| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200704172513.03815356@archlinux>
Date: Sat, 4 Jul 2020 17:25:13 +0100
From: Jonathan Cameron <jic23@...nel.org>
To: "Alexander A. Klimov" <grandmaster@...klimov.de>
Cc: lars@...afoo.de, Michael.Hennerich@...log.com, knaack.h@....de,
pmeerw@...erw.net, tomislav.denis@....com, ak@...klinger.de,
lukas@...ner.de, sergiu.cuciurean@...log.com,
andriy.shevchenko@...ux.intel.com, christophe.jaillet@...adoo.fr,
gregory.clement@...tlin.com, alexandre.belloni@...tlin.com,
sre@...nel.org, matt.ranostay@...sulko.com, hslester96@...il.com,
chris.lesiak@...or.com, alexandru.ardelean@...log.com,
dannenberg@...com, dpfrey@...il.com, linux-iio@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Replace HTTP links with HTTPS ones: drivers/iio
On Sat, 4 Jul 2020 00:31:24 +0200
"Alexander A. Klimov" <grandmaster@...klimov.de> wrote:
> Rationale:
> Reduces attack surface on kernel devs opening the links for MITM
> as HTTPS traffic is much harder to manipulate.
>
> Deterministic algorithm:
> For each file:
> If not .svg:
> For each line:
> If doesn't contain `\bxmlns\b`:
> For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
> If both the HTTP and HTTPS versions
> return 200 OK and serve the same content:
> Replace HTTP with HTTPS.
>
> Signed-off-by: Alexander A. Klimov <grandmaster@...klimov.de>
> ---
> Continuing my work started at 93431e0607e5.
>
> If there are any URLs to be removed completely or at least not HTTPSified:
> Just clearly say so and I'll *undo my change*.
> See also https://lkml.org/lkml/2020/6/27/64
>
> If there are any valid, but yet not changed URLs:
> See https://lkml.org/lkml/2020/6/26/837
>
I did a quick click through of the resulting links.
> diff --git a/drivers/iio/humidity/si7020.c b/drivers/iio/humidity/si7020.c
> index b938f07eed64..612cecbf8e7e 100644
> --- a/drivers/iio/humidity/si7020.c
> +++ b/drivers/iio/humidity/si7020.c
> @@ -13,7 +13,7 @@
> *
> * Data Sheets:
> * Si7013: http://www.silabs.com/Support%20Documents/TechnicalDocs/Si7013.pdf
> - * Si7020: http://www.silabs.com/Support%20Documents/TechnicalDocs/Si7020.pdf
> + * Si7020: https://www.silabs.com/Support%20Documents/TechnicalDocs/Si7020.pdf
> * Si7021: http://www.silabs.com/Support%20Documents/TechnicalDocs/Si7021.pdf
The original and new link don't actually work.
Seems they have changed the doc name. Not sure what the A20 reflects but there
doesn't seem to be any other variant of each of these.
https://www.silabs.com/documents/public/data-sheets/Si7013-A20.pdf
https://www.silabs.com/documents/public/data-sheets/Si7020-A20.pdf
https://www.silabs.com/documents/public/data-sheets/Si7021-A20.pdf
> */
>
> diff --git a/drivers/iio/light/isl29028.c b/drivers/iio/light/isl29028.c
> index 4d220c835c75..172fc9df1140 100644
> --- a/drivers/iio/light/isl29028.c
> +++ b/drivers/iio/light/isl29028.c
> @@ -8,7 +8,7 @@
> *
> * Datasheets:
> * - http://www.intersil.com/content/dam/Intersil/documents/isl2/isl29028.pdf
> - * - http://www.intersil.com/content/dam/Intersil/documents/isl2/isl29030.pdf
> + * - https://www.intersil.com/content/dam/Intersil/documents/isl2/isl29030.pdf
I'm not getting anywhere with this link. Given intersil seems to have
be bought be renesas
https://www.renesas.com/eu/en/www/doc/datasheet/isl29028a.pdf (not 100% sure this is
compatible with the non a version.
Not finding anything on the isl29030 so probably best to just drop that reference.
> */
>
> #include <linux/module.h>
The rest seem fine. Thanks for doing this.
Jonathan
Powered by blists - more mailing lists