File apache2-CVE-2024-39884.patch of Package apache2.36335
Index: httpd-2.4.51/modules/cluster/mod_heartmonitor.c
===================================================================
--- httpd-2.4.51.orig/modules/cluster/mod_heartmonitor.c
+++ httpd-2.4.51/modules/cluster/mod_heartmonitor.c
@@ -781,7 +781,7 @@ static int hm_handler(request_rec *r)
hmserver.seen = apr_time_now();
hm_update_stat(ctx, &hmserver, r->pool);
- ap_set_content_type(r, "text/plain");
+ ap_set_content_type_ex(r, "text/plain", 1);
ap_set_content_length(r, 2);
ap_rputs("OK", r);
ap_rflush(r);
Index: httpd-2.4.51/modules/dav/main/mod_dav.c
===================================================================
--- httpd-2.4.51.orig/modules/dav/main/mod_dav.c
+++ httpd-2.4.51/modules/dav/main/mod_dav.c
@@ -323,7 +323,7 @@ static int dav_error_response(request_re
r->status = status;
r->status_line = ap_get_status_line(status);
- ap_set_content_type(r, "text/html; charset=ISO-8859-1");
+ ap_set_content_type_ex(r, "text/html; charset=ISO-8859-1", 1);
/* begin the response now... */
ap_rvputs(r,
@@ -354,7 +354,7 @@ static int dav_error_response_tag(reques
{
r->status = err->status;
- ap_set_content_type(r, DAV_XML_CONTENT_TYPE);
+ ap_set_content_type_ex(r, DAV_XML_CONTENT_TYPE, 1);
ap_rputs(DAV_XML_HEADER DEBUG_CR
"<D:error xmlns:D=\"DAV:\"", r);
@@ -512,7 +512,7 @@ DAV_DECLARE(void) dav_begin_multistatus(
{
/* Set the correct status and Content-Type */
r->status = status;
- ap_set_content_type(r, DAV_XML_CONTENT_TYPE);
+ ap_set_content_type_ex(r, DAV_XML_CONTENT_TYPE, 1);
/* Send the headers and actual multistatus response now... */
ap_fputs(r->output_filters, bb, DAV_XML_HEADER DEBUG_CR
@@ -1964,7 +1964,7 @@ static int dav_method_options(request_re
/* send the options response */
r->status = HTTP_OK;
- ap_set_content_type(r, DAV_XML_CONTENT_TYPE);
+ ap_set_content_type_ex(r, DAV_XML_CONTENT_TYPE, 1);
/* send the headers and response body */
ap_rputs(DAV_XML_HEADER DEBUG_CR
@@ -3270,7 +3270,7 @@ static int dav_method_lock(request_rec *
(*locks_hooks->close_lockdb)(lockdb);
r->status = HTTP_OK;
- ap_set_content_type(r, DAV_XML_CONTENT_TYPE);
+ ap_set_content_type_ex(r, DAV_XML_CONTENT_TYPE, 1);
ap_rputs(DAV_XML_HEADER DEBUG_CR "<D:prop xmlns:D=\"DAV:\">" DEBUG_CR, r);
if (lock == NULL)
Index: httpd-2.4.51/modules/examples/mod_example_hooks.c
===================================================================
--- httpd-2.4.51.orig/modules/examples/mod_example_hooks.c
+++ httpd-2.4.51/modules/examples/mod_example_hooks.c
@@ -993,7 +993,7 @@ static int x_handler(request_rec *r)
* Set the Content-type header. Note that we do not actually have to send
* the headers: this is done by the http core.
*/
- ap_set_content_type(r, "text/html");
+ ap_set_content_type_ex(r, "text/html", 1);
/*
* If we're only supposed to send header information (HEAD request), we're
* already there.
Index: httpd-2.4.51/modules/filters/mod_data.c
===================================================================
--- httpd-2.4.51.orig/modules/filters/mod_data.c
+++ httpd-2.4.51/modules/filters/mod_data.c
@@ -117,7 +117,7 @@ static apr_status_t data_out_filter(ap_f
}
}
- ap_set_content_type(r, "text/plain");
+ ap_set_content_type_ex(r, "text/plain", 1);
}
Index: httpd-2.4.51/modules/filters/mod_include.c
===================================================================
--- httpd-2.4.51.orig/modules/filters/mod_include.c
+++ httpd-2.4.51/modules/filters/mod_include.c
@@ -3972,7 +3972,7 @@ static int include_fixup(request_rec *r)
if (r->handler && (strcmp(r->handler, "server-parsed") == 0))
{
if (!r->content_type || !*r->content_type) {
- ap_set_content_type(r, "text/html");
+ ap_set_content_type_ex(r, "text/html", 1);
}
r->handler = "default-handler";
}
Index: httpd-2.4.51/modules/filters/mod_proxy_html.c
===================================================================
--- httpd-2.4.51.orig/modules/filters/mod_proxy_html.c
+++ httpd-2.4.51/modules/filters/mod_proxy_html.c
@@ -952,7 +952,7 @@ static apr_status_t proxy_html_filter(ap
ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, f->r, APLOGNO(01422)
"No i18n support found. Install mod_xml2enc if required");
enc = XML_CHAR_ENCODING_NONE;
- ap_set_content_type(f->r, "text/html;charset=utf-8");
+ ap_set_content_type_ex(f->r, "text/html;charset=utf-8", 1);
}
else {
/* if we wanted a non-default charset_out, insert the
@@ -968,7 +968,7 @@ static apr_status_t proxy_html_filter(ap
cenc, NULL));
}
else /* Normal case, everything worked, utf-8 output */
- ap_set_content_type(f->r, "text/html;charset=utf-8");
+ ap_set_content_type_ex(f->r, "text/html;charset=utf-8", 1);
}
ap_fputs(f->next, ctxt->bb, ctxt->cfg->doctype);
Index: httpd-2.4.51/modules/generators/mod_cgi.c
===================================================================
--- httpd-2.4.51.orig/modules/generators/mod_cgi.c
+++ httpd-2.4.51/modules/generators/mod_cgi.c
@@ -1085,7 +1085,7 @@ static apr_status_t include_cgi(include_
/* Force sub_req to be treated as a CGI request, even if ordinary
* typing rules would have called it something else.
*/
- ap_set_content_type(rr, CGI_MAGIC_TYPE);
+ ap_set_content_type_ex(rr, CGI_MAGIC_TYPE, 1);
/* Run it. */
rr_status = ap_run_sub_req(rr);
Index: httpd-2.4.51/modules/generators/mod_cgid.c
===================================================================
--- httpd-2.4.51.orig/modules/generators/mod_cgid.c
+++ httpd-2.4.51/modules/generators/mod_cgid.c
@@ -1765,7 +1765,7 @@ static apr_status_t include_cgi(include_
/* Force sub_req to be treated as a CGI request, even if ordinary
* typing rules would have called it something else.
*/
- ap_set_content_type(rr, CGI_MAGIC_TYPE);
+ ap_set_content_type_ex(rr, CGI_MAGIC_TYPE, 1);
/* Run it. */
rr_status = ap_run_sub_req(rr);
Index: httpd-2.4.51/modules/generators/mod_info.c
===================================================================
--- httpd-2.4.51.orig/modules/generators/mod_info.c
+++ httpd-2.4.51/modules/generators/mod_info.c
@@ -778,7 +778,7 @@ static int display_info(request_rec * r)
return DECLINED;
}
- ap_set_content_type(r, "text/html; charset=ISO-8859-1");
+ ap_set_content_type_ex(r, "text/html; charset=ISO-8859-1", 1);
ap_rputs(DOCTYPE_XHTML_1_0T
"<html xmlns=\"http://www.w3.org/1999/xhtml\">\n"
Index: httpd-2.4.51/modules/generators/mod_status.c
===================================================================
--- httpd-2.4.51.orig/modules/generators/mod_status.c
+++ httpd-2.4.51/modules/generators/mod_status.c
@@ -269,7 +269,7 @@ static int status_handler(request_rec *r
if (r->method_number != M_GET)
return DECLINED;
- ap_set_content_type(r, "text/html; charset=ISO-8859-1");
+ ap_set_content_type_ex(r, "text/html; charset=ISO-8859-1", 1);
/*
* Simple table-driven form data set parser that lets you alter the header
@@ -297,7 +297,7 @@ static int status_handler(request_rec *r
no_table_report = 1;
break;
case STAT_OPT_AUTO:
- ap_set_content_type(r, "text/plain; charset=ISO-8859-1");
+ ap_set_content_type_ex(r, "text/plain; charset=ISO-8859-1", 1);
short_report = 1;
break;
}
Index: httpd-2.4.51/modules/http/http_filters.c
===================================================================
--- httpd-2.4.51.orig/modules/http/http_filters.c
+++ httpd-2.4.51/modules/http/http_filters.c
@@ -1258,7 +1258,7 @@ AP_DECLARE_NONSTD(int) ap_send_http_trac
}
}
- ap_set_content_type(r, "message/http");
+ ap_set_content_type_ex(r, "message/http", 1);
/* Now we recreate the request, and echo it back */
Index: httpd-2.4.51/modules/http/http_protocol.c
===================================================================
--- httpd-2.4.51.orig/modules/http/http_protocol.c
+++ httpd-2.4.51/modules/http/http_protocol.c
@@ -1443,10 +1443,10 @@ AP_DECLARE(void) ap_send_error_response(
request_conf->suppress_charset = 1; /* avoid adding default
* charset later
*/
- ap_set_content_type(r, "text/html");
+ ap_set_content_type_ex(r, "text/html", 1);
}
else {
- ap_set_content_type(r, "text/html; charset=iso-8859-1");
+ ap_set_content_type_ex(r, "text/html; charset=iso-8859-1", 1);
}
if ((status == HTTP_METHOD_NOT_ALLOWED)
Index: httpd-2.4.51/modules/ldap/util_ldap.c
===================================================================
--- httpd-2.4.51.orig/modules/ldap/util_ldap.c
+++ httpd-2.4.51/modules/ldap/util_ldap.c
@@ -139,7 +139,7 @@ static int util_ldap_handler(request_rec
st = (util_ldap_state_t *) ap_get_module_config(r->server->module_config,
&ldap_module);
- ap_set_content_type(r, "text/html; charset=ISO-8859-1");
+ ap_set_content_type_ex(r, "text/html; charset=ISO-8859-1", 1);
if (r->header_only)
return OK;
Index: httpd-2.4.51/modules/mappers/mod_imagemap.c
===================================================================
--- httpd-2.4.51.orig/modules/mappers/mod_imagemap.c
+++ httpd-2.4.51/modules/mappers/mod_imagemap.c
@@ -475,7 +475,7 @@ static int imap_reply(request_rec *r, co
static void menu_header(request_rec *r, char *menu)
{
- ap_set_content_type(r, "text/html; charset=ISO-8859-1");
+ ap_set_content_type_ex(r, "text/html; charset=ISO-8859-1", 1);
ap_rvputs(r, DOCTYPE_HTML_3_2, "<html><head>\n<title>Menu for ",
ap_escape_html(r->pool, r->uri),
Index: httpd-2.4.51/modules/http/http_request.c
===================================================================
--- httpd-2.4.51.orig/modules/http/http_request.c
+++ httpd-2.4.51/modules/http/http_request.c
@@ -708,7 +708,7 @@ AP_DECLARE(void) ap_internal_fast_redire
r->args = rr->args;
r->finfo = rr->finfo;
r->handler = rr->handler;
- ap_set_content_type(r, rr->content_type);
+ ap_set_content_type_ex(r, rr->content_type, AP_REQUEST_IS_TRUSTED_CT(r));
r->content_encoding = rr->content_encoding;
r->content_languages = rr->content_languages;
r->per_dir_config = rr->per_dir_config;
Index: httpd-2.4.51/modules/proxy/mod_proxy_balancer.c
===================================================================
--- httpd-2.4.51.orig/modules/proxy/mod_proxy_balancer.c
+++ httpd-2.4.51/modules/proxy/mod_proxy_balancer.c
@@ -1456,7 +1456,7 @@ static void balancer_display_page(reques
if (usexml) {
char date[APR_RFC822_DATE_LEN];
- ap_set_content_type(r, "text/xml");
+ ap_set_content_type_ex(r, "text/xml", 1);
ap_rputs("<?xml version='1.0' encoding='UTF-8' ?>\n", r);
ap_rputs("<httpd:manager xmlns:httpd='http://httpd.apache.org'>\n", r);
ap_rputs(" <httpd:balancers>\n", r);
