From 50d1dfe3328dbaf6412c2bd22417bb8bbbba989e13c5c7a92e08982c341b6ab9 Mon Sep 17 00:00:00 2001
From: "P. Janouch" <p.janouch@gmail.com>
Date: Thu, 2 Jun 2016 16:46:05 +0000
Subject: [PATCH] - add gnupg-fix-signature-checking.patch (bsc#981020)  
 https://bugs.gnupg.org/gnupg/issue2351

OBS-URL: https://build.opensuse.org/package/show/Base:System/gpg2?expand=0&rev=138
---
 gnupg-fix-signature-checking.patch | 50 ++++++++++++++++++++++++++++++
 gpg2.changes                       |  6 ++++
 gpg2.spec                          |  2 ++
 3 files changed, 58 insertions(+)
 create mode 100644 gnupg-fix-signature-checking.patch

diff --git a/gnupg-fix-signature-checking.patch b/gnupg-fix-signature-checking.patch
new file mode 100644
index 0000000..9ede8fe
--- /dev/null
+++ b/gnupg-fix-signature-checking.patch
@@ -0,0 +1,50 @@
+From 83a90a916e8e2f8e44c3b11d11e1dd75f65a87fb Mon Sep 17 00:00:00 2001
+From: NIIBE Yutaka <gniibe@fsij.org>
+Date: Wed, 11 May 2016 19:27:03 +0900
+Subject: [PATCH] g10: Fix signature checking.
+
+* g10/sig-check.c (check_signature_over_key_or_uid): Fix call to
+walk_kbnode.
+
+--
+
+Thanks to Vincent Brillault (Feandil).
+
+GnuPG-bug-id: 2351
+Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
+---
+ g10/sig-check.c | 13 +++++++++----
+ 1 file changed, 9 insertions(+), 4 deletions(-)
+
+diff --git a/g10/sig-check.c b/g10/sig-check.c
+index 290f19a..7000b48 100644
+--- a/g10/sig-check.c
++++ b/g10/sig-check.c
+@@ -797,15 +797,20 @@ check_signature_over_key_or_uid (PKT_public_key *signer,
+             *is_selfsig = 1;
+         }
+       else
+-        /* See if one of the subkeys was the signer (although this is
+-           extremely unlikely).  */
+         {
+           kbnode_t ctx = NULL;
+           kbnode_t n;
+ 
+-          while ((n = walk_kbnode (kb, &ctx, PKT_PUBLIC_SUBKEY)))
++          /* See if one of the subkeys was the signer (although this
++             is extremely unlikely).  */
++          while ((n = walk_kbnode (kb, &ctx, 0)))
+             {
+-              PKT_public_key *subk = n->pkt->pkt.public_key;
++              PKT_public_key *subk;
++
++              if (n->pkt->pkttype != PKT_PUBLIC_SUBKEY)
++                continue;
++
++              subk = n->pkt->pkt.public_key;
+               if (sig->keyid[0] == subk->keyid[0]
+                   && sig->keyid[1] == subk->keyid[1])
+                 /* Issued by a subkey.  */
+-- 
+2.8.0.rc3
+
diff --git a/gpg2.changes b/gpg2.changes
index 91a16d4..cb5faec 100644
--- a/gpg2.changes
+++ b/gpg2.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Jun  2 16:01:40 UTC 2016 - pjanouch@suse.de
+
+- add gnupg-fix-signature-checking.patch (bsc#981020)
+  https://bugs.gnupg.org/gnupg/issue2351
+
 -------------------------------------------------------------------
 Wed May  4 15:37:12 UTC 2016 - astieger@suse.com
 
diff --git a/gpg2.spec b/gpg2.spec
index 93be054..467e25a 100644
--- a/gpg2.spec
+++ b/gpg2.spec
@@ -34,6 +34,7 @@ Patch6:         gnupg-dont-fail-with-seahorse-agent.patch
 Patch8:         gnupg-set_umask_before_open_outfile.patch
 Patch9:         gnupg-detect_FIPS_mode.patch
 Patch11:        gnupg-add_legacy_FIPS_mode_option.patch
+Patch12:        gnupg-fix-signature-checking.patch
 BuildRequires:  expect
 BuildRequires:  fdupes
 BuildRequires:  libadns-devel
@@ -84,6 +85,7 @@ gpg-agent, and a keybox library.
 %patch8 -p1
 %patch9 -p1
 %patch11 -p1
+%patch12 -p1
 
 %build
 date=$(date -u +%{Y}-%{m}-%{dT}%{H}:%{M}+0000 -r %{SOURCE99})