|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [PATCH 3/4] Miscellaneous and documentation: Only use TLS-protected transports
On 08.02.2023 05:51, Demi Marie Obenour wrote: > --- a/tools/misc/mkrpm > +++ b/tools/misc/mkrpm > @@ -34,7 +34,7 @@ Version: $version > Release: $release > License: GPL > Group: System/Hypervisor > -URL: http://xenbits.xenproject.org/xen.git > +URL: https://xenbits.xenproject.org/xen.git At the example of this (can't really tell whether there are others): Perhaps a good opportunity to actually provide a correct (working) URL? > --- a/xen/arch/arm/arm64/lib/memcmp.S > +++ b/xen/arch/arm/arm64/lib/memcmp.S > @@ -6,7 +6,7 @@ > * and re-licensed under GPLv2 for the Linux kernel. The original code can > * be found @ > * > - * http://bazaar.launchpad.net/~linaro-toolchain-dev/cortex-strings/trunk/ > + * https://bazaar.launchpad.net/~linaro-toolchain-dev/cortex-strings/trunk/ > * files/head:/src/aarch64/ Here (and below) maybe a good opportunity to unwrap the URL(s) at the same time? > --- a/xen/arch/x86/cpu/microcode/core.c > +++ b/xen/arch/x86/cpu/microcode/core.c > @@ -11,9 +11,9 @@ > * Software Developer's Manual > * Order Number 253668 or free download from: > * > - * http://developer.intel.com/design/pentium4/manuals/253668.htm > + * https://developer.intel.com/design/pentium4/manuals/253668.htm > * > - * For more information, go to http://www.urbanmyth.org/microcode > + * For more information, go to https://www.urbanmyth.org/microcode The original URL doesn't look to exist anymore, and the secure one fails to get a connection in the first place. > --- a/xen/arch/x86/dmi_scan.c > +++ b/xen/arch/x86/dmi_scan.c > @@ -617,7 +617,7 @@ static const struct dmi_blacklist __initconstrel > dmi_blacklist[] = { > NO_MATCH, NO_MATCH }}, > > { force_acpi_ht, "ABIT i440BX-W83977", { > - MATCH(DMI_BOARD_VENDOR, "ABIT <http://www.abit.com>"), > + MATCH(DMI_BOARD_VENDOR, "ABIT <https://www.abit.com>"), > MATCH(DMI_BOARD_NAME, "i440BX-W83977 (BP6)"), > NO_MATCH, NO_MATCH }}, Such a change is equivalent to removing the table entry: The BIOS in question won't magically change from http:// to https://. It _may_ be reasonable to add a 2nd table entry using https:// here. > --- a/xen/arch/x86/hvm/vioapic.c > +++ b/xen/arch/x86/hvm/vioapic.c > @@ -4,8 +4,8 @@ > * MandrakeSoft S.A. > * 43, rue d'Aboukir > * 75002 Paris - France > - * http://www.linux-mandrake.com/ > - * http://www.mandrakesoft.com/ > + * https://www.linux-mandrake.com/ > + * https://www.mandrakesoft.com/ Both sites result in "server not found". No point updating such URLs imo. Doing so only gives the false impression that they are still valid. > --- a/xen/common/README.source > +++ b/xen/common/README.source > @@ -26,7 +26,7 @@ The file is dually licensed under GPLv2.0 and LGPLv2.1 > libelf > ------ > This directory was opriginally imported from the libelf > -project at http://www.mr511.de/software/english.html > +project at https://www.mr511.de/software/english.html > This directory is licensed under LGPLv2.1 (see COPYING file) > > libfdt Firefox reports a self-signed security risk warning here. I'm unconvinced it is a good idea to refer to such a URL, but I guess it's better than nothing (and also better than the 404 coming back from the http:// one). > --- a/xen/common/bunzip2.c > +++ b/xen/common/bunzip2.c > @@ -35,7 +35,7 @@ > Phone (337) 232-1234 or 1-800-738-2226 > Fax (337) 232-1297 > > - http://www.hospiceacadiana.com/ > + https://www.hospiceacadiana.com/ > > Manuel > */ > @@ -470,7 +470,7 @@ got_huff_bits: > and decoded them into the intermediate buffer. There are > dbufCount many decoded bytes in dbuf[]. Now undo the > Burrows-Wheeler transform on dbuf. See > - http://dogma.net/markn/articles/bwt/bwt.htm > + https://dogma.net/markn/articles/bwt/bwt.htm Again the site looks to no longer exist. > --- a/xen/include/crypto/vmac.h > +++ b/xen/include/crypto/vmac.h > @@ -62,9 +62,9 @@ typedef unsigned long long uint64_t; > * This implementation supports two free AES implementations: OpenSSL's and > * Paulo Barreto's. To use OpenSSL's, you will need to include the OpenSSL > * crypto library (eg, gcc -lcrypto foo.c). For Barreto's, you will need > - * to compile rijndael-alg-fst.c, last seen at http://www.iaik.tu-graz.ac.at/ > + * to compile rijndael-alg-fst.c, last seen at > https://www.iaik.tu-graz.ac.at/ > * research/krypto/AES/old/~rijmen/rijndael/rijndael-fst-3.0.zip and > - * http://homes.esat.kuleuven.be/~rijmen/rijndael/rijndael-fst-3.0.zip. > + * https://homes.esat.kuleuven.be/~rijmen/rijndael/rijndael-fst-3.0.zip. > * To use a different implementation, use these definitions as a model. > * ----------------------------------------------------------------------- */ While here the server still exists, the URL doesn't anymore. > --- a/xen/tools/kconfig/qconf.cc > +++ b/xen/tools/kconfig/qconf.cc > @@ -1785,7 +1785,7 @@ void ConfigMainWindow::showAbout(void) > { > static const QString str = "qconf is Copyright (C) 2002 Roman Zippel > <zippel@xxxxxxxxxxxxxx>.\n" > "Copyright (C) 2015 Boris Barbulovski > <bbarbulovski@xxxxxxxxx>.\n\n" > - "Bug reports and feature request can also be entered at > http://bugzilla.kernel.org/\n";; > + "Bug reports and feature request can also be entered at > https://bugzilla.kernel.org/\n";; > > QMessageBox::information(this, "qconf", str); > } Personally I think changes to files under xen/tools/kconfig/ should come via a Linux side commit that we port over. Now that I've reached the end, just to clarify: I've not checked all URLs, just ones looking potentially "suspicious" to me. Jan
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |