- Previously, applying the python-2.6.5-ctypes-noexecmem patch caused the ctypes.CFUNCTYPE() function to allocate memory in order to avoid running the process in a SELinux domain with the execmem permission. When this allocation process forked without using the exec() function (for example in a multi-processing module), the state of the allocator was shared between parent and child processes. This shared state caused unpredictable interactions between the processes, potentially leading to segmentation faults or lack of termination of a multiprocessing workload. With this update, python-2.6.5-ctypes-noexecmem has been reverted, and the unpredictable behavior no longer occurs. In addition, Python programs are now required to run within a SELinux domain with execmem permissions.
- Prior to this update, any usage of the ctypes module (such as via the "uuid" module used by the Django application framework) triggered the ctypes.CFUNCTYPE() function on module import. Consequently, if the process was missing SELinux permissions, AVC denial messages were returned. This bug has been fixed, and SELinux permissions are now required only in relevant cases of ctypes usage, such as passing a Python callable to a C callback.
- BZ#810847, BZ#841748
- In certain cases, enabled C-level assertions caused the python library to fail when building valid Python code. Consequently, code containing four or more nested "IF" statements within a list comprehension or generator expression failed to compile. Moreover, an error occurred when formatting certain numpy objects. With this update, the C-level assertions have been deactivated and the aforementioned problems no longer occur.
- As part of the fix for CVE-2012-0876, a new symbol ("XML_SetHashSalt") was added to the system libexpat library, which Python standard library uses in the pyexpat module. If an unpatched libexpat.so.1 was present in a directory listed in LD_LIBRARY_PATH, then attempts to use the pyexpat module (for example from yum) would fail with an ImportError exception. This update adds an RPATH directive to pyexpat to ensure that libexpat is used by pyexpat, regardless of whether there is an unpatched libexpat within the LD_LIBRARY_PATH, thus preventing the ImportError exception.
- Due to a bug in the Python logging module, the SysLogHandler class continued to send log message against a closed connection. Consequently, an infinite loop occurred when SysLogHandler was used together with the Eventlet library. The bug has been fixed, and the described issue no longer occurs.