Merged in my changes, after disk crash. Fortunately the CVS was not

affected - but everything else and it seems that there is no backup of
the BTS data is available :-(

AUTHORS

@@ -6,7 +6,7 @@ Authors
 
 Birger Langkjer <birger.langkjer@image.dk> Translations [da]
 
-Daniel Resare  <daniel@resare.com> xxxx [sv]
+Daniel Resare  <daniel@resare.com> Translations [sv]
 
 David Shaw <dshaw@jabberwocky.com> Assignment
     (all in keyserver/,

NEWS

@@ -1,3 +1,7 @@
+    * The default cipher algorithm for encryption is now CAST5,
+      default default hash algorithm is SHA-1.  This will give us
+      better interoperability with other OpenPGP implementations.
+
     * Symmetric encrypted messages now use a fixed file size if
       possible.  This is a tradeoff: it breaks PGP 5, but fixes PGP 2,
       6, and 7.  Note this was only an issue with RFC-1991 style

TODO

@@ -1,9 +1,19 @@
+  * change the maintainer address in faq.raw
+
+  * Do we need a configure test for putenv?
+
+  * Add remarks to the man page about OpenPGP OPTIONAL algorithms and
+    issue warnings when such an algorithm is used (disabled by expert modus?)
+
+  * Return status information even when an imported key is already
+    stored.  This is useful for GPGME's detailed info fucntion.
+
   * Describe some pitfalls when using EGD.  Check that ~/.gnupg/entropy
     really is the default.  What about needed permission?  
 
   * Using an expired key for signing should give an error message
-    "expired key"and not "unusable key'.  Furthermore the error should
-    also be thrown when the defaultkey has expired.  Reported by
+    "expired key" and not "unusable key'.  Furthermore the error should
+    also be thrown when the default key has expired.  Reported by
     Eric.VanBuggenhaut@AdValvas.be.
 
   * pause scrolling help in --edit-key and elsewhere.
@@ -14,8 +24,6 @@
   * Selection using +wordlist does not work.
     What about adding a feature -word to the +wordlist search mode.
 
-  * add listing of notation data
-
   * Check the changes to the gpg random gatherer on all W32 platforms.
 
   * Put a note into readme.w32 that there is a man page and a options
@@ -32,10 +40,6 @@
     it's end and allow for multiple signature for one message.  And
     add a real grammar to the code in mainproc.c
 
-  * option to set the signature expiration time for key sigs.
-    Rework the way we create signature subpackets - the current code
-    is not easy to understand.
-
   * Option to warn when a non MDC message is decrypted?
 
   * If there is no secure memory, allocate more memory for the secure
@@ -51,20 +55,14 @@
 
   * Add an is_valid flag to each user ID.
 
-  * Do not create a secring.gpg if it is not needed; I have fixed this
-    sometime ago but it has later reappeared.
-
   * Check for consistent spelling of user ID, key ID etc.
     Replace "user id not found" in getkey.c by "no valid user ID found".
  
   * Replace the printing of the user name by [self-signature] when
     appropriate so that a key listing does not get clobbered.
 
-  * Using --list-only to check for recipients while decrypting may
-    yield an error about an unknown packet.
-
   * Check that the way we select cipher and digest algorithms w/o
-    preferences is okay and make AES the default.
+    preferences is okay and make AES the default in some future.
 
   * Concatenated encryption messages don't work corectly - only the
     first one is processed.
@@ -72,27 +70,11 @@
   * Add option to put the list of recipients (from the encryption
     layer) into the signatures notation data.
 
-  * Allow to update key signatures.  It is also not possible to resign
-    an already revoked key signature.
-
-  * For FreeBSD only: spit out a message that rndcontrol (8) should be
-    used to enable the use of IRQs for entropy gathering.
-
-  * --passphrase-fd  can't work with -cs: document this or find a way
-    to work around.
-
   * With option -i prompt before adding a key to the keyring and show some
     info what we are about to add.
 
   * --disable-asm should still assemble _udiv_qrnnd when needed
 
-  * replace the keyserver stuff either by a call to a specialized
-    utility and SOCKSify this utility.
-    [David is working on this]
-
-  * Check the beginning of file to detect already compressed files (gzip,
-    bzip2, xdelta and some picture formats)  [Timo has some code for this]
-
   * Get new assembler stuff from gmp 3.1
 
   * Use new-format headers for compressed packets.
@@ -101,8 +83,6 @@
   * use DEL and ^H for erasing the previous character (util/ttyio.c).
     or better readline.
 
-  * Print a warning if the directory mode is wrong.
-
   * preferences of hash algorithms are not yet used.
 
   * add test cases for invalid data (scrambled armor or other random data)
@@ -117,9 +97,6 @@
     verification status of the message to the output (i.e. write something to
     the --output file and not only to stderr.
 
-  * The user is asked for a revocation reasons even if this one can't
-    be used with v3 keys.
-
   * keyflags don't distinguish between {certify,signature}-only.
 
   * Instead of issuing a "signature packet without keyid" gpg should

cipher/ChangeLog

@@ -1,3 +1,10 @@
+2002-04-06  Werner Koch  <wk@gnupg.org>
+
+	* rijndael.c (rijndael_get_info): We do only support a 128 bit
+	blocksize so it makes sense to change the algorithm strings to
+	AES.
+	* cipher.c (string_to_cipher_algo): Map "RIJNDAEL" to "AES".
+
 2002-02-14  Werner Koch  <wk@gnupg.org>
 
 	* random.c (mix_pool): Removed the failsafe stuff again.  It makes

cipher/cipher.c

@@ -253,15 +253,29 @@ load_cipher_modules(void)
 int
 string_to_cipher_algo( const char *string )
 {
-    int i;
-    const char *s;
+  int i;
+  const char *s;
 
-    do {
-	for(i=0; (s=cipher_table[i].name); i++ )
-	    if( !ascii_strcasecmp( s, string ) )
-		return cipher_table[i].algo;
+  /* kludge to alias RIJNDAEL to AES */
+  if ( *string == 'R' || *string == 'r')
+    {
+      if (!ascii_strcasecmp (string, "RIJNDAEL"))
+        string = "AES";
+      else if (!ascii_strcasecmp (string, "RIJNDAEL192"))
+        string = "AES192";
+      else if (!ascii_strcasecmp (string, "RIJNDAEL256"))
+        string = "AES256";
+    }
+
+  do
+    {
+      for(i=0; (s=cipher_table[i].name); i++ ) 
+        {
+          if( !ascii_strcasecmp( s, string ) )
+            return cipher_table[i].algo;
+        }
     } while( load_cipher_modules() );
-    return 0;
+  return 0;
 }
 
 /****************

cipher/rijndael.c

@@ -2151,11 +2151,11 @@ rijndael_get_info (int algo, size_t *keylen,
 							= rijndael_decrypt;
 
     if( algo == 7 )
-	return "RIJNDAEL";
+	return "AES";
     if (algo == 8)
-        return "RIJNDAEL192";
+        return "AES192";
     if (algo == 9)
-        return "RIJNDAEL256";
+        return "AES256";
     return NULL;
 }
 

doc/FAQ

@@ -4,7 +4,7 @@ GNUPG FREQUENTLY ASKED QUESTIONS
 
 Version: 1.5.6
 Last-Modified: Sep 14, 2001
-Maintained-by: Nils Ellmenreich <nils 'at' gnupg.org>
+Maintained-by: We are looking for a new maintainer, <faq 'at' gnupg.org> 
 
 
 This is the GnuPG FAQ. The latest HTML version is available  

doc/gpg.sgml

@@ -1538,7 +1538,6 @@ Allow the import and use of keys with user IDs which are not
 self-signed.  This is not recommended, as a non self-signed user ID is
 trivial to forge.
 </para></listitem></varlistentry>
-<varlistentry>
 
 <varlistentry>
 <term>--no-allow-non-selfsigned-uid</term>
@@ -1546,6 +1545,7 @@ trivial to forge.
 Reset the --allow-non-selfsigned-uid option.
 </para></listitem></varlistentry>
 
+<varlistentry>
 <term>--allow-freeform-uid</term>
 <listitem><para>
 Disable all checks on the form of the user ID while generating a new

doc/gpg.texi

@@ -582,17 +582,20 @@ each time.
 @item ---keyserver-options @code{parameters}
 This is a space or comma delimited string that gives options for the
 keyserver. Options can be prepended with a `no-' to give the opposite
-meaning. While not all options are available for all keyserver
-schemes, some common options are:
+meaning. While not all options are available for all keyserver types,
+some common options are:
 
 @table @asis
 @item include-revoked
 When receiving or searching for a key, include keys that are marked on
-the keyserver as revoked.
+the keyserver as revoked. Note that this option is always set when
+using the NAI HKP keyserver, as this keyserver does not differentiate
+between revoked and unrevoked keys.
 
 @item include-disabled
 When receiving or searching for a key, include keys that are marked on
-the keyserver as disabled.
+the keyserver as disabled. Note that this option is not used with HKP
+keyservers, as they do not support disabling keys.
 
 @item use-temp-files
 On most Unix-like platforms, GnuPG communicates with the keyserver
@@ -911,7 +914,9 @@ Try to be more RFC1991 (PGP 2.x) compliant.
 @item ---pgp2
 Set up all options to be as PGP 2.x compliant as possible, and warn if
 an action is taken (e.g. encrypting to a non-RSA key) that will create
-a message that PGP 2.x will not be able to handle.
+a message that PGP 2.x will not be able to handle. Note that `PGP
+2.x' here means `MIT PGP 2.6.2'. There are other versions of PGP 2.x
+available, but the MIT release is a good common baseline.
 
 This option implies `---rfc1991 --no-openpgp --no-force-v4-certs
 ---no-comment --escape-from --no-force-v3-sigs --cipher-algo IDEA
@@ -949,16 +954,14 @@ Reset the ---force-v4-certs option.
 Force the use of encryption with appended manipulation
 code. This is always used with the newer ciphers (those
 with a blocksize greater than 64 bit).
-This option might not be implemented yet.
 
 @item ---allow-non-selfsigned-uid
-Allow the import of keys with user IDs which are not self-signed, but
-have at least one signature.
-This only allows the import - key validation will fail and you
-have to check the validity of the key by other means. This hack is
-needed for some German keys generated with pgp 2.6.3in. You should really
-avoid using it, because OpenPGP has better mechanics to do separate signing
-and encryption keys.
+Allow the import and use of keys with user IDs which are not
+self-signed. This is not recommended, as a non self-signed user ID is
+trivial to forge.
+
+@item ---no-allow-non-selfsigned-uid
+Reset the ---allow-non-selfsigned-uid option.
 
 @item ---allow-freeform-uid
 Disable all checks on the form of the user ID while generating a new

g10/ChangeLog

@@ -1,3 +1,43 @@
+2002-04-06  Werner Koch  <wk@gnupg.org>
+
+	* keyring.c (keyring_get_keyblock): Disable the keylist mode here.
+
+	* encode.c (encode_simple, encode_crypt): Only test on compressed
+	files if a compress level was not explicity set.
+
+	* keygen.c (keygen_set_std_prefs): Removed Blowfish and Twofish
+	from the list of default preferences, swapped the preferences of
+	RMD160 and SHA1.  Don't include a preference to 3DES unless the
+	IDEA kludge gets used.
+
+	* free-packet.c (free_packet): call free_encrypted also for
+	PKT_ENCRYPTED_MDC.
+
+	* compress.c (release_context): New.
+	(handle_compressed): Allocate the context and setup a closure to
+	release the context.  This is required because there is no
+	guarabntee that the filter gets popped from the chain at the end
+	of the function.  Problem noted by Timo and probably also the
+	cause for a couple of other reports.
+	(compress_filter): Use the release function if set.
+
+	* tdbio.c [__CYGWIN32__]: Don't rename ftruncate.  Noted by
+	Disastry.
+
+	* parse-packet.c (parse_signature): Put parens around a bit test.
+
+	* exec.c (make_tempdir): Double backslash for TMP directory
+	creation under Windows.  Better strlen the DIRSEP_S constants for
+	allocation measurements.
+
+	* decrypt.c (decrypt_messages): Release the passphrase aquired
+	by get_last_passphrase.
+
+2002-04-02  Werner Koch  <wk@gnupg.org>
+
+	* Makefile.am (EXTRA_DIST): Removed OPTIONS an pubring.asc - they
+	are no longer of any use. 
+
 2002-04-03  David Shaw  <dshaw@jabberwocky.com>
 
 	* keyserver.c (parse_keyserver_options): fix auto-key-retrieve to
@@ -37,6 +77,16 @@
 
 	* hkp.c (write_quoted): quote backslashes from keyserver searches
 
+2002-03-26  Werner Koch  <wk@gnupg.org>
+
+	* keygen.c (ask_keysize): Removed the warning for key sizes > 1536.
+
+2002-03-25  Werner Koch  <wk@gnupg.org>
+
+	* keyedit.c (sign_uids): Use 2 strings and not a %s so that
+	translations can be done the right way.
+	* helptext.c: Fixed small typo.
+
 2002-03-23  David Shaw  <dshaw@jabberwocky.com>
 
 	* import.c (append_uid, merge_sigs): it is okay to import
@@ -95,6 +145,10 @@
 	* sign.c (clearsign_file): Allow --not-dash-escaped to work with
 	v3 keys.
 
+2002-03-14  Werner Koch  <wk@gnupg.org>
+
+	* main.h: Changed the default algorithms to CAST5 and SHA1.
+
 2002-03-13  David Shaw  <dshaw@jabberwocky.com>
 
 	* import.c (chk_self_sigs): Show which user ID a bad self-sig

g10/Makefile.am

@@ -19,7 +19,7 @@
 ## Process this file with automake to produce Makefile.in
 
 INCLUDES = -I.. -I$(top_srcdir)/include -I$(top_srcdir)/intl
-EXTRA_DIST = OPTIONS  pubring.asc  options.skel
+EXTRA_DIST = options.skel
 # it seems that we can't use this with automake 1.5
 #OMIT_DEPENDENCIES = zlib.h zconf.h
 LDFLAGS = @LDFLAGS@ @DYNLINK_LDFLAGS@

g10/compress.c

@@ -266,12 +266,21 @@ compress_filter( void *opaque, int control,
 	    zfx->opaque = NULL;
 	    m_free(zfx->outbuf); zfx->outbuf = NULL;
 	}
+        if (zfx->release)
+          zfx->release (zfx);
     }
     else if( control == IOBUFCTRL_DESC )
 	*(char**)buf = "compress_filter";
     return rc;
 }
 
+
+static void
+release_context (compress_filter_context_t *ctx)
+{
+  m_free (ctx);
+}
+
 /****************
  * Handle a compressed packet
  */
@@ -279,26 +288,19 @@ int
 handle_compressed( void *procctx, PKT_compressed *cd,
 		   int (*callback)(IOBUF, void *), void *passthru )
 {
-    compress_filter_context_t cfx;
+    compress_filter_context_t *cfx;
     int rc;
 
-    memset( &cfx, 0, sizeof cfx );
     if( cd->algorithm < 1 || cd->algorithm > 2	)
 	return G10ERR_COMPR_ALGO;
-    cfx.algo = cd->algorithm;
-
-    iobuf_push_filter( cd->buf, compress_filter, &cfx );
+    cfx = m_alloc_clear (sizeof *cfx);
+    cfx->algo = cd->algorithm;
+    cfx->release = release_context;
+    iobuf_push_filter( cd->buf, compress_filter, cfx );
     if( callback )
 	rc = callback(cd->buf, passthru );
     else
 	rc = proc_packets(procctx, cd->buf);
-  #if 0
-    iobuf_pop_filter( cd->buf, compress_filter, &cfx );
-    if( cd->len )
-	iobuf_set_limit( cd->buf, 0 ); /* disable the readlimit */
-    else
-	iobuf_clear_eof( cd->buf );
-  #endif
     cd->buf = NULL;
     return rc;
 }

g10/decrypt.c

@@ -121,6 +121,7 @@ decrypt_messages(int nfiles, char **files)
                   g10_errstr(rc));
       p = get_last_passphrase();
       set_next_passphrase(p);
+      m_free (p);
       files++;
       m_free(output);
       write_status( STATUS_FILE_DONE );

g10/encode.c

@@ -86,7 +86,7 @@ encode_simple( const char *filename, int mode )
     memset( &tfx, 0, sizeof tfx);
     init_packet(&pkt);
     
-    if (is_file_compressed(filename, &rc))
+    if (opt.compress == -1 && is_file_compressed(filename, &rc))
       {
         if (opt.verbose)
           log_info(_("`%s' already compressed\n"), filename);
@@ -290,7 +290,7 @@ encode_crypt( const char *filename, STRLIST remusr )
 	  }
     }
 
-    if (is_file_compressed(filename, &rc2))
+    if (opt.compress == -1 && is_file_compressed(filename, &rc2))
       {
         if (opt.verbose)
           log_info(_("`%s' already compressed\n"), filename);

g10/encr-data.c

@@ -148,6 +148,7 @@ decrypt_data( void *procctx, PKT_encrypted *ed, DEK *dek )
 	/*log_hexdump("MDC calculated:", md_read( dfx.mdc_hash, 0), datalen);*/
 	/*log_hexdump("MDC message   :", dfx.defer, 20);*/
     }
+    
 
   leave:
     cipher_close(dfx.cipher_hd);

g10/exec.c

@@ -64,7 +64,7 @@ static int make_tempdir(struct exec_info *info)
 #elif defined (__MINGW32__) || defined (__CYGWIN32__)
 	      tmp=m_alloc(256);
 	      if(GetTempPath(256,tmp)==0)
-		strcpy(tmp,"c:\temp");
+		strcpy(tmp,"c:\\temp");
 	      else
 		{
 		  int len=strlen(tmp);
@@ -83,7 +83,7 @@ static int make_tempdir(struct exec_info *info)
 	}
     }
 
-  info->tempdir=m_alloc(strlen(tmp)+1+10+1);
+  info->tempdir=m_alloc(strlen(tmp)+strlen(DIRSEP_S)+10+1);
 
   sprintf(info->tempdir,"%s" DIRSEP_S "gpg-XXXXXX",tmp);
 
@@ -98,13 +98,15 @@ static int make_tempdir(struct exec_info *info)
     {
       info->madedir=1;
 
-      info->tempfile_in=m_alloc(strlen(info->tempdir)+1+10+1);
+      info->tempfile_in=m_alloc(strlen(info->tempdir)
+                                +strlen(DIRSEP_S)+6+strlen(EXTSEP_S)+3+1);
       sprintf(info->tempfile_in,"%s" DIRSEP_S "datain" EXTSEP_S "%s",
 	      info->tempdir,info->binary?"bin":"txt");
 
       if(!info->writeonly)
 	{
-	  info->tempfile_out=m_alloc(strlen(info->tempdir)+1+11+1);
+	  info->tempfile_out=m_alloc(strlen(info->tempdir)
+                                     +strlen(DIRSEP_S)+7+strlen(EXTSEP_S)+3+1);
 	  sprintf(info->tempfile_out,"%s" DIRSEP_S "dataout" EXTSEP_S "%s",
 		  info->tempdir,info->binary?"bin":"txt");
 	}

g10/filter.h

@@ -68,7 +68,7 @@ struct unarmor_pump_s;
 typedef struct unarmor_pump_s *UnarmorPump;
 
 
-typedef struct {
+struct compress_filter_context_s {
     int status;
     void *opaque;   /* (used for z_stream) */
     byte *inbuf;
@@ -77,7 +77,9 @@ typedef struct {
     unsigned outbufsize;
     int algo;	 /* compress algo */
     int algo1hack;
-} compress_filter_context_t;
+    void (*release)(struct compress_filter_context_s*);
+};
+typedef struct compress_filter_context_s compress_filter_context_t;
 
 
 typedef struct {

g10/free-packet.c

@@ -390,6 +390,7 @@ free_packet( PACKET *pkt )
 	free_compressed( pkt->pkt.compressed);
 	break;
       case PKT_ENCRYPTED:
+      case PKT_ENCRYPTED_MDC:
 	free_encrypted( pkt->pkt.encrypted );
 	break;
       case PKT_PLAINTEXT:

g10/g10.c

@@ -832,7 +832,7 @@ main( int argc, char **argv )
       #endif
     }
 
-  #ifdef HAVE_DOSISH_SYSTEM
+#ifdef HAVE_DOSISH_SYSTEM
     if ( strchr (opt.homedir,'\\') ) {
         char *d, *buf = m_alloc (strlen (opt.homedir)+1);
         const char *s = opt.homedir;
@@ -841,13 +841,13 @@ main( int argc, char **argv )
         *d = 0;
         opt.homedir = buf;
     }
-  #endif
-  #undef USE_SHM_COPROCESSING	
-  #ifdef USE_SHM_COPROCESSING
+#endif
+#undef USE_SHM_COPROCESSING	 /* huh? */
+#ifdef USE_SHM_COPROCESSING
     if( opt.shm_coprocess ) {
 	init_shm_coprocessing(requested_shm_size, 1 );
     }
-  #endif
+#endif
     /* initialize the secure memory. */
     secmem_init( 16384 );
     maybe_setuid = 0;

g10/helptext.c

@@ -230,7 +230,7 @@ static struct helptexts { const char *key; const char *help; } helptexts[] = {
 { "keyedit.updpref.okay", N_(
  "Change the preferences of all user IDs (or just of the selected ones)\n"
  "to the current list of preferences.  The timestamp of all affected\n"
- "self-signatures fill be advanced by one second.\n"
+ "self-signatures will be advanced by one second.\n"
 )},
 
 

g10/keyedit.c

@@ -371,10 +371,19 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
 
 		    /* Fixme: see whether there is a revocation in which
 		     * case we should allow to sign it again. */
-		    tty_printf(_("\"%s\" was already %ssigned by key %08lX\n"),
-			       uidnode->pkt->pkt.user_id->name,
-			       (!node->pkt->pkt.signature->flags.exportable &&
-				local)?"locally ":"",(ulong)sk_keyid[1] );
+                    /* Note: I kept the %s and the empty string in the
+                       else branch so that not too many translations
+                       get broken. */
+                    if (!node->pkt->pkt.signature->flags.exportable && local)
+                      tty_printf(_(
+                         "\"%s\" was already locally signed by key %08lX\n"),
+                                   uidnode->pkt->pkt.user_id->name,
+                                   (ulong)sk_keyid[1] );
+                    else
+                      tty_printf(_(
+                         "\"%s\" was already %ssigned by key %08lX\n"),
+                                 uidnode->pkt->pkt.user_id->name,
+                                 "",(ulong)sk_keyid[1] );
                     sprintf (buf, "%08lX%08lX",
                              (ulong)sk->keyid[0], (ulong)sk->keyid[1] );
                     write_status_text (STATUS_ALREADY_SIGNED, buf);

g10/keygen.c

@@ -219,9 +219,9 @@ keygen_set_std_prefs (const char *string)
 
     if (!string || !ascii_strcasecmp (string, "default")) {
       if ( !check_cipher_algo(CIPHER_ALGO_IDEA) )
-        string = "S7 S10 S3 S4 S2 S1 H3 H2 Z2 Z1";
+        string = "S7 S3 S2 S1 H2 H3 Z2 Z1";
       else
-        string = "S7 S10 S3 S4 S2 H3 H2 Z2 Z1";
+        string = "S7 S3 H2 H3 Z2 Z1";
 
       /* If we have it, IDEA goes *after* 3DES so it won't be used
          unless we're encrypting along with a V3 key.  Ideally, we
@@ -348,6 +348,7 @@ keygen_upd_std_prefs( PKT_signature *sig, void *opaque )
 /****************
  * Add preference to the self signature packet.
  * This is only called for packets with version > 3.
+
  */
 int
 keygen_add_std_prefs( PKT_signature *sig, void *opaque )
@@ -865,11 +866,6 @@ ask_keysize( int algo )
 		break;
 	    }
 	}
-	else if( nbits > 1536 && !cpr_enabled() && algo != PUBKEY_ALGO_RSA ) {
-	    if( cpr_get_answer_is_yes("keygen.size.large.okay",_(
-		    "Do you really need such a large keysize? ")) )
-		break;
-	}
 	else
 	    break;
     }

g10/keyring.c

@@ -354,6 +354,7 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
     int in_cert = 0;
     int pk_no = 0;
     int uid_no = 0;
+    int save_mode;
 
     if (ret_kb)
         *ret_kb = NULL;
@@ -377,6 +378,7 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
     init_packet (pkt);
     hd->found.n_packets = 0;;
     lastnode = NULL;
+    save_mode = set_packet_list_mode(0);
     while ((rc=parse_packet (a, pkt)) != -1) {
         hd->found.n_packets++;
         if (rc == G10ERR_UNKNOWN_PACKET) {
@@ -444,6 +446,7 @@ keyring_get_keyblock (KEYRING_HANDLE hd, KBNODE *ret_kb)
         pkt = m_alloc (sizeof *pkt);
         init_packet(pkt);
     }
+    set_packet_list_mode(save_mode);
 
     if (rc == -1 && keyblock) 
 	rc = 0; /* got the entire keyblock */

g10/main.h

@@ -25,9 +25,9 @@
 #include "cipher.h"
 #include "keydb.h"
 
-#define DEFAULT_CIPHER_ALGO  CIPHER_ALGO_BLOWFISH
+#define DEFAULT_CIPHER_ALGO  CIPHER_ALGO_CAST5
 #define DEFAULT_PUBKEY_ALGO  PUBKEY_ALGO_ELGAMAL
-#define DEFAULT_DIGEST_ALGO  DIGEST_ALGO_RMD160
+#define DEFAULT_DIGEST_ALGO  DIGEST_ALGO_SHA1
 
 
 typedef struct {

g10/options.skel

@@ -96,7 +96,7 @@ lock-once
 # support).
 #
 # Example HKP keyserver:
-#      x-hkp://wwwkeys.nl.pgp.net
+#      x-hkp://keyserver.cryptnet.net
 #
 # Example email keyserver:
 #      mailto:pgp-public-keys@keys.nl.pgp.net
@@ -118,9 +118,9 @@ lock-once
 # Most servers do synchronize with each other and DNS round-robin may
 # give you a quasi-random server each time.
 
+#keyserver x-hkp://keyserver.cryptnet.net
 #keyserver mailto:pgp-public-keys@keys.nl.pgp.net
 #keyserver ldap://keyserver.pgp.com
-#keyserver x-hkp://wwwkeys.nl.pgp.net
 
 # Options for keyserver functions
 #

g10/parse-packet.c

@@ -1254,7 +1254,7 @@ parse_signature( IOBUF inp, int pkttype, unsigned long pktlen,
 	if(p && *p==0)
 	  sig->flags.exportable=0;
 
-	/* Find all revokation keys. Back to hashed area only. */
+	/* Find all revocation keys. Back to hashed area only. */
 	if(sig->sig_class==0x1F)
 	  {
 	    struct revocation_key *revkey;
@@ -1267,7 +1267,7 @@ parse_signature( IOBUF inp, int pkttype, unsigned long pktlen,
 							    &len,&seq)))
 	      {
 		if(len==sizeof(struct revocation_key) &&
-		   revkey->class&0x80) /* 0x80 bit must be set */
+		   (revkey->class&0x80)) /* 0x80 bit must be set */
 		  {
 		    sig->revkey=m_realloc(sig->revkey,
 			  sizeof(struct revocation_key *)*(sig->numrevkeys+1));

g10/tdbio.c

@@ -39,7 +39,7 @@
 #include "trustdb.h"
 #include "tdbio.h"
 
-#ifdef HAVE_DOSISH_SYSTEM
+#if defined(HAVE_DOSISH_SYSTEM) && !defined(__CYGWIN32__)
 #define ftruncate chsize
 #endif
 

po/ChangeLog

@@ -1,3 +1,15 @@
+2002-04-06  Werner Koch  <wk@gnupg.org>
+
+	* fr.po: Updated.
+
+2002-04-02  Werner Koch  <wk@gnupg.org>
+
+	* de.po, de.glo: Updated.
+
+2002-03-08  Werner Koch  <wk@gnupg.org>
+
+	* et.po: Updated.
+
 2002-03-06  Werner Koch  <wk@gnupg.org>
 
 	* pt_PT.po: Removed.

po/de.glo

@@ -1,6 +1,6 @@
 # Glossary for GnuPG german translation
 # Zusammenstellung der Liste:
-# Copyright (C) 1998, 1999, 2000, 20001 Free Software Foundation, Inc.
+# Copyright (C) 1998 Free Software Foundation, Inc.
 # Walter Koch <koch@hsp.de>, 1998.
 #
 # This is just a textfile for your information.
@@ -18,15 +18,16 @@
 # 5. (*) Uneinheitlich verwendet
 # 6.  - Gefällt mir (Walter Koch) nicht so toll
 # 7. Die erste genannte Übersetzung ist die in de.po verwendete
+# 8. # - Wurde in früherere de.po-Version verwendet
 
 
-
-Agent			Agent 
+agent			Agent 
 aka			alias
 algorithm		Verfahren          
 anonymous		ungenannter
 argument    		> Argument
 armor			ASCII-Hülle
+assigned		zugewiesen
 associate with a person <einer Person zuordnen
 authentication  	Authentisierung
 available		vorhanden [besser?: verfügbar, greifbar?]
@@ -34,7 +35,7 @@ bad [MPI]		fehlerhafte MPI
 bad [signature]		falsch[e] Unterschrift 
 break (the encryption)  <(Die Verschlüsselung) aufbrechen
 bug			"Bug (Programmfehler)"
-cache   		Lager  *Zwischenspeicher
+cache   		Cache, -#Lager  *Zwischenspeicher
 can't read		nicht lesbar
 cancelled		Abbruch, abgebrochen
 casual  		>zufällig, >gelegentlich >unregelmäßig
@@ -45,11 +46,13 @@ check (verb)		pr
 checking [sth.]		[sth-]-Überprüfung
 checksum		Prüfsumme
 cipher algorithm	Verschlüsselungsverfahren
+clearsign 
 clearsig header		Klartextsignatur-Einleitung
 created			erzeugt
 command			Befehl
 comment			Bemerkung
 compress algorithm      Komprimierverfahren,*Komprimierungsverfahren ?   
+compressed		komprimiert
 compromised             nicht mehr sicher
 core dump		core-dump-Datei
 , (Speicherauszug?)
@@ -61,18 +64,23 @@ created			erstellt
 creation    		<Erzeugung
 critical bit   		???
 dash escaped            mit Bindestrich \"escapte\", *m.Bindestrichen maskiert?
-decryption		Enschlüsselung
+decryption		Entschlüsselung
 default option  	<Standardoption
+default option file 	--voreingestellte Optionendatei
 DEK 			???
 delete  		entfernen, *>löschen 
 depend on   		>sich verlassen auf,>angewiesen sein auf,>abhängen von
 depreciated		- taugt nicht mehr viel
+detached [sign]		abgetrennte [Unterschrift]
 determined attacker 	>zielbewusster,>entschlossener Angreifer
 digest algorithm	Hashmethode
+direct [key sig]        -"direct key"
 disabled		abgeschaltet
+duplicated (adj.)	doppelt
 encrypted		verschlüsselte
 enviorement variable  	Umgebungsvariable
 eventually  		>schließlich, endlich  Nicht: eventuell
+expand
 expiration date 	<Verfalldatum
 expire  		<verfallen
 expires			verfällt
@@ -81,12 +89,15 @@ failed			fehlgeschlagen
 faked [RNG]             - *manipulierter Zufallszahlengenerator
 faked [certificate]     gefälscht
 fingerprint  		Fingerabdruck
+flag [verb]  		-kennzeichnen
 found [xyz found]       entdeckt [xyz entdeckt]
 for-your-eyes-only	Vertraulichkeit (\"for-your-eyes-only\")
+, Verschlußsache
 generated		erzeugter
 good certificate	Korrektes Zertifikat
-handle			benutzt
+handle [verb]		benutzen, behandeln, mit ... umgehen
 hint			Tip
+human readable          -nicht als Klartext darstellbar 
 ignored			unbeachtet
 include 		<enthalten
 init    		*initialisieren
@@ -97,10 +108,12 @@ key-ID                  Schl
 
 key binding		Schlüsselanbindung
 keyblock		Schlüsselblock
-keyserver   		Schlüsselserver, -*Schlüssel-Server 
+keyserver   		Schlüsselserver, Schlü.server, -*Schlüssel-Server 
 keysize			
 keyring 		Schlüsselbund
 lifetime    		>Gültigkeitsdauer, >Geltungsdauer
+listed 
+locally                 (nur) für diesen Rechner, #(nur) auf diesem Rechner
 lookup			- Suche
 machine 		häufig: Computer, Rechner
 main key		Hauptschlüssel
@@ -115,17 +128,26 @@ merge  (to) 		>zusammenf
 message 		Botschaft
 mode			Modus, Methode   *
 move    		schieben, *verschieben
+multiple signature	Mehrfachunterschriften
 NAI
 network error		Netzwerkfehler
+non-revocably           nicht-widerrufbar, unwiderruflich??
 note			Hinweis
 okay			in Ordnung
 Ooops			Huch
 OpenPGP 		
-original		Ursprünglicher
+option                  Option
+original		ursprünglicher
+overrides		-ersetzt
 ownertrust  		\"Owner trust\"  *Vertrauenswürdigkeit des Besitzers
 packet			Paket
 packet type		Pakettyp
+parse 			-zerlegen
 passphrase		Mantra
+permission [file]       Zugriffsrechte
+Photo-ID                Foto-ID
+policy			Richtlinie
+policy URL		Richtlinien-URL
 preference items	????
 preferences 		Einstellungen    *(die gesamten) Einstellungen
 preferred		bevorzugt
@@ -134,14 +156,15 @@ problem [to do sth.]    -Schwierigkeit
 prompt (to) 		auch: >abfragen, >anfordern, >verlangen
 protected
 protection algorithm	Schutzverfahren
-pubkey algorithm	Public-Key Verfahren	 (*)
+pubkey algorithm	Public-Key-Verfahren	 
 public key		öffentlicher Schüssel
-public key algorithm    Public-Key Verfahren *Public-Key-Verfahren
+public key algorithm    Public-Key-Verfahren 
 quit    		*(Programm) verlassen, beenden
 radix64			radix64
 random 			Zufall
 random bytes		Zufallswerte
 reason			Grund (für revocation)
+[xyz] rebuild           [xyz]-Neuaufbau, neu erzeugt
 regular file		normale Datei
 response		Antwort (Reaktion?)
 retry			???? (Wiederholung?, Wiederaufnahme?)
@@ -150,14 +173,19 @@ reveal  		auch: <jemandem zeigen, >anderen zeigen
 revocation  		Widerruf <*>Rückruf
 revocation certificate  *<Rückrufurkunde *Rückruf-Zertifikat
 revoke			widerrufen
+revocably               widerrufbar
 RNG			Zufallsgenerator
 secondary key		Zweitschlüssel
 secret key		geheimer Schlüssel
+secret keyring          geheimer Schlüsselbund, geh. Schlüsselbund
 secret parts		geheime Teile
 security need(s)	>Sicherheitsbedüfnis(se), >Sicherheitsbedarf
 self-signature		Eigenbeglaubigung     
 sender			Absender
+sensitive		- empfindlich
+set [sth.]              einstellen, festlegen
 session			Sitzung
+show			[an]zeigen, zeigen
 sign user id		User-ID beglaubigen   *
 signed			unterschriebene
 signature (files)	Unterschrift          *
@@ -167,6 +195,8 @@ skipped
 so far 			bislang
 specify 		>spezifizieren, <angeben, ?festlegen
 stdin   		- stdin, *die Standardeingabe 
+string			Zeichenkette
+[PGP2-]style[ key]      [PGP2-] artiger [Schlüssel]
 subkey			Unterschlüssel
 superseeded		überholt, veraltet
 terminal charset        - Terminalzeichensatz *Terminal-Zeichensatz(s.o.)
@@ -178,21 +208,31 @@ trusted			- vertrauensw
 trustvalues		- trustvalues >Vertrauensniveaus?? *Vertrauensmaß? >Vertrauenswerte?
 trying			Versuch
 type [message]		[Botschaft] eintippen
-ulimately [trust]	uneingeschränktes [Vertrauen]
+ulimately [trust]	uneingeschränkt [vertrauen]
+ultimate trust          uneingeschränktes Vertrauen
+unable
+unattended              unbeaufsichtigt
+unavailble
 untrusted               - nichtvertrauenswürdig, *nicht vertrauenswürdig
+unusable		unbrauchbar
 update                  Ändern, Änderung >Aktualisieren, >Aktualisierung *auf den 
+URL                     (die) URL 
+[the] use [of]           
 User    		- User, *<Benutzer, *Teilnehmer
 user ID 		User-ID
 user IDs		User-IDs
 user interface  	>Benutzer-Schnittstelle
 username    		Username, *<Benutzername,  
 used			benutzt (no loger used)
+using xyz		verwende xyz
 valid 			gültig
 validate    		-- authentifizieren (>besser authentisieren ?? So im 
 Wörterbuch der neuen Rechtschreibung)
 validation  		-- >Authentisierung 
+verbose			ausführlich
 verify  		< überprüfen
 warning			Warnung
 weak key		unsicherer Schlüssel
+writeable		schreibbarer 
 wisely                  >klug, vernünftig(erweise), >gescheit; möglichst sinnvoll
 

tools/mail-signed-keys

@@ -17,11 +17,13 @@ if [ "$1" = "--dry-run" ]; then
    shift
 fi
 
-if [ -z "$1" -o -z "$2" ]; then
-   echo "usage: mail-signed-keys keyring signedby" >&2
+if [ -z "$1" -o -z "$2" -o -z "$3" ]; then
+   echo "usage: mail-signed-keys keyring signedby signame" >&2
    exit 1
 fi
 
+signame="$3"
+
 if [ ! -f $1 ]; then
     echo "mail-signed-keys: '$1': no such file" >&2
     exit 1
@@ -30,7 +32,7 @@ fi
 [ -f '.#tdb.tmp' ] && rm '.#tdb.tmp'
 ro="--homedir . --no-options --trustdb-name=./.#tdb.tmp --dry-run --lock-never --no-default-keyring --keyring $1"
 
-signedby=`gpg $ro --fast-list-mode --list-keys --with-colons $2 \
+signedby=`gpg $ro --list-keys --with-colons $2 \
 	  2>/dev/null | awk -F: '$1=="pub" {print $5; exit 0}'`
 
 if [ -z "$signedby" ]; then
@@ -46,7 +48,8 @@ if [ "$dryrun" = "0" ]; then
 fi
 
 gpg $ro --check-sigs --with-colons 2>/dev/null \
-     | awk -F: -v signedby="$signedby" -v gpgopt="$ro" -v dryrun="$dryrun" '
+     | awk -F: -v signedby="$signedby" -v gpgopt="$ro" \
+       -v dryrun="$dryrun" -v signame="$signame"  '
 BEGIN	      { sendmail="/usr/lib/sendmail -oi -t " }
 $1 == "pub"   { nextkid=$5; nextuid=$10
 		if( uidcount > 0 ) { myflush() }
@@ -78,9 +81,10 @@ function myflush()
          print "Hi,"                                        | sendmail
          print ""                                           | sendmail
          print "Here you get back the signed key."          | sendmail
+	 print "Please send it yourself to a keyserver."    | sendmail
          print ""                                           | sendmail
-         print "ciao,"                                      | sendmail
-         print "     your Key Signator"                     | sendmail
+         print "Peace,"                                     | sendmail
+         print "      " signame                             | sendmail
          print ""                                           | sendmail
          cmd = "gpg " gpgopt " --export -a " kid " 2>/dev/null"
          while( (cmd | getline) > 0 ) {

util/ChangeLog

@@ -1,9 +1,17 @@
+2002-04-08  Werner Koch  <wk@gnupg.org>
+
+	Fixed filename of last entry.
+
 2002-03-29  David Shaw  <dshaw@jabberwocky.com>
 
-	* strgutil.c (print_string, utf8_to_native): If a delimiter is
+	* miscutil.c (print_string, utf8_to_native): If a delimiter is
 	used, then quote the backslash character as well.  Problem noted
 	by Rainer Perske.
 
+2002-03-15  Werner Koch  <wk@gnupg.org>
+
+	* argparse.c (optfile_parse): Fixed missing argument handling.
+
 2002-02-28  Timo Schulz  <ts@winpt.org>
 
 	* http.c (write_server): Convert integer to a HANDLE for W32.

util/argparse.c

@@ -273,10 +273,12 @@ optfile_parse( FILE *fp, const char *filename, unsigned *lineno,
 		    arg->r_opt = -arg->r_opt;
 		if( !opts[idx].short_opt )   /* unknown command/option */
 		    arg->r_opt = (opts[idx].flags & 256)? -7:-2;
-		else if( (opts[idx].flags & 8) ) /* no argument */
-		    arg->r_opt = -3;	       /* error */
-		else			       /* no or optional argument */
+		else if( !(opts[idx].flags & 7) ) /* does not take an arg */
 		    arg->r_type = 0;	       /* okay */
+		else if( (opts[idx].flags & 8) )  /* argument is optional */
+                    arg->r_type = 0;	       /* okay */
+		else			       /* required argument */
+		    arg->r_opt = -3;	       /* error */
 		break;
 	    }
 	    else if( state == 3 ) {	       /* no argument found */