From fc9a35d2dec2f838abac831fd88dca494773e082 Mon Sep 17 00:00:00 2001
From: Werner Koch <wk@gnupg.org>
Date: Mon, 15 Dec 2014 09:50:19 +0100
Subject: gpg: Fix regression in notation data regression.

* g10/misc.c (pct_expando): Reorder conditions for clarity.
* g10/sign.c (write_signature_packets): Fix notation data creation.
--

Also re-added the check for signature version > 3.

Reported-by: MFPA
Signed-off-by: Werner Koch <wk@gnupg.org>
---
 g10/misc.c | 18 +++++++++---------
 g10/sign.c |  7 +++++--
 2 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/g10/misc.c b/g10/misc.c
index c47d6dcf0..6a45c6920 100644
--- a/g10/misc.c
+++ b/g10/misc.c
@@ -867,23 +867,25 @@ pct_expando(const char *string,struct expando_args *args)
 		}
 	      break;
 
-	    case 'p': /* primary pk fingerprint of a sk */
-	    case 'f': /* pk fingerprint */
-	    case 'g': /* sk fingerprint */
+	    case 'f': /* Fingerprint of key being signed */
+	    case 'p': /* Fingerprint of the primary key making the signature. */
+	    case 'g': /* Fingerprint of thge key making the signature.  */
 	      {
 		byte array[MAX_FINGERPRINT_LEN];
 		size_t len;
 		int i;
 
-		if((*(ch+1))=='p' && args->pksk)
+		if ((*(ch+1))=='f' && args->pk)
+		  fingerprint_from_pk (args->pk, array, &len);
+		else if ((*(ch+1))=='p' && args->pksk)
 		  {
 		    if(args->pksk->flags.primary)
 		      fingerprint_from_pk (args->pksk, array, &len);
 		    else if (args->pksk->main_keyid[0]
                              || args->pksk->main_keyid[1])
 		      {
-                        /* FIXME: Document teh code and check whether
-                           it is still needed.  */
+                        /* Not the primary key: Find the fingerprint
+                           of the primary key.  */
 			PKT_public_key *pk=
 			  xmalloc_clear(sizeof(PKT_public_key));
 
@@ -893,11 +895,9 @@ pct_expando(const char *string,struct expando_args *args)
 			  memset (array, 0, (len=MAX_FINGERPRINT_LEN));
 			free_public_key (pk);
 		      }
-		    else
+		    else /* Oops: info about the primary key missing.  */
 		      memset(array,0,(len=MAX_FINGERPRINT_LEN));
 		  }
-		else if((*(ch+1))=='f' && args->pk)
-		  fingerprint_from_pk (args->pk, array, &len);
 		else if((*(ch+1))=='g' && args->pksk)
 		  fingerprint_from_pk (args->pksk, array, &len);
 		else
diff --git a/g10/sign.c b/g10/sign.c
index 2e62f04f2..272451306 100644
--- a/g10/sign.c
+++ b/g10/sign.c
@@ -700,8 +700,11 @@ write_signature_packets (SK_LIST sk_list, IOBUF out, gcry_md_hd_t hash,
       if (gcry_md_copy (&md, hash))
         BUG ();
 
-      build_sig_subpkt_from_sig (sig);
-      mk_notation_policy_etc (sig, pk, NULL);
+      if (sig->version >= 4)
+        {
+          build_sig_subpkt_from_sig (sig);
+          mk_notation_policy_etc (sig, NULL, pk);
+        }
 
       hash_sigversion_to_magic (md, sig);
       gcry_md_final (md);
-- 
cgit v1.2.3