The Apache Haus Forum

Forum Topics => Apache 2.4 => Topic started by: Jan-E on October 07, 2017, 04:01:07 AM

Title: Building Expat 2.2.4 for VC9/VC11
Post by: Jan-E on October 07, 2017, 04:01:07 AM
In the release-notes you stated:
Expat went C99 coding style in one file and doesn't build on VC versions below 12 which is why the difference. That said, Expat version 2.2.3 was a security release fixing CVE-2017-11742 DLL hijacking vulnerability in Windows and 2.2.4 just has one other minor bug fix.

I tried to build Expat 2.2.4 for lower VC-versions and it looks like I succeeded. The libexpat devs are using Appveyor to build a shared expat.lib + expat.dll for VC's as low as VC10. I changed their Appveyor.yml a bit:
The results can be found at

The expat.lib and the project files can be downloaded as artifact. For instance, the VC11 x64 lib is here:

The only thing I could not achieve with Appveyor is a v2.2.4 VC9 x64 build. But using the same commands I did that locally and added the project-files and the expat.lib to my repo. The expat.lib is here:

I did not test the resulting lib's with Apache 2.4.28 yet, but the first steps are promising.
Title: Re: Building Expat 2.2.4 for VC9/VC11
Post by: Gregg on October 07, 2017, 10:35:09 PM
The problems will be fixed in 2.2.5 with commits e0b290eb ( and b4b89c2 (

I have run into b4b89c2 and others on many 3rd-party modules so my VC versions less than 12 have custom headers in VC's include folder for stdbool, stdint, etc, depending on what's missing per VC version.

That said APR-util compiles in the static library so CVE-2017-11742 doesn't really exist for us I don't think.