keyring.c (keyring_rebuild_cache): Add "noisy" flag so cache rebuilds can
remain noisy when called for itself, and quiet when called as part of the
trustdb rebuild.
* trustdb.c (validate_keys): Rebuild the sig caches before building the
trustdb. Note that this is going to require some architectual
re-thinking, as it is agonizingly slow.
* keyring.c (keyring_rebuild_cache): Clear sig cache for any signatures
that we can no longer process (say, if the user removed support for a
necessary pubkey or digest algorithm).
Avoid a number of -Wformat-nonliteral warnings. These aren't actual
problems, but the warnings bothered me.
* miscutil.c (print_string2): New variation on print_string that allows
two delimiters. (print_string): Call print_string2 to do work.
something other than GnuPG is calling the program). (main): Avoid possible
pre-string write. Noted by Christian Biere.
* gpgkeys_ldap.c (main): Avoid possible pre-string write.
very old bzip2 library and we can at least guarantee that it won't fail
because of the lack of stdio.h.
* THANKS: Added Phong Nguyen, who found the Elgamal signing key problem.
for that. Use the portable C MPI code for OpenBSD before 3.4, and remove
the special i386-openbsd assembly directory.
* Makefile.am: Add the portable C links to DISTCLEANFILES. Noted by
Nelson H. F. Beebe.
* mpi-mpow.c (build_index): s/index/idx/ to avoid gcc warning. From Werner
on stable branch.
* longlong.h: Added PowerPC 64 bit code from GPM-4.1.2 but didn't enable
it yet. From Werner on stable branch.
* gpg.sgml: List proper documentation URL. Note that addrevoker takes an
optional "sensitive" argument. Remind that $GNUPGHOME can be used instead
of --homedir. Clarify --no-default-keyring, and note why it may not take
effect if there are no other keyrings present. Remove --pgp2 from the
list of --pgpXes that are just for bad preference lists. Explain more why
locking memory pages is good.
* gpg.sgml: Add an example of what an exclamation mark is, as people seem
to miss it often.
encrypt-dsa.test, encrypt.test, genkey1024.test, plain-1.asc,
plain-1-pgp.asc, plain-2.asc, plain-3.asc, pubring.asc, secring.asc,
sigs.test: Rework tests to work properly with a gpg binary that doesn't
have all ciphers and all pk algos. Basically, we test for the ciphers we
have, only test signing with non-160-bit hashes with RSA (we test all
hashes as hashes). Test all key lengths of AES.
* sig-check.c (check_revocation_keys): Comments.
* getkey.c (merge_selfsigs_main): Don't bother to check designated revoker
sigs if the key is already revoked.
* packet.h, getkey.c (merge_selfsigs_main): New "maybe_revoked" flag on
PKs. It is set when there is a revocation signature from a valid
revocation key, but the revocation key is not present to verify the
signature.
* pkclist.c (check_signatures_trust): Use it here to give a warning when
showing key trust.
* compress-bz2.c: Include stdio.h. Solaris 9 has a very old bzip2 library
and we can at least guarantee that it won't fail because of the lack of
stdio.h.
* tdbio.c: Fixed format string bugs related to the use of DB_NAME.
Reported by Florian Weimer.
passes the proxy in from the outside. If the command file sends a proxy,
use it. If it sends "http-proxy" with no arguments, use $http_proxy from
the environment.
parse_keyserver_uri): honor-http-proxy is no longer an option since we can
do the same thing with http-proxy with no arguments. Also remove
broken-http-proxy since it can be better handled in the HTTP helper.
(parse_keyserver_options): Use them here to allow arguments to
keyserver-options. Since none of our options need arguments yet, just
pass them through whole to the keyserver helper.
the messages about which option didn't match or matched ambiguously.
Change all callers (g10.c, keyserver.c).
* main.h, import.c (import_options), export.c (export_options): Pass the
noisy flag through.
here... (signature_check2): ... to here. (check_key_signature2): ... and
here. This is a minor optimization to avoid fetching a key (which can be
expensive, especially if it is not self-signed, and there are many key
signatures on it which need to be checked for ultimate trust) if the
signature would have failed anyway because of algorithm or hash problems.
* keydb.h, keyid.c (hash_public_key, do_fingerprint_md): ... and make a
new one here that shares code with the fingerprint calculations. This
removes some duplicated functionality, and is also around 14% faster.
(Every bit helps).
* import.c (import_one): No longer need the Elgamal import warning.
* getkey.c (get_pubkey_fast): This one is sort of obscure. get_pubkey_fast
returns the primary key when requesting a subkey, so if a user has a key
signed by a subkey (we don't do this, but used to), AND that key is not
self-signed, AND the algorithm of the subkey in question is not present in
GnuPG, AND the algorithm of the primary key that owns the subkey in
question is present in GnuPG, then we will try and verify the subkey
signature using the primary key algorithm and hit a BUG(). The fix is to
not return a hit if the keyid is not the primary. All other users of
get_pubkey_fast already expect a primary only.
don't know the structure of by using the opaque MPI.
(do_fingerprint_md_sk): We cannot calculate the fingerprint from a secret
key unless we know the structure (since we can't leave off the secret key
parts), so fail early..... (keyid_from_sk, fingerprint_from_sk): .... and
return all zeroes.