From: Ruediger Pluem <rpluem@apache.org>
Date: Mon, 3 Jul 2017 06:37:45 +0000 (+0000)
Subject: * Do not apply the strict permissions of the temporary file to a possibly
X-Git-Tag: 2.5.0-alpha~316
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=f5c249ba91c22ec580fd16f4e71b68e7c57c5e1c;p=apache

* Do not apply the strict permissions of the temporary file to a possibly
  existing passwd file.
  This long standing bug was triggered by fixing a bug in APR in r1791029.

PR: 61240


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1800594 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index ce017d2acb..68b5e5ca62 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) htpasswd / htdigest: Do not apply the strict permissions of the temporary
+     passwd file to a possibly existing passwd file. PR 61240. [Ruediger Pluem]
+
   *) mod_proxy_fcgi: Revert to 2.4.20 FCGI behavior for the default
      ProxyFCGIBackendType, fixing a regression with PHP-FPM. PR 61202.
      [Jacob Champion]
diff --git a/support/htdigest.c b/support/htdigest.c
index 972fa82d20..018c0ea200 100644
--- a/support/htdigest.c
+++ b/support/htdigest.c
@@ -282,7 +282,7 @@ int main(int argc, const char * const argv[])
 
     /* The temporary file has all the data, just copy it to the new location.
      */
-    if (apr_file_copy(dirname, argv[1], APR_FILE_SOURCE_PERMS, cntxt) !=
+    if (apr_file_copy(dirname, argv[1], APR_OS_DEFAULT, cntxt) !=
                 APR_SUCCESS) {
         apr_file_printf(errfile, "%s: unable to update file %s\n",
                         argv[0], argv[1]);
diff --git a/support/htpasswd.c b/support/htpasswd.c
index e627f8b9bf..65a0b9c3bb 100644
--- a/support/htpasswd.c
+++ b/support/htpasswd.c
@@ -503,7 +503,7 @@ int main(int argc, const char * const argv[])
 
     /* The temporary file has all the data, just copy it to the new location.
      */
-    if (apr_file_copy(dirname, pwfilename, APR_FILE_SOURCE_PERMS, pool) !=
+    if (apr_file_copy(dirname, pwfilename, APR_OS_DEFAULT, pool) !=
         APR_SUCCESS) {
         apr_file_printf(errfile, "%s: unable to update file %s" NL,
                         argv[0], pwfilename);