Changeset 7b231190 for networking

Timestamp:

02/03/2024 01:23:14 AM (3 months ago)

Author:

Douglas R. Reno <renodr@…>

Branches:

12.1, ken/TL2024, lazarus, rahul/power-profiles-daemon, trunk, xry111/llvm18

Children:

50ceb065

Parents:

51347047

Message:

Promote libpsl to recommended in wget, curl, and NetworkManager.

This is to protect against the "global cookie" issue outlined in
​https://daniel.haxx.se/blog/2024/01/10/psl-in-curl/

After some discussion we've decided to promote these to recommended, and
in cURL I've added a note that while the package can technically be
built without psl support, it's not recommended due to the security
implications.

Location:

networking

Files:

• netlibs/curl.xml (modified) (1 diff)
• netprogs/wget.xml (modified) (2 diffs)
• netutils/networkmanager.xml (modified) (2 diffs)

networking/netlibs/curl.xml

@@ -85 +85 @@
     <bridgehead renderas="sect3">cURL Dependencies</bridgehead>
 
-    <bridgehead renderas="sect4">Required</bridgehead>
-    <para role="required">
-      <xref linkend="libpsl"/>
-    </para>
-
     <bridgehead renderas="sect4">Recommended</bridgehead>
     <para role="recommended">
-      <xref role="runtime" linkend="make-ca"/> (runtime)
+      <xref linkend="libpsl"/>
+    </para>
+
+    <note>
+      <para>
+        While there is an option to build the package without libpsl, both
+        the upstream developers and the BLFS editors alike highly recommend
+        not disabling support for libpsl due to severe security implications.
+      </para>
+    </note>
+
+    <bridgehead renderas="sect4">Recommended at runtime</bridgehead>
+    <para role="recommended">
+      <xref role="runtime" linkend="make-ca"/>
     </para>
 

networking/netprogs/wget.xml

@@ -72 +72 @@
     <bridgehead renderas="sect4">Recommended</bridgehead>
     <para role="recommended">
-      <xref role="runtime" linkend="make-ca"/> (runtime)
+      <xref linkend="libpsl"/>
+    </para>
+
+    <bridgehead renderas="sect4">Recommended at runtime</bridgehead>
+    <para role="recommended">
+      <xref role="runtime" linkend="make-ca"/>
     </para>
 
@@ -81 +86 @@
       <xref linkend="perl-io-socket-ssl"/> (for the test suite),
       <xref linkend="libidn2"/>,
-      <xref linkend="libpsl"/>,
       <xref linkend="pcre"/> or <xref linkend="pcre2"/>, and
       <xref linkend="valgrind"/> (for the test suite)

networking/netutils/networkmanager.xml

@@ -94 +94 @@
       <xref linkend="gobject-introspection"/>,
       <xref linkend="iptables"/>,
+      <xref linkend="libpsl"/>,
       <xref linkend="newt"/> (for <command>nmtui</command>),
       <xref linkend="nss"/>,
@@ -111 +112 @@
       <xref linkend="gnutls"/> (can be used instead of <xref linkend="nss"/>),
       <xref linkend="gtk-doc"/>,
-      <xref linkend="libpsl"/>,
       (<xref linkend="qt5"/> or
        <xref role="node" linkend="qt5-components"/> with qtdoc) (for examples),