devel/py-setuptools{44,58}: fix CVE-2022-40897 backporting a patch

Follow recent commit to devel/py-setuptools and fix old versions same way.

Reported-by:	vishwin

devel/py-setuptools44/Makefile

@@ -1,5 +1,6 @@
 PORTNAME=	setuptools
 PORTVERSION=	44.1.1
+PORTREVISION=	1
 CATEGORIES=	devel python
 MASTER_SITES=	PYPI
 PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}

devel/py-setuptools44/files/patch-setuptools_package__index.py

@@ -0,0 +1,11 @@
+--- setuptools/package_index.py.orig	2022-07-04 02:25:25 UTC
++++ setuptools/package_index.py
+@@ -197,7 +197,7 @@ def unique_values(func):
+     return wrapper
+ 
+ 
+-REL = re.compile(r"""<([^>]*\srel\s*=\s*['"]?([^'">]+)[^>]*)>""", re.I)
++REL = re.compile(r"""<([^>]*\srel\s{0,10}=\s{0,10}['"]?([^'" >]+)[^>]*)>""", re.I)
+ # this line is here to fix emacs' cruddy broken syntax highlighting
+ 
+ 

devel/py-setuptools58/Makefile

@@ -1,6 +1,6 @@
 PORTNAME=	setuptools
 PORTVERSION=	58.5.3
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	devel python
 MASTER_SITES=	PYPI
 PKGNAMEPREFIX=	${PYTHON_PKGNAMEPREFIX}

devel/py-setuptools58/files/patch-setuptools_package__index.py

@@ -0,0 +1,11 @@
+--- setuptools/package_index.py.orig	2022-07-04 02:25:25 UTC
++++ setuptools/package_index.py
+@@ -197,7 +197,7 @@ def unique_values(func):
+     return wrapper
+ 
+ 
+-REL = re.compile(r"""<([^>]*\srel\s*=\s*['"]?([^'">]+)[^>]*)>""", re.I)
++REL = re.compile(r"""<([^>]*\srel\s{0,10}=\s{0,10}['"]?([^'" >]+)[^>]*)>""", re.I)
+ # this line is here to fix emacs' cruddy broken syntax highlighting
+ 
+ 

security/vuxml/vuln/2023.xml

@@ -2833,6 +2833,8 @@
     <affects>
       <package>
     <name>py39-setuptools</name>
+    <range><lt>44.1.1</lt></range>
+    <range><ge>57.0.0</ge><lt>58.5.3_3</lt></range>
     <range><lt>63.1.0_1</lt></range>
       </package>
     </affects>