Be careful when bumping versions.
# Dependency on kernel header versions may change.
-LIBGPIOD2_VERSION = 2.2.3
+LIBGPIOD2_VERSION = 2.2.4
LIBGPIOD2_SOURCE = libgpiod-$(LIBGPIOD2_VERSION).tar.xz
LIBGPIOD2_SITE = https://www.kernel.org/pub/software/libs/libgpiod
LIBGPIOD2_LICENSE = LGPL-2.1+
--
2.53.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
* [Buildroot] [PATCH 2/2] package/python-gpiod: security bump to 2.4.2
2026-04-10 14:57 [Buildroot] [PATCH 1/2] package/libgpiod2: security bump to 2.2.4 Marcus Hoffmann via buildroot
@ 2026-04-10 14:57 ` Marcus Hoffmann via buildroot
0 siblings, 0 replies; 2+ messages in thread
From: Marcus Hoffmann via buildroot @ 2026-04-10 14:57 UTC (permalink / raw)
To: buildroot; +Cc: James Hilliard, Manuel Diener, Marcus Hoffmann
Update for libgpiod v2.2.4.
Contains the following security fix:
https://git.kernel.org/pub/scm/libs/libgpiod/libgpiod.git/commit/?h=python-v2.4.x&id=c3655b5f641b87656c11da3ac708608d2c0e05ee
The package now contains a proper LICENSE file in the sdist since:
https://git.kernel.org/pub/scm/libs/libgpiod/libgpiod.git/commit/?h=python-v2.4.x&id=51ee19fe1ec8a94b5ecfdc7627b0c574c7874a1b
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
---
package/python-gpiod/python-gpiod.hash | 6 +++---
package/python-gpiod/python-gpiod.mk | 7 +++----
2 files changed, 6 insertions(+), 7 deletions(-)
diff --git a/package/python-gpiod/python-gpiod.hash b/package/python-gpiod/python-gpiod.hash
index dfaafd4d4c..d3277c5a20 100644
--- a/package/python-gpiod/python-gpiod.hash
+++ b/package/python-gpiod/python-gpiod.hash
@@ -1,5 +1,5 @@
# md5, sha256 from https://pypi.org/pypi/gpiod/json
-md5 62cf044aa3214d0ebee6aef78db2aa52 gpiod-2.4.0.tar.gz
-sha256 9243a1a59d084ec749d1df4a1e2f238ffb9d94515b0d9f5335460175143c3aa1 gpiod-2.4.0.tar.gz
+md5 c9c2fb67d78204896d85a7945314356f gpiod-2.4.2.tar.gz
+sha256 602aae17ff365bb8e2a30ce65c6bbf2d8e7a7e64bf016e82e4fd4c730ef69ab7 gpiod-2.4.2.tar.gz
# Locally computed sha256 checksums
-sha256 a2b24e2158144b22a77a6a404fc5a05911612c5b99d7ab6d0e2addcaeb7514a3 pyproject.toml
+sha256 592987e8510228d546540b84a22444bde98e48d03078d3b2eefcd889bec5ce8c LICENSE
diff --git a/package/python-gpiod/python-gpiod.mk b/package/python-gpiod/python-gpiod.mk
index 8ab901972e..6881f0df43 100644
--- a/package/python-gpiod/python-gpiod.mk
+++ b/package/python-gpiod/python-gpiod.mk
@@ -4,13 +4,12 @@
#
################################################################################
-PYTHON_GPIOD_VERSION = 2.4.0
+PYTHON_GPIOD_VERSION = 2.4.2
PYTHON_GPIOD_SOURCE = gpiod-$(PYTHON_GPIOD_VERSION).tar.gz
-PYTHON_GPIOD_SITE = https://files.pythonhosted.org/packages/0c/dc/5a6bd309345bd9cfa7e098174ab7e65367e408539b6c1998e4f267c673cd
+PYTHON_GPIOD_SITE = https://files.pythonhosted.org/packages/13/ca/b3bd043091b4462d6c5561f86581f553df102d8990c37938ddbff2823016
PYTHON_GPIOD_SETUP_TYPE = setuptools
PYTHON_GPIOD_LICENSE = LGPL-2.1+
-# The package license follows libgpiod's license but doesn't include the LICENSE text in the pypi distrobuted package again
-PYTHON_GPIOD_LICENSE_FILES = pyproject.toml
+PYTHON_GPIOD_LICENSE_FILES = LICENSE
PYTHON_GPIOD_DEPENDENCIES = libgpiod2
PYTHON_GPIOD_ENV = LINK_SYSTEM_LIBGPIOD=1
--
2.53.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-04-10 14:59 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-10 14:57 [Buildroot] [PATCH 1/2] package/libgpiod2: security bump to 2.2.4 Marcus Hoffmann via buildroot
2026-04-10 14:57 ` [Buildroot] [PATCH 2/2] package/python-gpiod: security bump to 2.4.2 Marcus Hoffmann via buildroot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox