diff options
| -rw-r--r-- | Lib/distutils/config.py | 11 | ||||
| -rw-r--r-- | Misc/ACKS | 1 | ||||
| -rw-r--r-- | Misc/NEWS | 3 |
3 files changed, 5 insertions, 10 deletions
diff --git a/Lib/distutils/config.py b/Lib/distutils/config.py index 5b625f3..1fd5334 100644 --- a/Lib/distutils/config.py +++ b/Lib/distutils/config.py @@ -4,7 +4,6 @@ Provides the PyPIRCCommand class, the base class for the command classes that uses .pypirc in the distutils.command package. """ import os -import sys from configparser import ConfigParser from distutils.cmd import Command @@ -43,16 +42,8 @@ class PyPIRCCommand(Command): def _store_pypirc(self, username, password): """Creates a default .pypirc file.""" rc = self._get_rc_file() - f = open(rc, 'w') - try: + with os.fdopen(os.open(rc, os.O_CREAT | os.O_WRONLY, 0o600), 'w') as f: f.write(DEFAULT_PYPIRC % (username, password)) - finally: - f.close() - try: - os.chmod(rc, 0o600) - except OSError: - # should do something better here - pass def _read_pypirc(self): """Reads the .pypirc file.""" @@ -512,6 +512,7 @@ Zbyszek Jędrzejewski-Szmek Drew Jenkins Flemming Kjær Jensen Philip H. Jensen +Philip Jenvey MunSic Jeong Chris Jerdonek Pedro Diaz Jimenez @@ -177,6 +177,9 @@ Library - Issue #16628: Fix a memory leak in ctypes.resize(). +- Issue #13512: Create ~/.pypirc securely (CVE-2011-4944). Initial patch by + Philip Jenvey, tested by Mageia and Debian. + - Issue #7719: Make distutils ignore ``.nfs*`` files instead of choking later on. Initial patch by SilentGhost and Jeff Ramnani. |