From 5de996a94f74a31132660238e3b11fd0e29c18fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim Rühsen?=
Date: Sun, 14 Aug 2016 21:04:58 +0200 Subject: [PATCH] Limit file mode to u=rw on temp. downloaded files * bootstrap.conf: Add gnulib modules fopen, open. * src/http.c (open_output_stream): Limit file mode to u=rw on temp. downloaded files. Reported-by: "Misra, Deapesh" --- bootstrap.conf | 2 ++ src/http.c | 13 ++++++++++++- 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/bootstrap.conf b/bootstrap.conf index 2b225b7..d9a5f90 100644 --- a/bootstrap.conf +++ b/bootstrap.conf @@ -40,6 +40,7 @@ dirname fcntl flock fnmatch +fopen futimens ftello getaddrinfo @@ -71,6 +72,7 @@ crypto/md5 crypto/sha1 crypto/sha256 crypto/sha512 +open quote quotearg recv diff --git a/src/http.c b/src/http.c index 56b8669..d463f29 100644 --- a/src/http.c +++ b/src/http.c @@ -39,6 +39,7 @@ as that of the covered work. */ #include