On Thu, Jun 5, 2014 at 4:16 PM, Tim Ruehsen <[email protected]> wrote: > On Thursday 05 June 2014 15:27:21 Darshit Shah wrote: >> Tim, >> >> As the author of libpsl, I'm waiting on you to ACK this, so we can merge. > > Sorry for letting you wait, Darshit. Sure, no issues. > > The patch looks good to me though i am not able to test it right now. But i am > sure, you did it already ;-) > Not correctly checking the cookie domain is a real life security thread (if > cookies are enabled by the Wget user). So merging the patch today is better > than doing it tomorrow... Pushed! Yes, I did check the patch for issues on my own. > > I would like to see test catching 'super-cookies' (IDNA and non-IDNA). But > that can be done in a second patch and should not delay the merge. > Let's see, I'll try and add some tests.
> Not sure about using pkg-config in Wget's configure.ac. That would be an > option for detecting libpsl (and other libs as well, I guess). We can work > also on that later if there are no complaints against that. > I'm not sure about using pkg-config. I don't know much about it and cannot comment on it right now. > I am just now working on a V0.3.0 release of libpsl that should satisfy dkg's > requirements for a Debian package. So I hope to see libpsl in Debian in the > near future. > BTW, the new release will use libicu (if found) instead of idn2 utility to > generate the built-in PSL data. The difference is that libicu seems to be more > common than idn2, e.g. Darshit had to package idn2 for Arch Linux. > That's great. Yes, having a package that is in the official repositories will be much easier. I'm following the development and will keep the Arch Linux package up to date with the latest releases. > Again, many thanks for working on the patch, Darshit ! Sure. > > Tim > >> >> On Wed, Jun 4, 2014 at 4:30 PM, Giuseppe Scrivano <[email protected]> > wrote: >> > Darshit Shah <[email protected]> writes: >> >> From 5b25217ecf6eb1897d769f2ee0aa5e922e6cbff4 Mon Sep 17 00:00:00 2001 >> >> From: Darshit Shah <[email protected]> >> >> Date: Fri, 30 May 2014 22:10:12 +0530 >> >> Subject: [PATCH] Support libpsl for cookie domain checking >> >> >> >> --- >> >> >> >> ChangeLog | 5 +++++ >> >> NEWS | 2 ++ >> >> README.checkout | 44 ++++++++++++++++++++++++-------------------- >> >> configure.ac | 11 +++++++++++ >> >> src/ChangeLog | 6 +++++- >> >> src/build_info.c.in | 1 + >> >> src/cookies.c | 24 +++++++++++++++++++----- >> >> 7 files changed, 67 insertions(+), 26 deletions(-) >> > >> > seems correct to me. >> > >> > ACK >> > >> > Regards, >> > Giuseppe > -- Thanking You, Darshit Shah
