From 09dabda4a3f6de8a987250fcae60dea862b9b55f Mon Sep 17 00:00:00 2001
From: link2xt <link2xt@testrun.org>
Date: Fri, 26 Sep 2025 15:41:51 +0000
Subject: [PATCH] build: update rPGP from 0.16.0 to 0.17.0

---
 Cargo.lock | 21 ++++++++++++++-------
 Cargo.toml |  2 +-
 src/pgp.rs | 15 ++++++++-------
 3 files changed, 23 insertions(+), 15 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 760eaad36..58a515aa1 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -440,18 +440,18 @@ checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b"
 
 [[package]]
 name = "bitfields"
-version = "0.12.4"
+version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a1d84268bbf9b487d31fe4b849edbefcd3911422d7a07de855a2da1f70ab3d1c"
+checksum = "dcdbce6688e3ab66aff2ab413b762ccde9f37990e27bba0bb38a4b2ad1b5d877"
 dependencies = [
  "bitfields-impl",
 ]
 
 [[package]]
 name = "bitfields-impl"
-version = "0.9.4"
+version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "07c93edde7bb4416c35c85048e34f78999dcb47d199bde3b1d79286156f3e2fb"
+checksum = "57413e4b276d883b77fb368b7b33ae6a5eb97692852d49a5394d4f72ba961827"
 dependencies = [
  "proc-macro2",
  "quote",
@@ -4123,9 +4123,9 @@ dependencies = [
 
 [[package]]
 name = "pgp"
-version = "0.16.0"
+version = "0.17.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f91d320242d9b686612b15526fe38711afdf856e112eaa4775ce25b0d9b12b11"
+checksum = "7d918d5da2ce943e4c6088d7694f33f47c19374d6f0f2080a0c5e8010afdfd29"
 dependencies = [
  "aead",
  "aes",
@@ -4165,7 +4165,7 @@ dependencies = [
  "k256",
  "log",
  "md-5",
- "nom 7.1.3",
+ "nom 8.0.0",
  "num-bigint-dig",
  "num-traits",
  "num_enum",
@@ -4175,6 +4175,7 @@ dependencies = [
  "p521",
  "rand 0.8.5",
  "regex",
+ "replace_with",
  "ripemd",
  "rsa",
  "sha1",
@@ -4919,6 +4920,12 @@ version = "0.8.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "c08c74e62047bb2de4ff487b251e4a92e24f48745648451635cec7d591162d9f"
 
+[[package]]
+name = "replace_with"
+version = "0.1.8"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "51743d3e274e2b18df81c4dc6caf8a5b8e15dbe799e0dca05c7617380094e884"
+
 [[package]]
 name = "reqwest"
 version = "0.12.15"
diff --git a/Cargo.toml b/Cargo.toml
index 8f25bbbeb..dc116e8f4 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -79,7 +79,7 @@ num-derive = "0.4"
 num-traits = { workspace = true }
 parking_lot = "0.12.4"
 percent-encoding = "2.3"
-pgp = { version = "0.16.0", default-features = false }
+pgp = { version = "0.17.0", default-features = false }
 pin-project = "1"
 qrcodegen = "1.7.0"
 quick-xml = "0.37"
diff --git a/src/pgp.rs b/src/pgp.rs
index 4f5aa382b..047e214a2 100644
--- a/src/pgp.rs
+++ b/src/pgp.rs
@@ -8,9 +8,9 @@ use chrono::SubsecRound;
 use deltachat_contact_tools::EmailAddress;
 use pgp::armor::BlockType;
 use pgp::composed::{
-    ArmorOptions, Deserializable, KeyType as PgpKeyType, Message, MessageBuilder,
-    SecretKeyParamsBuilder, SignedPublicKey, SignedPublicSubKey, SignedSecretKey,
-    StandaloneSignature, SubkeyParamsBuilder, TheRing,
+    ArmorOptions, DecryptionOptions, Deserializable, DetachedSignature, KeyType as PgpKeyType,
+    Message, MessageBuilder, SecretKeyParamsBuilder, SignedPublicKey, SignedPublicSubKey,
+    SignedSecretKey, SubkeyParamsBuilder, TheRing,
 };
 use pgp::crypto::ecc_curve::ECCCurve;
 use pgp::crypto::hash::HashAlgorithm;
@@ -226,7 +226,7 @@ pub fn pk_calc_signature(
         plain.as_slice(),
     )?;
 
-    let sig = StandaloneSignature::new(signature);
+    let sig = DetachedSignature::new(signature);
 
     Ok(sig.to_armored_string(ArmorOptions::default())?)
 }
@@ -245,12 +245,13 @@ pub fn pk_decrypt(
     let skeys: Vec<&SignedSecretKey> = private_keys_for_decryption.iter().collect();
     let empty_pw = Password::empty();
 
+    let decrypt_options = DecryptionOptions::new().enable_legacy();
     let ring = TheRing {
         secret_keys: skeys,
         key_passwords: vec![&empty_pw],
         message_password: vec![],
         session_keys: vec![],
-        allow_legacy: false,
+        decrypt_options,
     };
     let (msg, ring_result) = msg.decrypt_the_ring(ring, true)?;
     anyhow::ensure!(
@@ -293,10 +294,10 @@ pub fn pk_validate(
 ) -> Result<HashSet<Fingerprint>> {
     let mut ret: HashSet<Fingerprint> = Default::default();
 
-    let standalone_signature = StandaloneSignature::from_armor_single(Cursor::new(signature))?.0;
+    let detached_signature = DetachedSignature::from_armor_single(Cursor::new(signature))?.0;
 
     for pkey in public_keys_for_validation {
-        if standalone_signature.verify(pkey, content).is_ok() {
+        if detached_signature.verify(pkey, content).is_ok() {
             let fp = pkey.dc_fingerprint();
             ret.insert(fp);
         }