]> granicus.if.org Git - apache/commitdiff
projects / apache / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 49d653a)
* Do not apply the strict permissions of the temporary file to a possibly
authorRuediger Pluem <rpluem@apache.org>
Mon, 3 Jul 2017 06:37:45 +0000 (06:37 +0000)
committerRuediger Pluem <rpluem@apache.org>
Mon, 3 Jul 2017 06:37:45 +0000 (06:37 +0000)
  existing passwd file.
  This long standing bug was triggered by fixing a bug in APR in r1791029.

PR: 61240

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1800594 13f79535-47bb-0310-9956-ffa450edef68

CHANGES patch | blob | history
support/htdigest.c patch | blob | history
support/htpasswd.c patch | blob | history

diff --git a/CHANGES b/CHANGES
index ce017d2acbb57c47cc98c3a0faf15f8c0ede792a..68b5e5ca62c5bb1b7cbe3ee965e45932da3f0e2a 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) htpasswd / htdigest: Do not apply the strict permissions of the temporary
+     passwd file to a possibly existing passwd file. PR 61240. [Ruediger Pluem]
+
   *) mod_proxy_fcgi: Revert to 2.4.20 FCGI behavior for the default
      ProxyFCGIBackendType, fixing a regression with PHP-FPM. PR 61202.
      [Jacob Champion]
diff --git a/support/htdigest.c b/support/htdigest.c
index 972fa82d209061992a7359b9538dbbf48fabb3ea..018c0ea20023563dd17f8a04f36a28491535890a 100644 (file)
--- a/support/htdigest.c
+++ b/support/htdigest.c
@@ -282,7 +282,7 @@ int main(int argc, const char * const argv[])
 
     /* The temporary file has all the data, just copy it to the new location.
      */
-    if (apr_file_copy(dirname, argv[1], APR_FILE_SOURCE_PERMS, cntxt) !=
+    if (apr_file_copy(dirname, argv[1], APR_OS_DEFAULT, cntxt) !=
                 APR_SUCCESS) {
         apr_file_printf(errfile, "%s: unable to update file %s\n",
                         argv[0], argv[1]);
diff --git a/support/htpasswd.c b/support/htpasswd.c
index e627f8b9bff10af7a615eba7a61d389efd1feb1d..65a0b9c3bba90028e631c1cd27f8307cfabf448f 100644 (file)
--- a/support/htpasswd.c
+++ b/support/htpasswd.c
@@ -503,7 +503,7 @@ int main(int argc, const char * const argv[])
 
     /* The temporary file has all the data, just copy it to the new location.
      */
-    if (apr_file_copy(dirname, pwfilename, APR_FILE_SOURCE_PERMS, pool) !=
+    if (apr_file_copy(dirname, pwfilename, APR_OS_DEFAULT, pool) !=
         APR_SUCCESS) {
         apr_file_printf(errfile, "%s: unable to update file %s" NL,
                         argv[0], pwfilename);
Unnamed repository; edit this file 'description' to name the repository.