* build-packet.c (build_sig_subpkt): Comments.

* exec.c (exec_write): Cast NULL to void* to properly terminate varargs
list.

* keyedit.c (show_key_with_all_names): Just for safety, catch an invalid
pk algorithm.

* sign.c (make_keysig_packet): Crucial that the call to mksubpkt comes
LAST before the calls to finalize the sig as that makes it possible for
the mksubpkt function to get a reliable pointer to the subpacket area.

g10/ChangeLog

@@ -1,3 +1,18 @@
+2003-04-28  David Shaw  <dshaw@jabberwocky.com>
+
+	* build-packet.c (build_sig_subpkt): Comments.
+
+	* exec.c (exec_write): Cast NULL to void* to properly terminate
+	varargs list.
+
+	* keyedit.c (show_key_with_all_names): Just for safety, catch an
+	invalid pk algorithm.
+
+	* sign.c (make_keysig_packet): Crucial that the call to mksubpkt
+	comes LAST before the calls to finalize the sig as that makes it
+	possible for the mksubpkt function to get a reliable pointer to
+	the subpacket area.
+
 2003-04-27  David Shaw  <dshaw@jabberwocky.com>
 
 	* mainproc.c (check_sig_and_print): Show sig class when verifying

g10/build-packet.c

@@ -785,6 +785,10 @@ build_sig_subpkt (PKT_signature *sig, sigsubpkttype_t type,
       case SIGSUBPKT_PRIV_VERIFY_CACHE: /*(obsolete)*/
 	BUG();
 	break;
+	/* The issuer being unhashed is a historical oddity.  It
+	   should work equally as well hashed.  Of course, if even an
+	   unhashed issuer is tampered with, it makes it awfully hard
+	   to verify the sig... */
       case SIGSUBPKT_ISSUER:
         hashed = 0;
         break;
@@ -1184,4 +1188,3 @@ write_version( IOBUF out, int ctb )
 	return -1;
     return 0;
 }
-

g10/exec.c

@@ -417,14 +417,14 @@ int exec_write(struct exec_info **info,const char *program,
 	      if(DBG_EXTPROG)
 		log_debug("execlp: %s\n",program);
 
-	      execlp(program,program,NULL);
+	      execlp(program,program,(void *)NULL);
 	    }
 	  else
 	    {
 	      if(DBG_EXTPROG)
 		log_debug("execlp: %s -c %s\n",shell,(*info)->command);
 
-	      execlp(shell,shell,"-c",(*info)->command,NULL);
+	      execlp(shell,shell,"-c",(*info)->command,(void *)NULL);
 	    }
 
 	  /* If we get this far the exec failed.  Clean up and return. */
@@ -617,4 +617,3 @@ int exec_finish(struct exec_info *info)
   return ret;
 }
 #endif /* ! NO_EXEC */
-

g10/keyedit.c

@@ -1833,13 +1833,15 @@ show_key_with_all_names( KBNODE keyblock, int only_marked, int with_revoker,
                     for(i=0;i<pk->numrevkeys;i++) {
                         u32 r_keyid[2];
                         char *user;
+			const char *algo=
+			  pubkey_algo_to_string(pk->revkey[i].algid);
 
                         keyid_from_fingerprint(pk->revkey[i].fpr,
                                                MAX_FINGERPRINT_LEN,r_keyid);
                         
                         user=get_user_id_string (r_keyid);
                         tty_printf (_("This key may be revoked by %s key "),
-                                 pubkey_algo_to_string (pk->revkey[i].algid));
+				    algo?algo:"?");
                         tty_print_utf8_string (user, strlen (user));
                         if ((pk->revkey[i].class&0x40))
                           tty_printf (_(" (sensitive)"));

g10/sign.c

@@ -1238,12 +1238,15 @@ make_keysig_packet( PKT_signature **ret_sig, PKT_public_key *pk,
     sig->sig_class = sigclass;
     if( sig->version >= 4 )
 	build_sig_subpkt_from_sig( sig );
+    mk_notation_and_policy( sig, pk, sk );
 
+    /* Crucial that the call to mksubpkt comes LAST before the calls
+       to finalize the sig as that makes it possible for the mksubpkt
+       function to get a reliable pointer to the subpacket area. */
     if( sig->version >= 4 && mksubpkt )
 	rc = (*mksubpkt)( sig, opaque );
 
     if( !rc ) {
-	mk_notation_and_policy( sig, pk, sk );
         hash_sigversion_to_magic (md, sig);
 	md_final(md);