Your message dated Sun, 10 Jul 2016 16:21:08 +0200
with message-id <[email protected]>
and subject line closing bugs reported against ancient iceweasel versions
has caused the Debian Bug report #574635,
regarding xulrunner: cannot connect through a Bluecoat proxy with REDIRECT
authentication
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
574635: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574635
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: xulrunner-1.9.1
Version: 1.9.1.8-4
Hi,
Xulrunner-based browsers fail to connect through some proxies with very
peculiar settings.
This happens since the fix for the following bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=CVE-2009-1836
As comment #75 of said bug explains, it breaks the behavior of some
(arguably broken) proxies. When you issue a CONNECT command, they will
reply with a REDIRECT to a page that does the authentication.
The patch introduced at that moment breaks this kind of authentication.
https://bug479880.bugzilla.mozilla.org/attachment.cgi?id=373419
Currently, the only way to get this to work is to rebuild xulrunner with
this patch reverted. Given the way the patch works, I wonder whether it
would be possible instead to create a new configuration setting, that
would disable this security fence.
Do you think this would be a worthwhile addition?
I haven’t found an upstream bug report about this issue, so I can
forward the request up there directly if you need.
Cheers,
--
.''`. Josselin Mouette
: :' :
`. `' “A handshake with whitnesses is the same
`- as a signed contact.” -- Jörg Schilling
--- End Message ---
--- Begin Message ---
This bug has been reported against an ancient version of
iceweasel, that was last released with Debian 6.0 (squeeze). But
even squeeze-lts has now reached end-of-life and is no longer supported.
The bug is assumed to be fixed (or no longer relevant) in newer
firefox/firefox-esr releases and therefore I'm closing this report now.
If the problem is still reproducible in the currently supported
versions, feel free to provide more information, reopen
and reassign this bug report.
Andreas
--- End Message ---
