You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2017/07/03 06:37:46 UTC
svn commit: r1800594 - in /httpd/httpd/trunk: CHANGES support/htdigest.c
support/htpasswd.c
Author: rpluem
Date: Mon Jul 3 06:37:45 2017
New Revision: 1800594
URL: http://svn.apache.org/viewvc?rev=1800594&view=rev
Log:
* Do not apply the strict permissions of the temporary file to a possibly
existing passwd file.
This long standing bug was triggered by fixing a bug in APR in r1791029.
PR: 61240
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/support/htdigest.c
httpd/httpd/trunk/support/htpasswd.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1800594&r1=1800593&r2=1800594&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Mon Jul 3 06:37:45 2017
@@ -1,6 +1,9 @@
-*- coding: utf-8 -*-
Changes with Apache 2.5.0
+ *) htpasswd / htdigest: Do not apply the strict permissions of the temporary
+ passwd file to a possibly existing passwd file. PR 61240. [Ruediger Pluem]
+
*) mod_proxy_fcgi: Revert to 2.4.20 FCGI behavior for the default
ProxyFCGIBackendType, fixing a regression with PHP-FPM. PR 61202.
[Jacob Champion]
Modified: httpd/httpd/trunk/support/htdigest.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/htdigest.c?rev=1800594&r1=1800593&r2=1800594&view=diff
==============================================================================
--- httpd/httpd/trunk/support/htdigest.c (original)
+++ httpd/httpd/trunk/support/htdigest.c Mon Jul 3 06:37:45 2017
@@ -282,7 +282,7 @@ int main(int argc, const char * const ar
/* The temporary file has all the data, just copy it to the new location.
*/
- if (apr_file_copy(dirname, argv[1], APR_FILE_SOURCE_PERMS, cntxt) !=
+ if (apr_file_copy(dirname, argv[1], APR_OS_DEFAULT, cntxt) !=
APR_SUCCESS) {
apr_file_printf(errfile, "%s: unable to update file %s\n",
argv[0], argv[1]);
Modified: httpd/httpd/trunk/support/htpasswd.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/htpasswd.c?rev=1800594&r1=1800593&r2=1800594&view=diff
==============================================================================
--- httpd/httpd/trunk/support/htpasswd.c (original)
+++ httpd/httpd/trunk/support/htpasswd.c Mon Jul 3 06:37:45 2017
@@ -503,7 +503,7 @@ int main(int argc, const char * const ar
/* The temporary file has all the data, just copy it to the new location.
*/
- if (apr_file_copy(dirname, pwfilename, APR_FILE_SOURCE_PERMS, pool) !=
+ if (apr_file_copy(dirname, pwfilename, APR_OS_DEFAULT, pool) !=
APR_SUCCESS) {
apr_file_printf(errfile, "%s: unable to update file %s" NL,
argv[0], pwfilename);