Ported patches from 1.4.x

g10/sign.c

@@ -320,6 +320,12 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
       }
     else 
       {
+#if 0 /* disabled *.
+	/* Disabled for now.  It seems reasonable to accept a
+	   truncated hash for a DSA1 key, even though we don't
+	   generate it without --enable-dsa2.  Be liberal in what you
+	   accept, etc. */
+
 	/* If it's a DSA key, and q is 160 bits, it might be an
 	   old-style DSA key.  If the hash doesn't match the q, fail
 	   unless --enable-dsa2 is set.  If the q isn't 160 bits, then
@@ -333,6 +339,7 @@ do_sign( PKT_secret_key *sk, PKT_signature *sig,
 	    log_error(_("DSA requires the use of a 160 bit hash algorithm\n"));
 	    return G10ERR_GENERAL;
 	  }
+#endif /* disabled */
 
         frame = encode_md_value( NULL, sk, md, digest_algo );
         if (!frame)
@@ -1539,7 +1546,7 @@ update_keysig_packet( PKT_signature **ret_sig,
       }
 
     /* Note that already expired sigs will remain expired (with a
-       duration of 0) since build-packet.c:build_sig_subpkt_from_sig
+       duration of 1) since build-packet.c:build_sig_subpkt_from_sig
        detects this case. */
 
     if( sig->version >= 4 )