NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

port-amd64/53459: wget built without PSL

>Number:         53459
>Category:       port-amd64
>Synopsis:       wget built without PSL
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    port-amd64-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jul 19 10:40:00 +0000 2018
>Originator:     Jeffrey Walton
$ uname -a
NetBSD netbsd7-x64.home.pvt 7.0.2 NetBSD 7.0.2 (GENERIC.201610210724Z) amd64
In the output below notice the "-psl". I believe it means Wget was built without the Public Suffix List library ( I don't believe Wget needs an extra configuration option; Wget just needs to see the PSL library is present and it will use it.

What I am unsure of, does it matter to the NetBSD folks. On one hand the PSL stops dumb tricks like issuing certificates for *.com or *.net. On the other hand NetBSD is probably not vulnerable to those dumb tricks.

I suppose of Wget is willing to use the PSL then it might be a good idea to use it to keep scripts in line. Otherwise Wget may validate an otherwise invalid certificate.

Also note that the CA/B Forums explicitly forbid wildcards on TLDs so the PSL can be viewed as an enforcement of policy in non-Browser user agents.

Finally, rockdaboot (the GitHub) is Tim Rühsen (tim.ruehsen, GitHub. Rühsen is one of the Wget maintainers.


$ /usr/pkg/bin/wget --version
GNU Wget 1.19.5 built on netbsd.

-cares +digest -gpgme +https +ipv6 +iri +large-file -metalink +nls
+ntlm +opie -psl +ssl/openssl

    /usr/pkg/etc/wgetrc (system)
    gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/usr/pkg/etc/wgetrc"
    -DLOCALEDIR="/usr/pkg/share/locale" -I. -I../lib -I../lib
    -I/usr/pkg/include -I/usr/include -DHAVE_LIBSSL -DNDEBUG -O2
    -D_FORTIFY_SOURCE=2 -I/usr/pkg/include -I/usr/include
    -I/usr/pkg/include -I/usr/include -L/usr/pkg/lib -Wl,-R/usr/pkg/lib
    -L/usr/lib -Wl,-R/usr/lib -lidn2 -lssl -lcrypto -lz ftp-opie.o
    openssl.o http-ntlm.o ../lib/libgnu.a /usr/lib/
    /usr/pkg/lib/ -Wl,-rpath -Wl,/usr/pkg/lib

Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later

$ /usr/pkg/bin/wget --version
Build the PSL library ( prior to building Wget.

Home | Main Index | Thread Index | Old Index