From 0db1bb5bda4ae9c5b900402ca6a47eadb5cc3fb2 Mon Sep 17 00:00:00 2001
From: Tobias Geerinckx-Rice <tobias.geerinckx.rice@gmail.com>
Date: Thu, 7 May 2015 17:30:20 +0200
Subject: [PATCH] wget: verify cookie domains with libpsl

Reduces vulnerability to "supercookie" attacks:
<http://comments.gmane.org/gmane.comp.web.wget.general/12820>
---
 pkgs/tools/networking/wget/default.nix | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/pkgs/tools/networking/wget/default.nix b/pkgs/tools/networking/wget/default.nix
index 5a597afd9d3..7c6f815f909 100644
--- a/pkgs/tools/networking/wget/default.nix
+++ b/pkgs/tools/networking/wget/default.nix
@@ -1,6 +1,6 @@
 { stdenv, fetchurl, gettext, libidn
 , perl, perlPackages, LWP, python3
-, libiconv, gnutls ? null }:
+, libiconv, libpsl, gnutls ? null }:
 
 stdenv.mkDerivation rec {
   name = "wget-1.16";
@@ -26,7 +26,7 @@ stdenv.mkDerivation rec {
     '';
 
   nativeBuildInputs = [ gettext ];
-  buildInputs = [ libidn libiconv ]
+  buildInputs = [ libidn libiconv libpsl ]
     ++ stdenv.lib.optionals doCheck [ perl perlPackages.IOSocketSSL LWP python3 ]
     ++ stdenv.lib.optional (gnutls != null) gnutls
     ++ stdenv.lib.optional stdenv.isDarwin perl;