procyberian/emacs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Properly reject malformed or empty package sigs

Browse source 
Problem report and fix by Lizzie Dixon (Bug#23513).
* lisp/emacs-lisp/package.el (package--check-signature-content):
Report an error if no good signatures OR if a fatal error.  Not AND.
Copyright-paperwork-exempt: yes
This commit is contained in:
Paul Eggert 2016-05-13 18:23:05 -07:00
parent edae7d93ed
commit 6de0715f54
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lisp/emacs-lisp/package.el
View file

@ -1214,7 +1214,7 @@ errors."
(unless (and (eq package-check-signature 'allow-unsigned) (unless (and (eq package-check-signature 'allow-unsigned)
(eq (epg-signature-status sig) 'no-pubkey)) (eq (epg-signature-status sig) 'no-pubkey))
(setq had-fatal-error t)))) (setq had-fatal-error t))))
(when (and (null good-signatures) had-fatal-error) (when (or (null good-signatures) had-fatal-error)
(package--display-verify-error context sig-file) (package--display-verify-error context sig-file)
(signal 'bad-signature (list sig-file))) (signal 'bad-signature (list sig-file)))
good-signatures))) good-signatures)))