mirror of
https://github.com/openwrt/packages.git
synced 2026-05-31 06:51:51 +08:00
erlang: fix PKG_CPE_ID escaping for apk ADB format
apk's ADB binary package format rejects both the backslash-escape and
the percent-encoding variants of the previous CPE id:
cpe:/a:erlang:erlang\/otp ERROR: info field 'tags' has invalid value
cpe:/a:erlang:erlang%2Fotp ERROR: info field 'tags' has invalid value
apk's tag value parser only accepts a restricted alphabet for ADB
package format and neither '\' nor '%' make the cut. The result is
that the package never produces an .apk.
Drop the '/otp' suffix entirely and use cpe:/a:erlang:erlang, which
matches the higher-level Erlang CPE entry. cve scanners that walked
the more specific erlang\/otp entry will fall back to this one.
This effectively reverts the product portion of bfdf01496 ("lang/erlang:
fix PKG_CPE_ID"), which was correct against the NIST 2.3 string but
incompatible with apk's tag parser.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
This commit is contained in:
Alexandru Ardelean
committed by
Alexandru Ardelean
Alexandru Ardelean
parent
68de1450cc
commit
c5af5e02fb
@@ -18,7 +18,7 @@ PKG_HASH:=2c7e8ca23e6864eb20eff5d44738bfa123aed8cd21ed6d98e533d751eee28d9c
|
||||
PKG_LICENSE:=Apache-2.0
|
||||
PKG_LICENSE_FILES:=LICENSE.txt
|
||||
PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
|
||||
PKG_CPE_ID:=cpe:/a:erlang:erlang\/otp
|
||||
PKG_CPE_ID:=cpe:/a:erlang:erlang
|
||||
|
||||
PKG_BUILD_DEPENDS:=erlang/host openssl unixodbc/host
|
||||
PKG_BUILD_FLAGS:=no-mips16
|
||||
|
||||
Reference in New Issue
Block a user