$OpenBSD: patch-feedparser_feedparser_py,v 1.1 2012/05/25 12:27:33 jasper Exp $

Security fix for CVE-2012-2921,
feedparser DOCTYPE and ENTITY XML Declaration Denial of Service Vulnerability

Patch from upstream:
https://code.google.com/p/feedparser/source/detail?r=703&path=/trunk/feedparser/feedparser.py

--- feedparser/feedparser.py.orig	Fri May 25 14:24:41 2012
+++ feedparser/feedparser.py	Fri May 25 14:25:48 2012
@@ -3703,9 +3703,6 @@ def parse(url_file_stream_or_string, etag=None, modifi
         result['bozo'] = 1
         result['bozo_exception'] = NonXMLContentType(bozo_message)
 
-    if data is not None:
-        result['version'], data, entities = _stripDoctype(data)
-
     # ensure that baseuri is an absolute uri using an acceptable URI scheme
     contentloc = http_headers.get('content-location', http_headers.get('Content-Location', ''))
     href = result.get('href', '')
@@ -3790,6 +3787,9 @@ def parse(url_file_stream_or_string, etag=None, modifi
             'document declared as %s, but parsed as %s' % \
             (result['encoding'], proposed_encoding))
         result['encoding'] = proposed_encoding
+
+    if data is not None:
+        result['version'], data, entities = _stripDoctype(data)
 
     if not _XML_AVAILABLE:
         use_strict_parser = 0
