* build-packet.c (build_sig_subpkt): Comments.

* exec.c (exec_write): Cast NULL to void* to properly terminate varargs
list.

* keyedit.c (show_key_with_all_names): Just for safety, catch an invalid
pk algorithm.

* sign.c (make_keysig_packet): Crucial that the call to mksubpkt comes
LAST before the calls to finalize the sig as that makes it possible for
the mksubpkt function to get a reliable pointer to the subpacket area.

* pkclist.c (do_we_trust_pre): If an untrusted key was chosen by a
particular user ID, use that ID as the one to ask about when prompting
whether to use the key anyway. (build_pk_list): Similar change here when
adding keys to the recipient list.

* trustdb.c (update_validity): Fix bug that prevented more than one
validity record per trust record. (get_validity): When retrieving validity
for a (user) supplied user ID, return the validity for that user ID only,
and do not fall back to the general key validity. (validate_one_keyblock):
Some commentary on whether non-self-signed user IDs belong in the web of
trust (arguably, they do).

g10/sign.c

@@ -1251,12 +1251,15 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
     sig->sig_class = sigclass;
     if( sig->version >= 4 )
 	build_sig_subpkt_from_sig( sig );
+    mk_notation_and_policy( sig, pk, sk );
 
+    /* Crucial that the call to mksubpkt comes LAST before the calls
+       to finalize the sig as that makes it possible for the mksubpkt
+       function to get a reliable pointer to the subpacket area. */
     if( sig->version >= 4 && mksubpkt )
 	rc = (*mksubpkt)( sig, opaque );
 
     if( !rc ) {
-	mk_notation_and_policy( sig, pk, sk );
         hash_sigversion_to_magic (md, sig);
 	md_final(md);