apache2/apache2-CVE-2024-38476-5.patch

--- a/modules/mappers/mod_actions.c	2024/06/24 17:52:31	1918559
+++ b/modules/mappers/mod_actions.c	2024/06/24 17:54:34	1918560
@@ -182,8 +182,10 @@
         return DECLINED;
 
     /* Second, check for actions (which override the method scripts) */
-    action = r->handler ? r->handler :
-        ap_field_noparam(r->pool, r->content_type);
+    action = r->handler;
+    if (!action && AP_REQUEST_IS_TRUSTED_CT(r)) {
+        action = ap_field_noparam(r->pool, r->content_type);
+    }
 
     if (action && (t = apr_table_get(conf->action_types, action))) {
         int virtual = (*t++ == '0' ? 0 : 1);
Sync from SUSE:SLFO:Main apache2 revision 82cb424ed6b0e811111746feed1311da 2024-08-07 22:02:25 +02:00			`--- a/modules/mappers/mod_actions.c 2024/06/24 17:52:31 1918559`
			`+++ b/modules/mappers/mod_actions.c 2024/06/24 17:54:34 1918560`
			`@@ -182,8 +182,10 @@`
			`return DECLINED;`

			`/* Second, check for actions (which override the method scripts) */`
			`- action = r->handler ? r->handler :`
			`- ap_field_noparam(r->pool, r->content_type);`
			`+ action = r->handler;`
			`+ if (!action && AP_REQUEST_IS_TRUSTED_CT(r)) {`
			`+ action = ap_field_noparam(r->pool, r->content_type);`
			`+ }`

			`if (action && (t = apr_table_get(conf->action_types, action))) {`
			`int virtual = (*t++ == '0' ? 0 : 1);`