--- /dev/null
+This patch is based on a revert of upstream commit
+f0da3a7d3af00d2fbc4486e50e5a2c8936e561a8 adapted by Peter Michael Green
+for use in the Debian package.
+
+Index: cookie-store/src/cookie_domain.rs
+===================================================================
+--- cookie-store.orig/src/cookie_domain.rs
++++ cookie-store/src/cookie_domain.rs
+@@ -2,7 +2,7 @@ use std;
+
+ use cookie::Cookie as RawCookie;
+ use idna;
+-use publicsuffix::{List, Psl, Suffix};
++use publicsuffix;
+ use serde::{Deserialize, Serialize};
+ use std::convert::TryFrom;
+ use url::{Host, Url};
+@@ -95,14 +95,16 @@ impl CookieDomain {
+
+ /// Tests if the domain-attribute is a public suffix as indicated by the provided
+ /// `publicsuffix::List`.
+- pub fn is_public_suffix(&self, psl: &List) -> bool {
+- if let Some(domain) = self.as_cow().as_ref().map(|d| d.as_bytes()) {
+- psl.suffix(domain)
+- // Only consider suffixes explicitly listed in the public suffix list
+- // to avoid issues like https://github.com/curl/curl/issues/658
+- .filter(Suffix::is_known)
+- .filter(|suffix| suffix == &domain)
+- .is_some()
++ pub fn is_public_suffix(&self, psl: &publicsuffix::List) -> bool {
++ if let Some(domain) = self.as_cow() {
++ // NB: a failure to parse the domain for publicsuffix usage probably indicates
++ // an over-all malformed Domain attribute. However, for the purposes of this test
++ // it suffices to indicate that the domain-attribute is not a public suffix, so we
++ // discard any such error via `.ok()`
++ psl.parse_domain(&domain)
++ .ok()
++ .and_then(|d| d.suffix().map(|d| d == domain))
++ .unwrap_or(false)
+ } else {
+ false
+ }
+Index: cookie-store/Cargo.toml
+===================================================================
+--- cookie-store.orig/Cargo.toml
++++ cookie-store/Cargo.toml
+@@ -52,7 +52,8 @@ optional = true
+ version = "0.4.14"
+
+ [dependencies.publicsuffix]
+-version = "2.1.1"
++version = "1.5"
++default-features = false
+
+ [dependencies.serde]
+ version = "1.0.136"