Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 073DB200CB7 for ; Fri, 30 Jun 2017 23:05:01 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 05B94160BEB; Fri, 30 Jun 2017 21:05:01 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 4CA14160BE8 for ; Fri, 30 Jun 2017 23:05:00 +0200 (CEST) Received: (qmail 64762 invoked by uid 500); 30 Jun 2017 21:04:59 -0000 Mailing-List: contact bugs-help@apr.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@apr.apache.org Delivered-To: mailing list bugs@apr.apache.org Received: (qmail 64751 invoked by uid 99); 30 Jun 2017 21:04:59 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd3-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 30 Jun 2017 21:04:59 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd3-us-west.apache.org (ASF Mail Server at spamd3-us-west.apache.org) with ESMTP id 011CD18189E for ; Fri, 30 Jun 2017 21:04:59 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd3-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 0.798 X-Spam-Level: X-Spam-Status: No, score=0.798 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd3-us-west.apache.org [10.40.0.10]) (amavisd-new, port 10024) with ESMTP id HmAFhffdrbjC for ; Fri, 30 Jun 2017 21:04:58 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id A71C35FD38 for ; Fri, 30 Jun 2017 21:04:57 +0000 (UTC) Received: from asf-bz1-us-mid.priv.apache.org (nat1-us-mid.apache.org [23.253.172.122]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTPS id 3445AE0026 for ; Fri, 30 Jun 2017 21:04:57 +0000 (UTC) Received: by asf-bz1-us-mid.priv.apache.org (ASF Mail Server at asf-bz1-us-mid.priv.apache.org, from userid 33) id 1D13160FB2; Fri, 30 Jun 2017 21:04:54 +0000 (UTC) From: bugzilla@apache.org To: bugs@apr.apache.org Subject: [Bug 61240] apr_file_transfer_contents change breaks htpasswd(1) Date: Fri, 30 Jun 2017 21:04:54 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: APR X-Bugzilla-Component: APR X-Bugzilla-Version: 1.6.2 X-Bugzilla-Keywords: X-Bugzilla-Severity: major X-Bugzilla-Who: hlein-apbz@korelogic.com X-Bugzilla-Status: NEW X-Bugzilla-Resolution: X-Bugzilla-Priority: P2 X-Bugzilla-Assigned-To: bugs@apr.apache.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_status Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bz.apache.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 archived-at: Fri, 30 Jun 2017 21:05:01 -0000 https://bz.apache.org/bugzilla/show_bug.cgi?id=3D61240 Hank Leininger changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW --- Comment #5 from Hank Leininger --- (In reply to Ruediger Pluem from comment #4) > IMHO APR code is now correct and this is a bug in htpasswd. Yes, I agree that htpasswd.c is using apr_file_copy incorrectly. And has b= een doing so forever. > Does the > following patch to htpasswd fix the issue for you? >=20 > Index: htpasswd.c > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > --- htpasswd.c (revision 1800082) > +++ htpasswd.c (working copy) > @@ -498,7 +498,7 @@ >=20 > /* The temporary file has all the data, just copy it to the new > location. > */ > - if (apr_file_copy(dirname, pwfilename, APR_FILE_SOURCE_PERMS, pool) = !=3D > + if (apr_file_copy(dirname, pwfilename, APR_OS_DEFAULT, pool) !=3D > APR_SUCCESS) { > apr_file_printf(errfile, "%s: unable to update file %s" NL, > argv[0], pwfilename); Indeed, that does seem to do the right thing. So every caller of apr_file_copy or apr_file_transfer_contents ought to be reviewed to make sure they are not using APR_FILE_SOURCE_PERMS flag (or equivalent APR_FPROT_FILE_SOURCE_PERMS) when they do not mean it. But in the meantime shouldn't the fix to apr_file_transfer_contents be reverted, and instead announced as upcoming so projects that use libapr can check? Unless you can easily tell who all users of apr_file_copy / apr_file_transfer_contents are, and can confirm that none of them will have this problem leading to surprise failures. That sounds a) not easy and b) = not the job of apr-developers? Thanks! --=20 You are receiving this mail because: You are the assignee for the bug.= --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscribe@apr.apache.org For additional commands, e-mail: bugs-help@apr.apache.org