---
- branch: MAIN
  date: Tue Mar 26 20:54:55 UTC 2019
  files:
  - new: '1.5'
    old: '1.4'
    path: pkgsrc/lang/python37/Makefile
    pathrev: pkgsrc/lang/python37/Makefile@1.5
    type: modified
  - new: '1.5'
    old: '1.4'
    path: pkgsrc/lang/python37/PLIST
    pathrev: pkgsrc/lang/python37/PLIST@1.5
    type: modified
  - new: '1.4'
    old: '1.3'
    path: pkgsrc/lang/python37/dist.mk
    pathrev: pkgsrc/lang/python37/dist.mk@1.4
    type: modified
  - new: '1.7'
    old: '1.6'
    path: pkgsrc/lang/python37/distinfo
    pathrev: pkgsrc/lang/python37/distinfo@1.7
    type: modified
  id: 20190326T205455Z.e78216d4f791f69b12e540948a808b2bf861c142
  log: "python37: updated to 3.7.3\n\nPython 3.7.3:\nSecurity\nbpo-36216: Changes
    urlsplit() to raise ValueError when the URL contains characters that decompose
    under IDNA encoding (NFKC-normalization) into characters that affect how the URL
    is parsed.\nbpo-35746: [CVE-2019-5010] Fix a NULL pointer deref in ssl module.
    The cert parser did not handle CRL distribution points with empty DP or URI correctly.
    A malicious or buggy certificate can result into segfault. Vulnerability (TALOS-2018-0758)
    reported by Colin Read and Nicolas Edet of Cisco.\nbpo-35121: Donâ\x80\x99t send
    cookies of domain A without Domain attribute to domain B when domain A is a suffix
    match of domain B while using a cookiejar with http.cookiejar.DefaultCookiePolicy
    policy. Patch by Karthikeyan Singaravelan.\n\nCore and Builtins\nbpo-35942: The
    error message emitted when returning invalid types from __fspath__ in interfaces
    that allow passing PathLike objects has been improved and now it does explain
    the origin of the error.\nbpo-35992: Fix __class_getitem__() not being called
    on a class with a custom non-subscriptable metaclass.\nbpo-35991: Fix a potential
    double free in Modules/_randommodule.c.\nbpo-35961: Fix a crash in slice_richcompare():
    use strong references rather than stolen references for the two temporary internal
    tuples.\nbpo-31506: Clarify the errors reported when object.__new__ and object.__init__
    receive more than one argument. Contributed by Sanyam Khurana.\nbpo-35720: Fixed
    a minor memory leak in pymain_parse_cmdline_impl function in Modules/main.c\nbpo-35623:
    Fix a crash when sorting very long lists. Patch by Stephan Hohe.\nbpo-35214: clang
    Memory Sanitizer build instrumentation was added to work around false positives
    from posix, socket, time, test_io, and test_faulthandler.\nbpo-35560: Fix an assertion
    error in format() in debug build for floating point formatting with â\x80\x9Cnâ\x80\x9D
    format, zero padding and small width. Release build is not impacted. Patch by
    Karthikeyan Singaravelan.\nbpo-35552: Format characters %s and %V in PyUnicode_FromFormat()
    and %s in PyBytes_FromFormat() no longer read memory past the limit if precision
    is specified.\nbpo-35504: Fix segfaults and SystemErrors when deleting certain
    attributes. Patch by Zackery Spytz.\nbpo-33989: Fix a possible crash in list.sort()
    when sorting objects with ob_type->tp_richcompare == NULL. Patch by Zackery Spytz.\n\nLibrary\nbpo-35931:
    The pdb debug command now gracefully handles all exceptions.\nbpo-36251: Fix format
    strings used for stderrprinter and re.Match reprs. Patch by Stephan Hohe.\nbpo-35807:
    Update ensurepip to install pip 19.0.3 and setuptools 40.8.0.\nbpo-36179: Fix
    two unlikely reference leaks in _hashopenssl. The leaks only occur in out-of-memory
    cases.\nbpo-35178: Ensure custom warnings.formatwarning() function can receive
    line as positional argument. Based on patch by Tashrif Billah.\nbpo-36106: Resolve
    potential name clash with libmâ\x80\x99s sinpi(). Patch by Dmitrii Pasechnik.\nbpo-35512:
    unittest.mock.patch.dict() used as a decorator with string target resolves the
    target during function call instead of during decorator construction. Patch by
    Karthikeyan Singaravelan.\nbpo-36091: Clean up reference to async generator in
    Lib/types. Patch by Henry Chen.\nbpo-35899: Enum has been fixed to correctly handle
    empty strings and strings with non-Latin characters (ie. â\x80\x98αâ\x80\x99,
    â\x80\x98×\x90â\x80\x99) without crashing. Original patch contributed by Maxwell.
    Assisted by Stéphane Wirtel.\nbpo-35918: Removed broken has_key method from multiprocessing.managers.SyncManager.dict.
    Contributed by Rémi Lapeyre.\nbpo-35960: Fix dataclasses.field() throwing away
    empty mapping objects passed as metadata.\nbpo-35847: RISC-V needed the CTYPES_PASS_BY_REF_HACK.
    Fixes ctypes Structure test_pass_by_value.\nbpo-35780: Fix lru_cache() errors
    arising in recursive, reentrant, or multi-threaded code. These errors could result
    in orphan links and in the cache being trapped in a state with fewer than the
    specified maximum number of links. Fix handling of negative maxsize which should
    have been treated as zero. Fix errors in toggling the â\x80\x9Cfullâ\x80\x9D status
    flag. Fix misordering of links when errors are encountered. Sync-up the C code
    and pure Python code for the space saving path in functions with a single positional
    argument. In this common case, the space overhead of an lru cache entry is reduced
    by almost half. Fix counting of cache misses. In error cases, the miss count was
    out of sync with the actual number of times the underlying user function was called.\nbpo-23846:
    asyncio.ProactorEventLoop now catches and logs send errors when the self-pipe
    is full.\nbpo-34323: asyncio: Enhance IocpProactor.close() log: wait 1 second
    before the first log, then log every second. Log also the number of seconds since
    close() was called.\nbpo-34294: re module, fix wrong capturing groups in rare
    cases. re.search(), re.findall(), re.sub() and other functions that scan through
    string looking for a match, should reset capturing groups between two match attempts.
    Patch by Ma Lin.\nbpo-35717: Fix KeyError exception raised when using enums and
    compile. Patch contributed by Rémi Lapeyre.\nbpo-35699: Fixed detection of Visual
    Studio Build Tools 2017 in distutils\nbpo-32710: Fix memory leaks in asyncio ProactorEventLoop
    on overlapped operation failure.\nbpo-32710: Fix a memory leak in asyncio in the
    ProactorEventLoop when ReadFile() or WSASend() overlapped operation fail immediately:
    release the internal buffer.\nbpo-35682: Fix asyncio.ProactorEventLoop.sendfile():
    donâ\x80\x99t attempt to set the result of an internal future if itâ\x80\x99s
    already done.\nbpo-35283: Add a pending deprecated warning for the threading.Thread.isAlive()
    method. Patch by Dong-hee Na.\nbpo-35643: Fixed a SyntaxWarning: invalid escape
    sequence in Modules/_sha3/cleanup.py. Patch by Mickaël Schoentgen.\nbpo-35615:
    weakref: Fix a RuntimeError when copying a WeakKeyDictionary or a WeakValueDictionary,
    due to some keys or values disappearing while iterating.\nbpo-28503: The crypt
    module now internally uses the crypt_r() library function instead of crypt() when
    available.\nbpo-35121: Donâ\x80\x99t set cookie for a request when the request
    path is a prefix match of the cookieâ\x80\x99s path attribute but doesnâ\x80\x99t
    end with â\x80\x9C/â\x80\x9D. Patch by Karthikeyan Singaravelan.\nbpo-35585: Speed-up
    building enums by value, e.g. http.HTTPStatus(200).\nbpo-21478: Calls to a child
    function created with unittest.mock.create_autospec() should propagate to the
    parent. Patch by Karthikeyan Singaravelan.\nbpo-35513: TextTestRunner of unittest.runner
    now uses time.perf_counter() rather than time.time() to measure the execution
    time of a test: time.time() can go backwards, whereas time.perf_counter() is monotonic.\nbpo-35502:
    Fixed reference leaks in xml.etree.ElementTree.TreeBuilder in case of unfinished
    building of the tree (in particular when an error was raised during parsing XML).\nbpo-31446:
    Copy command line that was passed to CreateProcessW since this function can change
    the content of the input buffer.\nbpo-20239: Allow repeated assignment deletion
    of unittest.mock.Mock attributes. Patch by Pablo Galindo.\nbpo-17185: Set __signature__
    on mock for inspect to get signature. Patch by Karthikeyan Singaravelan.\nbpo-10496:
    check_environ() of distutils.utils now catches KeyError on calling pwd.getpwuid():
    donâ\x80\x99t create the HOME environment variable in this case.\nbpo-35066: Previously,
    calling the strftime() method on a datetime object with a trailing â\x80\x98%â\x80\x99
    in the format string would result in an exception. However, this only occured
    when the datetime C module was being used; the python implementation did not match
    this behavior. Datetime is now PEP-399 compliant, and will not throw an exception
    on a trailing â\x80\x98%â\x80\x99.\nbpo-24746: Avoid stripping trailing whitespace
    in doctest fancy diff. Orignial patch by R. David Murray & Jairo Trad. Enhanced
    by Sanyam Khurana.\nbpo-35198: Fix C++ extension compilation on AIX\nbpo-28441:
    On Cygwin and MinGW, ensure that sys.executable always includes the full filename
    in the path, including the .exe suffix (unless it is a symbolic link).\nbpo-34572:
    Fix C implementation of pickle.loads to use importlibâ\x80\x99s locking mechanisms,
    and thereby avoid using partially-loaded modules. Patch by Tim Burgess.\nbpo-33687:
    Fix the call to os.chmod() for uu.decode() if a mode is given or decoded. Patch
    by Timo Furrer.\nbpo-32146: Document the interaction between frozen executables
    and the spawn and forkserver start methods in multiprocessing.\n"
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/lang/python37'
  unixtime: '1553633695'
  user: adam