diff --git a/expat-alloc-size.patch b/expat-alloc-size.patch
new file mode 100644
index 0000000..867b7d3
--- /dev/null
+++ b/expat-alloc-size.patch
@@ -0,0 +1,36 @@
+--- lib/expat.h.orig
++++ lib/expat.h
+@@ -941,9 +941,13 @@ XML_FreeContentModel(XML_Parser parser,
+ 
+ /* Exposing the memory handling functions used in Expat */
+ XMLPARSEAPI(void *)
++XML_ATTR_MALLOC
++XML_ATTR_ALLOC_SIZE(2)
+ XML_MemMalloc(XML_Parser parser, size_t size);
+ 
+ XMLPARSEAPI(void *)
++XML_ATTR_MALLOC
++XML_ATTR_ALLOC_SIZE(3)
+ XML_MemRealloc(XML_Parser parser, void *ptr, size_t size);
+ 
+ XMLPARSEAPI(void)
+--- lib/expat_external.h.orig
++++ lib/expat_external.h
+@@ -74,6 +74,17 @@
+ #define XMLIMPORT
+ #endif
+ 
++#if defined(__GNUC__) && (__GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 96))
++#define XML_ATTR_MALLOC __attribute__((__malloc__))
++#else
++#define XML_ATTR_MALLOC
++#endif
++
++#if defined(__GNUC__) && ((__GNUC__ > 4) || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3))
++#define XML_ATTR_ALLOC_SIZE(x)  __attribute__((__alloc_size__(x)))
++#else
++#define XML_ATTR_ALLOC_SIZE(x)
++#endif
+ 
+ #define XMLPARSEAPI(type) XMLIMPORT type XMLCALL
+ 
diff --git a/expat-visibility.patch b/expat-visibility.patch
new file mode 100644
index 0000000..869ad6d
--- /dev/null
+++ b/expat-visibility.patch
@@ -0,0 +1,135 @@
+--- /dev/null
++++ conftools/visibility.m4
+@@ -0,0 +1,77 @@
++# visibility.m4 serial 4 (gettext-0.18.2)
++dnl Copyright (C) 2005, 2008, 2010-2011 Free Software Foundation, Inc.
++dnl This file is free software; the Free Software Foundation
++dnl gives unlimited permission to copy and/or distribute it,
++dnl with or without modifications, as long as this notice is preserved.
++
++dnl From Bruno Haible.
++
++dnl Tests whether the compiler supports the command-line option
++dnl -fvisibility=hidden and the function and variable attributes
++dnl __attribute__((__visibility__("hidden"))) and
++dnl __attribute__((__visibility__("default"))).
++dnl Does *not* test for __visibility__("protected") - which has tricky
++dnl semantics (see the 'vismain' test in glibc) and does not exist e.g. on
++dnl MacOS X.
++dnl Does *not* test for __visibility__("internal") - which has processor
++dnl dependent semantics.
++dnl Does *not* test for #pragma GCC visibility push(hidden) - which is
++dnl "really only recommended for legacy code".
++dnl Set the variable CFLAG_VISIBILITY.
++dnl Defines and sets the variable HAVE_VISIBILITY.
++
++AC_DEFUN([gl_VISIBILITY],
++[
++  AC_REQUIRE([AC_PROG_CC])
++  CFLAG_VISIBILITY=
++  HAVE_VISIBILITY=0
++  if test -n "$GCC"; then
++    dnl First, check whether -Werror can be added to the command line, or
++    dnl whether it leads to an error because of some other option that the
++    dnl user has put into $CC $CFLAGS $CPPFLAGS.
++    AC_MSG_CHECKING([whether the -Werror option is usable])
++    AC_CACHE_VAL([gl_cv_cc_vis_werror], [
++      gl_save_CFLAGS="$CFLAGS"
++      CFLAGS="$CFLAGS -Werror"
++      AC_COMPILE_IFELSE(
++        [AC_LANG_PROGRAM([[]], [[]])],
++        [gl_cv_cc_vis_werror=yes],
++        [gl_cv_cc_vis_werror=no])
++      CFLAGS="$gl_save_CFLAGS"])
++    AC_MSG_RESULT([$gl_cv_cc_vis_werror])
++    dnl Now check whether visibility declarations are supported.
++    AC_MSG_CHECKING([for simple visibility declarations])
++    AC_CACHE_VAL([gl_cv_cc_visibility], [
++      gl_save_CFLAGS="$CFLAGS"
++      CFLAGS="$CFLAGS -fvisibility=hidden"
++      dnl We use the option -Werror and a function dummyfunc, because on some
++      dnl platforms (Cygwin 1.7) the use of -fvisibility triggers a warning
++      dnl "visibility attribute not supported in this configuration; ignored"
++      dnl at the first function definition in every compilation unit, and we
++      dnl don't want to use the option in this case.
++      if test $gl_cv_cc_vis_werror = yes; then
++        CFLAGS="$CFLAGS -Werror"
++      fi
++      AC_COMPILE_IFELSE(
++        [AC_LANG_PROGRAM(
++           [[extern __attribute__((__visibility__("hidden"))) int hiddenvar;
++             extern __attribute__((__visibility__("default"))) int exportedvar;
++             extern __attribute__((__visibility__("hidden"))) int hiddenfunc (void);
++             extern __attribute__((__visibility__("default"))) int exportedfunc (void);
++             void dummyfunc (void) {}
++           ]],
++           [[]])],
++        [gl_cv_cc_visibility=yes],
++        [gl_cv_cc_visibility=no])
++      CFLAGS="$gl_save_CFLAGS"])
++    AC_MSG_RESULT([$gl_cv_cc_visibility])
++    if test $gl_cv_cc_visibility = yes; then
++      CFLAG_VISIBILITY="-fvisibility=hidden"
++      HAVE_VISIBILITY=1
++    fi
++  fi
++  AC_SUBST([CFLAG_VISIBILITY])
++  AC_SUBST([HAVE_VISIBILITY])
++  AC_DEFINE_UNQUOTED([HAVE_VISIBILITY], [$HAVE_VISIBILITY],
++    [Define to 1 or 0, depending whether the compiler supports simple visibility declarations.])
++])
+--- configure.in.orig
++++ configure.in
+@@ -52,17 +52,20 @@ AC_CONFIG_HEADER(expat_config.h)
+ 
+ sinclude(conftools/libtool.m4)
+ sinclude(conftools/ac_c_bigendian_cross.m4)
+-
+-AC_LIBTOOL_WIN32_DLL
+-AC_PROG_LIBTOOL
++sinclude(conftools/visibility.m4)
+ 
+ AC_SUBST(LIBCURRENT)
+ AC_SUBST(LIBREVISION)
+ AC_SUBST(LIBAGE)
+ 
+ dnl Checks for programs.
+-AC_PROG_CC
++AC_PROG_CC_STDC
++AC_USE_SYSTEM_EXTENSIONS
++AC_SYS_LARGEFILE
+ AC_PROG_INSTALL
++gl_VISIBILITY
++AC_LIBTOOL_WIN32_DLL
++AC_PROG_LIBTOOL
+ 
+ if test "$GCC" = yes ; then
+     dnl
+--- lib/expat_external.h.orig
++++ lib/expat_external.h
+@@ -65,6 +65,9 @@
+ #endif
+ #endif  /* not defined XML_STATIC */
+ 
++#if HAVE_VISIBILITY
++#define XMLIMPORT __attribute__ ((visibility ("default")))
++#endif
+ 
+ /* If we didn't define it above, define it away: */
+ #ifndef XMLIMPORT
+--- Makefile.in.orig
++++ Makefile.in
+@@ -110,11 +110,11 @@ CPPFLAGS = @CPPFLAGS@ -DHAVE_EXPAT_CONFI
+ CFLAGS = @CFLAGS@
+ CXXFLAGS = @CXXFLAGS@
+ VSNFLAG = -version-info @LIBCURRENT@:@LIBREVISION@:@LIBAGE@
+-
++CFLAG_VISIBILITY = @CFLAG_VISIBILITY@
+ ### autoconf this?
+ LTFLAGS = --silent
+ 
+-COMPILE = $(CC) $(INCLUDES) $(CFLAGS) $(DEFS) $(CPPFLAGS)
++COMPILE = $(CC) $(CFLAG_VISIBILITY) $(INCLUDES) $(CFLAGS) $(DEFS) $(CPPFLAGS)
+ CXXCOMPILE = $(CXX) $(INCLUDES) $(CXXFLAGS) $(DEFS) $(CPPFLAGS)
+ LTCOMPILE = $(LIBTOOL) $(LTFLAGS) --mode=compile $(COMPILE)
+ LINK_LIB = $(LIBTOOL) $(LTFLAGS) --mode=link $(COMPILE) -no-undefined $(VSNFLAG) -rpath $(libdir) $(LDFLAGS) -o $@
diff --git a/expat.changes b/expat.changes
index 86a1936..54410a9 100644
--- a/expat.changes
+++ b/expat.changes
@@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Sun Oct 30 22:03:29 UTC 2011 - crrodriguez@opensuse.org
+
+- Hide non public symbols reusing existing win32 API export/imports
+- annotate malloc/realloc-like functions with attribute alloc_size
+  to catch possible misuses in calling code.
+
 -------------------------------------------------------------------
 Sun Sep 18 17:17:12 UTC 2011 - jengelh@medozas.de
 
diff --git a/expat.spec b/expat.spec
index 2fe7db5..b4d920b 100644
--- a/expat.spec
+++ b/expat.spec
@@ -34,6 +34,8 @@ Source1:        %{name}faq.html
 Source2:        baselibs.conf
 Patch0:         %{name}-CVE-2009-2625.patch
 Patch1:         %{name}-CVE-2009-3560.patch
+Patch2:         expat-visibility.patch
+Patch3:         expat-alloc-size.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 BuildRequires:  gcc-c++
 
@@ -126,10 +128,13 @@ declaration).
 %setup -q
 %patch0
 %patch1
+%patch2
+%patch3
 cp %{S:1} .
 rm -f examples/*.dsp
 
 %build
+autoreconf
 %configure --disable-static --with-pic --libdir=/%{_lib}
 make %{?_smp_mflags}
 
@@ -142,6 +147,7 @@ mkdir -p $RPM_BUILD_ROOT%{_libdir}
 %{__rm} -v %{buildroot}/%{_lib}/lib%{name}.so
 # remove .la file
 rm -f $RPM_BUILD_ROOT/%{_lib}/libexpat.la
+nm -C -D %{buildroot}/%{_lib}/libexpat.so.1 | wc -l
 
 %check
 make check