RHSA-2015:1330 Moderate: python security, bug fix and enhancement update

Updated 21 Jul 2015

Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme, or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC).

This update fixes the following bugs:

The fileobject.c file previously used a 32-bit (2147483647) value for the INT_MAX variable. Consequently, iteration over files bigger than 2147483647 bytes failed with exception. With this update, the Py_ssize_t value is used instead of INT_MAX as it has the same size as the compiler size_t type. As a result, iteration over large files now proceeds successfully. (This content is not included.BZ#794632)
Previously, setting up one's own SIGCHLD handler broke the communicate() function, which caused the subprocess.communicate() function return an OSError exception. This fix makes subprocess.communicate() aware of its own SIGCHLD handlers, and subproccess.communicate() thus no longer fails with OSError when one's own SIGCHLD handler is used. (This content is not included.BZ#1065537)
The subprocess.Popen.communicate() function previously did not catch the EINTR error if it was called without timeout and if there was only one PIPE involved (stdout or stderr). As a consequence, subprocess.Popen.communicate() failed with IOError exception. This update makes subprocess.Popen.communicate() handle EINTR errors if the process has only one pipe, thus fixing this bug. (This content is not included.BZ#1073165)
Prior to this update, when the cProfile module was used with no value for the "-s" option, cProfile failed, outputting a vague error message. With this update, cProfile returns an informative error message listing all values which "-s" supports, thus fixing this bug. (This content is not included.BZ#1160640)
When multiple signals were received on the same process, the BaseManager class previously terminated unexpectedly. This update modifies the multiprocessing module so that its methods ignore the EINTR Interrupted function call, and BaseManager now handles receiving multiple signals successfully. (This content is not included.BZ#1180864)
Previously, the python packages lacked the provides for the python-ordereddict packages. As a consequence, python attempted to install the ordereddict packages if python-ordereddict was required instead of using the packages bundled in python. This fix adds provides for python-ordereddict, and if any packages require python-ordereddict, these packages are now provided by the python standard library. (This content is not included.BZ#1199997)
Errors previously occurred when multiprocessing was not fully loaded while logging. Consequently, the logging module failed with an error if the multiprocessing module was not finished loading when the logging.log() function was called. This update checks whether multiprocessing is fully loaded, and errors are no longer returned in this scenario. (This content is not included.BZ#1204966)
When using the deepcopy() function on instance methods, python previously returned a TypeError exception, which led to a failure to create a copy. With this update, deepcopy() takes shallow copies of functions and classes, and is thus usable on instance methods. (This content is not included.BZ#1223037)

In addition, this update adds the following enhancement:

With this update, ConfigParser handles reading configuration files with options without values gracefully. (This content is not included.BZ#1031709)

All python users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement.

Product(s)

Red Hat Enterprise Linux

Category

Upgrade

Components

python

Article Type

General