You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2017/07/03 06:37:46 UTC

svn commit: r1800594 - in /httpd/httpd/trunk: CHANGES support/htdigest.c support/htpasswd.c

Author: rpluem
Date: Mon Jul  3 06:37:45 2017
New Revision: 1800594

URL: http://svn.apache.org/viewvc?rev=1800594&view=rev
Log:
* Do not apply the strict permissions of the temporary file to a possibly
  existing passwd file.
  This long standing bug was triggered by fixing a bug in APR in r1791029.

PR: 61240

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/support/htdigest.c
    httpd/httpd/trunk/support/htpasswd.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1800594&r1=1800593&r2=1800594&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Mon Jul  3 06:37:45 2017
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) htpasswd / htdigest: Do not apply the strict permissions of the temporary
+     passwd file to a possibly existing passwd file. PR 61240. [Ruediger Pluem]
+
   *) mod_proxy_fcgi: Revert to 2.4.20 FCGI behavior for the default
      ProxyFCGIBackendType, fixing a regression with PHP-FPM. PR 61202.
      [Jacob Champion]

Modified: httpd/httpd/trunk/support/htdigest.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/htdigest.c?rev=1800594&r1=1800593&r2=1800594&view=diff
==============================================================================
--- httpd/httpd/trunk/support/htdigest.c (original)
+++ httpd/httpd/trunk/support/htdigest.c Mon Jul  3 06:37:45 2017
@@ -282,7 +282,7 @@ int main(int argc, const char * const ar
 
     /* The temporary file has all the data, just copy it to the new location.
      */
-    if (apr_file_copy(dirname, argv[1], APR_FILE_SOURCE_PERMS, cntxt) !=
+    if (apr_file_copy(dirname, argv[1], APR_OS_DEFAULT, cntxt) !=
                 APR_SUCCESS) {
         apr_file_printf(errfile, "%s: unable to update file %s\n",
                         argv[0], argv[1]);

Modified: httpd/httpd/trunk/support/htpasswd.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/htpasswd.c?rev=1800594&r1=1800593&r2=1800594&view=diff
==============================================================================
--- httpd/httpd/trunk/support/htpasswd.c (original)
+++ httpd/httpd/trunk/support/htpasswd.c Mon Jul  3 06:37:45 2017
@@ -503,7 +503,7 @@ int main(int argc, const char * const ar
 
     /* The temporary file has all the data, just copy it to the new location.
      */
-    if (apr_file_copy(dirname, pwfilename, APR_FILE_SOURCE_PERMS, pool) !=
+    if (apr_file_copy(dirname, pwfilename, APR_OS_DEFAULT, pool) !=
         APR_SUCCESS) {
         apr_file_printf(errfile, "%s: unable to update file %s" NL,
                         argv[0], pwfilename);