* sign.c (update_keysig_packet): Policies and notations should be stripped

out when remaking a self-signature.  Noted by Atom Smasher.

2 files changed, 18 insertions, 0 deletions

diff --git a/g10/ChangeLog b/g10/ChangeLog
index 369b74f45..c175f6586 100644
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@@ -1,3 +1,9 @@
+2004-05-18  David Shaw  <[email protected]>
+
+	* sign.c (update_keysig_packet): Policies and notations should be
+	stripped out when remaking a self-signature.  Noted by Atom
+	Smasher.
+
 2004-05-11  Werner Koch  <[email protected]>
 
 	* keygen.c (do_generate_keypair, read_parameter_file): Really
diff --git a/g10/sign.c b/g10/sign.c
index db458236f..25f08faf4 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -1300,6 +1300,18 @@ update_keysig_packet( PKT_signature **ret_sig,
     /* create a new signature packet */
     sig = copy_signature (NULL, orig_sig);
 
+    /* We've copied the signature, subpackets and all, but we don't
+       want any old policies or notations coming over: the signature
+       is being remade, so these need to be restated as well.  Note
+       that other subpackets like backsigs come over as well, but we
+       want to keep those.  We don't delete policies or notations from
+       the unhashed area - since we don't put them there, this is a
+       case of not messing about with things that we are not
+       responsible for. */
+
+     delete_sig_subpkt(sig->hashed,SIGSUBPKT_POLICY);
+     delete_sig_subpkt(sig->hashed,SIGSUBPKT_NOTATION);
+ 
     /* We need to create a new timestamp so that new sig expiration
        calculations are done correctly... */
     sig->timestamp=make_timestamp();