* keyserver.c (keyserver_search_prompt): Flush stdout before

issuing the prompt.  Requested by Todd Vierling.

* samplekeys.asc: Refreshed the keys.

AUTHORS

@@ -25,7 +25,7 @@ Ga
 
 Gregory Steuck <steuck@iname.com> Translations [ru]
 
-Nagy Ferenc László <nfl@nfllab.com> *** [hu]
+Nagy Ferenc László <nfl@nfllab.com> Translations [hu]
 
 Ivo Timmermans <itimmermans@bigfoot.com> Translations [nl]
 

THANKS

@@ -194,6 +194,7 @@ Thijmen Klok               thijmen@xs4all.nl
 Thomas Roessler 	   roessler@guug.de
 Tim Mooney		   mooney@dogbert.cc.ndsu.nodak.edu
 Timo Schulz                towaday@freakmail.de
+Todd Vierling              tv@pobox.com
 TOGAWA Satoshi             Satoshi.Togawa@jp.yokogawa.com
 Tom Spindler		   dogcow@home.merit.edu
 Tom Zerucha		   tzeruch@ceddec.com

doc/ChangeLog

@@ -1,3 +1,22 @@
+2003-08-21  Werner Koch  <wk@gnupg.org>
+
+	* samplekeys.asc: Refreshed the keys.
+
+2003-07-31  David D. Scribner  <dscribner@bigfoot.com>
+
+	* faq.raw: Corrected 3.2 URL per Cri.
+        Updated 4.20 per Cri - reworded text to lessen confusion between keys
+	and signatures.
+        Corrected 4.4 per Noel ("-r argument" should be "-r option")
+        Corrected spelling in 4.6 per Noel ("shoud" should be "should")
+        Updated 4.13 per Noel - reworded text to bring up-to-date.
+        Corrected 4.15 URL per Cri and removed a link.
+        Created FAQ entry (6.21) re: Key Validity bug in gnupg versions
+        prior to 1.2.1
+        Created FAQ entry (6.22) re: compiling source on RPM-based systems
+        that already have GnuPG binaries installed in /usr/bin.
+	Applied by Werner Koch.
+
 2003-07-27  David Shaw  <dshaw@jabberwocky.com>
 
 	* DETAILS: Document "tru" trust record.  Document REVKEYSIG status

doc/credits-1.2

@@ -0,0 +1,72 @@
+The GNU Privacy Guard has been created by the GnuPG team: David Shaw,
+Matthew Skala, Michael Roth, Niklas Hernaeus, Nils Ellmenreich, Rémi
+Guyomarch, Stefan Bellon, Timo Schulz and Werner Koch.  Birger
+Langkjer, Daniel Resare, Dokianakis Theofanis, Edmund GRIMLEY EVANS,
+Gaël Quéri, Gregory Steuck, Nagy Ferenc László, Ivo Timmermans, Jacobo
+Tarri'o Barreiro, Janusz Aleksander Urbanowicz, Jedi Lin, Jouni
+Hiltunen, Laurentiu Buzdugan, Magda Procha'zkova', Michael Anckaert,
+Michal Majer, Marco d'Itri, Nilgun Belma Buguner, Pedro Morais, Tedi
+Heriyanto, Thiago Jung Bauermann, Rafael Caetano dos Santos, Toomas
+Soome, Urko Lusa, Walter Koch, Yosiaki IIDA did the official
+translations. Mike Ashley wrote and maintains the GNU Privacy
+Handbook. David Scribner is the current FAQ editor.  Lorenzo
+Cappelletti maintains the web site.
+
+The following people helped greatly by suggesting improvements,
+testing, fixing bugs, providing resources and doing other important
+tasks: Adam Mitchell, Albert Chin, Alec Habig, Allan Clark, Anand
+Kumria, Andreas Haumer, Anthony Mulcahy, Ariel T Glenn, Bob Mathews,
+Bodo Moeller, Brendan O'Dea, Brenno de Winter, Brian M. Carlson, Brian
+Moore, Brian Warner, Bryan Fullerton, Caskey L. Dickson, Cees van de
+Griend, Charles Levert, Chip Salzenberg, Chris Adams, Christian Biere,
+Christian Kurz, Christian von Roques, Christopher Oliver, Christian
+Recktenwald, Dan Winship, Daniel Eisenbud, Daniel Koening, Dave
+Dykstra, David C Niemi, David Champion, David Ellement, David
+Hallinan, David Hollenberg, David Mathog, David R. Bergstein, Detlef
+Lannert, Dimitri, Dirk Lattermann, Dirk Meyer, Disastry, Douglas
+Calvert, Ed Boraas, Edmund GRIMLEY EVANS, Edwin Woudt, Enzo
+Michelangeli, Ernst Molitor, Fabio Coatti, Felix von Leitner, fish
+stiqz, Florian Weimer, Francesco Potorti, Frank Donahoe, Frank
+Heckenbach, Frank Stajano, Frank Tobin, Gabriel Rosenkoetter, Gaël
+Quéri, Gene Carter, Geoff Keating, Georg Schwarz, Giampaolo Tomassoni,
+Gilbert Fernandes, Greg Louis, Greg Troxel, Gregory Steuck, Gregery
+Barton, Harald Denker, Holger Baust, Hendrik Buschkamp, Holger
+Schurig, Holger Smolinski, Holger Trapp, Hugh Daniel, Huy Le, Ian
+McKellar, Ivo Timmermans, Jan Krueger, Jan Niehusmann, Janusz
+A. Urbanowicz, James Troup, Jean-loup Gailly, Jeff Long, Jeffery Von
+Ronne, Jens Bachem, Jeroen C. van Gelderen, J Horacio MG, J. Michael
+Ashley, Jim Bauer, Jim Small, Joachim Backes, Joe Rhett, John
+A. Martin, Johnny Teveßen, Jörg Schilling, Jos Backus, Joseph Walton,
+Juan F. Codagnone, Jun Kuriyama, Kahil D. Jallad, Karl Fogel, Karsten
+Thygesen, Katsuhiro Kondou, Kazu Yamamoto, Keith Clayton, Kevin Ryde,
+Klaus Singvogel, Kurt Garloff, Lars Kellogg-Stedman, L. Sassaman, M
+Taylor, Marcel Waldvogel, Marco d'Itri, Marco Parrone, Marcus
+Brinkmann, Mark Adler, Mark Elbrecht, Mark Pettit, Markus Friedl,
+Martin Kahlert, Martin Hamilton, Martin Schulte, Matt Kraai, Matthew
+Skala, Matthew Wilcox, Matthias Urlichs, Max Valianskiy, Michael
+Engels, Michael Fischer v. Mollard, Michael Roth, Michael Sobolev,
+Michael Tokarev, Nicolas Graner, Mike McEwan, Neal H Walfield, Nelson
+H. F. Beebe, NIIBE Yutaka, Niklas Hernaeus, Nimrod Zimerman, N J Doye,
+Oliver Haakert, Oskari Jääskeläinen, Pascal Scheffers, Paul D. Smith,
+Per Cederqvist, Phil Blundell, Philippe Laliberte, Peter Fales, Peter
+Gutmann, Peter Marschall, Peter Valchev, Piotr Krukowiecki, QingLong,
+Ralph Gillen, Rat, Reinhard Wobst, Rémi Guyomarch, Reuben Sumner,
+Richard Outerbridge, Robert Joop, Roddy Strachan, Roger Sondermann,
+Roland Rosenfeld, Roman Pavlik, Ross Golder, Ryan Malayter, Sam
+Roberts, Sami Tolvanen, Sean MacLennan, Sebastian Klemke, Serge
+Munhoven, SL Baur, Stefan Bellon, Dr.Stefan.Dalibor, Stefan Karrmann,
+Stefan Keller, Steffen Ullrich, Steffen Zahn, Steven Bakker, Steven
+Murdoch, Susanne Schultz, Ted Cabeen, Thiago Jung Bauermann, Thijmen
+Klok, Thomas Roessler, Tim Mooney, Timo Schulz, Todd Vierling, TOGAWA
+Satoshi, Tom Spindler, Tom Zerucha, Tomas Fasth, Tommi Komulainen,
+Thomas Klausner, Tomasz Kozlowski, Thomas Mikkelsen, Ulf Möller, Urko
+Lusa, Vincent P. Broman, Volker Quetschke, W Lewis, Walter Hofmann,
+Walter Koch, Wayne Chapeskie, Wim Vandeputte, Winona Brown, Yosiaki
+IIDA, Yoshihiro Kajiki and Gerlinde Klaes.
+
+This software has been made possible by the previous work of Chris
+Wedgwood, Jean-loup Gailly, Jon Callas, Mark Adler, Martin Hellmann
+Paul Kendall, Philip R. Zimmermann, Peter Gutmann, Philip A. Nelson,
+Taher ElGamal, Torbjorn Granlund, Whitfield Diffie, some unknown NSA
+mathematicians and all the folks who have worked hard to create
+complete and free operating systems.

doc/faq.raw

@@ -9,15 +9,15 @@ The most recent version of the FAQ is available from
 [$maintainer=David D. Scribner, <faq 'at' gnupg.org>]
 [$hGPGHTTP=http://www.gnupg.org]
 [$hGPGFTP=ftp://ftp.gnupg.org]
-[$hVERSION=1.2.1]
+[$hVERSION=1.2.2]
 
 [H body bgcolor=#ffffff text=#000000 link=#1f00ff alink=#ff0000 vlink=#9900dd]
 [H h1]GnuPG Frequently Asked Questions[H /h1]
 
 
 [H p]
-Version: 1.6.2[H br]
-Last-Modified: Feb 25, 2003[H br]
+Version: 1.6.3[H br]
+Last-Modified: Jul 30, 2003[H br]
 Maintained-by: [$maintainer]
 [H /p]
 
@@ -173,7 +173,7 @@ you could search in the mailing list archive.
     [H /samp]
 
     In addition, there's also the kernel random device by Andi Maier
-    [H a href= http://www.cosy.sbg.ac.at/~andi/]<http://www.cosy.sbg.ac.at/~andi/>[H /a], but it's still beta. Use at your
+    [H a href= http://www.cosy.sbg.ac.at/~andi/SUNrand/]<http://www.cosy.sbg.ac.at/~andi/SUNrand/>[H /a], but it's still beta. Use at your
     own risk!
 
     On other systems, the Entropy Gathering Daemon (EGD) is a good choice.
@@ -298,7 +298,7 @@ you could search in the mailing list archive.
     otherwise gpg doesn't know which option the argument is supposed to
     paired with. As an option, --output and its filename must come before
     the command. The --recipient (-r) option takes a name or keyID to
-    encrypt the message to, which must come right after the -r argument.
+    encrypt the message to, which must come right after the -r option.
     The --encrypt (or -e) command comes after all the options and is
     followed by the file you wish to encrypt. Therefore in this example
     the command-line issued would be:
@@ -362,7 +362,7 @@ you could search in the mailing list archive.
 
     To select a key a search is always done on the public keyring,
     therefore it is not possible to select a secret key without
-    having the public key. Normally it shoud never happen that the
+    having the public key. Normally it should never happen that the
     public key got lost but the secret key is still available. The
     reality is different, so GnuPG implements a special way to deal
     with it: Simply use the long keyID to specify the key to delete,
@@ -427,17 +427,18 @@ you could search in the mailing list archive.
          awk '/^\[GNUPG:\] ENC_TO / { print $3 }'
     [H /samp]
 
-<Q> I can't decrypt my symmetrical-only (-c) encrypted messages with
-    a new version of GnuPG.
+<Q> Why can't I decrypt files encrypted as symmetrical-only (-c) with
+    a version of GnuPG prior to 1.0.1.
 
-    There was a bug in GnuPG versions prior to 1.0.1 which affected
-    messages only if 3DES or Twofish was used for symmetric-only
-    encryption (this has never been the default). The bug has been
-    fixed, but to enable decryption of old messages you should run gpg
-    with the option "--emulate-3des-s2k-bug", decrypt the message and
-    encrypt it again without this option. The option will be removed
-    in version 1.1 when released, so please re-encrypt any affected
-    messages now.
+    There was a bug in GnuPG versions prior to 1.0.1 which affected files
+    only if 3DES or Twofish was used for symmetric-only encryption (this has
+    never been the default). The bug has been fixed, but to enable decryption
+    of old files you should run gpg with the option "--emulate-3des-s2k-bug",
+    decrypt the file and encrypt it again without this option.
+
+    NOTE: This option was removed in GnuPG development version 1.1.0 and later
+    updates, so you will need to use a version between 1.0.1 and 1.0.7 to
+    re-encrypt any affected files.
 
 <Q> How can I use GnuPG in an automated environment?
 
@@ -540,8 +541,7 @@ you could search in the mailing list archive.
     [H /pre]
 
     Good overviews of OpenPGP-support can be found at:[H br]
-    [H a href=http://cryptorights.org/pgp-users/resources/pgp-mail-clients.html]<http://cryptorights.org/pgp-users/resources/pgp-mail-clients.html>[H /a],[H br]
-    [H a href=http://www.geocities.com/openpgp/courrier_en.html]<http://www.geocities.com/openpgp/courrier_en.html>[H /a], and[H br]
+    [H a href=http://www.openpgp.fr.st/courrier_en.html]<http://www.openpgp.fr.st/courrier_en.html>[H /a] and[H br]
     [H a href=http://www.bretschneidernet.de/tips/secmua.html]<http://www.bretschneidernet.de/tips/secmua.html>[H /a].
 
     Users of Win32 MUAs that lack OpenPGP support may look into
@@ -624,9 +624,9 @@ you could search in the mailing list archive.
        $ gpg --verify foobar.tar.gz.sig
     [H /samp]
 
-<Q> How do I export a keyring with only selected signatures?
+<Q> How do I export a keyring with only selected signatures (keys)?
 
-    If you're wanting to create a keyring with only a subset of signatures
+    If you're wanting to create a keyring with only a subset of keys
     selected from a master keyring (for a club, user group, or company
     department for example), simply specify the keys you want to export:
 
@@ -1072,6 +1072,46 @@ you could search in the mailing list archive.
     command, which was built into this release and increases the speed of
     many operations for existing keyrings.
 
+<Q> Doesn't a fully trusted user ID on a key prevent warning messages
+    when encrypting to other IDs on the key?
+
+    No. That was actually a key validity bug in GnuPG 1.2.1 and earlier
+    versions. As part of the development of GnuPG 1.2.2, a bug was
+    discovered in the key validation code.  This bug causes keys with
+    more than one user ID to give all user IDs on the key the amount of
+    validity given to the most-valid key. The bug has been fixed in GnuPG
+    release 1.2.2, and upgrading is the recommended fix for this problem.
+    More information and a patch for a some pre-1.2.2 versions of GnuPG
+    can be found at:
+
+    [H a href=http://lists.gnupg.org/pipermail/gnupg-announce/2003q2/000268.html]<http://lists.gnupg.org/pipermail/gnupg-announce/2003q2/000268.html>[H /a]
+
+<Q> I just compiled GnuPG from source on my GNU/Linux RPM-based system
+    and it's not working. Why?
+
+    Many GNU/Linux distributions that are RPM-based will install a
+    version of GnuPG as part of its standard installation, placing the
+    binaries in the /usr/bin directory. Later, compiling and installing
+    GnuPG from source other than from a source RPM won't normally
+    overwrite these files, as the default location for placement of
+    GnuPG binaries is in /usr/local/bin unless the '--prefix' switch
+    is used during compile to specify an alternate location. Since the
+    /usr/bin directory more than likely appears in your path before
+    /usr/local/bin, the older RPM-version binaries will continue to
+    be used when called since they were not replaced.
+
+    To resolve this, uninstall the RPM-based version with 'rpm -e gnupg'
+    before installing the binaries compiled from source. If dependency
+    errors are displayed when attempting to uninstall the RPM (such as
+    when Red Hat's up2date is also installed, which uses GnuPG), uninstall
+    the RPM with 'rpm -e gnupg --nodeps' to force the uninstall. Any
+    dependent files should be automatically replaced during the install
+    of the compiled version. If the default /usr/local/bin directory is
+    used, some packages such as SuSE's Yast Online Update may need to be
+    configured to look for GnuPG binaries in the /usr/local/bin directory,
+    or symlinks can be created in /usr/bin that point to the binaries
+    located in /usr/local/bin.
+
 
 <S> ADVANCED TOPICS
 
@@ -1299,4 +1339,4 @@ Copyright (C) 2000, 2001, 2002, 2003 Free Software Foundation, Inc.,
 59 Temple Place - Suite 330, Boston, MA 02111, USA
 
 Verbatim copying and distribution of this entire article is permitted in
-any medium, provided this notice is preserved.
+any medium, provided this notice is preserved.

doc/gpg.texi

@@ -101,8 +101,13 @@ decrypted. The syntax or the filenames is the same.
 
 @item ---list-keys @code{names}
 @itemx ---list-public-keys @code{names}
-List all keys from the public keyrings, or just the
-ones given on the command line.
+List all keys from the public keyrings, or just the ones given on the
+command line.
+
+Avoid using the output of this command in scripts or other programs as
+it is likely to change as GnuPG changes. See ---with-colons for a
+machine-parseable key listing command that is appropriate for use in
+scripts and other programs.
 
 @item ---list-secret-keys @code{names}
 List all keys from the secret keyrings, or just the ones given on the
@@ -113,6 +118,16 @@ is not usable (for example, if it was created via
 @item ---list-sigs @code{names}
 Same as ---list-keys, but the signatures are listed too.
 
+For each signature listed, there are several flags in between the
+"sig" tag and keyid. These flags give additional information about
+each signature. From left to right, they are the numbers 1-3 for
+certificate check level (see ---default-cert-check-level), "L" for a
+local or non-exportable signature (see ---lsign-key), "R" for a
+nonRevocable signature (see ---nrsign-key), "P" for a signature that
+contains a policy URL (see ---cert-policy-url), "N" for a signature
+that contains a notation (see ---cert-notation), and "X" for an eXpired
+signature (see ---ask-cert-expire).
+
 @item ---check-sigs @code{names}
 Same as ---list-sigs, but the signatures are verified.
 
@@ -764,7 +779,8 @@ and "%%" for an actual percent sign. If neither %i or %I are present,
 then the photo will be supplied to the viewer on standard input.
 
 The default viewer is "xloadimage -fork -quiet -title 'KeyID 0x%k'
-stdin"
+stdin". Note that if your image viewer program is not secure, then
+executing it from GnuPG does not make it secure.
 
 @item ---exec-path @code{string}
 Sets a list of directories to search for photo viewers and keyserver
@@ -924,12 +940,14 @@ sets a notation for key signatures (certifications). ---set-notation
 sets both.
 
 There are special codes that may be used in notation names. "%k" will
-be expanded into the key ID of the key being signed, "%K" for the long
-key ID of the key being signed, "%f" for the key fingerprint of the
-key being signed, "%s" for the key ID of the key making the signature,
-"%S" for the long key ID of the key making the signature, and "%%"
-results in a single "%". %k, %K, and %f are only meaningful when
-making a key signature (certification).
+be expanded into the key ID of the key being signed, "%K" into the
+long key ID of the key being signed, "%f" into the fingerprint of the
+key being signed, "%s" into the key ID of the key making the
+signature, "%S" into the long key ID of the key making the signature,
+"%g" into the fingerprint of the key making the signature (which might
+be a subkey), "%p" into the fingerprint of the primary key of the key
+making the signature, and "%%" results in a single "%". %k, %K, and
+%f are only meaningful when making a key signature (certification).
 
 @item ---show-notation
 @itemx ---no-show-notation
@@ -1308,8 +1326,12 @@ used to make the decryption faster if the signature
 verification is not needed.
 
 @item ---with-colons
-Print key listings delimited by colons. Note, that the output will be
-encoded in UTF-8 regardless of any ---charset setting.
+Print key listings delimited by colons. Note that the output will be
+encoded in UTF-8 regardless of any ---charset setting. This format is
+useful when GnuPG is called from scripts and other programs as it is
+easily machine parsed. The details of this format are documented in
+the file doc/DETAILS, which is included in the GnuPG source
+distribution.
 
 @item ---with-key-data
 Print key listings delimited by colons (like ---with-colons) and print the public key data.
@@ -1433,6 +1455,7 @@ Set the list of personal digest preferences to @code{string}, this list
 should be a string similar to the one printed by the command "pref" in
 the edit menu. This allows the user to factor in their own preferred
 algorithms when algorithms are chosen via recipient key preferences.
+The default value is "H2" indicating SHA-1.
 
 @item ---personal-compress-preferences @code{string}
 Set the list of personal compression preferences to @code{string}, this

g10/ChangeLog

@@ -1,3 +1,8 @@
+2003-08-21  Werner Koch  <wk@gnupg.org>
+
+	* keyserver.c (keyserver_search_prompt): Flush stdout before
+	issuing the prompt.  Requested by Todd Vierling.
+
 2003-08-18  David Shaw  <dshaw@jabberwocky.com>
 
 	* options.skel: Note that keyserver.pgp.com isn't synchronized,

g10/keyserver.c

@@ -1,5 +1,5 @@
 /* keyserver.c - generic keyserver code
- * Copyright (C) 2001, 2002 Free Software Foundation, Inc.
+ * Copyright (C) 2001, 2002, 2003 Free Software Foundation, Inc.
  *
  * This file is part of GnuPG.
  *
@@ -1088,6 +1088,9 @@ keyserver_search_prompt(IOBUF buffer,int count,const char *searchstr)
 
       if(i%10==0 || rl==0)
 	{
+          /* A flush doesn't change anything but might be helpful for 
+             some applications. */
+          fflush (stdout);
 	  answer=cpr_get_no_help("keysearch.prompt",
 				 _("Enter number(s), N)ext, or Q)uit > "));
 	  /* control-d */