From 7c0d35a339db612aae5496424030307128f088a9 Mon Sep 17 00:00:00 2001
From: David Howells <dhowells@redhat.com>
Date: Fri, 11 Sep 2015 13:07:36 -0700
Subject: MODSIGN: fix a compilation warning in extract-cert

Fix the following warning when compiling extract-cert:

  scripts/extract-cert.c: In function `write_cert':
  scripts/extract-cert.c:89:2: warning: format not a string literal and no format arguments [-Wformat-security]
    ERR(!i2d_X509_bio(wb, x509), cert_dst);
    ^

whereby the ERR() macro is taking cert_dst as the format string.  "%s"
should be used as the format string as the path could contain special
characters.

Signed-off-by: David Howells <dhowells@redhat.com>
Reported-by: Jim Davis <jim.epost@gmail.com>
Acked-by : David Woodhouse <david.woodhouse@intel.com>
Cc: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---
 scripts/extract-cert.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'scripts/extract-cert.c')

diff --git a/scripts/extract-cert.c b/scripts/extract-cert.c
index fd0db015c65c..10d23ca9f617 100644
--- a/scripts/extract-cert.c
+++ b/scripts/extract-cert.c
@@ -86,7 +86,7 @@ static void write_cert(X509 *x509)
 		ERR(!wb, "%s", cert_dst);
 	}
 	X509_NAME_oneline(X509_get_subject_name(x509), buf, sizeof(buf));
-	ERR(!i2d_X509_bio(wb, x509), cert_dst);
+	ERR(!i2d_X509_bio(wb, x509), "%s", cert_dst);
 	if (kbuild_verbose)
 		fprintf(stderr, "Extracted cert: %s\n", buf);
 }
-- 
cgit v1.2.3


From 09a77a885233e2a20dac2635a79c83ccf50a26a1 Mon Sep 17 00:00:00 2001
From: David Woodhouse <dwmw2@infradead.org>
Date: Tue, 15 Sep 2015 16:03:36 +0100
Subject: modsign: Fix GPL/OpenSSL licence incompatibility

The GPL does not permit us to link against the OpenSSL library. Use
LGPL for sign-file and extract-file instead.

[ The whole "openssl isn't compatible with gpl" is really just
  fear-mongering, but there's no reason not to make modsign LGPL, so
  nobody cares.  - Linus ]

Reported-by: Julian Andres Klode <jak@jak-linux.org>
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Julian Andres Klode <jak@jak-linux.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---
 scripts/extract-cert.c | 10 +++++-----
 scripts/sign-file.c    | 13 ++++++++-----
 2 files changed, 13 insertions(+), 10 deletions(-)

(limited to 'scripts/extract-cert.c')

diff --git a/scripts/extract-cert.c b/scripts/extract-cert.c
index 10d23ca9f617..6ce5945a0b89 100644
--- a/scripts/extract-cert.c
+++ b/scripts/extract-cert.c
@@ -1,15 +1,15 @@
 /* Extract X.509 certificate in DER form from PKCS#11 or PEM.
  *
- * Copyright © 2014 Red Hat, Inc. All Rights Reserved.
- * Copyright © 2015 Intel Corporation.
+ * Copyright © 2014-2015 Red Hat, Inc. All Rights Reserved.
+ * Copyright © 2015      Intel Corporation.
  *
  * Authors: David Howells <dhowells@redhat.com>
  *          David Woodhouse <dwmw2@infradead.org>
  *
  * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public Licence
- * as published by the Free Software Foundation; either version
- * 2 of the Licence, or (at your option) any later version.
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1
+ * of the licence, or (at your option) any later version.
  */
 #define _GNU_SOURCE
 #include <stdio.h>
diff --git a/scripts/sign-file.c b/scripts/sign-file.c
index 058bba3103e2..c3899ca4811c 100755
--- a/scripts/sign-file.c
+++ b/scripts/sign-file.c
@@ -1,12 +1,15 @@
 /* Sign a module file using the given key.
  *
- * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved.
- * Written by David Howells (dhowells@redhat.com)
+ * Copyright © 2014-2015 Red Hat, Inc. All Rights Reserved.
+ * Copyright © 2015      Intel Corporation.
+ *
+ * Authors: David Howells <dhowells@redhat.com>
+ *          David Woodhouse <dwmw2@infradead.org>
  *
  * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public Licence
- * as published by the Free Software Foundation; either version
- * 2 of the Licence, or (at your option) any later version.
+ * modify it under the terms of the GNU Lesser General Public License
+ * as published by the Free Software Foundation; either version 2.1
+ * of the licence, or (at your option) any later version.
  */
 #define _GNU_SOURCE
 #include <stdio.h>
-- 
cgit v1.2.3