Commit 55c70e5c authored by Jim Jagielski's avatar Jim Jagielski
Browse files

Merge r1800594 from trunk: 

* Do not apply the strict permissions of the temporary file to a possibly
  existing passwd file.
  This long standing bug was triggered by fixing a bug in APR in r1791029.

PR: 61240

Submitted by: rpluem
Reviewed by: rpluem, ylavic, jim


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1800775 13f79535-47bb-0310-9956-ffa450edef68
parent ab03196a

CHANGES

+3 −0
Original line number Diff line number Diff line
@@ -8,6 +8,9 @@ Changes with Apache 2.4.27 
  *) Allow single-char field names inadvertantly disallowed in 2.4.25.

     PR 61220. [Yann Ylavic]



  *) htpasswd / htdigest: Do not apply the strict permissions of the temporary

     passwd file to a possibly existing passwd file. PR 61240. [Ruediger Pluem]



  *) mod_proxy_fcgi: Revert to 2.4.20 FCGI behavior for the default

     ProxyFCGIBackendType, fixing a regression with PHP-FPM. PR 61202.

     [Jacob Champion, Jim Jagielski]

STATUS

+0 −7
Original line number Diff line number Diff line
@@ -115,13 +115,6 @@ RELEASE SHOWSTOPPERS: 
PATCHES ACCEPTED TO BACKPORT FROM TRUNK:

  [ start all new proposals below, under PATCHES PROPOSED. ]



   *)  htpasswd / htdigest: Do not apply the strict permissions of the temporary

       passwd file to a possibly existing passwd file. PR 61240.

     trunk patch: http://svn.apache.org/r1800594

     2.4.x patch:  svn merge -c 1800594 ^/httpd/httpd/trunk .

     +1: rpluem, ylavic, jim







PATCHES PROPOSED TO BACKPORT FROM TRUNK:

  [ New proposals should be added at the end of the list ]

support/htdigest.c

+1 −1
Original line number Diff line number Diff line
@@ -282,7 +282,7 @@ int main(int argc, const char * const argv[]) 


    /* The temporary file has all the data, just copy it to the new location.

     */

    if (apr_file_copy(dirname, argv[1], APR_FILE_SOURCE_PERMS, cntxt) !=

    if (apr_file_copy(dirname, argv[1], APR_OS_DEFAULT, cntxt) !=

                APR_SUCCESS) {

        apr_file_printf(errfile, "%s: unable to update file %s\n",

                        argv[0], argv[1]);

support/htpasswd.c

+1 −1
Original line number Diff line number Diff line
@@ -498,7 +498,7 @@ int main(int argc, const char * const argv[]) 


    /* The temporary file has all the data, just copy it to the new location.

     */

    if (apr_file_copy(dirname, pwfilename, APR_FILE_SOURCE_PERMS, pool) !=

    if (apr_file_copy(dirname, pwfilename, APR_OS_DEFAULT, pool) !=

        APR_SUCCESS) {

        apr_file_printf(errfile, "%s: unable to update file %s" NL,

                        argv[0], pwfilename);