apache-test-application-xml-type.patch

Index: httpd-framework/t/conf/extra.conf.in
===================================================================
--- a/httpd-framework/t/conf/extra.conf.in	2020-06-15 10:43:26.156701553 +0200
+++ b/httpd-framework/t/conf/extra.conf.in	2020-06-15 10:46:16.141693081 +0200
@@ -875,6 +875,7 @@ LimitRequestFields    32
        </IfModule>
    </Directory>
    <Directory @SERVERROOT@/htdocs/modules/filter/bytype>
+      AddType application/xml .xml
       <IfModule mod_deflate.c>
         AddOutputFilterByType DEFLATE application/xml
         AddOutputFilterByType DEFLATE text/xml
Sync changes to SLFO-1.2 branch 2025-08-20 09:03:01 +02:00			`Index: httpd-framework/t/conf/extra.conf.in`
* Refresh patches: - apache-test-application-xml-type.patch - apache-test-turn-off-variables-in-ssl-var-lookup.patch - apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch - apache2-LimitRequestFieldSize-limits-headers.patch * Update to 2.4.64. * CVE-2025-53020: Apache HTTP Server: HTTP/2 DoS by Memory Increase * CVE-2025-49812: Apache HTTP Server: mod_ssl TLS upgrade attack * CVE-2025-49630: Apache HTTP Server: mod_proxy_http2 denial of service * CVE-2025-23048: Apache HTTP Server: mod_ssl access control bypass with session resumption * CVE-2024-47252: Apache HTTP Server: mod_ssl error log variable escaping * CVE-2024-43394: Apache HTTP Server: SSRF on Windows due to UNC paths * CVE-2024-43204: Apache HTTP Server: SSRF with mod_headers setting Content-Type header * CVE-2024-42516: Apache HTTP Server: HTTP response splitting * mod_proxy_ajp: Use iobuffersize set on worker level for the IO buffer size. * mod_ssl: Drop $SSLKEYLOGFILE handling internally for OpenSSL 3.5 builds which enable it in libssl natively. * mod_asis: Fix the log level of the message AH01236. * mod_session_dbd: ensure format used with SessionDBDCookieName and SessionDBDCookieName2 are correct. * mod_headers: 'RequestHeader set\|edit\|edit_r Content-Type X' could inadvertently modify the Content-Type _response_ header. Applies to Content-Type only and likely to only affect static file responses. * mod_ssl: Remove warning over potential uninitialised value for ssl protocol prior to protocol selection. * mod_proxy: Reuse ProxyRemote connections when possible, like prior to 2.4.59. * mod_systemd: Add systemd socket activation support. * mod_systemd: Log the SELinux context at startup if available and OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=719 2025-07-18 03:49:15 +00:00			`===================================================================`
Sync changes to SLFO-1.2 branch 2025-08-20 09:03:01 +02:00			`--- a/httpd-framework/t/conf/extra.conf.in 2020-06-15 10:43:26.156701553 +0200`
			`+++ b/httpd-framework/t/conf/extra.conf.in 2020-06-15 10:46:16.141693081 +0200`
			`@@ -875,6 +875,7 @@ LimitRequestFields 32`
* Refresh patches: - apache-test-application-xml-type.patch - apache-test-turn-off-variables-in-ssl-var-lookup.patch - apache2-HttpContentLengthHeadZero-HttpExpectStrict.patch - apache2-LimitRequestFieldSize-limits-headers.patch * Update to 2.4.64. * CVE-2025-53020: Apache HTTP Server: HTTP/2 DoS by Memory Increase * CVE-2025-49812: Apache HTTP Server: mod_ssl TLS upgrade attack * CVE-2025-49630: Apache HTTP Server: mod_proxy_http2 denial of service * CVE-2025-23048: Apache HTTP Server: mod_ssl access control bypass with session resumption * CVE-2024-47252: Apache HTTP Server: mod_ssl error log variable escaping * CVE-2024-43394: Apache HTTP Server: SSRF on Windows due to UNC paths * CVE-2024-43204: Apache HTTP Server: SSRF with mod_headers setting Content-Type header * CVE-2024-42516: Apache HTTP Server: HTTP response splitting * mod_proxy_ajp: Use iobuffersize set on worker level for the IO buffer size. * mod_ssl: Drop $SSLKEYLOGFILE handling internally for OpenSSL 3.5 builds which enable it in libssl natively. * mod_asis: Fix the log level of the message AH01236. * mod_session_dbd: ensure format used with SessionDBDCookieName and SessionDBDCookieName2 are correct. * mod_headers: 'RequestHeader set\|edit\|edit_r Content-Type X' could inadvertently modify the Content-Type _response_ header. Applies to Content-Type only and likely to only affect static file responses. * mod_ssl: Remove warning over potential uninitialised value for ssl protocol prior to protocol selection. * mod_proxy: Reuse ProxyRemote connections when possible, like prior to 2.4.59. * mod_systemd: Add systemd socket activation support. * mod_systemd: Log the SELinux context at startup if available and OBS-URL: https://build.opensuse.org/package/show/Apache/apache2?expand=0&rev=719 2025-07-18 03:49:15 +00:00			`</IfModule>`
			`</Directory>`
			`<Directory @SERVERROOT@/htdocs/modules/filter/bytype>`
			`+ AddType application/xml .xml`
			`<IfModule mod_deflate.c>`
			`AddOutputFilterByType DEFLATE application/xml`
			`AddOutputFilterByType DEFLATE text/xml`