From 7c0d35a339db612aae5496424030307128f088a9 Mon Sep 17 00:00:00 2001 From: David Howells Date: Fri, 11 Sep 2015 13:07:36 -0700 Subject: MODSIGN: fix a compilation warning in extract-cert Fix the following warning when compiling extract-cert: scripts/extract-cert.c: In function `write_cert': scripts/extract-cert.c:89:2: warning: format not a string literal and no format arguments [-Wformat-security] ERR(!i2d_X509_bio(wb, x509), cert_dst); ^ whereby the ERR() macro is taking cert_dst as the format string. "%s" should be used as the format string as the path could contain special characters. Signed-off-by: David Howells Reported-by: Jim Davis Acked-by : David Woodhouse Cc: James Morris Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- scripts/extract-cert.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts') diff --git a/scripts/extract-cert.c b/scripts/extract-cert.c index fd0db015c65c..10d23ca9f617 100644 --- a/scripts/extract-cert.c +++ b/scripts/extract-cert.c @@ -86,7 +86,7 @@ static void write_cert(X509 *x509) ERR(!wb, "%s", cert_dst); } X509_NAME_oneline(X509_get_subject_name(x509), buf, sizeof(buf)); - ERR(!i2d_X509_bio(wb, x509), cert_dst); + ERR(!i2d_X509_bio(wb, x509), "%s", cert_dst); if (kbuild_verbose) fprintf(stderr, "Extracted cert: %s\n", buf); } -- cgit v1.2.3 From 09a77a885233e2a20dac2635a79c83ccf50a26a1 Mon Sep 17 00:00:00 2001 From: David Woodhouse Date: Tue, 15 Sep 2015 16:03:36 +0100 Subject: modsign: Fix GPL/OpenSSL licence incompatibility The GPL does not permit us to link against the OpenSSL library. Use LGPL for sign-file and extract-file instead. [ The whole "openssl isn't compatible with gpl" is really just fear-mongering, but there's no reason not to make modsign LGPL, so nobody cares. - Linus ] Reported-by: Julian Andres Klode Signed-off-by: David Woodhouse Signed-off-by: David Howells Reviewed-by: Julian Andres Klode Signed-off-by: Linus Torvalds --- scripts/extract-cert.c | 10 +++++----- scripts/sign-file.c | 13 ++++++++----- 2 files changed, 13 insertions(+), 10 deletions(-) (limited to 'scripts') diff --git a/scripts/extract-cert.c b/scripts/extract-cert.c index 10d23ca9f617..6ce5945a0b89 100644 --- a/scripts/extract-cert.c +++ b/scripts/extract-cert.c @@ -1,15 +1,15 @@ /* Extract X.509 certificate in DER form from PKCS#11 or PEM. * - * Copyright © 2014 Red Hat, Inc. All Rights Reserved. - * Copyright © 2015 Intel Corporation. + * Copyright © 2014-2015 Red Hat, Inc. All Rights Reserved. + * Copyright © 2015 Intel Corporation. * * Authors: David Howells * David Woodhouse * * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public Licence - * as published by the Free Software Foundation; either version - * 2 of the Licence, or (at your option) any later version. + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 + * of the licence, or (at your option) any later version. */ #define _GNU_SOURCE #include diff --git a/scripts/sign-file.c b/scripts/sign-file.c index 058bba3103e2..c3899ca4811c 100755 --- a/scripts/sign-file.c +++ b/scripts/sign-file.c @@ -1,12 +1,15 @@ /* Sign a module file using the given key. * - * Copyright (C) 2014 Red Hat, Inc. All Rights Reserved. - * Written by David Howells (dhowells@redhat.com) + * Copyright © 2014-2015 Red Hat, Inc. All Rights Reserved. + * Copyright © 2015 Intel Corporation. + * + * Authors: David Howells + * David Woodhouse * * This program is free software; you can redistribute it and/or - * modify it under the terms of the GNU General Public Licence - * as published by the Free Software Foundation; either version - * 2 of the Licence, or (at your option) any later version. + * modify it under the terms of the GNU Lesser General Public License + * as published by the Free Software Foundation; either version 2.1 + * of the licence, or (at your option) any later version. */ #define _GNU_SOURCE #include -- cgit v1.2.3