Thanks, applied as 1f9952fe6180f339e9411a2ddfaf71c606aad9c8. Michael
[sent from post-receive hook] On Fri, 06 Feb 2026 09:56:15 +0100, Christian Melki <[email protected]> wrote: > https://github.com/libexpat/libexpat/blob/R_2_7_4/expat/Changes > > Plugs CVEs: > CVE-2026-24515: NULL dereference in XML_SetUnknownEncodingHandler > CVE-2026-25210: Integer overflow in function doContent > > * Fix options, libbsd support was removed. > > Signed-off-by: Christian Melki <[email protected]> > Message-Id: <[email protected]> > Signed-off-by: Michael Olbrich <[email protected]> > > diff --git a/rules/expat.make b/rules/expat.make > index 3f5979155709..1043bb232860 100644 > --- a/rules/expat.make > +++ b/rules/expat.make > @@ -16,8 +16,8 @@ PACKAGES-$(PTXCONF_EXPAT) += expat > # > # Paths and names > # > -EXPAT_VERSION := 2.7.3 > -EXPAT_MD5 := 3f1a65112ae997f8350de931b1e73df0 > +EXPAT_VERSION := 2.7.4 > +EXPAT_MD5 := d8c3327b7e10e75582873a0d97e7a538 > EXPAT := expat-$(EXPAT_VERSION) > EXPAT_SUFFIX := tar.bz2 > EXPAT_RELEASE := R_$(subst .,_,$(EXPAT_VERSION)) > @@ -45,7 +45,6 @@ EXPAT_CONF_OPT := \ > --without-xmlwf \ > --without-examples \ > --without-tests \ > - --without-libbsd \ > --with-getrandom \ > --without-sys-getrandom \ > --without-docbook
