ActivePython

HeartBleed vulnerability and ActivePython

Question: 

Is my Community/Business/Enterprise Edition version of ActivePython vulnerable to HeartBleed?

Answer: 

No Enterprise versions of ActivePython are vulnerable.

No Community/Business Edition versions of ActivePython 2.x and no Community/Business Edition versions of ActivePython 3.0, 3.1, and 3.2 are vulnerable to HeartBleed.

Only Community/Business Edition ActivePython 3.3.2.0 and 3.3.4.1 are vulnerable.

Mitigation methods will be posted here when they are available.

ActivePython CVE-2012-5379 Insecure File Permissions Vulnerability

Question: 

We have read the Security alert for CVE-2012-5379, and would like more information.

Answer: 

This is not a new issue, and it's not really an ActivePython issue. This vulnerability is a member of a class of vulnerabilities that apply to any software which needs to have a user-writable directory on $PATH. It has been a security concern on Windows for as long as software has been avoiding dll conflicts by using custom library paths.

It is already possible to mitigate the vulnerability by choosing to override the default install path and install to one of the various protected program files silos that newer versions of Windows offer. We don't do this as the default because ActivePython has a long legacy of scripts and modules which do not handle spaces in the pathname.

It is also possible to migate the vulnerability on an inplace install. This powershell script will copy the permissions to the Python directory (replace with your directory name, as installed):

powershell -command "(Get-Item 'C:\Program Files').GetAccessControl('Access') | set-acl 'C:\Python'"

Be advised that protecting Python from this vulnerability *will* result in reduced functionality. With altered acls, PyPM will be unable to manage modules unless it is run with elevated priviledges. If you are using virtualenv, you will not be fully protected from this vulnerability unless you protect your virtualenv directory as well.

Powershell is included in Windows 7. With older versions, you may be able to download.

How do I revert to MacPython from ActivePython?

Question: 

I had MacPython installed, then the ActivePython installer had me move it out of the way. I want to go back to MacPython. How do I do that?

Answer: 

There are three popular Python distributions for Mac OS X.

There is the pre-installed distribution that ships as /usr/bin/python and has its frameworks in /System/Library/Frameworks.

There is also MacPython, the Python distribution from the macpython.org guys (and
pointed to by python.org). This is a 3rd-party Python distro. This installs as
/usr/local/bin/python with its frameworks in /Library/Frameworks.

Then there is ActivePython, our distribution. This also installs as /usr/local/bin/python with its frameworks in /Library/Frameworks -- the same location as MacPython. When ActivePython is being installed the installer will look for MacPython and prompt to move it out of the way, rather than overwrite it. Because of the way Mac OS X works you can only have one of MacPython or ActivePython as the "current" python at a time.

The ActivePython install notes show how to uninstall ActivePython:

http://docs.activestate.com/activepython/2.6/installnotes.html#osxpkg_uninstall

Note that this will not restore the MacPython install (it is still
there, just moved to the side). That same "pydistro.py" script used to
uninstall also has the ability to restore the MacPython install, but it
is a little bit of a chicken and egg problem because uninstall
ActivePython will uninstall "pydistro.py".

Solution:

- copy pydistro.py to a safe place (say ~/tmp), then run this to
uninstall ActivePython

sudo /usr/bin/python pydistro.py activepython_uninstall 2.4

- then this to restore MacPython
sudo /usr/bin/python pydistro.py macpython_restore 2.4

That should work, but isn't too heavily tested.

OR:

Just re-install MacPython from its original installer package.

What version of ActivePython will work with my Mac with an Intel processor?

Question: 

What version of ActivePython will work with my Mac with an Intel processor?

Answer: 

The first version of ActivePython to be built natively for Intel Macs was ActivePython 2.4.2.10. Versions before this version were built specifically for PowerPC-based Macs. It may be possible to run the PowerPC version on the Intel Macs, taking advantage of the PowerPC emulation layer in OS X; however, this tends to be quite slow. Therefore, we recommend only using the Intel-specific builds of ActivePython 2.4.2.10 or higher on an Intel Mac.

For each build of ActivePython 2.4.2.10 and higher there are two files. One file specifies macosx-powerpc, and is of course the build for PowerPC-based Mac OS X systems. The other file specifies macosx-x86, and is the correct package to install on your Intel Mac.

Where can I get past versions of ActivePython?

Question: 

Where can I get past versions of ActivePython? Is there an ftp server for ActivePython?

Answer: 

Recent past versions of ActiveState Community Edition products are available from our downloads repository via the web at:

http://downloads.activestate.com/

Version of ActiveState Products which have aged out of Community Edition are still available, but now require a Business Edition license. If you have a Business Edition license, the products to which your license applies become available from your "My Account" page on our site.
http://www.activestate.com/business-edition

There is no ftp server.

What is the ECCN for ActivePython?

Question: 

What is the Export Control Classification Number for ActivePython?

Answer: 

The Export Control Classification Number for ActivePython is EAR99 (self-classified). For a brief description of EAR99 and information on the difference between EAR99 and NLR (No License Required), see:

http://www.census.gov/foreign-trade/faq/reg/reg0031.html

Why don't ActivePython 2.4 and earlier support SSL?

Question: 

ActivePython 2.4 and earlier do not include SSL support. Why is this, and how can I add it?

Answer: 

*Note*: As of ActivePython 2.5 full SSL support is included.

Here is an answer on python-list while discussing the differences between ActivePython and python.org's Python:

http://mail.python.org/pipermail/python-list/2005-December/315754.html

As Neil pointed out, ActivePython does not currently have SSL
bindings (the _ssl module) that python.org's Python builds do. We
are currently going through the legal hurdles so that we can
include those. I expect that by or before the Python 2.5
timeframe we'll have _ssl in ActivePython.

In the meantime just plopping in the _ssl.pyd or _ssl.so from either python.org's build or from your own build into ActivePython's lib-dynload directory will work to get ActivePython talking SSL.

Why doesn't ActivePython use GNU readline?

Question: 

Why doesn't ActivePython use GNU readline? Why doesn't my up-arrow key recall past commands?

Answer: 

If you've used a Python.org build of Python before starting to use ActivePython, you may have grown fond of the command history and editing provided by the use of libreadline. Where Python.org Python gives you the last line you entered when you hit up-arrow, ActivePython gives you ^[[A.

ActivePython includes a package manager called PyPM using which you may install readline to make the arrow keys work:

$ pypm install readline

We do not include readline by default in the ActivePython distribution due to licensing restrictions.

What compilers are used to compile ActivePython?

Question: 

What compilers are used to compile ActivePython? Why?

Answer: 

We base our compiler choice on the lead set by the Python.org distributions for the language. That way we keep binary compatibility with extensions for the Python.org distribution. Our choice of build environment will continue to follow the lead of the community to ensure this compatibility remains.

On Windows, we use:
Visual Studio 6 for Python 2.3
Visual Studio 7 for Python 2.4
Visual Studio .NET 2003 (7.1) for Python 2.5
and Visual Studio 9.0 for Python 2.6 and higher

There was a thread on the Python-Dev mailing list about switching build environments to VS2005. After some back-and-forth, this message told at least part of the story why changes only happen at major version boundaries.

For Pythons on Linux, we use:
gcc 4.0.2

For Pythons on OS X, we use:
gcc 4.2.1

ActivePython blurb

ActivePython is ActiveState's award-winning distribution of Python, available for Windows, Mac OS X, Linux, Solaris, HP-UX, and AIX. ActivePython for Windows also includes the PyWin32 extensions.

Quick links: