-*- coding: utf-8 -*-
Changes with Apache 2.5.1
+ *) mod_md: Store permissions are enforced on file creation, enforcing restrictions in
+ spite of umask. Fixes <https://github.com/icing/mod_md/issues/117>. [Stefan Eissing]
+
*) mod_ssl: Correctly restore SSL verify state after TLSv1.3 PHA failure.
[Michael Kaufmann <mail michael-kaufmann.ch>]
apr_status_t md_util_fcreatex(apr_file_t **pf, const char *fn,
apr_fileperms_t perms, apr_pool_t *p)
{
- return apr_file_open(pf, fn, (APR_FOPEN_WRITE|APR_FOPEN_CREATE|APR_FOPEN_EXCL),
- perms, p);
+ apr_status_t rv;
+ rv = apr_file_open(pf, fn, (APR_FOPEN_WRITE|APR_FOPEN_CREATE|APR_FOPEN_EXCL),
+ perms, p);
+ if (APR_SUCCESS == rv) {
+ /* See <https://github.com/icing/mod_md/issues/117>
+ * Some people set umask 007 to deny all world read/writability to files
+ * created by apache. While this is a noble effort, we need the store files
+ * to have the permissions as specified. */
+ rv = apr_file_perms_set(fn, perms);
+ if (APR_STATUS_IS_ENOTIMPL(rv)) {
+ rv = APR_SUCCESS;
+ }
+ }
+ return rv;
}
apr_status_t md_util_is_dir(const char *path, apr_pool_t *pool)
if (APR_SUCCESS == rv) {
rv = write_text((void*)text, f, p);
apr_file_close(f);
- /* See <https://github.com/icing/mod_md/issues/117>: when a umask
- * is set, files need to be assigned permissions explicitly.
- * Otherwise, as in the issues reported, it will break our access model. */
- rv = apr_file_perms_set(fpath, perms);
- if (APR_STATUS_IS_ENOTIMPL(rv)) {
- rv = APR_SUCCESS;
- }
}
return rv;
}
* @macro
* Version number of the md module as c string
*/
-#define MOD_MD_VERSION "1.1.18-DEV"
+#define MOD_MD_VERSION "1.1.19-DEV"
/**
* @macro
* release. This is a 24 bit number with 8 bits for major number, 8 bits
* for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203.
*/
-#define MOD_MD_VERSION_NUM 0x010112
+#define MOD_MD_VERSION_NUM 0x010113
#define MD_ACME_DEF_URL "https://acme-v01.api.letsencrypt.org/directory"
projects / thirdparty / apache / httpd.git / commitdiff
