* sign.c (mk_notation_and_policy): Making a v3 signature with notations or
policy urls is an error, not an info (i.e. increment the errorcount).
Don't print the notation or policy url to stdout since it can be mixed
into the output stream when piping and munge the stream.
to work properly with RPM 4.1 (all files in buildroot must be packaged).
Package and install info files. Tweak the English description. Do not
install gpgv and gpgsplit setuid root.
Provide a signing-key-is-revoked flag. Change all callers.
* status.h, status.c (get_status_string): New REVKEYSIG status tag for a
good signature from a revoked key.
* mainproc.c (do_check_sig, check_sig_and_print): Use it here.
* import.c (import_revoke_cert, merge_blocks, merge_sigs): Compare actual
signatures on import rather than using keyid or class matching. This does
not change actual behavior with a key, but does mean that all sigs are
imported whether they will be used or not.
check_key_signature2): Allow passing NULLs for unused parameters in the x2
form of each function to avoid the need for dummy variables. getkey.c,
mainproc.c: Change all callers.
the primary key if the key making the signature is the primary key.
* parse-packet.c (parse_signature): No need to reserve 8 bytes for the
unhashed signature cache any longer.
the signature flags (1-3/L/R/P/N/X), Document expandos %g and %p. Note
the default --personal-digest-preferences are "H2".
* DETAILS: Document the --attribute-fd data.
and signer's primary fingerprint (%p).
* tdbio.h, tdbio.c (create_version_record, tdbio_write_nextcheck,
tdbio_read_record, tdbio_write_record): Force a 0 into the trust_model
field. This is to help smooth the 1.2->1.4 switchover, as otherwise a 1.4
trustdb could be rebuilt as classic on 1.2 while still claiming to be a
non-classic trust model.
This avoids a warning on compilers that support but complain about
unsigned long long.
* util.h (ascii_isspace): New variation on isspace() that is immune from
locale changes.
question. (menu_expire): When changing expiration dates, don't replace
selfsigs on revoked uids since this would effectively unrevoke them.
There is also no point in replacing expired selfsigs. This is bug #181.
* g10.c (main): Add --rfc2440 alias for --openpgp since in a few months,
they won't be the same thing.
* keyedit.c (sign_uids): Do not allow signing a user ID without a
self-signature. --expert overrides.
* options.skel: Use subkeys.pgp.net as the default keyserver.
* trustdb.c (validate_one_keyblock): Certifications on revoked or expired
uids do not count in the web of trust.
listing secret keys since they can be incorrect and/or misleading. This
is a temporary kludge, and will be handled properly in 1.9/2.0.
* signal.c (init_one_signal, pause_on_sigusr, do_block): Only use
sigprocmask() if we have sigset_t, and only use sigaction() if we have
struct sigaction. This is for Forte c89 on Solaris which seems to define
only the function call half of the two pairs by default.
(pause_on_sigusr): Typo. (do_block): If we can't use sigprocmask() and
sigset_t, try to get the number of signals from NSIG as well as MAXSIG,
and if we can't, fail with an explanation.
behavior as revoked uids).
* mainproc.c (print_notation_data, check_sig_and_print): Only show the
"key available from" preferred keyserver line if the key is not currently
present.
they at least handle subkeys correctly.
* mainproc.c (print_notation_data), parse-packet.c (dump_sig_subpkt,
parse_one_sig_subpkt, can_handle_critical): Add read-only support for
preferred keyserver subpackets. They're basically policy URLs with a
different name.
* g10.c (main): Add "--set-notation" as alias to "--notation-data" this is
to make things consistent with --set-policy-url meaning both sigs and
certs.