generate_subkeypair): New is_subkey argument to set whether a generated
key is a subkey. Do not overload the ret_sk. This is some early cleanup
to do backsigs for signing subkeys.
for the first time.
* build-packet.c (do_comment, do_user_id): Try for a headerlen of 2 since
that's the smallest and most likely encoding for these packets
* keyedit.c (menu_addrevoker): Allow appointing a subkey as a designated
revoker if the user forces it via keyid!, so long as the subkey can
certify. Also use the proper date string when prompting for confirmation.
* mainproc.c (check_sig_and_print): track whether we are
retrieving a key.
* status.c (status_currently_allowed): New.
(write_status_text, write_status_text_and_buffer): Use it here.
* options.h, g10.c (main), keyedit.c (sign_keys): Add --ask-cert-level
option to enable cert level prompts during sigs. Defaults to on.
Simplify --default-cert-check-level to --default-cert-level. If
ask-cert-level is off, or batch is on, use the default-cert-level as the
cert level.
* options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Simplify
--min-cert-check-level to --min-cert-level.
--min-cert-check-level option to specify minimum cert check level.
Defaults to 1 (so no sigs are ignored). 0x10 sigs cannot be ignored.
* options.h, g10.c (main), plaintext.c (handle_plaintext): Add
--max-output option to help people deal with decompression bombs.
along with a zero length, interpret this as an actual zero length packet
and not as an indeterminate length packet. (do_comment, do_user_id): Use
it here as these packets might be naturally zero length.
* parse-packet.c (parse): Show packet type when failing due to an
indeterminate length packet.
key, a revocation key set in a direct key signature, and a revocation from
that revocation key, all arrive piecemeal. Needless to say, this is pretty
obscure.
other xxxx_algo_to_string() functions.
* mainproc.c (list_node): Minor spacing tweak to match --list-keys output.
* keylist.c (list_keyblock_print), mainproc.c (list_node): Mark revoked
subkeys as revoked. Requested by Matthew Wilcox. Make revoked and
expired tags translatable (they are already translated elsewhere).
Revoked overrides expiration when both apply.
* keyedit.c (show_prefs): Use compress algo constants.
(show_basic_key_info): Make revoked and expired tags translatable
(show_key_with_all_names): Revoked overrides expired when both apply.
* packet.h, keyedit.c (show_key_with_all_names_colon), keylist.c
(list_keyblock_colon), mainproc.c (list_node, proc_tree): Minor cleanup to
remove local_id, which is no longer used.
group. (add_group): When adding a group with the same name as an already
existing group, merge the two groups. (list_config): Show an error message
when listing a config item that doesn't exist.
PK_UID_CACHE_SIZE (set in ./configure).
* getkey.c (get_pubkey): When reading key data into the cache, properly
handle keys that are partially (pk, no UIDs) cached already. This is
Debian bug #176425 and #229549.
inside a compressed data packet. This is possibly dangerous without an
MDC. (push_compress_filter2): Do the right thing (i.e. nothing) with
compress algo 0.
* main.h, decrypt.c (decrypt_messages): Accept filenames to decrypt on
stdin. This is bug #253.
string. (main): Use it here to pass list_config() more than one argument
as a single string. (print_algo_numbers): Helper to print algorithm
numbers. (list_config): Use it here for "pubkey", "cipher",
"hash"/"digest", and "compress" config options.
optional "sensitive" argument. Remind that $GNUPGHOME can be used instead
of --homedir. Clarify --no-default-keyring, and note why it may not take
effect if there are no other keyrings present. Remove --pgp2 from the
list of --pgpXes that are just for bad preference lists. Explain more why
locking memory pages is good.
* getkey.c (merge_selfsigs_main): Don't bother to check designated revoker
sigs if the key is already revoked.
* packet.h, getkey.c (merge_selfsigs_main): New "maybe_revoked" flag on
PKs. It is set when there is a revocation signature from a valid
revocation key, but the revocation key is not present to verify the
signature.
* pkclist.c (check_signatures_trust): Use it here to give a warning when
showing key trust.
* compress-bz2.c: Include stdio.h. Solaris 9 has a very old bzip2 library
and we can at least guarantee that it won't fail because of the lack of
stdio.h.