Merged /httpd/httpd/trunk:r1856297 (bb81df62) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

CHANGES

+3 −0

Original line number	Diff line number	Diff line
		-- coding: utf-8 --
		Changes with Apache 2.4.40

		*) mod_md: Store permissions are enforced on file creation, enforcing restrictions in
		spite of umask. Fixes <https://github.com/icing/mod_md/issues/117>. [Stefan Eissing]

		Changes with Apache 2.4.39
		*) SECURITY: CVE-2019-0197 (cve.mitre.org)
		mod_http2: fixes a possible crash when HTTP/2 was enabled for a http:

+14 −2

Original line number	Diff line number	Diff line
		@@ -194,8 +194,20 @@ apr_status_t md_util_fopen(FILE *pf, const char fn, const char *mode)
		apr_status_t md_util_fcreatex(apr_file_t *pf, const char fn,
		apr_fileperms_t perms, apr_pool_t *p)
		{
		return apr_file_open(pf, fn, (APR_FOPEN_WRITE\|APR_FOPEN_CREATE\|APR_FOPEN_EXCL),
		apr_status_t rv;
		rv = apr_file_open(pf, fn, (APR_FOPEN_WRITE\|APR_FOPEN_CREATE\|APR_FOPEN_EXCL),
		perms, p);
		if (APR_SUCCESS == rv) {
		/* See <https://github.com/icing/mod_md/issues/117>
		* Some people set umask 007 to deny all world read/writability to files
		* created by apache. While this is a noble effort, we need the store files
		* to have the permissions as specified. */
		rv = apr_file_perms_set(fn, perms);
		if (APR_STATUS_IS_ENOTIMPL(rv)) {
		rv = APR_SUCCESS;
		}
		}
		return rv;
		}

		apr_status_t md_util_is_dir(const char path, apr_pool_t pool)

+2 −2

Original line number	Diff line number	Diff line
		@@ -27,7 +27,7 @@
		* @macro
		* Version number of the md module as c string
		*/
		#define MOD_MD_VERSION "1.1.17"
		#define MOD_MD_VERSION "1.1.19"

		/**
		* @macro
		@@ -35,7 +35,7 @@
		* release. This is a 24 bit number with 8 bits for major number, 8 bits
		* for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
		*/
		#define MOD_MD_VERSION_NUM 0x010111
		#define MOD_MD_VERSION_NUM 0x010113

		#define MD_ACME_DEF_URL "https://acme-v01.api.letsencrypt.org/directory"