Fixes Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes

in the hash table internal to the pyexpat module's copy of the expat
library to avoid a denial of service due to hash collisions.
Patch by David Malcolm with some modifications by the expat project.

diff --cc Misc/NEWS
index 8dace0c7591351ab9af6db7be780960a795bd034,1b4e09fceaea6f2332b3b1422f61807f2e7b5fcb..a9f33a23d940f1077e5b32d0258a3bf66c6a274d
--- 1/Misc/NEWS
--- 2/Misc/NEWS
+++ b/Misc/NEWS
@@@ -24,17 -22,8 +24,22 @@@ Core and Builtin
  Library
  -------
  
 -- Issue #14062: Header objects now correctly respect the 'linesep' setting
 -  when processed by BytesParser (which smtplib.SMTP.send_message uses).
++- Issue #14234: CVE-2012-0876: Randomize hashes of xml attributes in the hash
++  table internal to the pyexpat module's copy of the expat library to avoid a
++  denial of service due to hash collisions.  Patch by David Malcolm with some
++  modifications by the expat project.
++
 +- Issue #14200: Idle shell crash on printing non-BMP unicode character.
 +
 +- Issue #12818: format address no longer needlessly \ escapes ()s in names when
 +  the name ends up being quoted.
 +
 +- Issue #14062: BytesGenerator now correctly folds Header objects,
 +  including using linesep when folding.
 +
 +- Issue #13839: When invoked on the command-line, the pstats module now
 +  accepts several filenames of profile stat files and merges them all.
 +  Patch by Matt Joiner.
  
  - Issue #14291: Email now defaults to utf-8 for non-ASCII unicode headers
    instead of raising an error.  This fixes a regression relative to 2.7.

diff --cc Modules/pyexpat.c
Simple merge