Properly reject malformed or empty package sigs

Problem report and fix by Lizzie Dixon (Bug#23513). * lisp/emacs-lisp/package.el (package--check-signature-content): Report an error if no good signatures OR if a fatal error. Not AND. Copyright-paperwork-exempt: yes
2016-05-13 18:23:05 -07:00 · 2016-05-13 18:23:05 -07:00 · 6de0715f54
commit 6de0715f54
parent edae7d93ed
1 changed files with 1 additions and 1 deletions
--- a/lisp/emacs-lisp/package.el
+++ b/lisp/emacs-lisp/package.el
@ -1214,7 +1214,7 @@ errors."
          (unless (and (eq package-check-signature 'allow-unsigned)
                       (eq (epg-signature-status sig) 'no-pubkey))
            (setq had-fatal-error t))))
-      (when (and (null good-signatures) had-fatal-error)
+      (when (or (null good-signatures) had-fatal-error)
        (package--display-verify-error context sig-file)
        (signal 'bad-signature (list sig-file)))
      good-signatures)))