mirror of
https://git.busybox.net/buildroot.git
synced 2024-11-27 15:33:28 +08:00
package/libcoap: bump to version 4.3.4
- Drop patch (already in version)
- LIBCOAP_IGNORE_CVES is not needed after bump
- Update hash of license file: LGPL-2.1 added when RIOT support with
8d869fff04
https://github.com/obgm/libcoap/blob/v4.3.4/ChangeLog
https://github.com/obgm/libcoap/compare/v4.3.1...v4.3.4
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
This commit is contained in:
parent
522f25ed42
commit
f5d88d8db3
@ -1,59 +0,0 @@
|
||||
From c63ecbdc6b38cc7e571a72964fe9ca63834dcc89 Mon Sep 17 00:00:00 2001
|
||||
From: Jon Shallow <supjps-libcoap@jpshallow.com>
|
||||
Date: Wed, 6 Sep 2023 21:38:13 +0200
|
||||
Subject: [PATCH] Backport fix for CVE-2023-30362
|
||||
|
||||
Upstream: https://github.com/obgm/libcoap/issues/1063#issuecomment-1626962307
|
||||
Signed-off-by: Daniel Lang <dalang@gmx.at>
|
||||
---
|
||||
src/net.c | 34 +++++++++++++++++++++-------------
|
||||
1 file changed, 21 insertions(+), 13 deletions(-)
|
||||
|
||||
diff --git a/src/net.c b/src/net.c
|
||||
index 98859443..e259ab00 100644
|
||||
--- a/src/net.c
|
||||
+++ b/src/net.c
|
||||
@@ -1305,19 +1305,27 @@ coap_send_internal(coap_session_t *session, coap_pdu_t *pdu) {
|
||||
|
||||
/* Need to check that we are not seeing this proxy in the return loop */
|
||||
if (pdu->data && opt == NULL) {
|
||||
- if (pdu->used_size + 1 <= pdu->max_size) {
|
||||
- char *a_match;
|
||||
- size_t data_len = pdu->used_size - (pdu->data - pdu->token);
|
||||
- pdu->data[data_len] = '\000';
|
||||
- a_match = strstr((char*)pdu->data, cp);
|
||||
- if (a_match && (a_match == (char*)pdu->data || a_match[-1] == ' ') &&
|
||||
- ((size_t)(a_match - (char*)pdu->data + len) == data_len ||
|
||||
- a_match[len] == ' ')) {
|
||||
- coap_log(LOG_WARNING, "Proxy loop detected '%s'\n",
|
||||
- (char*)pdu->data);
|
||||
- coap_delete_pdu(pdu);
|
||||
- return (coap_mid_t)COAP_DROPPED_RESPONSE;
|
||||
- }
|
||||
+ char *a_match;
|
||||
+ size_t data_len;
|
||||
+
|
||||
+ if (pdu->used_size + 1 > pdu->max_size) {
|
||||
+ /* No space */
|
||||
+ return (coap_mid_t)COAP_DROPPED_RESPONSE;
|
||||
+ }
|
||||
+ if (!coap_pdu_resize(pdu, pdu->used_size + 1)) {
|
||||
+ /* Internal error */
|
||||
+ return (coap_mid_t)COAP_DROPPED_RESPONSE;
|
||||
+ }
|
||||
+ data_len = pdu->used_size - (pdu->data - pdu->token);
|
||||
+ pdu->data[data_len] = '\000';
|
||||
+ a_match = strstr((char*)pdu->data, cp);
|
||||
+ if (a_match && (a_match == (char*)pdu->data || a_match[-1] == ' ') &&
|
||||
+ ((size_t)(a_match - (char*)pdu->data + len) == data_len ||
|
||||
+ a_match[len] == ' ')) {
|
||||
+ coap_log(LOG_WARNING, "Proxy loop detected '%s'\n",
|
||||
+ (char*)pdu->data);
|
||||
+ coap_delete_pdu(pdu);
|
||||
+ return (coap_mid_t)COAP_DROPPED_RESPONSE;
|
||||
}
|
||||
}
|
||||
if (pdu->used_size + len + 1 <= pdu->max_size) {
|
||||
--
|
||||
2.42.0
|
||||
|
@ -1,4 +1,4 @@
|
||||
# Locally calculated
|
||||
sha256 074a71deca01e06d3acb00a1416d0fbeb87d130f40a3c0f6fda3a5c711855dca libcoap-4.3.1.tar.gz
|
||||
sha256 ae61a48c21f7b40e1442c9e1da9aab9e6f2cf0deccb02f3fed4de232a0b0522e libcoap-4.3.4.tar.gz
|
||||
sha256 09dd86a017bad210527085008cbf706609c58210897b69845af14099577e7eb7 COPYING
|
||||
sha256 5711e8bf7e94b59fcf0681d0f73752111bc196563b60f8568f19dacd0213192b LICENSE
|
||||
sha256 bdd94ddd8e75010aebd045ead1c951110788003395c708811d6960248acb3891 LICENSE
|
||||
|
@ -4,7 +4,7 @@
|
||||
#
|
||||
################################################################################
|
||||
|
||||
LIBCOAP_VERSION = 4.3.1
|
||||
LIBCOAP_VERSION = 4.3.4
|
||||
LIBCOAP_SITE = $(call github,obgm,libcoap,v$(LIBCOAP_VERSION))
|
||||
LIBCOAP_INSTALL_STAGING = YES
|
||||
LIBCOAP_LICENSE = BSD-2-Clause
|
||||
@ -14,10 +14,6 @@ LIBCOAP_DEPENDENCIES = host-pkgconf
|
||||
LIBCOAP_CONF_OPTS = \
|
||||
--disable-examples --disable-examples-source --without-tinydtls
|
||||
LIBCOAP_AUTORECONF = YES
|
||||
# 0001-Backport-fix-for-CVE-2023-30362.patch
|
||||
LIBCOAP_IGNORE_CVES += CVE-2023-30362
|
||||
# Doesn't affect 4.3.1, see https://github.com/obgm/libcoap/issues/1117
|
||||
LIBCOAP_IGNORE_CVES += CVE-2023-35862
|
||||
|
||||
ifeq ($(BR2_PACKAGE_GNUTLS),y)
|
||||
LIBCOAP_DEPENDENCIES += gnutls
|
||||
|
Loading…
Reference in New Issue
Block a user