From 0591348b3d7a699f6fc95a6b59d83476abcd8797 Mon Sep 17 00:00:00 2001 From: Josef Schlehofer Date: Mon, 6 Jan 2020 18:50:39 +0100 Subject: [PATCH] tools/expat: Update to version 2.2.9 Fixes two CVEs: - CVE-2019-15903 (Fix heap overflow triggered by XML_GetCurrentLineNumber) - CVE-2018-20843 (Fix extraction of namespace prefixes from XML names) Signed-off-by: Josef Schlehofer (cherry picked from commit b4af2c689fc8736777940b7bbf009bb1672296ec) --- tools/expat/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/expat/Makefile b/tools/expat/Makefile index 54527a7d0a..de7f2a0deb 100644 --- a/tools/expat/Makefile +++ b/tools/expat/Makefile @@ -9,10 +9,10 @@ include $(TOPDIR)/rules.mk PKG_NAME:=expat PKG_CPE_ID:=cpe:/a:libexpat:expat -PKG_VERSION:=2.2.5 +PKG_VERSION:=2.2.9 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 -PKG_HASH:=d9dc32efba7e74f788fcc4f212a43216fc37cf5f23f4c2339664d473353aedf6 +PKG_HASH:=f1063084dc4302a427dabcca499c8312b3a32a29b7d2506653ecc8f950a9a237 PKG_SOURCE_URL:=@SF/expat HOST_BUILD_PARALLEL:=1 -- 2.25.1