Log message:
python27: updated to 2.7.17

2.7.17:
Escape the server title of :class:`DocXMLRPCServer.DocXMLRPCServer` when
rendering the document page as HTML.

Update vendorized expat library version to 2.2.8, which resolves
CVE-2019-15903.

Updated OpenSSL to 1.0.2s in Windows installer

Don't set cookie for a request when the request path is a prefix match of
the cookie's path attribute but doesn't end with "/".

Don't send cookies of domain A without Domain attribute to domain B when
domain A is a suffix match of domain B while using a cookiejar with
:class:`cookielib.DefaultCookiePolicy` policy.

Fix parsing of invalid email addresses with more than one ``@`` (e.g.
a@b@c.com.) to not return the part before 2nd ``@`` as valid email address.

Fixes mishandling of pre-normalization characters in urlsplit().

Address CVE-2019-9740 by disallowing URL paths with embedded whitespace or
control characters through into the underlying http client request.  Such
potentially malicious header injection URLs now cause an httplib.InvalidURL
exception to be raised.

Changes urlsplit() to raise ValueError when the URL contains characters that
decompose under IDNA encoding (NFKC-normalization) into characters that
affect how the URL is parsed.

CVE-2019-9948: Avoid file reading by disallowing ``local-file://`` and
``local_file://`` URL schemes in :func:`urllib.urlopen`,
:meth:`urllib.URLopener.open` and :meth:`urllib.URLopener.retrieve`.

Fix race in PyThread_release_lock that was leading to memory corruption and
deadlocks. The fix applies to POSIX systems where Python locks are
implemented with mutex and condition variable because POSIX semaphores are
either not provided, or are known to be broken. One particular example of
such system is macOS.

valgrind: suppress a false alarm in memory leak checks. _PyWarnings_Init()
only allocates memory once at startup but it is not released at exit. Ignore
this issue to be able to catch other bugs more easily.

Fix possible overflow in ``wrap_lenfunc()`` when ``sizeof(long) <
sizeof(Py_ssize_t)`` (e.g., 64-bit Windows).

pymalloc returns memory blocks aligned by 16 bytes, instead of 8 bytes, on
64-bit platforms to conform x86-64 ABI. Recent compilers assume this
alignment more often.

Fix signed integer overflow in _ctypes.c's ``PyCArrayType_new()``.

Fix a possible double ``PyMem_FREE()`` due to tokenizer.c's ``tok_nextc()``.

Fix a possible reference leak in :func:`itertools.count`.

PyOS_StdioReadline() no longer leaks memory when realloc() fails.

Fix an unlikely memory leak on conversion from string to float in the
function ``_Py_dg_strtod()`` used by ``float(str)``, ``complex(str)``,
:func:`pickle.load`, :func:`marshal.load`, etc.

Fix use of uninitialized memory in cPickle when reading a truncated pickle
from a file object.

Clarified Doc string for builtin filter function. 2nd Argument can be any
iterable.

Allow the rare code that wants to send invalid http requests from the
`http.client` library a way to do so.  The fixes for bpo-30458 led to
breakage for some projects that were relying on this ability to test their
own behavior in the face of bad requests.

Fix a memory leak in comparison of :class:`sqlite3.Row` objects.

_hashlib no longer calls obsolete OpenSSL initialization function with
OpenSSL 1.1.0+.

Fixed a crash in the :func:`tee` iterator when re-enter it. RuntimeError is
now raised in this case.

Fix C compiler warning caused by distutils.ccompiler.CCompiler.has_function.

Fix file descriptors transfer in multiprocessing on FreeBSD: use
``CMSG_SPACE()`` rather than ``CMSG_LEN()``; see :rfc:`3542`.

Update wheels bundled with ensurepip (pip 19.2.3 and setuptools 41.2.0)

Update vendorized expat version to 2.2.7.

:func:`urlparse.urlsplit` error message for invalid ``netloc`` according to
NFKC normalization is now a :class:`str` string, rather than a
:class:`unicode` string, to prevent error when displaying the error.

:meth:`msilib.Directory.start_component()` no longer fails if *keyfile* is
not ``None``.

Rename the :meth:`test_ascii_replace` to :meth:`test_ascii_strict`.

Fix :mod:`distutils.sysconfig` if :data:`sys.executable` is ``None`` or an
empty string: use :func:`os.getcwd` to initialize ``project_base``.  Fix
also the distutils build command: don't use :data:`sys.executable` if it is
``None`` or an empty string.

Fix buffer overflow in :meth:`~socket.socket.send` and
:meth:`~socket.socket.sendall` methods of :func:`socket.socket` for data
larger than 2 GiB.

Fix a possible reference leak in the json module.

Fix a possible reference leak in the io module.

Fix two possible reference leaks in the hotshot module.

Fix ``CFLAGS`` in ``customize_compiler()`` of ``distutils.sysconfig``: when
the ``CFLAGS`` environment variable is defined, don't override ``CFLAGS``
variable with the ``OPT`` variable anymore.

Update ensurepip to install pip 19.0.3 and setuptools 40.8.0.

Fix linuxaudiodev.linux_audio_device() error handling: close the internal
file descriptor if it fails to open the device.

Fix memory leak in ctypes POINTER handling of large values.

Fix two unlikely reference leaks in _hashopenssl. The leaks only occur in
out-of-memory cases.

Resolve potential name clash with libm's sinpi().

Fix ``setup.py check --restructuredtext`` for files containing ``include``
directives.

Fix PyList_GetItem index description to include 0.

Replace the dead link to the Tkinter 8.5 reference by John Shipman, New
Mexico Tech, with a link to the archive.org copy.

Improve the examples in the "How do I convert a number to string?" question
of the "Programming" section of the FAQ.

Fix documentation build for sphinx<1.6.

Explicitly set master_doc variable in conf.py for compliance with Sphinx 2.0

Add glossary entry for 'magic method'.

Fix test_wsgiref.testEnviron() to no longer depend on the environment
variables (don't fail if "X" variable is set).

Add --cleanup option to python3 -m test to remove ``test_python_*``
directories of previous failed jobs. Add "make cleantest" to run ``python3
-m test --cleanup``.

test_gdb no longer fails if it gets an "unexpected" message on stderr: it
now ignores stderr. The purpose of test_gdb is to test that python-gdb.py
commands work as expected, not to test gdb.

Update Lib/test/selfsigned_pythontestdotnet.pem to match
self-signed.pythontest.net's new TLS certificate.

Skip specific nntplib and ssl networking tests when they would otherwise
fail due to a modern OS or distro with a default OpenSSL policy of rejecting
connections to servers with weak certificates or disabling TLS below
TLSv1.2.

Fix reference leak hunting in regrtest: compute also deltas (of reference
count and file descriptor count) during warmup, to ensure that everything is
initialized before starting to hunt reference leaks.

test_posix.PosixUidGidTests: add tests for invalid uid/gid type (str).

Add test.support.TEST_HTTP_URL and replace references of
http://www.example.com by this new constant.

Avoid test_ttk_guionly ComboboxTest failure with macOS Cocoa Tk.

Re-enable missing widget testcases in test_ttk_guionly.

Fix ``test_default_ecdh_curve`` when TLSv1.3 is enabled by default.

In Solaris family, we must be sure to use ``-D_REENTRANT``.

Fix detection of the bind_textdomain_codeset function for building gettext
support into the locale module.

``make tags`` and ``make TAGS`` now also parse ``Modules/_io/*.c`` and
``Modules/_io/*.h``.

Fix SSL module build with OpenSSL 1.1.0

Updates bundled OpenSSL to 1.0.2t

Include the ``FORMAT_MESSAGE_IGNORE_INSERTS`` flag in ``FormatMessageW()``
calls.

Update Windows builds to use SQLite 3.28.0.

Correctly handle string length in ``msilib.SummaryInfo.GetProperty()`` to
prevent it from truncating the last character.

Updated OpenSSL to 1.0.2t in macOS installer for 2.7.x.

When building 2.7 on macOS without system header files installed in
``/usr/include``, a few extension modules dependent on system-supplied
third-party libraries were not being built, most notably zlib.

Update macOS installer to use SQLite 3.28.0.

Updated OpenSSL to 1.0.2s in macOS installer.

Support building Python on macOS without /usr/include installed. As of macOS
10.14, system header files are only available within an SDK provided by
either the Command Line Tools or the Xcode app.

Properly 'attach' search dialogs to their main window so that they behave
like other dialogs and do not get hidden behind their main window.

When saving a file, call os.fsync() so bits are flushed to e.g. USB drive.

2to3 now works when run from a zipped standard library.

Fix the argument handling in Tools/scripts/lll.py.

Fix the cast on error in :c:func:`PyLong_AsUnsignedLongLongMask()`.

Log message:
python: Don't install nis_failed.so if no yp headers

Because python won't even try to build it.
You only see nis_failed.so if there is an error building it, when
it wanted to build it, and that should be fixed accordingly.

In a nutshell, if the yp headers are installed, python will build
the nis module, otherwise it won't.

On netbsd systems at least, if you have the yp headers installed and
subsequently re-install over the top with MKYP=no you get into the state
where the headers are installed, but the functions are no longer in libc.
This is an error with *your* system - either rebuild with MKYP=yes OR
remove the yp headers from include/rpc and include/rpcsvc.

Follow on fix for PR pkg/53673.

Log message:
python*: rework logic used to determine if PLIST.nis is used.

Match the logic used by setup.py: it looks for two headers in the default
include path. This helps newer glibc linux.

Omit PLIST.dll on python3* because it doesn't appear in the PLIST.
Make PLIST.dll true on all non-IRIX.

tested: NetBSD-current, FreeBSD 11.2, Ubuntu 18.10, CentOS 6.9, Source Mage

From Dr. Thomas Orgis, myself, and with pointers to a change from leot.

PR pkg/53673

Log message:
lang/python27: Add comments about NIS detection

The logic to determine inclusion of NIS PLIST entries is confusing.
Add comments to explain some and question some.

This is a comment-only change.

Log message:
python27: updated to 2.7.16

Python 2.7.16 is a bugfix release in the Python 2.7 series.

Log message:
python27: clean-up SUBST to match other Python versions

Log message:
Fix for Darwin/Xcode 10 (missing QuickTime.framework); PLIST_VARS cleanup

Log message:
python: Fix PLIST.SunOS

Log message:
python: pkgsrc changes

- Fix buidling curses (consistent across platforms)
- Fix finding libraries with ctypes.util.find_library
- Enable spwd module on Linux
- Cleanup

Log message:
python27: Remove patches/patch-ah (no longer needed)

Since Python 2.7.15 patches/patch-ah is no longer needed and badly interfere
(e.g. with it `curses.KEY_*' are no longer exposed):

 - Prototypes of NetBSD curses(3) are as described, no need to patch them
 - Avoid {lines,columns} -> {nlines,columns} rename, they are properly
   undef-ed due HAVE_TERM_H.
 - Use keyname() (it should be present since NetBSD 2.0)

Bump PKGREVISION for devel/py-curses so it will be properly rebuild.

Fixes PR pkg/53330 reported by <oster>.