- Tests

- gh-112769: The tests now correctly compare zlib version
      when :const:`zlib.ZLIB_RUNTIME_VERSION` contains
      non-integer suffixes. For example zlib-ng defines the
      version as ``1.3.0.zlib-ng``.
    - gh-117187: Fix XML tests for vanilla Expat <2.6.0.
    - gh-100454: Fix SSL tests CI for OpenSSL 3.1+
  - Security
    - gh-123678: Upgrade libexpat to 2.6.3
    - gh-121957: Fixed missing audit events around interactive
      use of Python, now also properly firing for ``python -i``,
      as well as for ``python -m asyncio``. The event in question
      is ``cpython.run_stdin``.
    - gh-122133: Authenticate the socket connection for the
      ``socket.socketpair()`` fallback on platforms where
      ``AF_UNIX`` is not available like Windows. Patch by
      Gregory P. Smith <greg@krypto.org> and Seth Larson
      <seth@python.org>. Reported by Ellie <el@horse64.org>
    - gh-121285: Remove backtracking from tarfile header
      parsing for ``hdrcharset``, PAX, and GNU sparse headers
      (bsc#1230227, CVE-2024-6232).
    - gh-118486: :func:`os.mkdir` on Windows now accepts
      *mode* of ``0o700`` to restrict the new directory to
      the current user. This fixes CVE-2024-4030 affecting
      :func:`tempfile.mkdtemp` in scenarios where the base
      temporary directory is more permissive than the default.
    - gh-116741: Update bundled libexpat to 2.6.2
  - Library
    - gh-123693: Use platform-agnostic behavior when computing
      ``zipfile.Path.name``.

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python:Factory/python310?expand=0&rev=147

python310.changes

@@ -2,7 +2,76 @@
 Mon Sep  9 13:41:07 UTC 2024 - Matej Cepl <mcepl@cepl.eu>
 
 - Update to 3.10.15:
-
+  - Tests
+    - gh-112769: The tests now correctly compare zlib version
+      when :const:`zlib.ZLIB_RUNTIME_VERSION` contains
+      non-integer suffixes. For example zlib-ng defines the
+      version as ``1.3.0.zlib-ng``.
+    - gh-117187: Fix XML tests for vanilla Expat <2.6.0.
+    - gh-100454: Fix SSL tests CI for OpenSSL 3.1+
+  - Security
+    - gh-123678: Upgrade libexpat to 2.6.3
+    - gh-121957: Fixed missing audit events around interactive
+      use of Python, now also properly firing for ``python -i``,
+      as well as for ``python -m asyncio``. The event in question
+      is ``cpython.run_stdin``.
+    - gh-122133: Authenticate the socket connection for the
+      ``socket.socketpair()`` fallback on platforms where
+      ``AF_UNIX`` is not available like Windows. Patch by
+      Gregory P. Smith <greg@krypto.org> and Seth Larson
+      <seth@python.org>. Reported by Ellie <el@horse64.org>
+    - gh-121285: Remove backtracking from tarfile header
+      parsing for ``hdrcharset``, PAX, and GNU sparse headers
+      (bsc#1230227, CVE-2024-6232).
+    - gh-118486: :func:`os.mkdir` on Windows now accepts
+      *mode* of ``0o700`` to restrict the new directory to
+      the current user. This fixes CVE-2024-4030 affecting
+      :func:`tempfile.mkdtemp` in scenarios where the base
+      temporary directory is more permissive than the default.
+    - gh-116741: Update bundled libexpat to 2.6.2
+  - Library
+    - gh-123693: Use platform-agnostic behavior when computing
+      ``zipfile.Path.name``.
+    - gh-123270: Applied a more surgical fix for malformed
+      payloads in :class:`zipfile.Path` causing infinite loops
+      (gh-122905) without breaking contents using legitimate
+      characters (bsc#1229704, CVE-2024-8088).
+    - gh-123067: Fix quadratic complexity in parsing ``"``-quoted
+      cookie values with backslashes by :mod:`http.cookies`
+      (bsc#1229596, CVE-2024-7592).
+    - gh-122905: :class:`zipfile.Path` objects now sanitize names
+      from the zipfile.
+    - gh-121650: :mod:`email` headers with embedded newlines are
+      now quoted on output. The :mod:`~email.generator` will now
+      refuse to serialize (write) headers that are unsafely folded
+      or delimited; see :attr:`~email.policy.Policy.verify_generated_headers`.
+      (Contributed by Bas Bloemsaat and Petr Viktorin in
+      gh-121650.; CVE-2024-6923, bsc#1228780).
+    - gh-113171: Fixed various false positives and false negatives in
+      * :attr:`ipaddress.IPv4Address.is_private` (see these docs for details)
+      * :attr:`ipaddress.IPv4Address.is_global`
+      * :attr:`ipaddress.IPv6Address.is_private`
+      * :attr:`ipaddress.IPv6Address.is_global`
+      Also in the corresponding :class:`ipaddress.IPv4Network` and
+      :class:`ipaddress.IPv6Network` attributes.
+      Fixes bsc#1226448 (CVE-2024-4032).
+    - gh-102988: :func:`email.utils.getaddresses` and
+      :func:`email.utils.parseaddr` now return ``('', '')`` 2-tuples in more
+      situations where invalid email addresses are encountered instead of
+      potentially inaccurate values. Add optional *strict* parameter to these
+      two functions: use ``strict=False`` to get the old behavior, accept
+      malformed inputs. ``getattr(email.utils, 'supports_strict_parsing',
+      False)`` can be use to check if the *strict* paramater is available. Patch
+      by Thomas Dwyer and Victor Stinner to improve the
+      CVE-2023-27043 fix (bsc#1210638).
+    - gh-67693: Fix :func:`urllib.parse.urlunparse` and
+      :func:`urllib.parse.urlunsplit` for URIs with path starting with multiple
+      slashes and no authority. Based on patch by Ashwin Ramaswami.
+  - Core and Builtins
+    - gh-112275: A deadlock involving ``pystate.c``'s
+      ``HEAD_LOCK`` in ``posixmodule.c`` at fork is now
+      fixed. Patch by ChuBoning based on previous Python 3.12 fix
+      by Victor Stinner.
 - Remove upstreamed patches:
   - CVE-2023-27043-email-parsing-errors.patch
   - CVE-2024-4032-private-IP-addrs.patch