bug-wget
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] [bug-wget] Libpsl for cookie domain checking in Wget


From: Darshit Shah
Subject: Re: [Bug-wget] [bug-wget] Libpsl for cookie domain checking in Wget
Date: Fri, 6 Jun 2014 13:39:32 +0530

I'm facing an issue with the patch I submitted for libpsl and would be
glad if someone could help me.

The configure.ac file does not work as expected. When libpsl is not
installed on a system, the LDFLAGS does not contain -lpsl flag, but
the configure summary shows LIBPSL: Yes.

There is some discrepency in the output that I'd like to fix. The
build completes successfully because the HAVE_LIBPSL variable isn't
set, and Wget compiles without libpsl support. This should however
happen only when --without-libpsl was explicitly specified as a
configure option.

On Thu, Jun 5, 2014 at 4:24 PM, Darshit Shah <address@hidden> wrote:
> On Thu, Jun 5, 2014 at 4:16 PM, Tim Ruehsen <address@hidden> wrote:
>> On Thursday 05 June 2014 15:27:21 Darshit Shah wrote:
>>> Tim,
>>>
>>> As the author of libpsl, I'm waiting on you to ACK this, so we can merge.
>>
>> Sorry for letting you wait, Darshit.
> Sure, no issues.
>>
>> The patch looks good to me though i am not able to test it right now. But i 
>> am
>> sure, you did it already ;-)
>> Not correctly checking the cookie domain is a real life security thread (if
>> cookies are enabled by the Wget user). So merging the patch today is better
>> than doing it tomorrow...
> Pushed!
> Yes, I did check the patch for issues on my own.
>>
>> I would like to see test catching 'super-cookies' (IDNA and non-IDNA). But
>> that can be done in a second patch and should not delay the merge.
>>
> Let's see, I'll try and add some tests.
>
>> Not sure about using pkg-config in Wget's configure.ac. That would be an
>> option for detecting libpsl (and other libs as well, I guess). We can work
>> also on that later if there are no complaints against that.
>>
> I'm not sure about using pkg-config. I don't know much about it and
> cannot comment on it right now.
>
>> I am just now working on a V0.3.0 release of libpsl that should satisfy dkg's
>> requirements for a Debian package. So I hope to see libpsl in Debian in the
>> near future.
>> BTW, the new release will use libicu (if found) instead of idn2 utility to
>> generate the built-in PSL data. The difference is that libicu seems to be 
>> more
>> common than idn2, e.g. Darshit had to package idn2 for Arch Linux.
>>
> That's great. Yes, having a package that is in the official
> repositories will be much easier. I'm following the development and
> will keep the Arch Linux package up to date with the latest releases.
>
>> Again, many thanks for working on the patch, Darshit !
> Sure.
>>
>> Tim
>>
>>>
>>> On Wed, Jun 4, 2014 at 4:30 PM, Giuseppe Scrivano <address@hidden>
>> wrote:
>>> > Darshit Shah <address@hidden> writes:
>>> >> From 5b25217ecf6eb1897d769f2ee0aa5e922e6cbff4 Mon Sep 17 00:00:00 2001
>>> >> From: Darshit Shah <address@hidden>
>>> >> Date: Fri, 30 May 2014 22:10:12 +0530
>>> >> Subject: [PATCH] Support libpsl for cookie domain checking
>>> >>
>>> >> ---
>>> >>
>>> >>  ChangeLog           |  5 +++++
>>> >>  NEWS                |  2 ++
>>> >>  README.checkout     | 44 ++++++++++++++++++++++++--------------------
>>> >>  configure.ac        | 11 +++++++++++
>>> >>  src/ChangeLog       |  6 +++++-
>>> >>  src/build_info.c.in |  1 +
>>> >>  src/cookies.c       | 24 +++++++++++++++++++-----
>>> >>  7 files changed, 67 insertions(+), 26 deletions(-)
>>> >
>>> > seems correct to me.
>>> >
>>> > ACK
>>> >
>>> > Regards,
>>> > Giuseppe
>>
>
>
>
> --
> Thanking You,
> Darshit Shah



-- 
Thanking You,
Darshit Shah



reply via email to

[Prev in Thread] Current Thread [Next in Thread]