Hi James, Here are three miscellaneous fixes: (1) Fix a panic in some debugging code in PKCS#7. This can only happen by explicitly inserting a #define DEBUG into the code. (2) Fix the calculation of the digest length in the PE file parser. This causes a failure where there should be a success. (3) Fix the case where an X.509 cert can be added as an asymmetric key to a trusted keyring with no trust restriction if no AKID is supplied. Bugs (1) and (2) aren't particularly problematic, but (3) allows a security check to be bypassed. Bug (3) is added since the 4.6 kernel. The patches can be found here also: http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=keys-fixes at tag: keys-fixes-20160718 David --- Lans Zhang (2): PKCS#7: Fix panic when referring to the empty AKID when DEBUG defined pefile: Fix the failure of calculation for digest Mat Martineau (1): KEYS: Fix for erroneous trust of incorrectly signed X.509 certs crypto/asymmetric_keys/mscode_parser.c | 7 ++++++- crypto/asymmetric_keys/pkcs7_verify.c | 2 +- crypto/asymmetric_keys/restrict.c | 2 +- 3 files changed, 8 insertions(+), 3 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html