Is my Community/Business/Enterprise Edition version of ActivePython vulnerable to HeartBleed?
No Enterprise versions of ActivePython are vulnerable.
No Community/Business Edition versions of ActivePython 2.x and no Community/Business Edition versions of ActivePython 3.0, 3.1, and 3.2 are vulnerable to HeartBleed.
Only Community/Business Edition ActivePython 220.127.116.11 and 18.104.22.168 are vulnerable.
Mitigation methods will be posted here when they are available.
We have read the Security alert for CVE-2012-5379, and would like more information.
This is not a new issue, and it's not really an ActivePython issue. This vulnerability is a member of a class of vulnerabilities that apply to any software which needs to have a user-writable directory on $PATH. It has been a security concern on Windows for as long as software has been avoiding dll conflicts by using custom library paths.
It is already possible to mitigate the vulnerability by choosing to override the default install path and install to one of the various protected program files silos that newer versions of Windows offer. We don't do this as the default because ActivePython has a long legacy of scripts and modules which do not handle spaces in the pathname.
It is also possible to migate the vulnerability on an inplace install. This powershell script will copy the permissions to the Python directory (replace with your directory name, as installed):
powershell -command "(Get-Item 'C:\Program Files').GetAccessControl('Access') | set-acl 'C:\Python'"
Be advised that protecting Python from this vulnerability *will* result in reduced functionality. With altered acls, PyPM will be unable to manage modules unless it is run with elevated priviledges. If you are using virtualenv, you will not be fully protected from this vulnerability unless you protect your virtualenv directory as well.
Powershell is included in Windows 7. With older versions, you may be able to download.
I had MacPython installed, then the ActivePython installer had me move it out of the way. I want to go back to MacPython. How do I do that?
There are three popular Python distributions for Mac OS X.
There is the pre-installed distribution that ships as /usr/bin/python and has its frameworks in /System/Library/Frameworks.
There is also MacPython, the Python distribution from the macpython.org guys (and
pointed to by python.org). This is a 3rd-party Python distro. This installs as
/usr/local/bin/python with its frameworks in /Library/Frameworks.
Then there is ActivePython, our distribution. This also installs as /usr/local/bin/python with its frameworks in /Library/Frameworks -- the same location as MacPython. When ActivePython is being installed the installer will look for MacPython and prompt to move it out of the way, rather than overwrite it. Because of the way Mac OS X works you can only have one of MacPython or ActivePython as the "current" python at a time.
The ActivePython install notes show how to uninstall ActivePython:
Note that this will not restore the MacPython install (it is still
there, just moved to the side). That same "pydistro.py" script used to
uninstall also has the ability to restore the MacPython install, but it
is a little bit of a chicken and egg problem because uninstall
ActivePython will uninstall "pydistro.py".
- copy pydistro.py to a safe place (say ~/tmp), then run this to
sudo /usr/bin/python pydistro.py activepython_uninstall 2.4
- then this to restore MacPython
sudo /usr/bin/python pydistro.py macpython_restore 2.4
That should work, but isn't too heavily tested.
Just re-install MacPython from its original installer package.
What version of ActivePython will work with my Mac with an Intel processor?
The first version of ActivePython to be built natively for Intel Macs was ActivePython 22.214.171.124. Versions before this version were built specifically for PowerPC-based Macs. It may be possible to run the PowerPC version on the Intel Macs, taking advantage of the PowerPC emulation layer in OS X; however, this tends to be quite slow. Therefore, we recommend only using the Intel-specific builds of ActivePython 126.96.36.199 or higher on an Intel Mac.
For each build of ActivePython 188.8.131.52 and higher there are two files. One file specifies
macosx-powerpc, and is of course the build for PowerPC-based Mac OS X systems. The other file specifies
macosx-x86, and is the correct package to install on your Intel Mac.
Where can I get past versions of ActivePython? Is there an ftp server for ActivePython?
Recent past versions of ActiveState Community Edition products are available from our downloads repository via the web at:
Version of ActiveState Products which have aged out of Community Edition are still available, but now require a Business Edition license. If you have a Business Edition license, the products to which your license applies become available from your "My Account" page on our site.
There is no ftp server.
What is the Export Control Classification Number for ActivePython?
The Export Control Classification Number for ActivePython is EAR99 (self-classified). For a brief description of EAR99 and information on the difference between EAR99 and NLR (No License Required), see:
ActivePython 2.4 and earlier do not include SSL support. Why is this, and how can I add it?
*Note*: As of ActivePython 2.5 full SSL support is included.
Here is an answer on python-list while discussing the differences between ActivePython and python.org's Python:
As Neil pointed out, ActivePython does not currently have SSL
bindings (the _ssl module) that python.org's Python builds do. We
are currently going through the legal hurdles so that we can
include those. I expect that by or before the Python 2.5
timeframe we'll have _ssl in ActivePython.
In the meantime just plopping in the
_ssl.so from either python.org's build or from your own build into ActivePython's
lib-dynload directory will work to get ActivePython talking SSL.
Why doesn't ActivePython use GNU readline? Why doesn't my up-arrow key recall past commands?
If you've used a Python.org build of Python before starting to use ActivePython, you may have grown fond of the command history and editing provided by the use of libreadline. Where Python.org Python gives you the last line you entered when you hit up-arrow, ActivePython gives you ^[[A.
ActivePython includes a package manager called PyPM using which you may install readline to make the arrow keys work:
$ pypm install readline
We do not include readline by default in the ActivePython distribution due to licensing restrictions.
What compilers are used to compile ActivePython? Why?
We base our compiler choice on the lead set by the Python.org distributions for the language. That way we keep binary compatibility with extensions for the Python.org distribution. Our choice of build environment will continue to follow the lead of the community to ensure this compatibility remains.
On Windows, we use:
Visual Studio 6 for Python 2.3
Visual Studio 7 for Python 2.4
Visual Studio .NET 2003 (7.1) for Python 2.5
and Visual Studio 9.0 for Python 2.6 and higher
There was a thread on the Python-Dev mailing list about switching build environments to VS2005. After some back-and-forth, this message told at least part of the story why changes only happen at major version boundaries.
For Pythons on Linux, we use:
For Pythons on OS X, we use:
ActivePython is ActiveState's award-winning distribution of Python, available for Windows, Mac OS X, Linux, Solaris, HP-UX, and AIX. ActivePython for Windows also includes the PyWin32 extensions.