package/expat: security bump version to 2.6.3
Changelog:
https://github.com/libexpat/libexpat/blob/R_2_6_3/expat/Changes
Fixes CVE-2024-45490, CVE-2024-45491 & CVE-2024-45492.
Follow upstream switch of project repository to github:
https://sourceforge.net/p/expat/news/2022/01/project-moved-to-github/
Signed-off-by: Bernd Kuhls <bernd@kuhls.net>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
diff --git a/package/expat/Config.in b/package/expat/Config.in
index 758fb7d..c227912 100644
--- a/package/expat/Config.in
+++ b/package/expat/Config.in
@@ -3,4 +3,4 @@
help
The Expat XML Parser.
- http://expat.sourceforge.net
+ https://libexpat.github.io/
diff --git a/package/expat/expat.hash b/package/expat/expat.hash
index 63890b5..e40b250 100644
--- a/package/expat/expat.hash
+++ b/package/expat/expat.hash
@@ -1,7 +1,3 @@
-# From https://sourceforge.net/projects/expat/files/expat/2.6.2/
-md5 0cb75c8feb842c0794ba89666b762a2d expat-2.6.1.tar.xz
-sha1 d9e5f953dcacda3c9e69b4886382c3d8847b81bd expat-2.6.1.tar.xz
-
# Locally calculated
-sha256 ee14b4c5d8908b1bec37ad937607eab183d4d9806a08adee472c3c3121d27364 expat-2.6.2.tar.xz
+sha256 274db254a6979bde5aad404763a704956940e465843f2a9bd9ed7af22e2c0efc expat-2.6.3.tar.xz
sha256 122f2c27000472a201d337b9b31f7eb2b52d091b02857061a8880371612d9534 COPYING
diff --git a/package/expat/expat.mk b/package/expat/expat.mk
index c6b7fc8..f5c6175 100644
--- a/package/expat/expat.mk
+++ b/package/expat/expat.mk
@@ -4,8 +4,8 @@
#
################################################################################
-EXPAT_VERSION = 2.6.2
-EXPAT_SITE = http://downloads.sourceforge.net/project/expat/expat/$(EXPAT_VERSION)
+EXPAT_VERSION = 2.6.3
+EXPAT_SITE = https://github.com/libexpat/libexpat/releases/download/R_$(subst .,_,$(EXPAT_VERSION))
EXPAT_SOURCE = expat-$(EXPAT_VERSION).tar.xz
EXPAT_INSTALL_STAGING = YES
EXPAT_LICENSE = MIT
