fix(coap): Update to libcoap v4.3.5a (IEC-430)

[mrdeep1]

Checklist

• Component contains License
• Component contains README.md
• Component contains idf_component.yml file with url field defined
• Component was added to upload job
• Component was added to build job
• Optional: Component contains unit tests
• CI passing

Change description

Fixes some critical issues.

[mahavirj]

@mrdeep1

Thanks for raising this PR.

I see more CVEs in the vulnerability scan for current coap version:

cd idf-extra-components
esp-idf-sbom manifest check --name --local-db   coap/

...snip...

CVE-2025-65493
CVE-2025-65494
CVE-2025-65495
CVE-2025-65496
CVE-2025-65497
CVE-2025-65498
CVE-2025-65499
CVE-2025-65500
CVE-2025-65501

Could you please check these CVEs once? Any plans to release a new bugfix version update to coap library?

[mrdeep1]

@mahavirj Thanks for picking up on these CVEs which have been raised in the last few days. I was not informed that they were being raised, but they are fixed in the patch code I had submitted.

As there is an issue in GnuTLS (not relevant to Espressif) which is not fixed in libcoap branch release-4.3.5-patches, I will get this included and update this PR with the updated libcoap code. There is an additional MbedTLS fix which I will include as well.

Is there something I need to do to fix the 4 build failures?

It does look like you need to add to the GitHub workflow .github/workflows/build_and_run_apps.yml

git config --global --add safe.directory /__w/idf-extra-components/idf-extra-components

but this is not the issue with the builds.

[mrdeep1]

Is this the build issue ?

2025-11-26T13:43:01.4740019Z   WARNING: The following Kconfig variables were used in "if" clauses, but not
2025-11-26T13:43:01.4740409Z   found in any Kconfig file:
2025-11-26T13:43:01.4740587Z 
2025-11-26T13:43:01.4740813Z       ETHERNET_PHY_USE_DP83848, introduced by espressif/dp83848, defined in (unknown)
2025-11-26T13:43:01.4741334Z       ETHERNET_PHY_USE_IP101, introduced by espressif/ip101, defined in (unknown)
2025-11-26T13:43:01.4741839Z       ETHERNET_PHY_USE_KSZ80XX, introduced by espressif/ksz80xx, defined in (unknown)
2025-11-26T13:43:01.4742362Z       ETHERNET_PHY_USE_LAN867X, introduced by espressif/lan867x, defined in (unknown)
2025-11-26T13:43:01.4742869Z       ETHERNET_PHY_USE_LAN87XX, introduced by espressif/lan87xx, defined in (unknown)
2025-11-26T13:43:01.4743382Z       ETHERNET_PHY_USE_RTL8201, introduced by espressif/rtl8201, defined in (unknown)
2025-11-26T13:43:01.4743879Z       ETHERNET_SPI_USE_CH390, introduced by espressif/ch390, defined in (unknown)
2025-11-26T13:43:01.4744366Z       ETHERNET_SPI_USE_DM9051, introduced by espressif/dm9051, defined in (unknown)
2025-11-26T13:43:01.4744888Z       ETHERNET_SPI_USE_ENC28J60, introduced by espressif/enc28j60, defined in (unknown)
2025-11-26T13:43:01.4745437Z       ETHERNET_SPI_USE_KSZ8851SNL, introduced by espressif/ksz8851snl, defined in (unknown)
2025-11-26T13:43:01.4745965Z       ETHERNET_SPI_USE_LAN865X, introduced by espressif/lan865x, defined in (unknown)
2025-11-26T13:43:01.4746377Z       ETHERNET_SPI_USE_W5500, introduced by espressif/w5500, defined in (unknown)

[mahavirj]

Is this the build issue ?

2025-11-26T13:43:01.4740019Z   WARNING: The following Kconfig variables were used in "if" clauses, but not
2025-11-26T13:43:01.4740409Z   found in any Kconfig file:
2025-11-26T13:43:01.4740587Z 
2025-11-26T13:43:01.4740813Z       ETHERNET_PHY_USE_DP83848, introduced by espressif/dp83848, defined in (unknown)
2025-11-26T13:43:01.4741334Z       ETHERNET_PHY_USE_IP101, introduced by espressif/ip101, defined in (unknown)
2025-11-26T13:43:01.4741839Z       ETHERNET_PHY_USE_KSZ80XX, introduced by espressif/ksz80xx, defined in (unknown)
2025-11-26T13:43:01.4742362Z       ETHERNET_PHY_USE_LAN867X, introduced by espressif/lan867x, defined in (unknown)
2025-11-26T13:43:01.4742869Z       ETHERNET_PHY_USE_LAN87XX, introduced by espressif/lan87xx, defined in (unknown)
2025-11-26T13:43:01.4743382Z       ETHERNET_PHY_USE_RTL8201, introduced by espressif/rtl8201, defined in (unknown)
2025-11-26T13:43:01.4743879Z       ETHERNET_SPI_USE_CH390, introduced by espressif/ch390, defined in (unknown)
2025-11-26T13:43:01.4744366Z       ETHERNET_SPI_USE_DM9051, introduced by espressif/dm9051, defined in (unknown)
2025-11-26T13:43:01.4744888Z       ETHERNET_SPI_USE_ENC28J60, introduced by espressif/enc28j60, defined in (unknown)
2025-11-26T13:43:01.4745437Z       ETHERNET_SPI_USE_KSZ8851SNL, introduced by espressif/ksz8851snl, defined in (unknown)
2025-11-26T13:43:01.4745965Z       ETHERNET_SPI_USE_LAN865X, introduced by espressif/lan865x, defined in (unknown)
2025-11-26T13:43:01.4746377Z       ETHERNET_SPI_USE_W5500, introduced by espressif/w5500, defined in (unknown)

Added workaround for this in #628. Please rebase your PR.

[mahavirj]

This should not be required, protocol_examples_common should internally pull in this dependency. Are you getting some build error without this change?

[mrdeep1]

I was getting a local build error complaining that espressif__ethernet_init was not available. So I did a idf.py add-dependency espressif/ethernet_init which updated the idf_component.yml file (did it for both coap_client and coap_server) with their current changes.

However, reverting back to master I no longer get the issue, but it may be that another file was touched when doing idf.py add-dependency espressif/ethernet_init.

At some point I did python /home/jon/esp/esp-idf/tools/idf_tools.py uninstall as recommended to clean up some clutter, but this was before doing the idf.py add-dependency espressif/ethernet_init.

[mrdeep1]

Removing espressif/ethernet_init: '*' makes no difference, so I will remove them now.

[mrdeep1]

I did bump version in coap/idf_component.yml later on - which could have been after I did idf.py add-dependency espressif/ethernet_init.