diff --git a/expat/Changes b/expat/Changes
index b4122ed3..d1d7b8bc 100644
--- a/expat/Changes
+++ b/expat/Changes
@@ -9,6 +9,7 @@ Release ??????????
                   In a way, that's still part of CVE-2016-5300.
                   For packaging, feel free to configure using
                   --(with|without)-libbsd to bypass auto-detection.
+                  For run-time debug output, EXPAT_ENTROPY_DEBUG=1 can be used.
 
         Bug fixes:
             #539  Fix regression from fix to CVE-2016-0718 cutting off
diff --git a/expat/lib/xmlparse.c b/expat/lib/xmlparse.c
index 6808ea11..5c73f742 100644
--- a/expat/lib/xmlparse.c
+++ b/expat/lib/xmlparse.c
@@ -6,6 +6,8 @@
 #include <string.h>                     /* memset(), memcpy() */
 #include <assert.h>
 #include <limits.h>                     /* UINT_MAX */
+#include <stdio.h>                      /* fprintf */
+#include <stdlib.h>                     /* getenv */
 
 #ifdef _WIN32
 #define getpid GetCurrentProcessId
@@ -783,6 +785,18 @@ gather_time_entropy(void)
 # include <bsd/stdlib.h>
 #endif
 
+static unsigned long
+ENTROPY_DEBUG(const char * label, unsigned long entropy) {
+  const char * const EXPAT_ENTROPY_DEBUG = getenv("EXPAT_ENTROPY_DEBUG");
+  if (EXPAT_ENTROPY_DEBUG && ! strcmp(EXPAT_ENTROPY_DEBUG, "1")) {
+    fprintf(stderr, "Entropy: %s --> 0x%0*lx (%lu bytes)\n",
+        label,
+        (int)sizeof(unsigned long) * 2, entropy,
+        sizeof(unsigned long));
+  }
+  return entropy;
+}
+
 static unsigned long
 generate_hash_secret_salt(XML_Parser parser)
 {
@@ -791,16 +805,16 @@ generate_hash_secret_salt(XML_Parser parser)
 #if defined(HAVE_ARC4RANDOM_BUF) || defined(__CloudABI__)
   (void)gather_time_entropy;
   arc4random_buf(&entropy, sizeof(entropy));
-  return entropy;
+  return ENTROPY_DEBUG("arc4random_buf", entropy);
 #else
   /* Try high quality providers first .. */
 #ifdef _WIN32
   if (writeRandomBytes_RtlGenRandom((void *)&entropy, sizeof(entropy))) {
-    return entropy;
+    return ENTROPY_DEBUG("RtlGenRandom", entropy);
   }
 #elif defined(HAVE_GETRANDOM)
   if (writeRandomBytes_getrandom((void *)&entropy, sizeof(entropy))) {
-    return entropy;
+    return ENTROPY_DEBUG("getrandom", entropy);
   }
 #endif
   /* .. and self-made low quality for backup: */
@@ -810,9 +824,10 @@ generate_hash_secret_salt(XML_Parser parser)
 
   /* Factors are 2^31-1 and 2^61-1 (Mersenne primes M31 and M61) */
   if (sizeof(unsigned long) == 4) {
-    return entropy * 2147483647;
+    return ENTROPY_DEBUG("fallback(4)", entropy * 2147483647);
   } else {
-    return entropy * (unsigned long)2305843009213693951;
+    return ENTROPY_DEBUG("fallback(8)",
+        entropy * (unsigned long)2305843009213693951);
   }
 #endif
 }