[-]
[+]
|
Changed |
php5.changes
|
|
[-]
[+]
|
Changed |
php5.spec
^
|
|
[-]
[+]
|
Added |
CVE-2014-0185.patch
^
|
@@ -0,0 +1,43 @@
+From 1875b4648f138df77abcb513149a3340ade69a4c Mon Sep 17 00:00:00 2001
+From: Stanislav Malyshev <stas@php.net>
+Date: Tue, 15 Apr 2014 10:43:24 -0700
+Subject: [PATCH] Fix bug #67060: use default mode of 660
+
+---
+ sapi/fpm/fpm/fpm_unix.c | 2 +-
+ sapi/fpm/php-fpm.conf.in | 4 ++--
+ 2 files changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/sapi/fpm/fpm/fpm_unix.c b/sapi/fpm/fpm/fpm_unix.c
+index 48249e8..ea0e673 100644
+--- a/sapi/fpm/fpm/fpm_unix.c
++++ b/sapi/fpm/fpm/fpm_unix.c
+@@ -35,7 +35,7 @@ int fpm_unix_resolve_socket_premissions(struct fpm_worker_pool_s *wp) /* {{{ */
+ /* uninitialized */
+ wp->socket_uid = -1;
+ wp->socket_gid = -1;
+- wp->socket_mode = 0666;
++ wp->socket_mode = 0660;
+
+ if (!c) {
+ return 0;
+diff --git a/sapi/fpm/php-fpm.conf.in b/sapi/fpm/php-fpm.conf.in
+index 1e70f2c..9205d42 100644
+--- a/sapi/fpm/php-fpm.conf.in
++++ b/sapi/fpm/php-fpm.conf.in
+@@ -166,10 +166,10 @@ listen = 127.0.0.1:9000
+ ; permissions must be set in order to allow connections from a web server. Many
+ ; BSD-derived systems allow connections regardless of permissions.
+ ; Default Values: user and group are set as the running user
+-; mode is set to 0666
++; mode is set to 0660
+ ;listen.owner = @php_fpm_user@
+ ;listen.group = @php_fpm_group@
+-;listen.mode = 0666
++;listen.mode = 0660
+
+ ; List of ipv4 addresses of FastCGI clients which are allowed to connect.
+ ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
+--
+1.8.4
+
|