Description: Fix GPG signature verification to wrap all GpgError exceptions
 The GPGSignatureVendor.verify() method only caught gpg.errors.BadSignatures,
 but invalid signature data can cause GPGMEError (a sibling class, not parent)
 to be raised instead. Both BadSignatures and GPGMEError inherit from GpgError.
 .
 This patch catches gpg.errors.GpgError (the common base class) so that both
 BadSignatures and GPGMEError are wrapped in BadSignature exceptions.
Author: Jelmer Vernooĳ <jelmer@jelmer.uk>
Bug-Debian: https://bugs.debian.org/1126635
Bug-Debian: https://bugs.debian.org/1127667
Forwarded: not-needed
Last-Update: 2026-03-17

Index: dulwich/dulwich/signature.py
===================================================================
--- dulwich.orig/dulwich/signature.py
+++ dulwich/dulwich/signature.py
@@ -306,7 +306,7 @@ class GPGSignatureVendor(SignatureSigner
                         signing_keys=signing_fprs,
                         trusted_keys=list(self.keyids),
                     )
-        except gpg.errors.BadSignatures as e:
+        except gpg.errors.GpgError as e:
             raise BadSignature(f"GPG signature verification failed: {e}") from e
 
 
Index: dulwich/tests/test_signature.py
===================================================================
--- dulwich.orig/tests/test_signature.py
+++ dulwich/tests/test_signature.py
@@ -142,11 +142,13 @@ class GPGSignatureVendorTests(unittest.T
 
     def test_verify_invalid_signature(self) -> None:
         """Test that verify raises an error for invalid signatures."""
+        from dulwich.signature import BadSignature
+
         vendor = GPGSignatureVendor()
         test_data = b"test data"
         invalid_signature = b"this is not a valid signature"
 
-        with self.assertRaises(gpg.errors.GPGMEError):
+        with self.assertRaises(BadSignature):
             vendor.verify(test_data, invalid_signature)
 
     def test_sign_with_keyid(self) -> None:
