libcoap: Upgrade 4.3.4 -> 4.3.5

Drop backport of CVE-2024-0962. Change summary for version 4.3.5: * Support for wolfSSL TLS library. * Support for DTLS1.3 (using wolfSSL). * Support for Mbed TLS 3.6.0. * Support for EC-JPAKE (Mbed TLS) * TinyDTLS version update. * Support for RIOT using SOCK i/f. * Support for LwIP 2.2.0. * Support for LwIP using NO_SYS set to 0. * Support for (Posix based) Zephyr. * Support for QNX builds. * Support for ESP32 xtensa builds. * Updated Contiki-NG support. * Support for multi-thread safe libcoap usage. * Support for defining binary PSK for coap-client and coap-server. * Support for Connection-ID (CID) (Mbed TLS, wolfSSL and TinyDTLS). * Added new define types for defining PKI parameters. * Support for user definable ENGINE for OpenSSL. * Support for using noTLS and TinyDTLS with WebSockets. * Support for providing list of compilation #defines. * Support for proxy code running within lbcoap. * Cleaned up support for building .h files. * Additional scan-build and pre-commit checks in build tests. * Updated CI build tests to use latest action versions. * Fixes CVE-2023-35862. * Reported bugs fixed. * Documentation added and updated (Doxygen and man). License-Update: Updated years Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
author: Alex Kiernan <alex.kiernan@gmail.com> 2025-06-14 09:26:34 +0000
committer: Khem Raj <raj.khem@gmail.com> 2025-06-20 10:34:11 -0700
commit: ac184d5f50bcb213ebcd2da1cfa3a0c680066d53 (patch)
tree: 2621fad850c3963d56a6339279d87d2013fb8aa2 /meta-networking
parent: e8c0e64e89b565a55d4c4fefe30a90a25fbe5831 (diff)
download: meta-openembedded-ac184d5f50bcb213ebcd2da1cfa3a0c680066d53.tar.gz
2 files changed, 2 insertions, 48 deletions
diff --git a/meta-networking/recipes-devtools/libcoap/libcoap/CVE-2024-0962.patch b/meta-networking/recipes-devtools/libcoap/libcoap/CVE-2024-0962.patch
deleted file mode 100644
index add52483b7..0000000000
--- a/meta-networking/recipes-devtools/libcoap/libcoap/CVE-2024-0962.patch
+++ /dev/null
@@ -1,45 +0,0 @@
-From bf6a303883bde40cf96b960c8574cddd89e71701 Mon Sep 17 00:00:00 2001
-From: Jon Shallow <supjps-libcoap@jpshallow.com>
-Date: Thu, 25 Jan 2024 18:03:17 +0000
-Subject: [PATCH] coap_oscore.c: Fix parsing OSCORE configuration information
-A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical.
-Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler.
-The manipulation leads to stack-based buffer overflow.
-CVE: CVE-2024-0962
-Upstream-Status: Backport [https://github.com/obgm/libcoap/pull/1311]
-Signed-off-by: alperak <alperyasinak1@gmail.com>
---
- src/coap_oscore.c | 5 +++--
- 1 file changed, 3 insertions(+), 2 deletions(-)
-diff --git a/src/coap_oscore.c b/src/coap_oscore.c
-index 83f785c92..e0fb22947 100644
--- a/src/coap_oscore.c
-+++ b/src/coap_oscore.c
-@@ -1678,11 +1678,12 @@ get_split_entry(const char **start,
-                 oscore_value_t *value) {
-   const char *begin = *start;
-   const char *end;
-+  const char *kend;
-   const char *split;
-   size_t i;
- retry:
-  end = memchr(begin, '\n', size);
-+  kend = end = memchr(begin, '\n', size);
-   if (end == NULL)
-     return 0;
-@@ -1693,7 +1694,7 @@ get_split_entry(const char **start,
-   if (begin[0] == '#' || (end - begin) == 0) {
-     /* Skip comment / blank line */
-    size -= end - begin + 1;
-+    size -= kend - begin + 1;
-     begin = *start;
-     goto retry;
-   }
diff --git a/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb b/meta-networking/recipes-devtools/libcoap/libcoap_4.3.5.bb
index 604fec8072..9e88b1af46 100644
--- a/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb
+++ b/meta-networking/recipes-devtools/libcoap/libcoap_4.3.5.bb
@@ -5,13 +5,12 @@ RF range, memory, bandwith, or network packet sizes."
 HOMEPAGE = "https://libcoap.net/"
 LICENSE = "BSD-2-Clause & BSD-3-Clause"
-LIC_FILES_CHKSUM = "file://LICENSE;md5=1978dbc41673ab1c20e64b287c8317bc"
+LIC_FILES_CHKSUM = "file://LICENSE;md5=9aa68c0f6785376aa8ec7f4f1aa6ae3c"
 SRC_URI = "git://github.com/obgm/libcoap.git;branch=main;protocol=https \
           file://run-ptest \
-           file://CVE-2024-0962.patch \
           "
-SRCREV = "5fd2f89ef068214130e5d60b7087ef48711fa615"
+SRCREV = "7cf7465b784baded4de183290c547d582becfd28"
 S = "${WORKDIR}/git"
author	Alex Kiernan <alex.kiernan@gmail.com>	2025-06-14 09:26:34 +0000
committer	Khem Raj <raj.khem@gmail.com>	2025-06-20 10:34:11 -0700
commit	ac184d5f50bcb213ebcd2da1cfa3a0c680066d53 (patch)
tree	2621fad850c3963d56a6339279d87d2013fb8aa2 /meta-networking
parent	e8c0e64e89b565a55d4c4fefe30a90a25fbe5831 (diff)
download	meta-openembedded-ac184d5f50bcb213ebcd2da1cfa3a0c680066d53.tar.gz

diff --git a/meta-networking/recipes-devtools/libcoap/libcoap/CVE-2024-0962.patch b/meta-networking/recipes-devtools/libcoap/libcoap/CVE-2024-0962.patch deleted file mode 100644 index add52483b7..0000000000 --- a/meta-networking/recipes-devtools/libcoap/libcoap/CVE-2024-0962.patch +++ /dev/null
@@ -1,45 +0,0 @@
1	From bf6a303883bde40cf96b960c8574cddd89e71701 Mon Sep 17 00:00:00 2001
2	From: Jon Shallow <supjps-libcoap@jpshallow.com>
3	Date: Thu, 25 Jan 2024 18:03:17 +0000
4	Subject: [PATCH] coap_oscore.c: Fix parsing OSCORE configuration information
5
6	A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical.
7	Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler.
8	The manipulation leads to stack-based buffer overflow.
9
10	CVE: CVE-2024-0962
11
12	Upstream-Status: Backport [https://github.com/obgm/libcoap/pull/1311]
13
14	Signed-off-by: alperak <alperyasinak1@gmail.com>
15	---
16	src/coap_oscore.c \| 5 +++--
17	1 file changed, 3 insertions(+), 2 deletions(-)
18
19	diff --git a/src/coap_oscore.c b/src/coap_oscore.c
20	index 83f785c92..e0fb22947 100644
21	--- a/src/coap_oscore.c
22	+++ b/src/coap_oscore.c
23	@@ -1678,11 +1678,12 @@ get_split_entry(const char **start,
24	oscore_value_t *value) {
25	const char begin = start;
26	const char *end;
27	+ const char *kend;
28	const char *split;
29	size_t i;
30
31	retry:
32	- end = memchr(begin, '\n', size);
33	+ kend = end = memchr(begin, '\n', size);
34	if (end == NULL)
35	return 0;
36
37	@@ -1693,7 +1694,7 @@ get_split_entry(const char **start,
38
39	if (begin[0] == '#' \|\| (end - begin) == 0) {
40	/* Skip comment / blank line */
41	- size -= end - begin + 1;
42	+ size -= kend - begin + 1;
43	begin = *start;
44	goto retry;
45	}


diff --git a/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb b/meta-networking/recipes-devtools/libcoap/libcoap_4.3.5.bb index 604fec8072..9e88b1af46 100644 --- a/meta-networking/recipes-devtools/libcoap/libcoap_4.3.4.bb +++ b/meta-networking/recipes-devtools/libcoap/libcoap_4.3.5.bb
@@ -5,13 +5,12 @@ RF range, memory, bandwith, or network packet sizes."
5	HOMEPAGE = "https://libcoap.net/"	5	HOMEPAGE = "https://libcoap.net/"
6		6
7	LICENSE = "BSD-2-Clause & BSD-3-Clause"	7	LICENSE = "BSD-2-Clause & BSD-3-Clause"
8	LIC_FILES_CHKSUM = "file://LICENSE;md5=1978dbc41673ab1c20e64b287c8317bc"	8	LIC_FILES_CHKSUM = "file://LICENSE;md5=9aa68c0f6785376aa8ec7f4f1aa6ae3c"
9		9
10	SRC_URI = "git://github.com/obgm/libcoap.git;branch=main;protocol=https \	10	SRC_URI = "git://github.com/obgm/libcoap.git;branch=main;protocol=https \
11	file://run-ptest \	11	file://run-ptest \
12	file://CVE-2024-0962.patch \
13	"	12	"
14	SRCREV = "5fd2f89ef068214130e5d60b7087ef48711fa615"	13	SRCREV = "7cf7465b784baded4de183290c547d582becfd28"
15		14
16	S = "${WORKDIR}/git"	15	S = "${WORKDIR}/git"
17		16