summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--Lib/distutils/config.py2
-rw-r--r--Misc/ACKS1
-rw-r--r--Misc/NEWS3
3 files changed, 5 insertions, 1 deletions
diff --git a/Lib/distutils/config.py b/Lib/distutils/config.py
index afa403f..9d8b30e 100644
--- a/Lib/distutils/config.py
+++ b/Lib/distutils/config.py
@@ -42,7 +42,7 @@ class PyPIRCCommand(Command):
def _store_pypirc(self, username, password):
"""Creates a default .pypirc file."""
rc = self._get_rc_file()
- f = open(rc, 'w')
+ f = os.fdopen(os.open(rc, os.O_CREAT | os.O_WRONLY, 0600), 'w')
try:
f.write(DEFAULT_PYPIRC % (username, password))
finally:
diff --git a/Misc/ACKS b/Misc/ACKS
index fed0553..548279a 100644
--- a/Misc/ACKS
+++ b/Misc/ACKS
@@ -412,6 +412,7 @@ Bill Janssen
Thomas Jarosch
Drew Jenkins
Flemming Kjær Jensen
+Philip Jenvey
Jiba
Orjan Johansen
Fredrik Johansson
diff --git a/Misc/NEWS b/Misc/NEWS
index 063a6db..baea13a 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -14,6 +14,9 @@ Core and Builtins
longer raised due to a read system call returning EINTR from within these
methods.
+- Issue #13512: Create ~/.pypirc securely (CVE-2011-4944). Initial patch by
+ Philip Jenvey, tested by Mageia and Debian.
+
- Issue #7719: Make distutils ignore ``.nfs*`` files instead of choking later
on. Initial patch by SilentGhost and Jeff Ramnani.
generated by cgit v0.12 at 2025-02-28 09:40:13 (GMT)