--no-auto-key-locate.
* options.h, gpg.c (main): Keep track of each keyserver registered so
we can match on them later.
* keyserver-internal.h, keyserver.c (cmp_keyserver_spec,
keyserver_match), gpgv.c: New. Find a keyserver that matches ours and
return its spec.
* getkey.c (get_pubkey_byname): Use it here to get the per-keyserver
options from an earlier keyserver.
importing at -r time. The URL in the PKA record may point to a key put in
by an attacker. Fix is to use the fingerprint from the PKA record as the
recipient. This ensures that the PKA record is followed.
* keyserver-internal.h, keyserver.c (keyserver_import_pka): Return the
fingerprint we requested.
getkey.c:get_pubkey_byname which was getting crowded.
* keyserver.c (keyserver_import_cert): Import a key found in DNS via CERT
records. Can handle both the PGP (actual key) and IPGP (URL) CERT types.
* getkey.c (get_pubkey_byname): Call them both here.
* options.h, keyserver.c (parse_keyserver_options): Add
"auto-cert-retrieve" option with optional max size argument.
* keyserver-internal.h, keyserver.c (keyserver_spawn, keyserver_work,
keygerver_getname): New keyserver_getname function to fetch keys by name.
* getkey.c (get_pubkey_byname): Call it here to enable locating keys by
full mailbox from a keyserver a la PKA. Try PKA first, though, as it is
likely to be faster.
* openfile.c (ask_outfile_name): Enable readline completion when prompting
for an output filename.
* plaintext.c (ask_for_detached_datafile): Enable readline completion when
prompting for a detached sig datafile.
* card-util.c (card_status): Create asecret key stub on the fly
and print more information about a card key.
* import.c (pub_to_sec_keyblock, auto_create_card_key_stub): New.
* getkey.c (get_seckeyblock_byfprint): New.
* keylist.c (print_card_key_info): New.
initialization.
* gpgv.c (i18n_init) [W32]: Ditto.
* simple-gettext.c (set_gettext_file): Use MO files depending on
the installation directory. Add new arg REGKEY.
translatable string similar to trust_value_to_string. This allows for
easier lining up of displays.
* keyedit.c (show_key_with_all_names), keylist.c (list_keyblock_print):
Use it here to print validity strings.
* gpgv.c: Stub.
.. (maybe_create_keyring): .. new. Make sure that we do the checks in a
locked state. Problem reported by Stefan Haller. Try to create the home
directory before acquiring a lock for the keyring. From Werner on stable
branch.
* g10.c (main): Blow up if we didn't lose setuid. From Werner on stable
branch.
* misc.c (get_signature_count): New. Get the signature count from a
smartcard. (pct_expando): Call it here so the %c expando becomes the
number of signatures issued. This allows for notations or the like with
an automatic signature count.
* ccid-driver.c (usb_get_string_simple): Replacement function to work with
older libusb.
keyservers, and auto-key-retrieve is set, try and get a missing key from
the preferred keyserver subpacket when we verify the sig.
* gpgv.c (parse_preferred_keyserver, free_keyserver_spec): Stubs.
* keyserver.c (keyidlist): Use new parse_preferred_keyserver function.
(keyserver_work): Use the passed-in keyserver spec rather than the options
global one.
* keyserver-internal.h, keyserver.c (parse_preferred_keyserver): New
function to take a sig and return a split out keyserver_spec.
(keyserver_import_keyid): Now takes a keyserver_spec.
requested.
(genkey_status_cb): New.
(agent_scd_genkey): Implemented.
* keygen.c (generate_keypair): New arg CARD_SERIALNO and prepare
parameters for on card key generation. Changed all callers.
(do_generate_keypair): Add new arg card and merged casrd specific
changes from 1.9.
(proc_parameter_file): New arg card, apss it down to
do_generate_keypair and changed all callers.
(gen_card_key): New.
* g10.c: Include cardclue.h.
(main): s/app_set_default_reader_port/card_set_reader_port/.
* cardglue.c (card_set_reader_port): New to address include file
issues.
* trustdb.c (get_validity): Move the up-to-date check to
check_trustdb_stale (new), so that it can be called before validity is
checked.
* keylist.c (list_keyblock_print): Disable the overall key validity
display until it can be thought about more. Use check_trustdb_stale here
to avoid putting the check warning in the middle of a listed key.
* trustdb.c (init_trustdb): Only verify_own_keys() for those trust models
that it applies to (i.e. classic and OpenPGP).
* g10.c (main): Disable use-agent if passphrase-fd is given later.
Suggested by Kurt Garloff.
* exec.c, g10.c, gpgv.c, passphrase.c, photoid.c: s/__MINGW32__/_WIN32/ to
help building on native Windows compilers. Requested by Brian Gladman.
From Werner on stable branch.
* options.skel: Note that keyserver.pgp.com isn't synchronized, and
explain the roundrobin a bit better.
* sig-check.c (check_key_signature2), import.c (import_one,
import_revoke_cert, chk_self_sigs, delete_inv_parts, collapse_uids,
merge_blocks): Make much quieter during import of slightly munged, but
recoverable, keys. Use log_error for unrecoverable import failures.
* keyring.c (keyring_rebuild_cache): Comment.
* sign.c (mk_notation_and_policy): Making a v3 signature with notations or
policy urls is an error, not an info (i.e. increment the errorcount).
Don't print the notation or policy url to stdout since it can be mixed
into the output stream when piping and munge the stream.
(ask_algo): Provide key flags for DSA, Elgamal_e, and Elgamal subkeys.
(generate_keypair): Provide key flags for the default DSA/Elgamal keys.
* sig-check.c (signature_check, signature_check2, check_key_signature,
check_key_signature2): Allow passing NULLs for unused parameters in the x2
form of each function to avoid the need for dummy variables. getkey.c,
mainproc.c: Change all callers.
* trustdb.h, trustdb.c (read_trust_options): New. Returns items from the
trustdb version record.
* keylist.c (public_key_list): Use it here for the new "tru" record.
* gpgv.c (read_trust_options): Stub.
"show-validity" and "show-long-keyid" list-options.
* gpgv.c (get_validity, trust_value_to_string): Stubs.
* g10.c (main): Use SAFE_VERSION instead of VERSION in the
version-specific gpg.conf file so it can be overridden on RISCOS.
getkey.c, keydb.c, openfile.c, plaintext.c, status.c, gpgv.c, keygen.c,
options.h, sig-check.c, tdbio.h, encode.c, mainproc.c, parse-packet.c,
signal.c, textfilter.c: Edit all preprocessor instructions to remove
whitespace before the '#'. This is not required by C89, but there are some
compilers out there that don't like it.
is_disabled to cache_disabled_value, which now takes a pk and not just the
keyid. This is for speed since there is no need to re-fetch a key when we
already have that key handy. Cache the result of the check so we don't
need to hit the trustdb more than once.
* getkey.c (skip_disabled): New function to get a pk and call is_disabled
on it. (key_byname): Use it here.
* packet.h, getkey.c (skip_disabled), keylist.c (print_capabilities): New
"pk_is_disabled" macro to retrieve the cached disabled value if available,
and fill it in via cache_disabled_value if not available.
* trustdb.c (get_validity): Cache the disabled value since we have it
handy and it might be useful later.
* parse-packet.c (parse_key): Clear disabled flag when parsing a new key.
Just in case someone forgets to clear the whole key.
* getkey.c (merge_selfsigs_main): Add an "if all else fails" path for
setting a single user ID primary when there are multiple set primaries all
at the same second, or no primaries set and the most recent user IDs are
at the same second, or no signed user IDs at all. This is arbitrary, but
deterministic.
* exec.h, photoid.h: Add copyright message.
* keylist.c (list_keyblock_print): Don't dump attribs for
revoked/expired/etc uids for non-colon key listings. This is for
consistency with --show-photos.
* main.h, keylist.c (dump_attribs), mainproc.c (check_sig_and_print): Dump
attribs if --attrib-fd is set when verifying signatures.
* g10.c (main): New --gnupg option to disable the various --openpgp,
--pgpX, etc. options. This is the same as --no-XXXX for those options.
* revoke.c (ask_revocation_reason): Clear old reason if user elects to
repeat question. This is bug 153.
* keyedit.c (sign_uids): Show keyid of the key making the signature.
agent is to be used. Noted by Ingo Kl�cker.
(agent_get_passphrase): Inhibit caching when we have no
fingerprint. This is required for key generation as well as for
symmetric only encryption.
* passphrase .c (agent_get_passphrase): New arg CANCELED.
(passphrase_to_dek): Ditto. Passed to above. Changed all
callers to pass NULL.
* seckey-cert.c (do_check): New arg CANCELED.
(check_secret_key): Terminate loop when canceled.
* keyedit.c (change_passphrase): Pass ERRTEXT untranslated to
passphrase_to_dek and translate where appropriate.
* seckey-cert.c (check_secret_key): Ditto.
* keygen.c (ask_passphrase): Ditto.
* passphrase.c (agent_get_passphrase): Translate the TRYAGAIN_TEXT.
Switch the codeset to utf-8.
fully valid keys so that disabled keys are still counted in the web of
trust. (get_ownertrust_with_min): Do the same for the minimum ownertrust
calculation.
* parse-packet.c (dump_sig_subpkt): Show the notation names for
not-human-readable notations. Fix cosmetic off-by-one length counter.
* options.skel: Add explantion and commented-out
"no-mangle-dos-filenames".
* mainproc.c (proc_encrypted): Make string translatable.
* keyserver.c (keyserver_spawn): Quote ':', '%', and any 8-bit characters
in the uid strings sent to the keyserver helper.
* keyring.c (keyring_rebuild_cache): Lock the keyring while rebuilding the
signature caches to prevent another gpg from tampering with the temporary
copy.
* keygen.c (keygen_set_std_prefs): Include AES192 and AES256 in default
prefs.
* keyedit.c (show_prefs): Make strings translatable.
* keydb.c: Double the maximum number of keyrings to 40.
* gpgv.c (main): Fix bug #113 - gpgv should accept the
--ignore-time-conflict option.
* g10.c (main): --openpgp disables --pgpX. Double the amount of secure
memory to 32k (keys are getting bigger these days).
* Makefile.am: Makefile.am: Use @CAPLIBS@ to link in -lcap if we are using
capabilities.
* trustdb.h, trustdb.c (trust_letter): Make static. (get_ownertrust_info,
get_validity_info): Don't mask the trust level twice.
* trustdb.h, gpgv.c, trustdb.c (get_validity, get_validity_info),
keylist.c (list_keyblock_colon), keyedit.c (show_key_with_all_names_colon,
menu_revuid): Pass a user ID in rather than a namehash, so we only have to
do the hashing in one place.
* packet.h, pkclist.c (build_pk_list), free-packet.c
(release_public_key_parts): Remove unused namehash element for public
keys.
disabled keys. Keys specified via keyid (i.e. 0x...) are always included.
* getkey.c (get_pubkey_byname, get_seckey_byname2, get_seckey_bynames),
keyedit.c (keyedit_menu, menu_addrevoker): Include disabled keys in these
functions.
* pkclist.c (build_pk_list): Do not include disabled keys for -r or the
key prompt. Do include disabled keys for the default key and
--encrypt-to.
* trustdb.h, trustdb.c (is_disabled): New skipfnc for skipping disabled
keys.
* gpgv.c (is_disabled): Stub.
* keygen.c (keygen_add_key_expire): Properly handle updating a key
expiration to a no-expiration value.
* keyedit.c (enable_disable_key): Comment.
* import.c (import_one): When in interactive mode and --verbose, don't
repeat some key information twice.
it here as it behaves more like a Posix system. From Werner on stable
branch.
* passphrase.c (agent_get_passphrase): Ditto. From Werner on stable
branch.
* tdbio.c (MY_O_BINARY): Need binary mode with Cygwin. From Werner on
stable branch.
* g10.c, gpgv.c (main) [__CYGWIN32__]: Don't get the homedir from the
registry. From Werner on stable branch.
"openpgp" which is classic+trustsigs, "classic" which is classic only, and
"always" which is the same as the current option --always-trust (which
still works). Default is "openpgp".
* trustdb.c (validate_one_keyblock): Use "openpgp" trust model to enable
trust sigs.
* gpgv.c (main), mainproc.c (check_sig_and_print), pkclist.c (do_we_trust,
do_we_trust_pre, check_signatures_trust): Use new --trust-model option in
place of --always-trust.
used one in verbosity level 3.
* gpgv.c (main): Try to set a default character set.
* status.c, status.h (STATUS_IMPORT_OK): New.
* import.c (import_one,import_secret_one): Print new status.
