From f5c249ba91c22ec580fd16f4e71b68e7c57c5e1c Mon Sep 17 00:00:00 2001
From: Ruediger Pluem <rpluem@apache.org>
Date: Mon, 3 Jul 2017 06:37:45 +0000
Subject: [PATCH] * Do not apply the strict permissions of the temporary file
 to a possibly   existing passwd file.   This long standing bug was triggered
 by fixing a bug in APR in r1791029.

PR: 61240


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1800594 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES            | 3 +++
 support/htdigest.c | 2 +-
 support/htpasswd.c | 2 +-
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index ce017d2acbb..68b5e5ca62c 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) htpasswd / htdigest: Do not apply the strict permissions of the temporary
+     passwd file to a possibly existing passwd file. PR 61240. [Ruediger Pluem]
+
   *) mod_proxy_fcgi: Revert to 2.4.20 FCGI behavior for the default
      ProxyFCGIBackendType, fixing a regression with PHP-FPM. PR 61202.
      [Jacob Champion]
diff --git a/support/htdigest.c b/support/htdigest.c
index 972fa82d209..018c0ea2002 100644
--- a/support/htdigest.c
+++ b/support/htdigest.c
@@ -282,7 +282,7 @@ int main(int argc, const char * const argv[])
 
     /* The temporary file has all the data, just copy it to the new location.
      */
-    if (apr_file_copy(dirname, argv[1], APR_FILE_SOURCE_PERMS, cntxt) !=
+    if (apr_file_copy(dirname, argv[1], APR_OS_DEFAULT, cntxt) !=
                 APR_SUCCESS) {
         apr_file_printf(errfile, "%s: unable to update file %s\n",
                         argv[0], argv[1]);
diff --git a/support/htpasswd.c b/support/htpasswd.c
index e627f8b9bff..65a0b9c3bba 100644
--- a/support/htpasswd.c
+++ b/support/htpasswd.c
@@ -503,7 +503,7 @@ int main(int argc, const char * const argv[])
 
     /* The temporary file has all the data, just copy it to the new location.
      */
-    if (apr_file_copy(dirname, pwfilename, APR_FILE_SOURCE_PERMS, pool) !=
+    if (apr_file_copy(dirname, pwfilename, APR_OS_DEFAULT, pool) !=
         APR_SUCCESS) {
         apr_file_printf(errfile, "%s: unable to update file %s" NL,
                         argv[0], pwfilename);
-- 
2.47.3