[Buildroot] [v2 PATCH 1/1] package/libcoap: bump version to 4.3.5
Arnout Vandecappelle
arnout at rnout.be
Wed Apr 16 21:33:21 UTC 2025
On 09/04/2025 18:33, Thomas Perale via buildroot wrote:
> The patch introduced in [1] that fixed the CVE-2024-0962 is now
> available upstream in the 4.3.5 release [2].
>
> For more details see the release note:
>
> https://github.com/obgm/libcoap/blob/v4.3.5/ChangeLog
>
> [1] 9002b818be package/libcoap: fix CVE-2024-0962
> [2] https://github.com/obgm/libcoap/commit/2b28d8b0e9607e71a145345b4fe49517e052b7d9
>
> Signed-off-by: Thomas Perale <thomas.perale at mind.be>
Applied to 2025.02.x, 2024.11.x and 2024.02.x, thanks.
Regards,
Arnout
> ---
> ...ing-OSCORE-configuration-information.patch | 38 -------------------
> package/libcoap/libcoap.hash | 2 +-
> package/libcoap/libcoap.mk | 5 +--
> 3 files changed, 2 insertions(+), 43 deletions(-)
> delete mode 100644 package/libcoap/0001-coap_oscore-c-Fix-parsing-OSCORE-configuration-information.patch
>
> diff --git a/package/libcoap/0001-coap_oscore-c-Fix-parsing-OSCORE-configuration-information.patch b/package/libcoap/0001-coap_oscore-c-Fix-parsing-OSCORE-configuration-information.patch
> deleted file mode 100644
> index e75250d613..0000000000
> --- a/package/libcoap/0001-coap_oscore-c-Fix-parsing-OSCORE-configuration-information.patch
> +++ /dev/null
> @@ -1,38 +0,0 @@
> -From 2b28d8b0e9607e71a145345b4fe49517e052b7d9 Mon Sep 17 00:00:00 2001
> -From: Jon Shallow <supjps-libcoap at jpshallow.com>
> -Date: Thu, 25 Jan 2024 18:03:17 +0000
> -Subject: [PATCH] coap_oscore.c: Fix parsing OSCORE configuration information
> -
> -Upstream: https://github.com/obgm/libcoap/commit/2b28d8b0e9607e71a145345b4fe49517e052b7d9
> -Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
> ----
> - src/coap_oscore.c | 5 +++--
> - 1 file changed, 3 insertions(+), 2 deletions(-)
> -
> -diff --git a/src/coap_oscore.c b/src/coap_oscore.c
> -index 83f785c92..e0fb22947 100644
> ---- a/src/coap_oscore.c
> -+++ b/src/coap_oscore.c
> -@@ -1678,11 +1678,12 @@ get_split_entry(const char **start,
> - oscore_value_t *value) {
> - const char *begin = *start;
> - const char *end;
> -+ const char *kend;
> - const char *split;
> - size_t i;
> -
> - retry:
> -- end = memchr(begin, '\n', size);
> -+ kend = end = memchr(begin, '\n', size);
> - if (end == NULL)
> - return 0;
> -
> -@@ -1693,7 +1694,7 @@ get_split_entry(const char **start,
> -
> - if (begin[0] == '#' || (end - begin) == 0) {
> - /* Skip comment / blank line */
> -- size -= end - begin + 1;
> -+ size -= kend - begin + 1;
> - begin = *start;
> - goto retry;
> - }
> diff --git a/package/libcoap/libcoap.hash b/package/libcoap/libcoap.hash
> index 20abb94f8f..2b0c3bcde4 100644
> --- a/package/libcoap/libcoap.hash
> +++ b/package/libcoap/libcoap.hash
> @@ -1,4 +1,4 @@
> # Locally calculated
> -sha256 ae61a48c21f7b40e1442c9e1da9aab9e6f2cf0deccb02f3fed4de232a0b0522e libcoap-4.3.4.tar.gz
> +sha256 a417ed26ec6c95c041b42353b5b6fad1602e2bf42a6e26c09863450e227b7b5f libcoap-4.3.5.tar.gz
> sha256 09dd86a017bad210527085008cbf706609c58210897b69845af14099577e7eb7 COPYING
> sha256 bdd94ddd8e75010aebd045ead1c951110788003395c708811d6960248acb3891 LICENSE
> diff --git a/package/libcoap/libcoap.mk b/package/libcoap/libcoap.mk
> index 29161142f6..c5e5f85c62 100644
> --- a/package/libcoap/libcoap.mk
> +++ b/package/libcoap/libcoap.mk
> @@ -4,7 +4,7 @@
> #
> ################################################################################
>
> -LIBCOAP_VERSION = 4.3.4
> +LIBCOAP_VERSION = 4.3.5
> LIBCOAP_SITE = $(call github,obgm,libcoap,v$(LIBCOAP_VERSION))
> LIBCOAP_INSTALL_STAGING = YES
> LIBCOAP_LICENSE = BSD-2-Clause
> @@ -15,9 +15,6 @@ LIBCOAP_CONF_OPTS = \
> --disable-examples --disable-examples-source --without-tinydtls
> LIBCOAP_AUTORECONF = YES
>
> -# 0001-coap_oscore-c-Fix-parsing-OSCORE-configuration-information.patch
> -LIBCOAP_IGNORE_CVES += CVE-2024-0962
> -
> ifeq ($(BR2_PACKAGE_GNUTLS),y)
> LIBCOAP_DEPENDENCIES += gnutls
> LIBCOAP_CONF_OPTS += \
More information about the buildroot
mailing list