LinuxLists.cc - [PATCH] SUPERH: Replace HTTP links with HTTPS ones

2020-07-09 02:19:59

Subject: [PATCH] SUPERH: Replace HTTP links with HTTPS ones

Rationale:
Reduces attack surface on kernel devs opening the links for MITM
as HTTPS traffic is much harder to manipulate.

Deterministic algorithm:
For each file:
If not .svg:
For each line:
If doesn't contain `\bxmlns\b`:
For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
If both the HTTP and HTTPS versions
return 200 OK and serve the same content:
Replace HTTP with HTTPS.

Signed-off-by: Alexander A. Klimov <[email protected]>
---
Continuing my work started at 93431e0607e5.
See also: git log --oneline '--author=Alexander A. Klimov <[email protected]>' v5.7..master
(Actually letting a shell for loop submit all this stuff for me.)

If there are any URLs to be removed completely or at least not HTTPSified:
Just clearly say so and I'll *undo my change*.
See also: https://lkml.org/lkml/2020/6/27/64

If there are any valid, but yet not changed URLs:
See: https://lkml.org/lkml/2020/6/26/837

If you apply the patch, please let me know.

arch/sh/Kconfig | 4 ++--
arch/sh/boards/Kconfig | 2 +-
2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig
index 9fc2b010e938..bc91bdb0b665 100644
--- a/arch/sh/Kconfig
+++ b/arch/sh/Kconfig
@@ -74,7 +74,7 @@ config SUPERH
The SuperH is a RISC processor targeted for use in embedded systems
and consumer electronics; it was also used in the Sega Dreamcast
gaming console. The SuperH port has a home page at
- <http://www.linux-sh.org/>.
+ <https://www.linux-sh.org/>.

config GENERIC_BUG
def_bool y
@@ -630,7 +630,7 @@ config SMP
Y to "Enhanced Real Time Clock Support", below.

See also <file:Documentation/admin-guide/lockup-watchdogs.rst> and the SMP-HOWTO
- available at <http://www.tldp.org/docs.html#howto>.
+ available at <https://www.tldp.org/docs.html#howto>.

If you don't know what to do here, say N.

diff --git a/arch/sh/boards/Kconfig b/arch/sh/boards/Kconfig
index fb0ca0c1efe1..cbfe32eba3d9 100644
--- a/arch/sh/boards/Kconfig
+++ b/arch/sh/boards/Kconfig
@@ -130,7 +130,7 @@ config SH_DREAMCAST
depends on CPU_SUBTYPE_SH7091
help
Select Dreamcast if configuring for a SEGA Dreamcast.
- More information at <http://www.linux-sh.org>
+ More information at <https://www.linux-sh.org>

config SH_SH03
bool "Interface CTP/PCI-SH03"
--
2.27.0

2020-07-12 10:59:09

by Rob Landley

[permalink] [raw]

Subject: Re: [PATCH] SUPERH: Replace HTTP links with HTTPS ones

On 7/8/20 9:17 PM, Alexander A. Klimov wrote:
> diff --git a/arch/sh/Kconfig b/arch/sh/Kconfig
> index 9fc2b010e938..bc91bdb0b665 100644
> --- a/arch/sh/Kconfig
> +++ b/arch/sh/Kconfig
> @@ -74,7 +74,7 @@ config SUPERH
> The SuperH is a RISC processor targeted for use in embedded systems
> and consumer electronics; it was also used in the Sega Dreamcast
> gaming console. The SuperH port has a home page at
> - <http://www.linux-sh.org/>.
> + <https://www.linux-sh.org/>.

That's a historical page last edited in 2006 (according to
http://www.linux-sh.org/shwiki/RecentChanges/ anyway) with a self-signed
certificate that pops up a full page warning on chrome about the certificate
being invalid, in a wiki that can theoretically be edited by arbitrary third
parties anyway.

Not a huge man-in-the-middle target.

Rob

2020-07-12 11:13:35

by Alexander A. Klimov

[permalink] [raw]

Subject: [PATCH] sh: Replace HTTP links with HTTPS ones

2020-07-12 11:23:13

by Rob Landley

[permalink] [raw]

Subject: Re: [PATCH] sh: Replace HTTP links with HTTPS ones

On 7/12/20 6:11 AM, Alexander A. Klimov wrote:
> Rationale:
> Reduces attack surface on kernel devs opening the links for MITM
> as HTTPS traffic is much harder to manipulate.

Trimmed just to the one site without the self-signed certficate: check.

> Deterministic algorithm:
> For each file:
> If not .svg:
> For each line:
> If doesn't contain `\bxmlns\b`:
> For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
> If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
> If both the HTTP and HTTPS versions
> return 200 OK and serve the same content:
> Replace HTTP with HTTPS.
>
> Signed-off-by: Alexander A. Klimov <[email protected]>

Acked-by: Rob Landley <[email protected]>

Rob

2020-07-12 23:42:24

by Rich Felker

[permalink] [raw]

Subject: Re: [PATCH] sh: Replace HTTP links with HTTPS ones

On Sun, Jul 12, 2020 at 06:30:04AM -0500, Rob Landley wrote:
> On 7/12/20 6:11 AM, Alexander A. Klimov wrote:
> > Rationale:
> > Reduces attack surface on kernel devs opening the links for MITM
> > as HTTPS traffic is much harder to manipulate.
>
> Trimmed just to the one site without the self-signed certficate: check.
>
> > Deterministic algorithm:
> > For each file:
> > If not .svg:
> > For each line:
> > If doesn't contain `\bxmlns\b`:
> > For each link, `\bhttp://[^# \t\r\n]*(?:\w|/)`:
> > If neither `\bgnu\.org/license`, nor `\bmozilla\.org/MPL\b`:
> > If both the HTTP and HTTPS versions
> > return 200 OK and serve the same content:
> > Replace HTTP with HTTPS.
> >
> > Signed-off-by: Alexander A. Klimov <[email protected]>
>
> Acked-by: Rob Landley <[email protected]>

Acked-by: Rich Felker <[email protected]>

I agree about replacing just the one with working https, not the dead
self-signed one. Alexander, is this whole set being submitted upstream
through a single maintainer, or do you want me to take the arch/sh
patch individually?

Rich

2020-07-13 06:37:33

by Alexander A. Klimov

[permalink] [raw]

Subject: Re: [PATCH] sh: Replace HTTP links with HTTPS ones

Am 13.07.20 um 01:39 schrieb Rich Felker:
> Alexander, is this whole set being submitted upstream
> through a single maintainer,
I've no idea what you're talking about, so the answer is likely no.

I've just followed the instructions on how to submit patches as for any
other subsystem.