Create ~/.pypirc securely (#13512). There was a window between the write and the chmod where the user’s password would be exposed, depending on default permissions. Philip Jenvey’s patch fixes it.

commit: e5567ccc863cadb68f5e57a2760e021e0d3807cf [log] [tgz]
author: Éric Araujo <merwok@netwok.org> Tue Jul 03 01:23:46 2012 -0400
committer: Éric Araujo <merwok@netwok.org> Tue Jul 03 01:23:46 2012 -0400
tree: 9fd8efdce5aa24773b4aa1682b3f1204cef1b524
parent: 9e06e37be0afb8503da29c72b19179e3da25fb87 [diff] [blame]
diff --git a/Misc/NEWS b/Misc/NEWS
index 063a6db..baea13a 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS

@@ -14,6 +14,9 @@
   longer raised due to a read system call returning EINTR from within these
   methods.
 
+- Issue #13512: Create ~/.pypirc securely (CVE-2011-4944).  Initial patch by
+  Philip Jenvey, tested by Mageia and Debian.
+
 - Issue #7719: Make distutils ignore ``.nfs*`` files instead of choking later
   on.  Initial patch by SilentGhost and Jeff Ramnani.
commit	e5567ccc863cadb68f5e57a2760e021e0d3807cf	[log] [tgz]
author	Éric Araujo <merwok@netwok.org>	Tue Jul 03 01:23:46 2012 -0400
committer	Éric Araujo <merwok@netwok.org>	Tue Jul 03 01:23:46 2012 -0400
tree	9fd8efdce5aa24773b4aa1682b3f1204cef1b524
parent	9e06e37be0afb8503da29c72b19179e3da25fb87 [diff] [blame]