From 70af49994fd84ac3d5bf0afbfa6aa5ce0ca950f6 Mon Sep 17 00:00:00 2001 From: Peter Korsgaard Date: Mon, 22 Jun 2026 09:11:10 +0200 Subject: [PATCH 1/2] package/jose: version bump to 15 Release notes: https://github.com/latchset/jose/releases/tag/v15 Signed-off-by: Peter Korsgaard Signed-off-by: Fiona Klute --- package/jose/jose.hash | 2 +- package/jose/jose.mk | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/package/jose/jose.hash b/package/jose/jose.hash index 0bee7f46e81..016807c3284 100644 --- a/package/jose/jose.hash +++ b/package/jose/jose.hash @@ -1,3 +1,3 @@ # Locally computed -sha256 cee329ef9fce97c4c025604a8d237092f619aaa9f6d35fdf9d8c9052bc1ff95b jose-14.tar.xz +sha256 1d055c445392aa48d709ecd6e56220384ae2b480496e270818bddf1f219c8659 jose-15.tar.xz sha256 09e8a9bcec8067104652c168685ab0931e7868f9c8284b66f5ae6edae5f1130b COPYING diff --git a/package/jose/jose.mk b/package/jose/jose.mk index 88050be5ed4..486765aa9ab 100644 --- a/package/jose/jose.mk +++ b/package/jose/jose.mk @@ -4,7 +4,7 @@ # ################################################################################ -JOSE_VERSION = 14 +JOSE_VERSION = 15 JOSE_SOURCE = jose-$(JOSE_VERSION).tar.xz JOSE_SITE = https://github.com/latchset/jose/releases/download/v$(JOSE_VERSION) JOSE_LICENSE = Apache-2.0 From 6b1f6f7a480765b3d6ca07691095035a8b899eaf Mon Sep 17 00:00:00 2001 From: Bernd Kuhls Date: Thu, 25 Jun 2026 23:24:06 +0200 Subject: [PATCH 2/2] package/expat: security bump version to 2.8.2 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit https://github.com/libexpat/libexpat/blob/R_2_8_2/expat/Changes https://blog.hartwork.org/posts/expat-2-8-2-released/ Fixes the following CVEs: CVE-2026-50219 — missing control flow integrity checks CVE-2026-56131 — missing control flow integrity checks CVE-2026-56132 — out-of-bounds write CVE-2026-56403 — integer overflow CVE-2026-56404 — integer overflow CVE-2026-56405 — integer overflow CVE-2026-56406 — integer overflow CVE-2026-56407 — integer overflow CVE-2026-56408 — integer overflow CVE-2026-56409 — integer overflow CVE-2026-56410 — integer overflow CVE-2026-56411 — integer overflow CVE-2026-56412 — missing control flow integrity checks Signed-off-by: Bernd Kuhls Signed-off-by: Fiona Klute --- package/expat/expat.hash | 4 ++-- package/expat/expat.mk | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/package/expat/expat.hash b/package/expat/expat.hash index 5d34adfc8db..20871333828 100644 --- a/package/expat/expat.hash +++ b/package/expat/expat.hash @@ -1,4 +1,4 @@ -# From https://github.com/libexpat/libexpat/releases/tag/R_2_8_1 -sha256 10b195ee78160a908388180a8fe3603d4e9a12f4755fbf5f3816b23a9d750da0 expat-2.8.1.tar.xz +# From https://github.com/libexpat/libexpat/releases/tag/R_2_8_2 +sha256 3ad89b8588e6644bd4e49981480d48b21289eebbcd4f0a1a4afb1c29f99b6ab4 expat-2.8.2.tar.xz # Locally calculated sha256 31b15de82aa19a845156169a17a5488bf597e561b2c318d159ed583139b25e87 COPYING diff --git a/package/expat/expat.mk b/package/expat/expat.mk index 3b529c3390b..fb25a4a47b9 100644 --- a/package/expat/expat.mk +++ b/package/expat/expat.mk @@ -4,7 +4,7 @@ # ################################################################################ -EXPAT_VERSION = 2.8.1 +EXPAT_VERSION = 2.8.2 EXPAT_SITE = https://github.com/libexpat/libexpat/releases/download/R_$(subst .,_,$(EXPAT_VERSION)) EXPAT_SOURCE = expat-$(EXPAT_VERSION).tar.xz EXPAT_INSTALL_STAGING = YES