diff --git a/0001-Fix-importing-GPG-signatures.patch b/0001-Fix-importing-GPG-signatures.patch
new file mode 100644
index 0000000..4f7fd6a
--- /dev/null
+++ b/0001-Fix-importing-GPG-signatures.patch
@@ -0,0 +1,34 @@
+From 8380d8e0f91fc781919cbab68ba410c347cef0c2 Mon Sep 17 00:00:00 2001
+From: Richard Hughes <richard@hughsie.com>
+Date: Thu, 17 May 2012 10:28:00 +0100
+Subject: [PATCH] Fix importing GPG signatures
+
+Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=794927
+---
+ lib/packagekit-glib2/pk-client.c |   10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/lib/packagekit-glib2/pk-client.c b/lib/packagekit-glib2/pk-client.c
+index 6706331..d38c7b4 100644
+--- a/lib/packagekit-glib2/pk-client.c
++++ b/lib/packagekit-glib2/pk-client.c
+@@ -1323,11 +1323,11 @@ pk_client_signal_cb (GDBusProxy *proxy,
+ 			      "package-id", tmp_str[0],
+ 			      "repository-name", tmp_str[1],
+ 			      "key-url", tmp_str[2],
+-			      "key-userid", tmp_str[2],
+-			      "key-id", tmp_str[3],
+-			      "key-fingerprint", tmp_str[4],
+-			      "key-timestamp", tmp_str[5],
+-			      "type", pk_sig_type_enum_from_string (tmp_str[6]),
++			      "key-userid", tmp_str[3],
++			      "key-id", tmp_str[4],
++			      "key-fingerprint", tmp_str[5],
++			      "key-timestamp", tmp_str[6],
++			      "type", pk_sig_type_enum_from_string (tmp_str[7]),
+ 			      "role", state->role,
+ 			      "transaction-id", state->transaction_id,
+ 			      NULL);
+-- 
+1.7.10.1
+
diff --git a/PackageKit.spec b/PackageKit.spec
index 97dc1bc..60ac503 100644
--- a/PackageKit.spec
+++ b/PackageKit.spec
@@ -3,7 +3,7 @@
 Summary:   Package management service
 Name:      PackageKit
 Version:   0.7.4
-Release:   3%{?dist}
+Release:   4%{?dist}
 License:   GPLv2+ and LGPLv2+
 URL:       http://www.packagekit.org
 Source0:   http://www.packagekit.org/releases/%{name}-%{version}.tar.xz
@@ -17,6 +17,9 @@ Patch1:    PackageKit-0.4.4-Fedora-turn-off-time.conf.patch
 # Upstreamed: don't perceive all updates as untrusted
 Patch2:    PackageKit-0.7.4-yum-untrusted.patch
 
+# Upstreamed: fix an obvious off-by-one when parsing the signature
+Patch3:    0001-Fix-importing-GPG-signatures.patch
+
 Requires: PackageKit-glib = %{version}-%{release}
 Requires: PackageKit-backend
 Requires: shared-mime-info
@@ -250,6 +253,7 @@ user to restart the computer or remove and re-insert the device.
 %patch0 -p1 -b .fedora
 %patch1 -p1 -b .no-time
 %patch2 -p1 -b .yum-untrusted
+%patch3 -p1 -b .fix-install-signature
 
 %build
 %configure \
@@ -454,6 +458,10 @@ update-mime-database %{_datadir}/mime &> /dev/null || :
 %{_libdir}/pkgconfig/packagekit-plugin.pc
 
 %changelog
+* Thu May 17 2012 Richard Hughes  <rhughes@redhat.com> - 0.7.4-4
+- Fix an obvious off-by-one when parsing the signature
+- Resolves: #794927
+
 * Fri May 11 2012 Nils Philippsen <nils@redhat.com> - 0.7.4-3
 - yum: don't perceive all updates as untrusted (#821015)