| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <71396370-b68d-1409-fa08-0020c6417f34@al2klimov.de>
Date: Fri, 10 Jul 2020 20:15:38 +0200
From: "Alexander A. Klimov" <grandmaster@...klimov.de>
To: Sam Ravnborg <sam@...nborg.org>
Cc: lee.jones@...aro.org, daniel.thompson@...aro.org,
jingoohan1@...il.com, b.zolnierkie@...sung.com,
dri-devel@...ts.freedesktop.org, linux-fbdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] Replace HTTP links with HTTPS ones: BACKLIGHT
CLASS/SUBSYSTEM
Am 10.07.20 um 19:35 schrieb Sam Ravnborg:
> Hi Alexander.
Hi,
>
> On Wed, Jul 08, 2020 at 06:38:47PM +0200, Alexander A. Klimov wrote:
>> Rationale:
>> Reduces attack surface on kernel devs opening the links for MITM
>> as HTTPS traffic is much harder to manipulate.
>>
>> Deterministic algorithm:
>> For each file:
>> If not .svg:
>> For each line:
>> If doesn't contain `\bxmlns\b`:
>> For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
>> If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
>> If both the HTTP and HTTPS versions
>> return 200 OK and serve the same content:
>> Replace HTTP with HTTPS.
>>
>> Signed-off-by: Alexander A. Klimov <grandmaster@...klimov.de>
>> ---
>> Continuing my work started at 93431e0607e5.
>> See also: git log --oneline '--author=Alexander A. Klimov <grandmaster@...klimov.de>' v5.7..master
>> (Actually letting a shell for loop submit all this stuff for me.)
>>
>> If there are any URLs to be removed completely or at least not HTTPSified:
>> Just clearly say so and I'll *undo my change*.
>> See also: https://lkml.org/lkml/2020/6/27/64
>>
>> If there are any valid, but yet not changed URLs:
>> See: https://lkml.org/lkml/2020/6/26/837
>>
>> If you apply the patch, please let me know.
>>
>>
>> drivers/video/backlight/led_bl.c | 2 +-
>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/drivers/video/backlight/led_bl.c b/drivers/video/backlight/led_bl.c
>> index 3f66549997c8..2c48957e9b60 100644
>> --- a/drivers/video/backlight/led_bl.c
>> +++ b/drivers/video/backlight/led_bl.c
>> @@ -1,6 +1,6 @@
>> // SPDX-License-Identifier: GPL-2.0
>> /*
>> - * Copyright (C) 2015-2019 Texas Instruments Incorporated - http://www.ti.com/
>> + * Copyright (C) 2015-2019 Texas Instruments Incorporated - https://www.ti.com/
>> * Author: Tomi Valkeinen <tomi.valkeinen@...com>
>> *
>> * Based on pwm_bl.c
>
> $grep http drivers/video/backlight/*
> drivers/video/backlight/cr_bllcd.c: * Intel funded Tungsten Graphics (http://www.tungstengraphics.com) to
> drivers/video/backlight/ili9320.c: * http://armlinux.simtec.co.uk/
> drivers/video/backlight/ili9320.h: * http://armlinux.simtec.co.uk/
> drivers/video/backlight/led_bl.c: * Copyright (C) 2015-2019 Texas Instruments Incorporated - http://www.ti.com/
> drivers/video/backlight/vgg2432a4.c: * http://armlinux.simtec.co.uk/
>
> Why are they not covered?
Didn't check them, but likely because they're new.
Don't worry, I'll do a second scan once the results of this one get into
master.
>
> Sam
>
>
>> --
>> 2.27.0
>>
>> _______________________________________________
>> dri-devel mailing list
>> dri-devel@...ts.freedesktop.org
>> https://lists.freedesktop.org/mailman/listinfo/dri-devel
Powered by blists - more mailing lists