From 6de0715f5467d4b925e2dfe082174529ace3b174 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert@cs.ucla.edu>
Date: Fri, 13 May 2016 18:23:05 -0700
Subject: Properly reject malformed or empty package sigs

Problem report and fix by Lizzie Dixon (Bug#23513).
* lisp/emacs-lisp/package.el (package--check-signature-content):
Report an error if no good signatures OR if a fatal error.  Not AND.
Copyright-paperwork-exempt: yes
---
 lisp/emacs-lisp/package.el | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lisp/emacs-lisp/package.el b/lisp/emacs-lisp/package.el
index 5371f0b9e55..58973dfa920 100644
--- a/lisp/emacs-lisp/package.el
+++ b/lisp/emacs-lisp/package.el
@@ -1214,7 +1214,7 @@ errors."
           (unless (and (eq package-check-signature 'allow-unsigned)
                        (eq (epg-signature-status sig) 'no-pubkey))
             (setq had-fatal-error t))))
-      (when (and (null good-signatures) had-fatal-error)
+      (when (or (null good-signatures) had-fatal-error)
         (package--display-verify-error context sig-file)
         (signal 'bad-signature (list sig-file)))
       good-signatures)))
-- 
cgit v1.2.3