Expat 2.2.2 released
July 13, 2017
Submitted by Sebastian Pipping.
A few weeks after release 2.2.1 of the free software XML parsing library Expat, version 2.2.2 now improves on few rough edges (mostly related to compilation) but also fixes security issues.
Windows binaries compiled with _UNICODE
now use proper entropy for
seeding the SipHash algorithm.
On Unix-like platforms, accidentally missing out
on high quality entropy sources is now prevented from going unnoticed:
It would happen when some other build system than the configure script
was used, e.g. the shipped CMake one or when the source code was copied
into some parent project's build system without paying attention to the
new compile flags (that the configure script would auto-detect for you). After
some struggle with a decision about
C99,
Expat requires a C99 compiler
now; 18 years after its definition, that's a defendable move. The
uint64_t
type and ULL
integer literals
(unsigned long long
) for SipHash made us move.
Expat would like to thank the community for the bug reports and patches that went into Expat 2.2.2. If you maintain a bundled copy of Expat somewhere, please make sure it gets updated.
Sebastian Pipping
for the Expat development team