bug-wget
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] [bug-wget] Libpsl for cookie domain checking in Wget


From: Darshit Shah
Subject: Re: [Bug-wget] [bug-wget] Libpsl for cookie domain checking in Wget
Date: Thu, 5 Jun 2014 16:24:14 +0530

On Thu, Jun 5, 2014 at 4:16 PM, Tim Ruehsen <address@hidden> wrote:
> On Thursday 05 June 2014 15:27:21 Darshit Shah wrote:
>> Tim,
>>
>> As the author of libpsl, I'm waiting on you to ACK this, so we can merge.
>
> Sorry for letting you wait, Darshit.
Sure, no issues.
>
> The patch looks good to me though i am not able to test it right now. But i am
> sure, you did it already ;-)
> Not correctly checking the cookie domain is a real life security thread (if
> cookies are enabled by the Wget user). So merging the patch today is better
> than doing it tomorrow...
Pushed!
Yes, I did check the patch for issues on my own.
>
> I would like to see test catching 'super-cookies' (IDNA and non-IDNA). But
> that can be done in a second patch and should not delay the merge.
>
Let's see, I'll try and add some tests.

> Not sure about using pkg-config in Wget's configure.ac. That would be an
> option for detecting libpsl (and other libs as well, I guess). We can work
> also on that later if there are no complaints against that.
>
I'm not sure about using pkg-config. I don't know much about it and
cannot comment on it right now.

> I am just now working on a V0.3.0 release of libpsl that should satisfy dkg's
> requirements for a Debian package. So I hope to see libpsl in Debian in the
> near future.
> BTW, the new release will use libicu (if found) instead of idn2 utility to
> generate the built-in PSL data. The difference is that libicu seems to be more
> common than idn2, e.g. Darshit had to package idn2 for Arch Linux.
>
That's great. Yes, having a package that is in the official
repositories will be much easier. I'm following the development and
will keep the Arch Linux package up to date with the latest releases.

> Again, many thanks for working on the patch, Darshit !
Sure.
>
> Tim
>
>>
>> On Wed, Jun 4, 2014 at 4:30 PM, Giuseppe Scrivano <address@hidden>
> wrote:
>> > Darshit Shah <address@hidden> writes:
>> >> From 5b25217ecf6eb1897d769f2ee0aa5e922e6cbff4 Mon Sep 17 00:00:00 2001
>> >> From: Darshit Shah <address@hidden>
>> >> Date: Fri, 30 May 2014 22:10:12 +0530
>> >> Subject: [PATCH] Support libpsl for cookie domain checking
>> >>
>> >> ---
>> >>
>> >>  ChangeLog           |  5 +++++
>> >>  NEWS                |  2 ++
>> >>  README.checkout     | 44 ++++++++++++++++++++++++--------------------
>> >>  configure.ac        | 11 +++++++++++
>> >>  src/ChangeLog       |  6 +++++-
>> >>  src/build_info.c.in |  1 +
>> >>  src/cookies.c       | 24 +++++++++++++++++++-----
>> >>  7 files changed, 67 insertions(+), 26 deletions(-)
>> >
>> > seems correct to me.
>> >
>> > ACK
>> >
>> > Regards,
>> > Giuseppe
>



-- 
Thanking You,
Darshit Shah



reply via email to

[Prev in Thread] Current Thread [Next in Thread]