首頁 探索 說明
註冊 登入
PUBLIC_REPOS
/
buildroot
镜像来自 git://git.buildroot.net/buildroot
2
1
複刻 0
檔案
瀏覽代碼

package/libcoap: bump to version 4.3.4

- Drop patch (already in version)
- LIBCOAP_IGNORE_CVES is not needed after bump
- Update hash of license file: LGPL-2.1 added when RIOT support with
  https://github.com/obgm/libcoap/commit/8d869fff047d34a1c825ffc1bab5d3fde28c75b7

https://github.com/obgm/libcoap/blob/v4.3.4/ChangeLog
https://github.com/obgm/libcoap/compare/v4.3.1...v4.3.4

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Fabrice Fontaine 1 年之前
父節點
522f25ed42
當前提交
f5d88d8db3
共有 3 個文件被更改,包括 3 次插入66 次删除
統一視圖 顯示文件統計
  1. 0 59
      package/libcoap/0001-Backport-fix-for-CVE-2023-30362.patch
  2. 2 2
      package/libcoap/libcoap.hash
  3. 1 5
      package/libcoap/libcoap.mk

+ 0 - 59
package/libcoap/0001-Backport-fix-for-CVE-2023-30362.patch
查看文件 

@@ -1,59 +0,0 @@
 
-From c63ecbdc6b38cc7e571a72964fe9ca63834dcc89 Mon Sep 17 00:00:00 2001
 
-From: Jon Shallow <supjps-libcoap@jpshallow.com>
 
-Date: Wed, 6 Sep 2023 21:38:13 +0200
 
-Subject: [PATCH] Backport fix for CVE-2023-30362
 
-
 
-Upstream: https://github.com/obgm/libcoap/issues/1063#issuecomment-1626962307
 
-Signed-off-by: Daniel Lang <dalang@gmx.at>
 
----
 
- src/net.c | 34 +++++++++++++++++++++-------------
 
- 1 file changed, 21 insertions(+), 13 deletions(-)
 
-
 
-diff --git a/src/net.c b/src/net.c
 
-index 98859443..e259ab00 100644
 
---- a/src/net.c
 
-+++ b/src/net.c
 
-@@ -1305,19 +1305,27 @@ coap_send_internal(coap_session_t *session, coap_pdu_t *pdu) {
 
- 
-       /* Need to check that we are not seeing this proxy in the return loop */
 
-       if (pdu->data && opt == NULL) {
 
--        if (pdu->used_size + 1 <= pdu->max_size) {
 
--          char *a_match;
 
--          size_t data_len = pdu->used_size - (pdu->data - pdu->token);
 
--          pdu->data[data_len] = '\000';
 
--          a_match = strstr((char*)pdu->data, cp);
 
--          if (a_match && (a_match == (char*)pdu->data || a_match[-1] == ' ') &&
 
--              ((size_t)(a_match - (char*)pdu->data + len) == data_len ||
 
--               a_match[len] == ' ')) {
 
--            coap_log(LOG_WARNING, "Proxy loop detected '%s'\n",
 
--                     (char*)pdu->data);
 
--            coap_delete_pdu(pdu);
 
--            return (coap_mid_t)COAP_DROPPED_RESPONSE;
 
--          }
 
-+        char *a_match;
 
-+        size_t data_len;
 
-+
 
-+        if (pdu->used_size + 1 > pdu->max_size) {
 
-+          /* No space */
 
-+          return (coap_mid_t)COAP_DROPPED_RESPONSE;
 
-+        }
 
-+        if (!coap_pdu_resize(pdu, pdu->used_size + 1)) {
 
-+          /* Internal error */
 
-+          return (coap_mid_t)COAP_DROPPED_RESPONSE;
 
-+        }
 
-+        data_len = pdu->used_size - (pdu->data - pdu->token);
 
-+        pdu->data[data_len] = '\000';
 
-+        a_match = strstr((char*)pdu->data, cp);
 
-+        if (a_match && (a_match == (char*)pdu->data || a_match[-1] == ' ') &&
 
-+            ((size_t)(a_match - (char*)pdu->data + len) == data_len ||
 
-+             a_match[len] == ' ')) {
 
-+          coap_log(LOG_WARNING, "Proxy loop detected '%s'\n",
 
-+                   (char*)pdu->data);
 
-+          coap_delete_pdu(pdu);
 
-+          return (coap_mid_t)COAP_DROPPED_RESPONSE;
 
-         }
 
-       }
 
-       if (pdu->used_size + len + 1 <= pdu->max_size) {
 
--- 
-2.42.0
 
-

+ 2 - 2
package/libcoap/libcoap.hash
查看文件 

@@ -1,4 +1,4 @@
 
 # Locally calculated
 
 # Locally calculated
 
-sha256  074a71deca01e06d3acb00a1416d0fbeb87d130f40a3c0f6fda3a5c711855dca  libcoap-4.3.1.tar.gz
 
+sha256  ae61a48c21f7b40e1442c9e1da9aab9e6f2cf0deccb02f3fed4de232a0b0522e  libcoap-4.3.4.tar.gz
 
 sha256  09dd86a017bad210527085008cbf706609c58210897b69845af14099577e7eb7  COPYING
 
 sha256  09dd86a017bad210527085008cbf706609c58210897b69845af14099577e7eb7  COPYING
 
-sha256  5711e8bf7e94b59fcf0681d0f73752111bc196563b60f8568f19dacd0213192b  LICENSE
 
+sha256  bdd94ddd8e75010aebd045ead1c951110788003395c708811d6960248acb3891  LICENSE

+ 1 - 5
package/libcoap/libcoap.mk
查看文件 

@@ -4,7 +4,7 @@
 
 #
 
 #
 
 ################################################################################
 
 ################################################################################
 
 
 
-LIBCOAP_VERSION = 4.3.1
 
+LIBCOAP_VERSION = 4.3.4
 
 LIBCOAP_SITE = $(call github,obgm,libcoap,v$(LIBCOAP_VERSION))
 
 LIBCOAP_SITE = $(call github,obgm,libcoap,v$(LIBCOAP_VERSION))
 
 LIBCOAP_INSTALL_STAGING = YES
 
 LIBCOAP_INSTALL_STAGING = YES
 
 LIBCOAP_LICENSE = BSD-2-Clause
 
 LIBCOAP_LICENSE = BSD-2-Clause
 
@@ -14,10 +14,6 @@ LIBCOAP_DEPENDENCIES = host-pkgconf
 
 LIBCOAP_CONF_OPTS = \
 
 LIBCOAP_CONF_OPTS = \
 
 	--disable-examples --disable-examples-source --without-tinydtls
 
 	--disable-examples --disable-examples-source --without-tinydtls
 
 LIBCOAP_AUTORECONF = YES
 
 LIBCOAP_AUTORECONF = YES
 
-# 0001-Backport-fix-for-CVE-2023-30362.patch
 
-LIBCOAP_IGNORE_CVES += CVE-2023-30362
 
-# Doesn't affect 4.3.1, see https://github.com/obgm/libcoap/issues/1117
 
-LIBCOAP_IGNORE_CVES += CVE-2023-35862
 
 
 
 ifeq ($(BR2_PACKAGE_GNUTLS),y)
 
 ifeq ($(BR2_PACKAGE_GNUTLS),y)
 
 LIBCOAP_DEPENDENCIES += gnutls
 
 LIBCOAP_DEPENDENCIES += gnutls