See ChangeLog: Wed Jul 7 13:23:40 CEST 1999 Werner Koch

1999-07-07 11:28:26 +00:00 · 1999-07-07 11:28:26 +00:00 · bd7298cf0d
parent 86abac78a2
commit bd7298cf0d
35 changed files with 4711 additions and 4608 deletions
--- a/6
+++ b/6
@ -1,3 +1,9 @@
 Wed Jul  7 13:08:40 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 	* Makefile.am: Support for libtool.
 	* configure.in: Ditto.
 Tue Jun 29 21:44:25 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
--- a/Makefile.am
+++ b/Makefile.am
@ -23,9 +23,11 @@ dist-hook:
 	sed -e 's/@pkg_version@/$(VERSION)/g' \
 	    $(top_srcdir)/scripts/gnupg.spec.in \
 	    > $(distdir)/scripts/gnupg.spec
 	rm $(distdir)/gcrypt/*.[ch]
-# maintainer only
+if MAINTAINER_MODE
 # This is only useful within my local environment (wk)
 cvs-get:
 	rsync -Cavuzb  --exclude scratch --exclude .deps \
 		      wkoch@sigtrap.guug.de:work/gnupg .
@ -36,6 +38,7 @@ cvs-put:
 cvs-sync: cvs-get cvs-put
 endif
 .PHONY: cvs-get cvs-put cvs-sync
--- a/3
+++ b/3
@ -5,6 +5,9 @@
    * You will be asked for a filename if gpg cannot deduce one.
    * Changes to support libtool which is needed for the development
      of libgcrypt.
 Noteworthy changes in version 0.9.8
 -----------------------------------
--- a/2
+++ b/2
@ -33,7 +33,6 @@ Nice to have
    utility and SOCKSify this utility.
  * Do a real fix for bug #7 or document that it is a PGP 5 error.
  * preferences of hash algorithms are not yet used.
  * new menu to delete signatures and list signature in menu
  * Replace the SIGUSR1 stuff by semaphores to avoid loss of a signal.
    or use POSIX.4 realtime signals.  Overhaul the interface and the
    test program.  Use it with the test suite?
@ -42,7 +41,6 @@ Nice to have
  * Burn the buffers used by fopen(), or use read(2). Does this
    really make sense?	And while we are at it:  implement a secure deletion
    stuff?
  * Stats about used random numbers.
  * the pubkey encrypt functions should do some sanity checks.
  * dynload: implement the hint stuff.
  * "gpg filename.tar.gz.asc" sollte wie mit --verify funktionieren (-sab).
--- a/cipher/ChangeLog
+++ b/cipher/ChangeLog
@ -1,3 +1,8 @@
 Wed Jul  7 13:08:40 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 	* Makefile.am: Support for libtool.
 Fri Jul  2 11:45:54 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
--- a/cipher/Makefile.am
+++ b/cipher/Makefile.am
@ -3,7 +3,7 @@
 INCLUDES =  -I$(top_srcdir)/include -I$(top_srcdir)/intl
-noinst_LIBRARIES = libcipher.a
+noinst_LTLIBRARIES = libcipher.la
 # The configure script greps the module names from the following lines.
 # You must also add all these names to EXTRA_PROGRAMS some lines below
@ -33,7 +33,8 @@ endif
 DYNLINK_MOD_CFLAGS = -DIS_MODULE @DYNLINK_MOD_CFLAGS@
-libcipher_a_SOURCES = cipher.c	\
+libcipher_la_LDFLAGS =
 libcipher_la_SOURCES = cipher.c  \
 		 pubkey.c	\
 		 md.c		\
 		 dynload.c	\
@ -62,8 +63,8 @@ libcipher_a_SOURCES = cipher.c	\
 BUILT_SOURCES = construct.c
-libcipher_a_DEPENDENCIES = @STATIC_CIPHER_OBJS@
+libcipher_la_DEPENDENCIES = @STATIC_CIPHER_OBJS@
-libcipher_a_LIBADD =	   @STATIC_CIPHER_OBJS@
+libcipher_la_LIBADD =	    @STATIC_CIPHER_OBJS@
 # If I remember it correct, automake 1.4 has a feature to set
--- a/configure.in
+++ b/configure.in
@ -109,8 +109,18 @@ AC_MSG_CHECKING([whether compilation of libgcrypt is requested])
 AC_ARG_ENABLE(libgcrypt,
    [  --enable-libgcrypt      compile the libgcrypt [default=no]],
 [compile_libgcrypt="$enableval"],[compile_libgcrypt=no])
 AM_CONDITIONAL(COMPILE_LIBGCRYPT, test x$compile_libgcrypt = xyes)
 AC_MSG_RESULT($compile_libgcrypt)
 if test x$compile_libgcrypt = xyes ; then
    if test -f $srcdir/gcrypt/gcrypt.h; then
        :
    else
        compile_libgcrypt=no
        AC_MSG_WARN([[
 *** LIBGCRYPT is not yet ready for public testing.
 *** Maybe you have more luck with the next release of GnuPG]])
    fi
 fi
 AM_CONDITIONAL(COMPILE_LIBGCRYPT, test x$compile_libgcrypt = xyes)
 dnl
@ -123,6 +133,8 @@ AC_ARG_WITH(capabilities,
 AC_MSG_RESULT($use_capabilities)
 AM_MAINTAINER_MODE
 dnl Checks for programs.
 AC_CANONICAL_SYSTEM
@ -139,15 +151,17 @@ AC_PROG_CC
 AC_PROG_CPP
 AC_ISC_POSIX
 AC_PROG_INSTALL
-AC_PROG_RANLIB
+AC_PROG_AWK
 AC_CHECK_PROG(DOCBOOK_TO_MAN, docbook-to-man, yes, no)
 AM_CONDITIONAL(HAVE_DOCBOOK_TO_MAN, test "$ac_cv_prog_DOCBOOK_TO_MAN" = yes)
 dnl
-dnl Don't default to build shared libs
+dnl Build shared libraries only when compilation of libgcrypt
 dnl has been requested
 dnl
 AM_DISABLE_SHARED
 enable_shared="$compile_libgcrypt"
 AM_PROG_LIBTOOL
@ -486,7 +500,7 @@ for name in $MODULES_IN_CIPHER; do
    done;
    if test $x = yes; then
        STATIC_CIPHER_NAMES="$STATIC_CIPHER_NAMES $name"
-        STATIC_CIPHER_OBJS="$STATIC_CIPHER_OBJS $name.o"
+        STATIC_CIPHER_OBJS="$STATIC_CIPHER_OBJS $name.lo"
    else
        DYNAMIC_CIPHER_MODS="$DYNAMIC_CIPHER_MODS $name"
        GNUPG_MSG_PRINT([$name])
@ -556,7 +570,7 @@ if test "$ac_cv_mpi_extra_asm_modules" != ""; then
 GNUPG_MSG_PRINT([mpi extra asm functions:])
 for i in $ac_cv_mpi_extra_asm_modules; do
    GNUPG_MSG_PRINT([$i])
-    MPI_EXTRA_ASM_OBJS="$MPI_EXTRA_ASM_OBJS $i.o"
+    MPI_EXTRA_ASM_OBJS="$MPI_EXTRA_ASM_OBJS $i.lo"
 done
 AC_MSG_RESULT()
 fi
--- a/g10/ChangeLog
+++ b/g10/ChangeLog
@ -1,3 +1,20 @@
 Wed Jul  7 13:08:40 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 	* Makefile.am: Support for libtool.
 	* keygen.c (ask_expire_interval): Hack to allow for an expire date.
 	* trustdb.c (do_update_trust_record,update_trust_record): Splitted.
 	(check_trust_record): New.
 	(check_trust,build_cert_tree): Check the dir record as needed.
 	(upd_pref_record): Removed.
 	(make_pref_record): New.
 	(propagate_validity): Stop as soon as we have enough validity.
 	* tbdio.c (MAX_CACHE_ENTRIES_HARD): Increased the limit.
 Fri Jul  2 11:45:54 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
--- a/g10/Makefile.am
+++ b/g10/Makefile.am
@ -4,7 +4,7 @@ INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl
 EXTRA_DIST = OPTIONS  pubring.asc  options.skel
 OMIT_DEPENDENCIES = zlib.h zconf.h
 LDFLAGS = @LDFLAGS@ @DYNLINK_LDFLAGS@
-needed_libs = ../cipher/libcipher.a ../mpi/libmpi.a ../util/libutil.a
+needed_libs = ../cipher/libcipher.la ../mpi/libmpi.la ../util/libutil.la
 #noinst_PROGRAMS = gpgd
 bin_PROGRAMS = gpg
--- a/g10/helptext.c
+++ b/g10/helptext.c
@ -101,7 +101,10 @@ static struct helptexts { const char *key; const char *help; } helptexts[] = {
 { N_("keygen.valid"),
- "Enter the required value"
+ "Enter the required value as shown in the pronpt.\n"
 "It is possible to enter a ISO date (YYYY-MM-DD) but you won't\n"
 "get a good error response - instead the system tries to interpret\n"
 "the given value as an interval."
 },
 { N_("keygen.valid.okay"),
--- a/g10/keyedit.c
+++ b/g10/keyedit.c
@ -592,7 +592,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands )
 	{ N_("enable")  , cmdENABLEKEY , 0, N_("enable a key") },
    { NULL, cmdNONE } };
-    enum cmdids cmd;
+    enum cmdids cmd = 0;
    int rc = 0;
    KBNODE keyblock = NULL;
    KBPOS keyblockpos;
@ -643,7 +643,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands )
    toggle = 0;
    cur_keyblock = keyblock;
    for(;;) { /* main loop */
-	int i, arg_number;
+	int i, arg_number=0;
 	char *p;
 	tty_printf("\n");
--- a/g10/keygen.c
+++ b/g10/keygen.c
@ -519,13 +519,25 @@ ask_expire_interval(void)
    answer = NULL;
    for(;;) {
 	int mult;
 	u32 abs_date=0;
 	u32 curtime=0;;
 	m_free(answer);
 	answer = cpr_get("keygen.valid",_("Key is valid for? (0) "));
 	cpr_kill_prompt();
 	trim_spaces(answer);
 	curtime = make_timestamp();
 	if( !*answer )
 	    valid_days = 0;
 	else if( (abs_date = scan_isodatestr(answer)) && abs_date > curtime ) {
 	    /* This calculation is not perfectly okay because we
 	     * are later going to simply multiply by 86400 and don't
 	     * correct for leapseconds.  A solution would be to change
 	     * the whole implemenation to work with dates and not intervals
 	     * which are required for v3 keys.
 	     */
 	    valid_days = abs_date/86400-curtime/86400+1;
 	}
 	else if( (mult=check_valid_days(answer)) ) {
 	    valid_days = atoi(answer) * mult;
 	    if( valid_days < 0 || valid_days > 32767 )
@ -544,7 +556,7 @@ ask_expire_interval(void)
 	    interval = valid_days * 86400L;
 	    /* print the date when the key expires */
 	    tty_printf(_("Key expires at %s\n"),
-			asctimestamp(make_timestamp() + interval ) );
+			asctimestamp(curtime + interval ) );
 	}
 	if( !cpr_enabled()
--- a/g10/tdbio.c
+++ b/g10/tdbio.c
@ -56,8 +56,8 @@ struct cache_ctrl_struct {
    char data[TRUST_RECORD_LEN];
 };
-#define MAX_CACHE_ENTRIES_SOFT	200   /* may be increased while in a */
+#define MAX_CACHE_ENTRIES_SOFT	200    /* may be increased while in a */
-#define MAX_CACHE_ENTRIES_HARD	1000  /* transaction to this one */
+#define MAX_CACHE_ENTRIES_HARD	10000  /* transaction to this one */
 static CACHE_CTRL cache_list;
 static int cache_entries;
 static int cache_is_dirty;
--- a/g10/trustdb.c
+++ b/g10/trustdb.c
@ -124,6 +124,9 @@ static int do_check( TRUSTREC *drec, unsigned *trustlevel,
 		     const char *nhash, int (*add_fnc)(ulong),
 						unsigned *retflgs);
 static int get_dir_record( PKT_public_key *pk, TRUSTREC *rec );
 static int do_update_trust_record( KBNODE keyblock, TRUSTREC *drec,
 					  int recheck, int *modified );
 static int check_trust_record( TRUSTREC *drec );
 /* a table used to keep track of ultimately trusted keys
 * which are the ones from our secrings and the trusted keys */
@ -403,44 +406,6 @@ get_dir_record( PKT_public_key *pk, TRUSTREC *rec )
    return rc;
 }
 /****************
 * Get the LID of a public key.
 * Returns: The LID of the key (note, that this may be a shadow dir)
 *	    or 0 if not available.
 * fixme: make this ftser by putting entries into the sdir hash table
 */
 #if 0
 static ulong
 lid_from_keyid( u32 *keyid )
 {
    PKT_public_key *pk = m_alloc_clear( sizeof *pk );
    TRUSTREC rec;
    ulong lid = 0;
    int rc;
    rc = get_pubkey( pk, keyid );
    if( !rc ) {
 	if( pk->local_id )
 	    lid = pk->local_id;
 	else {
 	    rc = tdbio_search_dir_bypk( pk, &rec );
 	    if( !rc )
 		lid = rec.recnum;
 	    else if( rc == -1 ) { /* see whether there is a sdir instead */
 		u32 akid[2];
 		keyid_from_pk( pk, akid );
 		rc = tdbio_search_sdir( akid, pk->pubkey_algo, &rec );
 		if( !rc )
 		    lid = rec.recnum;
 	    }
 	}
    }
    free_public_key( pk );
    return lid;
 }
 #endif
 static ulong
 lid_from_keyid_no_sdir( u32 *keyid )
 {
@ -862,124 +827,6 @@ find_or_create_lid( PKT_signature *sig )
 #if 0
 static void
 upd_pref_record( TRUSTREC *urec, u32 *keyid, PKT_signature *sig )
 {
    static struct {
 	sigsubpkttype_t subpkttype;
 	int preftype;
    } ptable[] = {
 	{ SIGSUBPKT_PREF_SYM,	PREFTYPE_SYM	},
 	{ SIGSUBPKT_PREF_HASH,	PREFTYPE_HASH	},
 	{ SIGSUBPKT_PREF_COMPR, PREFTYPE_COMPR	},
 	{ 0, 0 }
    };
    TRUSTREC prec;
    ulong lid = urec->r.uid.lid ;
    const byte *uidhash = urec->r.uid.namehash;
    const byte *s;
    size_t n;
    int k, i;
    ulong recno;
    byte prefs_sig[200];
    int n_prefs_sig = 0;
    byte prefs_rec[200];
    int n_prefs_rec = 0;
    if( DBG_TRUST )
 	log_debug("upd_pref_record for %08lX.%lu/%02X%02X\n",
 			  (ulong)keyid[1], lid, uidhash[18], uidhash[19] );
    /* check for changed preferences */
    for(k=0; ptable[k].subpkttype; k++ ) {
 	s = parse_sig_subpkt2( sig, ptable[k].subpkttype, &n );
 	if( s ) {
 	    for( ; n; n--, s++ ) {
 		if( n_prefs_sig >= DIM(prefs_sig)-1 ) {
 		    log_info("uid %08lX.%lu/%02X%02X: %s\n",
 			      (ulong)keyid[1], lid, uidhash[18], uidhash[19],
 			      _("Too many preferences") );
 		    break;
 		}
 		prefs_sig[n_prefs_sig++] = ptable[k].preftype;
 		prefs_sig[n_prefs_sig++] = *s;
 	    }
 	}
    }
    for( recno=urec->r.uid.prefrec; recno; recno = prec.r.pref.next ) {
 	read_record( recno, &prec, RECTYPE_PREF );
 	for(i = 0; i < ITEMS_PER_PREF_RECORD; i +=2 )  {
 	    if( n_prefs_rec >= DIM(prefs_rec)-1 ) {
 		log_info("uid %08lX.%lu/%02X%02X: %s\n",
 			  (ulong)keyid[1], lid, uidhash[18], uidhash[19],
 			  _("Too many preference items") );
 		break;
 	    }
 	    if( prec.r.pref.data[i] ) {
 		prefs_rec[n_prefs_rec++] = prec.r.pref.data[i];
 		prefs_rec[n_prefs_rec++] = prec.r.pref.data[i+1];
 	    }
 	}
    }
    if( n_prefs_sig == n_prefs_rec
 	&& !memcmp( prefs_sig, prefs_rec, n_prefs_sig ) )
 	return;  /* not changed */
    /* Preferences have changed:  Delete all pref records
     * This is much simpler than checking whether we have to
     * do update the record at all - the record cache may care about it
     */
    for( recno=urec->r.uid.prefrec; recno; recno = prec.r.pref.next ) {
 	read_record( recno, &prec, RECTYPE_PREF );
 	delete_record( recno );
    }
    if( n_prefs_sig > ITEMS_PER_PREF_RECORD )
 	 log_info(_("WARNING: can't yet handle long pref records\n"));
    memset( &prec, 0, sizeof prec );
    prec.recnum = tdbio_new_recnum();
    prec.rectype = RECTYPE_PREF;
    prec.r.pref.lid = lid;
    if( n_prefs_sig <= ITEMS_PER_PREF_RECORD )
 	memcpy( prec.r.pref.data, prefs_sig, n_prefs_sig );
    else { /* need more than one pref record */
 	TRUSTREC tmp;
 	ulong nextrn;
 	byte *pp = prefs_sig;
 	n = n_prefs_sig;
 	memcpy( prec.r.pref.data, pp, ITEMS_PER_PREF_RECORD );
 	n -= ITEMS_PER_PREF_RECORD;
 	pp += ITEMS_PER_PREF_RECORD;
 	nextrn = prec.r.pref.next = tdbio_new_recnum();
 	do {
 	    memset( &tmp, 0, sizeof tmp );
 	    tmp.recnum = nextrn;
 	    tmp.rectype = RECTYPE_PREF;
 	    tmp.r.pref.lid = lid;
 	    if( n <= ITEMS_PER_PREF_RECORD ) {
 		memcpy( tmp.r.pref.data, pp, n );
 		n = 0;
 	    }
 	    else {
 		memcpy( tmp.r.pref.data, pp, ITEMS_PER_PREF_RECORD );
 		n -= ITEMS_PER_PREF_RECORD;
 		pp += ITEMS_PER_PREF_RECORD;
 		nextrn = tmp.r.pref.next = tdbio_new_recnum();
 	    }
 	    write_record( &tmp );
 	} while( n );
    }
    write_record( &prec );
    urec->r.uid.prefrec = prec.recnum;
    urec->dirty = 1;
 }
 #endif
 /****************
 * Check the validity of a key and calculate the keyflags
 * keynode points to
@ -1045,7 +892,7 @@ check_keybinding( KBNODE keyblock, KBNODE keynode, u32 *mainkid,
 		if( opt.verbose )
 		    log_info(_("key %08lX.%lu: Valid key revocation\n"),
 				 (ulong)keyid_from_pk(pk, NULL), lid );
-		keyflags |= KEYF_REVOKED;  /* fixme: revoke the main key too*/
+		keyflags |= KEYF_REVOKED;
 	    }
 	    else {
 		log_info(_(
@ -1056,8 +903,6 @@ check_keybinding( KBNODE keyblock, KBNODE keynode, u32 *mainkid,
 	}
 	else if( sig->sig_class == 0x28 && !revoke_seen && !is_main ) {
 	    /* this is a subkey revocation certificate: check it */
 	    /* fixme: we should also check that the revocation
 	     * is newer than the key (OpenPGP) */
 	    rc = check_key_signature( keyblock, node, NULL );
 	    if( !rc ) {
 		if( opt.verbose )
@ -1081,7 +926,7 @@ check_keybinding( KBNODE keyblock, KBNODE keynode, u32 *mainkid,
 static ulong
-make_key_records( KBNODE keyblock, ulong lid, u32 *keyid )
+make_key_records( KBNODE keyblock, ulong lid, u32 *keyid, int *mainrev )
 {
    TRUSTREC *krecs, **kend, *k, *k2;
    KBNODE  node;
@ -1090,6 +935,7 @@ make_key_records( KBNODE keyblock, ulong lid, u32 *keyid )
    size_t fprlen;
    ulong keyrecno;
    *mainrev = 0;
    krecs = NULL; kend = &krecs;
    for( node=keyblock; node; node = node->next ) {
 	if( node->pkt->pkttype != PKT_PUBLIC_KEY
@ -1110,7 +956,9 @@ make_key_records( KBNODE keyblock, ulong lid, u32 *keyid )
 	kend = &k->next;
 	k->r.key.keyflags = check_keybinding( keyblock, node, keyid, lid, pk );
-
+	if( (k->r.key.keyflags & KEYF_REVOKED)
 	    && node->pkt->pkttype == PKT_PUBLIC_KEY )
 	    *mainrev = 1;
    }
    keyrecno = krecs? krecs->recnum : 0;
@ -1128,13 +976,15 @@ make_key_records( KBNODE keyblock, ulong lid, u32 *keyid )
 /****************
 * Check the validity of a user ID and calculate the uidflags
- * keynode points to
+ * keynode points to  a node with a user ID.
- * a node with a user ID.  mainkid has the key ID of the primary key
+ * mainkid has the key ID of the primary key, keyblock is the complete
- * keyblock is the complete keyblock which is needed for signature
+ * keyblock which is needed for signature checking.
- * checking.
+ * Returns: The uid flags and the self-signature which is considered to
 * be the most current.
 */
 static unsigned int
-check_uidsigs( KBNODE keyblock, KBNODE keynode, u32 *mainkid, ulong lid )
+check_uidsigs( KBNODE keyblock, KBNODE keynode, u32 *mainkid, ulong lid,
 						  PKT_signature **bestsig )
 {
    KBNODE node;
    unsigned int uidflags = 0;
@ -1188,7 +1038,8 @@ check_uidsigs( KBNODE keyblock, KBNODE keynode, u32 *mainkid, ulong lid )
    /* and now check for revocations - we must do this after the
     * self signature check because a self-signature which is newer
     * than a revocation makes the revocation invalid.
-     * Fixme: Is this correct - check with rfc2440 */
+     * RFC2440 is quiet about tis but I feel this is reasonable for
     * non-primary-key revocations. */
    for( node=keynode->next; node; node = node->next ) {
 	if( node->pkt->pkttype == PKT_USER_ID
 	    || node->pkt->pkttype == PKT_PUBLIC_SUBKEY )
@ -1221,7 +1072,7 @@ check_uidsigs( KBNODE keyblock, KBNODE keynode, u32 *mainkid, ulong lid )
 	}
    }
-
+    *bestsig = selfsig;
    return uidflags;
 }
@ -1397,6 +1248,74 @@ make_sig_records( KBNODE keyblock, KBNODE uidnode,
 }
 /****************
 * Make a preference record (or a list of them) according to the supplied
 * signature.
 * Returns: The record number of the first pref record.
 */
 static ulong
 make_pref_record( PKT_signature *sig, ulong lid )
 {
    static struct {
 	sigsubpkttype_t subpkttype;
 	int preftype;
    } ptable[] = {
 	{ SIGSUBPKT_PREF_SYM,	PREFTYPE_SYM	},
 	{ SIGSUBPKT_PREF_HASH,	PREFTYPE_HASH	},
 	{ SIGSUBPKT_PREF_COMPR, PREFTYPE_COMPR	},
 	{ 0, 0 }
    };
    TRUSTREC *precs, **p_end, *p=NULL, *p2;
    ulong precno;
    int k, idx=0;
    const byte *s;
    size_t n;
  #if (ITEMS_PER_PREF_RECORD % 2) != 0
    #error ITEMS_PER_PREF_RECORD must have an even value
  #endif
    precs = NULL; p_end = &precs;
    for(k=0; ptable[k].subpkttype; k++ ) {
 	s = parse_sig_subpkt2( sig, ptable[k].subpkttype, &n );
 	if( !s )
 	    continue;
 	for( ; n; n--, s++ ) {
 	    if( !idx ) {
 		p = m_alloc_clear( sizeof *p );
 		p->rectype = RECTYPE_PREF;
 		p->r.pref.lid = lid;
 	    }
 	    p->r.pref.data[idx++] = ptable[k].preftype;
 	    p->r.pref.data[idx++] = *s;
 	    if( idx >= ITEMS_PER_PREF_RECORD ) {
 		p->recnum = tdbio_new_recnum();
 		*p_end = p;
 		p_end = &p->next;
 		idx = 0;
 	    }
 	}
    }
    if( idx ) {
       p->recnum = tdbio_new_recnum();
       *p_end = p;
       p_end = &p->next;
    }
    precno = precs? precs->recnum : 0;
    /* write the precs and release the memory */
    for( p = precs; p ; p = p2 ) {
 	if( p->next )
 	    p->r.pref.next = p->next->recnum;
 	write_record( p );
 	p2 = p->next;
 	m_free( p );
    }
    return precno;
 }
 static ulong
 make_uid_records( KBNODE keyblock, ulong lid, u32 *keyid, u32 *min_expire )
 {
@ -1408,6 +1327,8 @@ make_uid_records( KBNODE keyblock, ulong lid, u32 *keyid, u32 *min_expire )
    urecs = NULL; uend = &urecs;
    for( node=keyblock; node; node = node->next ) {
 	PKT_signature *bestsig;
 	if( node->pkt->pkttype != PKT_USER_ID )
 	    continue;
 	uid = node->pkt->pkt.user_id;
@ -1422,10 +1343,12 @@ make_uid_records( KBNODE keyblock, ulong lid, u32 *keyid, u32 *min_expire )
 	*uend = u;
 	uend = &u->next;
-	u->r.uid.uidflags = check_uidsigs( keyblock, node, keyid, lid );
+	u->r.uid.uidflags = check_uidsigs( keyblock, node, keyid,
 						     lid, &bestsig );
 	if( (u->r.uid.uidflags & UIDF_CHECKED)
-	    && (u->r.uid.uidflags & UIDF_VALID) )
+	    && (u->r.uid.uidflags & UIDF_VALID) ) {
-	    /*make_pref_record( &urec, keyid, selfsig )*/;
+	    u->r.uid.prefrec = bestsig? make_pref_record( bestsig, lid ) : 0;
 	}
 	/* create the list of signatures */
 	u->r.uid.siglist = make_sig_records( keyblock, node,
 					     lid, keyid, min_expire );
@ -1451,47 +1374,61 @@ make_uid_records( KBNODE keyblock, ulong lid, u32 *keyid, u32 *min_expire )
 */
 int
 update_trust_record( KBNODE keyblock, int recheck, int *modified )
 {
    TRUSTREC drec;
    int rc;
    if( opt.dry_run )
 	return 0;
    if( modified )
 	*modified = 0;
    init_trustdb();
    rc = get_dir_record( find_kbnode( keyblock, PKT_PUBLIC_KEY )
 					    ->pkt->pkt.public_key, &drec );
    if( rc )
 	return rc;
    rc = do_update_trust_record( keyblock, &drec, recheck, modified );
    return rc;
 }
 /****************
 * Same as update_trust_record, but tghis functions expects the dir record.
 * On exit the dirrecord will reflect any changes made.
 */
 static int
 do_update_trust_record( KBNODE keyblock, TRUSTREC *drec,
 			int recheck, int *modified )
 {
    PKT_public_key *primary_pk;
-    KBNODE node;
+    TRUSTREC krec, urec, prec, helprec;
-    TRUSTREC drec, krec, urec, prec, helprec;
+    int i, rc = 0;
    int rc = 0;
    u32 keyid[2]; /* keyid of primary key */
 /*    int mod_up = 0;
    int mod_down = 0; */
    ulong recno, r2;
    u32 expire;
-    if( opt.dry_run )
+    primary_pk = find_kbnode( keyblock, PKT_PUBLIC_KEY )->pkt->pkt.public_key;
 	return 0;
    init_trustdb();
    if( modified )
 	*modified = 0;
    node = find_kbnode( keyblock, PKT_PUBLIC_KEY );
    primary_pk = node->pkt->pkt.public_key;
    rc = get_dir_record( primary_pk, &drec );
    if( rc )
 	return rc;
    if( !primary_pk->local_id )
-	primary_pk->local_id = drec.recnum;
+	primary_pk->local_id = drec->recnum;
    keyid_from_pk( primary_pk, keyid );
    if( DBG_TRUST )
-	log_debug("update_trust_record: %08lX.%lu\n", (ulong)keyid[1], drec.recnum );
+	log_debug("do_update_trust_record: %08lX.%lu\n",
 					(ulong)keyid[1], drec->recnum );
    rc = tdbio_begin_transaction();
    if( rc )
 	return rc;
    /* delete the old stuff */
-    for( recno=drec.r.dir.keylist; recno; recno = krec.r.key.next ) {
+    for( recno=drec->r.dir.keylist; recno; recno = krec.r.key.next ) {
 	read_record( recno, &krec, RECTYPE_KEY );
 	delete_record( recno );
    }
-    drec.r.dir.keylist = 0;
+    drec->r.dir.keylist = 0;
-    for( recno=drec.r.dir.uidlist; recno; recno = urec.r.uid.next ) {
+    for( recno=drec->r.dir.uidlist; recno; recno = urec.r.uid.next ) {
 	read_record( recno, &urec, RECTYPE_UID );
 	for(r2=urec.r.uid.prefrec ; r2; r2 = prec.r.pref.next ) {
 	    read_record( r2, &prec, RECTYPE_PREF );
@ -1503,15 +1440,17 @@ update_trust_record( KBNODE keyblock, int recheck, int *modified )
 	}
 	delete_record( recno );
    }
-    drec.r.dir.uidlist = 0;
+    drec->r.dir.uidlist = 0;
    /* insert new stuff */
-    drec.r.dir.dirflags &= ~DIRF_REVOKED;
+    drec->r.dir.dirflags &= ~DIRF_REVOKED;
-    drec.r.dir.keylist = make_key_records( keyblock, drec.recnum, keyid );
+    drec->r.dir.keylist = make_key_records( keyblock, drec->recnum, keyid, &i );
    if( i ) /* primary key has been revoked */
 	drec->r.dir.dirflags &= DIRF_REVOKED;
    expire = 0;
-    drec.r.dir.uidlist = make_uid_records( keyblock, drec.recnum, keyid,
+    drec->r.dir.uidlist = make_uid_records( keyblock, drec->recnum, keyid,
-								 &expire );
+								  &expire );
    #if 0
 	if( orig_uidflags != urec.r.uid.uidflags ) {
 	    write_record( &urec );
@ -1522,18 +1461,15 @@ update_trust_record( KBNODE keyblock, int recheck, int *modified )
 		*mod_up=1; /*(maybe a new user id)*/
    #endif
    /* FIXME: if the primary key has been revoked, we should
       set the revoked flag in the dir records */
    if( rc )
 	rc = tdbio_cancel_transaction();
    else {
 	if( modified && tdbio_is_dirty() )
 	    *modified = 1;
-	drec.r.dir.dirflags |= DIRF_CHECKED;
+	drec->r.dir.dirflags |= DIRF_CHECKED;
-	drec.r.dir.valcheck = 0;
+	drec->r.dir.valcheck = 0;
-	drec.r.dir.checkat = expire;
+	drec->r.dir.checkat = expire;
-	write_record( &drec );
+	write_record( drec );
 	/*tdbio_write_modify_stamp( mod_up, mod_down );*/
 	rc = tdbio_end_transaction();
    }
@ -1603,7 +1539,7 @@ insert_trust_record( KBNODE keyblock )
    tdbio_write_modify_stamp( 1, 0 );
    /* and put all the other stuff into the keydb */
-    rc = update_trust_record( keyblock, 1, NULL );
+    rc = do_update_trust_record( keyblock, &dirrec, 1, NULL );
    do_sync();
    return rc;
@ -1639,9 +1575,35 @@ insert_trust_record_by_pk( PKT_public_key *pk )
 }
 /****************
 * Check one trust record.  This function is called for every
 * directory record which is to be checked.  The supplied
 * dir record is modified according to the performed actions.
 * Currently we only do an update_trust_record.
 */
 static int
 check_trust_record( TRUSTREC *drec )
 {
    KBNODE keyblock;
    int modified, rc;
    rc = get_keyblock_bylid( &keyblock, drec->recnum );
    if( rc ) {
 	log_debug( "check_trust_record %lu: keyblock not found: %s\n",
 					      drec->recnum, g10_errstr(rc) );
 	return rc;
    }
    rc = do_update_trust_record( keyblock, drec, 0, &modified );
    release_kbnode( keyblock );
    return rc;
 }
 /****************
 * Walk over the keyrings and create trustdb records for all keys
 * which are not currently in the trustdb.
 * It is intended to be used after a fast-import operation.
 */
 void
@ -1657,16 +1619,17 @@ update_trustdb()
    init_trustdb();
    rc = enum_keyblocks( 0, &kbpos, &keyblock );
    if( !rc ) {
-	ulong count=0, upd_count=0, err_count=0, new_count=0;
+	ulong count=0, err_count=0, new_count=0;
 	while( !(rc = enum_keyblocks( 1, &kbpos, &keyblock )) ) {
 	    int modified;
 	    TRUSTREC drec;
 	    PKT_public_key *pk = find_kbnode( keyblock, PKT_PUBLIC_KEY )
 					->pkt->pkt.public_key;
-	    rc = update_trust_record( keyblock, 1, &modified );
+	    rc = get_dir_record( pk, &drec );
-	    if( rc == -1 ) { /* not yet in trustdb: insert */
+	    if( rc == -1 ) { /* not in trustdb: insert */
 		PKT_public_key *pk;
 		rc = insert_trust_record( keyblock );
 		pk = keyblock->pkt->pkt.public_key;
 		if( rc && !pk->local_id ) {
 		    log_error(_("lid ?: insert failed: %s\n"),
 						     g10_errstr(rc) );
@ -1684,18 +1647,9 @@ update_trustdb()
 		}
 	    }
 	    else if( rc ) {
-		log_error(_("lid %lu: update failed: %s\n"),
+		log_error(_("error reading dir record: %s\n"), g10_errstr(rc));
 			 lid_from_keyblock(keyblock), g10_errstr(rc) );
 		err_count++;
 	    }
 	    else if( modified ) {
 		if( opt.verbose )
 		    log_info(_("lid %lu: updated\n"),
 					lid_from_keyblock(keyblock));
 		upd_count++;
 	    }
 	    else if( opt.verbose > 1 )
 		log_info(_("lid %lu: okay\n"), lid_from_keyblock(keyblock) );
 	    release_kbnode( keyblock ); keyblock = NULL;
 	    if( !(++count % 100) )
@ -1704,8 +1658,6 @@ update_trustdb()
 	log_info(_("%lu keys processed\n"), count);
 	if( err_count )
 	    log_info(_("\t%lu keys with errors\n"), err_count);
 	if( upd_count )
 	    log_info(_("\t%lu keys updated\n"), upd_count);
 	if( new_count )
 	    log_info(_("\t%lu keys inserted\n"), new_count);
    }
@ -1753,6 +1705,8 @@ check_trustdb( const char *username )
 	    continue;
 	}
 	check_trust_record( &rec );
    }
    log_info(_("%lu keys processed\n"), count);
@ -1780,7 +1734,7 @@ check_trustdb( const char *username )
 * certchain_set must be a valid set or point to NULL; this function
 * may modifiy it.
 *
- * Fixme: add a fastscan mode which stops ad valid validity nodes.
+ * Hmmm: add a fastscan mode which stops at valid validity nodes.
 */
 static TN
 build_cert_tree( ulong lid, int depth, int max_depth, TN helproot )
@ -1814,6 +1768,10 @@ build_cert_tree( ulong lid, int depth, int max_depth, TN helproot )
 	m_free(keynode);
 	return NULL;
    }
    if( dirrec.r.dir.checkat && dirrec.r.dir.checkat <= make_timestamp() )
 	check_trust_record( &dirrec );
    keynode->n.k.ownertrust = dirrec.r.dir.ownertrust & TRUST_MASK;
    /* loop over all user ids */
@ -1873,14 +1831,12 @@ build_cert_tree( ulong lid, int depth, int max_depth, TN helproot )
 		tn->back = uidnode;
 		tn->next = uidnode->list;
 		uidnode->list = tn;
 	      #if 0 /* optimazation - fixme: reenable this later */
 		if( tn->n.k.buckstop ) {
 		    /* ultimately trusted key found:
 		     * no need to check more signatures of this uid */
 		    sigrec.r.sig.next = 0;
 		    break;
 		}
 	      #endif
 	    }
 	} /* end loop over sig recs */
    } /* end loop over user ids */
@ -1965,10 +1921,10 @@ propagate_validity( TN root, TN node, int (*add_fnc)(ulong), unsigned *retflgs )
    }
    /* loop over all user ids */
-    for( ur=node->list; ur; ur = ur->next ) {
+    for( ur=node->list; ur && max_validity < TRUST_FULLY; ur = ur->next ) {
 	assert( ur->is_uid );
 	/* loop over all signators */
-	for(kr=ur->list; kr; kr = kr->next ) {
+	for(kr=ur->list; kr && max_validity < TRUST_FULLY; kr = kr->next ) {
 	    if( propagate_validity( root, kr, add_fnc, retflgs ) )
 		return -1; /* quit */
 	    if( kr->n.k.validity == TRUST_ULTIMATE ) {
@ -2007,18 +1963,16 @@ propagate_validity( TN root, TN node, int (*add_fnc)(ulong), unsigned *retflgs )
 		else if( kr->n.k.ownertrust == TRUST_MARGINAL )
 		    ur->n.u.marginal_count++;
 	    }
 	}
 	/* fixme: We can move this test into the loop to stop as soon as
 	 * we have a level of FULLY and return from this function
 	 * We dont do this now to get better debug output */
 	if( ur->n.u.fully_count >= opt.completes_needed
 	    || ur->n.u.marginal_count >= opt.marginals_needed )
 	    ur->n.u.validity = TRUST_FULLY;
 	else if( ur->n.u.fully_count || ur->n.u.marginal_count )
 	    ur->n.u.validity = TRUST_MARGINAL;
-	if( ur->n.u.validity >= max_validity )
+	    if( ur->n.u.fully_count >= opt.completes_needed
-	    max_validity = ur->n.u.validity;
+		|| ur->n.u.marginal_count >= opt.marginals_needed )
 		ur->n.u.validity = TRUST_FULLY;
 	    else if( ur->n.u.fully_count || ur->n.u.marginal_count )
 		ur->n.u.validity = TRUST_MARGINAL;
 	    if( ur->n.u.validity >= max_validity )
 		max_validity = ur->n.u.validity;
 	}
    }
    node->n.k.validity = max_validity;
@ -2112,7 +2066,7 @@ do_check( TRUSTREC *dr, unsigned *validity,
    if( (dr->r.dir.ownertrust & TRUST_FLAG_DISABLED) )
 	*validity = 0; /* no need to check further */
    else if( namehash ) {
-	/* Fixme: use the cache */
+	/* Fixme: use a cache */
 	*validity = verify_key( opt.max_cert_depth, dr, namehash,
 							add_fnc, retflgs );
    }
@ -2283,6 +2237,8 @@ check_trust( PKT_public_key *pk, unsigned *r_trustlevel,
 					  (ulong)keyid[1], pk->local_id );
 	return G10ERR_TIME_CONFLICT;
    }
    if( rec.r.dir.checkat && rec.r.dir.checkat <= cur_time )
 	check_trust_record( &rec );
    if( pk->expiredate && pk->expiredate <= cur_time ) {
 	log_info(_("key %08lX.%lu: expired at %s\n"),
--- a/include/mpi.h
+++ b/include/mpi.h
@ -110,11 +110,14 @@ int mpi_write( IOBUF out, MPI a );
 MPI mpi_read_from_buffer(byte *buffer, unsigned *ret_nread, int secure);
 int mpi_fromstr(MPI val, const char *str);
 int mpi_print( FILE *fp, MPI a, int mode );
 void g10_log_mpidump( const char *text, MPI a );
 u32 mpi_get_keyid( MPI a, u32 *keyid );
 byte *mpi_get_buffer( MPI a, unsigned *nbytes, int *sign );
 byte *mpi_get_secure_buffer( MPI a, unsigned *nbytes, int *sign );
 void  mpi_set_buffer( MPI a, const byte *buffer, unsigned nbytes, int sign );
 #define log_mpidump g10_log_mpidump
 /*-- mpi-add.c --*/
 void mpi_add_ui(MPI w, MPI u, ulong v );
 void mpi_add(MPI w, MPI u, MPI v);
--- a/include/util.h
+++ b/include/util.h
@ -60,12 +60,12 @@ typedef struct {
 /*-- logger.c --*/
 void log_set_logfile( const char *name, int fd );
 FILE *log_stream(void);
 void g10_log_print_prefix(const char *text);
 void log_set_name( const char *name );
 const char *log_get_name(void);
 void log_set_pid( int pid );
 int  log_get_errorcount( int clear );
 void g10_log_hexdump( const char *text, const char *buf, size_t len );
 void g10_log_mpidump( const char *text, MPI a );
 #if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 5 )
  void g10_log_bug( const char *fmt, ... )
@ -100,7 +100,6 @@ void g10_log_mpidump( const char *text, MPI a );
 #endif
 #define log_hexdump g10_log_hexdump
 #define log_mpidump g10_log_mpidump
 #define log_bug     g10_log_bug
 #define log_bug0    g10_log_bug0
 #define log_fatal   g10_log_fatal
@ -148,6 +147,7 @@ const char *print_fname_stdout( const char *s );
 /*-- miscutil.c --*/
 u32 make_timestamp(void);
 u32 scan_isodatestr( const char *string );
 u32 add_days_to_timestamp( u32 stamp, u16 days );
 const char *strtimevalue( u32 stamp );
 const char *strtimestamp( u32 stamp ); /* GMT */
--- a/mpi/ChangeLog
+++ b/mpi/ChangeLog
@ -1,3 +1,10 @@
 Wed Jul  7 13:08:40 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 	* mpicoder.c (g10_log_mpidump): New.
 	* Makefile.am: Support for libtool.
 Fri Jul  2 11:45:54 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
--- a/mpi/Makefile.am
+++ b/mpi/Makefile.am
@ -10,11 +10,11 @@ DISTCLEANFILES = mpih-add1.S mpih-mul1.S mpih-mul2.S mpih-mul3.S  \
 CLEANFILES = tmp-*.s
-noinst_LIBRARIES = libmpi.a
+noinst_LTLIBRARIES = libmpi.la
 # noinst_HEADERS   =
-libmpi_a_SOURCES = longlong.h	  \
+libmpi_la_LDFLAGS =
 libmpi_la_SOURCES = longlong.h	   \
 	      mpi-add.c      \
 	      mpi-bit.c      \
 	      mpi-cmp.c      \
@ -37,16 +37,16 @@ libmpi_a_SOURCES = longlong.h	  \
 # Note this objects are actually links, the sourcefiles are
 # distributed by special code in dist-hook
-common_asm_objects = mpih-mul1.o    \
+common_asm_objects = mpih-mul1.lo    \
-		     mpih-mul2.o    \
+		     mpih-mul2.lo    \
-		     mpih-mul3.o    \
+		     mpih-mul3.lo    \
-		     mpih-add1.o    \
+		     mpih-add1.lo    \
-		     mpih-sub1.o    \
+		     mpih-sub1.lo    \
-		     mpih-lshift.o  \
+		     mpih-lshift.lo  \
-		     mpih-rshift.o
+		     mpih-rshift.lo
-libmpi_a_DEPENDENCIES = $(common_asm_objects) @MPI_EXTRA_ASM_OBJS@
+libmpi_la_DEPENDENCIES = $(common_asm_objects) @MPI_EXTRA_ASM_OBJS@
-libmpi_a_LIBADD = $(common_asm_objects) @MPI_EXTRA_ASM_OBJS@
+libmpi_la_LIBADD = $(common_asm_objects) @MPI_EXTRA_ASM_OBJS@
 SUFFIXES = .S
@ -56,3 +56,12 @@ SUFFIXES = .S
 	mv tmp-$*.o $@
 	rm -f tmp-$*.s
 .S.lo:
 	$(CPP) $(INCLUDES) $(DEFS) $< | grep -v '^#' >tmp-$*.s
 	if test -f tmp-$*.lo; then rm tmp-$*.lo; fi
 	if test -f tmp-$*.o ; then rm tmp-$*.o ; fi
 	$(LIBTOOL) --mode=compile $(CC) $(CFLAGS) $(SFLAGS) -c tmp-$*.s
 	if test -f tmp-$*.lo; then mv tmp-$*.lo $*.lo; fi
 	if test -f tmp-$*.o ; then mv tmp-$*.o	$*.o ; fi
 	rm -f tmp-$*.s
--- a/mpi/mpicoder.c
+++ b/mpi/mpicoder.c
@ -286,6 +286,16 @@ mpi_print( FILE *fp, MPI a, int mode )
 }
 void
 g10_log_mpidump( const char *text, MPI a )
 {
    FILE *fp = log_stream();
    g10_log_print_prefix(text);
    mpi_print(fp, a, 1 );
    fputc('\n', fp);
 }
 /****************
 * Special function to get the low 8 bytes from an mpi.
 * This can be used as a keyid; KEYID is an 2 element array.
--- a/po/de.po
+++ b/po/de.po
--- a/po/es_ES.po
+++ b/po/es_ES.po
--- a/po/fr.po
+++ b/po/fr.po
--- a/po/it.po
+++ b/po/it.po
--- a/po/pl.po
+++ b/po/pl.po
--- a/po/pt_BR.po
+++ b/po/pt_BR.po
--- a/po/ru.po
+++ b/po/ru.po
--- a/scripts/autogen.sh
+++ b/scripts/autogen.sh
@ -7,7 +7,7 @@ DIE=no
 autoconf_vers=2.13
 automake_vers=1.4
 aclocal_vers=1.4
-libtool_vers=1.2
+libtool_vers=1.3
 if (autoconf --version) < /dev/null > /dev/null 2>&1 ; then
    if (autoconf --version | awk 'NR==1 { if( $3 >= '$autoconf_vers') \
--- a/scripts/distfiles
+++ b/scripts/distfiles
@ -7,4 +7,6 @@ missing
 gnupg.spec.in
 autogen.sh
 ChangeLog
 ltconfig
 ltmain.sh
--- a/tools/ChangeLog
+++ b/tools/ChangeLog
@ -1,3 +1,8 @@
 Wed Jul  7 13:08:40 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 	* Makefile.am: Support for libtool.
 Tue Jun  8 13:36:25 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 	* mpicalc.c (main): hex digits may now be lowercase
--- a/tools/Makefile.am
+++ b/tools/Makefile.am
@ -1,8 +1,8 @@
 ## Process this file with automake to produce Makefile.in
 INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl
-needed_libs = ../cipher/libcipher.a  ../util/libutil.a \
+needed_libs = ../cipher/libcipher.la  \
-	      ../mpi/libmpi.a ../util/libutil.a @INTLLIBS@
+	      ../mpi/libmpi.la ../util/libutil.la @INTLLIBS@
 noinst_PROGRAMS = mpicalc bftest clean-sat mk-tdata shmtest
--- a/util/ChangeLog
+++ b/util/ChangeLog
@ -1,3 +1,15 @@
 Wed Jul  7 13:08:40 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
 	* memory.c (membug): Use if either M_DEBUG or M_GUARD is used.
 	* miscutil.c (scan_isodatestr): New.
 	* logger.c (g10_log_mpidump): Moved to ../mpi/mpicoder.c
 	(g10_log_print_prefix): Renamed from print_prefix and made global.
 	* Makefile.am: Support for libtool.
 Thu Jul  1 12:47:31 CEST 1999  Werner Koch  <wk@isil.d.shuttle.de>
--- a/util/Makefile.am
+++ b/util/Makefile.am
@ -2,12 +2,13 @@
 INCLUDES = -I$(top_srcdir)/include -I$(top_srcdir)/intl
-noinst_LIBRARIES = libutil.a
+noinst_LTLIBRARIES = libutil.la
-libutil_a_SOURCES = g10u.c logger.c fileutil.c miscutil.c strgutil.c  \
+libutil_la_LDFLAGS =
-		    ttyio.c  argparse.c memory.c secmem.c errors.c iobuf.c \
+libutil_la_SOURCES = g10u.c logger.c fileutil.c miscutil.c strgutil.c  \
-		    dotlock.c http.c
+		     ttyio.c  argparse.c memory.c secmem.c errors.c iobuf.c \
 		     dotlock.c http.c
 http-test:  http.c
--- a/util/logger.c
+++ b/util/logger.c
@ -102,8 +102,8 @@ log_get_errorcount( int clear)
 }
-static void
+void
-print_prefix(const char *text)
+g10_log_print_prefix(const char *text)
 {
    if( !logfp )
 	logfp = stderr;
@ -129,7 +129,7 @@ g10_log_info( const char *fmt, ... )
 {
    va_list arg_ptr ;
-    print_prefix("");
+    g10_log_print_prefix("");
    va_start( arg_ptr, fmt ) ;
    vfprintf(logfp,fmt,arg_ptr) ;
    va_end(arg_ptr);
@ -151,7 +151,7 @@ g10_log_error( const char *fmt, ... )
 {
    va_list arg_ptr ;
-    print_prefix("");
+    g10_log_print_prefix("");
    va_start( arg_ptr, fmt ) ;
    vfprintf(logfp,fmt,arg_ptr) ;
    va_end(arg_ptr);
@ -175,7 +175,7 @@ g10_log_fatal( const char *fmt, ... )
 {
    va_list arg_ptr ;
-    print_prefix("fatal: ");
+    g10_log_print_prefix("fatal: ");
    va_start( arg_ptr, fmt ) ;
    vfprintf(logfp,fmt,arg_ptr) ;
    va_end(arg_ptr);
@ -202,7 +202,7 @@ g10_log_bug( const char *fmt, ... )
    va_list arg_ptr ;
    putc('\n', stderr );
-    print_prefix("Ohhhh jeeee: ");
+    g10_log_print_prefix("Ohhhh jeeee: ");
    va_start( arg_ptr, fmt ) ;
    vfprintf(stderr,fmt,arg_ptr) ;
    va_end(arg_ptr);
@ -230,7 +230,7 @@ g10_log_debug( const char *fmt, ... )
 {
    va_list arg_ptr ;
-    print_prefix("DBG: ");
+    g10_log_print_prefix("DBG: ");
    va_start( arg_ptr, fmt ) ;
    vfprintf(logfp,fmt,arg_ptr) ;
    va_end(arg_ptr);
@ -254,18 +254,11 @@ g10_log_hexdump( const char *text, const char *buf, size_t len )
 {
    int i;
-    print_prefix(text);
+    g10_log_print_prefix(text);
    for(i=0; i < len; i++ )
 	fprintf(logfp, " %02X", ((const byte*)buf)[i] );
    fputc('\n', logfp);
 }
 void
 g10_log_mpidump( const char *text, MPI a )
 {
    print_prefix(text);
    mpi_print(logfp, a, 1 );
    fputc('\n', logfp);
 }
--- a/util/memory.c
+++ b/util/memory.c
@ -48,9 +48,11 @@
  #define EXTRA_ALIGN 0
 #endif
 #if defined(M_DEBUG) || defined(M_GUARD)
  static void membug( const char *fmt, ... );
 #endif
 #ifdef M_DEBUG
  static void membug( const char *fmt, ... );
  #ifndef M_GUARD
    #define M_GUARD 1
@ -319,7 +321,9 @@ check_allmem( const char *info )
 	    check_mem(e->user_p-4-EXTRA_ALIGN, info);
 }
 #endif /* M_DEBUG */
 #if defined(M_DEBUG) || defined(M_GUARD)
 static void
 membug( const char *fmt, ... )
 {
@ -336,8 +340,7 @@ membug( const char *fmt, ... )
  #endif
    abort();
 }
-
+#endif
 #endif /* M_DEBUG */
 void
 m_print_stats( const char *prefix )
--- a/util/miscutil.c
+++ b/util/miscutil.c
@ -19,6 +19,7 @@
 */
 #include <config.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
 #include <time.h>
@ -30,12 +31,55 @@
 #include "util.h"
 #include "i18n.h"
 /****************
 * I know that the OpenPGP protocol has a Y2106 problem ;-)
 */
 u32
 make_timestamp()
 {
    return time(NULL);
 }
 /****************
 * Scan a date string and return a timestamp.
 * The only supported format is "yyyy-mm-dd"
 * Returns 0 for an invalid date.
 */
 u32
 scan_isodatestr( const char *string )
 {
    int year, month, day;
    struct tm tmbuf;
    time_t stamp;
    int i;
    if( strlen(string) != 10 || string[4] != '-' || string[7] != '-' )
 	return 0;
    for( i=0; i < 4; i++ )
 	if( !isdigit(string[i]) )
 	    return 0;
    if( !isdigit(string[5]) || !isdigit(string[6]) )
 	return 0;
    if( !isdigit(string[8]) || !isdigit(string[9]) )
 	return 0;
    year = atoi(string);
    month = atoi(string+5);
    day = atoi(string+8);
    /* some basic checks */
    if( year < 1970 || month < 1 || month > 12 || day < 1 || day > 31 )
 	return 0;
    memset( &tmbuf, 0, sizeof tmbuf );
    tmbuf.tm_mday = day;
    tmbuf.tm_mon = month-1;
    tmbuf.tm_year = year - 1900;
    tmbuf.tm_isdst = -1;
    stamp = mktime( &tmbuf );
    if( stamp == (time_t)-1 )
 	return 0;
    return stamp;
 }
 u32
 add_days_to_timestamp( u32 stamp, u16 days )
 {