Your message dated Mon, 10 Aug 2020 05:32:59 +0200 with message-id <20200810033258.rzthbh3v4nrqppvm@sym.noone.org> and subject line Re: Bug#835041: Backport Apache #56241 to Wheezy has caused the Debian Bug report #835041, regarding Backport Apache #56241 to Wheezy to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 835041: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835041 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: Backport Apache #56241 to Wheezy
- From: Johannes Pfrang <johannespfrang@gmail.com>
- Date: Sun, 21 Aug 2016 18:10:55 +0200
- Message-id: <dccdc1b7-f322-d274-b9cb-daeb08c434f5@gmail.com>
Source: apache2 Version: 2.2.22-13+deb7u7 Severity: normal Tags: upstream fixed-upstream wheezy Apache #56241 [1] patched Apache 2.2.30 to confirm to the following RFC change: RFC 4366 If the server understood the client hello extension but does not recognize the server name, it SHOULD send an "unrecognized_name" alert (which MAY be fatal). RFC 6066 has changed this to If the server understood the ClientHello extension but does not recognize the server name, the server SHOULD take one of two actions: either abort the handshake by sending a fatal-level unrecognized_name(112) alert or continue the handshake. It is NOT RECOMMENDED to send a warning-level unrecognized_name(112) alert, because the client's behavior in response to warning-level alerts is unpredictable. Redhat backported the patch in RHBA-2016:0140-1. [2] AFAICS this patch has not been applied to Debian Wheezy and now, NSS's TLS 1.3 implementation treats `unrecognized_name` as fatal. [3] In light of these developments, would the Debian Apache Maintainers please consider applying the aforementioned patch to the wheezy-branch? [1] https://bz.apache.org/bugzilla/show_bug.cgi?id=56241 [2] https://rhn.redhat.com/errata/RHBA-2016-0140.html [3] https://bugzilla.mozilla.org/show_bug.cgi?id=1296862 --Attachment: signature.asc
Description: OpenPGP digital signature
--- End Message ---
--- Begin Message ---
- To: Johannes Pfrang <johannespfrang@gmail.com>, 835041-done@bugs.debian.org
- Subject: Re: Bug#835041: Backport Apache #56241 to Wheezy
- From: Axel Beckert <abe@debian.org>
- Date: Mon, 10 Aug 2020 05:32:59 +0200
- Message-id: <20200810033258.rzthbh3v4nrqppvm@sym.noone.org>
- In-reply-to: <dccdc1b7-f322-d274-b9cb-daeb08c434f5@gmail.com>
- References: <dccdc1b7-f322-d274-b9cb-daeb08c434f5@gmail.com>
Hi, Johannes Pfrang wrote: > Tags: upstream fixed-upstream wheezy […] > In light of these developments, would the Debian Apache Maintainers > please consider applying the aforementioned patch to the wheezy-branch? I'm neither an Apache package maintainer nor do I know if this issue has been ever fixed. But given that this bug report only applies to Wheezy and even Wheezy ELTS is EoL, I think this bug report can be closed. Hence closing it herewith. Regards, Axel -- ,''`. | Axel Beckert <abe@debian.org>, https://people.debian.org/~abe/ : :' : | Debian Developer, ftp.ch.debian.org Admin `. `' | 4096R: 2517 B724 C5F6 CA99 5329 6E61 2FF9 CD59 6126 16B5 `- | 1024D: F067 EA27 26B9 C3FC 1486 202E C09E 1D89 9593 0EDEAttachment: signature.asc
Description: PGP signature
--- End Message ---