-*- coding: utf-8 -*-
Changes with Apache 2.4.40
+ *) mod_md: Store permissions are enforced on file creation, enforcing restrictions in
+ spite of umask. Fixes <https://github.com/icing/mod_md/issues/117>. [Stefan Eissing]
+
Changes with Apache 2.4.39
*) SECURITY: CVE-2019-0197 (cve.mitre.org)
mod_http2: fixes a possible crash when HTTP/2 was enabled for a http:
apr_status_t md_util_fcreatex(apr_file_t **pf, const char *fn,
apr_fileperms_t perms, apr_pool_t *p)
{
- return apr_file_open(pf, fn, (APR_FOPEN_WRITE|APR_FOPEN_CREATE|APR_FOPEN_EXCL),
- perms, p);
+ apr_status_t rv;
+ rv = apr_file_open(pf, fn, (APR_FOPEN_WRITE|APR_FOPEN_CREATE|APR_FOPEN_EXCL),
+ perms, p);
+ if (APR_SUCCESS == rv) {
+ /* See <https://github.com/icing/mod_md/issues/117>
+ * Some people set umask 007 to deny all world read/writability to files
+ * created by apache. While this is a noble effort, we need the store files
+ * to have the permissions as specified. */
+ rv = apr_file_perms_set(fn, perms);
+ if (APR_STATUS_IS_ENOTIMPL(rv)) {
+ rv = APR_SUCCESS;
+ }
+ }
+ return rv;
}
apr_status_t md_util_is_dir(const char *path, apr_pool_t *pool)
* @macro
* Version number of the md module as c string
*/
-#define MOD_MD_VERSION "1.1.17"
+#define MOD_MD_VERSION "1.1.19"
/**
* @macro
* release. This is a 24 bit number with 8 bits for major number, 8 bits
* for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
*/
-#define MOD_MD_VERSION_NUM 0x010111
+#define MOD_MD_VERSION_NUM 0x010113
#define MD_ACME_DEF_URL "https://acme-v01.api.letsencrypt.org/directory"
projects / thirdparty / apache / httpd.git / commitdiff
