execution. --disable-exec implies --disable-ldap and --disable-mailto.
Also look in /usr/lib for sendmail. If sendmail is not found, do not
default - just fail.
* exec.c: Provide stubs for exec_ functions when NO_EXEC is defined.
functions to return data about an image.
* packet.h, parse-packet.c (make_attribute_uidname,
parse_attribute_subpkts, parse_attribute), photoid.h, photoid.c
(show_photos): Handle multiple images in a single attribute packet.
* main.h, misc.c (pct_expando), sign.c (mk_notation_and_policy), photoid.c
(show_photos): Simpler expando code that does not require using
compile-time string sizes. Call image_type_to_string to get image strings
(i.e. "jpg", "image/jpeg"). Change all callers.
* keyedit.c (menu_showphoto), keylist.c (list_keyblock_print): Allow
viewing multiple images within a single attribute packet.
* gpgv.c: Various stubs for link happiness.
Split "--notation-data" into "--cert-notation" and "--sig-notation" so the
user can set different policies for key and data signing. For backwards
compatibility, "--notation-data" sets both, as before.
* memory.c (alloc): Malloc at least 1 byte. Noted by Winona Brown.
g10/
* options.skel: Removed the comment on trusted-keys because this
option is now deprecated.
on a given key are legal.
* keyserver.c (keyserver_refresh): the fake v3 keyid hack applies to
"mailto" URLs as well since they are also served by pksd.
* g10.c, options.h: New options --display, --ttyname, --ttytype,
--lc-ctype, --lc-messages to be used with future versions of the
gpg-agent.
* passphrase.c (agent_send_option,agent_send_all_options): New.
(agent_open): Send options to the agent.
* trustdb.c (update_ownertrust, clear_ownertrust): Do an explicit
do_sync because revalidation_mark does it only if when the
timestamp actually changes.
/
* configure.ac: Check for locale.h and setlocale
fingerprint, etc.)
Do not print uncheckable signatures (missing key..) in --check-sigs.
Print statistics (N missing keys, etc.) after --check-sigs.
When signing a key with an expiration date on it, the "Do you want your
signature to expire at the same time?" question should default to YES
(handle_plaintext): Fix bug in handling literal packets with zero-length
data (no data was being confused with partial body length).
* misc.c (pct_expando), options.skel: %t means extension ("jpg"). %T means
MIME type ("image/jpeg").
* import.c (import_one): Only trigger trust update if the keyring is
actually changed.
* export.c (do_export_stream): Missing a m_free.
v3 keys is a MUST NOT.
* getkey.c (finish_lookup): The --pgp6 "use the primary key" behavior
should only apply while data signing and not encryption. Noted by Roger
Sondermann.
non-revoked user id.
* hkp.c (hkp_ask_import), keyserver.c (parse_keyserver_options,
keyserver_spawn), options.h: Remove fast-import keyserver option (no
longer meaningful).
* g10.c (main), keyedit.c (sign_uids), options.h: Change
--default-check-level to --default-cert-check-level as it makes clear what
it operates on.
* g10.c (main): --pgp6 also implies --no-ask-sig-expire.
* delkey.c (do_delete_key): Comment.
menu_expire, menu_revsig, menu_revkey): Only force a trustdb check if we
did something that changes it.
* g10.c: add "--auto-check-trustdb" to override a
"--no-auto-check-trustdb"
stamp was actually changed.
* trustdb.c (revalidation_mark): Sync the changes. Removed the
sync operation done by its callers.
(get_validity): Add logic for maintaining a pending_check flag.
(clear_ownertrust): New.
* keyedit.c (sign_uids): Don't call revalidation_mark depending on
primary_pk.
(keyedit_menu): Call revalidation_mark after "trust".
(show_key_with_all_names): Print a warning on the wrong listed key
validity.
* delkey.c (do_delete_key): Clear the owenertrust information when
deleting a public key.
past.
(validate_key_list): New arg curtime use it to set next_expire.
(validate_one_keyblock): Take the current time from the caller.
(clear_validity, reset_unconnected_keys): New.
(validate_keys): Reset all unconnected keys.
signatures that can expire. In short, the only thing that can override an
unexpired nonrevocable signature is another unexpired nonrevocable
signature.
* getkey.c (finish_lookup): Always use primary signing key for signatures
when --pgp6 is on since pgp6 and 7 do not understand signatures made by
signing subkeys.
for use with secret keys.
* seckey-cert.c (do_check): Always calculate the old checksum for
use after unprotection.
* g10.c, options.skel: New option --no-escape-from. Made
--escape-from and --force-v3-sigs the default and removed them
from the options skeleton.
draft-rfc2440-bis04.
* packet.h (PKT_secret_key): Add field sha1chk.
* seckey-cert.c (do_check): Check the SHA1 checksum
(protect_secret_key): And create it.
* build-packet.c (do_secret_key): Mark it as sha-1 protected.
* g10.c, options.h: New option --simple-sk-checksum.
at their expiration time and not one second later.
* keygen.c (proc_parameter_file): Allow specifying preferences string
(i.e. "s5 s2 z1 z2", etc) in a batchmode key generation file.
* keyedit.c (keyedit_menu): Print standard error message when signing a
revoked key (no new translation).
* getkey.c (merge_selfsigs): Get the default set of key prefs from the
real (not attribute) primary uid.
twice in batch mode if one instance was the default recipient and the
other was an encrypt-to. Noted by Stefan Bellon.
* parse-packet.c (dump_sig_subpkt): Show data in trust and regexp sig
subpackets.
* keyedit.c (keyedit_menu): Use new function real_uids_left to prevent
deleting the last real (i.e. non-attribute) uid. Again, according to the
attribute draft. (menu_showphoto): Make another string translatable.
and unhashed area on update. (find_subpkt): No longer needed.
* keyedit.c (sign_uids): With --pgp2 on, refuse to sign a v3 key with a v4
signature. As usual, --expert overrides. Try to tweak some strings to a
closer match so they can all be translated in one place. Use different
helptext keys to allow different help text for different questions.
* keygen.c (keygen_upd_std_prefs): Remove preferences from both hashed and
unhashed areas if they are not going to be used.
ID (in this version, it's always "jpeg"). Also tweak string expansion
loop to minimize reallocs.
* mainproc.c (do_check_sig): Variable type fix.
* keyedit.c (menu_set_primary_uid): Differentiate between true user IDs
and attribute user IDs when making one of them primary. That is, if we are
making a user ID primary, we alter user IDs. If we are making an attribute
packet primary, we alter attribute packets. This matches the language in
the latest attribute packet draft.
* keyedit.c (sign_uids): No need for the empty string hack.
* getkey.c (fixup_uidnode): Only accept preferences from the hashed
segment of the self-sig.
"deprecated-use-keyexpired-instead" to SIGEXPIRED.
Start transition from SIGEXPIRED to KEYEXPIRED, since the actual event is
signature verification by an expired key and not an expired signature.
Rename do_signature_check as signature_check2, make public, and change all
callers.
Use status EXPSIG for an expired, but good, signature. Add the expiration
time (or 0) to the VALIDSIG status line. Use status KEYEXPSIG for a good
signature from an expired key.
Remove checks for no arguments now that argparse does it.
Properly initialize the user ID refcount for user and photo IDs.
Tweak a few prompts to change "y/n" to "y/N", which is how most other
prompts are written.
Warn the user if they are about to revoke an expired sig (not a problem,
but they should know).
Control-d escapes the keyserver search prompt.
If a subkey is considered revoked solely because the parent key is
revoked, print the revocation reason from the parent key.
Allow revocation/expiration to apply to a uid/key with no entry in the
trustdb.
--allow-non-selfsigned-uid allows for completey unsigned uids).
Do not choose an attribute packet (i.e. photo) as primary uid. This
prevents oddities like "Good signature from [image of size 2671]". This
is still not perfect (one can still select an attribute packet as primary
in --edit), but is closer to the way the draft is going.
The algorithms list should include #110.
--pgp2 implies --no-ask-sig-expire and --no-ask-cert-expire as those would
cause a v4 sig/cert.
Be more lenient in what constitutes a valid armor header (i.e. -----BEGIN
blah blah-----) as some Windows programs seem to add spaces at the end.
--openpgp makes it strict again
If none of the uids are primary (because none are valid) then pick the
first to be primary (but still invalid). This is for cosmetics in case
some display needs to print a user ID from a non-selfsigned key. Also use
--allow-non-selfsigned-uid to make such a key valid and not
--always-trust. The key is *not* automatically trusted via
--allow-non-selfsigned-uid.
Make sure non-selfsigned uids print [uncertain] on verification even
though one is primary now.
If the main key is not valid, then neither are the subkeys.
Allow --allow-non-selfsigned-uid to work on completely unsigned keys.
Print the uids in UTF8. Remove mark_non_selfsigned_uids_valid()
Show revocation key as UTF8.
Allow --not-dash-escaped to work with v3 keys.
that has been revoked by designated revoker, but the designated revoker is
not present to verify the revocation (whew!). This applies to all ways to
get a key into the system: --import --recv-keys, and --search-keys. If
auto-key-retrieve is set, try and retrieve the revocation key.
Also, auto-key-retrieve is now a keyserver-option.
do not prompt for revocation reason for v3 revocations (unless
force-v4-certs is on) since they wouldn't be used anyway.
show the status of the sigs (exportable? revocable?) to the user before
prompting for which sig to revoke. Also, make sure that local signatures
get local revocations.
Add "exec-path" variable to override PATH for execing programs.
properly check return code from classify_user_id to catch unclassifiable
keys.
support. That is, it handles all the data to mark a key as revoked if it
has been revoked by a designated revoker. The second half (coming
later) will contain the code to make someones key your designated revoker
and to issue revocations for someone else.
Note that this is written so that a revoked revoker can still issue
revocations: i.e. If A revokes B, but A is revoked, B is still revoked.
I'm not completely convinced this is the proper behavior, but it matches
how PGP does it. It does at least have the advantage of much simpler code
- my first version of this had lots of loop maintaining code so you could
chain revokers many levels deep and if D was revoked, C was not, which
meant that B was, and so on. It was sort of scary, actually.
This also changes importing to allow bringing in more revocation keys, and
exporting to not export revocation keys marked "sensitive".
The --edit menu information will show if a revocation key is present.
KEYDB_SEARCH_DESC - no point in reinventing the wheel. This allows the
helper program to search the keyserver by fingerprint if desired (and the
keyserver supports it). Note that automatic fingerprint promotion during
refresh only applies to v4 keys as a v4 fingerprint can be easily changed
into a long or short key id, and a v3 cannot.
Take two copies of hextobyte() from pubkey-enc.c and getkey.c and make
them into one copy in misc.c.
keyservers).
Add KEYSERVER_NOT_SUPPORTED for unsupported actions (say, a keyserver that
has no way to search, or a readonly keyserver that has no way to add).
Also add a USE_EXTERNAL_HKP define to disable the internal HKP keyserver
code.
unknown and undefined trust. Removed the did_add cruft. Reported
by Janusz A. Urbanowicz.
* g10.c: New option --no-use-agent.
Hmmm, is this a a good name? --do-not-use-agent seems a bit to long.