Bundles vulnerable copy of Expat - please update to 2.2.5

[hartwork]

Hi!

This repository bundles an outdated vulnerable copy of Expat 2.0.1. Please update your copy to version 2.2.4 with the latest security fixes. A change log with details is available at https://github.com/libexpat/libexpat/blob/master/expat/Changes . Thank you!

Best

 
Sebastian

[hartwork]

Any news or issues with updating?

[RemiArnaud]

Is there a pull request?

[hartwork]

Not that I knew, no. For someone to make some, understanding of OpenCOLLADAs build system, the list of supported platforms and compilers, and a bit of time is needed.

[RemiArnaud]

Nope you don't need to compile anything yourself.

You can submit a PR and jenkins will build for us. It would be way to much work for anybody to compile for all those versions of all those tools for all those platforms....

Hopefully upgrading the library won't break the build. Otherwise, we'd have something to start with.

[hartwork]

You would still need to inspect the build system so that detection of high entropy sources like getrandom is done somewhere if you don't use nested configure and so on, the new EXPAT_ENTROPY_DEBUG=1 may be handy for debugging. I'm happy to help with any issues or questions that you run into in the process.