port-amd64/53459: wget built without PSL

To: port-amd64-maintainer%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: port-amd64/53459: wget built without PSL
From: noloader%gmail.com@localhost
Date: Thu, 19 Jul 2018 10:40:00 +0000 (UTC)

>Number:         53459
>Category:       port-amd64
>Synopsis:       wget built without PSL
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    port-amd64-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jul 19 10:40:00 +0000 2018
>Originator:     Jeffrey Walton
>Release:        
>Organization:
N/A
>Environment:
$ uname -a
NetBSD netbsd7-x64.home.pvt 7.0.2 NetBSD 7.0.2 (GENERIC.201610210724Z) amd64
>Description:
In the output below notice the "-psl". I believe it means Wget was built without the Public Suffix List library (https://github.com/rockdaboot/libpsl). I don't believe Wget needs an extra configuration option; Wget just needs to see the PSL library is present and it will use it.

What I am unsure of, does it matter to the NetBSD folks. On one hand the PSL stops dumb tricks like issuing certificates for *.com or *.net. On the other hand NetBSD is probably not vulnerable to those dumb tricks.

I suppose of Wget is willing to use the PSL then it might be a good idea to use it to keep scripts in line. Otherwise Wget may validate an otherwise invalid certificate.

Also note that the CA/B Forums explicitly forbid wildcards on TLDs so the PSL can be viewed as an enforcement of policy in non-Browser user agents.

Finally, rockdaboot (the GitHub) is Tim Rühsen (tim.ruehsen, gmx.de) GitHub. Rühsen is one of the Wget maintainers.

=====

$ /usr/pkg/bin/wget --version
GNU Wget 1.19.5 built on netbsd.

-cares +digest -gpgme +https +ipv6 +iri +large-file -metalink +nls
+ntlm +opie -psl +ssl/openssl

Wgetrc:
    /usr/pkg/etc/wgetrc (system)
Locale:
    /usr/pkg/share/locale
Compile:
    gcc -DHAVE_CONFIG_H -DSYSTEM_WGETRC="/usr/pkg/etc/wgetrc"
    -DLOCALEDIR="/usr/pkg/share/locale" -I. -I../lib -I../lib
    -I/usr/pkg/include -I/usr/include -DHAVE_LIBSSL -DNDEBUG -O2
    -D_FORTIFY_SOURCE=2 -I/usr/pkg/include -I/usr/include
Link:
    gcc -DHAVE_LIBSSL -DNDEBUG -O2 -D_FORTIFY_SOURCE=2
    -I/usr/pkg/include -I/usr/include -L/usr/pkg/lib -Wl,-R/usr/pkg/lib
    -L/usr/lib -Wl,-R/usr/lib -lidn2 -lssl -lcrypto -lz ftp-opie.o
    openssl.o http-ntlm.o ../lib/libgnu.a /usr/lib/libintl.so
    /usr/pkg/lib/libunistring.so -Wl,-rpath -Wl,/usr/pkg/lib

Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later

>How-To-Repeat:
$ /usr/pkg/bin/wget --version
>Fix:
Build the PSL library (https://github.com/rockdaboot/libpsl) prior to building Wget.

Prev by Date: Re: kern/53398: iwn0 off after X logout
Next by Date: NetBSD Nightly Trouble Ticket Report
Previous by Thread: bin/53458: usr.sbin/ypserv/ypinit: error while checking hostname
Next by Thread: kern/53461: axen doesn't support D-Link DUB-1312 USB network card
Indexes:

Home | Main Index | Thread Index | Old Index