Also decode early for PGP sigtags, which are actually header+payload
RSA signatures. Without this patch, verification of a package
that has just a header+payload RSA signature but no header-only RSA
signature fails.

Already in rpm-4.4.7.

--- ./lib/rpmchecksig.c.orig	2005-12-14 20:54:39.000000000 +0000
+++ ./lib/rpmchecksig.c	2006-03-21 18:00:22.000000000 +0000
@@ -801,7 +805,7 @@ int rpmVerifySignatures(QVA_t qva, rpmts
 	sigp = rpmtsSignature(ts);
 
 	/* XXX RSA needs the hash_algo, so decode early. */
-	if (sigtag == RPMSIGTAG_RSA) {
+	if (sigtag == RPMSIGTAG_RSA || sigtag == RPMSIGTAG_PGP) {
 	    xx = headerGetEntry(sigh, sigtag, &sigtype, &sig, &siglen);
 	    xx = pgpPrtPkts(sig, siglen, dig, 0);
 	    sig = headerFreeData(sig, sigtype);