From e8e6a1a82912790ede79ad91f0b16dc9c5a0090a Mon Sep 17 00:00:00 2001
From: Peter Marko <peter.marko@siemens.com>
Date: Fri, 16 Jan 2026 20:56:00 +0100
Subject: [PATCH] libcoap: set CVE version suffix

CVE metrics currently report CVE-2025-34468 as open.
CPE is <=4.3.5, while recipe version is 4.3.5a which is a higher
version, however by default cve-check only compares numbers.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 meta-networking/recipes-devtools/libcoap/libcoap_4.3.5a.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-networking/recipes-devtools/libcoap/libcoap_4.3.5a.bb b/meta-networking/recipes-devtools/libcoap/libcoap_4.3.5a.bb
index 1a8d7ed725..611795e17d 100644
--- a/meta-networking/recipes-devtools/libcoap/libcoap_4.3.5a.bb
+++ b/meta-networking/recipes-devtools/libcoap/libcoap_4.3.5a.bb
@@ -12,6 +12,8 @@ SRC_URI = "git://github.com/obgm/libcoap.git;branch=release-4.3.5-patches;protoc
            "
 SRCREV = "e3fdcdcfbd1588754fe9dd4b754ac9397260f0f9"
 
+# patch releases often use alphabetical suffixes
+CVE_VERSION_SUFFIX = "alphabetical"
 
 inherit autotools manpages pkgconfig ptest