security-and-privacy/gnupg
security-and-privacy
/
gnupg
mirror of git://git.gnupg.org/gnupg.git
1
0
Fork 0
Code Releases Activity

* parse-packet.c (parse_signature): No need to reserve 8 bytes for the 

unhashed signature cache any longer.

* misc.c (pct_expando): Add two new expandos - signer's fingerprint (%g),
and signer's primary fingerprint (%p).

* Makefile.am: Include W32LIBS where appropriate.

* g10.c (main): Add --rfc2440 alias for --openpgp since in a few months,
they won't be the same thing.

* keyserver.c (parse_keyserver_uri): Accept "http" as an alias for "hkp",
since it is occasionally written that way. (keyserver_spawn): Use
ascii_isspace to avoid locale issues.

* keygen.c (ask_user_id): Make --allow-freeform-uid apply to the email
field as well as the name field, and allow mixing fields when it is set.

* options.skel: Use subkeys.pgp.net as the default keyserver.

* trustdb.c (validate_one_keyblock): Certifications on revoked or expired
uids do not count in the web of trust.

* signal.c (init_one_signal, pause_on_sigusr, do_block): Only use
sigprocmask() if we have sigset_t, and only use sigaction() if we have
struct sigaction.  This is for Forte c89 on Solaris which seems to define
only the function call half of the two pairs by default.
(pause_on_sigusr): Typo. (do_block): If we can't use sigprocmask() and
sigset_t, try to get the number of signals from NSIG as well as MAXSIG,
and if we can't, fail with an explanation.

* signal.c, tdbio.c: Comment out the transaction code.  It was not used in
this version, and was causing some build problems on quasi-posix platforms
(Solaris and Forte c89).

* keylist.c (list_keyblock_colon): Don't include validity values when
listing secret keys since they can be incorrect and/or misleading.  This
is a temporary kludge, and will be handled properly in 1.9/2.0.

* mainproc.c (check_sig_and_print): Only show the "key available from"
preferred keyserver line if the key is not currently present.

* keyedit.c (sign_uids): Do not sign expired uids without --expert (same
behavior as revoked uids).  Do not allow signing a user ID without a
self-signature.  --expert overrides.  Add additional prompt to the
signature level question. (menu_expire): When changing expiration dates,
don't replace selfsigs on revoked uids since this would effectively
unrevoke them. There is also no point in replacing expired selfsigs.
This is bug #181

* g10.c (add_notation_data): Make sure that only ascii is passed to
iscntrl.  Noted by Christian Biere.

* getkey.c (classify_user_id2): Replaced isspace by spacep

* keygen.c (ask_user_id): Ditto. (get_parameter_algo): Ditto.

* keyedit.c (keyedit_menu): Ditto.

* tdbdump.c (import_ownertrust): Ditto.  s/isxdigit/hexdigitp/.

* revoke.c (ask_revocation_reason):

* keyserver.c (keyserver_spawn): Dito.
This commit is contained in:
David Shaw 2003-07-10 14:30:07 +00:00
parent 3bc9e79103
commit f4617d97b8
17 changed files with 237 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

70
g10/ChangeLog
View File

@ -1,3 +1,73 @@
2003-07-10 David Shaw <dshaw@jabberwocky.com>
* parse-packet.c (parse_signature): No need to reserve 8 bytes for
the unhashed signature cache any longer.
* misc.c (pct_expando): Add two new expandos - signer's
fingerprint (%g), and signer's primary fingerprint (%p).
* Makefile.am: Include W32LIBS where appropriate.
* g10.c (main): Add --rfc2440 alias for --openpgp since in a few
months, they won't be the same thing.
* keyserver.c (parse_keyserver_uri): Accept "http" as an alias for
"hkp", since it is occasionally written that way.
(keyserver_spawn): Use ascii_isspace to avoid locale issues.
* keygen.c (ask_user_id): Make --allow-freeform-uid apply to the
email field as well as the name field, and allow mixing fields
when it is set.
* options.skel: Use subkeys.pgp.net as the default keyserver.
* trustdb.c (validate_one_keyblock): Certifications on revoked or
expired uids do not count in the web of trust.
* signal.c (init_one_signal, pause_on_sigusr, do_block): Only use
sigprocmask() if we have sigset_t, and only use sigaction() if we
have struct sigaction. This is for Forte c89 on Solaris which
seems to define only the function call half of the two pairs by
default.
(pause_on_sigusr): Typo.
(do_block): If we can't use sigprocmask() and sigset_t, try to get
the number of signals from NSIG as well as MAXSIG, and if we
can't, fail with an explanation.
* signal.c, tdbio.c: Comment out the transaction code. It was not
used in this version, and was causing some build problems on
quasi-posix platforms (Solaris and Forte c89).
* keylist.c (list_keyblock_colon): Don't include validity values
when listing secret keys since they can be incorrect and/or
misleading. This is a temporary kludge, and will be handled
properly in 1.9/2.0.
* mainproc.c (check_sig_and_print): Only show the "key available
from" preferred keyserver line if the key is not currently
present.
* keyedit.c (sign_uids): Do not sign expired uids without --expert
(same behavior as revoked uids). Do not allow signing a user ID
without a self-signature. --expert overrides. Add additional
prompt to the signature level question.
(menu_expire): When changing expiration dates, don't replace
selfsigs on revoked uids since this would effectively unrevoke
them. There is also no point in replacing expired selfsigs. This
is bug #181
2003-07-10 David Shaw <dshaw@jabberwocky.com> (from Werner on stable branch)
* g10.c (add_notation_data): Make sure that only ascii is passed
to iscntrl. Noted by Christian Biere.
* getkey.c (classify_user_id2): Replaced isspace by spacep
* keygen.c (ask_user_id): Ditto.
(get_parameter_algo): Ditto.
* keyedit.c (keyedit_menu): Ditto.
* tdbdump.c (import_ownertrust): Ditto. s/isxdigit/hexdigitp/.
* revoke.c (ask_revocation_reason):
* keyserver.c (keyserver_spawn): Dito.
2003-06-10 Werner Koch <wk@gnupg.org>
* parse-packet.c (parse): Disallow old style partial length for

2
g10/Makefile.am
View File

@ -106,7 +106,7 @@ gpgv_SOURCES = gpgv.c \
# ks-db.h \
# $(common_source)
LDADD = $(needed_libs) @INTLLIBS@ @CAPLIBS@ @ZLIBS@
LDADD = $(needed_libs) @INTLLIBS@ @CAPLIBS@ @ZLIBS@ @W32LIBS@
# gpg gets LIBOBJS to add in mkdtemp if the platform doesn't have it
gpg_LDADD = @LIBOBJS@ $(LDADD) @DLLIBS@ @EGDLIBS@

9
g10/g10.c
View File

@ -171,6 +171,7 @@ enum cmd_and_opt_values { aNull = 0,
oLoadExtension,
oGnuPG,
oRFC1991,
oRFC2440,
oOpenPGP,
oPGP2,
oPGP6,
@ -465,6 +466,7 @@ static ARGPARSE_OPTS opts[] = {
{ oGnuPG, "no-pgp7", 0, "@"},
{ oGnuPG, "no-pgp8", 0, "@"},
{ oRFC1991, "rfc1991", 0, N_("emulate the mode described in RFC1991")},
{ oRFC2440, "rfc2440", 0, "@" },
{ oOpenPGP, "openpgp", 0, N_("set all packet, cipher and digest options to OpenPGP behavior")},
{ oPGP2, "pgp2", 0, N_("set all packet, cipher and digest options to PGP 2.x behavior")},
{ oPGP6, "pgp6", 0, "@"},
@ -1543,6 +1545,7 @@ main( int argc, char **argv )
opt.disable_mdc = 1;
opt.escape_from = 1;
break;
case oRFC2440:
case oOpenPGP:
/* TODO: When 2440bis becomes a RFC, these may need
changing. */
@ -3088,13 +3091,13 @@ add_notation_data( const char *string, int which )
/* we only support printable text - therefore we enforce the use
* of only printable characters (an empty value is valid) */
for( s++; *s ; s++ ) {
if( iscntrl(*s) ) {
if ((*s & 0x80))
highbit = 1;
else if (iscntrl(*s)) {
log_error(_("a notation value must not use "
"any control characters\n") );
return;
}
else if( *s & 0x80 )
highbit = 1;
}
if( highbit ) /* must use UTF8 encoding */

4
g10/getkey.c
View File

@ -570,7 +570,7 @@ classify_user_id( const char *name, KEYDB_SEARCH_DESC *desc )
memset (desc, 0, sizeof *desc);
/* skip leading spaces. Fixme: what is with trailing spaces? */
for(s = name; *s && isspace(*s); s++ )
for(s = name; *s && spacep (s); s++ )
;
switch (*s) {
@ -651,7 +651,7 @@ classify_user_id( const char *name, KEYDB_SEARCH_DESC *desc )
}
/* check if a hexadecimal number is terminated by EOS or blank */
if (hexlength && s[hexlength] && !isspace(s[hexlength])) {
if (hexlength && s[hexlength] && !spacep(s+hexlength)) {
if (hexprefix) /* a "0x" prefix without correct */
return 0; /* termination is an error */
else /* The first chars looked like */

51
g10/keyedit.c
View File

@ -498,10 +498,46 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
tty_printf(_(" Unable to sign.\n"));
}
}
else if(!uidnode->pkt->pkt.user_id->created)
else if(uidnode->pkt->pkt.user_id->is_expired)
{
tty_printf(_("WARNING: user ID \"%s\" is not "
"self-signed.\n"),user);
tty_printf(_("User ID \"%s\" is expired."),user);
if(opt.expert)
{
tty_printf("\n");
/* No, so remove the mark and continue */
if(!cpr_get_answer_is_yes("sign_uid.expire_okay",
_("Are you sure you "
"still want to sign "
"it? (y/N) ")))
uidnode->flag &= ~NODFLG_MARK_A;
}
else
{
uidnode->flag &= ~NODFLG_MARK_A;
tty_printf(_(" Unable to sign.\n"));
}
}
else if(!uidnode->pkt->pkt.user_id->created && !selfsig)
{
tty_printf(_("User ID \"%s\" is not self-signed."),
user);
if(opt.expert)
{
tty_printf("\n");
/* No, so remove the mark and continue */
if(!cpr_get_answer_is_yes("sign_uid.nosig_okay",
_("Are you sure you "
"still want to sign "
"it? (y/N) ")))
uidnode->flag &= ~NODFLG_MARK_A;
}
else
{
uidnode->flag &= ~NODFLG_MARK_A;
tty_printf(_(" Unable to sign.\n"));
}
}
m_free(user);
@ -737,8 +773,8 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified,
while(class==0)
{
answer = cpr_get("sign_uid.class",_("Your selection? "));
answer = cpr_get("sign_uid.class",_("Your selection? "
"(enter '?' for more information): "));
if(answer[0]=='\0')
class=0x10+opt.def_cert_check_level; /* Default */
else if(ascii_strcasecmp(answer,"0")==0)
@ -1232,7 +1268,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands,
cmd = cmdLIST;
else if( *answer == CONTROL_D )
cmd = cmdQUIT;
else if( isdigit( *answer ) ) {
else if( digitp(answer ) ) {
cmd = cmdSELUID;
arg_number = atoi(answer);
}
@ -2782,7 +2818,8 @@ menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock )
&& ( mainkey || sub_pk ) ) {
PKT_signature *sig = node->pkt->pkt.signature;
if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1]
&& ( (mainkey && uid && (sig->sig_class&~3) == 0x10)
&& ( (mainkey && uid
&& uid->created && (sig->sig_class&~3) == 0x10)
|| (!mainkey && sig->sig_class == 0x18) ) ) {
/* this is a selfsignature which is to be replaced */
PKT_signature *newsig;

13
g10/keygen.c
View File

@ -993,10 +993,10 @@ gen_rsa(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek,
static int
check_valid_days( const char *s )
{
if( !isdigit(*s) )
if( !digitp(s) )
return 0;
for( s++; *s; s++)
if( !isdigit(*s) )
if( !digitp(s) )
break;
if( !*s )
return 1;
@ -1330,7 +1330,7 @@ ask_user_id( int mode )
if( strpbrk( aname, "<>" ) )
tty_printf(_("Invalid character in name\n"));
else if( isdigit(*aname) )
else if( digitp(aname) )
tty_printf(_("Name may not start with a digit\n"));
else if( strlen(aname) < 5 )
tty_printf(_("Name must be at least 5 characters long\n"));
@ -1344,7 +1344,7 @@ ask_user_id( int mode )
amail = cpr_get("keygen.email",_("Email address: "));
trim_spaces(amail);
cpr_kill_prompt();
if( !*amail )
if( !*amail || opt.allow_freeform_uid )
break; /* no email address is okay */
else if( has_invalid_email_chars(amail)
|| string_count_chr(amail,'@') != 1
@ -1397,7 +1397,8 @@ ask_user_id( int mode )
tty_printf(_("You selected this USER-ID:\n \"%s\"\n\n"), uid);
/* fixme: add a warning if this user-id already exists */
if( !*amail && (strchr( aname, '@' ) || strchr( acomment, '@'))) {
if( !*amail && !opt.allow_freeform_uid
&& (strchr( aname, '@' ) || strchr( acomment, '@'))) {
fail = 1;
tty_printf(_("Please don't put the email address "
"into the real name or the comment\n") );
@ -1600,7 +1601,7 @@ get_parameter_algo( struct para_data_s *para, enum para_name key )
struct para_data_s *r = get_parameter( para, key );
if( !r )
return -1;
if( isdigit( *r->u.value ) )
if( digitp( r->u.value ) )
i = atoi( r->u.value );
else
i = string_to_pubkey_algo( r->u.value );

14
g10/keylist.c
View File

@ -161,7 +161,7 @@ show_policy_url(PKT_signature *sig,int indent,int mode)
mode=1 for log_info + status messages
mode=2 for status messages only
*/
/* TODO: use this */
void
show_keyserver_url(PKT_signature *sig,int indent,int mode)
{
@ -838,7 +838,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
pk = NULL;
sk = node->pkt->pkt.secret_key;
keyid_from_sk( sk, keyid );
printf("sec:u:%u:%d:%08lX%08lX:%s:%s:::",
printf("sec::%u:%d:%08lX%08lX:%s:%s:::",
nbits_from_sk( sk ),
sk->pubkey_algo,
(ulong)keyid[0],(ulong)keyid[1],
@ -904,13 +904,17 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr )
if( any ) {
int i;
char *str=uid->attrib_data?"uat":"uid";
if ( uid->is_revoked )
/* If we're listing a secret key, leave out the
validity values for now. This is handled better in
1.9. */
if ( sk )
printf("%s:::::",str);
else if ( uid->is_revoked )
printf("%s:r::::",str);
else if ( uid->is_expired )
printf("%s:e::::",str);
else if ( opt.no_expensive_trust_checks ) {
else if ( opt.no_expensive_trust_checks )
printf("%s:::::",str);
}
else {
int uid_validity;

9
g10/keyserver.c
View File

@ -168,7 +168,8 @@ parse_keyserver_uri(char *uri,const char *configname,unsigned int configlineno)
opt.keyserver_scheme="hkp";
opt.keyserver_options.broken_http_proxy=1;
}
else if(ascii_strcasecmp(opt.keyserver_scheme,"x-hkp")==0)
else if(ascii_strcasecmp(opt.keyserver_scheme,"x-hkp")==0
|| ascii_strcasecmp(opt.keyserver_scheme,"http")==0)
{
/* Canonicalize this to "hkp" so it works with both the internal
and external keyserver interface. */
@ -201,7 +202,7 @@ parse_keyserver_uri(char *uri,const char *configname,unsigned int configlineno)
ch=opt.keyserver_port;
while(*ch!='\0')
{
if(!isdigit(*ch))
if(!digitp(ch))
return G10ERR_BAD_URI;
ch++;
@ -338,7 +339,7 @@ parse_keyrec(char *keystring)
/* Remove trailing whitespace */
for(i=strlen(keystring);i>0;i--)
if(isspace(keystring[i-1]))
if(ascii_isspace(keystring[i-1]))
keystring[i-1]='\0';
else
break;
@ -976,7 +977,7 @@ keyserver_spawn(int action,STRLIST list,
/* remove trailing whitespace */
plen=strlen(ptr);
while(plen>0 && isspace(ptr[plen-1]))
while(plen>0 && ascii_isspace(ptr[plen-1]))
plen--;
plen[ptr]='\0';

27
g10/mainproc.c
View File

@ -1278,6 +1278,28 @@ check_sig_and_print( CTX c, KBNODE node )
if( keyserver_import_keyid ( sig->keyid )==0 )
rc = do_check_sig(c, node, NULL, &is_expkey );
}
/* If the key still isn't found, try to inform the user where it
can be found. */
if(rc==G10ERR_NO_PUBKEY && opt.verify_options&VERIFY_SHOW_KEYSERVER)
{
const byte *p;
int seq=0;
size_t n;
while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&n,&seq,NULL)))
{
/* According to my favorite copy editor, in English
grammar, you say "at" if the key is located on a web
page, but "from" if it is located on a keyserver. I'm
not going to even try to make two strings here :) */
log_info(_("Key available at: ") );
print_string( log_stream(), p, n, 0 );
putc( '\n', log_stream() );
}
}
if( !rc || rc == G10ERR_BAD_SIGN ) {
KBNODE un, keyblock;
int count=0, statno;
@ -1411,11 +1433,6 @@ check_sig_and_print( CTX c, KBNODE node )
show_notation(sig,0,1);
else
show_notation(sig,0,2);
if(opt.verify_options&VERIFY_SHOW_KEYSERVER)
show_keyserver_url(sig,0,1);
else
show_keyserver_url(sig,0,2);
}
if( !rc && is_status_enabled() ) {

30
g10/misc.c
View File

@ -322,6 +322,8 @@ pct_expando(const char *string,struct expando_args *args)
if(args->sk)
keyid_from_sk(args->sk,sk_keyid);
/* This is used so that %k works in photoid command strings in
--list-secret-keys (which of course has a sk, but no pk). */
if(!args->pk && args->sk)
keyid_from_sk(args->sk,pk_keyid);
@ -383,16 +385,38 @@ pct_expando(const char *string,struct expando_args *args)
}
break;
case 'f': /* fingerprint */
case 'p': /* primary pk fingerprint of a sk */
case 'f': /* pk fingerprint */
case 'g': /* sk fingerprint */
{
byte array[MAX_FINGERPRINT_LEN];
size_t len;
int i;
if(args->pk)
if((*(ch+1))=='p' && args->sk)
{
if(args->sk->is_primary)
fingerprint_from_sk(args->sk,array,&len);
else if(args->sk->main_keyid[0] || args->sk->main_keyid[1])
{
PKT_public_key *pk=
m_alloc_clear(sizeof(PKT_public_key));
if(get_pubkey_fast(pk,args->sk->main_keyid)==0)
fingerprint_from_pk(pk,array,&len);
else
memset(array,0,(len=MAX_FINGERPRINT_LEN));
free_public_key(pk);
}
else
memset(array,0,(len=MAX_FINGERPRINT_LEN));
}
else if((*(ch+1))=='f' && args->pk)
fingerprint_from_pk(args->pk,array,&len);
else if((*(ch+1))=='g' && args->sk)
fingerprint_from_sk(args->sk,array,&len);
else
memset(array,0, (len=MAX_FINGERPRINT_LEN));
memset(array,0,(len=MAX_FINGERPRINT_LEN));
if(idx+(len*2)<maxlen)
{

6
g10/options.skel
View File

@ -90,7 +90,7 @@
# support).
#
# Example HKP keyserver:
# x-hkp://subkeys.pgp.net
# hkp://subkeys.pgp.net
#
# Example email keyserver:
# mailto:pgp-public-keys@keys.pgp.net
@ -101,7 +101,7 @@
#
# Regular URL syntax applies, and you can set an alternate port
# through the usual method:
# x-hkp://keyserver.example.net:22742
# hkp://keyserver.example.net:22742
#
# If you have problems connecting to a HKP server through a buggy http
# proxy, you can use keyserver option broken-http-proxy (see below),
@ -112,7 +112,7 @@
# Most servers do synchronize with each other and DNS round-robin may
# give you a quasi-random server each time.
#keyserver x-hkp://subkeys.pgp.net
keyserver hkp://subkeys.pgp.net
#keyserver mailto:pgp-public-keys@keys.nl.pgp.net
#keyserver ldap://pgp.surfnet.nl:11370
#keyserver ldap://keyserver.pgp.com

7
g10/parse-packet.c
View File

@ -1245,11 +1245,8 @@ parse_signature( IOBUF inp, int pkttype, unsigned long pktlen,
goto leave;
}
if( n ) {
/* we add 8 extra bytes so that we have space for the signature
* status cache. Well we are wasting this if there is a cache
* packet already, but in the other case it avoids an realloc */
sig->unhashed = m_alloc (sizeof(*sig->unhashed) + n + 8 - 1 );
sig->unhashed->size = n + 8;
sig->unhashed = m_alloc (sizeof(*sig->unhashed) + n - 1 );
sig->unhashed->size = n;
sig->unhashed->len = n;
if( iobuf_read(inp, sig->unhashed->data, n ) != n ) {
log_error("premature eof while reading "

2
g10/revoke.c
View File

@ -608,7 +608,7 @@ ask_revocation_reason( int key_rev, int cert_rev, int hint )
return NULL; /* cancel */
if( hint && !*answer )
n = hint;
else if(!isdigit( *answer ) )
else if(!digitp( answer ) )
n = -1;
else
n = atoi(answer);

37
g10/signal.c
View File

@ -1,5 +1,5 @@
/* signal.c - signal handling
* Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc.
* Copyright (C) 1998, 1999, 2000, 2001, 2003 Free Software Foundation, Inc.
*
* This file is part of GnuPG.
*
@ -34,7 +34,6 @@
#include "main.h"
#include "ttyio.h"
static volatile int caught_fatal_sig = 0;
static volatile int caught_sigusr1 = 0;
@ -42,7 +41,7 @@ static void
init_one_signal (int sig, RETSIGTYPE (*handler)(int), int check_ign )
{
#ifndef HAVE_DOSISH_SYSTEM
#ifdef HAVE_SIGACTION
#if defined(HAVE_SIGACTION) && defined(HAVE_STRUCT_SIGACTION)
struct sigaction oact, nact;
if (check_ign) {
@ -132,7 +131,7 @@ void
pause_on_sigusr( int which )
{
#ifndef HAVE_DOSISH_SYSTEM
#ifdef HAVE_SIGPROCMASK
#if defined(HAVE_SIGPROCMASK) && defined(HAVE_SIGSET_T)
sigset_t mask, oldmask;
assert( which == 1 );
@ -150,18 +149,19 @@ pause_on_sigusr( int which )
while (!caught_sigusr1)
sigpause(SIGUSR1);
caught_sigusr1 = 0;
sigrelse(SIGUSR1); ????
#endif /*!HAVE_SIGPROCMASK*/
sigrelse(SIGUSR1);
#endif /*! HAVE_SIGPROCMASK && HAVE_SIGSET_T */
#endif
}
/* Disabled - see comment in tdbio.c:tdbio_begin_transaction() */
#if 0
static void
do_block( int block )
{
#ifndef HAVE_DOSISH_SYSTEM
static int is_blocked;
#ifdef HAVE_SIGPROCMASK
#if defined(HAVE_SIGPROCMASK) && defined(HAVE_SIGSET_T)
static sigset_t oldmask;
if( block ) {
@ -179,14 +179,23 @@ do_block( int block )
sigprocmask( SIG_SETMASK, &oldmask, NULL );
is_blocked = 0;
}
#else /*!HAVE_SIGPROCMASK*/
static void (*disposition[MAXSIG])();
#else /*! HAVE_SIGPROCMASK && HAVE_SIGSET_T */
#if defined(NSIG)
#define SIGSMAX (NSIG)
#elif defined(MAXSIG)
#define SIGSMAX (MAXSIG+1)
#else
#error "define SIGSMAX to the number of signals on your platform plus one"
#endif
static void (*disposition[SIGSMAX])(int);
int sig;
if( block ) {
if( is_blocked )
log_bug("signals are already blocked\n");
for (sig=1; sig < MAXSIG; sig++) {
for (sig=1; sig < SIGSMAX; sig++) {
disposition[sig] = sigset (sig, SIG_HOLD);
}
is_blocked = 1;
@ -194,16 +203,15 @@ do_block( int block )
else {
if( !is_blocked )
log_bug("signals are not blocked\n");
for (sig=1; sig < MAXSIG; sig++) {
for (sig=1; sig < SIGSMAX; sig++) {
sigset (sig, disposition[sig]);
}
is_blocked = 0;
}
#endif /*!HAVE_SIGPROCMASK*/
#endif /*! HAVE_SIGPROCMASK && HAVE_SIGSET_T */
#endif /*HAVE_DOSISH_SYSTEM*/
}
void
block_all_signals()
{
@ -215,3 +223,4 @@ unblock_all_signals()
{
do_block(0);
}
#endif

2
g10/tdbdump.c
View File

@ -153,7 +153,7 @@ import_ownertrust( const char *fname )
break; /* can't continue */
}
for(p = line; *p && *p != ':' ; p++ )
if( !isxdigit(*p) )
if( !hexdigitp(p) )
break;
if( *p != ':' ) {
log_error_f(fname, _("error: missing colon\n") );

6
g10/tdbio.c
View File

@ -332,7 +332,9 @@ tdbio_sync()
return 0;
}
#if 0
/* The transaction code is disabled in the 1.2.x branch, as it is not
yet used. It will be enabled in 1.3.x. */
/****************
* Simple transactions system:
@ -402,7 +404,7 @@ tdbio_cancel_transaction()
in_transaction = 0;
return 0;
}
#endif
/********************************************************

17
g10/trustdb.c
View File

@ -1572,10 +1572,14 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
signed (but not self-signed) uid does carry trust, of a sort,
even if it is a statement being made by people other than the
key owner "through" the uids on the key owner's key. I'm
going with the latter. -dshaw */
going with the latter. However, if the user ID was
explicitly revoked, or passively allowed to expire, that
should stop validity through the user ID until it is
resigned. -dshaw */
/* && node->pkt->pkt.user_id->created) */
if (node->pkt->pkttype == PKT_USER_ID)
if (node->pkt->pkttype == PKT_USER_ID
&& !node->pkt->pkt.user_id->is_revoked
&& !node->pkt->pkt.user_id->is_expired)
{
if (uidnode && issigned)
{
@ -1589,12 +1593,11 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist,
}
uidnode = node;
uid=uidnode->pkt->pkt.user_id;
#if 0
/* If the selfsig is going to expire... This is disabled as
we do count un-self-signed uids in the web of trust. */
/* If the selfsig is going to expire... */
if(uid->expiredate && uid->expiredate<*next_expire)
*next_expire = uid->expiredate;
#endif
issigned = 0;
get_validity_counts(pk,uid);
mark_usable_uid_certs (kb, uidnode, main_kid, klist,