gnupg.git
16 years ago* main.h, g10.c (main), import.c (parse_import_options,
David Shaw [Wed, 9 Apr 2003 01:57:46 +0000 (01:57 +0000)]
* main.h, g10.c (main), import.c (parse_import_options,
fix_pks_corruption): It's really PKS corruption, not HKP corruption.
Keep the old repair-hkp-subkey-bug command as an alias.

* g10.c (main): Rename --no-version to --no-emit-version for consistency.
Keep --no-version as an alias.

16 years ago* gpgkeys_hkp.c (dehtmlize, parse_hkp_index): Fix memory corruption bug on
David Shaw [Wed, 9 Apr 2003 01:36:16 +0000 (01:36 +0000)]
* gpgkeys_hkp.c (dehtmlize, parse_hkp_index): Fix memory corruption bug on
some platforms.

16 years ago* autogen.sh: Add options to build for coldfire and uClinux.
Werner Koch [Tue, 8 Apr 2003 09:20:09 +0000 (09:20 +0000)]
* autogen.sh: Add options to build for coldfire and uClinux.

16 years ago* Makefile.am (EXTRA_DIST): Add autogen.sh wrapper.
Werner Koch [Tue, 8 Apr 2003 09:19:41 +0000 (09:19 +0000)]
* Makefile.am (EXTRA_DIST): Add autogen.sh wrapper.

16 years agoAdd primary key fingerprint to VALIDSIG status.
Werner Koch [Tue, 8 Apr 2003 08:42:47 +0000 (08:42 +0000)]
Add primary key fingerprint to VALIDSIG status.

16 years ago* DETAILS: Don't specify which hash is used to make up the namehash since
David Shaw [Mon, 7 Apr 2003 22:23:42 +0000 (22:23 +0000)]
* DETAILS: Don't specify which hash is used to make up the namehash since
it may change in the future.

* samplekeys.asc: Updated.

* gpg.sgml: Document "revuid".  Clarify that --openpgp resets --pgpX.
Some cleanup of --no-xxx options, make sure that all SGML tags are closed,
clarify --pgp8 allows SHA-256, and document --no-emit-version.

* Makefile.am: Allow CVS version to build without faqprog.pl.

16 years ago* dcigettext.c (plural_lookup): Name conflict on some platforms with
David Shaw [Mon, 7 Apr 2003 22:04:25 +0000 (22:04 +0000)]
* dcigettext.c (plural_lookup): Name conflict on some platforms with
"index".  Local fix for GnuPG.

16 years ago* configure.ac: Use much more accurate method to determine whether
David Shaw [Mon, 7 Apr 2003 21:52:38 +0000 (21:52 +0000)]
* configure.ac: Use much more accurate method to determine whether
DNS SRV is usable.

* README: Document the various --disable-xxx switches, and add a note
about existing keys that may use one of the missing ciphers as a
preference.  Update copyright date.

* NEWS: Add note about SHA-256/384/512.

* acinclude.m4: Fix URL to faqprog.pl.

16 years ago* pkclist.c (algo_available): PGP 8 can use the SHA-256 hash.
David Shaw [Fri, 4 Apr 2003 22:48:24 +0000 (22:48 +0000)]
* pkclist.c (algo_available): PGP 8 can use the SHA-256 hash.

* sign.c (sign_file, clearsign_file, sign_symencrypt_file): Remove unused
code.

16 years ago* keydb.h: Err on the side of making an unknown signature a SIG rather
David Shaw [Mon, 24 Mar 2003 20:05:53 +0000 (20:05 +0000)]
* keydb.h: Err on the side of making an unknown signature a SIG rather
than a CERT.

* import.c (delete_inv_parts): Discard any key signatures that aren't key
types (i.e. 0x00, 0x01, etc.)

* g10.c (main): Add deprecated option warning for --list-ownertrust.  Add
--compression-algo alias for --compress-algo.  Change --version output
strings to match "showpref" strings, and make translatable.

* status.c (do_get_from_fd): Accept 'y' as well as 'Y' for --command-fd
boolean input.

* trustdb.c: Fix typo (DISABLE_REGEXP -> DISABLE_REGEX)

* keyedit.c (show_key_with_all_names_colon): Show no-ks-modify flag.

16 years ago* acinclude.m4 (GNUPG_CHECK_ENDIAN): When crosscompiling assume
Werner Koch [Mon, 24 Mar 2003 16:18:30 +0000 (16:18 +0000)]
* acinclude.m4 (GNUPG_CHECK_ENDIAN): When crosscompiling assume
little only for Intel CPUs.

* configure.ac: Check for ranlib and ar.  This is required for
cross compiling.

16 years ago* argparse.c (default_strusage): Change copyright date.
David Shaw [Sun, 23 Mar 2003 16:24:49 +0000 (16:24 +0000)]
* argparse.c (default_strusage): Change copyright date.

16 years ago* srv.h, srv.c (getsrv): Use unsigned char rather than char. Noted by
David Shaw [Sat, 15 Mar 2003 02:28:02 +0000 (02:28 +0000)]
* srv.h, srv.c (getsrv): Use unsigned char rather than char. Noted by
Stefan Bellon.

16 years ago* options.h, g10.c (main), keyserver.c (kopts): Add "try-dns-srv"
David Shaw [Tue, 11 Mar 2003 22:12:20 +0000 (22:12 +0000)]
* options.h, g10.c (main), keyserver.c (kopts): Add "try-dns-srv"
keyserver option.  Defaults to on.

* passphrase.c (agent_get_passphrase): Fix memory leak with symmetric
messages.  Fix segfault with symmetric messages.  Fix incorrect prompt
with symmetric messages.

16 years ago* http.c (connect_server): Use DNS SRV to get a server list. Fail over to
David Shaw [Tue, 11 Mar 2003 22:04:53 +0000 (22:04 +0000)]
* http.c (connect_server): Use DNS SRV to get a server list.  Fail over to
A records if necessary.

* Makefile.am, srv.h, srv.c: New DNS SRV handling code.

16 years ago* Makefile.am: Use @CAPLIBS@ to link in -lcap if we are using
David Shaw [Tue, 11 Mar 2003 19:23:23 +0000 (19:23 +0000)]
* Makefile.am: Use @CAPLIBS@ to link in -lcap if we are using
capabilities.

16 years ago* gpgkeys_hkp.c (get_key): Properly handle CRLF line endings in the
David Shaw [Tue, 11 Mar 2003 17:42:07 +0000 (17:42 +0000)]
* gpgkeys_hkp.c (get_key): Properly handle CRLF line endings in the
armored key. (main): Accept "try-dns-srv" option.

* Makefile.am: Use @CAPLIBS@ to link in -lcap if we are using
capabilities.  Use @SRVLIBS@ to link in the resolver if we are using DNS
SRV.

16 years ago* http.h: Add HTTP_FLAG_TRY_SRV.
David Shaw [Tue, 11 Mar 2003 17:32:59 +0000 (17:32 +0000)]
* http.h: Add HTTP_FLAG_TRY_SRV.

16 years ago* configure.ac: Look for res_query so we can use DNS SRV, and add
David Shaw [Tue, 11 Mar 2003 17:29:49 +0000 (17:29 +0000)]
* configure.ac: Look for res_query so we can use DNS SRV, and add
--disable-dns-srv to disable it.

16 years ago* compress.c (init_uncompress): Use a 15 bit window size so that
Werner Koch [Mon, 10 Mar 2003 09:59:33 +0000 (09:59 +0000)]
* compress.c (init_uncompress): Use a 15 bit window size so that
the output of implementations which don't run for PGP 2
compatibility won't get garbled.

16 years ago* configure.ac: Define @CAPLIBS@ to link in -lcap if we are using
David Shaw [Tue, 4 Mar 2003 16:12:53 +0000 (16:12 +0000)]
* configure.ac: Define @CAPLIBS@ to link in -lcap if we are using
capabilities.

16 years ago* trustdb.c (validate_keys): Mask the ownertrust when building the list of
David Shaw [Tue, 4 Mar 2003 15:24:12 +0000 (15:24 +0000)]
* trustdb.c (validate_keys): Mask the ownertrust when building the list of
fully valid keys so that disabled keys are still counted in the web of
trust. (get_ownertrust_with_min): Do the same for the minimum ownertrust
calculation.

* parse-packet.c (dump_sig_subpkt): Show the notation names for
not-human-readable notations.  Fix cosmetic off-by-one length counter.

* options.skel: Add explantion and commented-out
"no-mangle-dos-filenames".

* mainproc.c (proc_encrypted): Make string translatable.

* keyserver.c (keyserver_spawn): Quote ':', '%', and any 8-bit characters
in the uid strings sent to the keyserver helper.

* keyring.c (keyring_rebuild_cache): Lock the keyring while rebuilding the
signature caches to prevent another gpg from tampering with the temporary
copy.

* keygen.c (keygen_set_std_prefs): Include AES192 and AES256 in default
prefs.

* keyedit.c (show_prefs): Make strings translatable.

* keydb.c: Double the maximum number of keyrings to 40.

* gpgv.c (main): Fix bug #113 - gpgv should accept the
--ignore-time-conflict option.

* g10.c (main): --openpgp disables --pgpX.  Double the amount of secure
memory to 32k (keys are getting bigger these days).

* Makefile.am: Makefile.am: Use @CAPLIBS@ to link in -lcap if we are using
capabilities.

16 years ago* keyserver.c (keyserver_spawn): Include various pieces of information
David Shaw [Wed, 26 Feb 2003 17:11:24 +0000 (17:11 +0000)]
* keyserver.c (keyserver_spawn): Include various pieces of information
about the key in the data sent to the keyserver helper.  This allows the
helper to use it in instructing a remote server which may not have any
actual OpenPGP smarts in parsing keys.

* main.h, export.c (export_pubkeys_stream, do_export_stream): Add ability
to return only the first match in an exported keyblock for keyserver
usage.  This should be replaced at some point with a more flexible
solution where each key can be armored seperately.

16 years ago* distfiles, gnupg.spec.in: convert-from-106 is in the tools directory
David Shaw [Sun, 23 Feb 2003 05:14:57 +0000 (05:14 +0000)]
* distfiles, gnupg.spec.in: convert-from-106 is in the tools directory
now.

16 years ago* Makefile.am: Distribute convert-from-106.
David Shaw [Sun, 23 Feb 2003 05:12:28 +0000 (05:12 +0000)]
* Makefile.am: Distribute convert-from-106.

16 years ago* convert-from-106: Script to automate the 1.0.6->later conversion. It
David Shaw [Sun, 23 Feb 2003 05:09:52 +0000 (05:09 +0000)]
* convert-from-106: Script to automate the 1.0.6->later conversion.  It
marks all secret keys as ultimately trusted, adds the signature caches,
and checks the trustdb.  Moved from the scripts directory.

16 years ago* convert-from-106: Move to the tools directory.
David Shaw [Sun, 23 Feb 2003 05:08:26 +0000 (05:08 +0000)]
* convert-from-106: Move to the tools directory.

16 years ago* sign.c (sign_file): Do not push textmode filter onto an unopened IOBUF
David Shaw [Sat, 22 Feb 2003 23:58:39 +0000 (23:58 +0000)]
* sign.c (sign_file): Do not push textmode filter onto an unopened IOBUF
(segfault).  Noted by Marcus Brinkmann.  Push and reinitialize textmode
filter for each file in a multiple file list.

* packet.h, getkey.c (fixup_uidnode), keyedit.c (show_prefs): Set and show
the keyserver no-modify flag.

* keygen.c (add_keyserver_modify): New. (keygen_upd_std_prefs): Call it
here. (keygen_set_std_prefs): Accept "ks-modify" and "no-ks-modify" as
prefs to set and unset keyserver modify flag.

16 years ago* ttyio.c (tty_print_utf8_string, tty_print_utf8_string2): Use 0 to
David Shaw [Sat, 22 Feb 2003 23:45:28 +0000 (23:45 +0000)]
* ttyio.c (tty_print_utf8_string, tty_print_utf8_string2): Use 0 to
indicate a string with no maximum size.  This prevents early truncation of
strings that contain control chars which are expanded into \xXX form.

16 years ago* configure.ac: Add --disable-idea for IDEA. Note that disabling IDEA
David Shaw [Sat, 22 Feb 2003 13:29:20 +0000 (13:29 +0000)]
* configure.ac: Add --disable-idea for IDEA.  Note that disabling IDEA
disables both the real IDEA and the possibility of using the IDEA loadable
module.  Remove the --disable-dynload option since it is no longer
meaningful (it is only used if idea-stub is used).

16 years ago* g10.c (main): Accept "s1" in addition to "idea" to match the other
David Shaw [Sat, 22 Feb 2003 13:00:18 +0000 (13:00 +0000)]
* g10.c (main): Accept "s1" in addition to "idea" to match the other
ciphers.

* main.h, misc.c (idea_cipher_warn): We don't need this if IDEA has been
disabled.

16 years ago* configure.ac: Add --disable-xxx options for CAST5, BLOWFISH, AES (all),
David Shaw [Fri, 21 Feb 2003 22:22:57 +0000 (22:22 +0000)]
* configure.ac: Add --disable-xxx options for CAST5, BLOWFISH, AES (all),
TWOFISH, TIGER192, SHA256, and SHA384/512.  Add a --enable-minimal that
disables all of them as well as --disable-exec.

16 years ago* keygen.c (keygen_set_std_prefs): Don't put AES or CAST5 in default prefs
David Shaw [Fri, 21 Feb 2003 22:16:43 +0000 (22:16 +0000)]
* keygen.c (keygen_set_std_prefs): Don't put AES or CAST5 in default prefs
if they are disabled.

16 years ago* cipher.c (setup_cipher_table): #ifdef all optional ciphers.
David Shaw [Fri, 21 Feb 2003 20:49:58 +0000 (20:49 +0000)]
* cipher.c (setup_cipher_table): #ifdef all optional ciphers.

* md.c (load_digest_module): #ifdef all optional digests.

16 years ago* g10.c (main): Use 3DES instead of CAST5 if we don't have CAST5 support.
David Shaw [Fri, 21 Feb 2003 20:43:17 +0000 (20:43 +0000)]
* g10.c (main): Use 3DES instead of CAST5 if we don't have CAST5 support.
Use 3DES for the s2k cipher in --openpgp mode. (print_mds): #ifdef all of
the optional digest algorithms.

16 years ago* keydb.h, getkey.c (classify_user_id, classify_user_id2): Make 'exact' a
David Shaw [Wed, 12 Feb 2003 18:43:44 +0000 (18:43 +0000)]
* keydb.h, getkey.c (classify_user_id, classify_user_id2): Make 'exact' a
per-desc item.  Merge into one function since 'force_exact' is no longer
needed. (key_byname): Use new classify_user_id function, and new exact
flag in KEYDB_SEARCH_DESC.

* keyring.h, keyring.c (keyring_search): Return an optional index to show
which KEYDB_SEARCH_DESC was the matching one.

* keydb.h, keydb.c (keydb_search): Rename to keydb_search2, and pass the
optional index to keyring_search.  Add a macro version of keydb_search
that calls this new function.

* export.c (do_export_stream): If the keyid! syntax is used, export only
that specified key.  If the key in question is a subkey, export the
primary plus that subkey only.

16 years ago* exec.c (set_exec_path): Add debugging line.
David Shaw [Wed, 12 Feb 2003 05:18:26 +0000 (05:18 +0000)]
* exec.c (set_exec_path): Add debugging line.

* g10.c (print_hex, print_mds): Print long hash strings a lot neater.
This assumes at least an 80-character display, as there are a few other
similar assumptions here and there.  Users who need unformatted hashes can
still use with-colons.  Check that SHA384 and 512 are available before
using them as they are no longer always available.

16 years ago* Makefile.am: Use a local copy of libexecdir along with @PACKAGE@ as
David Shaw [Wed, 12 Feb 2003 05:10:30 +0000 (05:10 +0000)]
* Makefile.am: Use a local copy of libexecdir along with @PACKAGE@ as
GNUPG_LIBEXECDIR so it can be easily overridden at make time.

16 years ago* configure.ac: Do not set GNUPG_LIBEXECDIR in ./configure, so that
David Shaw [Wed, 12 Feb 2003 04:59:07 +0000 (04:59 +0000)]
* configure.ac: Do not set GNUPG_LIBEXECDIR in ./configure, so that
makefiles can override it.  Verify that we have a 64-bit type before
building tiger.c or sha512.c.  Add uint64_t as a possible 64-bit type.

16 years ago* Makefile.am, md.c (load_digest_module): Only build in SHA384/512 and
David Shaw [Wed, 12 Feb 2003 04:51:22 +0000 (04:51 +0000)]
* Makefile.am, md.c (load_digest_module): Only build in SHA384/512 and
TIGER if specifically enabled by the 64-bit type check in configure.

16 years ago* types.h: Try and use uint64_t for a 64-bit type.
David Shaw [Wed, 12 Feb 2003 04:45:51 +0000 (04:45 +0000)]
* types.h: Try and use uint64_t for a 64-bit type.

16 years ago* Makefile.am: Use a local copy of libexecdir along with @PACKAGE@ so it
David Shaw [Wed, 12 Feb 2003 04:00:38 +0000 (04:00 +0000)]
* Makefile.am: Use a local copy of libexecdir along with @PACKAGE@ so it
can be easily overridden at make time.

16 years ago* armor.c (parse_hash_header, armor_filter): Accept the new SHAs in the
David Shaw [Tue, 4 Feb 2003 19:33:09 +0000 (19:33 +0000)]
* armor.c (parse_hash_header, armor_filter): Accept the new SHAs in the
armor Hash: header.

* g10.c (print_hex): Print long hash strings a little neater. (print_mds):
Add the new SHAs to the hash list.

16 years ago* sha256.c, sha512.c: New.
David Shaw [Tue, 4 Feb 2003 19:28:40 +0000 (19:28 +0000)]
* sha256.c, sha512.c: New.

* Makefile.am, algorithms.h, md.c (load_digest_module,
string_to_digest_algo): Add read-only support for the new SHAs.

16 years ago* cipher.h: Add constants for new SHAs.
David Shaw [Tue, 4 Feb 2003 19:04:24 +0000 (19:04 +0000)]
* cipher.h: Add constants for new SHAs.

16 years ago* NEWS: Add notes about disabled keys, trustdb tweaks, and "revuid".
David Shaw [Sun, 2 Feb 2003 18:10:53 +0000 (18:10 +0000)]
* NEWS: Add notes about disabled keys, trustdb tweaks, and "revuid".

16 years ago* keyedit.c (menu_revuid): Properly handle a nonselfsigned uid on a v4 key
David Shaw [Sun, 2 Feb 2003 15:47:43 +0000 (15:47 +0000)]
* keyedit.c (menu_revuid): Properly handle a nonselfsigned uid on a v4 key
(treat as a v4 revocation).

* import.c (print_import_check): Do not re-utf8 convert user IDs.

16 years ago* gpgkeys_mailto.in: Fix regexp to work properly if the "keyid" is not a
David Shaw [Wed, 29 Jan 2003 23:14:29 +0000 (23:14 +0000)]
* gpgkeys_mailto.in: Fix regexp to work properly if the "keyid" is not a
keyid, but rather a text string from the user ID.

16 years ago* DETAILS: Document trust depth, value, and regexp.
David Shaw [Mon, 27 Jan 2003 22:07:38 +0000 (22:07 +0000)]
* DETAILS: Document trust depth, value, and regexp.

16 years ago* mainproc.c (list_node): Show signature expiration date in with-colons
David Shaw [Mon, 27 Jan 2003 21:49:37 +0000 (21:49 +0000)]
* mainproc.c (list_node): Show signature expiration date in with-colons
sig records.

* keylist.c (list_keyblock_colon), mainproc.c (list_node): Show trust sig
information in with-colons sig records.

16 years ago* g10.c (add_group): Trim whitespace after a group name so it does not
David Shaw [Thu, 16 Jan 2003 19:20:10 +0000 (19:20 +0000)]
* g10.c (add_group): Trim whitespace after a group name so it does not
matter where the user puts the = sign.

* options.skel: Comment out the first three lines in case someone manually
copies the skel file to their homedir.

* sign.c (clearsign_file): Only use pgp2mode with v3 keys and MD5. This
matches what we do when decoding such messages and prevents creating a
message (v3+RIPEMD/160) that we can't verify.

* sig-check.c (signature_check2): Use G10ERR_GENERAL as the error for
signature digest conflict.  BAD_SIGN implies that a signature was checked
and we may try and print out a user ID for a key that doesn't exist.

16 years ago* trustdb.c (init_trustdb, get_validity): Don't use a changed trust model
David Shaw [Wed, 15 Jan 2003 17:07:54 +0000 (17:07 +0000)]
* trustdb.c (init_trustdb, get_validity): Don't use a changed trust model
to indicate a dirty trustdb, and never auto-rebuild a dirty trustdb with
the "always" trust model.

* g10.c (add_group): Last commit missed the \t ;)

16 years ago* gpg.sgml: Minor language tweaks, spell check, copyright date,
David Shaw [Wed, 15 Jan 2003 03:30:31 +0000 (03:30 +0000)]
* gpg.sgml: Minor language tweaks, spell check, copyright date,
etc.

* DETAILS: Note that user IDs/UATs fill in creation and expiration date.
Document namehash.

16 years ago* packet.h, parse-packet.c (setup_user_id), free-packet.c (free_user_id),
David Shaw [Tue, 14 Jan 2003 18:13:22 +0000 (18:13 +0000)]
* packet.h, parse-packet.c (setup_user_id), free-packet.c (free_user_id),
keydb.h, keyid.c (namehash_from_uid): New function to rmd160-hash the
contents of a user ID packet and cache it in the uid object.

* keylist.c (list_keyblock_colon): Use namehash in field 8 of uids.  Show
dates for creation (selfsig date), and expiration in fields 6 and 7.

* trustdb.c (get_validity, get_validity_counts, update_validity): Use new
namehash function rather than hashing it locally.

16 years ago* g10.c (add_group): Fixed group parsing to allow more than one
Werner Koch [Tue, 14 Jan 2003 09:35:31 +0000 (09:35 +0000)]
* g10.c (add_group): Fixed group parsing to allow more than one
delimiter in a row and also allow tab as delimiter.

16 years ago* tdbio.c (tdbio_set_dbname): Fix assertion failure with
David Shaw [Sun, 12 Jan 2003 15:46:17 +0000 (15:46 +0000)]
* tdbio.c (tdbio_set_dbname): Fix assertion failure with
non-fully-qualified trustdb names.

16 years ago* trustdb.c (get_validity_info, get_ownertrust_info, trust_letter):
David Shaw [Sat, 11 Jan 2003 21:13:41 +0000 (21:13 +0000)]
* trustdb.c (get_validity_info, get_ownertrust_info, trust_letter):
Simplify by returning a ? for error directly.

* keyedit.c (show_key_with_all_names): Use get_validity_string and
get_ownertrust_string to show full word versions of trust (i.e. "full"
instead of 'f').

* trustdb.h, trustdb.c (get_ownertrust_string, get_validity_string): Same
as get_ownertrust_info, and get_validity_info, except returns a full
string.

* trustdb.c (get_ownertrust_with_min): New.  Same as 'get_ownertrust' but
takes the min_ownertrust value into account.

16 years ago* armor.c (armor_filter): Comment about PGP's end of line tab problem.
David Shaw [Sat, 11 Jan 2003 03:57:00 +0000 (03:57 +0000)]
* armor.c (armor_filter): Comment about PGP's end of line tab problem.

* trustdb.h, trustdb.c (trust_letter): Make static. (get_ownertrust_info,
get_validity_info): Don't mask the trust level twice.

* trustdb.h, gpgv.c, trustdb.c (get_validity, get_validity_info),
keylist.c (list_keyblock_colon), keyedit.c (show_key_with_all_names_colon,
menu_revuid): Pass a user ID in rather than a namehash, so we only have to
do the hashing in one place.

* packet.h, pkclist.c (build_pk_list), free-packet.c
(release_public_key_parts): Remove unused namehash element for public
keys.

16 years agoUpdated from latest NewPG project
Werner Koch [Thu, 9 Jan 2003 13:15:07 +0000 (13:15 +0000)]
Updated from latest NewPG project

16 years agoUpdated from latest NewPG project
Werner Koch [Thu, 9 Jan 2003 12:59:25 +0000 (12:59 +0000)]
Updated from latest NewPG project

16 years ago* keygen.c (keygen_set_std_prefs): Warn when setting an IDEA preference
David Shaw [Tue, 7 Jan 2003 15:30:02 +0000 (15:30 +0000)]
* keygen.c (keygen_set_std_prefs): Warn when setting an IDEA preference
when IDEA is not available.

16 years ago* trustdb.c (get_validity_info): 'd' for disabled is not a validity value
David Shaw [Tue, 7 Jan 2003 00:06:02 +0000 (00:06 +0000)]
* trustdb.c (get_validity_info): 'd' for disabled is not a validity value
any more.

16 years ago* gpgkeys_hkp.c (get_key): Use options=mr when getting a key so keyserver
David Shaw [Mon, 6 Jan 2003 23:05:39 +0000 (23:05 +0000)]
* gpgkeys_hkp.c (get_key): Use options=mr when getting a key so keyserver
doesn't attach the HTML header which we will just have to discard.

16 years ago* packet.h, tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record),
David Shaw [Mon, 6 Jan 2003 22:56:08 +0000 (22:56 +0000)]
* packet.h, tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record),
trustdb.c (update_validity): Store temporary full & marginal counts in the
trustdb. (clear_validity, get_validity_counts): Return and clear temp
counts. (store_validation_status): Keep track of which keyids have been
stored. (validate_one_keyblock, validate_key_list): Use per-uid copies of
the full & marginal counts so they can be recalled for multiple levels.
(validate_keys): Only use unused keys for each new round.
(reset_unconnected_keys): Rename to reset_trust_records, and only skip
specifically excluded records.

16 years ago* DETAILS: Document disabled flag in capabilities field.
David Shaw [Mon, 6 Jan 2003 21:12:34 +0000 (21:12 +0000)]
* DETAILS: Document disabled flag in capabilities field.

16 years ago* keylist.c (print_capabilities): Show 'D' for disabled keys in
David Shaw [Mon, 6 Jan 2003 21:01:44 +0000 (21:01 +0000)]
* keylist.c (print_capabilities): Show 'D' for disabled keys in
capabilities section.

* trustdb.c (is_disabled): Remove incorrect comment.

16 years ago* import.c (import_one): Only do the work to create the status display for
David Shaw [Fri, 3 Jan 2003 21:41:53 +0000 (21:41 +0000)]
* import.c (import_one): Only do the work to create the status display for
interactive import if status is enabled.

* keyring.c (keyring_search): skipfnc didn't work properly with non-keyid
searches.  Noted by Stefan Bellon.

* getkey.c (merge_selfsigs_main): Remove some unused code and make sure
that the pk selfsigversion member accounts for 1F direct sigs.

16 years ago* keydb.c (keydb_add_resource): Don't assume that try_make_homedir
Werner Koch [Thu, 2 Jan 2003 18:28:29 +0000 (18:28 +0000)]
* keydb.c (keydb_add_resource): Don't assume that try_make_homedir
terminates but check again for the existence of the directory and
continue then.
* openfile.c (copy_options_file): Print a warning if the skeleton
file has active options.

16 years ago* getkey.c (merge_selfsigs_main), main.h, sig-check.c
David Shaw [Sun, 29 Dec 2002 15:58:44 +0000 (15:58 +0000)]
* getkey.c (merge_selfsigs_main), main.h, sig-check.c
(check_key_signature2): Pass the ultimately trusted pk directly to
check_key_signature2 to avoid going through the key selection mechanism.
This prevents a deadly embrace when two keys without selfsigs each sign
the other.

16 years ago* keyserver.c (keyserver_refresh): Don't print the "refreshing..." line if
David Shaw [Fri, 27 Dec 2002 23:46:51 +0000 (23:46 +0000)]
* keyserver.c (keyserver_refresh): Don't print the "refreshing..." line if
there are no keys to refresh or if there is no keyserver set.

* getkey.c (merge_selfsigs_main): Any valid user ID should make a key
valid, not just the last one.  This also fixes Debian bug #174276.

16 years ago* gpg.sgml: Clarify --no-permission-warning to note that the permission
David Shaw [Fri, 27 Dec 2002 23:44:29 +0000 (23:44 +0000)]
* gpg.sgml: Clarify --no-permission-warning to note that the permission
warnings are not intended to be the be-all and end-all in security checks.
Add note to --group that when used on the command line, it may be
necessary to quote the argument so it is not treated as multiple
arguments.  Noted by Stefan Bellon.

16 years ago* NEWS: Add note about convert-from-106 script.
David Shaw [Fri, 27 Dec 2002 23:40:03 +0000 (23:40 +0000)]
* NEWS: Add note about convert-from-106 script.

16 years agofixed type problem
Stefan Bellon [Fri, 27 Dec 2002 22:17:25 +0000 (22:17 +0000)]
fixed type problem

16 years ago* keyedit.c (keyedit_menu, menu_revuid): Add "revuid" feature to revoke a
David Shaw [Fri, 27 Dec 2002 13:41:17 +0000 (13:41 +0000)]
* keyedit.c (keyedit_menu, menu_revuid): Add "revuid" feature to revoke a
user ID.  This is the same as issuing a revocation for the self-signature,
but a much simpler interface to do it.

16 years ago* keydb.h, getkey.c (key_byname): Flag to enable or disable including
David Shaw [Thu, 26 Dec 2002 22:22:50 +0000 (22:22 +0000)]
* keydb.h, getkey.c (key_byname): Flag to enable or disable including
disabled keys.  Keys specified via keyid (i.e. 0x...) are always included.

* getkey.c (get_pubkey_byname, get_seckey_byname2, get_seckey_bynames),
keyedit.c (keyedit_menu, menu_addrevoker): Include disabled keys in these
functions.

* pkclist.c (build_pk_list): Do not include disabled keys for -r or the
key prompt.  Do include disabled keys for the default key and
--encrypt-to.

* trustdb.h, trustdb.c (is_disabled): New skipfnc for skipping disabled
keys.

* gpgv.c (is_disabled): Stub.

* keygen.c (keygen_add_key_expire): Properly handle updating a key
expiration to a no-expiration value.

* keyedit.c (enable_disable_key): Comment.

* import.c (import_one): When in interactive mode and --verbose, don't
repeat some key information twice.

16 years ago* iobuf.c (iobuf_flush): Only print debug info if debugging is on.
David Shaw [Thu, 26 Dec 2002 20:58:23 +0000 (20:58 +0000)]
* iobuf.c (iobuf_flush): Only print debug info if debugging is on.

16 years agoSimple script to create samplekeys.asc. CVS only.
Werner Koch [Mon, 23 Dec 2002 15:48:50 +0000 (15:48 +0000)]
Simple script to create samplekeys.asc.  CVS only.

16 years ago* samplekeys.asc: Updated.
Werner Koch [Mon, 23 Dec 2002 15:47:53 +0000 (15:47 +0000)]
* samplekeys.asc: Updated.

16 years ago2002-12-22 Timo Schulz <ts@winpt.org>
Timo Schulz [Sun, 22 Dec 2002 20:53:20 +0000 (20:53 +0000)]
2002-12-22  Timo Schulz  <ts@winpt.org>

        * import.c (print_import_check): New.
        (import_one): Use it here.
        Use merge_keys_and_selfsig in the interactive mode to avoid
        wrong key information.
        * status.h: Add new status code.
        * status.c: Ditto.

16 years ago* pkclist.c (do_we_trust): Tweak language to refer to the "named
David Shaw [Fri, 13 Dec 2002 21:10:53 +0000 (21:10 +0000)]
* pkclist.c (do_we_trust): Tweak language to refer to the "named
user" rather than "owner".  Noted by Stefan Bellon.

* trustdb.h, trustdb.c (trustdb_pending_check): New function to
check if the trustdb needs a check.

* import.c (import_keys_internal): Used here so we don't rebuild
the trustdb if it is still clean.
(import_one, chk_self_sigs): Only mark trustdb dirty if the key
that is being imported has any sigs other than self-sigs.
Suggested by Adrian von Bidder.

* options.skel: Include the required '=' sign in the sample
'group' option.  Noted by Stefan Bellon.

* import.c (chk_self_sigs): Don't try and check a subkey as if it
was a signature.

16 years ago* tdbio.c (tdbio_read_record, tdbio_write_record): Compact the
David Shaw [Wed, 11 Dec 2002 17:50:38 +0000 (17:50 +0000)]
* tdbio.c (tdbio_read_record, tdbio_write_record): Compact the
RECTYPE_TRUST records a bit.

* g10.c (main): Comment out --list-trust-path until it can be implemented.

* import.c (import_one): Warn when importing an Elgamal primary that this
may take some time (to verify self-sigs). (chk_self_sigs): Try and cache
all self-sigs so the keyblock is written to the keyring with a good rich
cache.

* keygen.c (ask_algo): Make the Elgamal sign+encrypt warning stronger, and
remove the RSA sign+encrypt warning.

16 years ago* gpg.sgml: Clarify include-revoked and include-disabled so they match
David Shaw [Wed, 11 Dec 2002 03:47:03 +0000 (03:47 +0000)]
* gpg.sgml: Clarify include-revoked and include-disabled so they match
what the program actually does.  Noted by Dick Gevers.

* gpg.sgml: Document %-expandos for policy URLs and notations.

* gpg.sgml: Document --pgp8.  Clarify that --pgp6 and --pgp7 disable
--throw-keyid.

16 years agofixed typo
Stefan Bellon [Fri, 6 Dec 2002 00:38:43 +0000 (00:38 +0000)]
fixed typo

16 years ago* gpg.sgml: Document --no-mangle-dos-filenames.
Werner Koch [Thu, 5 Dec 2002 15:25:46 +0000 (15:25 +0000)]
* gpg.sgml: Document --no-mangle-dos-filenames.

16 years ago* g10.c: New options --[no-]mangle-dos-filenames.
Werner Koch [Thu, 5 Dec 2002 15:25:16 +0000 (15:25 +0000)]
* g10.c: New options --[no-]mangle-dos-filenames.
* options.h (opt): Added mangle-dos-filenames.
* openfile.c (open_outfile) [USE_ONLY_8DOT3]: Truncate the
filename only when this option is set; this is the default.

16 years ago* main.h, keyedit.c, keygen.c: Back out previous (2002-12-01) change.
David Shaw [Wed, 4 Dec 2002 18:50:10 +0000 (18:50 +0000)]
* main.h, keyedit.c, keygen.c: Back out previous (2002-12-01) change.
Minimal isn't always best.

* sign.c (update_keysig_packet): Use the current time rather then a
modification of the original signature time.  Make sure that this doesn't
cause a time warp.

* keygen.c (keygen_add_key_expire): Properly handle a key expiration date
in the past (use a duration of 0).

* keyedit.c (menu_expire): Use update_keysig_packet so any sig subpackets
are maintained during the update.

* build-packet.c (build_sig_subpkt): Mark sig expired or unexpired when
the sig expiration subpacket is added. (build_sig_subpkt_from_sig): Handle
making an expiration subpacket from a sig that has already expired (use a
duration of 0).

* packet.h, sign.c (update_keysig_packet), keyedit.c
(menu_set_primary_uid, menu_set_preferences): Add ability to issue 0x18
subkey binding sigs to update_keysig_packet and change all callers.

16 years ago* trustdb.c (validate_keys): Show trust parameters when building trustdb,
David Shaw [Wed, 4 Dec 2002 06:06:56 +0000 (06:06 +0000)]
* trustdb.c (validate_keys): Show trust parameters when building trustdb,
and make sure that the version record update was successful.
(init_trustdb): If the current parameters aren't what was used for
building the trustdb, the trustdb is invalid.

* tbio.c (tdbio_db_matches_options): Update to work with new trustdbs.

16 years ago* tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record): Store trust
David Shaw [Wed, 4 Dec 2002 00:05:11 +0000 (00:05 +0000)]
* tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record): Store trust
model in the trustdb version record. (tdbio_update_version_record): New
function to update version record values during a trustdb check or update.
(tdbio_dump_record): Show trust model in dump.

* trustdb.c (validate_keys): Call tdbio_update_version_record on success
so that the correct options are stored in the trustdb.

* options.h: rearrange trust models so that CLASSIC is 0 and OPENPGP is 1.

16 years ago* options.h, g10.c (main), encode.c (write_pubkey_enc_from_list),
David Shaw [Tue, 3 Dec 2002 23:31:48 +0000 (23:31 +0000)]
* options.h, g10.c (main), encode.c (write_pubkey_enc_from_list),
pkclist.c (algo_available), revoke.c (gen_revoke): Add --pgp8 mode.  This
is basically identical to --pgp7 in all ways except that signing subkeys,
v4 data sigs (including expiration), and SK comments are allowed.

* getkey.c (finish_lookup): Comment.

* main.h, keylist.c (reorder_keyblock), keyedit.c (keyedit_menu): Reorder
user ID display in the --edit-key menu to match that of the --list-keys
display.

* g10.c (add_notation_data): Fix initialization.

16 years agoMarked unused slots in the trustdb.
Werner Koch [Tue, 3 Dec 2002 08:12:53 +0000 (08:12 +0000)]
Marked unused slots in the trustdb.

16 years ago* gpg.sgml: Point out that if the user absolutely must, it's better to use
David Shaw [Sun, 1 Dec 2002 21:06:13 +0000 (21:06 +0000)]
* gpg.sgml: Point out that if the user absolutely must, it's better to use
--pgpX than forcing an algorithm manually.  Better still not to use
anything, of course. CVS:
----------------------------------------------------------------------
gpg.sgml CVS:
----------------------------------------------------------------------

16 years ago* distfiles, gnupg.spec.in: Include convert-from-106.
David Shaw [Sun, 1 Dec 2002 21:04:07 +0000 (21:04 +0000)]
* distfiles, gnupg.spec.in: Include convert-from-106.

* convert-from-106: Script to automate the 1.0.6->later conversion.  It
marks all secret keys as ultimately trusted, adds the signature caches,
and checks the trustdb.

16 years ago* keyedit.c (menu_expire): Don't lose key flags when changing the
David Shaw [Sun, 1 Dec 2002 20:59:04 +0000 (20:59 +0000)]
* keyedit.c (menu_expire): Don't lose key flags when changing the
expiration date of a subkey.  This is not the most optimal solution, but
it is minimal change on the stable branch.

* main.h, keygen.c (do_copy_key_flags): New function to copy key flags, if
any, from one sig to another. (do_add_key_expire): New function to add key
expiration to a sig. (keygen_copy_flags_add_expire): New version of
keygen_add_key_expire that also copies key flags.
(keygen_add_key_flags_and_expire): Use do_add_key_expire.

* import.c (fix_hkp_corruption): Comment.

16 years ago* NEWS: Add notes about notation names and '@', the --trust-model option,
David Shaw [Tue, 26 Nov 2002 04:02:58 +0000 (04:02 +0000)]
* NEWS: Add notes about notation names and '@', the --trust-model option,
default algorithms from --personal-xxxx, --primary-keyring, changes with
--s2k-digest-algo, the new anonymous recipient improvements, and
non-optimized memory wiping.

16 years ago* gpg.sgml: Document --primary-keyring. Clarify --s2k-cipher-algo,
David Shaw [Tue, 26 Nov 2002 04:00:28 +0000 (04:00 +0000)]
* gpg.sgml: Document --primary-keyring.  Clarify --s2k-cipher-algo,
--s2k-digest-algo, --personal-cipher-preferences,
--personal-digest-preferences, and --personal-compress-preferences.

16 years ago* gpg.sgml: Document --sig-policy-url, --cert-policy-url, --sig-notation,
David Shaw [Mon, 25 Nov 2002 14:34:08 +0000 (14:34 +0000)]
* gpg.sgml: Document --sig-policy-url, --cert-policy-url, --sig-notation,
--cert-notation.  Clarify --show-notation and --show-policy-url that
policy URLs and notations can be used in data signatures as well.  Add
note about '@' being a required character in notation names.

16 years agono RISC OS filetype needed for nooutput
Stefan Bellon [Mon, 25 Nov 2002 13:30:34 +0000 (13:30 +0000)]
no RISC OS filetype needed for nooutput

16 years ago* main.h, misc.c (default_cipher_algo, default_compress_algo): New.
David Shaw [Mon, 25 Nov 2002 04:24:41 +0000 (04:24 +0000)]
* main.h, misc.c (default_cipher_algo, default_compress_algo): New.
Return the default algorithm by trying --cipher-algo/--compress-algo, then
the first item in the pref list, then s2k-cipher-algo or ZIP.

* sign.c (sign_file, sign_symencrypt_file), encode.c (encode_simple,
encode_crypt): Call default_cipher_algo and default_compress_algo to get
algorithms.

* g10.c (main): Allow pref selection for compress algo with --openpgp.

16 years ago* mainproc.c (proc_encrypted): Use --s2k-digest-algo for passphrase
David Shaw [Mon, 25 Nov 2002 04:11:02 +0000 (04:11 +0000)]
* mainproc.c (proc_encrypted): Use --s2k-digest-algo for passphrase
mangling rather than --digest-algo.

16 years ago* sign.c (hash_for): If --digest-algo is not set, but
David Shaw [Mon, 25 Nov 2002 04:06:04 +0000 (04:06 +0000)]
* sign.c (hash_for): If --digest-algo is not set, but
--personal-digest-preferences is, then use the first hash algorithm in the
personal list.  If the signing algorithm is DSA, then use the first
160-bit hash algorithm in the personal list. If --pgp2 is set and it's a
v3 RSA key, use MD5.