* [Buildroot] [PATCH 1/1] package/gpsd: security bump version to 3.27.2
@ 2025-12-29 8:37 Bernd Kuhls
2026-02-03 15:54 ` Thomas Petazzoni via buildroot
0 siblings, 1 reply; 2+ messages in thread
From: Bernd Kuhls @ 2025-12-29 8:37 UTC (permalink / raw)
To: buildroot; +Cc: Yann E . MORIN
https://gitlab.com/gpsd/gpsd/-/blob/release-3.27.2/NEWS
Removed all patches which are included in this release.
Fixes CVE-2025-67268 & CVE-2025-67269.
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
---
...ile-and-dumpfile-options-for-gpsprof.patch | 40 ----------
...02-gpsd-gpsd.c-Fix-empty-gst-in-POLL.patch | 78 -------------------
...t-force-_TIME_BITS-on-a-32-bit-syste.patch | 49 ------------
...e.c-Make-client-UDP-socket-non-block.patch | 32 --------
package/gpsd/gpsd.hash | 2 +-
package/gpsd/gpsd.mk | 2 +-
6 files changed, 2 insertions(+), 201 deletions(-)
delete mode 100644 package/gpsd/0001-Fix-the-logfile-and-dumpfile-options-for-gpsprof.patch
delete mode 100644 package/gpsd/0002-gpsd-gpsd.c-Fix-empty-gst-in-POLL.patch
delete mode 100644 package/gpsd/0003-SConscript-Do-not-force-_TIME_BITS-on-a-32-bit-syste.patch
delete mode 100644 package/gpsd/0004-gpsd-libgpsd_core.c-Make-client-UDP-socket-non-block.patch
diff --git a/package/gpsd/0001-Fix-the-logfile-and-dumpfile-options-for-gpsprof.patch b/package/gpsd/0001-Fix-the-logfile-and-dumpfile-options-for-gpsprof.patch
deleted file mode 100644
index d466c9fc58..0000000000
--- a/package/gpsd/0001-Fix-the-logfile-and-dumpfile-options-for-gpsprof.patch
+++ /dev/null
@@ -1,40 +0,0 @@
-From f18e52dad4eeba2434a988bc899f6c7fe973f4ba Mon Sep 17 00:00:00 2001
-Message-Id: <f18e52dad4eeba2434a988bc899f6c7fe973f4ba.1749533625.git.yann.morin@orange.com>
-From: Richard Lindsley <rich.lindsley@gmail.com>
-Date: Fri, 23 May 2025 18:48:57 -0700
-Subject: [PATCH] Fix the --logfile and --dumpfile options for gpsprof
-
-The open() function requires that the "encoding" argument is a str or
-None.
-
-Upstream: https://gitlab.com/gpsd/gpsd/-/commit/bad9973b8e73e9e2cc0af2555edc9c8a0855d203
-Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
----
- clients/gpsprof.py.in | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/clients/gpsprof.py.in b/clients/gpsprof.py.in
-index 8b1a5234b..e5e448a53 100644
---- a/clients/gpsprof.py.in
-+++ b/clients/gpsprof.py.in
-@@ -1208,7 +1208,7 @@ if __name__ == '__main__':
- options = parser.parse_args()
-
- if options.logfile:
-- options.logfp = open(options.logfile, "w", encoding=ascii)
-+ options.logfp = open(options.logfile, "w", encoding="ascii")
- else:
- options.logfp = None
-
-@@ -1255,7 +1255,7 @@ if __name__ == '__main__':
- plot.postprocess()
- # Save the timing data (only) for post-analysis if required.
- if options.dumpfile:
-- with open(options.dumpfile, "w", encoding=ascii) as fp:
-+ with open(options.dumpfile, "w", encoding="ascii") as fp:
- fp.write(plot.dump())
- if options.logfp:
- options.logfp.close()
---
-2.34.1
-
diff --git a/package/gpsd/0002-gpsd-gpsd.c-Fix-empty-gst-in-POLL.patch b/package/gpsd/0002-gpsd-gpsd.c-Fix-empty-gst-in-POLL.patch
deleted file mode 100644
index d07a8970f4..0000000000
--- a/package/gpsd/0002-gpsd-gpsd.c-Fix-empty-gst-in-POLL.patch
+++ /dev/null
@@ -1,78 +0,0 @@
-From 98e61729d84b3e3698cde4ec7fe446b932d333fc Mon Sep 17 00:00:00 2001
-Message-Id: <98e61729d84b3e3698cde4ec7fe446b932d333fc.1749533625.git.yann.morin@orange.com>
-In-Reply-To: <f18e52dad4eeba2434a988bc899f6c7fe973f4ba.1749533625.git.yann.morin@orange.com>
-References: <f18e52dad4eeba2434a988bc899f6c7fe973f4ba.1749533625.git.yann.morin@orange.com>
-From: "Gary E. Miller" <gem@rellim.com>
-Date: Thu, 5 Jun 2025 17:40:56 -0700
-Subject: [PATCH] gpsd/gpsd.c: Fix empty gst[,] in POLL.
-
-Fix issue 336.
-
-Upstream: https://gitlab.com/gpsd/gpsd/-/commit/3185c5790c3e7e31c6cc80174940f0385cba2617
-Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
----
- gpsd/gpsd.c | 30 ++++++++++++++++++++++--------
- 1 file changed, 22 insertions(+), 8 deletions(-)
-
-diff --git a/gpsd/gpsd.c b/gpsd/gpsd.c
-index 5a98a4470..3797ace13 100644
---- a/gpsd/gpsd.c
-+++ b/gpsd/gpsd.c
-@@ -1555,10 +1555,15 @@ static void handle_request(struct subscriber_t *sub, const char *buf,
- for (devp = devices; devp < devices + MAX_DEVICES; devp++) {
- if (allocated_device(devp) && subscribed(sub, devp)) {
- if (0 != (devp->observed & GPS_TYPEMASK)) {
-+ size_t rlen = strnlen(reply, replylen);
-+
- json_tpv_dump(NAVDATA_SET, devp, &sub->policy,
-- reply + strnlen(reply, replylen),
-- replylen - strnlen(reply, replylen));
-+ reply + rlen, replylen - rlen);
- rstrip(reply, replylen);
-+ if (strnlen(reply, replylen) == rlen) {
-+ // no data
-+ continue;
-+ }
- (void)strlcat(reply, ",", replylen);
- }
- }
-@@ -1568,10 +1573,15 @@ static void handle_request(struct subscriber_t *sub, const char *buf,
- for (devp = devices; devp < devices + MAX_DEVICES; devp++) {
- if (allocated_device(devp) && subscribed(sub, devp)) {
- if (0 != (devp->observed & GPS_TYPEMASK)) {
-- json_noise_dump(&devp->gpsdata,
-- reply + strnlen(reply, replylen),
-- replylen - strnlen(reply, replylen));
-+ size_t rlen = strnlen(reply, replylen);
-+
-+ json_noise_dump(&devp->gpsdata, reply + rlen,
-+ replylen - rlen);
- rstrip(reply, replylen);
-+ if (strnlen(reply, replylen) == rlen) {
-+ // no data
-+ continue;
-+ }
- (void)strlcat(reply, ",", replylen);
- }
- }
-@@ -1581,10 +1591,14 @@ static void handle_request(struct subscriber_t *sub, const char *buf,
- for (devp = devices; devp < devices + MAX_DEVICES; devp++) {
- if (allocated_device(devp) && subscribed(sub, devp)) {
- if (0 != (devp->observed & GPS_TYPEMASK)) {
-- json_sky_dump(devp,
-- reply + strnlen(reply, replylen),
-- replylen - strnlen(reply, replylen));
-+ size_t rlen = strnlen(reply, replylen);
-+
-+ json_sky_dump(devp, reply + rlen, replylen - rlen);
- rstrip(reply, replylen);
-+ if (strnlen(reply, replylen) == rlen) {
-+ // no data
-+ continue;
-+ }
- (void)strlcat(reply, ",", replylen);
- }
- }
---
-2.34.1
-
diff --git a/package/gpsd/0003-SConscript-Do-not-force-_TIME_BITS-on-a-32-bit-syste.patch b/package/gpsd/0003-SConscript-Do-not-force-_TIME_BITS-on-a-32-bit-syste.patch
deleted file mode 100644
index 16a0ca6f88..0000000000
--- a/package/gpsd/0003-SConscript-Do-not-force-_TIME_BITS-on-a-32-bit-syste.patch
+++ /dev/null
@@ -1,49 +0,0 @@
-From a1f36cf216861ac6499654b4e6e4d54107142cfc Mon Sep 17 00:00:00 2001
-Message-Id: <a1f36cf216861ac6499654b4e6e4d54107142cfc.1749533625.git.yann.morin@orange.com>
-In-Reply-To: <f18e52dad4eeba2434a988bc899f6c7fe973f4ba.1749533625.git.yann.morin@orange.com>
-References: <f18e52dad4eeba2434a988bc899f6c7fe973f4ba.1749533625.git.yann.morin@orange.com>
-From: "Gary E. Miller" <gem@rellim.com>
-Date: Thu, 5 Jun 2025 18:14:55 -0700
-Subject: [PATCH] SConscript: Do not force _TIME_BITS on a 32 bit system.
-
-The build assumed that if _TIME_BITS existed on a system then it was OK
-to set it. Turns out that is a bad assumption.
-
-Leave it to the builds to decide when _TIME_BITS should be used.
-
-Upstream: https://gitlab.com/gpsd/gpsd/-/commit/95814d22276c34abe72a35b89065b1190d34f9bf
-Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
----
- SConscript | 16 +++-------------
- 1 file changed, 3 insertions(+), 13 deletions(-)
-
-diff --git a/SConscript b/SConscript
-index 28105fa7b..357c53f2b 100644
---- a/SConscript
-+++ b/SConscript
-@@ -1335,19 +1335,9 @@ if not cleaning and not helping:
- # check for 64 bit time_t. Needed for 2038.
- sizeof_time_t = config.CheckTypeSize("time_t", "#include <time.h>",
- expect=8)
-- if 0 == sizeof_time_t:
-- # see if we can force time64_t
-- # this needs glibc 2.34 or later, and a compatible kernel
-- sizeof_time_t = config.CheckTypeSize("time_t",
-- "#define _TIME_BITS 64\n"
-- "#define _FILE_OFFSET_BITS 64\n"
-- "#include <time.h>",
-- expect=8)
-- if 0 != sizeof_time_t:
-- # force time64_t
-- confdefs.append("// Forcing 64-bit time_t\n"
-- "#define _TIME_BITS 64\n"
-- "#define _FILE_OFFSET_BITS 64\n")
-+ # do not try to force time64_t, that is a distro decision.
-+ # it needs glibc 2.34 or later, and a compatible kernel
-+ # CFLAGS += "-D_TIME_BITS 64 -D_FILE_OFFSET_BITS 64"
-
- if 0 == sizeof_time_t:
- announce("WARNING: time_t is too small. It will fail in 2038")
---
-2.34.1
-
diff --git a/package/gpsd/0004-gpsd-libgpsd_core.c-Make-client-UDP-socket-non-block.patch b/package/gpsd/0004-gpsd-libgpsd_core.c-Make-client-UDP-socket-non-block.patch
deleted file mode 100644
index 73ecce5b8b..0000000000
--- a/package/gpsd/0004-gpsd-libgpsd_core.c-Make-client-UDP-socket-non-block.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From 0b1769a3abe386c139a8b4d4967b57a00f0f286a Mon Sep 17 00:00:00 2001
-Message-Id: <0b1769a3abe386c139a8b4d4967b57a00f0f286a.1749533625.git.yann.morin@orange.com>
-In-Reply-To: <f18e52dad4eeba2434a988bc899f6c7fe973f4ba.1749533625.git.yann.morin@orange.com>
-References: <f18e52dad4eeba2434a988bc899f6c7fe973f4ba.1749533625.git.yann.morin@orange.com>
-From: Miroslav Lichvar <mlichvar@redhat.com>
-Date: Tue, 10 Jun 2025 00:21:52 +0200
-Subject: [PATCH] gpsd/libgpsd_core.c: Make client UDP socket non-blocking.
-
-Resolving issue #337
-
-Upstream: https://gitlab.com/gpsd/gpsd/-/commit/992a90e6a50b4d3dcb091fff4658e7892c985c7f
-Signed-off-by: Yann E. MORIN <yann.morin@orange.com>
----
- gpsd/libgpsd_core.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/gpsd/libgpsd_core.c b/gpsd/libgpsd_core.c
-index f328648f7..6b77e2b97 100644
---- a/gpsd/libgpsd_core.c
-+++ b/gpsd/libgpsd_core.c
-@@ -614,7 +614,7 @@ int gpsd_open(struct gps_device_t *session)
- "CORE: opening UDP feed at %s, port %s.\n", host,
- port);
- if (0 > (dsock = netlib_connectsock1(AF_UNSPEC, host, port, "udp",
-- 0, true, NULL, 0))) {
-+ 1, true, NULL, 0))) {
- // cast for 32-bit ints.
- GPSD_LOG(LOG_ERROR, &session->context->errout,
- "CORE: UDP device open error %s(%ld).\n",
---
-2.34.1
-
diff --git a/package/gpsd/gpsd.hash b/package/gpsd/gpsd.hash
index 984ddab125..a7b76afbc6 100644
--- a/package/gpsd/gpsd.hash
+++ b/package/gpsd/gpsd.hash
@@ -1,3 +1,3 @@
# Locally calculated
-sha256 dc7e465968c1540e61bc57c7586d6a57a0047212a014efdad348f907bc2e0990 gpsd-3.26.1.tar.gz
+sha256 ebb66ed92018b79cec88efb60e35a596925eef46502cf03d6ff0aea636ee7461 gpsd-3.27.2.tar.gz
sha256 fdf339997bbca9eaf507476b82fbcac608fc39a3d89b86b51e16db4c9f933716 COPYING
diff --git a/package/gpsd/gpsd.mk b/package/gpsd/gpsd.mk
index c5c4dad296..f52c00ee17 100644
--- a/package/gpsd/gpsd.mk
+++ b/package/gpsd/gpsd.mk
@@ -4,7 +4,7 @@
#
################################################################################
-GPSD_VERSION = 3.26.1
+GPSD_VERSION = 3.27.2
GPSD_SITE = http://download-mirror.savannah.gnu.org/releases/gpsd
GPSD_LICENSE = BSD-2-Clause
GPSD_LICENSE_FILES = COPYING
--
2.47.3
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-02-03 15:55 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-12-29 8:37 [Buildroot] [PATCH 1/1] package/gpsd: security bump version to 3.27.2 Bernd Kuhls
2026-02-03 15:54 ` Thomas Petazzoni via buildroot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox