NetBSD Problem Report #53459
From www@NetBSD.org Thu Jul 19 10:38:09 2018
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id CFCC47A152
for <gnats-bugs@gnats.NetBSD.org>; Thu, 19 Jul 2018 10:38:09 +0000 (UTC)
Message-Id: <20180719103807.8AD577A233@mollari.NetBSD.org>
Date: Thu, 19 Jul 2018 10:38:07 +0000 (UTC)
From: noloader@gmail.com
Reply-To: noloader@gmail.com
To: gnats-bugs@NetBSD.org
Subject: wget built without PSL
X-Send-Pr-Version: www-1.0
>Number: 53459
>Category: pkg
>Synopsis: wget built without PSL
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bsiegert
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Jul 19 10:40:00 +0000 2018
>Closed-Date: Sat Jul 28 12:32:41 +0000 2018
>Last-Modified: Sat Jul 28 12:32:41 +0000 2018
>Originator: Jeffrey Walton
>Release:
>Organization:
N/A
>Environment:
$ uname -a
NetBSD netbsd7-x64.home.pvt 7.0.2 NetBSD 7.0.2 (GENERIC.201610210724Z) amd64
>Description:
In the output below notice the "-psl". I believe it means Wget was built without the Public Suffix List library (https://github.com/rockdaboot/libpsl). I don't believe Wget needs an extra configuration option; Wget just needs to see the PSL library is present and it will use it.
What I am unsure of, does it matter to the NetBSD folks. On one hand the PSL stops dumb tricks like issuing certificates for *.com or *.net. On the other hand NetBSD is probably not vulnerable to those dumb tricks.
I suppose of Wget is willing to use the PSL then it might be a good idea to use it to keep scripts in line. Otherwise Wget may validate an otherwise invalid certificate.
Also note that the CA/B Forums explicitly forbid wildcards on TLDs so the PSL can be viewed as an enforcement of policy in non-Browser user agents.
Finally, rockdaboot (the GitHub) is Tim Rühsen (tim.ruehsen, gmx.de) GitHub. Rühsen is one of the Wget maintainers.
=====
$ /usr/pkg/bin/wget --version
GNU Wget 1.19.5 built on netbsd.
-cares +digest -gpgme +https +ipv6 +iri +large-file -metalink +nls
+ntlm +opie -psl +ssl/openssl
Wgetrc:
/usr/pkg/etc/wgetrc (system)
Locale:
/usr/pkg/share/locale
Compile:
gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/usr/pkg/etc/wgetrc"
-DLOCALEDIR="/usr/pkg/share/locale" -I. -I../lib -I../lib
-I/usr/pkg/include -I/usr/include -DHAVE_LIBSSL -DNDEBUG -O2
-D_FORTIFY_SOURCE=2 -I/usr/pkg/include -I/usr/include
Link:
gcc -DHAVE_LIBSSL -DNDEBUG -O2 -D_FORTIFY_SOURCE=2
-I/usr/pkg/include -I/usr/include -L/usr/pkg/lib -Wl,-R/usr/pkg/lib
-L/usr/lib -Wl,-R/usr/lib -lidn2 -lssl -lcrypto -lz ftp-opie.o
openssl.o http-ntlm.o ../lib/libgnu.a /usr/lib/libintl.so
/usr/pkg/lib/libunistring.so -Wl,-rpath -Wl,/usr/pkg/lib
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
>How-To-Repeat:
$ /usr/pkg/bin/wget --version
>Fix:
Build the PSL library (https://github.com/rockdaboot/libpsl) prior to building Wget.
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: port-amd64-maintainer->pkg-manager
Responsible-Changed-By: maya@NetBSD.org
Responsible-Changed-When: Thu, 19 Jul 2018 12:10:39 +0000
Responsible-Changed-Why:
package bug.
Responsible-Changed-From-To: pkg-manager->bsiegert
Responsible-Changed-By: bsiegert@NetBSD.org
Responsible-Changed-When: Tue, 24 Jul 2018 16:45:30 +0000
Responsible-Changed-Why:
Take
There is a libpsl package in wip. I'll update and import it, then change wget.
From: "Benny Siegert" <bsiegert@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/53459 CVS commit: pkgsrc/mk/defaults
Date: Sat, 28 Jul 2018 11:22:41 +0000
Module Name: pkgsrc
Committed By: bsiegert
Date: Sat Jul 28 11:22:41 UTC 2018
Modified Files:
pkgsrc/mk/defaults: options.description
Log Message:
Add description for psl option.
PR pkg/53459 (first step).
To generate a diff of this commit:
cvs rdiff -u -r1.557 -r1.558 pkgsrc/mk/defaults/options.description
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Benny Siegert" <bsiegert@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/53459 CVS commit: pkgsrc/www/libpsl
Date: Sat, 28 Jul 2018 12:25:20 +0000
Module Name: pkgsrc
Committed By: bsiegert
Date: Sat Jul 28 12:25:20 UTC 2018
Added Files:
pkgsrc/www/libpsl: DESCR Makefile PLIST buildlink3.mk distinfo
Log Message:
Add a package for libpsl-0.20.2. PR pkg/53459.
A "public suffix" is a domain name under which Internet users can
directly register own names.
Browsers and other web clients can use it to
* avoid privacy-leaking "supercookies" avoid privacy-leaking
* "super domain" certificates (see post from Jeffry Walton) domain
* highlighting parts of the domain in a user interface sorting
* domain lists by site
Libpsl...
* has built-in PSL data for fast access
* allows to load PSL data from files
* checks if a given domain is a "public suffix"
* provides immediate cookie domain verification
* finds the longest public part of a given domain
* finds the shortest private part of a given domain works with
international domains (UTF-8 and IDNA2008 Punycode)
* is thread-safe
* handles IDNA2008 UTS#46
To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 pkgsrc/www/libpsl/DESCR pkgsrc/www/libpsl/Makefile \
pkgsrc/www/libpsl/PLIST pkgsrc/www/libpsl/buildlink3.mk \
pkgsrc/www/libpsl/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Benny Siegert" <bsiegert@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/53459 CVS commit: pkgsrc/net/wget
Date: Sat, 28 Jul 2018 12:29:20 +0000
Module Name: pkgsrc
Committed By: bsiegert
Date: Sat Jul 28 12:29:20 UTC 2018
Modified Files:
pkgsrc/net/wget: options.mk
Log Message:
Add a "psl" option (off by default) to build wget with PSL.
This improves privacy by restricting cookies to a well-known list of
public suffixes.
We can consider turning that option on by default in the future.
Fixes PR pkg/53459.
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 pkgsrc/net/wget/options.mk
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: bsiegert@NetBSD.org
State-Changed-When: Sat, 28 Jul 2018 12:32:41 +0000
State-Changed-Why:
You can now build wget with PSL by setting
PKG_OPTIONS.wget=psl
We can consider turning psl support on by default in the future.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.