Package: python2.7
Version: 2.7.3~rc2-2.1
Severity: serious
Justification: http://release.debian.org/wheezy/rc_policy.txt
Filing as serious due to the RC team criteria of:
* makes unrelated software on the system (or the whole system)
break
In this case, the python logging module in 2.7.3~rc2 incorrectly adds a byte
order mark (BOM) to UTF-8 data sent to syslog. So if an application written
in Python sends UTF-8 data to syslog, it will be corrupted.
This was first reported in Ubuntu:
https://bugs.launchpad.net/ubuntu/+source/python2.7/+bug/1029640/
The reduced test case from the Ubuntu bug to demonstrate this problem is:
#! /usr/bin/python2.7
import logging
from logging.handlers import SysLogHandler
# our new audit level
# NOTE(jkoelker) Since we synthesized an audit level, make the logging
# module aware of it so it acts like other levels.
logging.AUDIT = logging.INFO + 1
logging.addLevelName(logging.AUDIT, 'AUDIT')
logger = logging.getLogger()
logger.setLevel(logging.INFO)
facility = getattr(logging.handlers.SysLogHandler, 'LOG_SYSLOG', None)
syslog = logging.handlers.SysLogHandler(address='/dev/log', facility=facility)
formatter = logging.Formatter('%(name)s: %(levelname)s: %(message)s')
syslog.setFormatter(formatter)
logger.addHandler(syslog)
# 'application' code
msg = unicode("TEST LOGGER FROM PYTHON", "utf-8")
logger.log(logging.AUDIT, msg)
--------- end code --------
That will produce a log line like:
Jul 27 13:52:04 mc root: #277root: AUDIT: TEST LOGGER FROM PYTHON
The output should be:
Jul 27 13:52:04 mc root: AUDIT: TEST LOGGER FROM PYTHON
Given the number of scripts used to post-process syslog logs, the potential
impact of unexpected characters like that in logs isn't easily assessed, but
in any case, since logging is syslog's primary function, I think that causing
corrupt logs counts as breaking it.
This is already fixed in Unstable.
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 3.2.0-27-generic-pae (SMP w/4 CPU cores)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)
Shell: /bin/sh linked to /bin/dash
Versions of packages python2.7 depends on:
ii libbz2-1.0 1.0.6-1
ii libc6 2.13-30
ii libdb5.1 5.1.29-1
ii libexpat1 2.1.0-1
ii libgcc1 1:4.7.0-3
ii libncursesw5 5.9-6
ii libreadline6 6.2-8
ii libsqlite3-0 3.7.11-2
ii libtinfo5 5.9-6
ii mime-support 3.52-1
ii python2.7-minimal 2.7.3~rc2-2.1
python2.7 recommends no packages.
Versions of packages python2.7 suggests:
ii binutils 2.22-6
pn python2.7-doc <none>
-- no debconf information
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
