$OpenBSD: patch-lib_rexml_entity_rb,v 1.1 2008/09/28 15:43:05 bernd Exp $

http://www.ruby-lang.org/en/news/2008/08/23/dos-vulnerability-in-rexml/

--- lib/rexml/entity.rb.orig	Wed Sep  3 17:38:20 2008
+++ lib/rexml/entity.rb	Wed Sep  3 17:38:50 2008
@@ -73,6 +73,7 @@ module REXML
 		# all entities -- both %ent; and &ent; entities.  This differs from
 		# +value()+ in that +value+ only replaces %ent; entities.
 		def unnormalized
+			document.record_entity_expansion!
 			v = value()
 			return nil if v.nil?
 			@unnormalized = Text::unnormalize(v, parent)
