7 files changed, 64 insertions, 31 deletions
diff --git a/NEWS b/NEWS
index d2bb1c65e..176f92740 100644
--- a/NEWS
+++ b/NEWS
@@ -1,10 +1,16 @@
 Noteworthy changes in version 2.4.1 (unreleased)
 ------------------------------------------------
 
-  * gpg: Make "--list-options show-sig-subpackets" work again.
+  * gpg: New list-option "show-unusable-sigs".
+
+  * gpg: Show "[self-signature]" instead of the user-id in key
+    signature listings.
+
+  * gpg: Make list-options "show-sig-subpackets" work again.
     Fixes regression in 2.4.0.
 
 
+
 Noteworthy changes in version 2.4.0 (2022-12-16)
 ------------------------------------------------
 
diff --git a/doc/gpg.texi b/doc/gpg.texi
index 47aa0a4d0..55b45e6bf 100644
--- a/doc/gpg.texi
+++ b/doc/gpg.texi
@@ -1405,6 +1405,10 @@ give the opposite meaning.  The options are:
   @opindex list-options:show-unusable-subkeys
   Show revoked and expired subkeys in key listings. Defaults to no.
 
+  @item show-unusable-sigs
+  @opindex list-options:show-unusable-sigs
+  Show key signature made using weak or unsupported algorithms.
+
   @item show-keyring
   @opindex list-options:show-keyring
   Display the keyring name at the head of key listings to show which
diff --git a/g10/getkey.c b/g10/getkey.c
index 6363fea9f..f0843d154 100644
--- a/g10/getkey.c
+++ b/g10/getkey.c
@@ -3247,7 +3247,7 @@ buf_to_sig (const byte * buf, size_t len)
  *   has_expired
  *   expired_date
  *
- * On this subkey's most revent valid self-signed packet, the
+ * On this subkey's most recent valid self-signed packet, the
  * following field is set:
  *
  *   flags.chosen_selfsig
diff --git a/g10/gpg.c b/g10/gpg.c
index b9a81510f..c490ff72b 100644
--- a/g10/gpg.c
+++ b/g10/gpg.c
@@ -2071,6 +2071,8 @@ parse_list_options(char *str)
        N_("show revoked and expired user IDs in key listings")},
       {"show-unusable-subkeys",LIST_SHOW_UNUSABLE_SUBKEYS,NULL,
        N_("show revoked and expired subkeys in key listings")},
+      {"show-unusable-sigs",LIST_SHOW_UNUSABLE_SIGS,NULL,
+       N_("show signatures with invalid algorithms during signature listings")},
       {"show-keyring",LIST_SHOW_KEYRING,NULL,
        N_("show the keyring name in key listings")},
       {"show-sig-expire",LIST_SHOW_SIG_EXPIRE,NULL,
diff --git a/g10/keydb.h b/g10/keydb.h
index 771bc8e16..28b61d4a1 100644
--- a/g10/keydb.h
+++ b/g10/keydb.h
@@ -511,11 +511,18 @@ keyid_cmp (const u32 *a, const u32 *b)
   return 0;
 }
 
+/* Return true if both keyids are equal. */
+static int GPGRT_ATTR_UNUSED
+keyid_eq (const u32 *a, const u32 *b)
+{
+  return a[0] == b[0] && a[1] == b[1];
+}
+
 /* Return whether PK is a primary key.  */
 static int GPGRT_ATTR_UNUSED
 pk_is_primary (PKT_public_key *pk)
 {
-  return keyid_cmp (pk_keyid (pk), pk_main_keyid (pk)) == 0;
+  return keyid_eq (pk_keyid (pk), pk_main_keyid (pk));
 }
 
 /* Copy the keyid in SRC to DEST and return DEST.  */
diff --git a/g10/keylist.c b/g10/keylist.c
index 1ced732a4..8b7c597cb 100644
--- a/g10/keylist.c
+++ b/g10/keylist.c
@@ -1216,7 +1216,8 @@ cmp_signodes (const void *av, const void *bv)
 }
 
 
-/* Helper for list_keyblock_print.  */
+/* Helper for list_keyblock_print.  The caller must have set
+ * NODFLG_MARK_B to indicate self-signatures.  */
 static void
 list_signature_print (ctrl_t ctrl, kbnode_t keyblock, kbnode_t node,
                       struct keylist_context *listctx)
@@ -1247,6 +1248,11 @@ list_signature_print (ctrl_t ctrl, kbnode_t keyblock, kbnode_t node,
 		case GPG_ERR_UNUSABLE_PUBKEY:
 		  listctx->no_key++;
 		  return;
+                case GPG_ERR_DIGEST_ALGO:
+                case GPG_ERR_PUBKEY_ALGO:
+                  if (!(opt.list_options & LIST_SHOW_UNUSABLE_SIGS))
+                    return;
+                  /* fallthru. */
 		default:
 		  listctx->oth_err++;
 		  sigrc = '%';
@@ -1259,6 +1265,15 @@ list_signature_print (ctrl_t ctrl, kbnode_t keyblock, kbnode_t node,
 	    }
 	  else
 	    {
+              if (!(opt.list_options & LIST_SHOW_UNUSABLE_SIGS)
+                  && (gpg_err_code (openpgp_pk_test_algo (sig->pubkey_algo)
+                                    == GPG_ERR_PUBKEY_ALGO)
+                      || gpg_err_code (openpgp_md_test_algo (sig->digest_algo)
+                                       == GPG_ERR_DIGEST_ALGO)
+                      || (sig->digest_algo == DIGEST_ALGO_SHA1
+                          && !(node->flag & NODFLG_MARK_B) /*no selfsig*/
+                          && !opt.flags.allow_weak_key_signatures)))
+                return;
 	      rc = 0;
 	      sigrc = ' ';
 	    }
@@ -1306,7 +1321,9 @@ list_signature_print (ctrl_t ctrl, kbnode_t keyblock, kbnode_t node,
 	    es_fprintf (es_stdout, "[%s] ", gpg_strerror (rc));
 	  else if (sigrc == '?')
 	    ;
-	  else if (!opt.fast_list_mode)
+	  else if ((node->flag & NODFLG_MARK_B))
+            es_fputs (_("[self-signature]"), es_stdout);
+          else if (!opt.fast_list_mode )
 	    {
 	      size_t n;
 	      char *p = get_user_id (ctrl, sig->keyid, &n, NULL);
@@ -1585,37 +1602,33 @@ list_keyblock_print (ctrl_t ctrl, kbnode_t keyblock, int secret, int fpr,
       else if (opt.list_sigs
 	       && node->pkt->pkttype == PKT_SIGNATURE && !skip_sigs)
 	{
-          if ((opt.list_options & LIST_SORT_SIGS))
-            {
-              kbnode_t n;
-              unsigned int sigcount = 0;
-              kbnode_t *sigarray;
-              unsigned int idx;
+          kbnode_t n;
+          unsigned int sigcount = 0;
+          kbnode_t *sigarray;
+          unsigned int idx;
 
-              for (n=node; n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
-                sigcount++;
-              sigarray = xcalloc (sigcount, sizeof *sigarray);
+          for (n=node; n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
+            sigcount++;
+          sigarray = xcalloc (sigcount, sizeof *sigarray);
 
-              sigcount = 0;
-              for (n=node; n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
-                {
-                  if (!keyid_cmp (mainkid, n->pkt->pkt.signature->keyid))
-                    n->flag |= NODFLG_MARK_B;  /* Is a self-sig.  */
-                  else
-                    n->flag &= ~NODFLG_MARK_B;
+          sigcount = 0;
+          for (n=node; n && n->pkt->pkttype == PKT_SIGNATURE; n = n->next)
+            {
+              if (keyid_eq (mainkid, n->pkt->pkt.signature->keyid))
+                n->flag |= NODFLG_MARK_B;  /* Is a self-sig.  */
+              else
+                n->flag &= ~NODFLG_MARK_B;
 
-                  sigarray[sigcount++] = node = n;
-                }
-              /* Note that NODE is now at the last signature.  */
+              sigarray[sigcount++] = node = n;
+            }
+          /* Note that NODE is now at the last signature.  */
 
-              qsort (sigarray, sigcount, sizeof *sigarray, cmp_signodes);
+          if ((opt.list_options & LIST_SORT_SIGS))
+            qsort (sigarray, sigcount, sizeof *sigarray, cmp_signodes);
 
-              for (idx=0; idx < sigcount; idx++)
-                list_signature_print (ctrl, keyblock, sigarray[idx], listctx);
-              xfree (sigarray);
-            }
-          else
-            list_signature_print (ctrl, keyblock, node, listctx);
+          for (idx=0; idx < sigcount; idx++)
+            list_signature_print (ctrl, keyblock, sigarray[idx], listctx);
+          xfree (sigarray);
 	}
     }
   es_putc ('\n', es_stdout);
diff --git a/g10/options.h b/g10/options.h
index 74a6cdb16..499544cdf 100644
--- a/g10/options.h
+++ b/g10/options.h
@@ -426,6 +426,7 @@ EXTERN_UNLESS_MAIN_MODULE int memory_stat_debug_mode;
 #define LIST_SORT_SIGS                   (1<<13)
 #define LIST_SHOW_PREF                   (1<<14)
 #define LIST_SHOW_PREF_VERBOSE           (1<<15)
+#define LIST_SHOW_UNUSABLE_SIGS          (1<<16)
 
 #define VERIFY_SHOW_PHOTOS               (1<<0)
 #define VERIFY_SHOW_POLICY_URLS          (1<<1)