* [Buildroot] [PATCH 1/2] package/libgpiod2: security bump to 2.2.4
@ 2026-04-10 14:57 Marcus Hoffmann via buildroot
2026-04-10 14:57 ` [Buildroot] [PATCH 2/2] package/python-gpiod: security bump to 2.4.2 Marcus Hoffmann via buildroot
2026-04-12 17:04 ` [Buildroot] [PATCH 1/2] package/libgpiod2: security bump to 2.2.4 Julien Olivain via buildroot
0 siblings, 2 replies; 3+ messages in thread
From: Marcus Hoffmann via buildroot @ 2026-04-10 14:57 UTC (permalink / raw)
To: buildroot; +Cc: Boerge Struempfel
Bug fixes:
- fix buffer over-read bugs when translating uAPI structs to library types
- fix variable and argument types where necessary
- sanitize values returned by the kernel to avoid potential buffer overflows
- fix memory leaks in gpio-tools
- add missing return value checks in gpio-tools
- fix period parsing in gpio-tools
- use correct loop counter in error path in gpio-manager
Improvements:
- make tests work with newer coreutils by removing cases checking tools'
behavior on SIGINT which stopped working due to changes in behavior of the
timeout tool
See: https://git.kernel.org/pub/scm/libs/libgpiod/libgpiod.git/tree/NEWS?h=v2.2.4
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
---
package/libgpiod2/libgpiod2.hash | 2 +-
package/libgpiod2/libgpiod2.mk | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/package/libgpiod2/libgpiod2.hash b/package/libgpiod2/libgpiod2.hash
index 157e605ed5..a12752261a 100644
--- a/package/libgpiod2/libgpiod2.hash
+++ b/package/libgpiod2/libgpiod2.hash
@@ -1,4 +1,4 @@
# From https://www.kernel.org/pub/software/libs/libgpiod/sha256sums.asc
-sha256 70012b0262e4b90f140431efa841ca89643b02ea6c09f507e23cec664a51b71a libgpiod-2.2.3.tar.xz
+sha256 13207176b0eb9b3e0f02552d5f49f5a6a449343ce47416158bb484d9d3019592 libgpiod-2.2.4.tar.xz
# Hash for license file
sha256 f646ad5159efb51c1130a4b43c31f0759750b1e254d2acf510f368ee2e2085c3 COPYING
diff --git a/package/libgpiod2/libgpiod2.mk b/package/libgpiod2/libgpiod2.mk
index 8803a282fe..d83fdbd94a 100644
--- a/package/libgpiod2/libgpiod2.mk
+++ b/package/libgpiod2/libgpiod2.mk
@@ -6,7 +6,7 @@
# Be careful when bumping versions.
# Dependency on kernel header versions may change.
-LIBGPIOD2_VERSION = 2.2.3
+LIBGPIOD2_VERSION = 2.2.4
LIBGPIOD2_SOURCE = libgpiod-$(LIBGPIOD2_VERSION).tar.xz
LIBGPIOD2_SITE = https://www.kernel.org/pub/software/libs/libgpiod
LIBGPIOD2_LICENSE = LGPL-2.1+
--
2.53.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* [Buildroot] [PATCH 2/2] package/python-gpiod: security bump to 2.4.2
2026-04-10 14:57 [Buildroot] [PATCH 1/2] package/libgpiod2: security bump to 2.2.4 Marcus Hoffmann via buildroot
@ 2026-04-10 14:57 ` Marcus Hoffmann via buildroot
2026-04-12 17:04 ` [Buildroot] [PATCH 1/2] package/libgpiod2: security bump to 2.2.4 Julien Olivain via buildroot
1 sibling, 0 replies; 3+ messages in thread
From: Marcus Hoffmann via buildroot @ 2026-04-10 14:57 UTC (permalink / raw)
To: buildroot; +Cc: James Hilliard, Manuel Diener, Marcus Hoffmann
Update for libgpiod v2.2.4.
Contains the following security fix:
https://git.kernel.org/pub/scm/libs/libgpiod/libgpiod.git/commit/?h=python-v2.4.x&id=c3655b5f641b87656c11da3ac708608d2c0e05ee
The package now contains a proper LICENSE file in the sdist since:
https://git.kernel.org/pub/scm/libs/libgpiod/libgpiod.git/commit/?h=python-v2.4.x&id=51ee19fe1ec8a94b5ecfdc7627b0c574c7874a1b
Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
---
package/python-gpiod/python-gpiod.hash | 6 +++---
package/python-gpiod/python-gpiod.mk | 7 +++----
2 files changed, 6 insertions(+), 7 deletions(-)
diff --git a/package/python-gpiod/python-gpiod.hash b/package/python-gpiod/python-gpiod.hash
index dfaafd4d4c..d3277c5a20 100644
--- a/package/python-gpiod/python-gpiod.hash
+++ b/package/python-gpiod/python-gpiod.hash
@@ -1,5 +1,5 @@
# md5, sha256 from https://pypi.org/pypi/gpiod/json
-md5 62cf044aa3214d0ebee6aef78db2aa52 gpiod-2.4.0.tar.gz
-sha256 9243a1a59d084ec749d1df4a1e2f238ffb9d94515b0d9f5335460175143c3aa1 gpiod-2.4.0.tar.gz
+md5 c9c2fb67d78204896d85a7945314356f gpiod-2.4.2.tar.gz
+sha256 602aae17ff365bb8e2a30ce65c6bbf2d8e7a7e64bf016e82e4fd4c730ef69ab7 gpiod-2.4.2.tar.gz
# Locally computed sha256 checksums
-sha256 a2b24e2158144b22a77a6a404fc5a05911612c5b99d7ab6d0e2addcaeb7514a3 pyproject.toml
+sha256 592987e8510228d546540b84a22444bde98e48d03078d3b2eefcd889bec5ce8c LICENSE
diff --git a/package/python-gpiod/python-gpiod.mk b/package/python-gpiod/python-gpiod.mk
index 8ab901972e..6881f0df43 100644
--- a/package/python-gpiod/python-gpiod.mk
+++ b/package/python-gpiod/python-gpiod.mk
@@ -4,13 +4,12 @@
#
################################################################################
-PYTHON_GPIOD_VERSION = 2.4.0
+PYTHON_GPIOD_VERSION = 2.4.2
PYTHON_GPIOD_SOURCE = gpiod-$(PYTHON_GPIOD_VERSION).tar.gz
-PYTHON_GPIOD_SITE = https://files.pythonhosted.org/packages/0c/dc/5a6bd309345bd9cfa7e098174ab7e65367e408539b6c1998e4f267c673cd
+PYTHON_GPIOD_SITE = https://files.pythonhosted.org/packages/13/ca/b3bd043091b4462d6c5561f86581f553df102d8990c37938ddbff2823016
PYTHON_GPIOD_SETUP_TYPE = setuptools
PYTHON_GPIOD_LICENSE = LGPL-2.1+
-# The package license follows libgpiod's license but doesn't include the LICENSE text in the pypi distrobuted package again
-PYTHON_GPIOD_LICENSE_FILES = pyproject.toml
+PYTHON_GPIOD_LICENSE_FILES = LICENSE
PYTHON_GPIOD_DEPENDENCIES = libgpiod2
PYTHON_GPIOD_ENV = LINK_SYSTEM_LIBGPIOD=1
--
2.53.0
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH 1/2] package/libgpiod2: security bump to 2.2.4
2026-04-10 14:57 [Buildroot] [PATCH 1/2] package/libgpiod2: security bump to 2.2.4 Marcus Hoffmann via buildroot
2026-04-10 14:57 ` [Buildroot] [PATCH 2/2] package/python-gpiod: security bump to 2.4.2 Marcus Hoffmann via buildroot
@ 2026-04-12 17:04 ` Julien Olivain via buildroot
1 sibling, 0 replies; 3+ messages in thread
From: Julien Olivain via buildroot @ 2026-04-12 17:04 UTC (permalink / raw)
To: Marcus Hoffmann; +Cc: buildroot, Boerge Struempfel
On 10/04/2026 16:57, Marcus Hoffmann via buildroot wrote:
> Bug fixes:
> - fix buffer over-read bugs when translating uAPI structs to library
> types
> - fix variable and argument types where necessary
> - sanitize values returned by the kernel to avoid potential buffer
> overflows
> - fix memory leaks in gpio-tools
> - add missing return value checks in gpio-tools
> - fix period parsing in gpio-tools
> - use correct loop counter in error path in gpio-manager
>
> Improvements:
> - make tests work with newer coreutils by removing cases checking
> tools'
> behavior on SIGINT which stopped working due to changes in behavior
> of the
> timeout tool
>
> See:
> https://git.kernel.org/pub/scm/libs/libgpiod/libgpiod.git/tree/NEWS?h=v2.2.4
>
> Signed-off-by: Marcus Hoffmann <buildroot@bubu1.eu>
Series applied to master, thanks. I added a comment in the commit log
that the no CVE published for this. We usually mark bumps as "security"
only when there is an advisory, but since the changelog was explicitly
mentioning those security fixes, I kept the "security" but added the
comment. See:
https://gitlab.com/buildroot.org/buildroot/-/commit/6ac53518a0ceb0611ee08adef500fc8d2994d21a
Best regards,
Julien.
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2026-04-12 17:04 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-04-10 14:57 [Buildroot] [PATCH 1/2] package/libgpiod2: security bump to 2.2.4 Marcus Hoffmann via buildroot
2026-04-10 14:57 ` [Buildroot] [PATCH 2/2] package/python-gpiod: security bump to 2.4.2 Marcus Hoffmann via buildroot
2026-04-12 17:04 ` [Buildroot] [PATCH 1/2] package/libgpiod2: security bump to 2.2.4 Julien Olivain via buildroot
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox