python-2.6.6-52.0.1.AXS4

Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems (X11, Motif, Tk, Mac and MFC).

Programmers can write new built-in modules for Python in C or C++. Python can be used as an extension language for applications that need a programmable interface. This package contains most of the standard Python modules, as well as modules for interfacing to the Tix widget set for Tk and RPM.

Note that documentation for Python is provided in the python-docs package.

Security issues fixed with this release:

• CVE-2013-4238
The ssl.match_hostname function in the SSL module in Python 2.6 through 3.4 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

Fixed bug:

• Fixed some dependencies problems on x86_64.

• Previously, many Python executables from python-tools started with the #!/usr/bin/env python shebang, which made installing and using alternative Python versions complicated. This has been fixed and the shebang has been changed to #!/usr/bin/python.

• Previously, an insert statement in the Turkish locale was not accepted in the sqlite3.Cursor.lastrowid object which led to an installation failure when selecting Turkish in the graphical installer. This has been fixed.

• Removed a UTF-8 BOM (byte order mark) insertion code from SysLogHandler that caused messages to be treated as EMERG level and therefore to be displayed on all user consoles.

• Previously, if the /dev/urandom file did not exist, the random.py script failed to import the random module and other programs would crash. This has been fixed.

• Previously, rotating to a new log file failed because the WatchedFileHandler class could not handle a race condition. This has been fixed.

• Fixed the handling of Alternative Subject Names so that false authentication errors no longer occur when reading Alternative Subject Names from certain SSL certificates.

• Previously, some HTTP servers would crash because the SocketServer module did not handle the system call interruption properly. This has been fixed.

• Previously, the Eventlet library would crash when passing the timeout=None argument to the subprocess.Popen() function. This has been fixed.

• Previously, failed incoming SSL connections remained open forever on Python 2 versions. This has been fixed.

• Previously, if multiple libexpat.so libraries were available, Python failed to choose the correct one. This has been fixed. by adding an explicit RPATH to the _elementtree.so.

• Fixed the urlparse module parsing of the query and fragment parts of URLs for arbitrary XML schemes.

Enhancement

• Added the collections.OrderedDict data structure to the collections package: it is used in application code to make sure that the in-memory python dictionaries are emitted in the same order when converted to a string by the json.dumps routines.