diff --git a/00320-fix-pre-normalization-chars-in-urlsplit.patch b/00320-fix-pre-normalization-chars-in-urlsplit.patch
new file mode 100644
index 0000000..b8ae979
--- /dev/null
+++ b/00320-fix-pre-normalization-chars-in-urlsplit.patch
@@ -0,0 +1,42 @@
+diff --git a/Lib/test/test_urlparse.py b/Lib/test/test_urlparse.py
+index 0faf2bb..d0365ec 100644
+--- a/Lib/test/test_urlparse.py
++++ b/Lib/test/test_urlparse.py
+@@ -1011,6 +1011,12 @@ class UrlParseTestCase(unittest.TestCase):
+         self.assertIn('\u2100', denorm_chars)
+         self.assertIn('\uFF03', denorm_chars)
+ 
++        # bpo-36742: Verify port separators are ignored when they
++        # existed prior to decomposition
++        urllib.parse.urlsplit('http://\u30d5\u309a:80')
++        with self.assertRaises(ValueError):
++            urllib.parse.urlsplit('http://\u30d5\u309a\ufe1380')
++
+         for scheme in ["http", "https", "ftp"]:
+             for c in denorm_chars:
+                 url = "{}://netloc{}false.netloc/path".format(scheme, c)
+diff --git a/Lib/urllib/parse.py b/Lib/urllib/parse.py
+index 8b6c9b1..e2f7b69 100644
+--- a/Lib/urllib/parse.py
++++ b/Lib/urllib/parse.py
+@@ -402,13 +402,16 @@ def _checknetloc(netloc):
+     # looking for characters like \u2100 that expand to 'a/c'
+     # IDNA uses NFKC equivalence, so normalize for this check
+     import unicodedata
+-    netloc2 = unicodedata.normalize('NFKC', netloc)
+-    if netloc == netloc2:
++    n = netloc.rpartition('@')[2] # ignore anything to the left of '@'
++    n = n.replace(':', '')        # ignore characters already included
++    n = n.replace('#', '')        # but not the surrounding text
++    n = n.replace('?', '')
++    netloc2 = unicodedata.normalize('NFKC', n)
++    if n == netloc2:
+         return
+-    _, _, netloc = netloc.rpartition('@') # anything to the left of '@' is okay
+     for c in '/?#@:':
+         if c in netloc2:
+-            raise ValueError("netloc '" + netloc2 + "' contains invalid " +
++            raise ValueError("netloc '" + netloc + "' contains invalid " +
+                              "characters under NFKC normalization")
+ 
+ def urlsplit(url, scheme='', allow_fragments=True):
diff --git a/python3.spec b/python3.spec
index 0201076..05484dc 100644
--- a/python3.spec
+++ b/python3.spec
@@ -17,7 +17,7 @@ URL: https://www.python.org/
 #global prerel ...
 %global upstream_version %{general_version}%{?prerel}
 Version: %{general_version}%{?prerel:~%{prerel}}
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: Python
 
 
@@ -302,6 +302,12 @@ Patch274: 00274-fix-arch-names.patch
 # So we mark the command as unsupported - and the tests are skipped
 Patch316: 00316-mark-bdist_wininst-unsupported.patch
 
+# 00320 #
+# Fix handling of pre-normalization characters in urlsplit()
+# This fixes a regression introduced by the fix for CVE-2019-9636
+# Fixed upstream: https://bugs.python.org/issue36742
+Patch320: 00320-fix-pre-normalization-chars-in-urlsplit.patch
+
 # (New patches go here ^^^)
 #
 # When adding new patches to "python" and "python3" in Fedora, EL, etc.,
@@ -636,6 +642,7 @@ rm Lib/ensurepip/_bundled/*.whl
 %patch251 -p1
 %patch274 -p1
 %patch316 -p1
+%patch320 -p1
 
 
 # Remove files that should be generated by the build
@@ -1563,6 +1570,9 @@ CheckPython optimized
 # ======================================================
 
 %changelog
+* Tue May 07 2019 Charalampos Stratakis <cstratak@redhat.com> - 3.7.3-3
+- Fix handling of pre-normalization characters in urlsplit
+
 * Wed Apr 17 2019 Patrik Kopkan <pkopkan@redhat.com> - 3.7.3-2
 - Makes man python3.7m show python3.7 man pages (#1612241)