Create ~/.pypirc securely (#13512).

There was a window between the write and the chmod where the user’s password would be exposed, depending on default permissions. Philip Jenvey’s patch fixes it.
author: Éric Araujo <aeric@mtlpy.org> 2012-12-08 19:51:47 (GMT)
committer: Éric Araujo <aeric@mtlpy.org> 2012-12-08 19:51:47 (GMT)
commit: d61926e6bef6c4d8105a2848362377dce91d7fc8 (patch)
tree: 086c3eb21955cb14a46cd0f8a14bb8bbaa0b5fd7 /Misc
parent: 3e4a3dcb23d849fa0ce5f5009e83606abaef15aa (diff)
download: cpython-d61926e6bef6c4d8105a2848362377dce91d7fc8.zip
cpython-d61926e6bef6c4d8105a2848362377dce91d7fc8.tar.gz
cpython-d61926e6bef6c4d8105a2848362377dce91d7fc8.tar.bz2
2 files changed, 4 insertions, 0 deletions
diff --git a/Misc/ACKS b/Misc/ACKS
index 9e662f6..0567069 100644
--- a/Misc/ACKS
+++ b/Misc/ACKS
@@ -512,6 +512,7 @@ Zbyszek Jędrzejewski-Szmek
 Drew Jenkins
 Flemming Kjær Jensen
 Philip H. Jensen
+Philip Jenvey
 MunSic Jeong
 Chris Jerdonek
 Pedro Diaz Jimenez
diff --git a/Misc/NEWS b/Misc/NEWS
index 02e4d48..3adc531 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -177,6 +177,9 @@ Library
 
 - Issue #16628: Fix a memory leak in ctypes.resize().
 
+- Issue #13512: Create ~/.pypirc securely (CVE-2011-4944).  Initial patch by
+  Philip Jenvey, tested by Mageia and Debian.
+
 - Issue #7719: Make distutils ignore ``.nfs*`` files instead of choking later
   on.  Initial patch by SilentGhost and Jeff Ramnani.
author	Éric Araujo <aeric@mtlpy.org>	2012-12-08 19:51:47 (GMT)
committer	Éric Araujo <aeric@mtlpy.org>	2012-12-08 19:51:47 (GMT)
commit	d61926e6bef6c4d8105a2848362377dce91d7fc8 (patch)
tree	086c3eb21955cb14a46cd0f8a14bb8bbaa0b5fd7 /Misc
parent	3e4a3dcb23d849fa0ce5f5009e83606abaef15aa (diff)
download	cpython-d61926e6bef6c4d8105a2848362377dce91d7fc8.zip cpython-d61926e6bef6c4d8105a2848362377dce91d7fc8.tar.gz cpython-d61926e6bef6c4d8105a2848362377dce91d7fc8.tar.bz2