From 0ad46db225db0077fd42f1eb9d05ccb461bfc66e Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 30 Mar 2023 14:33:31 +0200
Subject: [PATCH] Fix AEAD packet construction

Resolves: rhbz#2128058
---
 gnupg-2.3.3-aead-packet.patch | 30 ++++++++++++++++++++++++++++++
 gnupg2.spec                   |  4 ++++
 2 files changed, 34 insertions(+)
 create mode 100644 gnupg-2.3.3-aead-packet.patch

diff --git a/gnupg-2.3.3-aead-packet.patch b/gnupg-2.3.3-aead-packet.patch
new file mode 100644
index 0000000..cd4ff9b
--- /dev/null
+++ b/gnupg-2.3.3-aead-packet.patch
@@ -0,0 +1,30 @@
+commit eadf12a52c2e230174e076a0dcae68132094cefe
+Author: Jakub Jelen <jjelen@redhat.com>
+Date:   Thu Feb 24 09:02:53 2022 +0100
+
+    sign: Construct valid AEAD packets.
+    
+    * g10/sign.c (sign_symencrypt_file): Insert correct version and AEAD
+      information into symkey packet.
+    
+    --
+    
+    GnuPG-bug-id: 5856
+    Signed-off-by: Jakub Jelen <jjelen@redhat.com>
+
+diff --git a/g10/sign.c b/g10/sign.c
+index bbcfabdb7..2ab76c99b 100644
+--- a/g10/sign.c
++++ b/g10/sign.c
+@@ -1660,8 +1660,9 @@ sign_symencrypt_file (ctrl_t ctrl, const char *fname, strlist_t locusr)
+   {
+     PKT_symkey_enc *enc = xmalloc_clear( sizeof *enc );
+ 
+-    enc->version = 4;
++    enc->version = cfx.dek->use_aead ? 5 : 4;
+     enc->cipher_algo = cfx.dek->algo;
++    enc->aead_algo = cfx.dek->use_aead;
+     enc->s2k = *s2k;
+     pkt.pkttype = PKT_SYMKEY_ENC;
+     pkt.pkt.symkey_enc = enc;
+
diff --git a/gnupg2.spec b/gnupg2.spec
index 90b5acc..4daba12 100644
--- a/gnupg2.spec
+++ b/gnupg2.spec
@@ -33,6 +33,9 @@ Patch31: gnupg-2.3.1-revert-default-eddsa.patch
 Patch32: gnupg-2.3.3-CVE-2022-34903.patch
 # Mark SHA-1 weak algorithm to prevent its usage for verification
 Patch33: gnupg-2.3.3-disable-sha1.patch
+# Fix AEAD packet construction
+# https://dev.gnupg.org/T5856
+Patch34: gnupg-2.3.3-aead-packet.patch
 
 
 URL:     https://www.gnupg.org/
@@ -119,6 +122,7 @@ to the base GnuPG package
 %patch31 -p1 -R -b .eddsa
 %patch32 -p1 -b .CVE-2022-34903
 %patch33 -p1 -b .sha1
+%patch34 -p1 -b .aead
 
 # pcsc-lite library major: 0 in 1.2.0, 1 in 1.2.9+ (dlopen()'d in pcsc-wrapper)
 # Note: this is just the name of the default shared lib to load in scdaemon,