[git] GnuPG - branch, STABLE-BRANCH-2-2, updated. gnupg-2.2.10-9-gb0d6e26

[by Werner Koch]

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, STABLE-BRANCH-2-2 has been updated
       via  b0d6e26bf3c8decaa568c9e4a5b2451d9af0b25b (commit)
      from  7e2b0488d13561be2b754e28801de654747a8dcc (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit b0d6e26bf3c8decaa568c9e4a5b2451d9af0b25b
Author: Werner Koch <wk at gnupg.org>
Date:   Mon Oct 8 16:14:17 2018 +0200

    gpg: Fix extra check for sign usage of a data signature.
    
    * g10/sig-check.c (check_signature_end_simple):
    --
    
    Obviously we should not ignore a back signature here.
    
    Fixes-commit: 214b0077264e35c079e854a8b6374704aea45cd5
    GnuPG-bug-id: 4014
    Signed-off-by: Werner Koch <wk at gnupg.org>
    (cherry picked from commit b6275f3bda8edff34274c5b921508567f491ab9c)

diff --git a/g10/sig-check.c b/g10/sig-check.c
index e59e0c9..a93b496 100644
--- a/g10/sig-check.c
+++ b/g10/sig-check.c
@@ -481,7 +481,8 @@ check_signature_end_simple (PKT_public_key *pk, PKT_signature *sig,
     }
 
   /* For data signatures check that the key has sign usage.  */
-  if (IS_SIG (sig) && !(pk->pubkey_usage & PUBKEY_USAGE_SIG))
+  if (!IS_BACK_SIG (sig) && IS_SIG (sig)
+      && !(pk->pubkey_usage & PUBKEY_USAGE_SIG))
     {
       rc = gpg_error (GPG_ERR_WRONG_KEY_USAGE);
       if (!opt.quiet)

-----------------------------------------------------------------------

Summary of changes:
 g10/sig-check.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org