Log message:
python310 py310-html-docs: updated to 3.10.16

Python 3.10.16

Tests

gh-125041: Re-enable skipped tests for zlib on the s390x architecture: only skip \ 
checks of the compressed bytes, which can be different between zlib’s software \ 
implementation and the hardware-accelerated implementation.
gh-109396: Fix test_socket.test_hmac_sha1() in FIPS mode. Use a longer key: FIPS \ 
mode requires at least of at least 112 bits. The previous key was only 32 bits. \ 
Patch by Victor Stinner.

Security

gh-126623: Upgrade libexpat to 2.6.4
gh-122792: Changed IPv4-mapped ipaddress.IPv6Address to consistently use the \ 
mapped IPv4 address value for deciding properties. Properties which have their \ 
behavior fixed are is_multicast, is_reserved, is_link_local, is_global, and \ 
is_unspecified.

Library

gh-124651: Properly quote template strings in venv activation scripts.
gh-103848: Add checks to ensure that [ bracketed ] hosts found by \ 
urllib.parse.urlsplit() are of IPv6 or IPvFuture format.

Log message:
*: recursive bump for icu 76 shlib major version bump

Log message:
*: revbump for icu downgrade

Log message:
*: recursive bump for icu 76.1 shlib bump

Log message:
revbump after icu and protobuf updates

Log message:
python310 py310-html-docs: updated to 3.10.14

Python 3.10.14

Security

gh-115398: Allow controlling Expat >=2.6.0 reparse deferral (CVE-2023-52425) \ 
by adding five new methods:
xml.etree.ElementTree.XMLParser.flush()
xml.etree.ElementTree.XMLPullParser.flush()
xml.parsers.expat.xmlparser.GetReparseDeferralEnabled()
xml.parsers.expat.xmlparser.SetReparseDeferralEnabled()
xml.sax.expatreader.ExpatParser.flush()
gh-115399: Update bundled libexpat to 2.6.0
gh-114572: ssl.SSLContext.cert_store_stats() and ssl.SSLContext.get_ca_certs() \ 
now correctly lock access to the certificate store, when the ssl.SSLContext is \ 
shared across multiple threads.
gh-113659: Skip .pth files with names starting with a dot or hidden file attribute.

Core and Builtins

gh-102388: Fix a bug where iso2022_jp_3 and iso2022_jp_2004 codecs read out of bounds

Library

gh-115197: urllib.request no longer resolves the hostname before checking it \ 
against the system’s proxy bypass list on macOS and Windows.
gh-115133: Fix tests for XMLPullParser with Expat 2.6.0.
gh-81194: Fix a crash in socket.if_indextoname() with specific value (UINT_MAX). \ 
Fix an integer overflow in socket.if_indextoname() on 64-bit non-Windows \ 
platforms.
gh-109858: Protect zipfile from “quoted-overlap” zipbomb. It now raises \ 
BadZipFile when try to read an entry that overlaps with other entry or central \ 
directory.
gh-91133: Fix a bug in tempfile.TemporaryDirectory cleanup, which now no longer \ 
dereferences symlinks when working around file system permission errors.

Documentation

gh-115399: Document CVE-2023-52425 of Expat <2.6.0 under “XML \ 
vulnerabilities”.

Windows

gh-111239: Update Windows builds to use zlib v1.3.1.
gh-109991: Windows builds now use OpenSSL 1.1.1w. Note that OpenSSL 1.1 has \ 
reached its end of life and no future fixes will be made, and this version of \ 
Python is no longer receiving maintenance fixes and will not be updated to \ 
OpenSSL 3.0.

Tools/Demos

gh-109991: Update GitHub CI workflows to use OpenSSL 3.0.11 and multissltests to \ 
use 1.1.1w, 3.0.11, and 3.1.3.

Log message:
python39 python310: fix build on Darwin

Log message:
lang/python3*: Fix cross-build by patching out broken readline crud.

Python's setup.py tries to decide whether readline is available by
running readelf on the path it thinks it can find to libreadline.so.
Since we always use a single static readline/curses choice in Pythin
(readline, not editline, with (fake-)ncurses), just patch all that
buggy detection goo away.

No new maintenance burden because this logic has been ripped out of
Python 3.12 anyway.  Python 3.8 skipped for now because it doesn't
cross-build at the moment anyway -- more work needed to make that
happen (and it's not as easy as Python>=3.9 as I recall).