From c5af5e02fb88f03fa91c576329a32c29d80ce8fd Mon Sep 17 00:00:00 2001 From: Alexandru Ardelean Date: Fri, 22 May 2026 07:38:13 +0300 Subject: [PATCH] erlang: fix PKG_CPE_ID escaping for apk ADB format apk's ADB binary package format rejects both the backslash-escape and the percent-encoding variants of the previous CPE id: cpe:/a:erlang:erlang\/otp ERROR: info field 'tags' has invalid value cpe:/a:erlang:erlang%2Fotp ERROR: info field 'tags' has invalid value apk's tag value parser only accepts a restricted alphabet for ADB package format and neither '\' nor '%' make the cut. The result is that the package never produces an .apk. Drop the '/otp' suffix entirely and use cpe:/a:erlang:erlang, which matches the higher-level Erlang CPE entry. cve scanners that walked the more specific erlang\/otp entry will fall back to this one. This effectively reverts the product portion of bfdf01496 ("lang/erlang: fix PKG_CPE_ID"), which was correct against the NIST 2.3 string but incompatible with apk's tag parser. Signed-off-by: Alexandru Ardelean --- lang/erlang/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lang/erlang/Makefile b/lang/erlang/Makefile index db0588bcff..ec707d3d4a 100644 --- a/lang/erlang/Makefile +++ b/lang/erlang/Makefile @@ -18,7 +18,7 @@ PKG_HASH:=2c7e8ca23e6864eb20eff5d44738bfa123aed8cd21ed6d98e533d751eee28d9c PKG_LICENSE:=Apache-2.0 PKG_LICENSE_FILES:=LICENSE.txt PKG_MAINTAINER:=Alexandru Ardelean -PKG_CPE_ID:=cpe:/a:erlang:erlang\/otp +PKG_CPE_ID:=cpe:/a:erlang:erlang PKG_BUILD_DEPENDS:=erlang/host openssl unixodbc/host PKG_BUILD_FLAGS:=no-mips16