diff --git a/CVE-2018-20843.patch b/CVE-2018-20843.patch
deleted file mode 100644
index 68036c9..0000000
--- a/CVE-2018-20843.patch
+++ /dev/null
@@ -1,24 +0,0 @@
-From 11f8838bf99ea0a6f0b76f9760c43704d00c4ff6 Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping <sebastian@pipping.org>
-Date: Wed, 12 Jun 2019 15:42:22 +0200
-Subject: [PATCH] xmlparse.c: Fix extraction of namespace prefix from XML name
- (#186)
-
----
- expat/lib/xmlparse.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index c4f3ffc..f4506b0 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -6080,7 +6080,7 @@ setElementTypePrefix(XML_Parser parser, ELEMENT_TYPE *elementType)
-       else
-         poolDiscard(&dtd->pool);
-       elementType->prefix = prefix;
--
-+      break;
-     }
-   }
-   return 1;
-
diff --git a/CVE-2019-15903.patch b/CVE-2019-15903.patch
deleted file mode 100644
index a66b4b1..0000000
--- a/CVE-2019-15903.patch
+++ /dev/null
@@ -1,112 +0,0 @@
-From c20b758c332d9a13afbbb276d30db1d183a85d43 Mon Sep 17 00:00:00 2001
-From: Sebastian Pipping <sebastian@pipping.org>
-Date: Wed, 28 Aug 2019 00:24:59 +0200
-Subject: [PATCH 189/286] xmlparse.c: Deny internal entities closing the
- doctype
-
----
- expat/lib/xmlparse.c | 20 +++++++++++++-------
- 1 file changed, 13 insertions(+), 7 deletions(-)
-
-diff --git a/lib/xmlparse.c b/lib/xmlparse.c
-index f4506b0..3df4347 100644
---- a/lib/xmlparse.c
-+++ b/lib/xmlparse.c
-@@ -412,9 +412,10 @@ processXmlDecl(XML_Parser parser, int isGeneralTextEntity,
- static enum XML_Error
- initializeEncoding(XML_Parser parser);
- static enum XML_Error
--doProlog(XML_Parser parser, const ENCODING *enc, const char *s,
--         const char *end, int tok, const char *next, const char **nextPtr,
--         XML_Bool haveMore);
-+doProlog(XML_Parser parser, const ENCODING *enc,
-+         const char *s, const char *end, int tok,
-+         const char *next, const char **nextPtr,
-+         XML_Bool haveMore, XML_Bool allowClosingDoctype);
- static enum XML_Error
- processInternalEntity(XML_Parser parser, ENTITY *entity,
-                       XML_Bool betweenDecl);
-@@ -4240,8 +4241,8 @@ externalParEntProcessor(XML_Parser parser,
-   }
- 
-   parser->m_processor = prologProcessor;
--  return doProlog(parser, parser->m_encoding, s, end, tok, next,
--                  nextPtr, (XML_Bool)!parser->m_parsingStatus.finalBuffer);
-+  return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr,
-+                  (XML_Bool)!parser->m_parsingStatus.finalBuffer, XML_TRUE);
- }
- 
- static enum XML_Error PTRCALL
-@@ -4290,20 +4291,14 @@ prologProcessor(XML_Parser parser,
- {
-   const char *next = s;
-   int tok = XmlPrologTok(parser->m_encoding, s, end, &next);
--  return doProlog(parser, parser->m_encoding, s, end, tok, next,
--                  nextPtr, (XML_Bool)!parser->m_parsingStatus.finalBuffer);
-+  return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr,
-+                  (XML_Bool)!parser->m_parsingStatus.finalBuffer, XML_TRUE);
- }
- 
- static enum XML_Error
--doProlog(XML_Parser parser,
--         const ENCODING *enc,
--         const char *s,
--         const char *end,
--         int tok,
--         const char *next,
--         const char **nextPtr,
--         XML_Bool haveMore)
--{
-+doProlog(XML_Parser parser, const ENCODING *enc, const char *s, const char *end,
-+         int tok, const char *next, const char **nextPtr, XML_Bool haveMore,
-+         XML_Bool allowClosingDoctype) {
- #ifdef XML_DTD
-   static const XML_Char externalSubsetName[] = { ASCII_HASH , '\0' };
- #endif /* XML_DTD */
-@@ -4481,6 +4476,11 @@ doProlog(XML_Parser parser,
-       }
-       break;
-     case XML_ROLE_DOCTYPE_CLOSE:
-+      if (allowClosingDoctype != XML_TRUE) {
-+        /* Must not close doctype from within expanded parameter entities */
-+        return XML_ERROR_INVALID_TOKEN;
-+      }
-+
-       if (parser->m_doctypeName) {
-         parser->m_startDoctypeDeclHandler(parser->m_handlerArg, parser->m_doctypeName,
-                                 parser->m_doctypeSysid, parser->m_doctypePubid, 0);
-@@ -5417,8 +5417,8 @@ processInternalEntity(XML_Parser parser, ENTITY *entity,
- #ifdef XML_DTD
-   if (entity->is_param) {
-     int tok = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next);
--    result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, tok,
--                      next, &next, XML_FALSE);
-+    result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd,
-+                      tok, next, &next, XML_FALSE, XML_FALSE);
-   }
-   else
- #endif /* XML_DTD */
-@@ -5464,8 +5464,8 @@ internalEntityProcessor(XML_Parser parser,
- #ifdef XML_DTD
-   if (entity->is_param) {
-     int tok = XmlPrologTok(parser->m_internalEncoding, textStart, textEnd, &next);
--    result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd, tok,
--                      next, &next, XML_FALSE);
-+    result = doProlog(parser, parser->m_internalEncoding, textStart, textEnd,
-+                      tok, next, &next, XML_FALSE, XML_TRUE);
-   }
-   else
- #endif /* XML_DTD */
-@@ -5492,7 +5492,7 @@ internalEntityProcessor(XML_Parser parser,
-     parser->m_processor = prologProcessor;
-     tok = XmlPrologTok(parser->m_encoding, s, end, &next);
-     return doProlog(parser, parser->m_encoding, s, end, tok, next, nextPtr,
--                    (XML_Bool)!parser->m_parsingStatus.finalBuffer);
-+                    (XML_Bool)!parser->m_parsingStatus.finalBuffer, XML_TRUE);
-   }
-   else
- #endif /* XML_DTD */
----
-2.19.1
-
-
diff --git a/expat-2.2.6.tar.gz b/expat-2.2.6.tar.gz
deleted file mode 100644
index 75aac46..0000000
Binary files a/expat-2.2.6.tar.gz and /dev/null differ
diff --git a/expat-2.2.9.tar.gz b/expat-2.2.9.tar.gz
new file mode 100644
index 0000000..725490b
Binary files /dev/null and b/expat-2.2.9.tar.gz differ
diff --git a/expat.spec b/expat.spec
index 74543ba..d8c8ac4 100644
--- a/expat.spec
+++ b/expat.spec
@@ -1,13 +1,11 @@
 %define Rversion %(echo %{version} | sed -e 's/\\./_/g' -e 's/^/R_/')
 Name:           expat
-Version:        2.2.6
-Release:        5
+Version:        2.2.9
+Release:        1
 Summary:        An XML parser library
 License:        MIT
 URL:            https://libexpat.github.io/
 Source0:        https://github.com/libexpat/libexpat/releases/download/%{Rversion}/expat-%{version}.tar.gz
-Patch6000:      CVE-2018-20843.patch
-Patch6001:      CVE-2019-15903.patch
 
 BuildRequires:  sed,autoconf,automake,gcc-c++,libtool,xmlto
 
@@ -25,7 +23,7 @@ This package provides with static libraries and  header files for developing wit
 %package_help
 
 %prep
-%autosetup -p1 -n libexpat-%{Rversion}/expat
+%autosetup -p1
 
 autoreconf -fiv
 %build
@@ -60,6 +58,12 @@ make check
 %{_mandir}/man1/*
 
 %changelog
+* Mon May 11 2020 openEuler Buildteam <buildteam@openeuler.org> - 2.2.9-1
+- Type:requirement
+- ID:NA
+- SUG:NA
+- DESC:update to 2.2.9
+
 * Mon Oct 21 2019 shenyangyang <shenyangyang4@huawei.com> - 2.2.6-5
 - Type:NA
 - ID:NA