package/expat: security bump to version 2.2.7

Fixes the following security vulnerabilites: CVE-2018-20843: In libexpat in Expat before 2.2.7, XML input including XML names that contain a large number of colons could make the XML parser consume a high amount of RAM and CPU resources while processing (enough to be usable for denial-of-service attacks). Signed-off-by: Peter Korsgaard <peter@korsgaard.com> Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-06-28 15:26:13 +02:00 · 2019-06-28 15:26:13 +02:00 · 84fd08cf4f
commit 84fd08cf4f
parent cdbb3ced00
2 changed files with 5 additions and 5 deletions
--- a/package/expat/expat.hash
+++ b/package/expat/expat.hash
@ -1,7 +1,7 @@
-# From https://sourceforge.net/projects/expat/files/expat/2.2.6/
-md5	ca047ae951b40020ac831c28859161b2		expat-2.2.6.tar.bz2
-sha1	c8947fc3119a797b55485f2f7bdaaeb49cc9df01	expat-2.2.6.tar.bz2
+# From https://sourceforge.net/projects/expat/files/expat/2.2.7/
+md5	72f36b87cdb478aba1e78473393766aa		expat-2.2.7.tar.bz2
+sha1	9c8a268211e3f1ae31c4d550e5be7708973ec6a6	expat-2.2.7.tar.bz2

 # Locally calculated
-sha256	17b43c2716d521369f82fc2dc70f359860e90fa440bea65b3b85f0b246ea81f2	expat-2.2.6.tar.bz2
+sha256	cbc9102f4a31a8dafd42d642e9a3aa31e79a0aedaa1f6efd2795ebc83174ec18	expat-2.2.7.tar.bz2
 sha256	46336ab2fec900803e2f1a4253e325ac01d998efb09bc6906651f7259e636f76	COPYING
--- a/package/expat/expat.mk
+++ b/package/expat/expat.mk
@ -4,7 +4,7 @@
 #
 ################################################################################

-EXPAT_VERSION = 2.2.6
+EXPAT_VERSION = 2.2.7
 EXPAT_SITE = http://downloads.sourceforge.net/project/expat/expat/$(EXPAT_VERSION)
 EXPAT_SOURCE = expat-$(EXPAT_VERSION).tar.bz2
 EXPAT_INSTALL_STAGING = YES