package/expat: security bump to version 2.5.0

Expat 2.5.0 has been released earlier today. Most importantly, this
release fixes CVE-2022-43680: a heap use-after-free vulnerability after
overeager destruction of a shared DTD in function
XML_ExternalEntityParserCreate in out-of-memory situations, with
expected impact of denial of service or potentially arbitrary code
execution.

https://blog.hartwork.org/posts/expat-2-5-0-released
https://github.com/libexpat/libexpat/blob/R_2_5_0/expat/Changes

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 26ec7c4d02)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/expat/expat.hash

@@ -1,7 +1,7 @@
-# From https://sourceforge.net/projects/expat/files/expat/2.4.9/
-md5  8d7fcf7d02d08bf79d9ae5c21cc72c03  expat-2.4.9.tar.xz
-sha1  be91118bc495ce49b04a3fd0f27df2fb5a843e9b  expat-2.4.9.tar.xz
+# From https://sourceforge.net/projects/expat/files/expat/2.5.0/
+md5  ac6677b6d1b95d209ab697ce8b688704  expat-2.5.0.tar.xz
+sha1  5178e13c1e34f4643d5118d5758babfe0e836fe2  expat-2.5.0.tar.xz
 
 # Locally calculated
-sha256  6e8c0728fe5c7cd3f93a6acce43046c5e4736c7b4b68e032e9350daa0efc0354  expat-2.4.9.tar.xz
+sha256  ef2420f0232c087801abf705e89ae65f6257df6b7931d37846a193ef2e8cdcbe  expat-2.5.0.tar.xz
 sha256  122f2c27000472a201d337b9b31f7eb2b52d091b02857061a8880371612d9534  COPYING

package/expat/expat.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-EXPAT_VERSION = 2.4.9
+EXPAT_VERSION = 2.5.0
 EXPAT_SITE = http://downloads.sourceforge.net/project/expat/expat/$(EXPAT_VERSION)
 EXPAT_SOURCE = expat-$(EXPAT_VERSION).tar.xz
 EXPAT_INSTALL_STAGING = YES