Re: testing and review requested for Wheezy update of apache2

[Scott Kitterman <debian@kitterman.com>]

On Monday, January 23, 2017 02:38:51 PM Antoine Beaupré wrote:
> On 2017-01-22 11:25:08, Stefan Fritsch wrote:
> > On Thursday, 19 January 2017 20:47:15 CET Stefan Fritsch wrote:
> >> On Tuesday, 17 January 2017 11:59:17 CET Antoine Beaupré wrote:
...
> > For jessie, I am not that far, yet. So I don't have any hints about the
> > http_strict.t test fails.
> 
> Understood, I'll report back what I found.
> 
> > In 2.4.25, the changes have been reported to break underscores in
> > hostnames
> > [2]. While these are not RFC-conforming, this is probably not something
> > one
> > should break in a security update. Therefore I would relax the hostname
> > checking to also accept underscores. I think the relevant code is in
> > vhost.c in fix_hostname_non_v6() .

You need to be very careful about definitions here.  Underscores in host names 
are indeed, not allowed, but they are perfectly legitimate in domain names.  
That's how, for example, DKIM key records can be in a TXT record at 
_domainkey. without fear of colliding with a legitimate host.

I'm not sure from the context if you are talking about hosts or domains, but 
make sure you know.

Scott K