You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ic...@apache.org on 2019/03/26 10:57:51 UTC
svn commit: r1856297 - in /httpd/httpd/trunk: CHANGES modules/md/md_util.c
modules/md/md_version.h
Author: icing
Date: Tue Mar 26 10:57:51 2019
New Revision: 1856297
URL: http://svn.apache.org/viewvc?rev=1856297&view=rev
Log:
*) mod_md: Store permissions are enforced on file creation, enforcing restrictions in
spite of umask. Fixes <https://github.com/icing/mod_md/issues/117>. [Stefan Eissing]
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/md/md_util.c
httpd/httpd/trunk/modules/md/md_version.h
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1856297&r1=1856296&r2=1856297&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Tue Mar 26 10:57:51 2019
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.1
+ *) mod_md: Store permissions are enforced on file creation, enforcing restrictions in
+ spite of umask. Fixes <https://github.com/icing/mod_md/issues/117>. [Stefan Eissing]
+
*) mod_ssl: Correctly restore SSL verify state after TLSv1.3 PHA failure.
[Michael Kaufmann <mail michael-kaufmann.ch>]
Modified: httpd/httpd/trunk/modules/md/md_util.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/md_util.c?rev=1856297&r1=1856296&r2=1856297&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/md/md_util.c (original)
+++ httpd/httpd/trunk/modules/md/md_util.c Tue Mar 26 10:57:51 2019
@@ -194,8 +194,20 @@ apr_status_t md_util_fopen(FILE **pf, co
apr_status_t md_util_fcreatex(apr_file_t **pf, const char *fn,
apr_fileperms_t perms, apr_pool_t *p)
{
- return apr_file_open(pf, fn, (APR_FOPEN_WRITE|APR_FOPEN_CREATE|APR_FOPEN_EXCL),
- perms, p);
+ apr_status_t rv;
+ rv = apr_file_open(pf, fn, (APR_FOPEN_WRITE|APR_FOPEN_CREATE|APR_FOPEN_EXCL),
+ perms, p);
+ if (APR_SUCCESS == rv) {
+ /* See <https://github.com/icing/mod_md/issues/117>
+ * Some people set umask 007 to deny all world read/writability to files
+ * created by apache. While this is a noble effort, we need the store files
+ * to have the permissions as specified. */
+ rv = apr_file_perms_set(fn, perms);
+ if (APR_STATUS_IS_ENOTIMPL(rv)) {
+ rv = APR_SUCCESS;
+ }
+ }
+ return rv;
}
apr_status_t md_util_is_dir(const char *path, apr_pool_t *pool)
@@ -312,13 +324,6 @@ apr_status_t md_text_fcreatex(const char
if (APR_SUCCESS == rv) {
rv = write_text((void*)text, f, p);
apr_file_close(f);
- /* See <https://github.com/icing/mod_md/issues/117>: when a umask
- * is set, files need to be assigned permissions explicitly.
- * Otherwise, as in the issues reported, it will break our access model. */
- rv = apr_file_perms_set(fpath, perms);
- if (APR_STATUS_IS_ENOTIMPL(rv)) {
- rv = APR_SUCCESS;
- }
}
return rv;
}
Modified: httpd/httpd/trunk/modules/md/md_version.h
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/md/md_version.h?rev=1856297&r1=1856296&r2=1856297&view=diff
==============================================================================
--- httpd/httpd/trunk/modules/md/md_version.h (original)
+++ httpd/httpd/trunk/modules/md/md_version.h Tue Mar 26 10:57:51 2019
@@ -27,7 +27,7 @@
* @macro
* Version number of the md module as c string
*/
-#define MOD_MD_VERSION "1.1.18-DEV"
+#define MOD_MD_VERSION "1.1.19-DEV"
/**
* @macro
@@ -35,7 +35,7 @@
* release. This is a 24 bit number with 8 bits for major number, 8 bits
* for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
*/
-#define MOD_MD_VERSION_NUM 0x010112
+#define MOD_MD_VERSION_NUM 0x010113
#define MD_ACME_DEF_URL "https://acme-v01.api.letsencrypt.org/directory"