Python 3.10.15

Include/patchlevel.h

@@ -18,12 +18,12 @@
 /*--start constants--*/
 #define PY_MAJOR_VERSION        3
 #define PY_MINOR_VERSION        10
-#define PY_MICRO_VERSION        14
+#define PY_MICRO_VERSION        15
 #define PY_RELEASE_LEVEL        PY_RELEASE_LEVEL_FINAL
 #define PY_RELEASE_SERIAL       0
 
 /* Version as a string */
-#define PY_VERSION              "3.10.14+"
+#define PY_VERSION              "3.10.15"
 /*--end constants--*/
 
 /* Version as a single 4-byte hex number, e.g. 0x010502B2 == 1.5.2b2.

Lib/pydoc_data/topics.py

@@ -1,5 +1,5 @@
 # -*- coding: utf-8 -*-
-# Autogenerated by Sphinx on Tue Mar 19 22:44:19 2024
+# Autogenerated by Sphinx on Sat Sep  7 01:19:53 2024
 topics = {'assert': 'The "assert" statement\n'
            '**********************\n'
            '\n'

Misc/NEWS.d/3.10.15.rst

@@ -0,0 +1,218 @@
+.. date: 2024-05-29-17-05-28
+.. gh-issue: 119690
+.. nonce: U6RMtm
+.. release date: 2024-09-07
+.. section: Windows
+
+Fixes data type confusion in audit events raised by ``_winapi.CreateFile``
+and ``_winapi.CreateNamedPipe``.
+
+..
+
+.. date: 2024-03-14-01-58-22
+.. gh-issue: 116773
+.. nonce: H2UldY
+.. section: Windows
+
+Fix instances of ``<_overlapped.Overlapped object at 0xXXX> still has
+pending operation at deallocation, the process may crash``.
+
+..
+
+.. date: 2024-05-25-17-06-01
+.. gh-issue: 112769
+.. nonce: kdLJmS
+.. section: Tests
+
+The tests now correctly compare zlib version when
+:const:`zlib.ZLIB_RUNTIME_VERSION` contains non-integer suffixes. For
+example zlib-ng defines the version as ``1.3.0.zlib-ng``.
+
+..
+
+.. date: 2024-03-24-23-49-25
+.. gh-issue: 117187
+.. nonce: eMLT5n
+.. section: Tests
+
+Fix XML tests for vanilla Expat <2.6.0.
+
+..
+
+.. date: 2022-12-23-13-29-55
+.. gh-issue: 100454
+.. nonce: 3no0cW
+.. section: Tests
+
+Fix SSL tests CI for OpenSSL 3.1+
+
+..
+
+.. date: 2024-09-04-12-41-35
+.. gh-issue: 123678
+.. nonce: N41y9n
+.. section: Security
+
+Upgrade libexpat to 2.6.3
+
+..
+
+.. date: 2024-07-22-13-14-38
+.. gh-issue: 121957
+.. nonce: FYkcOt
+.. section: Security
+
+Fixed missing audit events around interactive use of Python, now also
+properly firing for ``python -i``, as well as for ``python -m asyncio``. The
+event in question is ``cpython.run_stdin``.
+
+..
+
+.. date: 2024-07-22-13-11-28
+.. gh-issue: 122133
+.. nonce: 0mPeta
+.. section: Security
+
+Authenticate the socket connection for the ``socket.socketpair()`` fallback
+on platforms where ``AF_UNIX`` is not available like Windows.
+
+Patch by Gregory P. Smith <greg@krypto.org> and Seth Larson
+<seth@python.org>. Reported by Ellie <el@horse64.org>
+
+..
+
+.. date: 2024-07-02-13-39-20
+.. gh-issue: 121285
+.. nonce: hrl-yI
+.. section: Security
+
+Remove backtracking from tarfile header parsing for ``hdrcharset``, PAX, and
+GNU sparse headers.
+
+..
+
+.. date: 2024-05-01-20-57-09
+.. gh-issue: 118486
+.. nonce: K44KJG
+.. section: Security
+
+:func:`os.mkdir` on Windows now accepts *mode* of ``0o700`` to restrict the
+new directory to the current user. This fixes CVE-2024-4030 affecting
+:func:`tempfile.mkdtemp` in scenarios where the base temporary directory is
+more permissive than the default.
+
+..
+
+.. date: 2024-03-27-13-50-02
+.. gh-issue: 116741
+.. nonce: ZoGryG
+.. section: Security
+
+Update bundled libexpat to 2.6.2
+
+..
+
+.. date: 2024-09-04-14-05-02
+.. gh-issue: 123693
+.. nonce: dNW1IF
+.. section: Library
+
+Use platform-agnostic behavior when computing ``zipfile.Path.name``.
+
+..
+
+.. date: 2024-08-26-13-45-20
+.. gh-issue: 123270
+.. nonce: gXHvNJ
+.. section: Library
+
+Applied a more surgical fix for malformed payloads in :class:`zipfile.Path`
+causing infinite loops (gh-122905) without breaking contents using
+legitimate characters.
+
+..
+
+.. date: 2024-08-16-19-13-21
+.. gh-issue: 123067
+.. nonce: Nx9O4R
+.. section: Library
+
+Fix quadratic complexity in parsing ``"``-quoted cookie values with
+backslashes by :mod:`http.cookies`.
+
+..
+
+.. date: 2024-08-11-14-08-04
+.. gh-issue: 122905
+.. nonce: 7tDsxA
+.. section: Library
+
+:class:`zipfile.Path` objects now sanitize names from the zipfile.
+
+..
+
+.. date: 2024-07-27-16-10-41
+.. gh-issue: 121650
+.. nonce: nf6oc9
+.. section: Library
+
+:mod:`email` headers with embedded newlines are now quoted on output. The
+:mod:`~email.generator` will now refuse to serialize (write) headers that
+are unsafely folded or delimited; see
+:attr:`~email.policy.Policy.verify_generated_headers`. (Contributed by Bas
+Bloemsaat and Petr Viktorin in :gh:`121650`.)
+
+..
+
+.. date: 2024-03-14-01-38-44
+.. gh-issue: 113171
+.. nonce: VFnObz
+.. section: Library
+
+Fixed various false positives and false negatives in
+
+* :attr:`ipaddress.IPv4Address.is_private` (see these docs for details)
+* :attr:`ipaddress.IPv4Address.is_global`
+* :attr:`ipaddress.IPv6Address.is_private`
+* :attr:`ipaddress.IPv6Address.is_global`
+
+Also in the corresponding :class:`ipaddress.IPv4Network` and
+:class:`ipaddress.IPv6Network` attributes.
+
+..
+
+.. date: 2023-10-20-15-28-08
+.. gh-issue: 102988
+.. nonce: dStNO7
+.. section: Library
+
+:func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now
+return ``('', '')`` 2-tuples in more situations where invalid email
+addresses are encountered instead of potentially inaccurate values. Add
+optional *strict* parameter to these two functions: use ``strict=False`` to
+get the old behavior, accept malformed inputs. ``getattr(email.utils,
+'supports_strict_parsing', False)`` can be use to check if the *strict*
+paramater is available. Patch by Thomas Dwyer and Victor Stinner to improve
+the CVE-2023-27043 fix.
+
+..
+
+.. date: 2019-08-27-01-16-50
+.. gh-issue: 67693
+.. nonce: 4NIAiy
+.. section: Library
+
+Fix :func:`urllib.parse.urlunparse` and :func:`urllib.parse.urlunsplit` for
+URIs with path starting with multiple slashes and no authority. Based on
+patch by Ashwin Ramaswami.
+
+..
+
+.. date: 2024-09-04-18-20-11
+.. gh-issue: 112275
+.. nonce: W_iMiB
+.. section: Core and Builtins
+
+A deadlock involving ``pystate.c``'s ``HEAD_LOCK`` in ``posixmodule.c`` at
+fork is now fixed. Patch by ChuBoning based on previous Python 3.12 fix by
+Victor Stinner.

Misc/NEWS.d/next/Core_and_Builtins/2024-09-04-18-20-11.gh-issue-112275.W_iMiB.rst

@@ -1,3 +0,0 @@
-A deadlock involving ``pystate.c``'s ``HEAD_LOCK`` in ``posixmodule.c``
-at fork is now fixed. Patch by ChuBoning based on previous Python 3.12
-fix by Victor Stinner.

Misc/NEWS.d/next/Library/2019-08-27-01-16-50.gh-issue-67693.4NIAiy.rst

@@ -1,2 +0,0 @@
-Fix :func:`urllib.parse.urlunparse` and :func:`urllib.parse.urlunsplit` for URIs with path starting with multiple slashes and no authority.
-Based on patch by Ashwin Ramaswami.

Misc/NEWS.d/next/Library/2023-10-20-15-28-08.gh-issue-102988.dStNO7.rst

@@ -1,8 +0,0 @@
-:func:`email.utils.getaddresses` and :func:`email.utils.parseaddr` now
-return ``('', '')`` 2-tuples in more situations where invalid email
-addresses are encountered instead of potentially inaccurate values. Add
-optional *strict* parameter to these two functions: use ``strict=False`` to
-get the old behavior, accept malformed inputs.
-``getattr(email.utils, 'supports_strict_parsing', False)`` can be use to check
-if the *strict* paramater is available. Patch by Thomas Dwyer and Victor
-Stinner to improve the CVE-2023-27043 fix.

Misc/NEWS.d/next/Library/2024-03-14-01-38-44.gh-issue-113171.VFnObz.rst

@@ -1,9 +0,0 @@
-Fixed various false positives and false negatives in
-
-* :attr:`ipaddress.IPv4Address.is_private` (see these docs for details)
-* :attr:`ipaddress.IPv4Address.is_global`
-* :attr:`ipaddress.IPv6Address.is_private`
-* :attr:`ipaddress.IPv6Address.is_global`
-
-Also in the corresponding :class:`ipaddress.IPv4Network` and :class:`ipaddress.IPv6Network`
-attributes.

Misc/NEWS.d/next/Library/2024-07-27-16-10-41.gh-issue-121650.nf6oc9.rst

@@ -1,5 +0,0 @@
-:mod:`email` headers with embedded newlines are now quoted on output. The
-:mod:`~email.generator` will now refuse to serialize (write) headers that
-are unsafely folded or delimited; see
-:attr:`~email.policy.Policy.verify_generated_headers`. (Contributed by Bas
-Bloemsaat and Petr Viktorin in :gh:`121650`.)

Misc/NEWS.d/next/Library/2024-08-11-14-08-04.gh-issue-122905.7tDsxA.rst

@@ -1 +0,0 @@
-:class:`zipfile.Path` objects now sanitize names from the zipfile.

Misc/NEWS.d/next/Library/2024-08-16-19-13-21.gh-issue-123067.Nx9O4R.rst

@@ -1 +0,0 @@
-Fix quadratic complexity in parsing ``"``-quoted cookie values with backslashes by :mod:`http.cookies`.

Misc/NEWS.d/next/Library/2024-08-26-13-45-20.gh-issue-123270.gXHvNJ.rst

@@ -1,3 +0,0 @@
-Applied a more surgical fix for malformed payloads in :class:`zipfile.Path`
-causing infinite loops (gh-122905) without breaking contents using
-legitimate characters.

Misc/NEWS.d/next/Library/2024-09-04-14-05-02.gh-issue-123693.dNW1IF.rst

@@ -1 +0,0 @@
-Use platform-agnostic behavior when computing ``zipfile.Path.name``.

Misc/NEWS.d/next/Security/2024-03-27-13-50-02.gh-issue-116741.ZoGryG.rst

@@ -1 +0,0 @@
-Update bundled libexpat to 2.6.2

Misc/NEWS.d/next/Security/2024-05-01-20-57-09.gh-issue-118486.K44KJG.rst

@@ -1,4 +0,0 @@
-:func:`os.mkdir` on Windows now accepts *mode* of ``0o700`` to restrict
-the new directory to the current user. This fixes CVE-2024-4030
-affecting :func:`tempfile.mkdtemp` in scenarios where the base temporary
-directory is more permissive than the default.

Misc/NEWS.d/next/Security/2024-07-02-13-39-20.gh-issue-121285.hrl-yI.rst

@@ -1,2 +0,0 @@
-Remove backtracking from tarfile header parsing for ``hdrcharset``, PAX, and
-GNU sparse headers.

Misc/NEWS.d/next/Security/2024-07-22-13-11-28.gh-issue-122133.0mPeta.rst

@@ -1,5 +0,0 @@
-Authenticate the socket connection for the ``socket.socketpair()`` fallback
-on platforms where ``AF_UNIX`` is not available like Windows.
-
-Patch by Gregory P. Smith <greg@krypto.org> and Seth Larson <seth@python.org>. Reported by Ellie
-<el@horse64.org>

Misc/NEWS.d/next/Security/2024-07-22-13-14-38.gh-issue-121957.FYkcOt.rst

@@ -1,3 +0,0 @@
-Fixed missing audit events around interactive use of Python, now also
-properly firing for ``python -i``, as well as for ``python -m asyncio``. The
-event in question is ``cpython.run_stdin``.

Misc/NEWS.d/next/Security/2024-09-04-12-41-35.gh-issue-123678.N41y9n.rst

@@ -1 +0,0 @@
-Upgrade libexpat to 2.6.3

Misc/NEWS.d/next/Tests/2022-12-23-13-29-55.gh-issue-100454.3no0cW.rst

@@ -1 +0,0 @@
-Fix SSL tests CI for OpenSSL 3.1+

Misc/NEWS.d/next/Tests/2024-03-24-23-49-25.gh-issue-117187.eMLT5n.rst

@@ -1 +0,0 @@
-Fix XML tests for vanilla Expat <2.6.0.

Misc/NEWS.d/next/Tests/2024-05-25-17-06-01.gh-issue-112769.kdLJmS.rst

@@ -1,3 +0,0 @@
-The tests now correctly compare zlib version when
-:const:`zlib.ZLIB_RUNTIME_VERSION` contains non-integer suffixes. For
-example zlib-ng defines the version as ``1.3.0.zlib-ng``.

Misc/NEWS.d/next/Windows/2024-03-14-01-58-22.gh-issue-116773.H2UldY.rst

@@ -1 +0,0 @@
-Fix instances of ``<_overlapped.Overlapped object at 0xXXX> still has pending operation at deallocation, the process may crash``.

Misc/NEWS.d/next/Windows/2024-05-29-17-05-28.gh-issue-119690.U6RMtm.rst

@@ -1,2 +0,0 @@
-Fixes data type confusion in audit events raised by ``_winapi.CreateFile``
-and ``_winapi.CreateNamedPipe``.

README.rst

@@ -1,4 +1,4 @@
-This is Python version 3.10.14
+This is Python version 3.10.15
 ==============================
 
 .. image:: https://travis-ci.com/python/cpython.svg?branch=master