diff options
Diffstat (limited to 'g10/ChangeLog-2011')
| -rw-r--r-- | g10/ChangeLog-2011 | 13779 |
1 files changed, 13779 insertions, 0 deletions
diff --git a/g10/ChangeLog-2011 b/g10/ChangeLog-2011 new file mode 100644 index 000000000..5dc251192 --- /dev/null +++ b/g10/ChangeLog-2011 @@ -0,0 +1,13779 @@ +2011-12-02 Werner Koch <[email protected]> + + NB: ChangeLog files are no longer manually maintained. Starting + on December 1st, 2011 we put change information only in the GIT + commit log, and generate a top-level ChangeLog file from logs at + "make dist". See doc/HACKING for details. + +2011-09-12 Werner Koch <[email protected]> + + * gpg.c [__VMS]: Include vms.h. + (main) [__VMS]: Init batch mode according to actual process mode. + Suggested by Steven M. Schweda. + +2011-08-09 Werner Koch <[email protected]> + + * keyedit.c (show_key_with_all_names): Remove unused var. + + * apdu.c (open_pcsc_reader_direct): Remove unused var. + + * sig-check.c (do_check): Remove unused var. + + * keygen.c (ask_user_id): Fix loop break condition. See bug#1307. + + * import.c (import_keys_internal): Make breaking the loop more + explicit. See bug#1307. + +2011-07-22 Werner Koch <[email protected]> + + * parse-packet.c (parse_key): Print the decoded iteration count. + Fixes bug#1355. + +2011-04-05 David Shaw <[email protected]> + + * photoid.c (generate_photo_id): Check for the JPEG magic numbers + instead of JFIF since some programs generate an EXIF header first. + This is issue 1331. + +2011-02-23 Werner Koch <[email protected]> + + * Makefile.am (LDADD): Move LIBREADLINE to .. + (gpg_LDADD): here. Fixes bug#1318. + * gpgv.c (rl_cleanup_after_signal, rl_free_line_state): New stubs. + +2010-10-29 David Shaw <[email protected]> + + * gpg.c (main): Do not provide a default for + --personal-digest-preferences. This allows the usual digest + selection algorithm to pick a digest based on recipient keys. + + * pkclist.c (select_algo_from_prefs): Make sure the scores can't + overflow when picking an algorithm (not a security issue since we + can't pick something not present in all preference lists, but we + might pick something that isn't scored first choice). + + * pkclist.c (select_algo_from_prefs): Slightly improve the + handling of MD5 in preference lists. Instead of replacing MD5 + with SHA-1, just remove MD5 from the list altogether, and let the + next-highest ranked algorithm be chosen. + +2010-10-27 Werner Koch <[email protected]> + + * keygen.c (ask_expire_interval): Print 2038 warning only for 32 + bit signed time_t. + * keyid.c (mk_datestr): Do the y2038 test only for a signed time_t. + (INVALID_TIME_CHECK): New. + +2010-10-20 Werner Koch <[email protected]> + + * encr-data.c (decode_filter): Cast -1 to size_t. Reported by + Steven M. Schweda. + * parse-packet.c (parse_key): Ditto. + * trustdb.c (validate_keys): Likewise to unsigned int. + +2010-10-18 Werner Koch <[email protected]> + + * app-openpgp.c (parse_algorithm_attribute): Remove extra const in + definition of DESC. + +2010-10-10 Werner Koch <[email protected]> + + * keyring.c (create_tmp_file): Use GNUPG_TMP_SFX anf GNUPG_BAK_SFX. + +2010-09-28 David Shaw <[email protected]> + + * options.skel: Make the example for force-v3-sigs match + reality (it has defaulted to off since 2007-10-22). + +2010-09-28 Steven M. Schweda <[email protected]> (wk) + + Changes to help the VMS port. See + http://antinode.info/dec/sw/gnupg.html . + + * gpgv.c (ttyfp_is, init_ttyfp) [__VMS]: Add stubs. + * build-packet.c (do_plaintext) [__VMS]: Disable error message. + * keyserver.c (keyserver_spawn) [__VMS]: Do not add the DIRSEP_S. + * misc.c [__VMS]: Include <time.h>. + * signal.c [__VMS]: Include vms.h. + (got_fatal_signal) [__VMS]: Restore terminal echo. + * plaintext.c [__VMS]: Include vms.h. + * openfile.c (make_outfile_name): __VMS] Do not use. + (open_outfile) [__VMS]: Use vms_append_ext. + (try_make_homedir) [__VMS]: chmod directory. + * misc.c (disable_core_dumps) [__VMS]: Disable. + (path_access) [__VMS]: Do not use. + +2010-09-28 Werner Koch <[email protected]> + + * passphrase.c [!ENABLE_AGENT_SUPPORT]: Do not include + sys/socket.h to help the VMS port. + +2010-08-31 Werner Koch <[email protected]> + + * mainproc.c (print_pkenc_list): Print a STATUS_ERROR. Fixes + bug#1255. + +2010-07-24 Werner Koch <[email protected]> + + * cardglue.c (agent_scd_pksign): Allow more hash algorithms when + using with scdaemon. + * cardglue.h (GCRY_MD_MD5): New. + +2010-06-18 Werner Koch <[email protected]> + + * parse-packet.c (skip_packet, parse_gpg_control): Take care of + premature EOFs. Backport from trunk. + +2010-06-01 Werner Koch <[email protected]> + + * gpg.c (main): Add dummy option --debug-level and ignore + --log-file if a socket prefix is given. + +2010-05-12 Werner Koch <[email protected]> + + * armor.c (radix64_read): Change fix 2006-04-08 to fix bug#1179. + +2010-05-07 Werner Koch <[email protected]> + + * import.c (chk_self_sigs): Check direct key signatures. Fixes + bug#1223. + (fix_bad_direct_key_sigs): New. + (import_one): Call it. + +2010-03-26 David Shaw <[email protected]> + + * plaintext.c (handle_plaintext): Make sure that the stdout flush + succeeded, so we can't lose data when using gpg in a pipeline. + Fixes bug #1207. + +2010-02-25 Werner Koch <[email protected]> + + * sign.c (hash_for): Force SHA1 only for v1 OpenPGP cards. Fixes + bug#1194. + +2010-02-17 Werner Koch <[email protected]> + + * keygen.c (ask_user_id): Avoid infinite loop in case of invalid + data. Fixes bug#1186. + +2010-02-02 Werner Koch <[email protected]> + + * card-util.c (card_edit): Change prompt to "gpg/card". + * keyedit.c (keyedit_menu): Change prompt to "gpg". + +2009-12-17 Werner Koch <[email protected]> + + * sig-check.c (do_check_messages): Evaluate the HAS_EXPIRED flag. + Fixes bug#1059. + +2009-12-15 Werner Koch <[email protected]> + + * iso7816.c (do_generate_keypair): s/readonly/read_only/. + * keydb.c (keydb_add_resource): Ditto. + + * tdbio.c (tdbio_set_dbname): Do not call log_fatal after creating + the directory. Fixes bug#1169. Reported by Daniel Leidert. + +2009-09-28 Werner Koch <[email protected]> + + * trustdb.c (get_validity_info): Take care of a NULL PK. Fixes + bug#1138. + (get_validity_string): Ditto. + +2009-09-02 Werner Koch <[email protected]> + + * app-openpgp.c (do_decipher): Compute required Le. + * iso7816.c (iso7816_decipher): Add new arg LE. + + * compress-bz2.c (do_uncompress): Detect unexpected EOF. Fixes + bug#1011. + +2009-08-26 Werner Koch <[email protected]> + + * keyedit.c (menu_revsig): Check for signature right away. Fix + Debian-bug#543530. + +2009-08-13 Werner Koch <[email protected]> + + * cardglue.h: Add new error code mappings. + + From GnuPG-2: + * app-openpgp.c (change_keyattr_from_string): New. + (do_setattr): Support KEY-ATTR. + * ccid-driver.c (print_pr_data): Fix 64 bit compat problem. + * ccid-driver.c (parse_ccid_descriptor): Enable hack for SCR 3320. + * card-util.c (generate_card_keys): Remove special case for + GnuPG-2. Ask for the keysize and change it. + (card_generate_subkey): Ask for the keysize and change it. + (get_info_for_key_operation): Read KEY-ATTR. + (show_keysize_warning, ask_card_keysize): New. + (do_change_keysize): New. + +2009-08-11 David Shaw <[email protected]> + + * keyserver.c (keyserver_spawn): Try and detect mis-coded Latin1 + and convert it to UTF8. Whether the heuristics succeed or not, + the resulting string must be valid UTF8 as LDAP requires that. + This is bug 1055. + +2009-08-03 Werner Koch <[email protected]> + + * card-util.c (generate_card_keys): Ask for off-card keys only if + the card supports it. + (get_info_for_key_operation): Read EXTCAP. + (card_store_subkey): Check for non matching sizes. + + * cardglue.c (agent_scd_writecert, agent_scd_readcert): New stubs. + * misc.c (not_in_gpg1_notice): New. + +2009-07-30 Werner Koch <[email protected]> + + * misc.c (md5_digest_warn): New. + (print_digest_algo_note): Divert to new function. + * sig-check.c (do_check): Print MD5 warning. + +2009-07-31 David Shaw <[email protected]> + + * gpg.c (main): --pgp6 includes --disable-mdc. + +2009-07-29 Werner Koch <[email protected]> + + * keygen.c (keygen_set_std_prefs): Remove RMD-160 from the list. + Change order to SHA-256, SHA-1, SHA-384, SHA-512, SHA-224. + (gen_dsa): Use a 256 bit Q for 2048 bit P. Round to FIPS allowed + values in non-expert mode. + (ask_algo): Add arg R_SUBKEY_ALGO. Change return value semantics. + Change presented order of algorithms. Make RSA+RSA the default. + (generate_keypair, generate_subkeypair): Adjust for change. + +2009-07-23 Werner Koch <[email protected]> + + * keygen.c (generate_keypair): Allow Elgamal > 3072 in BOTH mode. + Reported by Jeroen Schot. Fixes bug#1091. + (ask_keysize): Add new arg PRIMARY_KEYSIZE. Set DSA default to + 2048. Print a different prompt for a subkey. + (gen_dsa): Remove check for dsa2 option. + + * trustdb.c (how_to_fix_the_trustdb): New. + * tdbio.c (tdbio_invalid): Print hints on how to fix the trustdb. + * gpg.c (main) <aFixTrustDB>: Print hints. + +2009-07-23 David Shaw <[email protected]> + + * keyserver.c (keyserver_import_ldap): Try a DNS-SD lookup to find + a domain-specific LDAP server before resorting to keys.{domain}. + +2009-07-22 Werner Koch <[email protected]> + + * cardglue.h (struct agent_card_info_s): Add field EXTCAP. + * cardglue.c (agent_learn): Read KEY-ATTR. + (learn_status_cb): Parse EXTCAP. + +2009-07-21 Werner Koch <[email protected]> + + * app-common.h, app-openpgp.c, iso7816.c, iso7816.h, apdu.c, + * apdu.h, ccid-driver.c, ccid-driver.h, card-util.c: Update from + GnuPG 2.0 SVN revision 5084. + + * cardglue.h (GCRY_MD_SHA256): Add more GCRY_MD constants. + (gcry_handler_progress_t): Add definition. + (struct agent_card_info_s): Add fields apptype, is_v2, key_attr. + * cardglue.c (learn_status_cb): Set them. + (agent_release_card_info): Release APPTYPE. + (unescape_status_string, send_status_direct): New. + (gcry_mpi_release, gcry_mpi_set_opaque): New. + (gcry_md_algo_name): New. + (open_card): s/initialized/ref_count/. + (agent_learn): Pass new new flag arg to learn_status. + (agent_scd_genkey): Add new arg createtime. + * keygen.c (gen_card_key, gen_card_key_with_backup): Add new arg + TIMESTAMP. + (write_direct_sig, write_selfsigs, write_keybinding) + (make_backsig): Ditto. + (do_generate_keypair): Pass timestamp to all signing functions. + (generate_card_subkeypair): Ditto. + * keyedit.c (menu_backsign): Pass a new timestamp to all backsisg. + + * gpg.c (main): Disable keypad support. + * options.h (struct): Add field disable_keypad. + +2009-07-17 Werner Koch <[email protected]> + + * keyring.c (keyring_rebuild_cache): Replace the assert by a + proper error message and allow to delete a bad keyblock. + +2009-07-16 Werner Koch <[email protected]> + + * misc.c (has_invalid_email_chars): Let non-ascii characters pass + through. Fixes bug#1087. + +2009-06-24 Werner Koch <[email protected]> + + * passphrase.c (passphrase_to_dek): Do not deref a PW of NULL. + * revoke.c (gen_revoke): Remove unused malloc of PK. + +2009-06-17 Werner Koch <[email protected]> + + * parse-packet.c (parse): Use a casted -1 instead of a 32 bit + constant to check for a garbled package. Fixes bug#1040. + +2009-06-05 David Shaw <[email protected]> + + * gpg.c (main): Remove Camellia restriction. + +2009-06-02 Werner Koch <[email protected]> + + * gpgv.c (tty_cleanup_after_signal): Add new stub. + +2009-05-22 Werner Koch <[email protected]> + + * signal.c (got_fatal_signal): Call tty_cleanup_after_signal. + +2009-05-20 Werner Koch <[email protected]> + + * gpg.c (main): Fix --fingerprint/--with-fingerprint command + detection. Fixes bug#1044. + +2009-05-11 Werner Koch <[email protected]> + + * apdu.c (send_le): Replace log_error by log_info. Fixes bug#1043. + + * skclist.c (build_sk_list): Use log_info for "duplicated entry". + Fixes bug#1045. + + * encode.c (encode_simple, encode_crypt): Print empty file warning + only in verbose mode. Closes bug#1039. + * sign.c (write_plaintext_packet): + +2009-05-06 Werner Koch <[email protected]> + + * keyring.c (keyring_get_keyblock): Fix memory leak due to + ring_trust packets. Fixes bug#1034. + + * getkey.c (finish_lookup): Remove dead code. + +2009-05-05 Werner Koch <[email protected]> + + * keygen.c (read_parameter_file): Add keyword "Creation-Date". + (output_control_s): s/create/creation/. + (enum para_name): Add pCREATIONDATE, pKEYCREATIONDATE. Remove + pCREATETIME. + (generate_keypair): Do not set old pCREATETIME. + (parse_creation_string): New. + (proc_parameter_file): Set pCREATIONDATE. + (do_generate_keypair): Remove arg TIMESTAMP. Set it using + pKEYCREATIONDATE. + (get_parameter_u32): Set a default pKEYCREATIONDATE. + + * tdbio.c (lookup_hashtable): Add const to function args. + (cmp_trec_fpr): Ditto. + (tdbio_search_trust_byfpr): Remove cast. + + * parse-packet.c (parse): Remove special treatment for compressed + new style packets. Fixes bug#931. + +2009-04-03 Werner Koch <[email protected]> + + * gpgv.c (main): Pass readonly flag to keydb_add_resource. + * keydb.c (keydb_add_resource): Add arg READONLY. + +2009-03-20 David Shaw <[email protected]> + + * keyring.c (rename_tmp_file): Force a fsync (via iobuf_ioctl) on + secret keyring files to be extra safe on filesystems that may not + sync data and metadata together (ext4). Also check return code + from the cache invalidation to make sure we're safe over NFS and + similar. + +2009-03-14 David Shaw <[email protected]> + + * gpgv.c (strusage): Fix name of program in "Syntax" line. + +2009-02-09 Werner Koch <[email protected]> + + * keylist.c (print_capabilities): Take care of cert-only keys. + Fixes bug#998. + +2009-02-03 David Shaw <[email protected]> + + * keyserver.c (keyserver_typemap): gpgkeys_hkp handles hkps as + well. + +2008-12-21 David Shaw <[email protected]> + + * gpg.c (main): Properly handle UTF8 usernames with --sign-key and + --lsign-key. + +2008-12-11 Werner Koch <[email protected]> + + * sig-check.c (check_revocation_keys): Close message digest. + (signature_check2): Switch to SHA-1 for SIG_ID computation. This + is to match 2.0.10. + +2008-12-09 Werner Koch <[email protected]> + + * keygen.c (proc_parameter_file): Check that key and subkey usages + are allowed. + +2008-11-18 David Shaw <[email protected]> + + * trustdb.c (validate_one_keyblock): Fix the trust signature + calculations so that we lower the trust depth of signatures to fit + within the current chain, rather than discarding any signature + that does not fit within the trust depth. + +2008-10-03 David Shaw <[email protected]> + + * main.h, mainproc.c (check_sig_and_print), + keylist.c (list_keyblock_print), pkclist.c (do_edit_ownertrust), + keyedit.c (menu_showphoto), photoid.c (generate_photo_id, + show_photos), misc.c (pct_expando): Add %v and %V expandos so + that displaying photo IDs can show the attribute validity + tag (%v) and string (%V). Originally by Daniel Gillmor. + +2008-09-24 David Shaw <[email protected]> + + * keyedit.c (keyedit_menu): Fix bug where a modified keyring loses + its modified status after a "clean" or "minimize" that doesn't + need to do anything. + +2008-09-23 David Shaw <[email protected]> + + * pkclist.c (select_algo_from_prefs): Redo function to rank prefs + and pick a consensus winner across all keys. + +2008-09-04 David Shaw <[email protected]> + + * keyserver.c (keyserver_import_cert): Allow keyserver URLs in + addition to full URLs in CERT records. + +2008-08-11 Werner Koch <[email protected]> + + * keygen.c (ask_expire_interval): Check for time overflow of an + u32. Fixes bug #947. Use SIZEOF_TIME_T for the 2039--2106 check. + +2008-08-01 Werner Koch <[email protected]> + + * tdbio.c (open_db) [!EROFS]: Move closing parens out of the + ifdef. Reported by Ken Takusagawa. + +2008-04-30 Werner Koch <[email protected]> + + * getkey.c (parse_auto_key_locate): Ignore nodefault and local + methods. + +2008-04-17 David Shaw <[email protected]> + + * parse-packet.c (parse_key): Add constant for Camellia-192. + +2008-04-12 David Shaw <[email protected]> + + * getkey.c (merge_selfsigs_subkey): If there are multiple 0x19 + backsigs, take the most recent one. + +2008-03-25 Werner Koch <[email protected]> + + * keyserver.c (parse_keyrec): Take care of char defaulting to + unsigned when using hextobyte. + + * options.skel: Make the default keyserver keys.gnupg.net. + +2008-03-23 David Shaw <[email protected]> + + * import.c (collapse_uids): Fix bug 894: possible memory + corruption around deduplication of user IDs. + +2008-03-17 David Shaw <[email protected]> + + * parse-packet.c (parse_key): Parse a secret key encrypted with + Camellia. + +2008-02-09 Marcus Brinkmann <[email protected]> + + * gpg.c (main): New variable default_configname. Use it if + save_configname is NULL (can happen if default configfile does + not exist). Move default configname determination to ... + (get_default_configname): ... this new function. + +2008-01-26 Werner Koch <[email protected]> + + * card-util.c (get_manufacturer): Add vendor 004 and support for + the unmanaged range. + +2007-12-14 Werner Koch <[email protected]> + + * gpg.c (main): Set opt.no_homedir_creation already on the first + option parsing pass. This is required so that the gpg_dearmor + tool won't create a ~/.gnupg. + +2007-12-12 Werner Koch <[email protected]> + + * misc.c (print_pubkey_algo_note): Print a warning for type 20 keys. + (openpgp_pk_test_algo, openpgp_pk_algo_usage): Allow type 20 fro + encryption only with option --rfc2440. + * mainproc.c (proc_pubkey_enc): Ditto. + +2007-12-12 David Shaw <[email protected]> + + * trustdb.c (sanitize_regexp): New. Protect against dangerous + regexps (malloc bombs) by force-commenting any characters aside + from the ones we explicitly want. + (check_regexp): Use it here before passing the regexp to + regcomp(). + +2007-12-11 Werner Koch <[email protected]> + + * mainproc.c (proc_pubkey_enc): Allow type 20 Elgamal key for + decryption. + +2007-12-10 Werner Koch <[email protected]> + + * cardglue.h (gpg_error_from_syserror): New. + + * app-openpgp.c (do_decipher): Take care of cryptograms shorter + that 128 bytes. Fixes bug#851. + + * import.c (auto_create_card_key_stub): Do not clear the entire + fingerprint. This finally makes the stub creation work. My past + tests seemed to work because there was a key with a all zero + fingerprint available (Elgamal signing keys). + +2007-12-08 Werner Koch <[email protected]> + + * misc.c (openpgp_pk_algo_usage): Allow Elgamal type 20 for + encryption. + +2007-12-03 Werner Koch <[email protected]> + + * keygen.c (ask_key_flags): Add a translation remark and implement + a workaround. + +2007-11-28 David Shaw <[email protected]> + + * sig-check.c (do_check): Code to try both the incorrect and + correct SHA-224 DER prefixes when verifying a signature. See the + change itself for more discussion. + + * main.h, seskey.c (do_encode_md): Rename to pkcs1_encode_md and + make non-static. + + * gpg.c (print_algo_names): New. + (list_config): Use it here for the "ciphername" and "digestname" + config items so we can get a script-parseable list of the names. + +2007-11-19 Werner Koch <[email protected]> + + * keyedit.c (keyedit_menu): String grammar fix. + +2007-11-12 Werner Koch <[email protected]> + + * status.c (do_get_from_fd, do_shm_get): s/bool/getbool/ to + overcome problems with Mac OS 10.5 which seems to include + stdbool.h silently. + +2007-10-27 David Shaw <[email protected]> + + * parse-packet.c (parse_onepass_sig): Sigclass is hex, so include + the 0x. + + * keyserver.c (keyserver_spawn): Cosmetic, but looks cleaner. + +2007-10-23 Werner Koch <[email protected]> + + Switched entire package to GPLv3+. + +2007-10-22 David Shaw <[email protected]> + + * gpg.c (main): Add --require-cross-certification to + --openpgp/--rfc4880 mode. + + * gpg.c (main): Disable --rfc2440-text and --force-v3-sigs by + default. Enable --require-cross-certification by default. + --openpgp (--rfc4880) is the same as --rfc2440 except with + "--enable-dsa2 --no-rfc2440-text --escape-from-lines". + +2007-10-21 David Shaw <[email protected]> + + * misc.c (compliance_option_string, compliance_failure): Minor + cleanup. + + * armor.c (is_armor_header): Comment about 4880. + +2007-10-17 David Shaw <[email protected]> + + * options.h, gpg.c (main), misc.c (compliance_option_string): Add + --rfc4880, and make --openpgp an alias to it. --rfc2440 now + stands alone. For now, use the old 2440 defaults for 4880. + + * keyedit.c (keyedit_menu): Use compliance_option_string() instead + of printing the compliance modes here. + +2007-09-02 David Shaw <[email protected]> + + * import.c (collapse_uids): Significant speedup for de-duping user + IDs. + +2007-08-24 Werner Koch <[email protected]> + + * keyring.c (keyring_register_filename): Use same_file_p. + Suggested by Kurt Fitzner. + +2007-07-19 David Shaw <[email protected]> + + * gpg.c (main): Fix typo. Noted by John Clizbe. + + * armor.c (parse_header_line): Improve test so that the header + test only allows "Hash" in the signed data section. + +2007-07-18 David Shaw <[email protected]> + + * armor.c (is_armor_tag): New. Detect if an armor header matches + 2440bis-21. + (parse_header_line): Call it here, as bis-21 requires warning the + user (but continuing to process the message) when seeing an + unknown header. + +2007-07-09 Werner Koch <[email protected]> + + * gpg.c: Better print an extra warning if Camellia has been + configured. + +2007-07-06 David Shaw <[email protected]> + + * encode.c (encode_crypt): Missed one call to + setup_plaintext_name(). This is bug#809. + +2007-06-12 David Shaw <[email protected]> + + * sign.c (mk_notation_policy_etc): expect all sigs that this is + called for are >=v4. + (write_signature_packets, make_keysig_packet): Only call it for + >=v4 sigs. This allows --force-v3-sigs and --force-v4-certs to + enable or disable notations, policies, and keyserver URLs. This + is bug#800. + +2007-05-09 Werner Koch <[email protected]> + + * openfile.c (overwrite_filep, open_outfile) [W32]: Need to use + just "nul". Though, I am pretty sure that some MSDOS versions + grok the extra /dev/. + +2007-05-07 Werner Koch <[email protected]> + + * openfile.c (open_outfile, overwrite_filep) [W32]: Use "/dev/nul". + +2007-04-16 David Shaw <[email protected]> + + * packet.h, mainproc.c (reset_literals_seen): New function to + reset the literals count. + + * verify.c (verify_one_file), decrypt.c (decrypt_messages): Call + it here so we allow multiple literals in --multifile mode (in + different files - not concatenated together). + + * gpg.c, pkclist.c: #include <strings.h> for strcasecmp if it is + present. Note that autoconf protects us against a strings.h that + cannot be used together with string.h. + +2007-04-03 David Shaw <[email protected]> + + * parse-packet.c (parse_marker): New. Enforce that the marker + contains 'P', 'G', 'P', and nothing but. + (parse): Call it here. + (skip_packet): No longer need to handle marker packets here. + +2007-03-14 David Shaw <[email protected]> + + * keyserver.c: Windows Vista doesn't grok X_OK and so fails + access() tests. Previous versions interpreted X_OK as F_OK + anyway, so we'll just use F_OK directly. + +2007-03-08 Werner Koch <[email protected]> + + * plaintext.c (handle_plaintext): Add two extra fflush for stdout. + +2007-03-06 David Shaw <[email protected]> + + * keyedit.c (keyedit_menu): If we modify the keyblock (via + fix_keyblock() or collapse_uids()) make sure we reprocess the + keyblock so the flags are correct. Noted by Robin H. Johnson. + + * getkey.c (fixup_uidnode): Properly clear flags that don't apply + to us (revoked, expired) so that we can reprocess a uid. + +2007-03-01 David Shaw <[email protected]> + + * options.h, gpg.c (main), mainproc.c (check_sig_and_print): Allow + multiple sig verification again as this is protected via the + multiple-messages code. + +2007-02-26 Werner Koch <[email protected]> + + * gpg.c (main): Add verify option show-primary-uid-only. + * options.h (VERIFY_SHOW_PRIMARY_UID_ONLY): New. + * mainproc.c (check_sig_and_print): Implement it. + + * status.h (STATUS_ERROR): New status code. + * status.c (get_status_string): Ditto. + * mainproc.c (proc_plaintext): Emit it if multiple messages are + detected. + +2007-02-20 David Shaw <[email protected]> + + * mainproc.c (literals_seen): New. + (proc_plaintext): Error out if more than one plaintext packet is + encountered + + * options.h, gpg.c: New option --allow-multiple-messages and --no + variant. + +2007-02-13 David Shaw <[email protected]> + + * parse-packet.c (parse_signature): It's hex. + + * getkey.c (merge_selfsigs_subkey): Avoid listing the contents of + a backsig when list mode is on. Noted by Timo Schulz. + +2007-02-04 Werner Koch <[email protected]> + + * parse-packet.c (parse_signature): Limit bytes read for an + unknown alogorithm. Fixes Debian bug#402592. + +2007-02-01 David Shaw <[email protected]> + + * main.h, keygen.c (ask_expire_interval, parse_expire_string): + Pass in the time to use to calculate the expiration offset, rather + than querying it internally. Change all callers. + +2007-01-31 David Shaw <[email protected]> + + * keygen.c (do_generate_keypair, proc_parameter_file) + (generate_keypair, generate_subkeypair): Pass a timestamp through + to all the gen_xxx functions. + + * keyedit.c (sign_uids): Another multiple to single timestamp + operation. + + * sign.c (write_plaintext_packet): Take timestamp from outside. + Change all callers. + (sign_file, clearsign_file, sign_symencrypt_file): Calculate one + timestamp for the whole transaction. Different timestamps for + each step can leak performance information. + + * main.h, keygen.c (ask_expiredate), keyedit.c (menu_expire): + Remove the need for ask_expiredate(). + +2007-01-30 David Shaw <[email protected]> + + * keygen.c (make_backsig, write_direct_sig, write_selfsigs) + (write_keybinding): Have the various selfsigs created during key + generation use the timestamp of their parent key. This helps + avoid leaking information about the performance of the machine + where the keys were generated. Noted by Christian Danner. + +2007-01-15 Werner Koch <[email protected]> + + * parse-packet.c (read_protected_v3_mpi): Make sure to stop + reading even for corrupted packets. + * keygen.c (generate_user_id): Need to allocate one byte more. + Reported by Felix von Leitner. + +2006-12-14 David Shaw <[email protected]> + + * options.skel: Tweak some examples to match reality and update + the RFC for CERT now that it is out of draft. + +2006-12-13 David Shaw <[email protected]> + + * Makefile.am: Install options.skel via dist_pkgdata_DATA so that + "make uninstall" works properly. + +2006-12-13 Werner Koch <[email protected]> + + * gpgv.c, gpg.c: Do not include the now removed g10defs.h file. + +2006-12-11 Werner Koch <[email protected]> + + * seskey.c (encode_session_key, do_encode_md): Use new + mpi_nlimb_hint_from_nbytes function. + * sign.c (do_sign): Ditto. + + * Makefile.am (AM_CPPFLAGS): Define GNUPG_LIBDIR. + * gpgv.c (i18n_init): s/G10_LOCALEDIR/LOCALEDIR/. + * gpg.c (i18n_init): Ditto. + +2006-12-07 Werner Koch <[email protected]> + + * Makefile.am (AM_CPPFLAGS): Define GNUPG_DATADIR. + * openfile.c (copy_options_file): Use log_info and not log_error + to avoid error returns in case of a missing skeleton file. + +2006-12-04 Werner Koch <[email protected]> + + * filter.h (armor_filter_context_t): New field REFCOUNT. + * armor.c (new_armor_context, release_armor_context) + (push_armor_filter): New. + (armor_filter): Call releae_armor_context for IOBUFCTRL_FREE. + * import.c (import): Use the new function here instead of the + old hack using the iobuf_push_filter2. + * keyserver.c (keyserver_spawn): Ditto. + +2006-12-03 Werner Koch <[email protected]> + + * keyedit.c (menu_clean): Made strings translatable. + +2006-12-03 David Shaw <[email protected]> + + * keyedit.c (menu_clean): Show "already minimized" rather than + "already clean" when a minimized key is minimized again. From + Dirk Traulsen. + +2006-12-02 David Shaw <[email protected]> + + * options.h, gpg.c (main), passphrase.c (passphrase_to_dek): Add + --passphrase-repeat option to control how many times gpg will + re-prompt for a passphrase to ensure the user has typed it + correctly. Defaults to 1. + +2006-12-02 Werner Koch <[email protected]> + + * encr-data.c: Allocate DFX context on the heap and not on the + stack. Changes at several places. Fixes CVE-2006-6235. + +2006-11-27 Werner Koch <[email protected]> + + * openfile.c (ask_outfile_name): Fixed buffer overflow occurring + if make_printable_string returns a longer string. Fixes bug 728. + +2006-10-23 Werner Koch <[email protected]> + + * gpg.c (main): New command --gpgconf-list. + +2006-10-12 David Shaw <[email protected]> + + * parse-packet.c (parse_symkeyenc): Show the unpacked as well as + the packed s2k iteration count. + + * main.h, options.h, gpg.c (encode_s2k_iterations, main), + passphrase.c (hash_passphrase): Add --s2k-count option to specify + the number of s2k hash iterations. + +2006-10-06 David Shaw <[email protected]> + + * keyserver.c (keyserver_spawn): Write the 16-digit keyid rather + than whatever key selector the user used on the command line. + +2006-10-02 Werner Koch <[email protected]> + + * encr-data.c (decrypt_data, mdc_decode_filter): Check the MDC + right here and don't let parse-packet handle the MDC. + +2006-08-21 Werner Koch <[email protected]> + + * skclist.c (is_insecure): Also test for uppercase version of the + insecure string. + +2006-07-31 Werner Koch <[email protected]> + + * openfile.c (open_outfile) [USE_ONLY_8DOT3]: Search backwards for + the dot. Fixes bug 654. + + * passphrase.c (agent_open): Use log_info instead of log_error to + allow a fallback without having gpg return an error code. Fixes + bug #655. + + * encode.c (encode_crypt_files): Invalidate the whole fd cache. + This is a workaround for problems in iobuf's stupid fd cache. + * decrypt.c (decrypt_messages): Ditto. + * verify.c (verify_files): Ditto. + +2006-07-26 Werner Koch <[email protected]> + + * keygen.c (gen_card_key_with_backup): Initialize sk_{un}protected. + + * import.c (import): Initialize KEYBLOCK. + + * pkclist.c (edit_ownertrust): Intialize trust to avoid gcc + warning. + + * parse-packet.c (parse_comment): Cap comments at 65k. + (parse_gpg_control): Skip too large control packets. + +2006-06-28 David Shaw <[email protected]> + + * keydb.h, pkclist.c (select_algo_from_prefs, algo_available): + Pass a union for preference hints rather than doing void * games. + + * sign.c (sign_file): Use it here. + + * sign.c (sign_file): When signing with multiple DSA keys, one + being DSA1 and one being DSA2 and encrypting at the same time, if + the recipient preferences give a hash that can work with the DSA2 + key, then allow the DSA1 key to be promoted rather than giving up + and using hash_for(). + + * pkclist.c (algo_available): Automatically enable DSA2 mode when + handling a key that clearly isn't DSA1 (i.e. q!=160). + +2006-06-28 Werner Koch <[email protected]> + + * import.c (check_prefs_warning): Fix change for better + translatability. + + * app-openpgp.c (do_writekey): Fixed computation of memmove + length. This led to garbled keys if E was larger than one byte. + Thanks to Achim Pietig for hinting at the garbled E. + +2006-06-27 Werner Koch <[email protected]> + + * gpg.c (reopen_std) [HAVE_W32_SYSTEM]: Do not use it. + +2006-06-22 David Shaw <[email protected]> + + * options.h, gpg.c (main), keygen.c (keygen_upd_std_prefs, + keygen_add_std_prefs, proc_parameter_file): Add + --default-keyserver-url to specify a keyserver URL at key + generation time, and "Keyserver:" keyword for doing the same + through a batch file. + + * sign.c (do_sign): Accept a truncated hash even for DSA1 keys (be + liberal in what you accept, etc). + +2006-06-12 David Shaw <[email protected]> + + * import.c (import_one): Add a flag (from_sk) so we don't check + prefs on an autoconverted public key. The check should only + happen on the sk side. Noted by Dirk Traulsen. + +2006-06-09 David Shaw <[email protected]> + + * keygen.c (gen_card_key): Add optional argument to return a + pointer (not a copy) of the stub secret key for the secret key we + just generated on the card. + (generate_card_subkeypair): Use it here so that the signing key on + the card can use the card to generate the 0x19 backsig on the + primary key. Noted by Janko Heilgeist and Jonas Oberg. + + * parse-packet.c (parse_user_id): Cap the user ID size at 2048 + bytes. This prevents a memory allocation attack with a very large + user ID. A very large packet length could even cause the + allocation (a u32) to wrap around to a small number. Noted by + Evgeny Legerov on full-disclosure. + +2006-05-25 David Shaw <[email protected]> + + * keygen.c (gen_dsa): Allow generating DSA2 keys + (allow specifying sizes > 1024 when --enable-dsa2 is set). The + size of q is set automatically based on the key size. + (ask_keysize, generate_keypair): Ask for DSA size when + --enable-dsa2 is set. + +2006-05-24 David Shaw <[email protected]> + + * exec.c (make_tempdir): Fix bug with a temporary directory on + Win32 that is over 256 bytes long. Noted by Israel G. Lugo. + +2006-05-23 David Shaw <[email protected]> + + * gpg.c (reopen_std): New function to reopen fd 0, 1, or 2 if we + are called with them closed. This is to protect our + keyring/trustdb files from corruption if they get attached to one + of the standard fds. Print a warning if possible that this has + happened, and fail completely if we cannot reopen (should never + happen). + (main): Call it here. + +2006-05-22 David Shaw <[email protected]> + + * parse-packet.c (dump_sig_subpkt, parse_signature), + build-packet.c (build_sig_subpkt_from_sig), getkey.c + (fixup_uidnode, merge_selfsigs_main, merge_selfsigs_subkey), + keygen.c (keygen_add_key_expire): Fix meaning of key expiration + and sig expiration subpackets - zero means "never expire" + according to 2440, not "expire instantly". + + * getkey.c (get_pubkey_byname), import.c (import_one): Fix key + selection problem when auto-key-locate returns a list of keys, not + all of which are usable (revoked, expired, etc). Noted by Simon + Josefsson. + +2006-04-26 David Shaw <[email protected]> + + * keyserver.c (direct_uri_map): New. + (keyserver_spawn): Used here to add "_uri" to certain gpgkeys_xxx + helpers when the meaning is different if a path is provided + (i.e. ldap). + (keyserver_import_cert): Show warning if there is a CERT + fingerprint, but no --keyserver set. + +2006-04-22 David Shaw <[email protected]> + + * keyserver.c: Fix build problem with platforms that stick libcurl + in a place not in the regular include search path. + +2006-04-20 David Shaw <[email protected]> + + * options.h, gpg.c (main): Add --enable-dsa2 and --disable-dsa2. + Defaults to disable. + + * pkclist.c (algo_available): If --enable-dsa2 is set, we're + allowed to truncate hashes to fit DSA keys. + + * sign.c (match_dsa_hash): New. Return the best match hash for a + given q size. + (do_sign, hash_for, sign_file): When signing with a DSA key, if it + has q==160, assume it is an old DSA key and don't allow truncation + unless --enable-dsa2 is also set. q!=160 always allows truncation + since they must be DSA2 keys. + (make_keysig_packet): If the user doesn't specify a + --cert-digest-algo, use match_dsa_hash to pick the best hash for + key signatures. + +2006-04-19 David Shaw <[email protected]> + + * gpg.c (print_mds), armor.c (armor_filter, parse_hash_header): + Add SHA-224. + + * sign.c (write_plaintext_packet), encode.c (encode_simple): + Factor common literal packet setup code from here, to... + + * main.h, plaintext.c (setup_plaintext_name): Here. New. Make sure + the literal packet filename field is UTF-8 encoded. + + * options.h, gpg.c (main): Make sure --set-filename is UTF-8 + encoded and note when filenames are already UTF-8. + +2006-04-18 David Shaw <[email protected]> + + * keyedit.c (menu_backsign): Give some more verbose errors when we + have no need to backsign. + +2006-04-11 David Shaw <[email protected]> + + * options.skel, photoid.c (get_default_photo_command): Find an + image viewer at runtime. Seems FC5 doesn't have xloadimage. + +2006-04-08 David Shaw <[email protected]> + + * getkey.c (parse_auto_key_locate): Fix dupe-removal code. + + * keyedit.c (menu_backsign): Allow backsigning even if the secret + subkey doesn't have a binding signature. + + * armor.c (radix64_read): Don't report EOF when reading only a pad + (=) character. The EOF actually starts after the pad. + + * gpg.c (main): Make --export, --send-keys, --recv-keys, + --refresh-keys, and --fetch-keys follow their arguments from left + to right. Suggested by Peter Palfrader. + +2006-04-08 Werner Koch <[email protected]> + + * mainproc.c (list_node): Print ring trust value only if not empty + and --with-colons has been given. + +2006-04-05 Werner Koch <[email protected]> + + * getkey.c (user_id_not_found_utf8): New. + (get_primary_uid, get_user_id): Use it. Fixes Debian bug #205028 + in the right way. + +2006-04-03 Werner Koch <[email protected]> + + * import.c (check_prefs_warning): Merged strings for better + translation. + + * gpg.c (main) [__GLIBC__]: Default to libpcsclite.so.1. + + * status.h, status.c (STATUS_BEGIN_SIGNING): New. Suggested by + Daiki Ueno. + * textfilter.c (copy_clearsig_text): Issue new status code. + * sign.c (sign_file, sign_symencrypt_file): Ditto. + +2006-03-31 David Shaw <[email protected]> + + * getkey.c (get_pubkey_byname): Fix missing auto_key_retrieve + unlock. Fix strings to not start with a capital letter as per + convention. + +2006-03-30 David Shaw <[email protected]> + + * main.h, seskey.c (encode_md_value): Modify to allow a q size + greater than 160 bits as per DSA2. This will allow us to verify + and issue DSA2 signatures for some backwards compatibility once we + start generating DSA2 keys. + * sign.c (do_sign), sig-check.c (do_check): Change all callers. + + * sign.c (do_sign): Enforce the 160-bit check for new signatures + here since encode_md_value can handle non-160-bit digests now. + This will need to come out once the standard for DSA2 is firmed + up. + +2006-03-28 Werner Koch <[email protected]> + + * openfile.c (overwrite_filep): Fix small cpr issue. Noted by + Daiki Ueno. + +2006-03-22 David Shaw <[email protected]> + + * getkey.c (parse_auto_key_locate): Silently strip out duplicates + rather than causing an error. + +2006-03-22 Werner Koch <[email protected]> + + * sig-check.c (signature_check2): Changed warning URL to include faq. + * misc.c (idea_cipher_warn): Ditto. + +2006-03-22 David Shaw <[email protected]> + + * mainproc.c (get_pka_address): Fix bug introduced as part of + sig_to_notation conversion. Noted by Peter Palfradrer. + +2006-03-21 Werner Koch <[email protected]> + + * cardglue.c (agent_scd_pksign): Allow the use of ripemd-160 along + with scdaemon. + +2006-03-16 David Shaw <[email protected]> + + * keyserver.c (keyserver_import_cert): Handle the IPGP CERT type + for both the fingerprint alone, and fingerprint+URL cases. + + * getkey.c (get_pubkey_byname): Minor cleanup. + +2006-03-13 David Shaw <[email protected]> + + * keyserver-internal.h, keyserver.c (keyserver_import_pka): Use + the same API as the other auto-key-locate fetchers. + + * getkey.c (get_pubkey_byname): Use the fingerprint of the key + that we actually fetched. This helps prevent problems where the + key that we fetched doesn't have the same name that we used to + fetch it. In the case of CERT and PKA, this is an actual security + requirement as the URL might point to a key put in by an attacker. + By forcing the use of the fingerprint, we won't use the attacker's + key here. + + * keyserver-internal.h, keyserver.c (keyserver_spawn, + keyserver_work, keyserver_import_cert, keyserver_import_name, + keyserver_import_ldap): Pass fingerprint info through. + + * main.h, import.c (import_one): Optionally return the fingerprint + of the key being imported. + (import_keys_internal, import_keys_stream, import): Change all + callers. + +2006-03-12 David Shaw <[email protected]> + + * sig-check.c (signature_check2): Print the backsig warning when + there is no backsig present. Give a URL for more information. + + * keyedit.c (menu_backsign): Small tweak to work properly with + keys originally generated with older GnuPGs that included comments + in the secret keys. + +2006-03-10 Werner Koch <[email protected]> + + * card-util.c (get_manufacturer): Added Vendor 3 + +2006-03-09 David Shaw <[email protected]> + + * build-packet.c (string_to_notation): Add ability to indicate a + notation to be deleted with a '-' prefix. + + * keyedit.c (menu_set_notation): Use it here to allow deleting a + notation marked with '-'. This works with either "-notation" or + "-notation=value". + +2006-03-08 David Shaw <[email protected]> + + * keyedit.c (menu_set_notation): New function to set notations on + self-signatures. + (keyedit_menu): Call it here. + (tty_print_notations): Helper. + (show_prefs): Show notations in "showpref". + + * mainproc.c (get_pka_address) + * keylist.c (show_notation): Remove + duplicate code by using notation functions. + + * packet.h, build-packet.c (sig_to_notation) + * keygen.c (keygen_add_notations): Provide printable text for + non-human-readable notation values. + + * packet.h, build-packet.c (sig_to_notation) + * keygen.c (keygen_add_notations): Tweak to handle non-human-readable + notation values. + + * options.h, sign.c (mk_notation_policy_etc) + * gpg.c (add_notation_data): Use it here for the various notation + commands. + + * packet.h, main.h, keygen.c (keygen_add_notations) + * build-packet.c (string_to_notation, sig_to_notation) + (free_notation): New "one stop shopping" functions to handle + notations and start removing some code duplication. + +2006-03-08 Werner Koch <[email protected]> + + * mainproc.c (do_check_sig): Use log_error for standalone revocations. + +2006-03-07 David Shaw <[email protected]> + + * options.h, mainproc.c (check_sig_and_print), gpg.c (main): + pka-lookups, not pka-lookup. + + * options.h, gpg.c (main), keyedit.c [cmds], sig-check.c + (signature_check2): Rename "backsign" to "cross-certify" as a more + accurate name. + + * options.h, gpg.c (main, parse_trust_model), pkclist.c + (check_signatures_trust), mainproc.c (check_sig_and_print, + pka_uri_from_sig), trustdb.c (init_trustdb): Some tweaks to PKA so + that it is a verify-option now. + +2006-03-07 Werner Koch <[email protected]> + + * mainproc.c (proc_signature_packets): Return any_sig_seen to caller. + (check_sig_and_print): Option to partly allow the old behaviour. + * gpg.c: New option --allow-multisig-verification. + +2006-03-06 David Shaw <[email protected]> + + * sign.c (make_keysig_packet): Don't use MD5 for a RSA_S key as + that is not a PGP 2.x algorithm. + + * mainproc.c (proc_compressed): "Uncompressed" is not a valid + compression algorithm. + +2006-03-06 Werner Koch <[email protected]> + + * mainproc.c (check_sig_and_print): Made the composition test more + tight. This is due to another bug report by Tavis Ormandy. + (add_onepass_sig): Simplified. + +2006-03-05 Werner Koch <[email protected]> + + * plaintext.c (handle_plaintext): Replace assert by explict error + conflict message. Reported by Tavis Ormandy. + +2006-03-02 Werner Koch <[email protected]> + + * cardglue.c (check_card_serialno): Don't ask in batch mode. + +2006-03-01 David Shaw <[email protected]> + + * getkey.c (parse_auto_key_locate): Error if the user selects + "cert" or "pka" when those features are disabled. + + * misc.c (has_invalid_email_chars): Fix some C syntax that broke + the compilers on SGI IRIX MIPS and Compaq/DEC OSF/1 Alpha. Noted + by Nelson H. F. Beebe. + +2006-02-27 David Shaw <[email protected]> + + * options.skel: Document auto-key-locate and give a pointer to + Simon Josefsson's page for CERT. + +2006-02-24 David Shaw <[email protected]> + + * keydb.h, getkey.c (release_akl), gpg.c (main): Add + --no-auto-key-locate. + + * options.h, gpg.c (main): Keep track of each keyserver registered + so we can match on them later. + + * keyserver-internal.h, keyserver.c (cmp_keyserver_spec, + keyserver_match), gpgv.c: New. Find a keyserver that matches ours + and return its spec. + + * getkey.c (get_pubkey_byname): Use it here to get the + per-keyserver options from an earlier keyserver. + +2006-02-23 David Shaw <[email protected]> + + * keyserver.c (parse_keyserver_options): Only change max_cert if + it is used. + + * options.c, gpg.c (main), keyserver.c (keyserver_spawn): No + special treatment of include-revoked, include-subkeys, and + try-dns-srv. These are keyserver features, and GPG shouldn't get + involved here. + + * keyserver.c (parse_keyserver_uri, add_canonical_option): Always + append options to the list, as ordering may be significant to the + user. + + * gpg.c (add_notation_data): Fix reversed logic for isascii check + when adding notations. Noted by Christian Biere. + + * options.h, keyserver.c (add_canonical_option): New. + (parse_keyserver_options): Moved from here. + (parse_keyserver_uri): Use it here so each keyserver can have some + private options in addition to the main keyserver-options + (e.g. per-keyserver auth). + +2006-02-22 David Shaw <[email protected]> + + * options.h, keyserver-internal.h, keyserver.c + (keyserver_import_name), getkey.c (free_akl, + parse_auto_key_locate, get_pubkey_byname): The obvious next step: + allow arbitrary keyservers in the auto-key-locate list. + + * options.h, keyserver.c (parse_keyserver_options): Remove + auto-cert-retrieve as it is no longer meaningful. Add + max-cert-size to allow users to pick a max key size retrieved via + CERT. + + * options.h, gpg.c (main), mainproc.c (check_sig_and_print), + keyserver.c (keyserver_opts): Rename auto-pka-retrieve to + honor-pka-record to be consistent with honor-keyserver-url. + + * options.h, keydb.h, g10.c (main), getkey.c + (parse_auto_key_locate): Parse a list of key access methods. + (get_pubkey_byname): Walk the list here to try and retrieve keys + we don't have locally. + +2006-02-21 David Shaw <[email protected]> + + * getkey.c (get_pubkey_byname): Fix minor security problem with + PKA when importing at -r time. The URL in the PKA record may + point to a key put in by an attacker. Fix is to use the + fingerprint from the PKA record as the recipient. This ensures + that the PKA record is followed. + + * keyserver-internal.h, keyserver.c (keyserver_import_pka): Return + the fingerprint we requested. + + * gpgv.c: Stub keyserver_import_ldap. + + * keyserver-internal.h, keyserver.c (keyserver_import_ldap): + Import using the PGP Universal trick of asking + ldap://keys.(maildomain) for the key. + +2006-02-20 David Shaw <[email protected]> + + * keyserver.c (parse_keyserver_uri): Include the scheme in the uri + even when we've assumed "hkp" when there was no scheme. + +2006-02-20 Werner Koch <[email protected]> + + * apdu.c (open_pcsc_reader): As a precaution set LIST to NULL + after free. + +2006-02-14 Werner Koch <[email protected]> + + * verify.c (verify_signatures): Print warning also for NO_DATA. + + * mainproc.c (struct mainproc_context): New field any_sig_seen. + (add_signature): Set it. + (proc_signature_packets): Test and return NO_DATA. + +2006-02-09 Werner Koch <[email protected]> + + * gpg.c (main) <oLockNever>: Disable random locking. + +2006-02-06 Werner Koch <[email protected]> + + * ccid-driver.c, ccid-driver.h: Updated from GnuPG 1.9. Changes: + * ccid-driver.h (CCID_DRIVER_ERR_NO_KEYPAD): New. + * ccid-driver.c (send_escape_cmd): New args RESULT, RESULTLEN and + RESULTMAX. Changed all callers. + (ccid_transceive_escape): New. + * ccid-driver.c (special_transport): New + (ccid_open_reader, do_close_reader, ccid_shutdown_reader) + (bulk_out, bulk_in): Add support for CardMan 4040 reader. + * ccid-driver.c (scan_or_find_devices): Factored most code out to + (scan_or_find_usb_device): .. new. + (make_reader_id): Fixed vendor mask. + +2006-01-24 David Shaw <[email protected]> + + * keyserver.c (parse_keyserver_uri): If there is a path present, + set the direct_uri flag so the right keyserver helper is run. + +2006-01-22 David Shaw <[email protected]> + + * keyserver.c (keyserver_spawn): Include the EXEEXT so we can find + keyserver helpers on systems that use extensions. + + * misc.c (path_access) [HAVE_DRIVE_LETTERS]: Do the right thing + with drive letter systems. + +2006-01-17 David Shaw <[email protected]> + + * keydb.h, passphrase.c (next_to_last_passphrase): New. "Touch" a + passphrase as if it was used (move from next_pw to last_pw). + + * pubkey-enc.c (get_session_key): Use it here to handle the case + where a passphrase happens to be correct for a secret key, but yet + that key isn't the anonymous recipient (i.e. the secret key could + be decrypted, but not the session key). This also handles the + case where a secret key is located on a card and a secret key with + no passphrase. Note this does not fix bug 594 (anonymous + recipients on smartcard do not work) - it just prevents the + anonymous search from stopping when the card is encountered. + +2006-01-07 David Shaw <[email protected]> + + * keyserver.c (keyserver_refresh): Fix problem when more than one + key in a refresh batch has a preferred keyserver set. Noted by + Nicolas Rachinsky. + +2006-01-01 David Shaw <[email protected]> + + * mainproc.c (check_sig_and_print), keyserver.c + (keyserver_import_pka), card-util.c (fetch_url): Always require a + scheme:// for keyserver URLs except when used as part of the + --keyserver command for backwards compatibility. + + * sign.c (write_signature_packets): Lost a digest_algo line. + + * sign.c (hash_for): Add code to detect if the sk lives on a smart + card. If it does, only allow 160-bit hashes, a la DSA. This + involves passing the *sk in, so change all callers. This is + correct for today, given the current 160-bit q in DSA, and the + current SHA-1/RIPEMD160 support in the openpgp card. It will + almost certainly need changing down the road. + + * app-openpgp.c (do_sign): Give user error if hash algorithm is + not supported by the card. + +2005-12-23 David Shaw <[email protected]> + + * keyserver.c (keyserver_import_pka): New. Moved from + getkey.c:get_pubkey_byname which was getting crowded. + + * keyserver.c (keyserver_import_cert): Import a key found in DNS + via CERT records. Can handle both the PGP (actual key) and IPGP + (URL) CERT types. + + * getkey.c (get_pubkey_byname): Call them both here. + + * options.h, keyserver.c (parse_keyserver_options): Add + "auto-cert-retrieve" option with optional max size argument. + + * gpgv.c: Stubs. + + * keyserver-internal.h, keyserver.c (keyserver_spawn, + keyserver_work, keygerver_getname): New keyserver_getname function + to fetch keys by name. + + * getkey.c (get_pubkey_byname): Call it here to enable locating + keys by full mailbox from a keyserver a la PKA. Try PKA first, + though, as it is likely to be faster. + +2005-12-20 Werner Koch <[email protected]> + + * gpg.c: New option --allow-pka-lookup. + (parse_trust_model): Add "+pka" variants. + (main): Make KEYSERVER_AUTO_PKA_RETRIEVE teh default. + * options.h (opt): New fields PKA_TRUST_INCREASE and + ALLOW_PKA_LOOKUP. + * status.h (STATUS_PKA_TRUST_BAD, STATUS_PKA_TRUST_GOOD): New. + * pkclist.c (check_signatures_trust): Increase trust due to valid + PKA only if that new option has been set. Issue new status lines. + * trustdb.c (init_trustdb): Print info if this option is active. + * getkey.c (get_pubkey_byname): Honor allow-pka-lookup. + * mainproc.c (pka_uri_from_sig): Ditto. + + * trustdb.c (validate_keys): Print no "ultimately trusted keys + found" only in non-quiet mode. + +2005-12-19 David Shaw <[email protected]> + + * getkey.c (merge_selfsigs_main): All primary keys can certify. + +2005-12-18 David Shaw <[email protected]> + + * gpg.c (main): Restore convert-sk-to-pk as programs rely on it. + + * keyid.c (usagestr_from_pk): Remove special PUBKEY_USAGE_CERT + flag. It's no longer needed. + +2005-12-14 David Shaw <[email protected]> + + * gpg.c (main): Don't default to import-options convert-sk-to-pk. + It causes confusing warning messages when importing a PGP-exported + key that contains a secret key without selfsigs followed by the + public key. + +2005-12-08 David Shaw <[email protected]> + + * keyserver.c (keyserver_fetch): Switch on fast-import before we + --fetch-keys so we don't rebuild the trustdb after each fetch. + +2005-12-08 Werner Koch <[email protected]> + + * gpg.c (main): Check for DBCS lead byte when converting the + homedir. By Kazuyoshi Kakihara. Fixes PR561. + + * keyserver.c (keyserver_fetch): Made strings translatable. + +2005-12-08 David Shaw <[email protected]> + + * options.h, keyserver.c (curl_cant_handle, keyserver_spawn) + (keyserver_fetch): Set a flag to indicate that we're doing a direct + URI fetch so we can differentiate between a keyserver operation + and a URI fetch for protocols like LDAP that can do either. + +2005-12-07 David Shaw <[email protected]> + + * keyserver.c (keyserver_spawn): Don't print "searching for key + 00000000" when fetching a URI. + + * keyserver-internal.h, keyserver.c (keyserver_fetch): New. Fetch + an arbitrary URI using the keyserver helpers. + + * gpg.c (main): Call it from here for --fetch-keys. + +2005-12-07 Werner Koch <[email protected]> + + * pkclist.c (do_we_trust): Add NOTREACHED comment. + +2005-11-20 David Shaw <[email protected]> + + * main.h, keylist.c (print_revokers): New. Print the "rvk" + designated revoker record. Moved from + keyedit.c:show_key_with_all_names_colon. + + * keylist.c (list_keyblock_colon): Use it here ... + + * keyedit.c (show_key_with_all_names_colon): ... and here. + +2005-11-19 David Shaw <[email protected]> + + * free-packet.c (copy_secret_key): Copy secret key into secure + memory since we may unprotect it. + + * main.h, g10.c (main), revoke.c (gen_desig_revoke): Add local + user support so users can use -u with --desig-revoke. This + bypasses the interactive walk over the revocation keys. + +2005-11-17 David Shaw <[email protected]> + + * keyedit.c (keyedit_menu, menu_clean): Simplify clean options to + just "clean", and add "minimize". + + * import.c (parse_import_options): Make help text match the export + versions of the options. + + * options.h, export.c (parse_export_options, do_export_stream): + Reduce clean options to two: clean and minimize. + + * trustdb.h, trustdb.c (clean_one_uid): New function that joins + uid and sig cleaning into one for a simple API outside trustdb. + +2005-11-13 David Shaw <[email protected]> + + * armor.c (parse_header_line): A fussy bit of 2440: header lines + are delimited with a colon-space pair. Therefore a line such as + "Comment: " (with a trailing space) is actually legal, albeit not + particularly useful. + +2005-11-11 David Shaw <[email protected]> + + * trustdb.h, trustdb.c (clean_key): New function to handle key + cleaning from one convenient place. + + * options.h, import.c (parse_import_options, + clean_sigs_from_all_uids, import_one): Reduce clean options to + two: clean and minimize. + + * parse-packet.c (setup_user_id): Remove. + (parse_user_id, parse_attribute): Just use xmalloc_clear instead. + + * trustdb.c (clean_uid_from_key, clean_uids_from_key): + Significantly simpler implementation. + +2005-11-10 David Shaw <[email protected]> + + * keyedit.c (keyedit_menu, menu_clean_sigs_from_uids): Add + "minimize" command. + + * packet.h, keyedit.c (menu_clean_uids_from_key), trustdb.c + (clean_uids_from_key): Fix display bug where sigs cleaned for + other reasons caused a uid to appear as if it had been compacted. + + * packet.h: Move some flags to a bitfield. Change all callers. + + * options.h, import.c (parse_import_options, + clean_sigs_from_all_uids, import_one): Add import-minimal option. + Similar to export-minimal, except it works on the way in. + + * trustdb.h, trustdb.c (clean_sigs_from_uid): Add flag to remove + all non-selfsigs from key during cleaning. Change all callers. + + * export.c (do_export_stream): Use it here for export-minimal so + we don't need additional minimize code in the export path. + +2005-11-06 David Shaw <[email protected]> + + * options.skel: Add a section for --encrypt-to. This is Debian + bug 336211 by Javier Fernández-Sanguino Peña. + +2005-11-05 David Shaw <[email protected]> + + * Makefile.am: Include @LIBUSB_CPPFLAGS@ in our CPPFLAGS. + Strictly speaking this should be only in gpg_CPPFLAGS, but then we + have to compile everything twice for gpg and gpgv. + + * apdu.c (open_pcsc_reader): Fix double free. + + * gpg.c (main) [__APPLE__]: Default the PCSC driver to the OS X + location. Suggested by Patty A. Hardy. + +2005-11-02 David Shaw <[email protected]> + + * trustdb.c (clean_sigs_from_uid): Include sigs from unavailable + keys in the sigs that are cleaned. Suggested by Dirk Traulsen and + many others. + +2005-11-01 David Shaw <[email protected]> + + * import.c (import_one): Do collapse_uids() before we do any + cleaning so keyserver mangled keys with doubled user IDs can be + properly cleaned - possibly sigs on the different user IDs cancel + each other out. + + * import.c (parse_import_options), export.c + (parse_export_options): List "xxx-clean" before the longer options + so we don't end up with a partial match on the longer options. + + * trustdb.c (clean_uids_from_key): Return proper number of cleaned + user IDs. Don't count user IDs as cleaned unless we actually + delete something. + +2005-10-27 David Shaw <[email protected]> + + * keyedit.c (menu_addrevoker), getkey.c (finish_lookup): Fix + problem with adding a cert-only designated revoker. Code was + looking for a key with sign ability, and not cert ability. Noted + by Timo Schulz. + +2005-10-27 Werner Koch <[email protected]> + + * gpg.c [__CYGWIN__]: Set default driver to winscard.dll. + + * apdu.c, apdu.h: Updated from gnupg 1.9. Changes are: + * apdu.c [__CYGWIN__]: Make cygwin environment similar to _WIN32. + Suggested by John P. Clizbe. + * apdu.h (SW_HOST_NO_KEYPAD): New. + * apdu.c (host_sw_string): Support new code. + (reader_table_s): New field CHECK_KEYPAD. + (new_reader_slot, open_ct_reader, open_pcsc_reader) + (open_ccid_reader, open_rapdu_reader): Initialize it. + (check_ccid_keypad): New. + (apdu_check_keypad): New. + (apdu_send_le): Factored all code out to ... + (send_le): .. new. Takes an additional arg; changed all callers + of the orginal function to use this one with a NULL for the new + arg. + (apdu_send_simple_kp): New. + (ct_send_apdu, pcsc_send_apdu, my_rapdu_send_apdu) + (send_apdu_ccid): New arg PININFO. + (send_apdu_ccid): Use the new arg. + +2005-10-26 David Shaw <[email protected]> + + * keygen.c (proc_parameter_file): Default key and subkey usage + flags to algo capabilities if parameter file doesn't specify them. + Noted by Timo Schulz. + +2005-10-18 Werner Koch <[email protected]> + + * cardglue.c (pin_cb): Fixed prompt for repeated PIN. Return + G10ERR_CANCELED and not just -1. + (status_sc_op_failure): New. Use it where we issue that status. + (pin_cb): Append serial number to the need-pin status message. + (agent_scd_change_pin): Add arg SERIALNO. Changed all callers. + (agent_scd_writekey): Ditto. + (agent_scd_setattr): Ditto. + (agent_scd_genkey): Ditto. + (agent_scd_checkpin): Pass serialno to the pin_cb. + + * keygen.c (parse_expire_string): Allow setting the expire + interval using a "seconds=<n>" syntax. This is useful for + debugging. + +2005-10-17 Werner Koch <[email protected]> + + * export.c (do_export_stream): Factored some code out to ... + (skip_subkey_p): .. new. + (subkey_in_list_p, release_subkey_list): New. + (new_subkey_list_item): New. + (do_export_stream): Export exactly specified subkeys into one + keyblock. + +2005-10-13 David Shaw <[email protected]> + + * keyedit.c (keyedit_menu, menu_backsign): New "backsign" command + to add 0x19 backsigs to old keys that don't have them. + + * misc.c (parse_options): Fix build warning. + + * main.h, keygen.c (make_backsig): Make public. + +2005-10-12 David Shaw <[email protected]> + + * options.h, getkey.c (merge_selfsigs_subkey), gpg.c (main), + sig-check.c (signature_check2): Add --require-backsigs and + --no-require-backsigs. Currently defaults to + --no-require-backsigs. + +2005-10-11 David Shaw <[email protected]> + + * getkey.c (merge_selfsigs_subkey), sig-check.c + (signature_check2), keygen.c (make_backsig): Did some backsig + interop testing with the PGP folks. All is well, so I'm turning + generation of backsigs on for new keys. Checking for backsigs on + verification is still off. + +2005-10-05 Werner Koch <[email protected]> + + * g10.c: Renamed to .. + * gpg.c: ..this. + * Makefile.am: Adjusted accordingly. + +2005-09-22 Werner Koch <[email protected]> + + * sign.c (write_plaintext_packet): Don't print an empty file + warning if the file is actually too large. + * encode.c (encode_simple,encode_crypt): Ditto. + * progress.c (handle_progress): Adjusted for iobuf_get_filelength + change. + * photoid.c (generate_photo_id): Ditto. + +2005-09-20 Werner Koch <[email protected]> + + * mainproc.c (proc_symkey_enc): Take care of a canceled passphrase + prompt. + +2005-09-19 David Shaw <[email protected]> + + * keylist.c (reorder_keyblock, do_reorder_keyblock): Reorder + attribute IDs as well as regular text IDs. + + * plaintext.c (ask_for_detached_datafile): Use make_filename() on + filename so tilde expansion works. + +2005-09-14 David Shaw <[email protected]> + + * main.h, misc.c (parse_options): Add the ability to have help + strings in xxx-options commands. + + * keyserver.c (keyserver_opts), import.c (parse_import_options), + export.c (parse_export_options), g10.c (parse_list_options, main): + Add help strings to xxx-options. + +2005-09-10 David Shaw <[email protected]> + + * keyedit.c (show_names): Moved name display code out from + show_key_with_all_names. + (keyedit_menu): Call it here for pref and showpref so they can + show only the selected user ID. Suggested by Timo Schulz. + +2005-09-07 Werner Koch <[email protected]> + + * cardglue.h (GPG_ERR_TOO_LARGE): New. + + * apdu.c, apdu.h, iso7816.c, iso7816.h + * ccid-driver.c, ccid-driver.h: Updated from GnuPG 1.9 source. + Changes are: + * iso7816.c (iso7816_select_path): New. + * iso7816.c (iso7816_read_binary): Use Le=0 when reading all + data. Handle 6C00 error and take 6B00 as indication for EOF. + * apdu.h (SW_EXACT_LENGTH_P): New. + * apdu.c (new_reader_slot, reset_pcsc_reader, pcsc_get_status) + (open_pcsc_reader): Set new reader state IS_T0. + (apdu_send_le): When doing T=0 make sure not to send Lc and Le. + Problem reported by Carl Meijer. + (apdu_send_direct): Initialize RESULTLEN. + + * misc.c (parse_options): Allow meta option "help" to list all + options and to exit the program. + +2005-09-02 David Shaw <[email protected]> + + * parse-packet.c (enum_sig_subpkt, parse_signature, + parse_attribute_subpkts): Make a number of warnings verbose items. + These fire on many slightly mangled keys in the field, so the + warning is becoming burdensome. + +2005-09-01 David Shaw <[email protected]> + + * photoid.h, photoid.c (generate_photo_id): Allow passing in a + suggested filename. + + * keyedit.c (keyedit_menu, menu_adduid): Call it here so "addphoto + filename" works. + +2005-08-31 David Shaw <[email protected]> + + * photoid.c (generate_photo_id): Enable readline completion and + tilde expansion for the JPEG prompt. + +2005-08-30 Werner Koch <[email protected]> + + * passphrase.c (agent_open): Print a warning and not an error in + case of a missing agent. Should fix Debian bug #325578. + +2005-08-26 David Shaw <[email protected]> + + * misc.c (openpgp_pk_algo_usage): Default to allowing CERT for + signing algorithms. + + * keyedit.c (sign_uids): Don't request a signing key to make a + certification. + + * keygen.c (do_add_key_flags): Force the certify flag on for all + primary keys, as the spec requires primary keys must be able to + certify (if nothing else, which key is going to issue the user ID + signature?) + (print_key_flags): Show certify flag. + (ask_key_flags, ask_algo): Don't allow setting the C flag for + subkeys. + + * keyid.c (usagestr_from_pk), getkey.c (parse_key_usage): + Distinguish between a sign/certify key and a certify-only key. + + * keyedit.c (ask_revoke_sig): Add a revsig --with-colons mode. + Suggested by Michael Schierl. + +2005-08-21 David Shaw <[email protected]> + + * Makefile.am: No need to link with curl any longer. + + * main.h, misc.c (path_access): New. Same as access() but does a + PATH search like execlp. + + * keyserver.c (curl_can_handle): Removed. Replaced by... + (curl_cant_handle): We are now relying on curl as the handler of + last resort. This is necessary because PGP LDAP and curl LDAP are + apples and oranges. + (keyserver_typemap): Only test for ldap and ldaps. + (keyserver_spawn): If a given handler is unusable (as determined + by path_access()) then try gpgkeys_curl. + + * exec.h, exec.c (make_tempdir, expand_args, exec_write, + exec_read): Minor cleanup to use bitfield flags instead of a bunch + of integers. + +2005-08-20 David Shaw <[email protected]> + + * g10.c (main): Add aliases sign-with->local-user and + user->recipient to make switching from PGP command line to GPG + easier. + +2005-08-19 David Shaw <[email protected]> + + * options.skel: Remove the surfnet LDAP keyserver from the list of + samples since it is being shut down. + + * getkey.c (classify_user_id): Disable the '.' and '+' search + modes since they aren't supported yet. + +2005-08-05 David Shaw <[email protected]> + + * g10.c (main), passphrase.c (set_passphrase_from_string): New + --passphrase command line option. Only useful in very special + circumstances. + +2005-08-05 Werner Koch <[email protected]> + + * gpgv.c (keyserver_import_fprint): New stub. + + * keygen.c (ask_user_id): Moved email checking code out to .. + * misc.c (is_valid_mailbox): .. new. + * mainproc.c (get_pka_address): Use it here. + * getkey.c (get_pubkey_byname): Add falback to auto-retrieve a key + via the PKA mechanism. + + * options.h (KEYSERVER_AUTO_PKA_RETRIEVE): New. + * keyserver.c (keyserver_opts): Ditto. + * mainproc.c (check_sig_and_print): Use it here to retrieve keys + from a PKA DNS record. + + * pkclist.c (build_pk_list): Add comments to this function; + re-indented it. + +2005-08-04 David Shaw <[email protected]> + + * keygen.c (proc_parameter_file): Sanity check items in keygen + batch file. Noted by Michael Schierl. + + * pkclist.c (do_edit_ownertrust): Don't allow ownertrust level 0. + Noted by Michael Schierl. + + * keygen.c (write_keyblock): Don't try and build deleted kbnodes + since we start our tree with one. + +2005-08-04 Werner Koch <[email protected]> + + * export.c (do_export_stream): Skip on-card keys when only subkeys + are to be exported. It does not make sense to replace the on-card + key stub by a no-key stub. + + * revoke.c (gen_revoke): Check for non-online keys. + + * seckey-cert.c (is_secret_key_protected): Return -3 for + non-online key stubs. The old code assumes that a protection + algorithm is still set but in some cases this one is 0 and thus it + won't be possible to decide whether it is unprotected or + protected. + +2005-07-28 Werner Koch <[email protected]> + + * Makefile.am (other_libs): Add SRVLIBS. + + * parse-packet.c (can_handle_critical_notation): We know about + * packet.h (PKT_signature): New fields PKA_INFO and PKA_TRIED. + (pka_info_t): New. + * free-packet.c (cp_pka_info): New. + (free_seckey_enc, copy_signature): Support new fields. + * mainproc.c (get_pka_address, pka_uri_from_sig): New. + (check_sig_and_print): Try to get the keyserver from the PKA + record. + * pkclist.c (check_signatures_trust): Adjust the trust based on + the PKA. + * gpgv.c (parse_keyserver_uri): New stub. + + * keygen.c (has_invalid_email_chars): Moved to .. + * misc.c (has_invalid_email_chars): .. here and made global. + +2005-07-27 Werner Koch <[email protected]> + + * export.c (do_export_stream): Make two strings translatable. + +2005-07-26 David Shaw <[email protected]> + + * keyserver.c (keyserver_typemap): Special-case LDAP since curl + will report that it can handle it, and we don't want it to. + +2005-07-26 Werner Koch <[email protected]> + + * passphrase.c (agent_get_passphrase): Make sure to release the + saved codeset. + (agent_open): Add arg ORIG_CODESET and switch back to it in case + of error. Changed all callers. + +2005-07-22 David Shaw <[email protected]> + + * keyedit.c (sign_uids): Don't prompt for setting signature expiry + to match key expiry unless --ask-cert-expire is set. Suggested by + Peter Palfrader. + +2005-07-22 Werner Koch <[email protected]> + + * g10.c, options.h: New option --exit-on-status-write-error. + * status.c (write_status_text): Make use of this option. + +2005-07-22 David Shaw <[email protected]> + + * options.h, g10.c (main): Removed option --no-interactive-selection. + * keyedit.c (keyedit_menu): Use --interactive to enable the uid + walking when signing a key with no uids specified to sign. + + * keylist.c (list_keyblock_print): Fix silly typo. Noted by Greg + Sabino Mullane. + +2005-07-20 Werner Koch <[email protected]> + + * openfile.c (open_outfile): Disable FD caching for created files. + * encode.c (encode_simple, encode_crypt): Disable FD caching for + input files. + * verify.c (verify_one_file): Ditto. + * decrypt.c (decrypt_messages): Ditto. This is bug #479. + + * misc.c (get_libexecdir) [W32]: Changed to return the value of + program used to create the process. + * keyserver.c (keyserver_spawn) [DISABLE_KEYSERVER_PATH]: Don't + change the exec-path at all. + +2005-07-20 David Shaw <[email protected]> + + * keyserver.c (curl_can_handle): New. Do a runtime check against + libcurl to see if it can handle a particular protocol. + (keyserver_typemap): Call it here. + + * Makefile.am: Pull in libcurl for curl_version_info() if used. + +2005-07-19 Werner Koch <[email protected]> + + * g10.c, options.h: New option --limit-card-insert-tries. + * cardglue.c (open_card): Use it. + + * export.c (parse_export_options): New option + export-reset-subkey-passwd. + (do_export_stream): Implement it. + + * misc.c (get_libexecdir): New. + * keyserver.c (keyserver_spawn): Use it + +2005-07-18 Werner Koch <[email protected]> + + * tdbio.c (open_db): Check for EROFS. Suggested by Bryce Nichols. + +2005-07-08 David Shaw <[email protected]> + + * trustdb.c (clean_uids_from_key): Don't keep a valid selfsig + around when compacting a uid. There is no reason to make an + attacker's job easier - this way they only have a revocation which + is useless in bringing the uid back. + + * keydb.h, kbnode.c (undelete_kbnode): Removed. No longer needed. + + * import.c (chk_self_sigs): Allow a uid revocation to be enough to + allow importing a particular uid (no self sig needed). This + allows importing compacted uids. + +2005-06-20 David Shaw <[email protected]> + + * keygen.c (save_unprotected_key_to_card): Better fix for gcc4 + warning. + +2005-06-20 Werner Koch <[email protected]> + + * g10.c, options.h: New option --no-interactive-selection. + * keyedit.c (keyedit_menu): Use it. + +2005-06-18 Werner Koch <[email protected]> + + * parse-packet.c (parse_signature): Use log_info for messages + about missing timestamp or keyid. In case we don't use that key + there won't be no further error and thus gpg does not need to + return with an error. + +2005-06-13 David Shaw <[email protected]> + + * keygen.c (save_unprotected_key_to_card): Fix gcc4 warning. + + * options.h, import.c (parse_import_options, import_one): Add + import-clean-uids option to automatically compact unusable uids + when importing. Like import-clean-sigs, this may nodify the local + keyring. + + * trustdb.c (clean_uids_from_key): Only allow selfsigs to be a + candidate for re-inclusion. + +2005-06-12 David Shaw <[email protected]> + + * options.h, import.c (parse_import_options, + clean_sigs_from_all_uids, import_one): Add import-clean-sigs + option to automatically clean a key when importing. Note that + when importing a key that is already on the local keyring, the + clean applies to the merged key - i.e. existing superceded or + invalid signatures are removed. + + * getkey.c (merge_selfsigs_main, merge_selfsigs_subkey): Make sure + that even after keys may be merged together, we only have one + chosen selfsig. + +2005-06-09 David Shaw <[email protected]> + + * options.h, import.c (parse_import_options, delete_inv_parts): + import-unusable-sigs is now a noop. + + * options.h, export.c (do_export_stream), keyedit.c (keyedit_menu, + menu_clean_subkeys_from_key), trustdb.h, trustdb.c + (clean_subkeys_from_key): Remove subkey cleaning function. It is + of very limited usefulness since it cannot be used on any subkey + that can sign, and can only affect multiple selfsigs on + encryption-only subkeys. + + * keydb.h, kbnode.c (undelete_kbnode): New function to undelete a + kbnode. + + * trustdb.c (clean_uids_from_key): Further tweak the algorithm so + that the last good selfsig is kept when the chosen selfsig is a + revocation. + +2005-06-08 David Shaw <[email protected]> + + * trustdb.c (clean_uids_from_key), keyedit.c + (menu_clean_uids_from_key): Tweak algorithm to preserve the last + selfsig which helps prevent uid resurrections. + + * getkey.c (fixup_uidnode, merge_selfsigs_main): Handle both + expired and revoked uids in fixup_uidnode(). No need to special + case in merge_selfsigs_main(). This also means that an expired + uid will have its selfsig tagged with chosen_selfsig. + +2005-06-07 David Shaw <[email protected]> + + * options.h, g10.c (main), export.c (parse_export_options, + do_export_stream): Add export-options export-clean-sigs, + export-clean-uids, export-clean-subkeys, and export-clean which is + all of the above. Export-minimal is the same except it also + removes all non-selfsigs. export-unusable-sigs is now a noop. + +2005-06-06 Werner Koch <[email protected]> + + * cardglue.c (open_card): Emit new CARDCTRL status 5 for no reader + available. + +2005-06-02 Werner Koch <[email protected]> + + * app-openpgp.c (do_writekey): Typo fix. + + * status.c, status.h: Removed STATUS_BAD_PASSPHRASE_PIN. + +2005-06-01 David Shaw <[email protected]> + + * signal.c [HAVE_DOSISH_SYSTEM]: Fix unused function warnings on + mingw32. Noted by Joe Vender. + + * passphrase.c [_WIN32]: Remove unused variables. + +2005-05-31 David Shaw <[email protected]> + + * keyedit.c (menu_clean_uids_from_key, + menu_clean_subkeys_from_key), trustdb.c (clean_uids_from_key, + clean_subkeys_from_key): Fix mingw32 build warnings. Noted by Joe + Vender. + +2005-05-31 Werner Koch <[email protected]> + + * keydb.h [!ENABLE_AGENT_SUPPORT]: Define dummy types. + + * cardglue.c (assuan_strerror, assuan_transact): Dummy functions + if not build with agent support. + + * armor.c (check_input): Don't bail out on invalid header lines + unless in struict rfc2440 mode. Suggested by Richard Patterson. + +2005-05-30 Werner Koch <[email protected]> + + * tlv.c: Add hack to compile without gpg-error.h. + +2005-05-30 David Shaw <[email protected]> + + * trustdb.h, trustdb.c (clean_subkeys_from_key): New. Walk + through the subkeys on a key, and mark any that aren't usable for + deletion. Note that a signing subkey is never marked for deletion + since these keys are still useful after expiration or revocation. + + * keyedit.c (menu_clean_subkeys_from_key): New function to call + clean_subkeys_from_key() on a key. Note that the strings here are + not marked for translation yet. The UI is still in flux, and + there is no point in annoying the translators twice. + (keyedit_menu): Call it here as part of the "clean" command. + +2005-05-29 David Shaw <[email protected]> + + * trustdb.h, trustdb.c (clean_uids_from_key): New. Walk through + the user IDs on a key, and mark any that aren't valid for + deletion. + + * keyedit.c (menu_clean_uids_from_key): New function to call + clean_uids_from_key() on a key. + (keyedit_menu): Call it from here as part of the "clean" command. + +2005-05-26 David Shaw <[email protected]> + + * g10.c (main): Default {export|import}-unusable-sigs to off until + the "clean" UI can be finished. + +2005-05-24 Werner Koch <[email protected]> + + * passphrase.c (ask_passphrase): Unescape the description string. + * cardglue.c (unescape_status_string): Removed. Changed all + caller to use ... + * misc.c (unescape_percent_string): New. + + * g10.c (add_notation_data): Check number of at-signs. + +2005-05-23 Werner Koch <[email protected]> + + * app-openpgp.c, app-common.h: Again updated from gnupg 1.9 CVS. + + * cardglue.c (open_card): Check USE_AGENT. + (agent_scd_checkpin): Implemented Assuan part. + (agent_scd_change_pin): Ditto. + + * g10.c (main): Option --debug-ccid-driver may now be given + several times increase the debug level. + + * ccid-driver.c (parse_ccid_descriptor): Mark SCR335 FW version + 5.14 as good. + (do_close_reader): Never do a reset. The caller should instead + make sure that the reader has been closed properly. The new retry + code in ccid_slot_status will make sure that the readersatrts up + fine even if the last process didn't closed the USB connection + properly. + (ccid_get_atr): For certain readers try switching to ISO mode. + Thanks to Ludovic Rousseau for this hint and the magic numbers. + (print_command_failed): New. + (bulk_in): Use it here. Add new arg NO_DEBUG. + (ccid_slot_status): Disabled debugging. + +2005-05-21 Werner Koch <[email protected]> + + * cardglue.c (send_status_info): Make CTRL optional. + (agent_scd_writekey, inq_writekey_parms): New. + (agent_openpgp_storekey): Removed. + * cardglue.h: Add a few more error code mappings. + * keygen.c (copy_mpi): Removed. + (save_unprotected_key_to_card): Changed to use agent_scd_writekey. + * app-common.h, app-openpgp.c, tlv.c, tlv.h: Updated from newer + version in gnupg 1.9 CVS. + +2005-05-20 Werner Koch <[email protected]> + + * ccid-driver.c (ccid_transceive): Arghhh. The seqno is another + bit in the R-block than in the I block, this was wrong at one + place. Fixes bug #419 and hopefully several others. + +2005-05-19 Werner Koch <[email protected]> + + * app-common.h, app-openpgp.c, tlv.c, tlv.h: Updated from newer + version in gnupg 1.9 CVS. + +2005-05-18 Werner Koch <[email protected]> + + * passphrase.c (agent_open): Made global and add arg TRY. + (agent_close): Made global. + + * app-common.h (app_t): Add a field to store the Assuan context. + +2005-05-13 David Shaw <[email protected]> + + * build-packet.c (do_comment): Removed. + (build_packet): Ignore comment packets. + + * export.c (do_export_stream): Don't export comment packets any + longer. + + * options.h, g10.c (main): Remove --sk-comments and + --no-sk-comments options, and replace with no-op. + +2005-05-11 David Shaw <[email protected]> + + * keygen.c (write_selfsigs): Rename from write_selfsig. Write the + same selfsig into both the pk and sk, so that someone importing + their sk (which will get an autoconvert to the pk) won't end up + with two selfsigs. + (do_generate_keypair): Call it from here. + + * parse-packet.c (can_handle_critical_notation): New. Check for + particular notation tags that we will accept when critical. + Currently, that's only [email protected], since we + know how to handle it (pass it through to a mail program). + (can_handle_critical): Call it from here. + (parse_one_sig_subpkt): Sanity check that notations are + well-formed in that the internal lengths add up to the size of the + subpacket. + +2005-05-07 Werner Koch <[email protected]> + + * ccid-driver.c (do_close_reader): Don't do a reset before close. + Some folks reported that it makes the SCR335 hang less often. + Look at the source on how to re-enable it. + +2005-05-06 David Shaw <[email protected]> + + * main.h, keygen.c (parse_expire_string, ask_expire_interval), + sign.c (sign_file, clearsign_file, sign_symencrypt_file), g10.c + (main), keyedit.c (sign_uids): Use seconds rather than days + internally to calculate expiration. We no longer need the + day-based code as we don't generate v3 keys. + + * sign.c (sign_file, clearsign_file, sign_symencrypt_file): Use + the default sig expire value when signing in batchmode. + +2005-05-05 David Shaw <[email protected]> + + * Makefile.am, packet.h, main.h, comment.c: Remove comment.c. We + don't use any of these functions any longer. + + * keygen.c (start_tree): New function to "prime" a KBNODE list. + (do_generate_keypair): Use it here rather than creating and + deleting a comment packet. + + * keygen.c (gen_elg, gen_dsa): Do not put public factors in secret + key as a comment. + + * options.h, encode.c (encode_simple, encode_crypt), keygen.c + (do_create): Remove disabled comment packet code. + + * keygen.c (keygen_set_std_prefs): Add SHA256 and BZip2 to default + preferences. + + * options.h, g10.c (main): Add new --default-sig-expire and + --default-cert-expire options. Suggested by Florian Weimer. + + * main.h, keygen.c (parse_expire_string, ask_expire_interval): Use + defaults passed in, or "0" to control what default expiration is. + + * keyedit.c (sign_uids), sign.c (sign_file, clearsign_file, + sign_symencrypt_file): Call them here, so that default expiration + is used when --ask-xxxxx-expire is off. + +2005-05-03 Werner Koch <[email protected]> + + * passphrase.c (agent_get_passphrase): Add new arg CACHEID. + Changed all callers. + (ask_passphrase): Add new arg CACHEID and use it in agent mode. + Changed all callers. + (passphrase_clear_cache): New arg CACHEID. Changed all callers. + * cardglue.c (format_cacheid): New. + (pin_cb): Compute a cache ID. + (agent_scd_pksign, agent_scd_pkdecrypt): Use it. + (agent_clear_pin_cache): New. + * card-util.c (change_pin): Clear the PIN cache. + (check_pin_for_key_operation): Ditto. + +2005-04-24 David Shaw <[email protected]> + + * trustdb.h, trustdb.c (mark_usable_uid_certs): Add flags for the + no-pubkey and chosen revocation cases. + (clean_uid): New function to clean a user ID of unusable (as + defined by mark_usable_uid_certs) certs. + + * keyedit.c (keyedit_menu, menu_clean_uids): Call it here for new + "clean" command that removes unusable sigs from a key. + + * trustdb.h, keyedit.c (keyedit_menu, menu_select_uid_namehash): + Allow specifying user ID via the namehash from --with-colons + --fixed-list-mode --list-keys. Suggested by Peter Palfrader. + +2005-04-21 David Shaw <[email protected]> + + * keyedit.c (sign_uids, keyedit_menu): When the user requests to + sign a key without specifying which user IDs to sign, and declines + to sign all user IDs, walk through the set of user IDs and prompt + for which to sign. + + * mainproc.c (symkey_decrypt_seskey): There is no need to have an + extra check for a bad passphrase and/or unknown cipher algorithm + here. We'll fail quite happily later, and usually with a better + error message to boot. + +2005-04-20 Werner Koch <[email protected]> + + * sign.c (sign_file, sign_symencrypt_file): Allow for hash + debugging. + +2005-04-16 David Shaw <[email protected]> + + * keyserver.c (keyserver_spawn): Free some memory. + + * sign.c (hash_for): Comments. + +2005-04-11 Werner Koch <[email protected]> + + * g10.c (main, add_notation_data, add_policy_url) + (add_keyserver_url): Use isascii() to protect the isfoo macros and + to replace direct tests. Possible problems noted by Christian + Biere. + * keyserver.c (parse_keyserver_uri): Ditto. + +2005-04-07 Werner Koch <[email protected]> + + * g10.c (main): Declare --pipemode deprecated. + * misc.c (deprecated_command): New. + + * ccid-driver.c (ccid_slot_status): Fixed debug messages. + + * card-util.c (card_edit): Add command "verify". Enhanced admin + command to allow optional arguments "on", "off" and "verify". + (card_status): Print private DOs in colon mode. + * app-openpgp.c (do_check_pin): Add hack to allow verification of + CHV3. + +2005-04-01 Werner Koch <[email protected]> + + * keygen.c (keygen_set_std_prefs): Explain the chosen order of + AES key sizes. + +2005-04-01 David Shaw <[email protected]> + + * mainproc.c (proc_plaintext): Properly handle SIG+LITERAL + (old-style PGP) signatures that use hashes other than SHA-1, + RIPEMD160, or MD5. + +2005-03-31 David Shaw <[email protected]> + + * exec.h, exec.c (set_exec_path): Remove some dead code and change + all callers. We no longer need to append to $PATH. + +2005-03-31 Werner Koch <[email protected]> + + * passphrase.c (agent_open): Dropped support for W32 - is was + never actually used. Removed support for the old non-assuan + protocol; there has never been a matured implementation and + gpg-agent is now arround for quite some time. Rewritten to make + use of the Assuan code from ../util. + (gpga_protocol_codes): Removed. + (readn): Removed. + (agent_close): Simplified for use with Assuan. + (agent_get_passphrase, passphrase_clear_cache): Removed support + for old protocol. Use only with ENABLE_CARD_SUPPORT defined. + (agent_send_all_options): Take assuan context instead of a file + descriptor. + (agent_send_option): Likewise. Use assuan_transact. + * passphrase.c (writen, readaline): Removed. + + * g10.c (main): Print a warning if --use-agent has been used but + it has not been build with support for it. + + * keydb.c (keydb_add_resource): Clarify meaning of flags. Add new + flag 4. Use log_info for errors registering the default secret key. + * g10.c (main): Flag the default keyrings. + +2005-03-30 David Shaw <[email protected]> + + * keyserver.c (keyserver_spawn): Don't mess about with the $PATH. + Rather, call keyserver helpers with the full path. This fixes + some PATH-inspired DLL problems on W32. Noted by Carlo Luciano + Bianco. + +2005-03-30 Werner Koch <[email protected]> + + * cardglue.c (pin_cb): Print a warning if the info string hack is + not there. This may happen due to typos in the translation. + +2005-03-22 Werner Koch <[email protected]> + + * misc.c (w32_shgetfolderpath) [W32]: Changed declaration of + function ptr. Noted by Tim Costello. + * apdu.c [W32]: Changed declaration of dlopened function pointers. + +2005-03-21 David Shaw <[email protected]> + + * gpgv.c: Stubs for tty_enable_completion() & + tty_disable_completion(). + + * openfile.c (ask_outfile_name): Enable readline completion when + prompting for an output filename. + + * plaintext.c (ask_for_detached_datafile): Enable readline + completion when prompting for a detached sig datafile. + +2005-03-21 Werner Koch <[email protected]> + + * keyedit.c (command_generator, keyedit_completion): Changed + indentation. + * card-util.c (command_generator, card_edit_completion): Ditto. + +2005-03-19 David Shaw <[email protected]> + + * card-util.c (command_generator, card_edit_completion) + [GNUPG_MAJOR_VERSION==1 && HAVE_LIBREADLINE]: New functions to + enable command completion in the --card-edit menu. + (card_edit): Call them here. + +2005-03-18 David Shaw <[email protected]> + + * keyedit.c (command_generator, keyedit_completion) + [HAVE_LIBREADLINE]: New functions to enable command completion in + the --edit-key menu. + (keyedit_menu): Call them here. + +2005-03-17 David Shaw <[email protected]> + + * getkey.c (get_seckey_byname2): If no explicit default key is + set, don't pick a disabled default. Noted by David Crick. + + * Makefile.am: Calculate GNUPG_LIBEXECDIR directly. Do not + redefine $libexecdir. + + * options.h, keyserver.c (parse_keyserver_options) + (keyserver_spawn): Don't treat 'verbose' and 'include-disabled' as + special. Just pass them through silently to the keyserver helper. + +2005-03-16 Werner Koch <[email protected]> + + * ccid-driver.c (parse_ccid_descriptor): Make SCM workaround + reader type specific. + (scan_or_find_devices): Do not check the interface subclass in the + SPR532 kludge, as this depends on the firmware version. + (ccid_get_atr): Get the Slot status first. This solves the + problem with readers hanging on recent Linux 2.6.x. + (bulk_in): Add argument TIMEOUT and changed all callers to pass an + appropriate one. Change the standard timeout from 10 to 5 seconds. + (ccid_slot_status): Add a retry code with an initial short timeout. + (do_close_reader): Do an usb_reset before closing the reader. + +2005-03-14 Werner Koch <[email protected]> + + * card-util.c (card_status): Use isotimestamp and not the + localized asctimestamp to match the timezone used in the key + information. + + * cardglue.c (pin_cb): Disable debug output. + +2005-03-11 Werner Koch <[email protected]> + + * keygen.c (gen_card_key_with_backup): Write status line with the + backup filename. + + * status.h, status.h (STATUS_BACKUP_KEY_CREATED): New. + +2005-03-10 David Shaw <[email protected]> + + * keyserver.c (parse_keyserver_options): Accept honor-http-proxy + as an alias for http-proxy. + + * delkey.c (do_delete_key, delete_keys): Fix problem with --expert + preventing --delete-secret-and-public-keys from deleting secret + keys. + +2005-03-10 Werner Koch <[email protected]> + + * keyedit.c (keyedit_menu) [W32]: Run the trustdb stale check + earlier. + +2005-03-07 Werner Koch <[email protected]> + + * cardglue.c (agent_scd_pkdecrypt, agent_scd_pksign) + (agent_scd_genkey, agent_scd_setattr, agent_scd_change_pin) + (agent_scd_checkpin, agent_openpgp_storekey): Make sure to send a + SC_OP_FAILURE after card operations which might change data. + * card-util.c (change_pin): Send a SC_OP_SUCCESS after a PIN has + been changed. + (change_name): Removed a debug output. + * status.h, status.c: New codes BAD_PASSPHRASE_PIN, SC_OP_FAILURE + and SC_OP_SUCCESS. + +2005-02-24 David Shaw <[email protected]> + + * keyedit.c (keyedit_menu): Only print the key signing hint when + signing from a place where it is useful (i.e. --edit-key and not + --sign-key). + +2005-02-16 Werner Koch <[email protected]> + + * card-util.c (fetch_url): Fetch the key from the default + keyserver if no URL is available. + +2005-02-15 Werner Koch <[email protected]> + + * passphrase.c (agent_get_passphrase): Don't call free_public_key + if PK is NULL. + (passphrase_clear_cache): Ditto. Removed debug output. + (passphrase_to_dek): Ditto. + +2005-02-13 Werner Koch <[email protected]> + + * keyedit.c (cmds): Limit code to 80 columns. Add command + BKUPTOCARD. + +2005-02-09 David Shaw <[email protected]> + + * encr-data.c (decrypt_data): Use it here to turn off the "quick + check" bytes for PK decryptions. This is in regards to the Mister + and Zuccherato attack on OpenPGP CFB mode. + + * mainproc.c (proc_symkey_enc): Set a flag to indicate that a + particular session key came from a passphrase and not a PK. + +2005-02-08 Werner Koch <[email protected]> + + * misc.c (w32_shgetfolderpath): New. + (default_homedir): Use it to avoid problems under Windows95. + +2005-02-06 David Shaw <[email protected]> + + * trustdb.h, trustdb.c (trustdb_check_or_update): New. If the + trustdb is dirty and --interactive is set, do an --update-trustdb. + If not interactive, do a --check_trustdb unless + --no-auto-check-trustdb is set. + + * import.c (import_keys_internal): Moved from here. + + * keyserver.c (keyserver_refresh): Call it here after all + refreshing has happened so that we don't rebuild after each + preferred keyserver set of imports, but do one big rebuild at the + end. This is Debian bug #293816, noted by Kurt Roeckx. + +2005-02-04 David Shaw <[email protected]> + + * getkey.c (merge_selfsigs_subkey): Merged away definition from + the backsigs code. + +2005-01-31 David Shaw <[email protected]> + + * keygen.c (do_generate_keypair): Write the auth key to the card + before the encryption key. This is a partial workaround for a PGP + bug (as of this writing, all versions including 8.1), that causes + it to try and encrypt to the most recent subkey regardless of + whether that subkey is actually an encryption type. In this case, + the auth key is an RSA key so it succeeds. + +2005-01-27 David Shaw <[email protected]> + + * keyid.c (keyid_from_sk, keyid_from_pk): Use 0xFFFFFFFFFFFFFFFF + instead of 0x0000000000000000 for the invalid key ID since + all-zeroes is reserved for the anonymous recipient. + + * keyedit.c (change_passphrase), keygen.c (generate_subkeypair): + Fix a string ;) + +2005-01-27 Werner Koch <[email protected]> + + * parse-packet.c (listfp): New. + (set_packet_list_mode): Intialize it to stdout or stderr depending + on a global option. Made all printing in list mode use LISTFP. + + * keygen.c (generate_subkeypair): Detect primary key on-card and + ask for the passphrase. Return an error if the primary key is a + plain stub. + + * keyedit.c (change_passphrase): Don't ever change any stub key. + Print a note if a key consists of only stub keys. Reported by + Dany Nativel. These are bugs #401 and #402. + +2005-01-26 Werner Koch <[email protected]> + + * ccid-driver.c (parse_ccid_descriptor): Need the CSM workaround + also for newer firmware versions. Need to get a list of fixed + firmware versions and use that. + +2005-01-26 David Shaw <[email protected]> + + * keyserver.c (parse_keyserver_uri): Allow RFC-2732 IPv6 [literal + address] syntax in keyserver URLs. + (keyserver_typemap): Map ftps if we are supporting it. + +2005-01-25 Werner Koch <[email protected]> + + * keygen.c (do_generate_keypair): Don't continue after an error; + fixed at two places. Why at all didn't I used a goto to cleanup, + tsss? + + * app-openpgp.c (get_cached_data): New arg GET_IMMEDIATE to bypass + the cache. Changed all callers. + (get_one_do): Bypass the cache if the value would have been read + directly for v1.1 cards. It makes things a bit slower but only for + 1.0 cards and there are not that many cards out in the wild. This + is required to fix a caching bug when generating new keys; as a + side effect of the retrieval of the the C4 DO from the 6E DO the + chaced fingerprint will get updated to the old value and later + when signing the generated key the checking of the fingerprint + fails becuase it won't match the new one. Thanks to Moritz for + analyzing this problem. + (verify_chv3): Removed the CHV status reread logic because we + won't cache the C4 DO anymore. + +2005-01-21 David Shaw <[email protected]> + + * keyserver.c (free_keyserver_spec): Fix small leak. + (keyserver_typemap): Map https if we are supporting it. + +2005-01-20 Werner Koch <[email protected]> + + * cardglue.c (open_card): Issue new CARDCTRL(4) status. + + * gpgv.c (tty_fprintf): New stub. + + * card-util.c (card_status): Create a secret key stub on the fly + and print more information about a card key. + * import.c (pub_to_sec_keyblock, auto_create_card_key_stub): New. + * getkey.c (get_seckeyblock_byfprint): New. + * keylist.c (print_card_key_info): New. + + * g10.c (i18n_init) [W32]: Pass registry key to gettext + initialization. + * gpgv.c (i18n_init) [W32]: Ditto. + +2005-01-18 Werner Koch <[email protected]> + + * misc.c (default_homedir): New. Taken from gnupg 1.9.15. + * g10.c (main): Use it. + * gpgv.c (main): Ditto. + + * keylist.c (public_key_list): Do a trustdb staleness check before + opening the keyring. + (secret_key_list): Ditto. + +2005-01-10 David Shaw <[email protected]> + + * keyedit.c (keyedit_menu): Move command strings outside the + function to get ready for the readline completion code. + + * passphrase.c (readline, agent_send_option, agent_open, + agent_get_passphrase, passphrase_clear_cache): Rename readline() + to readaline() to keep readline library namespace clear. + +2005-01-06 David Shaw <[email protected]> + + * filter.h, armor.c (armor_filter): Use the eol string from the + armor filter context instead of hardcoding '\n' or '\r\n'. If no + eol string is provided, default to '\n' or '\r\n' as appropriate. + (is_armor_header): Trim tabs in armor header lines as well. + + * keyserver.c (keyserver_spawn): Use it here to force '\n' line + endings since the keyserver output file gets a LF->CRLF expansion + on win32. + +2005-01-05 David Shaw <[email protected]> + + * g10.c (main): Typo. + + * armor.c (is_armor_header): Allow CR and LF (not just actual + spaces) in an armor header line (-----BEGIN etc). This is needed + due to CRLF issues on win32. As before, --openpgp makes it + strict. + +2005-01-03 David Shaw <[email protected]> + + * Makefile.am: Use @LIBUSB@ instead of @LIBUSB_LIBS@ + + * import.c (delete_inv_parts): Comments on import-unusable-sigs. + +2005-01-01 David Shaw <[email protected]> + + * options.h, import.c (parse_import_options, delete_inv_parts): + Add import-unusable-sigs flag to enable importing unusable + (currently: expired) sigs. + + * options.h, export.c (parse_export_options, do_export_stream): + Add export-unusable-sigs flag to enable exporting unusable + (currently: expired) sigs. + +2004-12-29 David Shaw <[email protected]> + + * packet.h, getkey.c (merge_selfsigs_main, sig_to_revoke_info), + keyid.c (revokestr_from_pk), keyedit.c (show_key_with_all_names): + Show who revoked a key (either the same key or a designated + revoker) and when. + +2004-12-28 Werner Koch <[email protected]> + + * ccid-driver.c (find_endpoint): New. + (scan_or_find_devices): Add new args to return endpoint info and + interface number. + (ccid_open_reader, ccid_shutdown_reader): Take care of these new + args. + (bulk_in, bulk_out): Use the correct endpoints. + (ccid_transceive_apdu_level): New. + (ccid_transceive): Divert to above. + (parse_ccid_descriptor): Allow APDU level exchange mode. + (do_close_reader): Pass the interface number to usb_release_interface. + +2004-12-24 David Shaw <[email protected]> + + * keyserver.c (keyserver_typemap): Only map HTTP and FTP if + libcurl has specifically been selected to handle them. + +2004-12-22 David Shaw <[email protected]> + + * options.h, keyserver.c (parse_keyserver_uri): Properly parse + auth data from URLs and pass to keyserver helpers. + + * keyserver.c (keyserver_typemap): New. Map certain keyserver + types to a common type (e.g. ldaps -> ldap). If we are building + with curl, map both http and ftp to curl. + + * build-packet.c (build_sig_subpkt): Only allow one preferred + keyserver subpacket at a time. + +2004-12-21 David Shaw <[email protected]> + + * keyedit.c (menu_set_keyserver_url): Make sure we only operate on + the chosen selfsig so we don't accidentally promote an older + selfsig to chosen. Discovered by Simon Josefsson and 'Todd'. + + * keygen.c (ask_expire_interval): Fix typo. + +2004-12-20 David Shaw <[email protected]> + + * keylist.c (list_keyblock_print): Secret key listings should + always show everything (expired UIDs, revoked subkeys, etc, etc). + + * keyedit.c (keyedit_menu): Add additional help for the "sign" + flags. + +2004-12-20 Werner Koch <[email protected]> + + * keygen.c (ask_expire_interval): For better translations chnage 2 + strings. + + * seckey-cert.c (do_check): Handle case when checksum was okay but + passphrase still wrong. Roman Pavlik found such a case. + +2004-12-20 David Shaw <[email protected]> + + * keyedit.c (keyedit_menu): Invisible alias "passwd" as + "password". + + * passphrase.c: Don't check for __CYGWIN__, so it is treated as a + unix-like system. + + * options.h, g10.c (main), textfilter.c (standard): Use new option + --rfc2440-text to determine whether to filter "<space>\t\r\n" or + just "\r\n" before canonicalizing text line endings. Default to + "<space>\t\r\n". + +2004-12-19 David Shaw <[email protected]> + + * keygen.c (keygen_get_std_prefs): Set reference count when + creating the temporary user ID. + + * keyedit.c (keyedit_menu): Merge updpref and setpref. Keep + updpref as an invisible alias. Add invisible alias for revphoto. + Fix small memory leak when using "setpref" (not all of the uid was + freed). + (menu_revkey): Trigger a trust rebuild after revoking a key. + Don't allow revoking an already-revoked whole key. + (menu_revsubkey): Don't allow revoking an already-revoked subkey. + +2004-12-18 David Shaw <[email protected]> + + * keyedit.c (menu_revkey): Rename to menu_revsubkey. + (menu_revkey): New. Revoke a whole key. + (keyedit_menu): Call it here for when 'revkey' is used without any + subkeys selected. This is to be consistent with the other + functions which are "selected part if selected, whole key if not". + + * signal.c: Use only HAVE_LIBREADLINE to detect readline + availability. + + * Makefile.am: Link with readline where necessary. + +2004-12-17 Werner Koch <[email protected]> + + * passphrase.c (agent_get_passphrase): Define NREAD locally as + size_t or int. + + * keylist.c (list_keyblock_print): Make field width an int. + * keyedit.c (show_key_with_all_names): Ditto. + +2004-12-16 David Shaw <[email protected]> + + * g10.c (main): Add --require-secmem/--no-require-secmem to cause + gpg to exit if it cannot lock memory. Also remove --nrsign-key + and --nrlsign-key since this can better be done via --edit-key. + +2004-12-15 David Shaw <[email protected]> + + * apdu.c (apdu_send_le, apdu_send_direct), keylist.c + (status_one_subpacket, print_one_subpacket): Fix some compiler + warnings. + + * g10.c (main): Fix --compression-algo to take a string argument + like --compress-algo. + + * trustdb.c (uid_trust_string_fixed): For safety, check for a pk. + +2004-12-14 David Shaw <[email protected]> + + * keyedit.c (keyedit_menu): Re-remove the N_() markers. + + * trustdb.c (uid_trust_string_fixed): Show uids as revoked if the + key is revoked. + + * keyedit.c (show_key_with_all_names): Don't show validity for + secret key UIDs. + + * keyedit.c (parse_sign_type): New. Figure out the flags (local, + nonrevoke, trust) for a signature. + (keyedit_menu): Call it here so we can mix and match flags, and + don't need "nrltsign", "ltsign", "tnrsign", etc, etc, etc. + +2004-12-14 Werner Koch <[email protected]> + + * passphrase.c (agent_get_passphrase): Removed debug output + + * keyserver.c (keyserver_work, keyserver_spawn): Map ldaps to ldap. + + * keyedit.c (keyedit_menu): Removed the N_() markers from the + command names. + * card-util.c (card_edit): Ditto. + +2004-12-13 Werner Koch <[email protected]> + + * passphrase.c (read_passphrase_from_fd): Fixed memory leak. + Noted by Andrei Darashenka. + +2004-12-11 David Shaw <[email protected]> + + * keyserver.c (parse_preferred_keyserver): Force preferred + keyserver subpackets to have a URI scheme specified. + +2004-12-10 David Shaw <[email protected]> + + * options.h, g10.c (main), textfilter.c (standard): Use --rfc2440 + or --openpgp directly to determine the end of line hashing rule. + + * trustdb.c (uid_trust_string_fixed): Show uids as expired if the + key is expired. + +2004-12-10 Werner Koch <[email protected]> + + * app-openpgp.c (send_fprtime_if_not_null): New. + (do_getattr): Add KEY_TIME. + (do_learn_status): Print KEY_TIME. + * cardglue.c (learn_status_cb): Parse KEY-TIME. + * card-util.c (card_status): Print creation time if available. + +2004-12-09 David Shaw <[email protected]> + + * options.h, g10.c (main), textfilter.c (len_without_trailing_ws): + Removed (not used). + (standard): 2440 says that textmode hashes should canonicalize + line endings to CRLF and remove spaces and tabs. 2440bis-12 says + to just canonicalize to CRLF. So, we default to the 2440bis-12 + behavior, but revert to the strict 2440 behavior if the user + specifies --rfc2440. In practical terms this makes no difference + to any signatures in the real world except for a textmode detached + signature. + +2004-12-09 Werner Koch <[email protected]> + + * passphrase.c (agent_get_passphrase): New args CUSTOM_PROMPT and + CUSTOM_DESCRIPTION. Changed all callers. + + * app-openpgp.c (do_getattr, do_learn_status, do_setattr): Support + the new private DOs. + (do_change_pin): Add a "N" prefix to the strings so that the + callback can act accordingly for a new PIN. Unfortunately this + breaks existing translations but I see no wother way to overvome + this. + + * cardglue.c (learn_status_cb): Ditto. + (agent_release_card_info): Ditto. + (struct pin_cb_info_s): Removed and changed all users. + (pin_cb): Reworked. + + * card-util.c (card_status): Print them + (card_edit): New command PRIVATEDO. + (change_private_do): New. + +2004-12-09 David Shaw <[email protected]> + + * keygen.c (ask_algo): Add a choose-your-own-capabilities option + for DSA. + +2004-12-07 David Shaw <[email protected]> + + * keygen.c (ask_keysize): Change strings to always use %u instead + of hardcoding key sizes. Bump default to 2048. Bump minimum down + to 512, where possible, but require --expert to get there. DSA is + always 1024 unless --expert is given. + +2004-11-29 David Shaw <[email protected]> + + * getkey.c (parse_key_usage): New function to parse out key usage + flags. Set PUBKEY_USAGE_UNKNOWN to handle flags that we don't + understand. + (fixup_uidnode, merge_selfsigs_main, merge_selfsigs_subkey): Call + it from here to remove duplicate code. + +2004-11-26 David Shaw <[email protected]> + + * export.c (do_export_stream): Allow export-minimal to work with + secret keys, even though a non-selfsig secret key signature is + rare. + + * options.h, export.c (parse_export_options, do_export_stream), + import.c (parse_import_options, import_keys_internal): Make the + import-options and export-options distinct since they can be mixed + together as part of keyserver-options. + +2004-11-24 David Shaw <[email protected]> + + * options.h, export.c (parse_export_options, do_export_stream): + Add "export-minimal" option to disregard any sigs except selfsigs. + + * trustdb.c (uid_trust_string_fixed): Use a string that can be + atoi-ed, but also has a comment for the translator. + + * trustdb.h, trustdb.c (uid_trust_string_fixed): New. Return a + fixed-size translatable string similar to trust_value_to_string. + This allows for easier lining up of displays. + + * keyedit.c (show_key_with_all_names), keylist.c + (list_keyblock_print): Use it here to print validity strings. + + * gpgv.c: Stub. + +2004-11-18 Werner Koch <[email protected]> + + * g10.c (S_IRGRP) [HAVE_DOSISH_SYSTEM]: Define to 0. + +2004-11-17 Werner Koch <[email protected]> + + * g10.c (open_info_file): New. + (main): Unconditionally implement --status-file, --logger-file, + --attribute-file, --passphrase-file, --command-file. This is not + generally useful but easy to support and might make scripting + under Windows easier. + +2004-11-11 Werner Koch <[email protected]> + + * passphrase.c (readn): Fixed test against EINTR. + +2004-11-05 Werner Koch <[email protected]> + + * app-openpgp.c: Made more strings translatable. + (verify_chv3, do_change_pin): Add a special prefix to the prompt + of the Admin PIN prompts. + * passphrase.c (ask_passphrase): Add arg TRYAGAIN_TEXT. Changed + call callers. + * cardglue.c (pin_cb): Make use of the OPAQUE arg to pass + arguments to the PIN callback. Use this to implement a way to + check for correct PIN repetition. Changed all callers to pass an + opaque argument. Improved detection of Admin PIN prompts. + +2004-11-04 David Shaw <[email protected]> + + * plaintext.c (handle_plaintext): Don't try and create a + zero-length filename when using --use-embedded-filename with input + that has no filename (clearsigned or message generated from a + pipe). + + * encode.c (encode_simple, encode_crypt), progress.c + (handle_progress), sign.c (write_plaintext_packet): Fix a few + inconsistent calls (NULL filename means a pipe here, so don't + bother to check it twice). + +2004-11-03 David Shaw <[email protected]> + + * misc.c (print_digest_algo_note): The latest 2440bis drafts + deprecates MD5, so give a warning. + (print_pubkey_algo_note, print_cipher_algo_note, + print_digest_algo_note): Give the algorithm name in the + experimental algo warning. + +2004-11-03 Timo Schulz <[email protected]> + + * passphrase.c (readn, writen): Use w32_strerror instead + of just showing the error number. + * misc.c [_WIN32]: Fix warning about missing prototypes. + +2004-10-28 David Shaw <[email protected]> + + * skclist.c (build_sk_list): Don't need to warn about + PGP-generated Elgamal signing keys since we no longer support any + Elgamal signing keys. + + * sign.c (sign_file, clearsign_file): Use "writing to" instead of + "writing to file" to match other strings. + + * pkclist.c (check_signatures_trust): Fix typo. Noted by Moray + Allan. This is Debian bug #278708. + + * passphrase.c (ask_passphrase, passphrase_to_dek): "password" -> + "passphrase". + + * keyedit.c (show_key_with_all_names): Show designated revoker as + part of translatable string. + +2004-10-28 Werner Koch <[email protected]> + + * Makefile.am (other_libs): New. Also include LIBICONV. Noted by + Tim Mooney. + +2004-10-28 Werner Koch <[email protected]> + + * apdu.c (open_pcsc_reader): Removed bad free in error handler. + +2004-10-27 David Shaw <[email protected]> + + * card-util.c, delkey.c, keygen.c, plaintext.c, keyedit.c, + passphrase.c, revoke.c: Collapse the two different "can't do that + in batch mode" strings into one. + + * keylist.c (status_one_subpacket): New. Send the subpacket data + to the --status interface. + + * card-util.c (card_edit): Show when admin is enabled or not. + + * status.h, status.c: New STATUS_SIG_SUBPACKET type. + + * build-packet.c (build_sig_subpkt): Multiple keyserver URLs are + allowed. + + * keyring.c: Make some strings translatable. + + * exec.c, sign.c: Change "can't open file" to "can't open" and + "can't create file" to "can't create" to be consistent with other + strings so we don't have to translate both. + + * delkey.c, export.c, keyedit.c, pkclist.c, revoke.c, skclist.c: + Fix a few missed possible \"username\" quotes. + +2004-10-26 Werner Koch <[email protected]> + + * app-openpgp.c (verify_chv3): The minimum length for CHV3 is + 8. Changed string to match the other ones. + + * passphrase.c (agent_send_all_options): Try to deduce the ttyname + from stdin. + +2004-10-22 Werner Koch <[email protected]> + + * card-util.c (fetch_url): Disable for gnupg 1.9 + (card_generate_subkey): Ditto. + (card_store_subkey): Ditto. + +2004-10-21 David Shaw <[email protected]> + + * options.h, g10.c (main), mainproc.c (check_sig_and_print): + Rename verify-option show-validity to show-uid-validity to match + the similar list-option. + + * app-openpgp.c (verify_chv3): Fix typo. + +2004-10-21 Werner Koch <[email protected]> + + * app-common.h (app_openpgp_storekey): Add prototype. + + * app-openpgp.c (do_sign): Replace asprintf by direct allocation. + This avoids problems with missing vasprintf implementations. + + * card-util.c (generate_card_keys): Add a #warning for gnupg 1.9 + and use the same string there. + +2004-10-20 David Shaw <[email protected]> + + * g10.c (parse_list_options): Fix non-constant initializer so we + can build with C89. + +2004-10-17 David Shaw <[email protected]> + + * keylist.c (print_one_subpacket): The flags field should be hex. + +2004-10-17 Werner Koch <[email protected]> + + * passphrase.c (agent_get_passphrase): Cast UIDLEN to int. Noted + by Christian Cornelssen. + +2004-10-16 David Shaw <[email protected]> + + * parse-packet.c (parse_one_sig_subpkt, enum_sig_subpkt): Don't + BUG() on unknown subpackets. Rather, just return them silently. + +2004-10-15 Werner Koch <[email protected]> + + * status.h (STATUS_NEED_PASSPHRASE_PIN): New. + * status.c (get_status_string): Added. + * passphrase.c (ask_passphrase): Moved status printing to .. + * cardglue.c (pin_cb): .. here and issue new status message. + + * keyedit.c (sign_uids): Don't include the leading LF in the + translatable string but print them separately. + + * apdu.c (apdu_open_remote_reader) [_WIN32]: We don't have ENOSYS. + + * app-openpgp.c (parse_login_data): New. + (app_select_openpgp): Call it. + (do_setattr): Reparse it after change. + + * pkclist.c (do_edit_ownertrust): Add a note to translators. + * keygen.c (ask_user_id): Ditto. + + * helptext.c: Typo fix. + +2004-10-14 David Shaw <[email protected]> + + * keylist.c (list_keyblock_print): Show the fingerprint after the + key, not after the first user ID. + + * keyedit.c (show_key_with_all_names): Don't show validity if + we're just printing user IDs for signing. + + * armor.c (fake_packet): Properly handle the case where the line + is dash-space (i.e. a blank line that was quoted). Give a warning + for bad dash escaping. + +2004-10-14 Werner Koch <[email protected]> + + * export.c (do_export_stream) [ENABLE_SELINUX_HACKS]: Don't allow + secret key export. + * import.c (import_secret_one) [ENABLE_SELINUX_HACKS]: Likewise + + * misc.c (is_secured_filename): New. + * keydb.c (maybe_create_keyring) + * tdbio.c (tdbio_set_dbname) + * plaintext.c (handle_plaintext) + * openfile.c (copy_options_file, open_outfile) + * exec.c (exec_write) + * keygen.c (do_generate_keypair, gen_card_key_with_backup) + + * sign.c (sign_file, clearsign_file) + * keyring.c (create_tmp_file, do_copy): Check for secured files + before creating them. + + * keygen.c (print_status_key_created, read_parameter_file): + s/unsigned char/byte/ due to a strange typedef for RISC OS. Noted + by Stefan. + +2004-10-13 David Shaw <[email protected]> + + * armor.c (fake_packet): Allow arbitrary dash-escaped lines as per + 2440bis-10. This is bug #158. + + * keyserver.c (keyserver_work): Handle keyserver timeouts. + + * pkclist.c (do_edit_ownertrust): Different prompt when we're + using direct trust since the meaning is different. + + * keyedit.c (trustsig_prompt): Change the strings to match the + ones in pkclist.c:do_edit_ownertrust to make translation easier. + + * trustdb.c (trust_model_string, get_validity): Add direct trust + model which applies to the key as a whole and not per-uid. + + * options.h, g10.c (parse_trust_model): New. + (main): Call it from here to do string-to-trust-model. + +2004-10-13 Werner Koch <[email protected]> + + * tdbdump.c (import_ownertrust): Removed all log_error_f and + reworded the messages. + + * dermor.c: Include i18n.h. Made 2 strings translatable. + + * misc.c (register_secured_file, is_secured_file) + (unregister_secured_file): New. + * keyring.c (do_copy, rename_tmp_file): Implement the SELinux hacks. + (keyring_register_filename): Ditto. + * tdbio.c (open_db): Ditto. + * openfile.c (copy_options_file, open_sigfile): Ditto. + * verify.c (verify_signatures, verify_one_file): Ditto. + * photoid.c (generate_photo_id): Ditto. + * keygen.c (read_parameter_file): Ditto. + * import.c (import_keys_internal): Ditto. + * decrypt.c (decrypt_message, decrypt_messages): Ditto. + * dearmor.c (dearmor_file, enarmor_file): Ditto. + * g10.c (main, print_mds): Ditto. + * exec.c (exec_write, exec_read): Ditto. + * card-util.c (change_login): Ditto. + * encode.c (encode_simple, encode_crypt): Ditto. + + * openfile.c (overwrite_filep, make_outfile_name, open_outfile) + (open_sigfile): Use iobuf_is_pipe_filename to check for pipes so + that special filesnames are taken into account. This is bug 327. + + * tdbdump.c (import_ownertrust): Ditto. + + * sign.c (write_plaintext_packet): Ditto. + (sign_file, clearsign_file, sign_symencrypt_file): + + * progress.c (handle_progress): Ditto. + * plaintext.c (handle_plaintext): Ditto. + (ask_for_detached_datafile, hash_datafiles): + + * encode.c (encode_simple, encode_crypt): Ditto. + +2004-10-12 Werner Koch <[email protected]> + + * keygen.c (read_parameter_file): Changed to use iobuf based file + reading to allow the special file name feature to work. + + * keygen.c (read_parameter_file): New keyword "Handle". This is + bug 287. + (print_status_key_not_created): New. + (print_status_key_created): Add new arg HANDLE. + (do_generate_keypair): Print not created status. + * status.c, tatus.h (STATUS_KEY_NOT_CREATED): New. + +2004-10-11 David Shaw <[email protected]> + + * pkclist.c (do_edit_ownertrust): Use the same translated string + for showing the user ID as mainproc.c:print_pkenc_list. + + * mainproc.c (print_pkenc_list): Allow translating the quotes + around the user ID. + + * card-util.c, g10.c, photoid.c, trustdb.c: The last of the \"%s\" + -> `%s' quoting for things that aren't user IDs. + + * keyserver.c (keyserver_spawn): If there is no keyserver host, + print the whole URI since it is self-contained. + +2004-10-11 Werner Koch <[email protected]> + + * keyserver.c (keyserver_spawn): Print an empty string in log_info + if the host is not set (e.g. finger). + +2004-10-10 David Shaw <[email protected]> + + * card-util.c, keyedit.c, openfile.c, pkclist.c, delkey.c, + keygen.c, photoid.c, revoke.c: Some yes-or-no prompts end in + "(y/n)". Some don't. Consistently use y/n everywhere. + + * keygen.c (ask_key_flags): New. + (ask_algo): Call it here in --expert mode so we don't need to + specify each possible variation of RSA capabilities. + + * keygen.c (do_add_key_flags): The spec says that all primary keys + MUST be able to certify. Force the certify flag on for primaries + (and off for subkeys). + + * keygen.c (generate_keypair): Fix generating keys with the auth + flag. + +2004-10-08 David Shaw <[email protected]> + + * encr-data.c (decrypt_data): Give a warning with a weak key, but + still allow to decrypt the message. + +2004-10-07 David Shaw <[email protected]> + + * pkclist.c (build_pk_list): Keystrify. + + * mainproc.c (check_sig_and_print), pkclist.c + (do_edit_ownertrust): Improve translatability of user ID prompts. + +2004-10-06 David Shaw <[email protected]> + + * helptext.c, pkclist.c (do_we_trust): It is not possible to get + here with a revoked or expired key, so BUG() that case. Remove + question about overriding revoked/expired. Also + --keyid-format-ify. + (do_we_trust_pre): Use print_pubkey_info() instead of printing the + info ourselves. + + * passphrase.c (passphrase_to_dek): Improve translatability of + user ID prompts. + + * keylist.c (print_pubkey_info): Use the user ID the pk was + selected by, if any. + + * keyedit.c (sign_uids, ask_revoke_sig): Improve translatability + of user ID prompts. + (ask_revoke_sig, menu_revsig): Try and use common strings for + these two functions so they don't need to be translated twice. + + * keyedit.c, keylist.c, keyserver.c, mainproc.c: The + revoked/expired/expires string change of 2004-09-29 was too + simple. Use two styles for each tag. + +2004-10-06 Werner Koch <[email protected]> + + * ccid-driver.c (ccid_open_reader): Store the vendor ID. + (ccid_transceive_secure): New. + (parse_ccid_descriptor): Workaround for an SCM reader problem. + (send_escape_cmd): New. + +2004-10-05 David Shaw <[email protected]> + + * passphrase.c (agent_get_passphrase): Use keystrs for agent + strings, and fix sprintf warnings. + + * keyserver.c (keyserver_spawn): Fix BUG() with certain sets of + mixed regular and preferred keyserver refreshes. Noted by + Sebastian Wiesinger. + + * keyedit.c (show_key_with_all_names): Show uid validity in menu. + +2004-10-03 Timo Schulz <[email protected]> + + * apdu.c (apdu_open_remote_reader) [_WIN32]: Do not set ENOSYS. + +2004-10-03 David Shaw <[email protected]> + + * keyedit.c (print_and_check_one_sig_colon): Fix bad keyids in + colon delsig output. Noted by Peter Palfrader. + (show_prefs): Do not reference missing selfsig. Noted by Alex + Moroz. + +2004-10-01 Werner Koch <[email protected]> + + * gpgv.c (i18n_init): Always use LC_ALL. + +2004-09-30 Werner Koch <[email protected]> + + * app-openpgp.c (verify_chv3) [GNUPG_MAJOR_VERSION!=1]: Typo fix. + +2004-09-30 David Shaw <[email protected]> + + * gpgv.c, keydb.c (keydb_add_resource): Factored keyring creation + out to .. + (maybe_create_keyring): .. new. Make sure that we do the checks + in a locked state. Problem reported by Stefan Haller. Try to + create the home directory before acquiring a lock for the keyring. + From Werner on stable branch. + + * g10.c (main): Blow up if we didn't lose setuid. From Werner on + stable branch. + +2004-09-29 David Shaw <[email protected]> + + * keyedit.c, keylist.c, keyserver.c, mainproc.c: Reduce the many + variations of "revoked" ("revoked", "[revoked]", " [revoked]", + "[revoked] ") "and" expired down to two to simplify translation. + +2004-09-28 David Shaw <[email protected]> + + * keyedit.c (print_and_check_one_sig): Account for the extra space + that show-sig-expire takes up so we do not wrap lines. + (show_key_with_all_names): No need to show subkey revocations as a + seperate line since we now show revocation date in the main subkey + line. + + * signal.c (got_fatal_signal): HAVE_DECL_SYS_SIGLIST is defined, + but zero if not found. Noted by John Clizbe. + + * keyserver.c (parse_keyrec): Fix problem with non-expiring keys + appearing expired in --search-keys results. + +2004-09-27 Werner Koch <[email protected]> + + * card-util.c (card_edit): Take admin only status from the table. + + * app-openpgp.c: Made all strings translatable. + (verify_chv3) [GNUPG_MAJOR_VERSION]: Make opt.allow_admin + available for use in gnupg 2. + (verify_chv3): Reimplemented countdown showing to use only + functions from this module. Flush the CVH status cache on a + successful read. + (get_one_do): Hack to bypass the cache for cards versions > 1.0. + (store_fpr): Store the creation date for card version > 1.0. + +2004-09-25 David Shaw <[email protected]> + + * main.h, g10.c (main), card-util.c (change_pin): If "admin" has + not been issued, skip right to the CHV1/CHV2 PIN change. No need + to show the unblock or admin PIN change option. + (card_edit): Add "admin" command to add admin commands to the + menu. Do not allow admin commands until "admin" is given. + + * app-openpgp.c (verify_chv3): Show a countdown of how many wrong + admin PINs can be entered before the card is locked. + + * options.h, g10.c (main), app-openpgp.c (verify_chv3): Remove + --allow-admin. + +2004-09-24 David Shaw <[email protected]> + + * main.h: Create S2K_DIGEST_ALGO macro so we do not need to always + set opt.s2k_digest_algo. This helps fix a problem with PGP 2.x + encrypted symmetric messages. Change all callers (encode.c, + g10.c, keyedit.c, keygen.c, passphrase.c, sign.c). + + * armor.c, cardglue.c, getkey.c, import.c, keygen.c: Be consistent + in some more quoted strings. Always use 'user ID', not 'user id', + "quotes" for user IDs, etc. + + * keyedit.c (keyedit_menu), gpgv.c (agent_scd_getattr (stub)), + keygen.c (copy_mpi, generate_raw_key): Fix a compile problem and a + few warnings when building without card support. + +2004-09-23 Werner Koch <[email protected]> + + * card_util.c (generate_card_keys): ask whether backup should be + created. + (card_store_subkey): Factored some code out to .. + * keygen.c (save_unprotected_key_to_card): .. new function. + (gen_card_key_with_backup): New. + (generate_raw_key): New. + (generate_keypair): New arg BACKUP_ENCRYPTION_DIR. Changed all + callers. + (do_generate_keypair): Divert to gen_card_key_with_backup when + desired. + + * apdu.c (open_pcsc_reader): Do not print empty reader string. + + * keygen.c (ask_algo): Allow creation of AUTH keys. + + * keyid.c (usagestr_from_pk): New. + + * app-openpgp.c (app_openpgp_storekey): Call flush_cache. + (get_cached_data): Move local data initialization to .. + (app_select_openpgp): .. here. Read some flags for later use. + (do_getattr): New read-only attribute EXTCAP. + + * keyedit.c (keyedit_menu): New command "keytocard" + (keyedit_menu): Bad hack for the not_with_sk element. + (show_key_with_all_names): Print the usage. + (find_pk_from_sknode): New. + + * card-util.c (card_store_subkey): New. + (copy_mpi): New. + + * cardglue.c (agent_openpgp_storekey): New. + +2004-09-22 Werner Koch <[email protected]> + + * card-util.c (card_generate_subkey, generate_card_keys): Factored + common code out to ... + (get_info_for_key_operation, check_pin_for_key_operation) + (restore_forced_chv1, replace_existing_key_p) + (show_card_key_info): ... new functions. + +2004-09-21 David Shaw <[email protected]> + + * mainproc.c (check_sig_and_print), keyedit.c (show_prefs, + menu_set_keyserver_url): Make sure that keyserver URLs with + control characters inside are printed properly. In fact, handle + them as UTF8. + + * keyedit.c (keyedit_menu): Don't show "addcardkey" in the menu if + we do not have card support. + + * keydb.h, keyserver.c (print_keyrec, keyserver_spawn): fpr is an + array of unsigned bytes. + +2004-09-20 Werner Koch <[email protected]> + + * g10.c: Make -K an alias for --list-secret-keys. + + * keylist.c (print_card_serialno): New. Taken from gnupg 1.9.11. + (list_keyblock_print): Make use of it. + * keyedit.c (show_key_with_all_names): Print the card S/N. + + * keyedit.c (keyedit_menu): New command ADDCARDKEY. + * card-util.c (card_generate_subkey): New. + * keygen.c (generate_card_subkeypair): New. + (gen_card_key): New arg IS_PRIMARY; changed all callers. + + * cardglue.c (open_card): Use shutdown code if possible. + (check_card_serialno): Ditto. + + * ccid-driver.c (do_close_reader): Factored some code out from ... + (ccid_close_reader): ..here. + (ccid_shutdown_reader): New. + + * apdu.c (apdu_shutdown_reader): New. + (shutdown_ccid_reader): New. + +2004-09-17 Werner Koch <[email protected]> + + * g10.c (list_config): New config option ccid-reader-id. + (gpgconf_list): Add "reader-port". + + * apdu.c (open_ccid_reader): New arg PORTSTR. Pass it to + ccid_open_reader. + (apdu_open_reader): Pass portstr to open_ccid_reader. + (apdu_open_reader): No fallback if a full CCID reader id has been + given. + + * ccid-driver.c (ccid_get_reader_list): New. + (ccid_open_reader): Changed API to take a string for the reader. + Removed al the cruft for the libusb development vesion which seems + not to be maintained anymore and there are no packages anyway. + The stable library works just fine. + (struct ccid_reader_id_s): Deleted and replaced everywhere by a + simple string. + (usb_get_string_simple): Removed. + (bulk_in): Do valgrind hack here and not just everywhere. + +2004-09-16 David Shaw <[email protected]> + + * keyedit.c (show_key_with_all_names, show_prefs): Show preferred + keyserver(s) in "showpref" output. + + * keygen.c (keygen_add_keyserver_url), keyedit.c + (menu_set_keyserver_url): Allow setting a keyserver URL of "none" + to remove an existing keyserver URL. + + * keyedit.c (menu_set_keyserver_url): Confirm replacement of a + keyserver URL before overwriting the old one. + +2004-09-15 David Shaw <[email protected]> + + * gpgv.c (agent_scd_getattr): Stub. + + * misc.c (get_signature_count): New. Get the signature count from + a smartcard. + (pct_expando): Call it here so the %c expando becomes the number + of signatures issued. This allows for notations or the like with + an automatic signature count. + + * ccid-driver.c (usb_get_string_simple): Replacement function to + work with older libusb. + +2004-09-15 Werner Koch <[email protected]> + + * g10.c [HAVE_LIBUSB]: New option --debug-ccid-driver. + + * ccid-driver.c (read_device_info): Removed. + (make_reader_id, scan_or_find_devices): New. + (ccid_open_reader): Simplified by make use of the new functions. + (ccid_set_debug_level): New. Changed the macros to make use of + it. It has turned out that it is often useful to enable debugging + at runtime so I added this option. + +2004-09-13 David Shaw <[email protected]> + + * getkey.c (premerge_public_with_secret): Fix subkey<->binding sig + mismatch when some secret subkeys are missing. Discovered by + Michael Roth. + + * main.h, keylist.c (print_subpackets_colon): Make a public + function. + + * keyedit.c (print_and_check_one_sig_colon): New. Print a + with-colons version of the sig record. + (menu_delsig): Call it here for a with-colons delsig. + +2004-09-12 David Shaw <[email protected]> + + * options.h, keylist.c (print_one_subpacket, + print_subpackets_colon): Print a spk record for each request + subpacket. + (list_keyblock_colon): Call them here. + + * g10.c (parse_subpacket_list, parse_list_options): New. Make the + list of subpackets we are going to print. + (main): Call them here. + +2004-09-11 David Shaw <[email protected]> + + * card-util.c (fetch_url, card_edit): Use the pubkey URL stored on + the card to fetch an updated copy. Works with either straight + URLs or HKP or LDAP keyservers. + + * keyserver-internal.h, keyserver.c (keyserver_import_fprint), + import.c (revocation_present): Use a keyserver_spec so the caller + can pass in whatever keyserver they like. + +2004-09-10 David Shaw <[email protected]> + + * app-openpgp.c (get_cached_data): Avoid mallocing zero since it + breaks us when using --enable-m-guard. + + * ccid-driver.c (read_device_info): Fix segfault when usb device + is not accessible. + (ccid_open_reader): Allow working with an even older version of + libusb (usb_busses global instead of usb_get_busses()). + +2004-09-09 Werner Koch <[email protected]> + + * cardglue.h: Add members for CA fingerprints. + * cardglue.c (agent_release_card_info): Invalid them. + (learn_status_cb): Store them. + + * app-common.h, app-openpgp.c, iso7816.c, iso7816.h + * apdu.c, apdu.h, ccid-driver.c, ccid-driver.h + * card-util.c: Updated from current gnupg-1.9. + + Changes are: + + * ccid-driver.h (CCID_DRIVER_ERR_ABORTED): New. + * ccid-driver.c (ccid_open_reader): Support the stable 0.1 version + of libusb. + (ccid_get_atr): Handle short messages. + * apdu.c (my_rapdu_get_status): Implemented. + * apdu.c: Include <signal.h>. + * apdu.c (reader_table_s): Add function pointers for the backends. + (apdu_close_reader, apdu_get_status, apdu_activate) + (send_apdu): Make use of them. + (new_reader_slot): Intialize them to NULL. + (dump_ccid_reader_status, ct_dump_reader_status): New. + (dump_pcsc_reader_status): New. + (open_ct_reader, open_pcsc_reader, open_ccid_reader) + (open_osc_reader, open_rapdu_reader): Intialize function pointers. + (ct_activate_card, ct_send_apdu, pcsc_send_apdu, osc_send_apdu) + (error_string): Removed. Replaced by apdu_strerror. + (get_ccid_error_string): Removed. + (ct_activate_card): Remove the unused loop. + (reset_ct_reader): Implemented. + (ct_send_apdu): Activate the card if not yet done. + (pcsc_send_apdu): Ditto. + * ccid-driver.h: Add error codes. + * ccid-driver.c: Implement more or less proper error codes all + over the place. + * apdu.c (apdu_send_direct): New. + (get_ccid_error_string): Add some error code mappings. + (send_apdu): Pass error codes along for drivers already supporting + them. + (host_sw_string): New. + (get_ccid_error_string): Use above. + (send_apdu_ccid): Reset the reader if it has not yet been done. + (open_ccid_reader): Don't care if the ATR can't be read. + (apdu_activate_card): New. + (apdu_strerror): New. + (dump_reader_status): Only enable it with opt.VERBOSE. + * iso7816.c (map_sw): Add mappings for the new error codes. + * apdu.c (open_ct_reader, open_pcsc_reader, open_ccid_reader) + (reset_ccid_reader, open_osc_reader): Call dump_reader_status only + in verbose mode. + * app-openpgp.c (do_getattr): Fix for sending CA-FPR. + * app-openpgp.c (app_openpgp_readkey): Fixed check for valid + exponent. + * app-openpgp.c (do_setattr): Sync FORCE_CHV1. + * card-util.c (change_login): Kludge to allow reading data from a + file. + (card_edit): Pass ARG_STRING to change_login. + (card_status): Print CA fingerprints. + (change_cafpr): New. + (card_edit): New command CAFPR. + +2004-04-30 Werner Koch <[email protected]> + + * g10.c (main) <gpgconf>: Use gpg.conf and not /dev/null as + default filename. + +2004-04-28 Werner Koch <[email protected]> + + * card-util.c (card_edit): Remove PIN verification. + (generate_card_keys): New arg SERIALNO. Do PIN verification here + after resetting forced_chv1. + + +2004-09-09 Werner Koch <[email protected]> + + * signal.c (got_fatal_signal): Do readline cleanup. Print signal + number if we can't print the name. Use new autoconf macro + HAVE_DECL_SYS_SIGLIST. + (get_signal_name): Removed. + + * photoid.c: Include ttyio.h. + + * parse-packet.c (skip_rest): Removed. Changed all callers to use + the new iobuf_skip_reset. Orginal patch by Florian Weimer. + +2004-09-07 Werner Koch <[email protected]> + + * photoid.c (generate_photo_id): Use tty_printf and not just + printf. Put _() around one string. + +2004-09-03 David Shaw <[email protected]> + + * keyserver.c (parse_keyrec): Force the 'e'xpired flag on as soon + as we know the key is definitely expired. Some translatable + string cleanup. + +2004-08-27 David Shaw <[email protected]> + + * encode.c, exec.c, g10.c, sign.c: Some translatable string + cleanup. Change some "this" to `this'. + +2004-08-23 David Shaw <[email protected]> + + * keyserver.c (keyserver_spawn): Show log line for what keyserver + action we are taking. + + * keyid.c (keystr): If printing a keyid that lacks the high 4 + bytes, print the low 4 alone. + (keystr_from_desc): Handle short keyids and warn on v3 + fingerprints. + + * keydb.h, getkey.c (get_user_id_printable, + get_user_id_string_printable): Rename to get_user_id_native and + get_user_id_string_native and remove the printable stuff since + we're print-ifying valid utf8 characters. Change all callers in + import.c, sign.c, keylist.c, and encode.c. + + * keyserver.c (keyserver_search_prompt): Make sure the search + string is converted from UTF-8 before display. + +2004-08-19 Werner Koch <[email protected]> + + * seskey.c (encode_session_key): Changed the zero random byte + substituting code to actually do clever things. Thanks to + Matthias Urlichs for noting the implementation problem. + +2004-08-18 Marcus Brinkmann <[email protected]> + + * passphrase.c (agent_get_passphrase): Fix detection of gpg-agent + cancellation. + +2004-08-08 David Shaw <[email protected]> + + * plaintext.c (handle_plaintext): Bigger buffer for extra safety. + + * g10.c (main): New alias --throw-keyid for --throw-keyids, so + that it continues to work in old configuration files. Noted by + Jens Adam. + + * pkclist.c (algo_available): --pgp8 now allows blowfish, zlib, + and bzip2. + + * status.c (do_get_from_fd): Flush stdout if status isn't flushing + it for us. This guarantees that any menus that were displayed + before the prompt don't get stuck in a buffer. Noted by Peter + Palfrader. This is Debian bug #254072. + + * sign.c (update_keysig_packet): Revert change of 2004-05-18. It + is not appropriate to strip policy and notations when remaking a + sig. That should only happen when specifically requested by the + user. + +2004-08-05 David Shaw <[email protected]> + + * armor.c (radix64_read): No armor CRC is legal according to the + spec (the CRC is a MAY). + +2004-07-28 David Shaw <[email protected]> + + * misc.c (argsplit): Properly split quoted args from the keyword + and trim whitespace afterwards. + +2004-07-27 David Shaw <[email protected]> + + * misc.c (optsep): Add the ability to understand keyword="quoted + arg with spaces" type options. + +2004-07-16 David Shaw <[email protected]> + + * keylist.c (list_keyblock_print): Always use the new listing + format where uids are always on a line for themselves. Mark + expired secret keys as expired. + + * options.h, g10.c (main): Rename list show-validity to + show-uid-validity as it only shows for uids. + + * armor.c (armor_filter): Do not use padding to get us to 8 bytes + of header. Rather, use 2+4 as two different chunks. This avoids + a fake filename of "is". + +2004-07-15 David Shaw <[email protected]> + + * keyedit.c (sign_uids): Properly handle remaking a self-sig on + revoked or expired user IDs. Also, once we've established that a + given uid cannot or will not be signed, don't continue to ask + about each sig. + + * mainproc.c (proc_symkey_enc), seckey-cert.c (do_check): Check + the S2K hash algorithm before we try to generate a passphrase + using it. This prevents hitting BUG() when generating a + passphrase using a hash that we don't have. + + * sign.c (sign_symencrypt_file): Allow using --force-mdc in --sign + --symmetric messages. + + * g10.c (main): Alias --charset as --display-charset to help avoid + the continuing confusion and make room for possible changes in + devel. + + * parse-packet.c (parse_plaintext): Show the hex value for the + literal packet mode since it may not be printable. + + * keygen.c (make_backsig): Make sure that the backsig was built + successfully before we try and use it. + + * status.h, status.c (get_status_string), plaintext.c + (handle_plaintext): New status tags PLAINTEXT and + PLAINTEXT_LENGTH. + +2004-06-16 Werner Koch <[email protected]> + + * free-packet.c (copy_secret_key): Get last fix right. + +2004-06-16 Werner Koch <[email protected]> + + * free-packet.c (copy_secret_key): Fixed memory leak when D is not + NULL. + + * passphrase.c (passphrase_to_dek): Added a few comments to the + code. + +2004-05-26 David Shaw <[email protected]> + + * keyserver.c (keyserver_refresh): Keep track of keys already + fetched so we don't do a regular keyserver fetch if the preferred + keyserver fetch has exhausted the list. + +2004-05-23 David Shaw <[email protected]> + + * verify.c (verify_signatures): Verify multiple files in the same + order in which we hashed them when issuing the signature. Noted + by Nicholas Cole. + + * pkclist.c (do_edit_ownertrust): Fix a kbnode leak and do another + keyid-format conversion. + +2004-05-22 Werner Koch <[email protected]> + + * trustdb.c (check_regexp): s/EXP/EXPR/. + + * keyedit.c (trustsig_prompt): Remoev useless range check. + + * options.h: Renamed ctrl to glo_ctrl. Changed all users. + + * ccid-driver.c (ccid_open_reader): Print a warning when CCID + can't be used. + +2004-05-21 David Shaw <[email protected]> + + * mainproc.c (check_sig_and_print): If we're honoring preferred + keyservers, and auto-key-retrieve is set, try and get a missing + key from the preferred keyserver subpacket when we verify the sig. + + * gpgv.c (parse_preferred_keyserver, free_keyserver_spec): Stubs. + + * keyserver.c (keyidlist): Use new parse_preferred_keyserver + function. + (keyserver_work): Use the passed-in keyserver spec rather than the + options global one. + + * keyserver-internal.h, keyserver.c (parse_preferred_keyserver): + New function to take a sig and return a split out keyserver_spec. + (keyserver_import_keyid): Now takes a keyserver_spec. + + * keyserver.c (keyidlist): Go back to the old fast keyid lister. + Only merge selfsigs if we have to for honor-keyserver-url. + (keyserver_refresh): Keyserver URL handler moved here. + (calculate_keyid_fpr): Removed. + + * keydb.h, keyid.c (keystr_from_desc): Calculate a key string from + a KEYDB_SEARCH_DESC. + + * keyserver.c (keyserver_spawn): Fix keyserver options on tempfile + only platforms. Noted by Roger Sondermann. + +2004-05-20 David Shaw <[email protected]> + + * keyserver.c (keyserver_work): Allow --refresh-keys with a + preferred keyserver to happen even if there is no global keyserver + set. + + * sig-check.c (do_check_messages): No need to check for Elgamal + signatures any longer. + (do_check_messages, do_check, check_key_signature2): + --keyid-format conversion. + + * pkclist.c (show_paths, edit_ownertrust): Remove some unused + code. + + * options.h (ctrl): New for member IN_AUTO_KEY_RETRIEVE. + + * mainproc.c (check_sig_and_print): track whether we are + retrieving a key. + + * status.c (status_currently_allowed): New. + (write_status_text, write_status_text_and_buffer): Use it here. + + * g10.c: New command --gpgconf-list. + (gpgconf_list): New. From Werner on stable branch. + +2004-05-19 David Shaw <[email protected]> + + * pubkey-enc.c (get_session_key, get_it), keyedit.c + (show_key_with_all_names, show_basic_key_info): --keyid-format + conversion. + +2004-05-18 David Shaw <[email protected]> + + * sign.c (update_keysig_packet): Policies and notations should be + stripped out when remaking a self-signature. Noted by Atom + Smasher. + + * keyserver.c (parse_keyserver_uri): Fix compiler warnings. + +2004-05-11 David Shaw <[email protected]> + + * options.h, keyserver-internal.h, keyserver.c + (parse_keyserver_uri): Improved URI parser that keeps track of the + path information and doesn't modify the input string. + (keyserver_spawn): Tell keyserver plugins about the path. + +2004-05-11 Werner Koch <[email protected]> + + * keylist.c (show_policy_url, show_keyserver_url, show_notation) + (list_one): Use const char* for i18n string helpers. + + * keygen.c (do_generate_keypair, read_parameter_file): Really + close the files. + (do_generate_keypair): Create the secret key file using safe + permissions. Noted by Atom Smasher. + +2004-05-10 David Shaw <[email protected]> + + * options.h, mainproc.c (symkey_decrypt_seskey), keyserver.c + (struct keyrec, parse_keyrec, keyserver_search_prompt), keyedit.c + (keyedit_menu), g10.c (add_keyserver_url, add_policy_url): Fix + some compiler warnings. + +2004-05-08 David Shaw <[email protected]> + + * keyedit.c (keyedit_menu, menu_set_keyserver_url): Allow passing + preferred keyserver on "keyserver" command line. Sanity check + keyserver URL before accepting it. + + * keyserver-internal.h, g10.c (main), keyserver.c + (parse_keyserver_uri): Add an option to require the scheme:// and + change all callers. + (free_keyserver_spec): Make public. + +2004-05-07 Werner Koch <[email protected]> + + * sign.c (write_plaintext_packet): Fixed the detection of too + large files in the same way as in encode.c. + +2004-05-04 David Shaw <[email protected]> + + * keylist.c (show_notation): Use bits to select which sort of + notation to show. Don't allow a not-shown notation to prevent us + from issuing the proper --status-fd message. + + * options.h, g10.c (main): Add show-std/standard-notations and + show-user-notations. show-notations is both. Default is to show + standard notations only during verify. Change all callers. + +2004-04-28 David Shaw <[email protected]> + + * main.h, keylist.c (show_notation): Add argument to show only + user notations, only standard notations, or both. Change all + callers. + + * keyserver.c (keyserver_spawn): We still need EXEC_TEMPFILE_ONLY. + +2004-04-28 Werner Koch <[email protected]> + + * card-util.c (card_edit): Require PIN only for generate. + + * app-openpgp.c (do_setattr): Sync FORCE_CHV1. + +2004-04-27 Werner Koch <[email protected]> + + * keyserver.c (keyserver_spawn) [EXEC_TEMPFILE_ONLY]: Removed + setting use_temp_file because this option has been removed. + + * g10.c: New commands --allow-admin and --deny-admin. + * options.h (opt): Add member ALLOW_ADMIN. + + * tlv.h, tlv.c: New. Copied from gnupg-1.9. + * cardglue.c (open_card): The serialno is now set internally by + app_select_openpgp; changed invocation. + * cardglue.h (app_t, ctrl_t): New. + (GPG_ERR_EBUSY, GPG_ERR_ENOENT, GPG_ERR_NOT_FOUND, GPG_ERR_BUG) + (GPG_ERR_NOT_IMPLEMENTED, GPG_ERR_EACCESS): New. + (gpg_err_code_from_errno): New. + + * app-common.h, app-openpgp.c, iso7816.c, iso7816.h + * apdu.c, apdu.h, ccid-driver.c, ccid-driver.h + * card-util.c: Updated from current gnupg-1.9. + + Changes are: + + * app-common.h: New members FNC.DEINIT and APP_LOCAL. + * app-openpgp.c (do_deinit): New. + (get_cached_data, flush_cache_item, flush_cache_after_error) + (flush_cache): New. + (get_one_do): Replaced arg SLOT by APP. Make used of cached data. + (verify_chv2, verify_chv3): Flush some cache item after error. + (do_change_pin): Ditto. + (do_sign): Ditto. + (do_setattr): Flush cache item. + (do_genkey): Flush the entire cache. + (compare_fingerprint): Use cached data. + + * apdu.c (apdu_send_le): Reinitialize RESULTLEN. Handle + SW_EOF_REACHED like SW_SUCCESS. + + * ccid-driver.c (parse_ccid_descriptor): Store some of the reader + features away. New arg HANDLE + (read_device_info): New arg HANDLE. Changed caller. + (bulk_in): Handle time extension requests. + (ccid_get_atr): Setup parameters and the IFSD. + (compute_edc): New. Factored out code. + (ccid_transceive): Use default NADs when required. + + * apdu.h: New pseudo stati SW_HOST_NOT_SUPPORTED, + SW_HOST_LOCKING_FAILED and SW_HOST_BUSY. + * iso7816.c (map_sw): Map it. + + * ccid-driver.c (ccid_slot_status): Add arg STATUSBITS. + * apdu.c (apdu_get_status): New. + (ct_get_status, pcsc_get_status, ocsc_get_status): New stubs. + (get_status_ccid): New. + (apdu_reset): New. + (reset_ct_reader, reset_pcsc_reader, reset_osc_reader): New stubs. + (reset_ccid_reader): New. + (apdu_enum_reader): New. + + * apdu.c (lock_slot, trylock_slot, unlock_slot): New helpers. + (new_reader_slot) [USE_GNU_PTH]: Init mutex. + (apdu_reset, apdu_get_status, apdu_send_le): Run functions + in locked mode. + +2004-04-25 David Shaw <[email protected]> + + * getkey.c (get_seckey_byname2): Significantly simplify this + function by using key_byname to do the heavy lifting. Note that + this also fixes an old problem when the first key on the secret + keyring has an unusable stub primary, but is still chosen. + + * getkey.c (key_byname): If namelist is NULL, return the first key + in the keyring. + +2004-04-22 David Shaw <[email protected]> + + * keygen.c (make_backsig): If DO_BACKSIGS is not defined, do not + create backsigs. + + * getkey.c (merge_selfsigs_subkey): Find 0x19 backsigs on subkey + selfsigs and verify they are valid. If DO_BACKSIGS is not + defined, fake this as always valid. + + * packet.h, parse-packet.c (parse_signature): Make parse_signature + non-static so we can parse 0x19s in self-sigs. + + * main.h, sig-check.c (check_backsig): Check a 0x19 signature. + (signature_check2): Give a backsig warning if there is no or a bad + 0x19 with signatures from a subkey. + +2004-04-21 David Shaw <[email protected]> + + * parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt, + can_handle_critical): Parse and display 0x19 signatures. + +2004-04-20 David Shaw <[email protected]> + + * keyserver.c (parse_keyserver_uri): Do not accept "http" as an + alias for "hkp". They are not the same thing. + +2004-04-19 David Shaw <[email protected]> + + * options.h, g10.c (main): Add keyserver-option + honor-keyserver-url. parse_keyserver_options now returns a + success code. + + * keyserver.c (parse_keyserver_options): Return error on failure + to parse. Currently there is no way to fail as any unrecognized + options get saved to be sent to the keyserver plugins later. + Check length of keyserver option tokens since with =arguments we + must only match the prefix. + (free_keyserver_spec): Moved code from parse_keyserver_url. + (keyserver_work, keyserver_spawn): Pass in a struct keyserver_spec + rather than using the global keyserver option. + (calculate_keyid_fpr): New. Fills in a KEYDB_SEARCH_DESC for a + key. + (keyidlist): New implementation using get_pubkey_bynames rather + than searching the keydb directly. If honor-keyserver-url is set, + make up a keyserver_spec and try and fetch that key directly. Do + not include it in the returned keyidlist in that case. + +2004-04-16 David Shaw <[email protected]> + + * plaintext.c (handle_plaintext): Accept 'u' as a plaintext mode + that requires end of line conversion. This is being considered + for a UTF8 text packet. If this doesn't take place, no major harm + done. If it does take place, we'll get a jump on starting the + changeover. + + * g10.c (main): --no-use-embedded-filename. + + * build-packet.c (calc_plaintext, do_plaintext): Do not create + illegal (packet header indicates a size larger than the actual + packet) encrypted data packets when not compressing and using a + filename longer than 255 characters. + + * keyedit.c (no_primary_warning): Cleanup. (menu_expire): Don't + give primary warning for subkey expiration changes. These cannot + reorder primaries. + + * keygen.c (gen_elg, gen_dsa, gen_rsa, do_create, + do_generate_keypair, generate_subkeypair): New is_subkey argument + to set whether a generated key is a subkey. Do not overload the + ret_sk. This is some early cleanup to do backsigs for signing + subkeys. + + * keygen.c (write_keybinding, do_generate_keypair, + generate_subkeypair): Keep track of the unprotected subkey secret + key so we can make a backsig with it. + + * keygen.c (make_backsig): New function to add a backsig to a + binding sig of signing subkeys. Currently disabled. + (write_keybinding): Call it here, for signing subkeys only. + + * sign.c (make_keysig_packet): Allow generating 0x19 signatures + (same as 0x18 or 0x28, but used for backsigs). + + * packet.h, build-packet.c (build_sig_subpkt): Add new + SIGSUBPKT_SIGNATURE type for embedded signatures. + + * main.h, misc.c (optsep, argsplit, optlen, parse_options): + Simplify code and properly handle a partial match against an + option with an argument. + + * keyserver-internal.h, keyserver.c (parse_keyserver_options): Use + new optsep and argsplit functions. + +2004-04-15 David Shaw <[email protected]> + + * main.h, misc.c (argsplit): Refactor argsep into argsplit and + argsep so they can be called separately. + + * options.h, keyserver.c (parse_keyserver_options): Remove + duplicate code from parse_keyserver_options by calling the generic + parse_options. + + * keyserver.c (keyserver_spawn, keyserver_refresh), g10.c (main), + gpgv.c (main), mainproc.c (check_sig_and_print), import.c + (revocation_present): Change all callers. + +2004-04-14 David Shaw <[email protected]> + + * packet.h, getkey.c (fixup_uidnode, merge_selfsigs_subkey): Keep + track of which self-sig we actually chose. + + * keyedit.c (menu_expire, menu_set_primary_uid, + menu_set_preferences): Use it here to avoid updating non-used + self-sigs and possibly promoting an old self-sig into + consideration again. + + * options.h, import.c, keyserver-internal.h, g10.c, mainproc.c, + keyserver.c (parse_keyserver_uri): Parse keyserver URI into a + structure. Cleanup for new "guess my keyserver" functionality, as + well as refreshing via a preferred keyserver subpacket. + + * options.h: Encapsulate keyserver details. Change all callers. + +2004-04-05 Werner Koch <[email protected]> + + * status.h (STATUS_NEWSIG): New. + * status.c (get_status_string): Add it. + +2004-03-27 David Shaw <[email protected]> + + * keyedit.c (keyedit_menu): Request a trustdb update when adding a + new user ID so the new ID gets validity set. Reported by Owen + Taylor. + +2004-03-25 David Shaw <[email protected]> + + * options.h, g10.c (main), compress-bz2.c (init_uncompress): + Rename --bzip2-compress-lowmem to --bzip2-decompress-lowmem since + it applies to decompression, not compression. + +2004-03-24 David Shaw <[email protected]> + + * keyedit.c (sign_uids, show_key_and_fingerprint, ask_revoke_sig, + menu_revsig, menu_showphoto): --keyid-format conversion. + (menu_addrevoker): Use print_pubkey_info() rather than duplicating + code. + +2004-03-19 David Shaw <[email protected]> + + * trustdb.c (update_min_ownertrust, validate_keys): Do not use + keystr functions in log_debug. + + * import.c (import_one): Try and collapse user IDs when importing + a key for the first time. + + * keyedit.c (menu_addrevoker): Allow appointing a subkey as a + designated revoker if the user forces it via keyid!, so long as + the subkey can certify. Also use the proper date string when + prompting for confirmation. + + * g10.c (main): Maintain ordering of multiple Comment lines. + Requested by Peter Hyman. + +2004-03-17 David Shaw <[email protected]> + + * mainproc.c (proc_pubkey_enc, print_pkenc_list, list_node): + --keyid-format conversion. + +2004-03-16 David Shaw <[email protected]> + + * getkey.c (skip_unusable, merge_selfsigs_main, + premerge_public_with_secret, lookup, get_user_id_string): + --keyid-format conversion. + +2004-03-15 David Shaw <[email protected]> + + * trustdb.c (add_utk, verify_own_keys, update_min_ownertrust, + get_validity, ask_ownertrust, validate_keys): --keyid-format + conversion. + + * import.c (check_prefs_warning, check_prefs): --keyid-format + conversion and a little better text. + (import_one, import_secret_one, import_revoke_cert, chk_self_sigs, + delete_inv_parts, merge_blocks): Still more --keyid-format + conversions. + +2004-03-06 David Shaw <[email protected]> + + * keylist.c (print_seckey_info, print_pubkey_info): --keyid-format + conversion. + (list_keyblock_print): 0xshort should not push us into the new + list format since it is not much longer than regular 8-character + short keyids. + + * keydb.h, keyid.c (keystr_from_pk, keystr_from_sk): New functions + to pull a key string from a key in one step. This isn't faster + than before, but makes for neater code. + + * keylist.c (list_keyblock_print): Use keystr_from_xx here. + (print_key_data): No need to pass a keyid in. + +2004-03-05 David Shaw <[email protected]> + + * keyid.c (keyid_from_sk): Minor performance boost by caching + secret key keyids so we don't have to calculate them each time. + + * getkey.c (merge_selfsigs_subkey): Do not mark subkeys valid if + we do not support their pk algorithm. This allows for early + (during get_*) rejection of a subkey, and selection of another. + + * passphrase.c (passphrase_to_dek): Give a little more information + when we have room to do so. + +2004-03-04 David Shaw <[email protected]> + + * revoke.c (export_minimal_pk), export.c (do_export_stream), + passphrase.c (passphrase_to_dek), keyserver.c (print_keyrec): A + few more places to use --keyid-format. + + * options.h, g10.c (main), export.c (parse_export_options, + do_export_stream): Remove --export-all and the "include-non-rfc" + export-option as they are no longer meaningful with the removal of + v3 Elgamal keys. + + * armor.c (fake_packet, armor_filter): Use the 2440 partial length + encoding for the faked plaintext packet. + +2004-03-03 David Shaw <[email protected]> + + * options.h, g10.c (main), mainproc.c (check_sig_and_print): + Remove verify-option show-long-keyids and replace with + the more general keyid-format. + + * build-packet.c (write_header2): Remove call to start old gpg + partial length mode and change all callers. + (do_plaintext): Turn off partial length encoding now that we're + done writing the packet. + (do_comment, do_user_id): Try for a headerlen of 2 since that's + the smallest and most likely encoding for these packets. + + * parse-packet.c (parse): Remove call to start old gpg partial + length mode. + +2004-03-02 David Shaw <[email protected]> + + * options.h, g10.c (main): Add a more flexible --keyid-format + option to replace the list-option (and eventually verify-option) + show-long-keyids. The format can be short, long, 0xshort, and + 0xlong. + + * keydb.h, keyid.c (keystr, keystrlen): New functions to generate + a printable keyid. + + * keyedit.c (print_and_check_one_sig, show_key_with_all_names), + keylist.c (list_keyblock_print): Use new keystr() function here to + print keyids. + + * packet.h, free-packet.c (free_encrypted, free_plaintext), + parse-packet.c (copy_packet, skip_packet, skip_rest, read_rest, + parse_plaintext, parse_encrypted, parse_gpg_control): Use a flag + to indicate partial or indeterminate encoding. This is the first + step in some minor surgery to remove the old gpg partial length + encoding. + +2004-03-01 David Shaw <[email protected]> + + * parse-packet.c (parse): Only data-type packets are allowed to + use OpenPGP partial length encoding. + +2004-02-25 David Shaw <[email protected]> + + * delkey.c (do_delete_key): Allow deleting a public key with a + secret present if --expert is set. + + * plaintext.c (handle_plaintext): Make bytecount static so it + works with multiple literal packets inside a message. + + * encode.c, helptext.c (keygen.algo, keygen.algo.elg_se), keygen.c + (ask_algo), sig-check.c (do_check_messages), skclist.c + (build_sk_list): Rename "ElGamal" to "Elgamal" as that is the + proper spelling nowadays. Suggested by Jon Callas. + +2004-02-24 David Shaw <[email protected]> + + * plaintext.c: Copyright. + + * encode.c (encode_simple): Show cipher with --verbose. + + * options.h, g10.c (main), keyedit.c (sign_keys): Add + --ask-cert-level option to enable cert level prompts during + sigs. Defaults to on. Simplify --default-cert-check-level to + --default-cert-level. If ask-cert-level is off, or batch is on, + use the default-cert-level as the cert level. + + * options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): + Simplify --min-cert-check-level to --min-cert-level. + +2004-02-22 David Shaw <[email protected]> + + * options.h, g10.c (main), trustdb.c (mark_usable_uid_certs): Add + --min-cert-check-level option to specify minimum cert check level. + Defaults to 2 (so 0x11 sigs are ignored). 0x10 sigs cannot be + ignored. + +2004-02-21 David Shaw <[email protected]> + + * plaintext.c (handle_plaintext): Properly handle a --max-output + of zero (do not limit output at all). + + * keyserver.c (keyserver_spawn): Use the full 64-bit keyid in the + INFO header lines, and include "sig:" records for the benefit of + people who store their keys in LDAP servers. It makes it easy to + do queries for things like "all keys signed by Isabella". + + * main.h, misc.c (hextobyte): Removed. It's in libutil.a now. + +2004-02-20 David Shaw <[email protected]> + + * keyserver.c (keyserver_export): Disallow user strings that + aren't key IDs. + (keyserver_import): Clarify error message. + (keyserver_spawn): Properly handle 8 bit characters in user IDs in + the info lines during SEND. + + * mkdtemp.c: Removed. + + * Makefile.am: We get mkdtemp.c from libutil.a now, so don't link + with @LIBOBJS@. + + * keyserver.c (keyserver_spawn): Pass the scheme to the keyserver + helper. + +2004-02-18 David Shaw <[email protected]> + + * options.h, g10.c (main), plaintext.c (handle_plaintext): Add + --max-output option to help people deal with decompression bombs. + +2004-02-15 David Shaw <[email protected]> + + * build-packet.c (do_user_id): Do not force a header for attribute + packets as they require a new CTB, and we don't support forced + headers for new CTBs yet. + +2004-02-14 David Shaw <[email protected]> + + * build-packet.c (write_header2): If a suggested header length is + provided along with a zero length, interpret this as an actual + zero length packet and not as an indeterminate length packet. + (do_comment, do_user_id): Use it here as these packets might be + naturally zero length. + + * parse-packet.c (parse): Show packet type when failing due to an + indeterminate length packet. + + * misc.c (parse_options): Only provide args for the true (i.e. not + "no-xxx") form of options. + +2004-02-13 David Shaw <[email protected]> + + * keyserver.c (argsep): Move to misc.c. + + * main.h, misc.c (parse_options), export.c (parse_export_options), + import.c (parse_import_options), g10.c (main): Use it here to + allow for options with optional arguments. Change all callers. + + * import.c (check_prefs): Some language fixes. + (sec_to_pub_keyblock, import_secret_one): Without knowing the + number of MPIs there are, we cannot try and sk-to-pk-ize a key. + +2004-02-12 David Shaw <[email protected]> + + * import.c (check_prefs): New function to check preferences on a + public key to ensure that it does not advertise any that we cannot + fulfill. Use the keyedit command list function to optionally + rewrite the prefs. + (import_one, import_secret_one): Use it here when importing a + public key that we have the secret half of, or when importing a + secret key that we have the public half of. + + * main.h, keyedit.c (keyedit_menu): Remove sign_mode and enhance + the more general command list functionality to replace it. + + * g10.c (main): Use the general command functionality to implement + --sign-key, --lsign-key, --nrsign-key, and --nrlsign-key. + + * import.c (import_one): Do the revocation check even in the case + when a key, a revocation key set in a direct key signature, and a + revocation from that revocation key, all arrive piecemeal. + Needless to say, this is pretty obscure. + +2004-02-11 David Shaw <[email protected]> + + * options.h, g10.c (main), keylist.c (list_keyblock_print): Add + "show-unusable-subkeys" list-option to show revoked and/or expired + subkeys. + +2004-02-10 David Shaw <[email protected]> + + * keyedit.c (keyedit_menu): Prompt for subkey removal for both + secret and public subkeys. + + * keylist.c (list_keyblock_print), keyedit.c + (show_key_with_all_names): Show the revocation date of a + key/subkey, and general formatting work. + + * packet.h, getkey.c (merge_selfsigs_main, merge_selfsigs_subkey, + merge_selfsigs): Keep track of the revocation date of a key. + + * keydb.h, keyid.c (revokestr_from_pk): New function to print the + revocation date of a key. + + * keygen.c (keygen_set_std_prefs): Build the default preferences + list at runtime as it properly handles algorithms disabled at + build or run time. + + * getkey.c (merge_selfsigs_main): Properly handle expired user IDs + when the expired self-sig is not the only self-sig. + + * misc.c (compress_algo_to_string): Return NULL on failure like + all of the other xxxx_algo_to_string() functions. + + * mainproc.c (list_node): Minor spacing tweak to match --list-keys + output. + + * keylist.c (list_keyblock_print), mainproc.c (list_node): Mark + revoked subkeys as revoked. Requested by Matthew Wilcox. Revoked + overrides expiration when both apply. + + * keyedit.c (show_prefs): Use compress algo constants. + (show_basic_key_info): Make revoked and expired tags translatable. + + * g10.c (rm_group): Properly ungroup from a list of groups. + +2004-01-30 David Shaw <[email protected]> + + * g10.c (main, rm_group): Add --ungroup command to remove a + particular group. + (add_group): When adding a group with the same name as an already + existing group, merge the two groups. + (list_config): Show an error message when listing a config item + that doesn't exist. + (main): Replace -z0 trick for no compression. + + * packet.h, keyedit.c (show_key_with_all_names_colon), keylist.c + (list_keyblock_colon), mainproc.c (list_node, proc_tree): Minor + cleanup to remove local_id, which is no longer used. + +2004-01-27 David Shaw <[email protected]> + + * getkey.c: Set MAX_PK_CACHE_ENTRIES and MAX_UID_CACHE_ENTRIES to + PK_UID_CACHE_SIZE (set in ./configure). + + * getkey.c (get_pubkey): When reading key data into the cache, + properly handle keys that are partially (pk, no UIDs) cached + already. This is Debian bug #176425 and #229549. + + * compress.c (init_compress, push_compress_filter2): Do the right + thing (i.e. nothing) with compress algo 0. + + * main.h, decrypt.c (decrypt_messages): Accept filenames to + decrypt on stdin. This is bug #253. + +2004-01-23 David Shaw <[email protected]> + + * mainproc.c (list_node): Show sigs with --verbose. + + * options.h, g10.c (set_screen_dimensions): New function to look + at COLUMNS and LINES. + + * keyserver.c (parse_keyrec, keyserver_search_prompt), keyedit.c + (print_and_check_one_sig): Use new screen dimension variables. + +2004-01-21 David Shaw <[email protected]> + + * g10.c (list_config): New function to dump config options to + stdout. Currently requires --with-colons. + (collapse_args): New function to turn argc/argv into a single + string. + (main): Use it here to pass list_config() more than one argument + as a single string. + (print_algo_numbers): Helper to print algorithm number for + --list-config "pubkey", "cipher", "hash"/"digest", and "compress" + config options. + + * packet.h, getkey.c (merge_selfsigs, merge_selfsigs_main), + pkclist.c (check_signatures_trust): Indicate who has revoked a key + (the owner or a designated revoker). If a key was revoked by + both, prefer the owner. If a subkey is already revoked by the + owner, don't allow a designated revokation of the whole key to + override this. We're still revoked either way, of course. + + * keyedit.c (print_and_check_one_sig, keyedit_menu): Use the + COLUMNS environment variable (if any) to hint how wide the + terminal is. Disabled on _WIN32. Suggested by Janusz + A. Urbanowicz. + +2004-01-20 David Shaw <[email protected]> + + * keylist.c (set_attrib_fd): Open attribute fd in binary + mode. This isn't meaningful on POSIX systems, but the Mingw builds + aren't exactly POSIX. + + * trustdb.c (reset_trust_records): New, faster, implementation + that doesn't involve a keyring scan. + (clear_validity): Removed. + + * g10.c (main), keydb.h, keydb.c (keydb_rebuild_caches), + keyring.h, keyring.c (keyring_rebuild_cache): Add "noisy" flag so + cache rebuilds can remain noisy when called for itself, and quiet + when called as part of the trustdb rebuild. + + * trustdb.c (validate_keys): Rebuild the sig caches before + building the trustdb. Note that this is going to require some + architectual re-thinking, as it is agonizingly slow. + +2004-01-19 David Shaw <[email protected]> + + * sig-check.c (check_key_signature2): Comments. + + * keyring.c (keyring_rebuild_cache): Clear sig cache for any + signatures that we can no longer process (say, if the user removed + support for a necessary pubkey or digest algorithm). + +2004-01-16 David Shaw <[email protected]> + + * misc.c (print_cipher_algo_note): May as well call Rijndael AES + at this point. + + * keygen.c (do_create), misc.c (openpgp_pk_algo_usage): Remove the + last bits of Elgamal type 20 support. + +2004-01-03 Stefan Bellon <[email protected]> + + * compress.c [__riscos__]: Only use RISC OS' own ZLib module if + configured to use it. + +2003-12-30 David Shaw <[email protected]> + + * options.h, g10.c (main), import.c (parse_import_options, + import_one, import_secret_one), keyserver.c (keyserver_refresh): + Change --merge-only to --import-option merge-only. Deprecate + --merge-only. + +2003-12-29 David Shaw <[email protected]> + + * misc.c (pull_in_libs): Dead code. Removed. + + * sig-check.c (check_revocation_keys): Comments. + + * getkey.c (merge_selfsigs_main): Don't bother to check designated + revoker sigs if the key is already revoked. + + * packet.h, getkey.c (merge_selfsigs_main): New "maybe_revoked" + flag on PKs. It is set when there is a revocation signature from + a valid revocation key, but the revocation key is not present to + verify the signature. + + * pkclist.c (check_signatures_trust): Use it here to give a + warning when showing key trust. + + * compress-bz2.c: Include stdio.h. Solaris 9 has a very old bzip2 + library and we can at least guarantee that it won't fail because + of the lack of stdio.h. + + * tdbio.c: Fixed format string bugs related to the use of DB_NAME. + Reported by Florian Weimer. + +2003-12-28 David Shaw <[email protected]> + + * options.h, g10.c (main), keyserver.c (keyserver_opts, + parse_keyserver_uri): honor-http-proxy is no longer an option + since we can do the same thing with http-proxy with no arguments. + Also remove broken-http-proxy since it can be better handled in + the HTTP helper. + + * keyserver.c (argsep): New variation on strsep that knows about + optional arguments. + (parse_keyserver_options): Use it here for optional arguments. + +2003-12-28 Stefan Bellon <[email protected]> + + * plaintext.c (handle_plaintext) [__riscos__]: Don't mangle + filename if the user specified it. + + * g10.c, gpgv.c [__riscos__]: Removal of unnecessary #ifdef + __riscos__ sections. + +2003-12-27 David Shaw <[email protected]> + + * keyserver.c (strip_leading_space, get_arg): New. + (parse_keyserver_options): Use them here to allow arguments to + keyserver-options. Since none of our options need arguments yet, + just pass them through whole to the keyserver helper. + + * main.h, misc.c (parse_options): Add a "noisy" flag to enable and + disable the messages about which option didn't match or matched + ambiguously. Change all callers (g10.c, keyserver.c). + + * main.h, import.c (import_options), export.c (export_options): + Pass the noisy flag through. + +2003-12-17 David Shaw <[email protected]> + + * build-packet.c (write_fake_data, do_secret_key), seckey-cert.c + (do_check): Use an unsigned length for mpi_get_opaque. + + * options.h: It's impolite to assign -1 to an unsigned + opt.force_ownertrust. + + * sig-check.c (cmp_help, do_check), sign.c (do_sign): Remove old + unused code. + + * keyid.c (keyid_from_sk): Make sure lowbits is initialized. + +2003-12-12 David Shaw <[email protected]> + + * sig-check.c (do_check): Move the signing algo and hash checks + from here... + (signature_check2): ... to here. + (check_key_signature2): ... and here. This is a minor + optimization to avoid fetching a key (which can be expensive, + especially if it is not self-signed, and there are many key + signatures on it which need to be checked for ultimate trust) if + the signature would have failed anyway because of algorithm or + hash problems. + +2003-12-10 David Shaw <[email protected]> + + * packet.h, build-packet.c (hash_public_key): Remove function ... + + * keydb.h, keyid.c (hash_public_key, do_fingerprint_md): ... and + make a new one here that shares code with the fingerprint + calculations. This removes some duplicated functionality, and is + also around 14% faster. (Every bit helps). + + * import.c (import_one): No longer need the Elgamal import + warning. + + * getkey.c (get_pubkey_fast): This one is sort of obscure. + get_pubkey_fast returns the primary key when requesting a subkey, + so if a user has a key signed by a subkey (we don't do this, but + used to), AND that key is not self-signed, AND the algorithm of + the subkey in question is not present in GnuPG, AND the algorithm + of the primary key that owns the subkey in question is present in + GnuPG, then we will try and verify the subkey signature using the + primary key algorithm and hit a BUG(). The fix is to not return a + hit if the keyid is not the primary. All other users of + get_pubkey_fast already expect a primary only. + +2003-12-09 David Shaw <[email protected]> + + * keyid.c (do_fingerprint_md): Remove the rules to hash the old v3 + Elgamal keys. They are no longer needed. + + * keyid.c (keyid_from_sk, keyid_from_pk, fingerprint_from_pk, + fingerprint_from_sk): Enforce the v3-is-only-RSA rule. Anything + that isn't RSA gets a zero keyid and fingerprint. + + * keyid.c (do_fingerprint_md): Properly handle hashing of keys + that we don't know the structure of by using the opaque MPI. + (do_fingerprint_md_sk): We cannot calculate the fingerprint from a + secret key unless we know the structure (since we can't leave off + the secret key parts), so fail early..... + (keyid_from_sk, fingerprint_from_sk): .... and return all zeroes. + +2003-12-03 David Shaw <[email protected]> + + * g10.c (strusage, main): Show development version warning in + --version output. + (main): Set --bzip2-compress-level to the default value at + startup. Remove --emulate-checksum-bug noop. + + * options.h, g10.c (main), main.h, seskey.c (do_encode_md, + encode_md_value), sig-check.c (do_check), sign.c (do_sign): Remove + --emulate-md-encode-bug as it only applied to Elgamal signatures, + which are going away. + +2003-11-30 David Shaw <[email protected]> + + * mainproc.c (proc_symkey_enc, proc_encrypted): Add ability to use + --override-session-key on --symmetric messages (new-style or + old-style). + (proc_pubkey_enc): Move code to show session key from here to + proc_encrypted() so it can work with any type of message. + Suggested by Michael Young. + +2003-11-29 David Shaw <[email protected]> + + * trustdb.c (validate_keys): Reset the trustdb before checking if + we have any ultimately trusted keys. This ensures that if we lose + all our ultimately trusted keys, we don't leave behind the old + validity calculations. Noted by Peter Palfrader. + + * revoke.c (gen_desig_revoke): Specify in the comment when a + designated revocation is generated. + + * getkey.c (merge_selfsigs_main, merge_selfsigs_subkey, + get_seckey_byname2): Remove Elgamal check since we are removing + type 20 keys altogether. + +2003-11-27 David Shaw <[email protected]> + + * pkclist.c (build_pk_list): Do not allow an empty PK list in + interactive mode. + + * keygen.c (ask_algo): Remove ability to generate Elgamal + sign+encrypt keys. + + * getkey.c (merge_selfsigs_main, merge_selfsigs_subkey, + get_seckey_byname2): Disallow use of sign+encrypt Elgamal keys. + +2003-11-20 David Shaw <[email protected]> + + * seskey.c (do_encode_md): Comment about earlier (pre-PGP 2.3) + encodings. + + * misc.c (compress_algo_to_string): Translate "Uncompressed". + Requested by Tommi Vainikainen. + (string_to_compress_algo): Include multi-string for + "uncompressed|none". + +2003-11-17 David Shaw <[email protected]> + + * options.h, g10.c (main), compress-bz2.c (init_uncompress): Add + --bz2-compress-lowmem to set bzlib "small" flag for low memory + (but slow) decompression. + +2003-11-15 David Shaw <[email protected]> + + * compress.c (init_compress): Remove compress level 10 trick, + since it is no longer needed. + + * g10.c: Fix typoed option name. + + * compress-bz2.c (init_compress): Compression level 0 is not + meaningful for bzip2. + + * options.h, g10.c (main), compress.c (init_compress), + compress-bz2.c (init_compress): Add --compress-level and + --bzip2-compress-level. -z sets them both. Change various + callers. + + * encode.c (encode_simple), sign.c (sign_symencrypt_file): + Properly use default_compress_algo (--compress-algo, followed by + the highest --personal-compress-preference, followed by ZIP) to + get the algorithm. + +2003-11-14 David Shaw <[email protected]> + + * options.h, trustdb.c (trust_model_string, init_trustdb): Add + support for "external" trust model, where the user can provide a + pregenerated trustdb. + + * keyedit.c (keyedit_menu): Do not allow editing ownertrust with + an external trust model trustdb. + +2003-11-13 David Shaw <[email protected]> + + * options.h, g10.c, keyedit.c, keylist.c, mainproc.c: Clarify the + plurarility (or not) of various list and verify options. + +2003-11-12 David Shaw <[email protected]> + + * g10.c (main): Add --symmetric --sign --encrypt. + + * main.h, encode.c (setup_symkey): New. Prompt for a passphrase + and create a DEK for symmetric encryption. + (write_symkey_enc): New. Write out symmetrically encrypted + session keys. + (encode_crypt, encrypt_filter): Use them here here when creating a + message that can be decrypted with a passphrase or a pk. + + * sign.c (sign_file): Call setup_symkey if we are doing a + --symmetric --sign --encrypt. + +2003-11-09 David Shaw <[email protected]> + + * mainproc.c (proc_symkey_enc): Don't show algorithm information + when --quiet is set. Suggested by Duncan Harris. Also don't fail + with BUG() when processing a --symmetric message with a cipher we + don't have. + + * g10.c: Alias --personal-xxx-prefs to --personal-xxx-preferences. + + * pkclist.c (build_pk_list): When adding recipients interactively, + allow the user to stop at any point. + +2003-10-31 David Shaw <[email protected]> + + * trustdb.h, trustdb.c (register_trusted_keyid): New. Adds a + keyid to the list of ultimately trusted keys. + + * keygen.c (do_generate_keypair): Use it here so that the ultimate + ownertrust happens before the trustdb (might be) rebuilt. Also + fix an error where the newly generated pk is thought to be a + subkey by the trustdb. + + * g10.c (main): Fix --export-all do actually do something + different than --export. + + * pkclist.c (build_pk_list): Show all recipients rather than + showing each recipient as they are added. + + * mainproc.c (proc_symkey_enc, proc_encrypted): Keep a count of + the number of passphrases that can decrypt a symmetric or mixed + symmetric/pk message and include it in the list of keys shown to + the user. + +2003-10-30 David Shaw <[email protected]> + + * misc.c (compress_algo_to_string, string_to_compress_algo, + check_compress_algo): Add bzip2. + + * compress.c (compress_filter): Make static to help force the use + of push_compress_filter. Remove default algorithm setting since + that is done in push_compress_filter now. + + * main.h: Use named algorithm. + + * filter.h, compress.c (push_compress_filter, + push_compress_filter2): New. Figure out which is the appropriate + compression filter to use, and push it into place. + + * compress.c (handle_compressed), encode.c (encode_simple, + encode_crypt), sign.c (sign_file, sign_symencrypt_file), import.c + (read_block), export.c (do_export): Use push_compress_filter + instead of pushing the compression filter ourselves. + + * compress-bz2.c: New. Bzlib versions of the compression filter + routines. + + * Makefile.am: Include compress-bz2.c if bz2lib is available. + +2003-10-30 Werner Koch <[email protected]> + + * apdu.c (close_ct_reader, close_pcsc_reader): Implemented. + (get_ccid_error_string): New. Not very useful messages, though. + +2003-10-29 Werner Koch <[email protected]> + + * cardglue.c (open_card): Ask for card insertion. + (check_card_serialno): New. + (agent_scd_pksign, agent_scd_pkdecrypt): Use it here. + * cardglue.c (open_card): Issue insertion status message. + * status.h, status.c (STATUS_CARDCTRL): New. + + * status.c (cpr_get_answer_okay_cancel): New. + +2003-10-28 Werner Koch <[email protected]> + + * keylist.c (list_keyblock_print): Denote secrets keys stored on a + card with an '>'. Print the '#' also for subkeys. + (list_keyblock_colon): Introduce new field 15 for sec/ssb to print + the serial number. + +2003-10-26 David Shaw <[email protected]> + + * g10.c (main): Enhance the version-specific config file code to + try for more specific matches before giving up (e.g. 1.3.3-cvs, + 1.3.3, 1.3, 1). + +2003-10-25 David Shaw <[email protected]> + + * g10.c (main): Add --symmetric --encrypt command. This generates + a message that can be decrypted via a passphrase or public key + system. + + * main.h, encode.c (encode_seskey): Allow passing in an + already-created session key dek. + (encode_simple): Use the actual symmetric cipher when encrypting a + session key for a symmetric message. + (encode_crypt): Add a flag to trigger a hybrid mode that can be + decrypted via a passphrase or a pk. Change all callers. + + * mainproc.c (symkey_decrypt_sesskey): There is no way to tell the + difference here between a bad passphrase and a cipher algorithm + that we don't have, so use a error message that makes that clear. + Use the actual list of ciphers when checking whether a cipher is + invalid. Return error if the decrypted cipher algorithm is + invalid. + (proc_symkey_enc): In a mixed passphrase/pk message, if a valid + dek already exists from decrypting via pk, do not try to process + the passphrase. + (proc_symkey_enc): Indicate when we're decrypting a session key as + opposed to decrypting data. If a passphrase is invalid, discard + the dek so we'll keep trying. + +2003-10-25 Werner Koch <[email protected]> + + * ccid-driver.c (ccid_open_reader): Return an error if no USB + devices are found. + + * Makefile.am: Replaced INTLLIBS by LIBINTL. + + * g10.c (main) [ENABLE_CARD_SUPPORT]: Add a default for + --pcsc-driver. + + * cardglue.c (learn_status_cb): Fixed faulty use of !space. + +2003-10-24 Werner Koch <[email protected]> + + * apdu.c (apdu_open_reader): Hacks for PC/SC under Windows. + +2003-10-21 Werner Koch <[email protected]> + + * passphrase.c (ask_passphrase): Add optional promptid arg. + Changed all callers. + * cardglue.c (pin_cb): Use it here, so the machine interface can + tell whether the Admin PIN is requested. + + * cardglue.c (agent_scd_checkpin): New. + + * misc.c (openpgp_pk_algo_usage): Added AUTH usage. + + * app-openpgp.c (check_against_given_fingerprint): New. Factored + out that code elsewhere. + (do_check_pin): New. + * card-util.c (card_edit): New command "passwd". Add logic to + check the PIN in advance. + (card_status): Add new args to return the serial number. Changed + all callers. + +2003-10-14 David Shaw <[email protected]> + + * import.c (import_one): Show the keyid when giving the Elgamal + slow import warning. + + * g10.c (main): Older versions used --comment "" to indicate no + comment. Don't add an empty comment. + +2003-10-13 David Shaw <[email protected]> + + * keyedit.c (show_key_with_all_names): Ownertrust is only + meaningful for the PGP or classic trust models. Both validity and + ownertrust are not meaningful for the always trust model. + +2003-10-11 Werner Koch <[email protected]> + + * keygen.c: Always enable the gen_card_key prototype. + +2003-10-10 Werner Koch <[email protected]> + + * cardglue.c (card_close): New. + (agent_scd_change_pin): Implemented. + + * ccid-driver.c (ccid_close_reader): New. + * apdu.c (close_ccid_reader, close_ct_reader, close_csc_reader) + (close_osc_reader, apdu_close_reader): New. Not all are properly + implemented yet. + * g10.c (g10_exit): Use close_card. + +2003-10-09 David Shaw <[email protected]> + + * g10.c (main): Give a deprecated option warning for + --show-keyring, --show-photos, --show-policy-url, --show-notation, + and their respective no- forms. + + * options.skel: Remove show-photos and replace with + list/verify-options show-photos. Remove no-mangle-dos-filenames. + + * misc.c (parse_options): Allow for incomplete (but unambiguous) + options. + +2003-10-09 Werner Koch <[email protected]> + + * ccid-driver.c (ccid_transceive): Add T=1 chaining for sending. + + * sign.c (do_sign) [!ENABLE_CARD_SUPPORT]: Return an error for + card keys. + + * cardglue.c (agent_scd_pkdecrypt): Implemented. + * pubkey-enc.c (get_it) [ENABLE_CARD_SUPPORT]: Divert decryption + to card + +2003-10-08 Werner Koch <[email protected]> + + * cardglue.c (pin_cb): Detect whether an admin or regular PIN is + requested. + (genkey_status_cb): New. + (agent_scd_genkey): Implemented. + + * keygen.c (generate_keypair): New arg CARD_SERIALNO and prepare + parameters for on card key generation. Changed all callers. + (do_generate_keypair): Add new arg card and merged casrd specific + changes from 1.9. + (proc_parameter_file): New arg card, apss it down to + do_generate_keypair and changed all callers. + (gen_card_key): New. + + * g10.c: Include cardclue.h. + (main): s/app_set_default_reader_port/card_set_reader_port/. + * cardglue.c (card_set_reader_port): New to address include file + issues. + +2003-10-02 Werner Koch <[email protected]> + + * cardglue.c (learn_status_cb): Release values before assignment + so that it can be used by getattr to update the structure. + (agent_scd_getattr): New. + + * keylist.c (print_pubkey_info): Add FP arg for optional printing + to a stream. Changed all callers. + +2003-10-01 Werner Koch <[email protected]> + + * app-common.h, app-openpgp.c, iso7816.c, iso7816.h, apdu.c + * apdu.h, ccid-driver.c, ccid-driver.h, card-util.c: Updated + from current GnuPG 1.9. Changes over there are: + * card-util.c: Tweaked to use this source also under 1.3. + (card_edit): New command "forcesig". + * card-util.c (print_name, print_isoname): Use 0 and not LF fro + the max_n arg of tty_print_utf8_string2. + * card-util.c (change_pin): Simplified. We now have only a PIN + and an Admin PIN. + * ccid-driver.c: Detect GnuPG 1.3 and include appropriate files. + * apdu.c: Ditto. + * app-openpgp.c: Ditto. + * iso7816.c: Ditto. + (generate_keypair): Renamed to .. + (do_generate_keypair): .. this. + * app-common.h [GNUPG_MAJOR_VERSION]: New. + * iso7816.h [GNUPG_MAJOR_VERSION]: Include cardglue.h + * app-openpgp.c (do_change_pin): Make sure CVH1 and CHV2 are + always synced. + (verify_chv2, verify_chv3): New. Factored out common code. + (do_setattr, do_sign, do_auth, do_decipher): Change the names of + the prompts to match that we have only 2 different PINs. + (app_select_openpgp): Check whether the card enforced CHV1. + (convert_sig_counter_value): New. Factor out code from + get_sig_counter. + + * Makefile.am (card_support_source): Depend on new AM conditional + to get the ifdef ENABLE_CARD_SUPPORT off the way from source + copied files. + (update-source-from-gnupg-2): Maintainer helper. + +2003-10-01 David Shaw <[email protected]> + + * g10.c (main): Add --no-groups to zero --group list. + + * encode.c (encode_simple): Allow for 32 bytes (256 bits) of + symmetrically encrypted session key. Use --s2k-cipher-algo to + choose cipher, rather than the default cipher. + + * parse-packet.c (parse_subkeyenc): Give a warning if an + symmetrically encrypted session key is seen without salt. Show in + --list-packets if a symetrically encrypted session key is present. + + * pubkey-enc.c (get_it): Always show cipher-not-in-prefs warning + unless --quiet is set. Use text name of cipher in warning. + +2003-09-30 David Shaw <[email protected]> + + * options.h, g10.c (main), mainproc.c (check_sig_and_print): Add + --verify-option show-unusable-uids. + + * gpgv.c (check_trustdb_stale): Stub. + + * trustdb.c (get_validity): Move the up-to-date check to + check_trustdb_stale (new), so that it can be called before + validity is checked. + + * keylist.c (list_keyblock_print): Disable the overall key + validity display until it can be thought about more. Use + check_trustdb_stale here to avoid putting the check warning in the + middle of a listed key. + + * trustdb.c (init_trustdb): Only verify_own_keys() for those trust + models that it applies to (i.e. classic and OpenPGP). + +2003-09-29 Werner Koch <[email protected]> + + * keygen.c (do_add_key_flags, parse_parameter_usage): Add support + the proposed AUTH key flag. + * getkey.c (fixup_uidnode, merge_selfsigs_main) + (merge_selfsigs_subkey, premerge_public_with_secret): Ditto. + * keylist.c (print_capabilities): Ditto. + + * parse-packet.c (parse_key): Allow to parse the divert-to-card + S2K mode. + * build-packet.c (do_secret_key): Handle divert-to-card S2K + * seckey-cert.c (is_secret_key_protected): Ditto. + (check_secret_key): Ditto. + + * keygen.c (do_ask_passphrase): Renamed from ask_passphrase. + * passphrase.c (ask_passphrase): New. + +2003-09-28 Werner Koch <[email protected]> + + * g10.c (main): New commands --card-edit, --card-status and + --change-pin. New options --ctapi-driver, --pcsc-driver and + --disable-ccid + * options.h (DBG_CARD_IO): New. + * cardglue.c, cardclue.h: Enhanced. + * card-util.c: New. Taken from current the gnupg 1.9 branch. + * app-common.h, app-openpgp.c, iso7816.c, iso7816.h, apdu.c + * apdu.h, ccid-driver.c, ccid-driver.h: New. Takem from the current + gnupg 1.9 branch withy minor changes to include directives. + * Makefile.am: Added these files. + +2003-09-27 Werner Koch <[email protected]> + + * sign.c (do_sign) [ENABLE_CARD_SUPPORT]: Divert to card. + * cardglue.c, cardglue.h: New. + * Makefile.am (gpg_LDADD): Added. + (card_support_sources): New. + +2003-09-25 David Shaw <[email protected]> + + * options.h, g10.c (main), keylist.c (list_keyblock_print): Add + "show-unusable-uids" list-option to show revoked and/or expired + user IDs. + +2003-09-24 David Shaw <[email protected]> + + * keyedit.c (show_key_with_all_names): Show names a little neater + by putting the [revoked] or [expired] in the space used for the + [validity]. There is also no point in showing "[unknown] + [revoked]". + +2003-09-23 David Shaw <[email protected]> + + * sign.c (mk_notation_policy_etc): Capitalize "URL". + + * trustdb.c (validate_keys): Give a little more information while + rebuilding trustdb. + + * pkclist.c (do_edit_ownertrust): Clarify "don't know". + + * g10.c (main): Default to --no-mangle-dos-filenames. + + * keydb.h, keyring.c (keyring_search), trustdb.c (search_skipfnc): + Expand the skipfnc to include a pointer to the user ID that + matched. + + * getkey.c (skip_disabled): Rename to skip_unusable, and add + checks for expired or revoked user IDs. + +2003-09-22 David Shaw <[email protected]> + + * g10.c (main): Deprecate --default-comment in favor of + --no-comments. + + * options.h, g10.c (main), armor.c (armor_filter): Allow using + --comment multiple times to get multiple Comment: header lines. + --no-comments resets list. + +2003-09-11 David Shaw <[email protected]> + + * g10.c (main): Trim --help to commonly used options. Remove -f. + +2003-09-08 David Shaw <[email protected]> + + * g10.c (main): Error out if --multifile is used with the commands + that don't support it yet (--sign, --clearsign, --detach-sign, + --symmetric, and --store). + + * g10.c (main): Add --multifile as an alias to turn --encrypt into + --encrypt-files (plus --verify-files, --decrypt-files). + + * encode.c (use_mdc), g10.c (main): Use RFC1991 and RFC2440 + directly to check for MDC usability. Do not set the force_mdc or + disable_mdc flags since there is no point any longer. + +2003-09-04 David Shaw <[email protected]> + + * armor.c (parse_hash_header, armor_filter), g10.c (print_hex, + print_mds), pkclist.c (algo_available): Drop TIGER/192 support. + +2003-09-03 David Shaw <[email protected]> + + * keyedit.c (show_key_with_all_names): Fix assertion failure when + using toggle to see a secret key. Reported by Maxim Britov. + +2003-08-31 David Shaw <[email protected]> + + * g10.c (add_keyserver_url), keyedit.c (keyedit_menu), sign.c + (mk_notation_policy_etc): Clarify a few strings. It's a + "preferred keyserver URL". + + * g10.c (main): Use "keyserver-url" instead of + "preferred-keyserver" for the sake of short and simple commands. + +2003-08-30 David Shaw <[email protected]> + + * main.h, keygen.c (keygen_add_keyserver_url): Signature callback + for adding a keyserver URL. + + * keyedit.c (keyedit_menu, menu_set_keyserver_url): New command to + set preferred keyserver to specified (or all) user IDs. + + * build-packet.c (build_sig_subpkt): Set preferred keyserver flag + while building a preferred keyserver subpacket. + + * keylist.c (show_policy_url, show_keyserver_url): URLs might be + UTF8. + + * keyedit.c (menu_addrevoker): Fix leaking a few bytes. + +2003-08-29 David Shaw <[email protected]> + + * keyedit.c (show_key_with_all_names): Use list-option + show-long-keyid in main --edit-key display. + + * keyedit.c (print_and_check_one_sig): Use list-option + show-long-keyid in --edit-key "check" function. + +2003-08-28 David Shaw <[email protected]> + + * passphrase.c (agent_send_all_options): Make use of $GPG_TTY. + + * g10.c (main): Disable use-agent if passphrase-fd is given + later. Suggested by Kurt Garloff. + + * exec.c, g10.c, gpgv.c, passphrase.c, photoid.c: + s/__MINGW32__/_WIN32/ to help building on native Windows + compilers. Requested by Brian Gladman. From Werner on stable + branch. + +2003-08-25 David Shaw <[email protected]> + + * options.h, g10.c (main): Add list-option + list-preferred-keyserver. + + * keyedit.c (change_passphrase): When responding 'no' to the blank + passphrase question, re-prompt for a new passphrase. This is bug + #202. + + * mainproc.c (check_sig_and_print): Use two different preferred + keyserver displays - one if the key is not present (to tell the + user where to get the key), the other if it is present (to tell + the user where the key can be refreshed). + + * packet.h, parse-packet.c (parse_signature): Set flag if a + preferred keyserver is present. + + * keylist.c (list_keyblock_print): Show keyserver url in listings + with list-option show-keyserver-url. + +2003-08-24 David Shaw <[email protected]> + + * Makefile.am: Use NETLIBS instead of EGDLIBS. + + * mainproc.c (check_sig_and_print): Get the uid validity before + printing any sig results to avoid munging the output with trustdb + warnings. + + * g10.c (main): Don't include --show-keyring in --help as it is + deprecated. + +2003-08-21 David Shaw <[email protected]> + + * gpgv.c: Remove extra semicolon (typo). + + * options.skel: Note that keyserver.pgp.com isn't synchronized, + and explain the roundrobin a bit better. + + * sig-check.c (check_key_signature2), import.c (import_one, + import_revoke_cert, chk_self_sigs, delete_inv_parts, + collapse_uids, merge_blocks): Make much quieter during import of + slightly munged, but recoverable, keys. Use log_error for + unrecoverable import failures. + + * keyring.c (keyring_rebuild_cache): Comment. + + * sign.c (mk_notation_and_policy): Making a v3 signature with + notations or policy urls is an error, not an info (i.e. increment + the errorcount). Don't print the notation or policy url to stdout + since it can be mixed into the output stream when piping and munge + the stream. + +2003-08-12 David Shaw <[email protected]> + + * packet.h, sig-check.c (signature_check2, do_check, + do_check_messages): Provide a signing-key-is-revoked flag. Change + all callers. + + * status.h, status.c (get_status_string): New REVKEYSIG status tag + for a good signature from a revoked key. + + * mainproc.c (do_check_sig, check_sig_and_print): Use it here. + + * import.c (import_revoke_cert, merge_blocks, merge_sigs): Compare + actual signatures on import rather than using keyid or class + matching. This does not change actual behavior with a key, but + does mean that all sigs are imported whether they will be used or + not. + + * parse-packet.c (parse_signature): Don't give "signature packet + without xxxx" warnings for experimental pk algorithms. An + experimental algorithm may not have a notion of (for example) a + keyid (i.e. PGP's x.509 stuff). + +2003-08-02 David Shaw <[email protected]> + + * options.h, g10.c (main), keylist.c (list_keyblock_print), + keyedit.c (print_and_check_one_sig): New "show-sig-expire" + list-option to show signature expiration dates (if any). + +2003-07-24 David Shaw <[email protected]> + + * options.h, g10.c (main, add_keyserver_url): Add + --sig-preferred-keyserver to implant a "where to get my key" + subpacket into a signature. + + * sign.c (mk_notation_and_policy): Rename to + mk_notation_policy_etc and add preferred keyserver support for + signatures. + +2003-07-21 David Shaw <[email protected]> + + * keygen.c (do_add_key_flags): Don't set the certify flag for + subkeys. + (ask_algo): Provide key flags for DSA, Elgamal_e, and Elgamal + subkeys. + (generate_keypair): Provide key flags for the default DSA/Elgamal + keys. + + * sig-check.c (signature_check, signature_check2, + check_key_signature, check_key_signature2): Allow passing NULLs + for unused parameters in the x2 form of each function to avoid the + need for dummy variables. getkey.c, mainproc.c: Change all + callers. + + * trustdb.h, trustdb.c (read_trust_options): New. Returns items + from the trustdb version record. + + * keylist.c (public_key_list): Use it here for the new "tru" + record. + + * gpgv.c (read_trust_options): Stub. + +2003-07-20 David Shaw <[email protected]> + + * keyedit.c (show_key_with_all_names): Use list-option + show-validity in --edit-key interface as well. + +2003-07-19 David Shaw <[email protected]> + + * options.h, g10.c (main), mainproc.c (check_sig_and_print): Add + verify-options "show-validity" and "show-long-keyid" to show + trustdb validity and long keyids during (file) signature + verification. + + * packet.h, main.h, sig-check.c (signature_check2, + check_key_signature2, do_check): If ret_pk is set, fill in the pk + used to verify the signature. Change all callers in getkey.c, + mainproc.c, and sig-check.c. + + * keylist.c (list_keyblock_colon): Use the ret_pk from above to + put the fingerprint of the signing key in "sig" records during a + --with-colons --check-sigs. This requires --no-sig-cache as well + since we don't cache fingerprints. + +2003-07-10 David Shaw <[email protected]> + + * parse-packet.c (parse_signature): No need to reserve 8 bytes for + the unhashed signature cache any longer. + + * misc.c (pct_expando): Add two new expandos - signer's + fingerprint (%g), and signer's primary fingerprint (%p). + + * Makefile.am: Include W32LIBS where appropriate. + + * g10.c (main): Add --rfc2440 alias for --openpgp since in a few + months, they won't be the same thing. + + * keyserver.c (parse_keyserver_uri): Accept "http" as an alias for + "hkp", since it is occasionally written that way. + (keyserver_spawn): Use ascii_isspace to avoid locale issues. + + * keygen.c (ask_user_id): Make --allow-freeform-uid apply to the + email field as well as the name field, and allow mixing fields + when it is set. + + * options.skel: Use subkeys.pgp.net as the default keyserver. + + * trustdb.c (validate_one_keyblock): Certifications on revoked or + expired uids do not count in the web of trust. + + * signal.c (init_one_signal, pause_on_sigusr, do_block): Only use + sigprocmask() if we have sigset_t, and only use sigaction() if we + have struct sigaction. This is for Forte c89 on Solaris which + seems to define only the function call half of the two pairs by + default. + (pause_on_sigusr): Typo. + (do_block): If we can't use sigprocmask() and sigset_t, try to get + the number of signals from NSIG as well as MAXSIG, and if we + can't, fail with an explanation. + + * signal.c, tdbio.c: Comment out the transaction code. It was not + used in this version, and was causing some build problems on + quasi-posix platforms (Solaris and Forte c89). + + * keylist.c (list_keyblock_colon): Don't include validity values + when listing secret keys since they can be incorrect and/or + misleading. This is a temporary kludge, and will be handled + properly in 1.9/2.0. + + * mainproc.c (check_sig_and_print): Only show the "key available + from" preferred keyserver line if the key is not currently + present. + + * keyedit.c (sign_uids): Do not sign expired uids without --expert + (same behavior as revoked uids). Do not allow signing a user ID + without a self-signature. --expert overrides. Add additional + prompt to the signature level question. + (menu_expire): When changing expiration dates, don't replace + selfsigs on revoked uids since this would effectively unrevoke + them. There is also no point in replacing expired selfsigs. This + is bug #181 + +2003-07-10 David Shaw <[email protected]> (from Werner on stable branch) + + * g10.c (add_notation_data): Make sure that only ascii is passed + to iscntrl. Noted by Christian Biere. + * getkey.c (classify_user_id2): Replaced isspace by spacep + * keygen.c (ask_user_id): Ditto. + (get_parameter_algo): Ditto. + * keyedit.c (keyedit_menu): Ditto. + * tdbdump.c (import_ownertrust): Ditto. s/isxdigit/hexdigitp/. + * revoke.c (ask_revocation_reason): + * keyserver.c (keyserver_spawn): Dito. + +2003-06-10 Werner Koch <[email protected]> + + * parse-packet.c (parse): Disallow old style partial length for + all key material packets to avoid possible corruption of keyrings. + +2003-06-08 Werner Koch <[email protected]> + + * import.c (import_keys_internal): Invalidate the cache so that + the file descriptor gets closed. Fixes bug reported by Juan + F. Codagnone. + +2003-06-04 David Shaw <[email protected]> + + * options.skel: Use new hkp://subkeys.pgp.net as sample keyserver + since they at least handle subkeys correctly. + + * options.h, g10.c (main), main.h, keylist.c (show_keyserver_url), + mainproc.c (check_sig_and_print), parse-packet.c (dump_sig_subpkt, + parse_one_sig_subpkt, can_handle_critical): Add read-only support + for preferred keyserver subpackets. They're basically policy URLs + with a different name. Add a verify-option + "show-preferred-keyserver" to turn them on and off (on by default, + as per stable branch). + + * g10.c (main): Add "--set-notation" as alias to "--notation-data" + this is to make things consistent with --set-policy-url meaning + both sigs and certs. + +2003-06-03 David Shaw <[email protected]> + + * options.h, g10.c (main), keylist.c (list_keyblock_print): Add + "show-validity" and "show-long-keyid" list-options. + + * gpgv.c (get_validity, trust_value_to_string): Stubs. + + * g10.c (main): Use SAFE_VERSION instead of VERSION in the + version-specific gpg.conf file so it can be overridden on RISCOS. + +2003-06-01 David Shaw <[email protected]> + + * g10.c (main), keylist.c (show_policy_url, show_notation), + mainproc.c (check_sig_and_print): Emulate the old policy and + notation behavior (display by default). Send to status-fd whether + it is displayed on the screen or not. + + * g10.c (main): Since we now have some options in devel that won't + work in a stable branch gpg.conf file, try for a version-specific + gpg.conf-VERSION file before falling back to gpg.conf. + + * main.h, options.h: Move various option flags to options.h. + +2003-05-31 David Shaw <[email protected]> + + * mainproc.c (check_sig_and_print), main.h, keylist.c + (show_policy, show_notation): Collapse the old print_notation_data + into show_policy() and show_notation() so there is only one + function to print notations and policy URLs. + + * options.h, main.h, g10.c (main), keyedit.c + (print_and_check_one_sig), keylist.c (list_one, + list_keyblock_print), pkclist.c (do_edit_ownertrust), sign.c + (mk_notation_and_policy): New "list-options" and "verify-options" + commands. These replace the existing + --show-photos/--no-show-photos, + --show-notation/--no-show-notation, + --show-policy-url/--no-show-policy-url, and --show-keyring + options. The new method is more flexible since a user can specify + (for example) showing photos during sig verification, but not in + key listings. The old options are emulated. + + * main.h, misc.c (parse_options): New general option line + parser. Fix the bug in the old version that did not handle report + syntax errors after a valid entry. + + * import.c (parse_import_options), export.c + (parse_export_options): Call it here instead of duplicating the + code. + +2003-05-30 David Shaw <[email protected]> + + * keylist.c (list_one): Don't show the keyring filename when in + --with-colons mode. Actually translate "Keyring" string. + + * mainproc.c (proc_tree): We can't currently handle multiple + signatures of different classes or digests (we'd pretty much have + to run a different hash context for each), but if they are all the + same, make an exception. This is Debian bug #194292. + + * sig-check.c (check_key_signature2): Make string translatable. + + * packet.h, getkey.c (fixup_uidnode): Mark real primary uids + differently than assumed primaries. + + * keyedit.c (no_primary_warning): Use the differently marked + primaries here in a new function to warn when an --edit-key + command might rearrange the self-sig dates enough to change which + uid is primary. + (menu_expire, menu_set_preferences): Use no_primary_warning() + here. + + * Makefile.am: Use @DLLIBS@ for -ldl. + +2003-05-26 David Shaw <[email protected]> + + * getkey.c (premerge_public_with_secret): Made "no secret subkey + for" warning a verbose item and translatable. (From wk on stable + branch) + + * sig-check.c (check_key_signature2): Made "no subkey for subkey + binding packet" a verbose item instead of a !quiet one. There are + too many garbled keys out in the wild. (From wk on stable branch) + + * filter.h: Remove const from WHAT. (From wk on stable branch) + + * progress.c (handle_progress): Store a copy of + NAME. (progress_filter): Release WHAT, make sure not to print a + NULL WHAT. (From wk on stable branch) + + * openfile.c (open_sigfile): Adjust free for new progress + semantics. (From wk on stable branch) + + * plaintext.c (ask_for_detached_datafile): Don't dealloc + pfx->WHAT. (From wk on stable branch) + + * seckey-cert.c (do_check): Issue the RSA_OR_IDEA status when the + cipher algo is IDEA to make it easier to track down the + problem. (From twoaday on stable branch) + +2003-05-24 David Shaw <[email protected]> + + * armor.c, g10.c, kbnode.c, misc.c, pkclist.c, sign.c, + build-packet.c, getkey.c, keydb.c, openfile.c, plaintext.c, + status.c, gpgv.c, keygen.c, options.h, sig-check.c, tdbio.h, + encode.c, mainproc.c, parse-packet.c, signal.c, textfilter.c: Edit + all preprocessor instructions to remove whitespace before the '#'. + This is not required by C89, but there are some compilers out + there that don't like it. + +2003-05-21 David Shaw <[email protected]> + + * trustdb.h, trustdb.c (is_disabled), gpgv.c (is_disabled): Rename + is_disabled to cache_disabled_value, which now takes a pk and not + just the keyid. This is for speed since there is no need to + re-fetch a key when we already have that key handy. Cache the + result of the check so we don't need to hit the trustdb more than + once. + + * getkey.c (skip_disabled): New function to get a pk and call + is_disabled on it. (key_byname): Use it here. + + * packet.h, getkey.c (skip_disabled), keylist.c + (print_capabilities): New "pk_is_disabled" macro to retrieve the + cached disabled value if available, and fill it in via + cache_disabled_value if not available. + + * trustdb.c (get_validity): Cache the disabled value since we have + it handy and it might be useful later. + + * parse-packet.c (parse_key): Clear disabled flag when parsing a + new key. Just in case someone forgets to clear the whole key. + + * getkey.c (merge_selfsigs_main): Add an "if all else fails" path + for setting a single user ID primary when there are multiple set + primaries all at the same second, or no primaries set and the most + recent user IDs are at the same second, or no signed user IDs at + all. This is arbitrary, but deterministic. + + * exec.h, photoid.h: Add copyright message. + + * keylist.c (list_keyblock_print): Don't dump attribs for + revoked/expired/etc uids for non-colon key listings. This is for + consistency with --show-photos. + + * main.h, keylist.c (dump_attribs), mainproc.c + (check_sig_and_print): Dump attribs if --attrib-fd is set when + verifying signatures. + + * g10.c (main): New --gnupg option to disable the various + --openpgp, --pgpX, etc. options. This is the same as --no-XXXX + for those options. + + * revoke.c (ask_revocation_reason): Clear old reason if user + elects to repeat question. This is bug 153. + + * keyedit.c (sign_uids): Show keyid of the key making the + signature. + +2003-05-21 Werner Koch <[email protected]> + + * progress.c (handle_progress) + * sign.c (write_plaintext_packet) + * encode.c (encode_simple,encode_crypt): Make sure that a filename + of "-" is considered to be stdin so that iobuf_get_filelength + won't get called. This fixes bug 156 reported by Gregery Barton. + +2003-05-02 David Shaw <[email protected]> + + * packet.h, build-packet.c (build_sig_subpkt), export.c + (do_export_stream), import.c (remove_bad_stuff, import), + parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt): Remove + vestigal code for the old sig cache subpacket. This wasn't + completely harmless as it caused subpacket 101 to disappear on + import and export. + + * options.h, armor.c, cipher.c, g10.c, keyedit.c, pkclist.c, + sign.c, encode.c, getkey.c, revoke.c: The current flags for + different levels of PGP-ness are massively complex. This is step + one in simplifying them. No functional change yet, just use a + macro to check for compliance level. + + * sign.c (sign_file): Fix bug that causes spurious compression + preference warning. + + * sign.c (clearsign_file): Fix bug that prevents proper warning + message from appearing when clearsigning in --pgp2 mode with a + non-v3 RSA key. + + * main.h, misc.c (compliance_option_string, compliance_string, + compliance_failure), pkclist.c (build_pk_list), sign.c (sign_file, + clearsign_file), encode.c (encode_crypt, + write_pubkey_enc_from_list): New functions to put the "this + message may not be usable...." warning in one place. + + * options.h, g10.c (main): Part two of the simplification. Use a + single enum to indicate what we are compliant to (1991, 2440, + PGPx, etc.) + + * g10.c (main): Show errors for failure in export, send-keys, + recv-keys, and refresh-keys. + + * options.h, g10.c (main): Give algorithm warnings for algorithms + chosen against the --pgpX and --openpgp rules. + + * keydb.h, pkclist.c (algo_available): Make TIGER192 invalid in + --openpgp mode. + + * sign.c (sign_file), pkclist.c (algo_available): Allow passing a + hint of 0. + +2003-05-01 David Shaw <[email protected]> + + * tdbio.c (create_version_record): Only create new trustdbs with + TM_CLASSIC or TM_PGP. + + * trustdb.h, trustdb.c (trust_string, get_ownertrust_string, + get_validity_string, ask_ownertrust, validate_keys), pkclist.c + (do_edit_ownertrust): Rename trust_string to trust_value_to_string + for naming consistency. + + * trustdb.h, trustdb.c (string_to_trust_value): New function to + translate a string to a trust value. + + * g10.c (main): Use string_to_trust_value here for + --force-ownertrust. + + * options.h, g10.c (main), trustdb.c (trust_model_string, + init_trustdb, check_trustdb, update_trustdb, get_validity, + validate_one_keyblock): An "OpenPGP" trust model is misleading + since there is no official OpenPGP trust model. Use "PGP" + instead. + +2003-04-30 David Shaw <[email protected]> + + * build-packet.c (build_sig_subpkt): Comments. + + * exec.c (exec_write): Cast NULL to void* to properly terminate + varargs list. + + * keyedit.c (show_key_with_all_names): Just for safety, catch an + invalid pk algorithm. + + * sign.c (make_keysig_packet): Crucial that the call to mksubpkt + comes LAST before the calls to finalize the sig as that makes it + possible for the mksubpkt function to get a reliable pointer to + the subpacket area. + + * pkclist.c (do_we_trust_pre): If an untrusted key was chosen by a + particular user ID, use that ID as the one to ask about when + prompting whether to use the key anyway. + (build_pk_list): Similar change here when adding keys to the + recipient list. + + * trustdb.c (update_validity): Fix bug that prevented more than + one validity record per trust record. + (get_validity): When retrieving validity for a (user) supplied + user ID, return the validity for that user ID only, and do not + fall back to the general key validity. + (validate_one_keyblock): Some commentary on whether + non-self-signed user IDs belong in the web of trust (arguably, + they do). + +2003-04-27 David Shaw <[email protected]> + + * g10.c (main): Add --no-textmode. + + * export.c (do_export_stream), keyedit.c (show_key_with_all_names, + menu_addrevoker), mainproc.c (check_sig_and_print), photoid.c + (show_photos), sign.c (mk_notation_and_policy), trustdb.c + (get_validity, reset_trust_records, validate_keys): Make some + strings translatable. + + * mainproc.c (check_sig_and_print): Show digest algorithm and sig + class when verifying a sig with --verbose on, and add version, pk + and hash algorithms and sig class to VALIDSIG. + + * parse-packet.c (enum_sig_subpkt): Make a warning message a + --verbose warning message since we don't need to warn every time + we see an unknown critical (we only need to invalidate the + signature). + + * trustdb.c (init_trustdb): Check the trustdb options even with + TM_AUTO since the auto may become TM_CLASSIC or TM_OPENPGP. + +2003-04-26 David Shaw <[email protected]> + + * sign.c (do_sign): Show the hash used when making a signature in + verbose mode. + + * tdbio.h, tdbio.c (tdbio_read_model): New function to return the + trust model used in a given trustdb. + + * options.h, g10.c (main), trustdb.c (init_trustdb, check_trustdb, + update_trustdb): Use tdbio_read_model to implement an "auto" trust + model which is set via the trustdb. + +2003-04-23 David Shaw <[email protected]> + + * import.c (import_revoke_cert): Remove ultimate trust when + revoking an ultimately trusted key. + + * keyedit.c (sign_uids): Allow replacing expired signatures. + Allow duplicate signatures with --expert. + + * pkclist.c (check_signatures_trust): Don't display a null + fingerprint when checking a signature with --always-trust enabled. + + * filter.h (progress_filter_context_t), progress.c + (handle_progress), plaintext.c (ask_for_detached_datafile, + hash_datafiles): Fix compiler warnings. Make "what" constant. + + * build-packet.c (do_plaintext): Do not create invalid literal + packets with >255-byte names. + +2003-04-15 Werner Koch <[email protected]> + + * Makefile.am (AM_CFLAGS): Make use of AM_CFLAGS and AM_LDFLAGS. + + * g10.c, options.h: New option --enable-progress-filter. + * progress.c (handle_progress): Make use of it. + +2003-04-15 Marcus Brinkmann <[email protected]> + + * progress.c: New file. + * Makefile.am (common_source): Add progress.c. + * filter.h (progress_filter_context_t): New type. + (progress_filter, handle_progress): New prototypes. + * main.h (open_sigfile): New argument for prototype. + * openfile.c (open_sigfile): New argument to install progress + filter. + * encode.c (encode_simple): New variable PFX. Register + progress filter. Install text_filter after that. + (encode_crypt): Likewise. + * sign.c (sign_file): Likewise. + (clearsign_file): Likewise. + * decrypt.c (decrypt_message): Likewise. + (decrypt_messages): Likewise. + * verify.c (verify_signatures): Likewise. + (verify_one_file): Likewise. + * plaintext.c (hash_datafiles): Likewise. + (ask_for_detached_datafile): Likewise. + +2003-04-10 Werner Koch <[email protected]> + + * passphrase.c (read_passphrase_from_fd): Do a dummy read if the + agent is to be used. Noted by Ingo Klöcker. + (agent_get_passphrase): Inhibit caching when we have no + fingerprint. This is required for key generation as well as for + symmetric only encryption. + + * passphrase .c (agent_get_passphrase): New arg CANCELED. + (passphrase_to_dek): Ditto. Passed to above. Changed all + callers to pass NULL. + * seckey-cert.c (do_check): New arg CANCELED. + (check_secret_key): Terminate loop when canceled. + + * keyedit.c (change_passphrase): Pass ERRTEXT untranslated to + passphrase_to_dek and translate where appropriate. + * seckey-cert.c (check_secret_key): Ditto. + * keygen.c (ask_passphrase): Ditto. + * passphrase.c (agent_get_passphrase): Translate the TRYAGAIN_TEXT. + Switch the codeset to utf-8. + +2003-04-09 Werner Koch <[email protected]> + + * decrypt.c (decrypt_messages): Fixed error handling; the function + used to re-loop with same file after an error. Reported by Joseph + Walton. + +2003-04-08 David Shaw <[email protected]> + + * main.h, g10.c (main), import.c (parse_import_options, + fix_pks_corruption): It's really PKS corruption, not HKP + corruption. Keep the old repair-hkp-subkey-bug command as an + alias. + + * g10.c (main): Rename --no-version to --no-emit-version for + consistency. Keep --no-version as an alias. + +2003-04-04 David Shaw <[email protected]> + + * pkclist.c (algo_available): PGP 8 can use the SHA-256 hash. + + * sign.c (sign_file, clearsign_file, sign_symencrypt_file): Remove + unused code. + +2003-04-01 Werner Koch <[email protected]> + + * mainproc.c (check_sig_and_print): Add primary key fpr to VALIDSIG + status. + +2003-03-24 David Shaw <[email protected]> + + * keydb.h: Err on the side of making an unknown signature a SIG + rather than a CERT. + + * import.c (delete_inv_parts): Discard any key signatures that + aren't key types (i.e. 0x00, 0x01, etc.) + + * g10.c (main): Add deprecated option warning for + --list-ownertrust. Add --compression-algo alias for + --compress-algo. Change --version output strings to match + "showpref" strings, and make translatable. + + * status.c (do_get_from_fd): Accept 'y' as well as 'Y' for + --command-fd boolean input. + + * trustdb.c: Fix typo (DISABLE_REGEXP -> DISABLE_REGEX) + + * keyedit.c (show_key_with_all_names_colon): Show no-ks-modify + flag. + +2003-03-11 David Shaw <[email protected]> + + * options.h, g10.c (main), keyserver.c (kopts): Add "try-dns-srv" + keyserver option. Defaults to on. + + * passphrase.c (agent_get_passphrase): Fix memory leak with + symmetric messages. Fix segfault with symmetric messages. Fix + incorrect prompt with symmetric messages. + +2003-03-10 Werner Koch <[email protected]> + + * compress.c (init_uncompress): Use a 15 bit window size so that + the output of implementations which don't run for PGP 2 + compatibility won't get garbled. + +2003-03-04 David Shaw <[email protected]> + + * trustdb.c (validate_keys): Mask the ownertrust when building the + list of fully valid keys so that disabled keys are still counted + in the web of trust. + (get_ownertrust_with_min): Do the same for the minimum ownertrust + calculation. + + * parse-packet.c (dump_sig_subpkt): Show the notation names for + not-human-readable notations. Fix cosmetic off-by-one length + counter. + + * options.skel: Add explantion and commented-out + "no-mangle-dos-filenames". + + * mainproc.c (proc_encrypted): Make string translatable. + + * keyserver.c (keyserver_spawn): Quote ':', '%', and any 8-bit + characters in the uid strings sent to the keyserver helper. + + * keyring.c (keyring_rebuild_cache): Lock the keyring while + rebuilding the signature caches to prevent another gpg from + tampering with the temporary copy. + + * keygen.c (keygen_set_std_prefs): Include AES192 and AES256 in + default prefs. + + * keyedit.c (show_prefs): Make strings translatable. + + * keydb.c: Double the maximum number of keyrings to 40. + + * gpgv.c (main): Fix bug #113 - gpgv should accept the + --ignore-time-conflict option. + + * g10.c (main): --openpgp disables --pgpX. Double the amount of + secure memory to 32k (keys are getting bigger these days). + + * Makefile.am: Makefile.am: Use @CAPLIBS@ to link in -lcap if we + are using capabilities. + +2003-02-26 David Shaw <[email protected]> + + * keyserver.c (keyserver_spawn): Include various pieces of + information about the key in the data sent to the keyserver + helper. This allows the helper to use it in instructing a remote + server which may not have any actual OpenPGP smarts in parsing + keys. + + * main.h, export.c (export_pubkeys_stream, do_export_stream): Add + ability to return only the first match in an exported keyblock for + keyserver usage. This should be replaced at some point with a + more flexible solution where each key can be armored seperately. + +2003-02-22 David Shaw <[email protected]> + + * sign.c (sign_file): Do not push textmode filter onto an unopened + IOBUF (segfault). Noted by Marcus Brinkmann. Push and + reinitialize textmode filter for each file in a multiple file + list. + + * packet.h, getkey.c (fixup_uidnode), keyedit.c (show_prefs): Set + and show the keyserver no-modify flag. + + * keygen.c (add_keyserver_modify): New. + (keygen_upd_std_prefs): Call it here. + (keygen_set_std_prefs): Accept "ks-modify" and "no-ks-modify" as + prefs to set and unset keyserver modify flag. + + * g10.c (main): Accept "s1" in addition to "idea" to match the + other ciphers. + + * main.h, misc.c (idea_cipher_warn): We don't need this if IDEA + has been disabled. + +2003-02-21 David Shaw <[email protected]> + + * keygen.c (keygen_set_std_prefs): Don't put AES or CAST5 in + default prefs if they are disabled. + + * g10.c (main): Use 3DES instead of CAST5 if we don't have CAST5 + support. Use 3DES for the s2k cipher in --openpgp mode. + (print_mds): #ifdef all of the optional digest algorithms. + +2003-02-12 David Shaw <[email protected]> + + * keydb.h, getkey.c (classify_user_id, classify_user_id2): Make + 'exact' a per-desc item. Merge into one function since + 'force_exact' is no longer needed. + (key_byname): Use new classify_user_id function, and new exact + flag in KEYDB_SEARCH_DESC. + + * keyring.h, keyring.c (keyring_search): Return an optional index + to show which KEYDB_SEARCH_DESC was the matching one. + + * keydb.h, keydb.c (keydb_search): Rename to keydb_search2, and + pass the optional index to keyring_search. Add a macro version of + keydb_search that calls this new function. + + * export.c (do_export_stream): If the keyid! syntax is used, + export only that specified key. If the key in question is a + subkey, export the primary plus that subkey only. + +2003-02-11 David Shaw <[email protected]> + + * exec.c (set_exec_path): Add debugging line. + + * g10.c (print_hex, print_mds): Print long hash strings a lot + neater. This assumes at least an 80-character display, as there + are a few other similar assumptions here and there. Users who + need unformatted hashes can still use with-colons. Check that + SHA384 and 512 are available before using them as they are no + longer always available. + + * Makefile.am: Use a local copy of libexecdir along with @PACKAGE@ + as GNUPG_LIBEXECDIR so it can be easily overridden at make time. + +2003-02-04 David Shaw <[email protected]> + + * armor.c (parse_hash_header, armor_filter): Accept the new SHAs + in the armor Hash: header. + + * g10.c (print_hex): Print long hash strings a little neater. + (print_mds): Add the new SHAs to the hash list. + +2003-02-02 David Shaw <[email protected]> + + * keyedit.c (menu_revuid): Properly handle a nonselfsigned uid on + a v4 key (treat as a v4 revocation). + + * import.c (print_import_check): Do not re-utf8 convert user IDs. + +2003-01-27 David Shaw <[email protected]> + + * mainproc.c (list_node): Show signature expiration date in + with-colons sig records. + + * keylist.c (list_keyblock_colon), mainproc.c (list_node): Show + trust sig information in with-colons sig records. + +2003-01-16 David Shaw <[email protected]> + + * g10.c (add_group): Trim whitespace after a group name so it does + not matter where the user puts the = sign. + + * options.skel: Comment out the first three lines in case someone + manually copies the skel file to their homedir. + + * sign.c (clearsign_file): Only use pgp2mode with v3 keys and + MD5. This matches what we do when decoding such messages and + prevents creating a message (v3+RIPEMD/160) that we can't verify. + + * sig-check.c (signature_check2): Use G10ERR_GENERAL as the error + for signature digest conflict. BAD_SIGN implies that a signature + was checked and we may try and print out a user ID for a key that + doesn't exist. + +2003-01-15 David Shaw <[email protected]> + + * trustdb.c (init_trustdb, get_validity): Don't use a changed + trust model to indicate a dirty trustdb, and never auto-rebuild a + dirty trustdb with the "always" trust model. + + * g10.c (add_group): Last commit missed the \t ;) + +2003-01-14 David Shaw <[email protected]> + + * packet.h, parse-packet.c (setup_user_id), free-packet.c + (free_user_id), keydb.h, keyid.c (namehash_from_uid): New function + to rmd160-hash the contents of a user ID packet and cache it in + the uid object. + + * keylist.c (list_keyblock_colon): Use namehash in field 8 of + uids. Show dates for creation (selfsig date), and expiration in + fields 6 and 7. + + * trustdb.c (get_validity, get_validity_counts, update_validity): + Use new namehash function rather than hashing it locally. + +2003-01-14 Werner Koch <[email protected]> + + * g10.c (add_group): Fixed group parsing to allow more than one + delimiter in a row and also allow tab as delimiter. + +2003-01-12 David Shaw <[email protected]> + + * tdbio.c (tdbio_set_dbname): Fix assertion failure with + non-fully-qualified trustdb names. + +2003-01-11 David Shaw <[email protected]> + + * trustdb.c (get_validity_info, get_ownertrust_info, + trust_letter): Simplify by returning a ? for error directly. + + * keyedit.c (show_key_with_all_names): Use get_validity_string and + get_ownertrust_string to show full word versions of trust + (i.e. "full" instead of 'f'). + + * trustdb.h, trustdb.c (get_ownertrust_string, + get_validity_string): Same as get_ownertrust_info, and + get_validity_info, except returns a full string. + + * trustdb.c (get_ownertrust_with_min): New. Same as + 'get_ownertrust' but takes the min_ownertrust value into account. + +2003-01-10 David Shaw <[email protected]> + + * armor.c (armor_filter): Comment about PGP's end of line tab + problem. + + * trustdb.h, trustdb.c (trust_letter): Make + static. (get_ownertrust_info, get_validity_info): Don't mask the + trust level twice. + + * trustdb.h, gpgv.c, trustdb.c (get_validity, get_validity_info), + keylist.c (list_keyblock_colon), keyedit.c + (show_key_with_all_names_colon, menu_revuid): Pass a user ID in + rather than a namehash, so we only have to do the hashing in one + place. + + * packet.h, pkclist.c (build_pk_list), free-packet.c + (release_public_key_parts): Remove unused namehash element for + public keys. + +2003-01-07 David Shaw <[email protected]> + + * keygen.c (keygen_set_std_prefs): Warn when setting an IDEA + preference when IDEA is not available. + +2003-01-06 David Shaw <[email protected]> + + * trustdb.c (get_validity_info): 'd' for disabled is not a + validity value any more. + + * packet.h, tdbio.h, tdbio.c (tdbio_read_record, + tdbio_write_record), trustdb.c (update_validity): Store temporary + full & marginal counts in the trustdb. + (clear_validity, get_validity_counts): Return and clear temp + counts. + (store_validation_status): Keep track of which keyids have been + stored. + (validate_one_keyblock, validate_key_list): Use per-uid copies of + the full & marginal counts so they can be recalled for multiple + levels. + (validate_keys): Only use unused keys for each new round. + (reset_unconnected_keys): Rename to reset_trust_records, and only + skip specifically excluded records. + + * keylist.c (print_capabilities): Show 'D' for disabled keys in + capabilities section. + + * trustdb.c (is_disabled): Remove incorrect comment. + +2003-01-03 David Shaw <[email protected]> + + * import.c (import_one): Only do the work to create the status + display for interactive import if status is enabled. + + * keyring.c (keyring_search): skipfnc didn't work properly with + non-keyid searches. Noted by Stefan Bellon. + + * getkey.c (merge_selfsigs_main): Remove some unused code and make + sure that the pk selfsigversion member accounts for 1F direct + sigs. + +2003-01-02 Werner Koch <[email protected]> + + * keydb.c (keydb_add_resource): Don't assume that try_make_homedir + terminates but check again for the existence of the directory and + continue then. + * openfile.c (copy_options_file): Print a warning if the skeleton + file has active options. + +2002-12-29 David Shaw <[email protected]> + + * getkey.c (merge_selfsigs_main), main.h, sig-check.c + (check_key_signature2): Pass the ultimately trusted pk directly to + check_key_signature2 to avoid going through the key selection + mechanism. This prevents a deadly embrace when two keys without + selfsigs each sign the other. + +2002-12-27 David Shaw <[email protected]> + + * keyserver.c (keyserver_refresh): Don't print the "refreshing..." + line if there are no keys to refresh or if there is no keyserver + set. + + * getkey.c (merge_selfsigs_main): Any valid user ID should make a + key valid, not just the last one. This also fixes Debian bug + #174276. + +2002-12-27 Stefan Bellon <[email protected]> + + * import.c (print_import_check): Changed int to size_t. + +2002-12-27 David Shaw <[email protected]> + + * keyedit.c (keyedit_menu, menu_revuid): Add "revuid" feature to + revoke a user ID. This is the same as issuing a revocation for + the self-signature, but a much simpler interface to do it. + +2002-12-26 David Shaw <[email protected]> + + * keydb.h, getkey.c (key_byname): Flag to enable or disable + including disabled keys. Keys specified via keyid (i.e. 0x...) + are always included. + + * getkey.c (get_pubkey_byname, get_seckey_byname2, + get_seckey_bynames), keyedit.c (keyedit_menu, menu_addrevoker): + Include disabled keys in these functions. + + * pkclist.c (build_pk_list): Do not include disabled keys for -r + or the key prompt. Do include disabled keys for the default key + and --encrypt-to. + + * trustdb.h, trustdb.c (is_disabled): New skipfnc for skipping + disabled keys. + + * gpgv.c (is_disabled): Stub. + + * keygen.c (keygen_add_key_expire): Properly handle updating a key + expiration to a no-expiration value. + + * keyedit.c (enable_disable_key): Comment. + + * import.c (import_one): When in interactive mode and --verbose, + don't repeat some key information twice. + +2002-12-22 Timo Schulz <[email protected]> + + * import.c (print_import_check): New. + (import_one): Use it here. + Use merge_keys_and_selfsig in the interactive mode to avoid + wrong key information. + * status.h: Add new status code. + * status.c: Ditto. + +2002-12-13 David Shaw <[email protected]> + + * pkclist.c (do_we_trust): Tweak language to refer to the "named + user" rather than "owner". Noted by Stefan Bellon. + + * trustdb.h, trustdb.c (trustdb_pending_check): New function to + check if the trustdb needs a check. + + * import.c (import_keys_internal): Used here so we don't rebuild + the trustdb if it is still clean. + (import_one, chk_self_sigs): Only mark trustdb dirty if the key + that is being imported has any sigs other than self-sigs. + Suggested by Adrian von Bidder. + + * options.skel: Include the required '=' sign in the sample + 'group' option. Noted by Stefan Bellon. + + * import.c (chk_self_sigs): Don't try and check a subkey as if it + was a signature. + +2002-12-11 David Shaw <[email protected]> + + * tdbio.c (tdbio_read_record, tdbio_write_record): Compact the + RECTYPE_TRUST records a bit. + + * g10.c (main): Comment out --list-trust-path until it can be + implemented. + + * import.c (import_one): Warn when importing an Elgamal primary + that this may take some time (to verify self-sigs). + (chk_self_sigs): Try and cache all self-sigs so the keyblock is + written to the keyring with a good rich cache. + + * keygen.c (ask_algo): Make the Elgamal sign+encrypt warning + stronger, and remove the RSA sign+encrypt warning. + +2002-12-06 Stefan Bellon <[email protected]> + + * options.h: Fixed typo (mangle_dos_names instead of + mangle_dos_filenames). + +2002-12-05 Werner Koch <[email protected]> + + * g10.c: New options --[no-]mangle-dos-filenames. + * options.h (opt): Added mangle-dos-filenames. + * openfile.c (open_outfile) [USE_ONLY_8DOT3]: Truncate the + filename only when this option is set; this is the default. + +2002-12-04 David Shaw <[email protected]> + + * main.h, keyedit.c, keygen.c: Back out previous (2002-12-01) + change. Minimal isn't always best. + + * sign.c (update_keysig_packet): Use the current time rather then + a modification of the original signature time. Make sure that + this doesn't cause a time warp. + + * keygen.c (keygen_add_key_expire): Properly handle a key + expiration date in the past (use a duration of 0). + + * keyedit.c (menu_expire): Use update_keysig_packet so any sig + subpackets are maintained during the update. + + * build-packet.c (build_sig_subpkt): Mark sig expired or unexpired + when the sig expiration subpacket is added. + (build_sig_subpkt_from_sig): Handle making an expiration subpacket + from a sig that has already expired (use a duration of 0). + + * packet.h, sign.c (update_keysig_packet), keyedit.c + (menu_set_primary_uid, menu_set_preferences): Add ability to issue + 0x18 subkey binding sigs to update_keysig_packet and change all + callers. + + * trustdb.c (validate_keys): Show trust parameters when building + the trustdb, and make sure that the version record update was + successful. + (init_trustdb): If the current parameters aren't what was used for + building the trustdb, the trustdb is invalid. + + * tbio.c (tdbio_db_matches_options): Update to work with new + trustdbs. + +2002-12-03 David Shaw <[email protected]> + + * tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record): Store + trust model in the trustdb version record. + (tdbio_update_version_record): New function to update version + record values during a trustdb check or update. + (tdbio_dump_record): Show trust model in dump. + + * trustdb.c (validate_keys): Call tdbio_update_version_record on + success so that the correct options are stored in the trustdb. + + * options.h: rearrange trust models so that CLASSIC is 0 and + OPENPGP is 1. + + * options.h, g10.c (main), encode.c (write_pubkey_enc_from_list), + pkclist.c (algo_available), revoke.c (gen_revoke): Add --pgp8 + mode. This is basically identical to --pgp7 in all ways except + that signing subkeys, v4 data sigs (including expiration), and SK + comments are allowed. + + * getkey.c (finish_lookup): Comment. + + * main.h, keylist.c (reorder_keyblock), keyedit.c (keyedit_menu): + Reorder user ID display in the --edit-key menu to match that of + the --list-keys display. + + * g10.c (add_notation_data): Fix initialization. + +2002-12-01 David Shaw <[email protected]> + + * keyedit.c (menu_expire): Don't lose key flags when changing the + expiration date of a subkey. This is not the most optimal + solution, but it is minimal change on the stable branch. + + * main.h, keygen.c (do_copy_key_flags): New function to copy key + flags, if any, from one sig to another. + (do_add_key_expire): New function to add key expiration to a sig. + (keygen_copy_flags_add_expire): New version of + keygen_add_key_expire that also copies key flags. + (keygen_add_key_flags_and_expire): Use do_add_key_expire. + + * import.c (fix_hkp_corruption): Comment. + +2002-11-25 Stefan Bellon <[email protected]> + + * plaintext.c (handle_plaintext) [__riscos__]: If nooutput is set, + no filetype is needed obviously. + +2002-11-24 David Shaw <[email protected]> + + * main.h, misc.c (default_cipher_algo, default_compress_algo): + New. Return the default algorithm by trying + --cipher-algo/--compress-algo, then the first item in the pref + list, then s2k-cipher-algo or ZIP. + + * sign.c (sign_file, sign_symencrypt_file), encode.c + (encode_simple, encode_crypt): Call default_cipher_algo and + default_compress_algo to get algorithms. + + * g10.c (main): Allow pref selection for compress algo with + --openpgp. + + * mainproc.c (proc_encrypted): Use --s2k-digest-algo for + passphrase mangling rather than --digest-algo. + + * sign.c (hash_for): If --digest-algo is not set, but + --personal-digest-preferences is, then use the first hash + algorithm in the personal list. If the signing algorithm is DSA, + then use the first 160-bit hash algorithm in the personal list. + If --pgp2 is set and it's a v3 RSA key, use MD5. + + * g10.c (main), keydb.c (keydb_add_resource, + keydb_locate_writable): Rename --default-keyring as + --primary-keyring. Stefan wins the naming contest. + +2002-11-23 David Shaw <[email protected]> + + * g10.c (add_notation_data): Disallow notation names that do not + contain a '@', unless --expert is set. This is to help prevent + people from polluting the (as yet unused) IETF namespace. + + * main.h: Comments about default algorithms. + + * photoid.c (image_type_to_string): Comments about 3-letter file + extensions. + + * encode.c (encode_simple), passphrase.c (passphrase_to_dek), + sign.c (sign_symencrypt_file): Use --s2k-digest-algo for + passphrase mangling rather than --digest-algo. + +2002-11-21 David Shaw <[email protected]> + + * keygen.c (keygen_set_std_prefs): Properly handle an empty + preference string. + + * misc.c (string_to_compress_algo): "none" is a bad choice since + it conflicts with the "none" in setpref. + +2002-11-14 David Shaw <[email protected]> + + * g10.c (main): Allow compression algorithm names as the argument + to --compress-algo. The old algorithm names still work for + backwards compatibility. + + * misc.c (string_to_compress_algo): Allow "none" as an alias for + "uncompressed". + +2002-11-13 Stefan Bellon <[email protected]> + + * getkey.c (get_pubkey_byfprint_fast): Fixed type incompatibility, + was unsigned char instead of byte. + +2002-11-13 David Shaw <[email protected]> + + * encode.c (encode_simple): Make sure that files larger than about + 4G use partial length encoding. This is required because OpenPGP + allows only for 32 bit length fields. From Werner on stable + branch. + + * getkey.c (get_pubkey_direct): Renamed to... + (get_pubkey_fast): this and made extern. + (get_pubkey_byfprint_fast): New. From Werner on stable branch. + + * keydb.h, import.c (import_one): Use get_pubkey_fast instead of + get_pubkey. We don't need a merged key and actually this might + lead to recursions. + (revocation_present): Likewise for search by fingerprint. From + Werner on stable branch. + + * g10.c (main): Try to create the trustdb even for non-colon-mode + list-key operations. This is required because getkey needs to + know whether a a key is ultimately trusted. From Werner on stable + branch. + + * exec.c [__CYGWIN32__]: Keep cygwin separate from Mingw32; + we don't need it here as it behaves more like a Posix system. + From Werner on stable branch. + + * passphrase.c (agent_get_passphrase): Ditto. From Werner on + stable branch. + + * tdbio.c (MY_O_BINARY): Need binary mode with Cygwin. From + Werner on stable branch. + + * g10.c, gpgv.c (main) [__CYGWIN32__]: Don't get the homedir from + the registry. From Werner on stable branch. + + * keyedit.c (show_key_with_all_names_colon): Make --with-colons + --edit display match the validity and trust of --with-colons + --list-keys. + + * passphrase.c (agent_send_all_options): Fix compile warning. + + * keylist.c (list_keyblock_colon): Validity for subkeys should + match that of the primary key, and not that of the last user ID. + + * getkey.c (merge_selfsigs): Revoked/expired/invalid primary keys + carry these facts onto all their subkeys, but only after the + subkey has a chance to be marked valid. This is to fix an + incorrect "invalid public key" error verifying a signature made by + a revoked signing subkey, with a valid unrevoked primary key. + +2002-11-09 Werner Koch <[email protected]> + + * passphrase.c (agent_send_all_options): Use tty_get_ttyname to + get the default ttyname. + +2002-11-07 David Shaw <[email protected]> + + * keyring.h, keyring.c (keyring_register_filename): Return the + pointer if a given keyring is registered twice. + + * keydb.h, keydb.c (keydb_add_resource): Use flags to indicate a + default keyring. + (keydb_locate_writable): Prefer the default keyring if possible. + + * g10.c (main): Add --default-keyring option. + +2002-11-06 David Shaw <[email protected]> + + * options.h, g10.c (main), trustdb.c (ask_ownertrust): Add + --force-ownertrust option for debugging purposes. This allows + setting a whole keyring to a given trust during an + --update-trustdb. Not for normal use - it's just easier than + hitting "4" all the time to test a large trustdb. + + * pubkey-enc.c (get_session_key): With hidden recipients or try a + given passphrase against all secret keys rather than trying all + secret keys in turn. Don't if --try-all-secrets or --status-fd is + enabled. + + * passphrase.c (passphrase_to_dek): Mode 1 means do a regular + passphrase query, but don't prompt with the key info. + + * seckey-cert.c (do_check, check_secret_key): A negative ask count + means to enable passphrase mode 1. + + * keydb.h, getkey.c (enum_secret_keys): Add flag to include + secret-parts-missing keys (or not) in the list. + +2002-11-05 David Shaw <[email protected]> + + * keyserver.c (keyserver_search_prompt): When --with-colons is + enabled, don't try and fit the search output to the screen size - + just dump the whole list. + +2002-11-04 David Shaw <[email protected]> + + * keyserver.c (keyserver_search_prompt): When --with-colons is + enabled, just dump the raw keyserver protocol to stdout and don't + print the menu. + + * keyserver.c (show_prompt): Don't show a prompt when command-fd + is being used. + + * trustdb.c (trust_model_string, check_trustdb, update_trustdb, + validate_one_keyblock): It's not clear what a trustdb rebuild or + check means with a trust model other than "classic" or "openpgp", + so disallow this. + +2002-11-03 David Shaw <[email protected]> + + * options.h, g10.c (main): Add --trust-model option. Current + models are "openpgp" which is classic+trustsigs, "classic" which + is classic only, and "always" which is the same as the current + option --always-trust (which still works). Default is "openpgp". + + * trustdb.c (validate_one_keyblock): Use "openpgp" trust model to + enable trust sigs. + + * gpgv.c (main), mainproc.c (check_sig_and_print), pkclist.c + (do_we_trust, do_we_trust_pre, check_signatures_trust): Use new + --trust-model option in place of --always-trust. + + * keyedit.c (sign_mk_attrib, trustsig_prompt, sign_uids, + keyedit_menu): Prompt for and create a trust signature with + "tsign". This is functional, but needs better UI text. + + * build-packet.c (build_sig_subpkt): Able to build trust and + regexp subpackets. + + * pkclist.c (do_edit_ownertrust): Comment. + +2002-11-02 David Shaw <[email protected]> + + * keygen.c (set_one_pref, keygen_set_std_prefs): Allow using the + full algorithm name (CAST5, SHA1) rather than the short form (S3, + H2). + + * main.h, keygen.c (keygen_get_std_prefs), keyedit.c + (keyedit_menu): Return and use a fake uid packet rather than a + string since we already have a nice parser/printer in + keyedit.c:show_prefs. + + * main.h, misc.c (string_to_compress_algo): New. + +2002-11-01 David Shaw <[email protected]> + + * g10.c (main): Add --no-throw-keyid. + + * keydb.h, encode.c (write_pubkey_enc_from_list), g10.c (main), + pkclist.c (build_pk_list): Add --hidden-recipient (-R) and + --hidden-encrypt-to, which do a single-user variation on + --throw-keyid. The "hide this key" flag is carried in bit 0 of + the pk_list flags field. + + * keyserver.c (parse_keyrec): Fix shadowing warning. + +2002-10-31 Stefan Bellon <[email protected]> + + * compress.c (init_compress) [__riscos__]: Use + riscos_load_module() to load ZLib module. + + * g10.c (main) [__riscos__]: Renames due to changes in riscos.c + (e.g. prefixes all RISC OS specific functions with riscos_*). + * photoid.c (show_photos) [__riscos__]: Likewise. + * signal.c (got_fatal_signal) [__riscos__]: Likewise. + + * trustdb.c (check_regexp) [__riscos__]: Branch to RISC OS RegEx + handling. + +2002-10-31 David Shaw <[email protected]> + + * build-packet.c (do_plaintext), encode.c (encode_sesskey, + encode_simple, encode_crypt), sign.c (write_plaintext_packet): Use + wipememory() instead of memset() to wipe sensitive memory as the + memset() might be optimized away. + +2002-10-30 David Shaw <[email protected]> + + * trustdb.c (check_regexp): Modern regexps require REG_EXTENDED. + +2002-10-29 David Shaw <[email protected]> + + * packet.h, trustdb.h, trustdb.c (trust_string): New. Return a + string like "fully trusted", "marginally trusted", etc. + (get_min_ownertrust): New. Return minimum ownertrust. + (update_min_ownertrust): New. Set minimum ownertrust. + (check_regexp): New. Check a regular epression against a user ID. + (ask_ownertrust): Allow specifying a minimum value. + (get_ownertrust_info): Follow the minimum ownertrust when + returning a letter. + (clear_validity): Remove minimum ownertrust when a key becomes + invalid. + (release_key_items): Release regexp along with the rest of the + info. + (validate_one_keyblock, validate_keys): Build a trust sig chain + while validating. Call check_regexp for regexps. Use the minimum + ownertrust if the user does not specify a genuine ownertrust. + + * pkclist.c (do_edit_ownertrust): Only allow user to select a + trust level greater than the minimum value. + + * parse-packet.c (can_handle_critical): Can handle critical trust + and regexp subpackets. + + * trustdb.h, trustdb.c (clear_ownertrusts), delkey.c + (do_delete_key), import.c (import_one): Rename clear_ownertrust to + clear_ownertrusts and have it clear the min_ownertrust value as + well. + + * keylist.c (list_keyblock_print): Indent uid to match pub and + sig. + + * keyedit.c (print_and_check_one_sig, show_key_and_fingerprint, + menu_addrevoker), keylist.c (list_keyblock_print, + print_fingerprint): Show "T" or the trust depth for trust + signatures, and add spaces to some strings to make room for it. + + * packet.h, parse-packet.c (dump_sig_subpkt, parse_one_sig_subpkt, + parse_signature): Parse trust signature values. + + * tdbio.h, tdbio.c (tdbio_read_record, tdbio_write_record): + Reserve a byte for the minimum ownertrust value (for use with + trust signatures). + +2002-10-29 Stefan Bellon <[email protected]> + + * build-packet.c (calc_plaintext, do_plaintext): Removed RISC OS + specific filetype parts (it's now done in make_basename()). + + * plaintext.c (handle_plaintext): Tidied up RISC OS specific + filetype parts. + + * encode.c (encode_simple, encode_crypt): Added argument to + make_basename() call. + + * sign.c (write_plaintext_packet): Added argument to + make_basename() call. + +2002-10-28 Stefan Bellon <[email protected]> + + * build-packet.c (calc_plaintext, do_plaintext): Added filetype + handling for RISC OS' file types. + + * plaintext.c (handle_plaintext) [__riscos__]: Added filetype + handling for RISC OS' file types. + +2002-10-23 David Shaw <[email protected]> + + * main.h, import.c (sec_to_pub_keyblock, import_secret_one, + parse_import_options), g10.c (main): New import-option + "convert-sk-to-pk" to convert a secret key into a public key + during import. It is on by default. + +2002-10-23 Werner Koch <[email protected]> + + * pubkey-enc.c (get_it): Fix segv, test for revoked only when PK + has been assigned. + +2002-10-18 Timo Schulz <[email protected]> + + * keylist.c: (print_pubkey_info): New. + (print_seckey_info): New. + * main.h: Prototypes for the new functions. + * delkey.c (do_delete_key): Use it here. + * revoke.c (gen_desig_revoke): Ditto. + +2002-10-17 Werner Koch <[email protected]> + + * pkclist.c (do_edit_ownertrust): Show all user IDs. This should + be enhanced to also show the current trust level. Suggested by + Florian Weimer. + +2002-10-17 David Shaw <[email protected]> + + * g10.c (main): Handle --strict and --no-strict from the command + line before the options file is loaded. + +2002-10-15 David Shaw <[email protected]> + + * g10.c (main): Disable --textmode when encrypting (symmetric or + pk) in --pgp2 mode as PGP 2 can't handle the unknown length + literal packet. Reported by Michael Richardson. + +2002-10-14 David Shaw <[email protected]> + + * keyserver-internal.h, keyserver.c (print_keyrec, parse_keyrec, + show_prompt, keyserver_search_prompt, keyserver_spawn): Go to + version 1 of the keyserver protocol. This is a better design, + similar to --with-colons, that allows for keys with multiple user + IDs rather than using multiple keys. It also matches the machine + readable pksd format. Also use a prettier --search-keys listing + format that can fill different size windows (currently set at 24 + lines). + +2002-10-12 Werner Koch <[email protected]> + + * keygen.c (print_status_key_created): New. + (do_generate_keypair): Use it to print the fingerprint. + (generate_subkeypair): Likewise. + +2002-10-11 David Shaw <[email protected]> + + * keyedit.c (menu_addrevoker): Properly back out if the signature + fails. Also, do not allow appointing the same revoker twice, and + report ALREADY_SIGNED if the user tries it. + +2002-10-07 David Shaw <[email protected]> + + * import.c (import_keys_internal): Missed one s/inp/inp2/. + + * keylist.c (print_capabilities): Properly indicate per-key + capabilities of sign&encrypt primary keys that have + secret-parts-missing (i.e. no capabilities at all) + + * mainproc.c (symkey_decrypt_sesskey): Fix compiler warning. + +2002-10-04 David Shaw <[email protected]> + + * getkey.c (get_pubkey_direct): Don't cache keys retrieved via + this function as they may not have all their fields filled in. + + * sig-check.c (signature_check2): Use new is_primary flag to check + rather than comparing main_keyid with keyid as this still works in + the case of a not fully filled in pk. + +2002-10-04 Werner Koch <[email protected]> + + * import.c (import_keys_internal): s/inp/inp2/ to avoid shadowing + warning. + + * passphrase.c (agent_get_passphrase): Fixed signed/unsigned char + problem in %-escaping. Noted by Ingo Klöcker. + +2002-10-03 David Shaw <[email protected]> + + * options.h, g10.c (main): Add --strict and --no-strict to switch + the log_warning severity level from info to error. + + * keylist.c (print_capabilities): Secret-parts-missing keys should + show that fact in the capabilities, and only primary signing keys + can certify other keys. + + * packet.h, parse_packet.c (parse_key): Add is_primary flag for + public keys (it already exists for secret keys). + +2002-10-02 David Shaw <[email protected]> + + * import.c (import_secret_one): Check for an illegal (>110) + protection cipher when importing a secret key. + + * keylist.c (list_keyblock_print): Show a '#' for a + secret-parts-missing key. + + * parse_packet.c (parse_key): Some comments. + + * revoke.c (gen_revoke): Remove some debugging code. + + * trustdb.c (verify_own_keys): Make trusted-key a non-deprecated + option again. + + * seckey-cert.c (do_check): Don't give the IDEA warning unless the + cipher in question is in fact IDEA. + +2002-10-01 David Shaw <[email protected]> + + * import.c (import_one): Make sure that a newly imported key + starts with a clean ownertrust. + +2002-10-01 Werner Koch <[email protected]> + + * getkey.c (get_pubkey_direct): New. + (merge_selfsigs_main): Use it here to look for an ultimately + trusted key. Using the full get_pubkey might lead to an + infinitive recursion. + +2002-09-29 David Shaw <[email protected]> + + * keyserver.c (parse_keyserver_uri): Force the keyserver URI + scheme to lowercase to be case-insensitive. + +2002-09-28 David Shaw <[email protected]> + + * export.c (do_export_stream): Comment. + + * sig-check.c (check_key_signature2): Properly handle a + non-designated revocation import. + +2002-09-26 Werner Koch <[email protected]> + + * g10.c (set_homedir): New. Changed all direct assignments to use + this. + * gpgv.c (set_homedir): Ditto. + +2002-09-25 David Shaw <[email protected]> + + * Makefile.am: Link gpg with EGDLIBS (i.e. NETLIBS) as EGD uses + sockets. Remove the old NETLIBS variable since the keyserver + stuff is no longer internal. + +2002-09-24 David Shaw <[email protected]> + + * import.c (import_keys_stream): Fix compiler type warning. + + * keyring.c (keyring_rebuild_cache), sig-check.c + (check_key_signature2), import.c (import, chk_self_sigs): Minor + language cleanups. + +2002-09-23 Stefan Bellon <[email protected]> + + * main.h: Introduced fast-import as import option. Removed + fast as separate option from prototypes. + * import.c (parse_import_options): Added fast-import option. + (import_*): Removed fast as separate option. + * g10.c (main): Added option fast-import, removed old fast + as separate argument. + * keyserver.c (keyserver_spawn): Removed old fast as separate + argument. + +2002-09-22 Stefan Bellon <[email protected]> + + * import.c (import_keys, import_keys_stream, + import_keys_internal): Added trustdb update/check to key import if + not fast-import and interactive set/no-auto-check-trustdb unset. + Avoided function clone by introducing import_keys_internal. + +2002-09-19 David Shaw <[email protected]> + + * keyserver.c (keyserver_spawn): Properly handle line truncation. + Don't leak memory (~10-20 bytes) on searches. + (keyserver_search_prompt): Cleanup. + + * keylist.c (list_keyblock_colon): Show 1F direct key signatures + in --with-colons listing. + +2002-09-16 David Shaw <[email protected]> + + * keyedit.c (menu_addrevoker): The direct key signature for + revocation keys must be at least v4 to carry the revocation key + subpacket. Add a PGP 2.x warning for revocation keys. + +2002-09-14 David Shaw <[email protected]> + + * g10.c (check_permissions): Rearrange strings to make translating + easier (don't incorporate string parts). + + * keyedit.c (sign_uids): Make strings translatable. + + * sig-check.c (check_key_signature2): Make string translatable. + +2002-09-13 David Shaw <[email protected]> + + * getkey.c (check_revocation_keys): Move.... + * main.h, sig-check.c (check_revocation_keys): to here. Also + return the signature_check error code rather than 0/1 and cache + the sig result. + + * sig-check.c (check_key_signature2): Divert to + check_revocation_keys if a revocation sig is made by someone other + than the pk owner. + + * getkey.c (merge_selfsigs_main): Tidy. + +2002-09-13 Werner Koch <[email protected]> + + * g10.c (main) [__MINGW32__]: Activate oLoadExtension. + +2002-09-12 David Shaw <[email protected]> + + * Makefile.am, hkp.c, hkp.h, keyserver.c (keyserver_work): Remove + internal HKP support. + + * keyserver.c (keyserver_spawn): Remove whitespace after keyserver + commands. + +2002-09-10 David Shaw <[email protected]> + + * exec.c (expand_args): Remove loop left over from earlier + implementation. + (exec_write): Missed one tick. + +2002-09-10 Werner Koch <[email protected]> + + * g10.c, options.h: Removed option --emulate-checksum-bug. + * misc.c (checksum_u16_nobug): Removed. + (checksum_u16): Removed the bug emulation. + (checksum_mpi): Ditto. + (checksum_mpi_counted_nbits): Removed and replaced all calls + with checksum_mpi. + + * parse-packet.c (read_protected_v3_mpi): New. + (parse_key): Use it here to store it as an opaque MPI. + * seckey-cert.c (do_check): Changed the v3 unprotection to the new + why to store these keys. + (protect_secret_key): Likewise. + * build-packet.c (do_secret_key): And changed the writing. + + * tdbio.c (tdbio_set_dbname, open_db): Use new macro MY_O_BINARY + to avoid silly ifdefs. + (open_db): Fallback to RDONLY so that gpg may be used from a + RO-medium. + + * encode.c (encode_simple): Make sure we don't use an ESK packet + when we don't have a salt in the S2K. + + * misc.c (pct_expando) <case f>: Make sure that LEN is initialized. + + * exec.c (exec_finish): Use ticks to denote filenames in messages. + (make_tempdir, exec_write): Changed format of messages. + + * keyserver.c (print_keyinfo): Release USERID in on error. + (keyserver_work) [!DISABLE_KEYSERVER_HELPERS]: Exclude the unused + code. + +2002-09-09 Werner Koch <[email protected]> + + * parse-packet.c (make_attribute_uidname): Add new ar MAX_NAMELEN + for sanity checks. Changed both callers. Limit the size of an %s. + + * options.skel: Comment lock-once out, so that this file does not + change anything when copied to a new home directory. + * openfile.c (try_make_homedir): Don't exit after copying the + option skeleton. + + * options.h: Don't use a comma when declaring variables over more + than one line. + + * mainproc.c (symkey_decrypt_sesskey): Check length of the session + key. + + * hkp.c (dehtmlize): Use ascii_tolower to protect against weird + locales. Cast the argument for isspace for the sake of broken + HP/UXes. + (parse_hkp_index): s/ascii_memcasecmp/ascii_strncasecmp/. + + * g10.c: Removed option --emulate-3des-s2k-bug. + + * passphrase.c (hash_passphrase): Was used here. + + * export.c (parse_export_options) + * keyserver.c (parse_keyserver_options) + * import.c (parse_import_options) + * g10.c (check_permissions): s/ascii_memcasecmp/ascii_strncasecmp/. + +2002-09-09 David Shaw <[email protected]> + + * g10.c (add_group): Use '=' to separate group name from group + members. Use a better error message for when no = is found. + + * hkp.c (hkp_export): Use CRLF in headers. + +2002-09-03 David Shaw <[email protected]> + + * mainproc.c (print_pkenc_list): Don't increment the error counter + when printing the list of keys a message was encrypted to. This + would make gpg give a non-zero exit code even for completely valid + messages if the message was encrypted to more than one key that + the user owned. + +2002-09-02 Werner Koch <[email protected]> + + * g10.c (main): Try to set a default character set. Print the + used one in verbosity level 3. + * gpgv.c (main): Try to set a default character set. + + * status.c, status.h (STATUS_IMPORT_OK): New. + * import.c (import_one,import_secret_one): Print new status. + +2002-08-30 David Shaw <[email protected]> + + * pkclist.c (build_pk_list): Add new status code to indicate an + untrusted user. This (or a disabled key) fail with "unavailable + pubkey" (G10ERR_UNU_PUBKEY). + + * pkclist.c (build_pk_list): Fail if any recipient keys are + unusable. + + * options.skel: The PGP LDAP keyserver is back. Use MIT keyserver + as a sample rather than cryptnet as cryptnet does not support + searching yet. + + * keyedit.c (show_key_with_all_names): Fix error message + (preferences are userid/selfsig and not key specific). + +2002-08-30 Werner Koch <[email protected]> + + * pkclist.c (do_we_trust_pre): Changed the wording of a warning. + + * encode.c (encode_simple,encode_crypt): Use new style CTB for + compressssed packets when using MDC. We need to do this so that + concatenated messages are properly decrypted. Old style + compression assumes that it is the last packet; given that we + can't determine the length in advance, the uncompressor does not + know where to start. Actually we should use the new CTB always + but this would break PGP 2 compatibility. + + * parse-packet.c (parse): Special treatment for new style CTB + compressed packets. + + * build-packet.c (do_mdc): Removed. Was not used. + (do_encrypted_mdc): Count in the version number and the MDC packet. + +2002-08-28 David Shaw <[email protected]> + + * sig-check.c (do_check_messages, do_check): Show keyid in error + messages. + + * keyserver.c (print_keyinfo): More readable key listings for + --search-keys responses. + +2002-08-26 David Shaw <[email protected]> + + * hkp.c (parse_hkp_index, dehtmlize): Move HTML functionality into + new "dehtmlize" function. Remove HTML before trying to parse each + line from the keyserver. If the keyserver provides key type + information in the listing, use it. + +2002-08-23 David Shaw <[email protected]> + + * sig-check.c (do_check, do_check_messages): Emit the usual sig + warnings even for cached sigs. This also serves to protect + against missing a sig expiring while cached. + + * getkey.c (merge_selfsigs_main): Don't check UID self-sigs twice. + +2002-08-22 David Shaw <[email protected]> + + * import.c (clean_subkeys, chk_self_sigs): Merge clean_subkeys + into chk_self_sigs. This improves efficiency as the same + signatures are not checked multiple times. Clarify when a subkey + is revoked (any revocation signature, even if it is dated before + the binding signature). + + * getkey.c (merge_selfsigs_subkey): Subkey revocation comments. + + * keylist.c (list_one): Stats are only for public key listings. + + * g10.c (main), options.skel: Default should be include-revoked + for keyserver operations. + +2002-08-21 Werner Koch <[email protected]> + + * import.c (import_print_stats): Print new non_imported counter + which is currently not used because we terminate on errors. + +2002-08-20 David Shaw <[email protected]> + + * options.skel: Document no-include-attributes for + keyserver-options. + + * keylist.c, keyedit.c, keyserver.c, sign.c: Some TODOs and + comments. + + * export.c (do_export_stream): Fix noop bug in exporting sensitive + revocation keys. + + * pkclist.c (do_edit_ownertrust): Comment out the option for + showing trust paths until it can be implemented. + +2002-08-19 Werner Koch <[email protected]> + + * getkey.c (get_user_id_native): Renamed to .. + (get_user_id_printable): this. Filter out all dangerous + characters. Checked all usages. + (get_user_id_string_native): Renamed to.. + (get_user_id_string_printable): this. Filter out all dangerous + characters. Checked all usages. + * keyedit.c (show_basic_key_info): New. + * keylist.c (print_fingerprint): New mode 3. + * import.c (import_one): Use new function to display the user ID. + +2002-08-16 Timo Schulz <[email protected]> + + * g10.c (main): Enable opt.interactive. + + * import.c (import_one): Ask the user if the key shall be + imported when the interactive mode is used. Useful to extract + selected keys from a file. + +2002-08-16 Werner Koch <[email protected]> + + * seckey-cert.c: Workaround to allow decryption of v3 keys created + with a bug in the mpi_get_secure_buffer. + +2002-08-14 David Shaw <[email protected]> + + * hkp.c (parse_hkp_index): Properly handle really large keys + (5 digit key length) in HKP searches. + +2002-08-13 David Shaw <[email protected]> + + * encode.c (encode_simple): Fix problem with using compression + algo 2 and symmetric compressed files. + + * encode.c (encode_simple, encode_crypt): If we are not using a + MDC, compress even if a file is already compressed. This is to + help against the chosen ciphertext attack. + + * pkclist.c (select_algo_from_prefs): Fix requested algorithm bug + so the request succeeds even if the requested algorithm is not the + first found. + + * cipher.c (write_header), encode.c (use_mdc, encode_simple, + encode_crypt, encrypt_filter), g10.c (main): Be more eager to use + a MDC. We use a MDC if the keys directly support it, if the keys + list AES (any) or TWOFISH anywhere in the prefs, or if the cipher + chosen does not have a 64 bit blocksize. + +2002-08-08 David Shaw <[email protected]> + + * options.skel: Some language tweaks, and remove the + load-extension section for random gatherers. + + * keyring.c (create_tmp_file, rename_tmp_file): Create tmp files + with user-only permissions, but restore the original permissions + if the user has something special set. + + * openfile.c (copy_options_file): Create new options file + (gpg.conf) with user-only permissions. + + * keydb.c (keydb_add_resource): Create new keyrings with user-only + permissions. + + * tdbio.c (tdbio_set_dbname): Create new trustdbs with user-only + permissions. + +2002-08-07 David Shaw <[email protected]> + + * sig-check.c (signature_check2): Sanity check that the md has a + context for the hash that the sig is expecting. This can happen + if a onepass sig header does not match the actual sig, and also if + the clearsign "Hash:" header is missing or does not match the + actual sig. + + * keyedit.c (menu_revsig): Properly show a uid is revoked without + restarting gpg. This is Debian bug 124219, though their supplied + patch will not do the right thing. + + * main.h, tdbio.c (tdbio_set_dbname), misc.c (removed + check_permissions), keydb.c (keydb_add_resource), g10.c (main, + check_permissions): Significant reworking of the permission check + mechanism. The new behavior is to check everything in the homedir + by checking the homedir itself. If the user wants to put + (possibly shared) keyrings outside the homedir, they are not + checked. The options file and any extension files are checked + wherever they are, as well as their enclosing directories. This + is Debian bug 147760. + +2002-08-06 Stefan Bellon <[email protected]> + + * g10.c (main): Use of EXTSEP_S in new gpg.conf string. + * openfile.c (copy_options_file): Ditto. + +2002-08-06 David Shaw <[email protected]> + + * options.h, g10.c (main), mainproc.c (proc_encrypted): + --ignore-mdc-error option to turn a MDC check error into a + warning. + + * encode.c (encode_crypt), g10.c (main), sign.c (sign_file, + clearsign_file): Use the same --pgpX warning string everywhere to + ease translations. + + * encode.c (write_pubkey_enc_from_list): Warn when using + --throw-keyid with --pgpX. Noted by Vedaal Nistar. + + * revoke.c (export_minimal_pk, gen_desig_revoke, gen_revoke): + Export a minimal pk along with the revocation cert when in --pgpX + mode so that PGP can import it. + +2002-08-06 Werner Koch <[email protected]> + + * options.skel: Changed comments. + + * g10.c (main): Try to use "gpg.conf" as default option file. + * openfile.c (copy_options_file): Changed name of created file. + +2002-08-02 Werner Koch <[email protected]> + + * Makefile.am (LDFLAGS): Removed DYNLINK_LDFLAGS. + +2002-07-30 David Shaw <[email protected]> + + * options.h, g10.c (main), mainproc.c (proc_encrypted): Return a + decryption failed error if a MDC does not verify. Warn if a MDC + is not present (can disable via --no-mdc-warning). + + * exec.c (exec_write), g10.c (main), keyserver.c + (keyserver_spawn): Use new DISABLE_KEYSERVER_PATH rather than + FIXED_EXEC_PATH. + +2002-07-28 David Shaw <[email protected]> + + * sig-check.c (do_check): Properly validate v4 sigs with no hashed + section at all. + +2002-07-25 Werner Koch <[email protected]> + + * delkey.c (do_delete_key): Always allow to delete a key in batch mode + when specified by fingerprint. Suggested by Enzo Michelangeli. + +2002-07-25 David Shaw <[email protected]> + + * keyedit.c (menu_revsig): Change "revsig" to honor selected uids + so the user can revoke sigs from particular uids only. + + * keylist.c (list_keyblock_print): Don't display expired uids in + --list-keys unless -v and not --list-sigs (just like revoked + uids). + + * exec.c, export.c, import.c, keyedit.c, keyserver.c, misc.c: + "Warning" -> "WARNING" + +2002-07-24 David Shaw <[email protected]> + + * main.h, import.c (parse_import_options, fix_hkp_corruption, + import_one, delete_inv_parts), g10.c (main): New import-option + "repair-hkp-subkey-bug", which repairs as much as possible the HKP + mangling multiple subkeys bug. It is on by default for keyserver + receives, and off by default for regular --import. + + * main.h, import.c (import, import_one, delete_inv_parts), hkp.c + (hkp_ask_import), keyserver.c (keyserver_spawn): Use keyserver + import options when doing keyserver receives. + + * options.h, exec.h, exec.c (set_exec_path, exec_write), g10.c + (main), keyserver.c (keyserver_spawn): If the user does not use + "exec-path", completely replace $PATH with GNUPG_LIBEXECDIR before + calling the keyserver helper. If the user does use "exec-path", + append GNUPG_LIBEXECDIR after the specified path. + +2002-07-23 David Shaw <[email protected]> + + * import.c (parse_import_options), export.c + (parse_export_options): Fix offset problem with reversed ("no-") + meanings. + + * import.c (delete_inv_parts): Discard subkey signatures (0x18 and + 0x28) if found in the userid section of the key. + + * sig-check.c (signature_check2): Signatures made by invalid + subkeys (bad/missing binding sig) are also invalid. + + * keylist.c (print_fingerprint): Show the primary as well as the + secondary key fingerprint in modes 1 & 2. + +2002-07-22 David Shaw <[email protected]> + + * options.h, main.h, g10.c (main), import.c + (parse_import_options, delete_inv_parts), keyserver.c + (parse_keyserver_options): add new --import-options option. The + only current flag is "allow-local-sigs". + + * g10.c (main): Don't disable MDC in pgp7 mode. + + * options.h, g10.c (main), keyserver.c (parse_keyserver_options): + Remove old keyserver-option include-attributes now that there is + an export-option for the same thing. + + * options.h, main.h, export.c (parse_export_options, + do_export_stream), g10.c (main): add new --export-options option. + Current flags are "include-non-rfc", "include-local-sigs", + "include-attributes", and "include-sensitive-revkeys". + + * options.h, hkp.c (hkp_export), keyserver.c + (parse_keyserver_options, keyserver_spawn): try passing unknown + keyserver options to export options, and if successful, use them + when doing a keyserver --send-key. + + * build-packet.c (build_sig_subpkt): We do not generate + SIGSUBPKT_PRIV_VERIFY_CACHE anymore. + + * revoke.c (gen_desig_revoke): Lots more comments about including + sensitive revkeys along with the revocation sig itself. + + * keyserver.c (parse_keyserver_options): Simpler implementation + that can skip one pass over the options. + +2002-07-18 David Shaw <[email protected]> + + * keyedit.c (keyedit_menu, menu_addrevoker): Allow specifying + "sensitive" as an argument to an addrevoker command. This sets + the 0x40 sensitive revoker flag. + + * revoke.c (gen_desig_revoke): When generating a designated + revocation, include the direct key sig that contains the + designated revoker subpacket. This allows sensitive designated + revocation subpackets to be exported. Also indicate which + revokers are sensitive in the first place. + +2002-07-17 David Shaw <[email protected]> + + * keyedit.c (show_key_with_all_names_colon): The 0x40 class bit in + a designated revoker means "sensitive", not "local". It's + exportable under the right circumstances. + + * main.h, options.h, export.c (do_export_stream), g10.c (main), + hkp.c (hkp_export), keyserver.c (keyserver_spawn: Add a flag to + skip attribute packets and their signatures while exporting. This + is to accomodate keyservers (pksd again) that choke on attributes. + Use keyserver-option "include-attributes" to control it. This + defaults to ON (i.e. don't skip). + +2002-07-09 David Shaw <[email protected]> + + * options.h, keyserver.c (parse_keyserver_uri, keyserver_spawn, + keyserver_work), hkp.c (hkp_ask_import, hkp_export, hkp_search): + Use a much more strict reading of RFC-2396 for the keyserver URIs. + Specifically, don't try and be smart about checking the value of + ":port" so long as it is all digits, and properly handle opaque + data (those scheme specific parts that do not start with "//"). + +2002-07-04 David Shaw <[email protected]> + + * photoid.c (get_default_photo_command, show_photos): Honor + FIXED_PHOTO_VIEWER and DISABLE_PHOTO_VIEWER. + + * mainproc.c (check_sig_and_print): Use --show-photos to show + photos when verifying a sig made by a key with a photo. + + * keyserver.c (parse_keyserver_uri): Properly parse a URI with no + :port section and an empty file path, but with a terminating '/'. + (keyserver_work): Honor DISABLE_KEYSERVER_HELPERS. + + * hkp.c (hkp_ask_import): Display keyserver URI as a URI, but only + if verbose. + + * exec.c, g10.c: USE_EXEC_PATH -> FIXED_EXEC_PATH + +2002-07-03 David Shaw <[email protected]> + + * exec.h, exec.c (set_exec_path, exec_write), g10.c (main): If + USE_EXEC_PATH is defined at compile time, use it to lock the + exec-path and not allow the user to change it. + +2002-07-02 David Shaw <[email protected]> + + * options.h, g10.c (main), keyserver.c (keyserver_refresh): + Maintain and use the original keyserver URI for cosmetics rather + than trying to recreate it when needed. + + * mainproc.c (check_sig_and_print): Properly disregard expired + uids. Make sure that the first uid listed is a real uid and not + an attribute (attributes should only be listed in the "aka" + section). When there are no valid textual userids, try for an + invalid textual userid before using any attribute uid. + +2002-07-01 David Shaw <[email protected]> + + * options.skel: Fix a few typos, clarify "group", and remove + sample photo viewers for Win32 since they are the defaults now. + + * parse-packet.c (make_attribute_uidname), keylist.c + (dump_attribs): Fix two typecast warnings. + + * packet.h, build-packet.c (build_attribute_subpkt), exec.c + (expand_args), mkdtemp.c (mkdtemp), photoid.c + (parse_image_header): Fix some signedness compiler warnings. + +2002-07-01 Werner Koch <[email protected]> + + * photoid.c (get_default_photo_command): Also use __MINGW32__ + instead of HAVE_DOSISH_SYSTEM. + + * encode.c (encode_symmetric): Do not use the new encryption code. + +2002-06-30 Werner Koch <[email protected]> + + * photoid.c: Use __MINGW32__ to include windows because + HAVE_DOSISH_SYSTEM is also set for OS/2 and plain DOS. Provide + constant missing in older mingw installations. + +2002-06-21 Stefan Bellon <[email protected]> + + * g10.c [__riscos__]: Moved RISC OS specific stuff to util/riscos.c + and include/util.h. + + * gpgv.c [__riscos__]: Likewise. + +2002-06-20 David Shaw <[email protected]> + + * keydb.h, pkclist.c (select_algo_from_prefs): Allow passing a + suggested algorithm which will be used if available. + + * encode.c (encode_crypt, encrypt_filter), sign.c (sign_file): Use + new select_algo_from_prefs feature to check if forcing an + algorithm would violate the recipient preferences. + + * photoid.c (get_default_photo_command, show_photos): Use + different default viewers on different platforms. Currently we + have Win 9x, Win NT (2k, xp), Mac OSX, RISC OS, and "everybody + else". These are #ifdefs as much as possible to avoid clutter. + + * g10.c (strusage, build_list), keyedit.c (show_prefs), main.h, + misc.c (compress_algo_to_string, check_compress_algo), pkclist.c + (algo_available), keygen.c (keygen_set_std_prefs): New + algo_to_string and check functions for compress algorithms. + +2002-06-20 Werner Koch <[email protected]> + + * misc.c (setsysinfo): Removed a #warning for Alpha's uniligedn + trap disabling - it is quite possible that this is a debug relict. + +2002-06-20 Stefan Bellon <[email protected]> + + * g10.c [__riscos__]: Added image file system feature. + + * gpgv.c [__riscos__]: Added image file system feature. + + * photoid.c (show_photos) [__riscos__]: Set RISC OS filetype of + photo id according to MIME type. + +2002-06-19 David Shaw <[email protected]> + + * hkp.c (parse_hkp_index): Don't leak memory when failing out of a + bad HKP keyserver. + + * g10.c (add_notation_data): Relax slightly the rules as to what + can go into a notation name - 2440 allows "@", for example. + +2002-06-17 David Shaw <[email protected]> + + * import.c (clean_subkeys, import_one): Only allow at most 1 + binding sig and at most 1 revocation sig on a subkey, as per + 2440:11.1. + + * hkp.c (parse_hkp_index, hkp_search): Error if the keyserver + returns an unparseable HKP response. + +2002-06-15 David Shaw <[email protected]> + + * keyedit.c (show_key_with_all_names), keylist.c + (list_keyblock_print): Show "[expired]" before expired uids. + + * keyedit.c (show_key_with_all_names_colon), mainproc.c + (list_node), keylist.c (list_keyblock_colon): Show flag 'e' for + expired user ids. Use "uat" for user attribute packets instead of + "uid". Also use '<count> <length>' rather than the fake user id + string on attributes. + + * keygen.c (keygen_add_revkey): Remove unused code. + + * misc.c (check_permissions): Check directory permissions + properly - they are not special files. + + * pkclist.c (expand_id, expand_group, build_pk_list): When + expanding groups before building a pk list, inherit flags from the + original pre-expanded string. + + * pubkey-enc.c (is_algo_in_prefs): Don't use prefs from expired + uids. + +2002-06-14 David Shaw <[email protected]> + + * free-packet.c (copy_signature): Properly copy a signature that + carries a revocation key on it. + + * pkclist.c (expand_id, expand_group, build_pk_list): Groups now + work properly when used in the "Enter the user ID" prompt. + +2002-06-14 David Shaw <[email protected]> + + * keyedit.c (show_key_with_all_names): Display warning if a user + tries to show prefs on a v3 key with a v3 selfsig. + + * kbnode.c (dump_kbnode): Show if a uid is expired. + + * import.c (merge_blocks, import_revoke_cert): Show user ID + receiving a revocation certificate. + + * free-packet.c (cmp_user_ids): Properly compare attribute ids. + + * pkclist.c (expand_groups): Maintain the strlist flags while + expanding. Members of an expansion inherit their flags from the + expansion key. + + * options.h, cipher.c (write_header), g10.c (main), keygen.c + (keygen_set_std_prefs): remove the personal_mdc flag. It no + longer serves a purpose now that the personal preference lists are + split into cipher/digest/zip. + +2002-06-14 Timo Schulz <[email protected]> + + * skclist.c (is_insecure): Implemented. + +2002-06-12 David Shaw <[email protected]> + + * keyserver.c (keyserver_spawn): Properly handle PROGRAM responses + when they have a CRLF ending. Noted by Keith Ray. + + * keyserver.c (keyserver_spawn): Handle CRLF endings from + keyserver helpers. Also don't leak the last line worth of memory + from the keyserver response. + + * main.h, misc.c (deprecated_warning): New function to warn about + deprecated options and commands. + + * g10.c (main), keyserver-internal.h, keyserver.c + (parse_keyserver_uri): Use new deprecated function to warn about + honor-http-proxy, auto-key-retrieve, and x-broken-hkp. + +2002-06-11 David Shaw <[email protected]> + + * Makefile.am: link gpg with NETLIBS for the built-in HKP access. + +2002-06-10 David Shaw <[email protected]> + + * options.h, keyserver.c (keyserver_opts), g10.c (main): New + keyserver option "include-subkeys". This feature already existed, + but now can be turned off. It defaults to on. + + * options.h, keyserver.c (parse_keyserver_options, + keyserver_spawn): There are now enough options to justify making a + structure for the keyserver options rather than a page of + if-then-else-if-then-etc. + + * getkey.c (merge_keys_and_selfsig, merge_selfsigs_main): Fix bug + in calculating key expiration dates. + +2002-06-09 David Shaw <[email protected]> + + * keydb.h, getkey.c (get_user_id_native), import.c (import_one): + Display user ID while importing a key. Note this applies to both + --import and keyserver --recv-keys. + + * exec.c (exec_finish): Log unnatural exit (core dump, killed + manually, etc) for fork/exec/pipe child processes. + +2002-06-08 Timo Schulz <[email protected]> + + * encode.c (encode_symmetric): Disable the compat flag + when the expert mode is enabled. + +2002-06-07 David Shaw <[email protected]> + + * options.skel, options.h, main.h, keydb.h, pkclist.c + (build_pk_list, expand_groups), g10.c (main, add_group): Add new + "group" command to allow one name to expand into multiple keys. + For simplicity, and to avoid potential loops, we only expand once + - you can't make an alias that points to an alias. + + * main.h, g10.c (main), keygen.c (build_personal_digest_list): + Simplify the default digest list - there is really no need for the + other hashes since they will never be used after SHA-1 in the + list. + + * options.skel, options.h, g10.c (main), hkp.c (hkp_ask_import, + hkp_export, hkp_search), keyserver.c (parse_keyserver_options, + parse_keyserver_uri, keyserver_work, keyserver_refresh): Make the + "x-broken-hkp" keyserver scheme into keyserver-option + "broken-http-proxy". Move honor_http_proxy into + keyserver_options. Canonicalize the three variations of "hkp", + "x-hkp", and "x-broken-hkp" into "hkp". + +2002-06-07 Stefan Bellon <[email protected]> + + * g10.c [__riscos__]: Added --attribute-file to do the same as + --attribute-fd, but with a filename not a fd as argument. + Added magic symbol for RISC OS to use different memory management. + + * gpgv.c [__riscos__]: Added magic symbol for RISC OS to use + different memory management. + +2002-06-06 David Shaw <[email protected]> + + * main.h, g10.c (main), keygen.c (build_personal_digest_list): Put + in a default digest preference list consisting of SHA-1, followed + by every other installed digest except MD5. Note this is the same + as having no digest preference at all except for SHA-1 being + favored. + + * options.h, g10.c (main), keygen.c (keygen_set_std_prefs), + pkclist.c (select_algo_from_prefs): Split + --personal-preference-list into three: + --personal-{cipher|digest|compress}-preferences. This allows a + user to set one without affecting another (i.e. setting only a + digest pref doesn't imply an empty cipher pref). + + * exec.c (exec_read): This is a safer way of guessing the return + value of system(). Noted by Stefan Bellon. + +2002-06-05 David Shaw <[email protected]> + + * hkp.c (parse_hkp_index): Be more robust with keyservers + returning very unparseable responses. + + * exec.c (exec_read): Catch and display an error when the remote + process exits unnaturally (i.e. segfault) so the user knows what + happened. Also fix exec_write stub which has a different number + of arguments now. + +2002-06-05 Timo Schulz <[email protected]> + + * encode.c (encode_simple): Ignore the new mode for RFC1991. + * mainproc.c (symkey_decrypt_sesskey): Better check for weird + keysizes. + +2002-06-05 Timo Schulz <[email protected]> + + * encode.c (encode_sesskey): New. + (encode_simple): Use it here. But by default we use the compat + mode which supress to generate encrypted session keys. + +2002-06-05 Timo Schulz <[email protected]> + + * mainproc.c (symkey_decrypt_sesskey): New. + (proc_symkey_enc): Support for encrypted session keys. + +2002-06-04 David Shaw <[email protected]> + + * sign.c (hash_for, sign_file): When encrypting and signing at the + same time, consult the various hash prefs to pick a hash algorithm + to use. Pass in a 160-bit hint if any of the signing keys are + DSA. + + * keydb.h, pkclist.c (select_algo_from_prefs, algo_available): + Pass a "hints" opaque pointer in to let the caller give hints as + to what algorithms would be acceptable. The only current hint is + for PREFTYPE_HASH to require a 160-bit hash for DSA. Change all + callers in encode.c (encode_crypt, encrypt_filter) and sign.c + (sign_file). If we settle on MD5 as the best algorithm based + solely on recepient keys and SHA1 is also a possibility, use SHA1 + unless the user intentionally chose MD5. This is as per 2440:13. + + * exec.c (make_tempdir): Fix duplicated filename problem. + +2002-06-03 David Shaw <[email protected]> + + * packet.h, parse-packet.c (enum_sig_subpkt): Report back from + enum_sig_subpkt when a subpacket is critical and change all + callers in keylist.c (show_policy_url, show_notation), mainproc.c + (print_notation_data), and pkclist.c (do_show_revocation_reason). + + * keylist.c (show_policy_url, show_notation): Display if the + policy or notation is critical. + +2002-06-03 David Shaw <[email protected]> + + * main.h, g10.c (main), keylist.c (dump_attribs, set_attrib_fd, + list_keyblock_print, list_keyblock_colon), status.h, status.c + (get_status_string): New --attribute-fd feature to dump the + contents of attribute subpackets for frontends. If --status-fd is + also used, then a new status tag ATTRIBUTE is provided for each + subpacket. + + * packet.h, getkey.c (fixup_uidnode, merge_selfsigs_main, + merge_selfsigs_subkey), parse-packet.c (setup_user_id): Keep track + of the expiration time of a user ID, and while we're at it, use + the expired flag from the selfsig rather than reparsing the + SIG_EXPIRE subpacket. + + * photoid.c (generate_photo_id): When adding a new photo ID, + showing the photo for confirmation is not safe when noninteractive + since the "user" may not be able to dismiss a viewer window. + Noted by Timo Schulz. + +2002-06-03 David Shaw <[email protected]> + + * options.skel: Sample photo viewers for Win32. + + * misc.c (pct_expando): Use the seckey for %k/%K if the pubkey is + not available. + + * photoid.h, photoid.c (show_photos): Include the seckey in case a + user tries to view a photo on a secret key, and change all callers + in keyedit.c (menu_showphoto), keylist.c (list_keyblock_print), + and photoid.c (generate_photo_id). + +2002-06-02 David Shaw <[email protected]> + + * photoid.c (show_photos): Work properly when not called with a + public key. + +2002-05-31 David Shaw <[email protected]> + + * sign.c (mk_notation_and_policy): Free unneeded buffer. + + * hkp.c (parse_hkp_index): Properly handle the '&' character + (i.e. "&") in HKP responses. + + * getkey.c (merge_selfsigs_main): Fix reversed expiration time + check with self-sigs. + + * keyedit.c (sign_uids): When making a new self-sig on a v3 key, + make a v3 self-sig unless it is currently a v3 self-sig being + promoted to v4. + +2002-05-31 Timo Schulz <[email protected]> + + * pkclist.c (do_show_revocation_reason): Don't use capital + letters for non-interactive output. + (show_revocation_reason): Now it is global. + * pubkey-enc.c (get_it): Show if the key has been revoked. + +2002-05-30 David Shaw <[email protected]> + + * sign.c (write_signature_packets, sign_file, clearsign_file, + sign_symencrypt_file): Make a v4 signature if a policy URL or + notation is set, unless v3 sigs are forced via rfc1991 or + force-v3-sigs. Also remove some doubled code and clarify an error + message (we don't sign in PGP2 mode - just detach-sign). + + * parse-packet.c (parse_one_sig_subpkt): Add KS_FLAGS to the "any + size" section. + +2002-05-29 David Shaw <[email protected]> + + * keygen.c (keygen_set_std_prefs, add_feature_mdc): Use "mdc" and + "no-mdc" in the prefs string to allow switching on and off the MDC + feature. This is needed to properly export a key from GnuPG for + use on PGP which does not support MDC - without this, MDC-capable + implementations will still try and generate MDCs which will break + PGP. + + * keygen.c (keygen_get_std_prefs): Show "[mdc]" in prefs string if + it is enabled. + + * options.h, g10.c (main), cipher.c (write_header), keygen.c + (keygen_set_std_prefs): For consistency, allow the user to specify + mdc/no-mdc in the --personal-preference-list. If disabled, it + acts just like --disable-mdc. + +2002-05-29 David Shaw <[email protected]> + + * options.h, exec.c: Add some debugging info, using the 1024 debug + flag. + + * exec.c (win_system): New system()-like function for win32 that + does not return until the child process terminates. Of course, + this doesn't help if the process itself exits before it is + finished. + +2002-05-29 Werner Koch <[email protected]> + + * encode.c (encode_simple): Intialize PKT when --no-literal is used. + + * keyedit.c (show_key_with_all_names_colon): Renamed the record + for revocation keys to "rvk". + +2002-05-27 Werner Koch <[email protected]> + + * keyedit.c (show_key_with_all_names_colon): New. + (show_key_with_all_names): Divert to new function when required. + Sanitize printing of revoker name. + +2002-05-27 David Shaw <[email protected]> + + * build-packet.c (build_sig_subpkt): Handle setting sig flags for + certain subpacket types (notation, policy url, exportable, + revocable). keyedit.c (sign_mk_attrib): Flags no longer need to + be set here. + + * packet.h, parse-packet.c (parse_one_sig_subpkt), build-packet.c + (build_sig_subpkt): Call parse_one_sig_subpkt to sanity check + buffer lengths before building a sig subpacket. + +2002-05-26 David Shaw <[email protected]> + + * sign.c (mk_notation_and_policy): Include secret key to enable %s + expandos, and pass notations through pct_expando as well. + + * main.h, misc.c (pct_expando): Add %s and %S expandos for + signer's keyid. + +2002-05-25 David Shaw <[email protected]> + + * g10.c (strusage, build_list): Add compress algorithms to + --version list. Show algorithm numbers when --verbose --version + is done. + +2002-05-22 David Shaw <[email protected]> + + * options.h, main.h, keygen.c (keygen_set_set_prefs, + keygen_get_std_prefs, keygen_upd_std_prefs), keyedit.c + (keyedit_menu), g10.c (main), pkclist.c (select_algo_from_prefs): + Add --personal-preference-list which allows the user to factor in + their own preferred algorithms when the preference lists are + consulted. Obviously, this does not let the user violate a + recepient's preferences (and the RFC) - this only influences the + ranking of the agreed-on (and available) algorithms from the + recepients. Suggested by David Hollenberg. + + * options.h, keygen.c (keygen_set_std_prefs), g10.c (main): Rename + --preference-list to --default-preference-list (as that is what it + really is), and make it a true default in that if the user selects + "default" they get this list and not the compiled-in list. + +2002-05-22 Werner Koch <[email protected]> + + * g10.c (main): Add missing LF in a info printout and made it + translatable. Noted by Michael Tokarev. + +2002-05-21 Werner Koch <[email protected]> + + * g10.c (main): Removed the undef of USE_SHM_COPROCESSING which + was erroneously introduced on 2002-01-09. + + * signal.c (got_fatal_signal): Don't write the Nul to stderr. + Reported by David Hollenberg. + +2002-05-18 David Shaw <[email protected]> + + * main.h, g10.c (main), revoke.c (gen_desig_revoke): Generate a + designated revocation via --desig-revoke + + * keyedit.c (keyedit_menu, menu_addrevoker): New "addrevoker" + command to add a designated revoker to a key. + +2002-05-17 David Shaw <[email protected]> + + * gpgv.c: Add stub for get_ownertrust(). + + * g10.c (main): --allow-freeform-uid should be implied by + OpenPGP. Add --no-allow-freeform-uid. + + * keyedit.c (sign_uids): Issue a warning when signing a + non-selfsigned uid. + + * getkey.c (merge_selfsigs_main): If a key has no selfsigs, and + allow-non-selfsigned-uid is not set, still try and make the key + valid by checking all uids for a signature from an ultimately + trusted key. + +2002-05-16 David Shaw <[email protected]> + + * main.h, keygen.c (keygen_add_revkey): Add revocation key + subpackets to a signature (callable by + make_keysig_packet). (write_direct_sig): Write a 1F direct key + signature. (parse_revocation_key): Parse a string in + algo:fpr:sensitive format into a revocation + key. (get_parameter_revkey, do_generate_keypair): Call above + functions when prompted from a batch key generation file. + + * build-packet.c (build_sig_subpkt): Allow multiple revocation key + subpackets in a single sig. + + * keydb.h, getkey.c (get_seckey_byfprint): Same as + get_pubkey_byfprint, except for secret keys. We only know the + fingerprint of a revocation key, so this is needed to retrieve the + secret key needed to issue a revokation. + + * packet.h, parse-packet.c (parse_signature, parse_revkeys): Split + revkey parsing off into a new function that can be used to reparse + after manipulating the revkey list. + + * sign.c (make_keysig_packet): Ability to make 1F direct key + signatures. + +2002-05-15 David Shaw <[email protected]> + + * options.skel: keyserver.pgp.com is gone, so list pgp.surfnet.nl + as a sample LDAP server instead. + + * getkey.c (merge_selfsigs_main): Properly handle multiple + revocation keys in a single packet. Properly handle revocation + keys that are in out-of-order packets. Remove duplicates in + revocation key list. + +2002-05-14 Timo Schulz <[email protected]> + + * exec.c (make_tempdir) [MINGW32]: Added missing '\'. + +2002-05-14 Stefan Bellon <[email protected]> + + * exec.c (make_tempdir): Make use of EXTSEP_S instead of hardcoded + dot as extension separator. + +2002-05-13 David Shaw <[email protected]> + + * photoid.c (show_photos): Use the long keyid as the filename for + the photo. Use the short keyid as the filename on 8.3 systems. + + * exec.h, exec.c (make_tempdir, exec_write, exec_finish): Allow + caller to specify filename. This should make things easier on + windows and macs where the file extension is required, but a whole + filename is even better. + + * keyedit.c (show_key_with_all_names, show_prefs): Show proper + prefs for a v4 key uid with no selfsig at all. + + * misc.c (check_permissions): Don't check permissions on + non-normal files (pipes, character devices, etc.) + +2002-05-11 Werner Koch <[email protected]> + + * mainproc.c (proc_symkey_enc): Avoid segv in case the parser + encountered an invalid packet. + + * keyserver.c (keyserver_export): Get confirmation before sending + all keys. + +2002-05-10 Stefan Bellon <[email protected]> + + * g10.c, hkp.c, keyedit.c, keyserver.c: Replaced all occurrances + of strcasecmp with ascii_strcasecmp and all occurrances of + strncasecmp with ascii_memcasecmp. + +2002-05-10 David Shaw <[email protected]> + + * packet.h, getkey.c (fixup_uidnode), keyedit.c (show_prefs): Show + assumed prefs for hash and compression as well as the cipher pref. + Show assumed prefs if there are no prefs at all on a v4 + self-signed key. + + * options.h, g10.c (main), sign.c (make_keysig_packet): New + --cert-digest-algo function to override the default key signing + hash algorithm. + +2002-05-09 David Shaw <[email protected]> + + * getkey.c (merge_selfsigs_main): Make sure the revocation key + list starts clean as this function may be called more than once + (e.g. from functions in --edit). + + * g10.c, encode.c (encode_crypt), sign.c (sign_file, + sign_symencrypt_file): Make --compress-algo work like the + documentation says. It should be like --cipher-algo and + --digest-algo in that it can override the preferences calculation + and impose the setting the user wants. No --compress-algo setting + allows the usual preferences calculation to take place. + + * main.h, compress.c (compress_filter): use new + DEFAULT_COMPRESS_ALGO define, and add a sanity check for compress + algo value. + +2002-05-08 David Shaw <[email protected]> + + * pkclist.c (select_algo_from_prefs): There is an assumed + compression preference for uncompressed data. + +2002-05-07 David Shaw <[email protected]> + + * options.h, g10.c (main), getkey.c (finish_lookup), pkclist.c + (algo_available): --pgp7, identical to --pgp6 except that it + permits a few algorithms that PGP 7 added: AES128, AES192, AES256, + and TWOFISH. Any more of these --pgpX flags, and it'll be time to + start looking at a generic --emulate-pgp X option. + + * export.c (do_export_stream): Warn the user when exporting a + secret key if it or any of its secret subkeys are protected with + SHA1 while simple_sk_checksum is set. + + * parse-packet.c (parse_key): Show when the SHA1 protection is + used in --list-packets. + + * options.h, build-packet.c (do_comment), g10.c (main): Rename + --no-comment as --sk-comments/--no-sk-comments (--no-comment still + works) and make the default be --no-sk-comments. + +2002-05-07 Werner Koch <[email protected]> + + * keygen.c (get_parameter_algo): Never allow generation of the + deprecated RSA-E or RSA-S flavors of PGP RSA. + (ask_algo): Allow generation of RSA sign and encrypt in expert + mode. Don't allow ElGamal S+E unless in expert mode. + * helptext.c: Added entry keygen.algo.rsa_se. + +2002-05-07 David Shaw <[email protected]> + + * keyedit.c (sign_uids): If --expert is set, allow re-signing a + uid to promote a v3 self-sig to a v4 one. This essentially + deletes the old v3 self-sig and replaces it with a v4 one. + + * packet.h, parse-packet.c (parse_key), getkey.c + (merge_keys_and_selfsig, merge_selfsigs_main): a v3 key with a v4 + self-sig must never let the v4 self-sig express a key expiration + time that extends beyond the original v3 expiration time. + +2002-05-06 David Shaw <[email protected]> + + * keyedit.c (sign_uids): When making a self-signature via "sign" + don't ask about sig level or expiration, and include the usual + preferences and such for v4 self-sigs. (menu_set_preferences): + Convert uids from UTF8 to native before printing. + + * keyedit.c (sign_uids): Convert uids from UTF8 to native before + printing. (menu_set_primary_uid): Show error if the user tries to + make a uid with a v3 self-sig primary. + +2002-05-05 David Shaw <[email protected]> + + * import.c (import_one): When merging with a key we already have, + don't let a key conflict (same keyid but different key) stop the + import: just skip the bad key and continue. + + * exec.c (make_tempdir): Under Win32, don't try environment + variables for temp directories - GetTempDir tries environment + variables internally, and it's better not to second-guess it in + case MS adds some sort of temp dir handling to Windows at some + point. + +2002-05-05 Timo Schulz <[email protected]> + + * mainproc.c (proc_symkey_enc): Don't ask for a passphrase + in the list only mode. + +2002-05-05 David Shaw <[email protected]> + + * keyserver.c (keyserver_refresh): --refresh-keys implies + --merge-only so as not to import keys with keyids that match the + ones being refreshed. Noted by Florian Weimer. + +2002-05-04 Stefan Bellon <[email protected]> + + * free-packet.c (copy_public_key): Don't call m_alloc(0), therefore + added consistency check for revkey and numrefkeys. + + * getkey.c (check_revocation_keys): Added consistency check for + revkey and numrefkeys. + + * keyedit.c (show_key_with_all_names): Likewise. + +2002-05-03 David Shaw <[email protected]> + + * photoid.c: Provide default image viewer for Win32. + + * misc.c (pct_expando): %t means extension, not name ("jpg", not + "jpeg"). + + * keyserver.c (keyserver_spawn), photoid.c (show_photos), exec.h, + exec.c: Allow the caller to determine the temp file extension when + starting an exec_write and change all callers. + + * keyedit.c (sign_uids): Nonrevocable key signatures cause an + automatic promotion to v4. + + * exec.c: Provide stubs for exec_ functions when NO_EXEC is + defined. + +2002-05-02 David Shaw <[email protected]> + + * photoid.h, photoid.c (parse_image_header, image_type_to_string): + Useful functions to return data about an image. + + * packet.h, parse-packet.c (make_attribute_uidname, + parse_attribute_subpkts, parse_attribute), photoid.h, photoid.c + (show_photos): Handle multiple images in a single attribute + packet. + + * main.h, misc.c (pct_expando), sign.c (mk_notation_and_policy), + photoid.c (show_photos): Simpler expando code that does not + require using compile-time string sizes. Call + image_type_to_string to get image strings (i.e. "jpg", + "image/jpeg"). Change all callers. + + * keyedit.c (menu_showphoto), keylist.c (list_keyblock_print): + Allow viewing multiple images within a single attribute packet. + + * gpgv.c: Various stubs for link happiness. + +2002-05-02 David Shaw <[email protected]> + + * build-packet.c (build_sig_subpkt), keyedit.c (sign_uids), + options.h, sign.c (mk_notation_and_policy), g10.c (main, + add_notation_data, add_policy_url (new), check_policy_url + (removed)): Allow multiple policy URLs on a given signature. + Split "--notation-data" into "--cert-notation" and + "--sig-notation" so the user can set different policies for key + and data signing. For backwards compatibility, "--notation-data" + sets both, as before. + +2002-05-02 Werner Koch <[email protected]> + + * options.skel: Removed the comment on trusted-keys because this + option is now deprecated. + +2002-05-01 David Shaw <[email protected]> + + * keyedit.c (menu_adduid): 2440bis04 says that multiple attribute + packets on a given key are legal. + + * keyserver.c (keyserver_refresh): the fake v3 keyid hack applies + to "mailto" URLs as well since they are also served by pksd. + +2002-04-29 Werner Koch <[email protected]> + + Added a copyright year for files changed this year. + +2002-04-25 Werner Koch <[email protected]> + + * g10.c, options.h: New options --display, --ttyname, --ttytype, + --lc-ctype, --lc-messages to be used with future versions of the + gpg-agent. + * passphrase.c (agent_send_option,agent_send_all_options): New. + (agent_open): Send options to the agent. + + * trustdb.c (update_ownertrust, clear_ownertrust): Do an explicit + do_sync because revalidation_mark does it only if when the + timestamp actually changes. + +2002-04-23 David Shaw <[email protected]> + + * main.h, keygen.c (do_generate_keypair), keylist.c + (print_signature_stats, list_all, list_one, list_keyblock, + list_keyblock_print, list_keyblock_colon): After generating a new + key, show the key information (name, keyid, fingerprint, etc.) + Also do not print uncheckable signatures (missing key..) in + --check-sigs. Print statistics (N missing keys, etc.) after + --check-sigs. + + * keyedit.c (sign_uids): When signing a key with an expiration + date on it, the "Do you want your signature to expire at the same + time?" question should default to YES. + +2002-04-22 David Shaw <[email protected]> + + * parse-packet.c (parse_plaintext), packet.h, plaintext.c + (handle_plaintext): Fix bug in handling literal packets with + zero-length data (no data was being confused with partial body + length). + + * misc.c (pct_expando), options.skel: %t means extension ("jpg"). + %T means MIME type ("image/jpeg"). + + * import.c (import_one): Only trigger trust update if the keyring + is actually changed. + + * export.c (do_export_stream): Missing a m_free. + +2002-04-22 Stefan Bellon <[email protected]> + + * keyid.c (expirestr_from_sk, expirestr_from_sig): Added _() to + string constant. + + * exec.c (make_tempdir) [__riscos__]: Better placement of + temporary file. + +2002-04-20 David Shaw <[email protected]> + + * keygen.c (generate_subkeypair): 2440bis04 adds that creating + subkeys on v3 keys is a MUST NOT. + + * getkey.c (finish_lookup): The --pgp6 "use the primary key" + behavior should only apply while data signing and not encryption. + Noted by Roger Sondermann. + +2002-04-19 Werner Koch <[email protected]> + + * keygen.c (keygen_set_std_prefs): Put back 3DES because the RFC + says it is good form to do so. + +2002-04-19 David Shaw <[email protected]> + + * keyedit.c (menu_deluid): Only cause a trust update if we delete + a non-revoked user id. + + * hkp.c (hkp_ask_import), keyserver.c (parse_keyserver_options, + keyserver_spawn), options.h: Remove fast-import keyserver option + (no longer meaningful). + + * g10.c (main), keyedit.c (sign_uids), options.h: Change + --default-check-level to --default-cert-check-level as it makes + clear what it operates on. + + * g10.c (main): --pgp6 also implies --no-ask-sig-expire. + + * delkey.c (do_delete_key): Comment. + + * keyedit.c (sign_uids, keyedit_menu, menu_deluid, menu_delsig, + menu_expire, menu_revsig, menu_revkey): Only force a trustdb check + if we did something that changes it. + + * g10.c: add "--auto-check-trustdb" to override a + "--no-auto-check-trustdb" + +2002-04-19 Werner Koch <[email protected]> + + * tdbio.c (tdbio_write_nextcheck): Return a status whether the + stamp was actually changed. + * trustdb.c (revalidation_mark): Sync the changes. Removed the + sync operation done by its callers. + (get_validity): Add logic for maintaining a pending_check flag. + (clear_ownertrust): New. + + * keyedit.c (sign_uids): Don't call revalidation_mark depending on + primary_pk. + (keyedit_menu): Call revalidation_mark after "trust". + (show_key_with_all_names): Print a warning on the wrong listed key + validity. + + * delkey.c (do_delete_key): Clear the owenertrust information when + deleting a public key. + +2002-04-18 Werner Koch <[email protected]> + + * seskey.c (encode_md_value): Print an error message if a wrong + digest algorithm is used with DSA. Changed all callers to cope + with a NULL return. Problem noted by Imad R. Faiad. + +2002-04-18 David Shaw <[email protected]> + + * trustdb.c (mark_usable_uid_certs): Properly handle nonrevocable + signatures that can expire. In short, the only thing that can + override an unexpired nonrevocable signature is another unexpired + nonrevocable signature. + + * getkey.c (finish_lookup): Always use primary signing key for + signatures when --pgp6 is on since pgp6 and 7 do not understand + signatures made by signing subkeys. + +2002-04-18 Werner Koch <[email protected]> + + * trustdb.c (validate_keys): Never schedule a nextcheck into the + past. + (validate_key_list): New arg curtime use it to set next_expire. + (validate_one_keyblock): Take the current time from the caller. + (clear_validity, reset_unconnected_keys): New. + (validate_keys): Reset all unconnected keys. + + * getkey.c (premerge_public_with_secret): Fixed 0x12345678! syntax + for use with secret keys. + (lookup): Advance the searchmode after a search FIRST. + + * seckey-cert.c (do_check): Always calculate the old checksum for + use after unprotection. + + * g10.c, options.skel: New option --no-escape-from. Made + --escape-from and --force-v3-sigs the default and removed them + from the options skeleton. + +2002-04-16 Werner Koch <[email protected]> + + * parse-packet.c (parse_key): Support a SHA1 checksum as per + draft-rfc2440-bis04. + * packet.h (PKT_secret_key): Add field sha1chk. + * seckey-cert.c (do_check): Check the SHA1 checksum + (protect_secret_key): And create it. + * build-packet.c (do_secret_key): Mark it as sha-1 protected. + * g10.c, options.h: New option --simple-sk-checksum. + +2002-04-13 David Shaw <[email protected]> + + * parse-packet.c (parse_signature): Minor fix - signatures should + expire at their expiration time and not one second later. + + * keygen.c (proc_parameter_file): Allow specifying preferences + string (i.e. "s5 s2 z1 z2", etc) in a batchmode key generation + file. + + * keyedit.c (keyedit_menu): Print standard error message when + signing a revoked key (no new translation). + + * getkey.c (merge_selfsigs): Get the default set of key prefs from + the real (not attribute) primary uid. + +2002-04-12 David Shaw <[email protected]> + + * pkclist.c (build_pk_list): Fix bug that allowed a key to be + selected twice in batch mode if one instance was the default + recipient and the other was an encrypt-to. Noted by Stefan + Bellon. + + * parse-packet.c (dump_sig_subpkt): Show data in trust and regexp + sig subpackets. + + * keyedit.c (keyedit_menu): Use new function real_uids_left to + prevent deleting the last real (i.e. non-attribute) uid. Again, + according to the attribute draft. (menu_showphoto): Make another + string translatable. + +2002-04-11 David Shaw <[email protected]> + + * build-packet.c (build_sig_subpkt): Delete subpackets from both + hashed and unhashed area on update. (find_subpkt): No longer + needed. + + * keyedit.c (sign_uids): With --pgp2 on, refuse to sign a v3 key + with a v4 signature. As usual, --expert overrides. Try to tweak + some strings to a closer match so they can all be translated in + one place. Use different helptext keys to allow different help + text for different questions. + + * keygen.c (keygen_upd_std_prefs): Remove preferences from both + hashed and unhashed areas if they are not going to be used. + +2002-04-10 David Shaw <[email protected]> + + * misc.c (pct_expando), options.skel: Use %t to indicate type of a + photo ID (in this version, it's always "jpeg"). Also tweak string + expansion loop to minimize reallocs. + + * mainproc.c (do_check_sig): Variable type fix. + + * keyedit.c (menu_set_primary_uid): Differentiate between true + user IDs and attribute user IDs when making one of them primary. + That is, if we are making a user ID primary, we alter user IDs. + If we are making an attribute packet primary, we alter attribute + packets. This matches the language in the latest attribute packet + draft. + + * keyedit.c (sign_uids): No need for the empty string hack. + + * getkey.c (fixup_uidnode): Only accept preferences from the + hashed segment of the self-sig. + +2002-04-10 Werner Koch <[email protected]> + + * tdbio.c (migrate_from_v2): Fixed the offset to read the old + ownertrust value and only add entries to the table if we really + have a value. + +2002-04-08 David Shaw <[email protected]> + + * status.h, status.c (get_status_string): Add KEYEXPIRED, EXPSIG, + and EXPKEYSIG. Add "deprecated-use-keyexpired-instead" to + SIGEXPIRED. + + * sig-check.c (do_check): Start transition from SIGEXPIRED to + KEYEXPIRED, since the actual event is signature verification by an + expired key and not an expired signature. (do_signature_check, + packet.h): Rename as signature_check2, make public, and change all + callers. + + * mainproc.c (check_sig_and_print, do_check_sig): Use status + EXPSIG for an expired, but good, signature. Add the expiration + time (or 0) to the VALIDSIG status line. Use status KEYEXPSIG for + a good signature from an expired key. + + * g10.c (main): remove checks for no arguments now that argparse + does it. + +2002-04-06 Werner Koch <[email protected]> + + * keyring.c (keyring_get_keyblock): Disable the keylist mode here. + + * encode.c (encode_simple, encode_crypt): Only test on compressed + files if a compress level was not explicity set. + + * keygen.c (keygen_set_std_prefs): Removed Blowfish and Twofish + from the list of default preferences, swapped the preferences of + RMD160 and SHA1. Don't include a preference to 3DES unless the + IDEA kludge gets used. + + * free-packet.c (free_packet): call free_encrypted also for + PKT_ENCRYPTED_MDC. + + * compress.c (release_context): New. + (handle_compressed): Allocate the context and setup a closure to + release the context. This is required because there is no + guarabntee that the filter gets popped from the chain at the end + of the function. Problem noted by Timo and probably also the + cause for a couple of other reports. + (compress_filter): Use the release function if set. + + * tdbio.c [__CYGWIN32__]: Don't rename ftruncate. Noted by + Disastry. + + * parse-packet.c (parse_signature): Put parens around a bit test. + + * exec.c (make_tempdir): Double backslash for TMP directory + creation under Windows. Better strlen the DIRSEP_S constants for + allocation measurements. + + * decrypt.c (decrypt_messages): Release the passphrase aquired + by get_last_passphrase. + +2002-04-02 Werner Koch <[email protected]> + + * Makefile.am (EXTRA_DIST): Removed OPTIONS an pubring.asc - they + are no longer of any use. + +2002-04-03 David Shaw <[email protected]> + + * keyserver.c (parse_keyserver_options): fix auto-key-retrieve to + actually work as a keyserver-option (noted by Roger Sondermann). + + * keylist.c (reorder_keyblock): do not reorder the primary + attribute packet - the first user ID must be a genuine one. + +2002-03-31 David Shaw <[email protected]> + + * keylist.c (list_keyblock_colon): Fix ownertrust display with + --with-colons. + + * keygen.c (generate_user_id), photoid.c (generate_photo_id): + Properly initialize the user ID refcount. A few more "y/n" -> + "y/N" in photoid.c. + + * keyedit.c (ask_revoke_sig): Warn the user if they are about to + revoke an expired sig (not a problem, but they should know). Also + tweak a few prompts to change "y/n" to "y/N", which is how most + other prompts are written. + + * keyserver.c (keyserver_search_prompt): Control-d escapes the + keyserver search prompt. + + * pkclist.c (show_revocation_reason & callers): If a subkey is + considered revoked solely because the parent key is revoked, print + the revocation reason from the parent key. + + * trustdb.c (get_validity): Allow revocation/expiration to apply + to a uid/key with no entry in the trustdb. + +2002-03-29 David Shaw <[email protected]> + + * keyserver.c (printunquoted): unquote backslashes from keyserver + searches + + * hkp.c (write_quoted): quote backslashes from keyserver searches + +2002-03-26 Werner Koch <[email protected]> + + * keygen.c (ask_keysize): Removed the warning for key sizes > 1536. + +2002-03-25 Werner Koch <[email protected]> + + * keyedit.c (sign_uids): Use 2 strings and not a %s so that + translations can be done the right way. + * helptext.c: Fixed small typo. + +2002-03-23 David Shaw <[email protected]> + + * import.c (append_uid, merge_sigs): it is okay to import + completely non-signed uids now (with --allow-non-selfsigned-uid). + + * getkey.c (get_primary_uid, merge_selfsigs_main): do not choose + an attribute packet (i.e. photo) as primary uid. This prevents + oddities like "Good signature from [image of size 2671]". This is + still not perfect (one can still select an attribute packet as + primary in --edit), but is closer to the way the draft is going. + + * g10.c (build_list): algorithms should include 110. + + * g10.c (main): --pgp2 implies --no-ask-sig-expire and + --no-ask-cert-expire as those would cause a v4 sig/cert. + + * armor.c (is_armor_header): be more lenient in what constitutes a + valid armor header (i.e. -----BEGIN blah blah-----) as some + Windows programs seem to add spaces at the end. --openpgp makes + it strict again. + +2002-03-18 David Shaw <[email protected]> + + * keyserver.c (keyserver_search_prompt): Properly handle a "no + keys found" case from the internal HKP code (external HKP is ok). + Also, make a COUNT -1 (i.e. streamed) keyserver response a little + more efficient. + + * g10.c (main): Add --no-allow-non-selfsigned-uid + +2002-03-17 David Shaw <[email protected]> + + * g10.c (main): --openpgp implies --allow-non-selfsigned-uid. + + * getkey.c (merge_selfsigs_main): If none of the uids are primary + (because none are valid) then pick the first to be primary (but + still invalid). This is for cosmetics in case some display needs + to print a user ID from a non-selfsigned key. Also use + --allow-non-selfsigned-uid to make such a key valid and not + --always-trust. The key is *not* automatically trusted via + --allow-non-selfsigned-uid. + + * mainproc.c (check_sig_and_print): Make sure non-selfsigned uids + print [uncertain] on verification even though one is primary now. + + * getkey.c (merge_selfsigs): If the main key is not valid, then + neither are the subkeys. + + * import.c (import_one): Allow --allow-non-selfsigned-uid to work + on completely unsigned keys. Print the uids in UTF8. Remove + mark_non_selfsigned_uids_valid(). + + * keyedit.c (show_key_with_all_names): Show revocation key as + UTF8. + + * sign.c (clearsign_file): Allow --not-dash-escaped to work with + v3 keys. + +2002-03-14 Werner Koch <[email protected]> + + * main.h: Changed the default algorithms to CAST5 and SHA1. + +2002-03-13 David Shaw <[email protected]> + + * import.c (chk_self_sigs): Show which user ID a bad self-sig + (invald sig or unsupported public key algorithm) resides on. + + * import.c (chk_self_sigs): any valid self-sig should mark a user + ID or subkey as valid - otherwise, an attacker could DoS the user + by inventing a bogus invalid self-signature. + +2002-03-07 David Shaw <[email protected]> + + * g10.c (main): make a few more strings translatable. + + * options.h, options.skel, g10.c (main), gpgv.c, mainproc.c + (check_sig_and_print), keyserver.c (parse_keyserver_options): + --auto-key-retrieve should really be a keyserver-option variable. + + * import.c (revocation_present): new function to print a warning + if a key is imported that has been revoked by designated revoker, + but the designated revoker is not present to verify the + revocation. If keyserver-options auto-key-retrieve is set, try + and fetch the designated revoker from the keyserver. + + * import.c (import_one): call revocation_present after importing a + new key. Note that this applies to --import, --recv-keys, and + --search-keys. + + * keyserver-internal.h, keyserver.c (keyserver_import_fprint): + import via fingerprint (for revocation keys). + + * keyserver.c (keyserver_import_keyid): much simpler + implementation now that we're using KEYDB_SEARCH_DESC internally. + +2002-03-04 David Shaw <[email protected]> + + * revoke.c (gen_revoke): do not prompt for revocation reason for + v3 revocations (unless force-v4-certs is on) since they wouldn't + be used anyway. + + * keyedit.c (menu_revsig): show the status of the sigs + (exportable? revocable?) to the user before prompting for which + sig to revoke. Also, make sure that local signatures get local + revocations. + + * keyedit.c (ask_revoke_sig): remind the user which sigs are + local. + + * g10.c (main): Add "exec-path" variable to override PATH for + execing programs. + + * export.c (do_export_stream): properly check return code from + classify_user_id to catch unclassifiable keys. + +2002-03-03 David Shaw <[email protected]> + + * parse-packet.c (parse_signature): variable type tweak for RISC + OS (from Stefan) + +2002-02-28 David Shaw <[email protected]> + + * getkey.c (check_revocation_keys): New function to check a + revocation against a list of potential revocation keys. Note the + loop-breaking code here. This is to prevent blowing up if A is + B's revocation key, while B is also A's. Note also that this is + written so that a revoked revoker can still issue revocations: + i.e. If A revokes B, but A is revoked, B is still revoked. I'm + not completely convinced this is the proper behavior, but it + matches how PGP does it. It does at least have the advantage of + much simpler code - my first version of this had lots of loop + maintaining code so you could chain revokers many levels deep and + if D was revoked, C was not, which meant that B was, and so on. + It was sort of scary, actually. + + * getkey.c (merge_selfsigs_main): Add any revocation keys onto the + pk. This is particularly interesting since we normally only get + data from the most recent 1F signature, but you need multiple 1F + sigs to properly handle revocation keys (PGP does it this way, and + a revocation key could be marked "sensitive" and hence in a + different signature). Also, if a pk has a revocation key set, + check for revocation sigs that were not made by us - if made by a + valid revocation key, mark the pk revoked. + + * packet.h, getkey.c (cache_public_key): do not cache key if + "dont_cache" is set. This allows the revocation key code to look + up a key and return information that may be inaccurate to prevent + loops without caching the fake data. + + * packet.h, sig-check.c (do_signature_check): Record if a + signature was made by a revoked pk. + + * packet.h, parse-packet.c (parse_one_sig_subpkt, + can_handle_critical, parse_signature): Get revocation key + information out of direct sigs. + + * keylist.c (list_keyblock_print): don't assume that the presence + of a 0x20 signature means the key is revoked. With revocation + keys, this may not be true if the revocation key is not around to + verify it or if verification failed. Also, 0x1F should get listed + as "sig", and not "unexpected signature class". + + * keyedit.c (show_key_with_all_names): Add a flag for printing + revoker information and change all callers. + + * import.c (merge_blocks): merge in any new direct key (0x1F) + sigs. + + * import.c (import_revoke_cert): don't keep processing after a + revocation is rejected. + + * import.c (delete_inv_parts): Allow importing a revocation + signature even if it was not issued by the key. This allows a + revocation key to issue it. Of course, the sig still needs to be + checked before we trust it. + + * free-packet.c (copy_public_key): Include a new copy of the + revocation keys when duping a pk. + + * free-packet.c (free_seckey_enc, release_public_key_parts): Free + any revocation keys that are attached to a sig or pk. + + * export.c (do_export_stream): Do not export signatures with + "sensitive" revocation keys in them. + +2002-02-27 David Shaw <[email protected]> + + * export.c (do_export_stream): Do not include v3 keys in a + --export-secret-subkeys export. + + * getkey.c (merge_selfsigs_main): If a key isn't valid (say, + because of no self-signature), allow --always-trust to force it + valid so it can be trusted. + +2002-02-25 David Shaw <[email protected]> + + * hkp.c (hkp_ask_import), hkp.h, keyserver.c (all): treat key + lists internally as fingerprints when possible. All this is via + KEYDB_SEARCH_DESC - no point in reinventing the wheel. This allows + the helper program to search the keyserver by fingerprint if + desired (and the keyserver supports it). Note that automatic + fingerprint promotion during refresh only applies to v4 keys as a + v4 fingerprint can be easily changed into a long or short key id, + and a v3 cannot. + + * pubkey-enc.c, getkey.c, misc.c, main.h: Take two copies of + hextobyte() from pubkey-enc.c and getkey.c and make them into one + copy in misc.c. + +2002-02-22 David Shaw <[email protected]> + + * keyserver.c (keyserver_search_prompt): Detect a "no keys found" + case even if the helper program does not explicitly say how many + keys were found. + + * hkp.c (parse_hkp_index): Bug fix - don't report non-revoked keys + as revoked in HKP key searches. + +2002-02-19 Werner Koch <[email protected]> + + * parse-packet.c (parse_trust): Made parsing more robust. + +2002-02-19 David Shaw <[email protected]> + + * hkp.c (parse_hkp_index): Catch corruption in HKP index lines + (can be caused by broken or malicious keyservers). + + * keyserver.c (keyserver_work): Add KEYSERVER_NOT_SUPPORTED for + unsupported actions (say, a keyserver that has no way to search, + or a readonly keyserver that has no way to add). Also add a + USE_EXTERNAL_HKP define to disable the internal HKP keyserver + code. + +2002-02-14 Werner Koch <[email protected]> + + * g10.c: New option --no-use-agent. + + * pkclist.c (check_signatures_trust): Always print the warning for + unknown and undefined trust. Removed the did_add cruft. Reported + by Janusz A. Urbanowicz. + +2002-02-11 David Shaw <[email protected]> + + * hkp.c (parse_hkp_index): Bug fix - properly handle user IDs with + colons (":") in them while HKP searching. + +2002-02-09 David Shaw <[email protected]> + + * misc.c (pct_expando): More comments. + + * keydb.h, sign.c (mk_notation_and_policy): Clarify what is a sig + and what is a cert. A sig has sigclass 0x00, 0x01, 0x02, or 0x40, + and everything else is a cert. + + * g10.c (main), keyedit.c (keyedit_menu): Add a "nrlsign" for + nonrevocable and local key signatures. + + * g10.c (main): Add a --no-force-mdc to undo --force-mdc. + + * options.h, g10.c (main), cipher.c (write_header): Add a knob to + --disable-mdc/--no-disable-mdc. Off by default, of course, but is + used in --pgp2 and --pgp6 modes. + + * pkclist.c (build_pk_list): Allow specifying multiple users in + the "Enter the user ID" loop. Enter a blank line to stop. Show + each key+id as it is added. + + * keylist.c (show_policy_url), mainproc.c (print_notation_data): + It is not illegal (though possibly silly) to have multiple policy + URLs in a given signature, so print all that are present. + + * hkp.c (hkp_search): More efficient implementation of URL-ifying + code. + +2002-02-04 David Shaw <[email protected]> + + * main.h, misc.c (pct_expando): New function to generalize + %-expando processing in any arbitrary string. + + * photoid.c (show_photo): Call the new pct_expando function rather + than expand strings internally. + + * sign.c (mk_notation_and_policy): Show policy URLs and notations + when making a signature if show-policy/show-notation is on. + %-expand policy URLs during generation. This lets the user have + policy URLs of the form "http://notary.jabberwocky.com/keysign/%K" + which will generate a per-signature policy URL. + + * main.h, keylist.c (show_policy_url, show_notation): Add amount + to indent so the same function can be used in key listings as well + as during sig generation. Change all callers. + +2002-02-04 David Shaw <[email protected]> + + * keyserver.c, options.h (parse_keyserver_options, keyidlist): + Workaround for the pksd and OKS keyserver bug that calculates v4 + RSA keyids as if they were v3. The workaround/hack is to fetch + both the v4 (e.g. 99242560) and v3 (e.g. 68FDDBC7) keyids. This + only happens for key refresh while using the HKP scheme and the + refresh-add-fake-v3-keyids keyserver option must be set. This + should stay off by default. + +2002-02-03 David Shaw <[email protected]> + + * keyserver.c (keyserver_spawn): Bug fix - do not append keys to + each other when --sending more than one. + +2002-02-02 David Shaw <[email protected]> + + * options.h, g10.c (main), keyedit.c (sign_uids), sign.c + (mk_notation_and_policy): Split "--set-policy-url" into + "--cert-policy-url" and "--sig-policy-url" so the user can set + different policies for key and data signing. For backwards + compatibility, "--set-policy-url" sets both, as before. + +2002-01-30 Werner Koch <[email protected]> + + * g10.c (main): --gen-random --armor does now output a base64 + encoded string. + +2002-01-28 David Shaw <[email protected]> + + * g10.c (main), options.h, pkclist.c (algo_available): --pgp6 + flag. This is not nearly as involved as --pgp2. In short, it + turns off force_mdc, turns on no_comment, escape_from, and + force_v3_sigs, and sets compression to 1. It also restricts the + user to IDEA (if present), 3DES, CAST5, MD5, SHA1, and RIPEMD160. + See the comments above algo_available() for lots of discussion on + why you would want to do this. + +2002-01-27 David Shaw <[email protected]> + + * keygen.c (keygen_set_std_prefs): Comment + + * keyedit.c (sign_uids): Bug fix - when signing with multiple + secret keys at the same time, make sure each key gets the sigclass + prompt. + + * exec.c (exec_finish): Close the iobuf and FILE before trying to + waitpid, so the remote process will get a SIGPIPE and exit. This + is only a factor when using a pipe to communicate. + + * exec.c (exec_write): Disable cache-on-close of the fd iobuf (is + this right? Why is a fd iobuf cached at all?) + +2002-01-26 Werner Koch <[email protected]> + + * g10.c, options.h: New option --gpg-agent-info + * passphrase.c (agent_open): Let it override the environment info. + * seckey-cert.c (check_secret_key): Always try 3 times when the + agent is enabled. + * options.skel: Describe --use-agent. + +2002-01-24 David Shaw <[email protected]> + + * pubkey-enc.c (is_algo_in_prefs, get_it): Only check preferences + against keys with v4 self sigs - there is really little point in + warning for every single non-IDEA message encrypted to an old key. + + * pkclist.c (select_algo_from_prefs): Only put in the fake IDEA + preference if --pgp2 is on. + + * mainproc.c (check_sig_and_print): Print "Expired" for expired + but good signatures (this still prints "BAD" for expired but bad + signatures). + +2002-01-23 David Shaw <[email protected]> + + * keygen.c (ask_keysize): Cosmetic: don't present a RSA signing + key as a "keypair" which can be 768 bits long (as RSA minimum is + 1024). + + * pubkey-enc.c (is_algo_in_prefs): Allow IDEA as a fake preference + for v3 keys with v3 selfsigs. + +2002-01-22 David Shaw <[email protected]> + + * packet.h, getkey.c (merge_selfsigs_main), pkclist.c + (select_algo_from_prefs): Implement the fake IDEA preference as + per RFC2440:12.1. This doesn't mean that IDEA will be used (the + plugin may not be present), but it does mean that a v3 key with a + v3 selfsig has an implicit IDEA preference instead of 3DES. v3 + keys with v4 selfsigs use preferences as normal. + + * encode.c (encode_crypt): if select_algo_from_prefs fails, this + means that we could not find a cipher that both keys like. Since + all v4 keys have an implicit 3DES preference, this means there is + a v3 key with a v3 selfsig in the list. Use 3DES in this case as + it is the safest option (we know the v4 key can handle it, and + we'll just hope the v3 key is being used in an implementation that + can handle it). If --pgp2 is on, warn the user what we're doing + since it'll probably break PGP2 compatibility. + + * g10.c (main): Do not force using IDEA for encrypted files in + --pgp2 mode - let the fake IDEA preference choose this for us for + better compatibility when encrypting to multiple keys, only some + of which are v3. + + * keygen.c (keygen_set_std_prefs): Put 3DES on the end of the + default cipher pref list (RFC2440: "...it is good form to place it + there explicitly."). If the user has the IDEA plugin installed, + put a preference for IDEA *after* 3DES to effectively disable its + use for everything except encrypting along with v3 keys. + + * encode.c, g10.c, sign.c: Change the PGP2 warning line from + "... will not be usable ..." to "... may not be usable ..." as the + user could be using one of the enhanced PGP2 variations. + + * helptext.c: Revise the sign_uid.class help text as suggested by + Stefan. + +2002-01-20 Werner Koch <[email protected]> + + * passphrase.c (passphrase_to_dek): Add tryagain_text arg to be + used with the agent. Changed all callers. + (agent_get_passphrase): Likewise and send it to the agent + * seckey-cert.c (do_check): New arg tryagain_text. + (check_secret_key): Pass the string to do_check. + * keygen.c (ask_passphrase): Set the error text is required. + * keyedit.c (change_passphrase): Ditto. + + * passphrase.c (agent_open): Disable opt.use_agent in case of a + problem with the agent. + (agent_get_passphrase): Ditto. + (passphrase_clear_cache): Ditto. + +2002-01-19 Werner Koch <[email protected]> + + * passphrase.c (agent_open): Add support for the new Assuan based + gpg-agent. New arg to return the used protocol version. + (agent_get_passphrase): Implemented new protocol here. + (passphrase_clear_cache): Ditto. + (readline): New. + +2002-01-15 Timo Schulz <[email protected]> + + * encode.c (encode_crypt_files): Fail if --output is used. + + * g10.c: New command --decrypt-files. + + * decrypt.c (decrypt_messages): New. + +2002-01-09 David Shaw <[email protected]> + + * g10.c, misc.c, gpgv.c: move idea_cipher_warn to misc.c so gpgv.c + doesn't need a stub for it any longer. + + * g10.c (get_temp_dir), main.h: no longer used (it's in exec.c now) + + * g10.c (main), delkey.c (delete_keys), main.h : Allow + --delete-key (now --delete-keys, though --delete-key still works, + of course) to delete multiple keys in one go. This applies to + --delete-secret-key(s) and --delete-secret-and-public-key(s) as + well. + +2002-01-09 Timo Schulz <[email protected]> + + * encode.c (encode_crypt_files): Now it behaves like verify_files. + + * g10.c (main): We don't need to check argc for encode_crypt_files + any longer. + +2002-01-09 Timo Schulz <[email protected]> + + * exec.c: Include windows.h for dosish systems. + +2002-01-08 Timo Schulz <[email protected]> + + * g10.c (main): New description for --encrypt-files. + +2002-01-08 Werner Koch <[email protected]> + + * g10.c (main): Must register the secring for encryption because + it is needed to figure out the default recipient. Reported by + Roger Sondermann. + +2002-01-05 David Shaw <[email protected]> + + * keyedit.c (menu_adduid): Require --expert before adding a photo + ID to a v3 key, and before adding a second photo ID to any key. + + * keyedit.c (keyedit_menu): Don't allow adding photo IDs in + rfc1991 or pgp2 mode. + + * getkey.c (merge_selfsigs_subkey): Permit v3 subkeys. Believe it + or not, this is allowed by rfc 2440, and both PGP 6 and PGP 7 work + fine with them. + + * g10.c, options.h, keyedit.c, sign.c: Move the "ask for + expiration" switch off of --expert, which was getting quite + overloaded, and onto ask-sig-expire and ask-cert-expire. Both + default to off. + + * g10.c (main): Change the default compression algo to 1, to be + more OpenPGP compliant (PGP also uses this, so it'll help with + interoperability problems as well). + + * encode.c (encode_crypt): Handle compression algo 2, since the + default is now 1. + + * build-packet.c (build_attribute_subpkt): Fix off-by-one error. + +2002-01-05 Werner Koch <[email protected]> + + * g10.c (main): Do not register the secret keyrings for certain + commands. + + * keydb.c (keydb_add_resource): Use access to test for keyring + existence. This avoids cached opened files which are bad under + RISC OS. + +2002-01-04 David Shaw <[email protected]> + + * sign.c (sign_file, sign_symencrypt_file): always use one-pass + packets unless rfc1991 is enabled. This allows a signature made + with a v3 key to work in PGP 6 and 7. Signatures made with v4 + keys are unchanged. + + * g10.c (main): Disallow non-detached signatures in PGP2 mode. + Move the "you must use files and not pipes" PGP2 warning up so all + the PGP2 stuff is together. + + * encode.c (encode_simple): Use the actual filesize instead of + partial length packets in the internal literal packet from a + symmetric message. This breaks PGP5(?), but fixes PGP2, 6, and 7. + It's a decent tradeoff. Note there was only an issue with + old-style RFC1991 symmetric messages. 2440-style messages in 6 + and 7 work with or without partial length packets. + +2002-01-03 David Shaw <[email protected]> + + * g10.c (main): Removed --no-default-check-level option, as it is + not consistent with other "default" options. Plus, it is the same + as saying --default-check-level 0. + + * exec.c (exec_read): Disallow caching tempfile from child + process, as this keeps the file handle open and can cause unlink + problems on some platforms. + + * keyserver.c (keyserver_search_prompt): Minor tweak - don't + bother to transform keyids into textual form if they're just going + to be transformed back to numbers. + +2002-01-03 Timo Schulz <[email protected]> + + * g10.c: New command --encrypt-files. + + * verify.c (print_file_status): Removed the static because + encode_crypt_files also uses this function. + + * main.h (print_files_status): New. + (encode_crypt_files): New. + + * encode.c (encode_crypt_files): New. + +2002-01-02 Stefan Bellon <[email protected]> + + * keyserver.c: Moved util.h include down in order to avoid + redefinition problems on RISC OS. + + * keyring.c (keyring_lock): Only lock keyrings that are writable. + + * keyring.c (keyring_update_keyblock): Close unused iobuf. + + * hkp.c (parse_hkp_index, hkp_search) [__riscos__]: Changed + unsigned char* to char* because of compiler issues. + + * exec.c (exec_finish) [__riscos__]: Invalidate close cache so + that file can be unlinked. + +2001-12-28 David Shaw <[email protected]> + + * g10.c (main): Use a different strlist to check extensions since + they need to be handled seperately now. + + * misc.c,main.h (check_permissions): Properly handle permission + and ownership checks on files in the lib directory + (e.g. /usr/local/lib/gnupg), which are owned by root and are + world-readable, and change all callers to specify extension or + per-user file. + + * photoid.c (show_photo), keyserver.c (keyserver_spawn): Bug fix - + don't call exec_finish if exec_write fails. + + * keyserver.c (keyserver_spawn): Look for OPTIONS from the + keyserver helper - specifically, a "OUTOFBAND" option for the + email keyserver. + + * mainproc.c (list_node), keylist.c (list_keyblock_colon), + import.c (delete_inv_parts), export.c (do_export_stream): Use + signature flags for exportability check rather than re-parsing the + subpacket. + + * keyid.c, keydb.h (get_lsign_letter): No longer needed. + +2001-12-27 David Shaw <[email protected]> + + * exec.c (exec_finish): Show errors when temp files cannot be + deleted for whatever reason. + + * exec.c (exec_read): Don't rely on WEXITSTATUS being present. + + * exec.c (make_tempdir): Add temp file creator for win32. Don't + create an incoming temp file if the exec is write-only. + + * keyserver.c (keyserver_spawn): Clean up error handling, for when + the spawn fails. + + * photoid.c (show_photo): Clean up error handling. + + * misc.c (check_permissions): Neaten. + +2001-12-25 David Shaw <[email protected]> + + * mkdtemp.c (mkdtemp): Add copyleft info and tweak the 'X' counter + to be a bit simpler. + + * keyserver.c, photoid.c: Remove unused headers left over from + when the exec functions lived there. + +2001-12-23 Timo Schulz <[email protected]> + + * misc.c (check_permissions): Do not use it for W32 systems. + + * tdbio.c (migrate_from_v2): Define ftruncate as chsize() for W32. + + * mkdtemp.c: W32 support. + + * photoid.c: Ditto. + + * exec.c: Ditto. + +2001-12-22 David Shaw <[email protected]> + + * exec.c (make_tempdir): avoid compiler warning with const + + * mkdtemp.c (mkdtemp): catch the empty ("") string case in case + someone repurposes mkdtemp at some point. + + * photoid.c (generate_photo_id, show_photo): some type changes + from Stefan Bellon. + + * exec.c (make_tempdir): handle Win32 systems, suggested by Timo + Schulz. + +2001-12-22 Werner Koch <[email protected]> + + * encode.c (encode_simple, encode_crypt): i18n 2 strings. + +2001-12-22 Timo Schulz <[email protected]> + + * encode.c (encode_simple, encode_crypt): Use is_file_compressed + to avoid to compress compressed files. + +2001-12-22 Werner Koch <[email protected]> + + * keyserver.c (keyserver_spawn): Removed some variables + declaration due to shadowing warnings. + + * build-packet.c (build_attribute_subpkt): s/index/idx/ to avoid + compiler warnig due to index(3). + + * getkey.c (get_ctx_handle): Use KEYDB_HANDLE as return value. + * keylist.c (list_one): Made resname const. + + * keyedit.c (keyedit_menu): Allow "addphoto" only when --openpgp is + not used. + + * options.skel: Changed one example photo viewer to qiv. + +2001-12-21 David Shaw <[email protected]> + + * Makefile.am: add exec.c, exec.h, photoid.c, and photoid.h + + * build-packet.c (build_attribute_subpkt): new function to build + the raw attribute subpacket. Note that attribute subpackets have + the same format as signature subpackets. + + * exec.c: new file with generic exec-a-program functionality. + Used by both photo IDs and keyserver helpers. This is pretty much + the same code that used to be keyserver specific, with some + changes to be usable generically. + + * free-packet.c (free_attributes (new)): function to free an + attribute packet. + + * gpgv.c: added stub show_photo + + * keyedit.c (keyedit_menu, menu_adduid, menu_showphoto): can add a + photo (calls generate_photo_id), or display a photo (calls + show_photo) from the --edit menu. New commands are "addphoto", + and "delphoto" (same as "deluid"). + + * keylist.c (list_keyblock_print): show photos during key list if + --show-photos enabled. + + * keyserver.c (keyserver_spawn): use the generic exec_xxx + functions to call keyserver helper. + + * g10.c, options.h: three new options - --{no-}show-photos, and + --photo-viewer to give the command line to display a picture. + + * options.skel: instructions for the photo viewer + + * parse-packet.c (parse_user_id, setup_user_id (new)): common code + for both user IDs and attribute IDs moved to setup_user_id. + + * parse-packet.c (make_attribute_uidname (new)): constructs a fake + "name" for attribute packets (e.g. "[image of size ...]") + + * parse-packet.c (parse_attribute (replaces parse_photo_id), + parse_attribute_subpkts): Builds an array of individual + attributes. Currently only handles attribute image / type jpeg + subpackets. + + * sign.c (hash_uid): Fix bug in signing attribute (formerly + photo_id) packets. + + * packet.h, and callers: globally change "photo_id" to "attribute" + and add structures for attributes. The packet format is generic + attributes, even though the only attribute type thus far defined + is jpeg. + +2001-12-21 David Shaw <[email protected]> + + * parse-packet.c (can_handle_critical): Can handle critical + revocation subpackets now. + + * trustdb.c (mark_usable_uid_certs): Disregard revocations for + nonrevocable sigs. Note that this allows a newer revocable + signature to override an older nonrevocable signature. + + * sign.c (make_keysig_packet): add a duration field and change all + callers. This makes make_keysig_packet closer to + write_signature_packets and removes some duplicated expiration + code. + + * keyedit.c (keyedit_menu, menu_revsig, sign_uids, + sign_mk_attrib): Add nrsign command, don't allow revoking a + nonrevocable signature, + + * g10.c (main): Add --nrsign option to nonrevocably sign a key + from the command line. + + * build-packet.c (build_sig_subpkt_from_sig): Comment to explain + the use of CRITICAL. + +2001-12-21 Werner Koch <[email protected]> + + * g10.c. options.h : New option --show-keyring + * getkey.c (get_ctx_handle): New. + * keylist.c (list_one): Implement option here. By David Champion. + +2001-12-20 David Shaw <[email protected]> + + * keyserver.c (keyserver_spawn): Use mkdtemp() to make temp + directory. + + * mkdtemp.c: replacement function for those platforms that don't + have mkdtemp (make a temp directory securely). + +2001-12-19 David Shaw <[email protected]> + + * misc.c (check_permissions): New function to stat() and ensure + the permissions of GNUPGHOME and the files have safe permissions. + + * keydb.c (keydb_add_resource): Check keyring permissions. + + * tdbio.c (tdbio_set_dbname): Check permissions of trustdb.gpg + + * keyserver.c (keyserver_spawn): Disable keyserver schemes that + involve running external programs if the options file has unsafe + permissions or ownership. + + * g10.c, options.h: New option --no-permission-warning to disable + the permission warning message(s). This also permits use of the + keyserver if it had been disabled (see above). Also check the + permissions/ownership of random_seed. + + * keyserver.c (keyserver_spawn): The new glibc prints a warning + when using mktemp() (the code was already secure, but the warning + was bound to cause confusion). Use a different implementation + based on get_random_bits() instead. Also try a few times to get + the temp dir before giving up. + +2001-12-19 Werner Koch <[email protected]> + + * g10.c, passphrase.c [CYGWIN32]: Allow this as an alias for MINGW32. + +2001-12-18 David Shaw <[email protected]> + + * g10.c (idea_cipher_warn): Add a flag to show the warning always + or once per session and change all callers (show always except for + the secret key protection and unknown cipher from an encrypted + message errors). Also make the strings translatable. + + * pubkey-enc.c (get_it): Add the IDEA cipher warning if the user + tries to decrypt an IDEA encrypted message without the IDEA + plugin. + + * keyserver.c (parse_keyserver_uri): More strict checking of the + keyserver URI. Specifically, fail if the ":port" section is + anything except a number between 1 and 65535. + +2001-12-17 David Shaw <[email protected]> + + * keyserver.c (print_keyinfo): No need to check for + control/illegal characters, as utf8_to_native does this for us. + + * mainproc.c (proc_encrypted): Use generic IDEA warning. + + * gpgv.c: add stub for idea_cipher_warn + + * g10.c, hkp.c, keyserver.c: Fix capitalization and plural issues. + + * encode.c (encode_crypt), sign.c (sign_file, clearsign_file): + disable pgp2 mode after the message is no longer pgp2 compatible. + + * g10.c (main): Tweak the PGP2.x IDEA warning to use the generic + warning, and not merely fail if the IDEA plugin isn't there. + + * g10.c (main, idea_cipher_warn), keygen.c (set_one_pref), + seckey-cert.c (do_check): Add a generic IDEA warning for when the + IDEA plugin is not present. This pops up when the user uses + "--cipher-algo idea", when setpref is used to set a "S1" + preference, and when a secret key protected with IDEA is used. + +2001-12-15 Werner Koch <[email protected]> + + * keyserver.c (keyserver_spawn): Assert that we have dropped privs. + +2001-12-13 Werner Koch <[email protected]> + + * pubkey-enc.c (get_session_key): Check that the public key + algorithm is indeed usable for en/decryption. This avoid a + strange error message from pubkey_decrypt if for some reasons a + bad algorithm indentifier is passed. + +2001-12-12 David Shaw <[email protected]> + + * Fixed some types for portability. Noted by Stefan Bellon. + +2001-12-11 Werner Koch <[email protected]> + + * hkp.c (hkp_export): Do not print possible control characters + from a keyserver response. + (parse_hkp_index): Made uid an unsigned char* because it is passed to + isspace(). + (hkp_search): Ditto for the char* vars. + + * g10.c (main): Print the IDEA warning also for -c and -se. + + * g10.c (get_temp_dir): Assert that we have dropped privs + + * encode.c (encode_crypt): Include the first key into the --pgp2 + check. + +2001-12-07 David Shaw <[email protected]> + + * g10.c, options.h: New option --pgp2. This is identical to + "--rfc1991 --cipher-algo idea --compress-algo 1 --digest-algo md5 + --force_v3_sigs" with the addition of an warning to advise the + user not to use a pipe (which would break pgp2 compatibility). + + * encode.c (encode_crypt): warn if the user tries to encrypt to + any key that is not RSA and <= 2048 bits when the --pgp2 option is + used. + + * sign.c (sign_file, clearsign_file): When using --pgp2, make a v3 + sig, and warn if the signature is made with a non-v3 key. + +2001-12-05 David Shaw <[email protected]> + + * sign.c (sign_file, clearsign_file, sign_symencrypt_file): Prompt + for sig expiration if --expert is set and --force-v3-sigs is not + set (v3 sigs cannot expire). + + * mainproc.c (check_sig_and_print): After checking a sig, print + expiration status. This causes a error return if the sig is + expired. + + * build-packet.c (build_sig_subpkt_from_sig): Include a critical + sig expiration subpacket if the sig is to expire. + + * keyedit.c (sign_uids): Do not sign an expired key unless + --expert is set, in which case prompt. Also, offer to expire a + signature when the key the user is signing expires. + + * keygen.c (ask_expire_interval): Add a value to determine whether + to prompt for a key or sig expiration and change all callers. + + * keyid.c: New functions: expirestr_from_sig and + colon_expirestr_from_sig. + + * keylist.c (list_keyblock_colon): Show sig expiration date in the + --with-colons listing. + + * sign.c (make_keysig_packet, write_signature_packets): Pass in an + optional timestamp for the signature packet, and change all + callers. + + * keyedit.c (sign_mk_attrib): Include a critical expiration + subpacket in the signature if an expiration date is given. + +2001-12-04 David Shaw <[email protected]> + + * keyedit.c (sign_uids): If the user tries to sign a + locally-signed key, allow the cert to be promoted to a full + exportable signature. This essentially deletes the old + non-exportable sig, and replaces it with a new exportable one. + +2001-12-04 David Shaw <[email protected]> + + * keyedit.c (keyedit_menu): Do not allow signing a revoked key + unless --expert is set, and ask even then. + + * keyedit.c (sign_uids): Do not allow signing a revoked UID unless + --expert is set, and ask even then. + + * g10.c, options.h : New option --expert + +2001-11-16 David Shaw <[email protected]> + + * Allow the user to select no compression via "--compress-algo 0" + on the command line. + + * keyedit.c (show_prefs): Show compression preferences in the + long-form "showpref" style. + + * keygen.c (set_one_pref): Permit setting a no-compression ("Z0") + preference. + + * getkey.c (fixup_uidnode): Fix compression preference corruption + bug. + +2001-12-02 David Shaw <[email protected]> + + * g10.c: Add advisory --for-your-eyes-only option as per section + 5.9 of 2440. + +2001-12-05 David Shaw <[email protected]> + + * Force a V4 sig if the user has a notation or policy URL set. + +2001-12-04 David Shaw <[email protected]> + + * g10.c: Add options --keyserver-options, --temp-directory, and + auto-key-retrieve (the opposite of no-auto-key-retrieve). + + * hkp.c (hkp_search): New function to handle searching a HKP + keyserver for a key + + * hkp.c (hkp_ask_import, hkp_export): Pretty large changes to make + them communicate via the generic functions in keyserver.c + + * keyserver.c: new file with generic keyserver routines for + getting keys from a keyserver, sending keys to a keyserver, and + searching for keys on a keyserver. Calls the internal HKP stuff + in hkp.c for HKP keyserver functions. Other calls are handled by + an external program which is spawned and written to and read from + via pipes. Platforms that don't have pipes use temp files. + +2001-11-20 David Shaw <[email protected]> + + * options.h, g10.c: New options show-notation, no-show-notation, + default-check-level, no-default-check-level, show-policy-url, + no-show-policy-url. + + * packet.h, sign.c (make_keysig_packet), parse-packet.c + (parse_signature), free-packet.c (free_seckey_enc): Fill in + structures for notation, policy, sig class, exportability, etc. + + * keyedit.c, keylist.c (print_and_check_one_sig, + list_keyblock_print): Show flags in signature display for cert + details (class, local, notation, policy, revocable). If selected, + show the notation and policy url. + + * keyedit.c (sign_uids): Prompt for and use different key sig + classes. + + * helptext.c (helptexts): Add help text to explain different + key signature classes + +2001-11-26 David Shaw <[email protected]> + + * trustdb.c (mark_usable_uid_certs): Fix segfault from bad + initialization and fix reversed key signature expiration check. + +2001-11-09 Werner Koch <[email protected]> + + * export.c (do_export_stream): Put all given names into a search + description and change the loop so that all matching names are + returned. + +2001-11-08 Werner Koch <[email protected]> + + * pubkey-enc.c (get_it): To reduce the number of questions on the + MLs print the the name of cipher algorithm 1 with the error message. + + * mainproc.c: Changed the way old rfc1991 encryption cipher is + selected. Based on a patch by W Lewis. + + * pkclist.c (do_edit_ownertrust): Allow to skip over keys, the non + working "show info" is now assigned to "i" + * trustdb.c (ask_ownertrust, validate_keys): Implement a real quit + here. Both are by David Shaw. + + * trustdb.c (validate_keys): Make sure next_exipire is initialized. + + * sign.c (make_keysig_packet): Use SHA-1 with v4 RSA keys. + + * g10.c, options.h : New option --[no-]froce-v4-certs. + * sign.c (make_keysig_packet): Create v4 sigs on v4 keys even with + a v3 key. Use that new option. By David Shaw + + * revoke.c (ask_revocation_reason): Allow to select "no reason". + By David Shaw. + + * keyid.c (fingerprint_from_sk): Calculation of an v3 fpr was + plain wrong - nearly the same code in fingerprint_from_pk is correct. + + * build-packet.c (do_secret_key): Added a few comments to the code. + +2001-11-07 Werner Koch <[email protected]> + + * g10.c (main): Print a warning when -r is used w/o encryption. + Suggested by Pascal Scheffers. + +2001-10-23 Werner Koch <[email protected]> + + * keyedit.c (keyedit_menu): Changed helptext for showpref + command. Suggested by Reinhard Wobst. + + * keyring.c (keyring_search): When marking the offtbl ready, take + into account that we may have more than one keyring. + +2001-10-22 Werner Koch <[email protected]> + + * Makefile.am: Do not use OMIT_DEPENDENCIES + + * build-packet.c (build_sig_subpkt): Default is now to put all + types of subpackets into the hashed area and only list those which + should go into the unhashed area. + +2001-10-18 Werner Koch <[email protected]> + + * keydb.c (keydb_add_resource): Rearranged the way we keep track + of the resource. There will now be an entry for each keyring here + and not in keyring.c itself. Store a token to allow creation of a + keyring handle. Changed all functions to utilize this new design. + (keydb_locate_writable): Make a real implementation. + * keyring.c (next_kr): Removed and changed all callers to set the + resource directly from the one given with the handle. + (keyring_is_writable): New. + (keyring_rebuild_cache): Add an arg to pass the token from keydb. + +2001-10-17 Werner Koch <[email protected]> + + * keyring.c (keyring_search): Enabled word search mode but print a + warning that it is buggy. + +2001-10-11 Werner Koch <[email protected]> + + * hkp.c (hkp_ask_import): No more need to set the port number for + the x-hkp scheme. + (hkp_export): Ditto. + +2001-10-06 Stefan Bellon <[email protected]> + + * passphrase.c [__riscos__]: Disabled agent specific stuff. + * g10.c: New option --no-force-v3-sigs. + +2001-10-04 Werner Koch <[email protected]> + + * export.c (do_export_stream): Do not push the compress filter + here because the context would run out of scope due to the + iobuf_close done by the caller. + (do_export): Do it here instead. + +2001-09-28 Werner Koch <[email protected]> + + * keyedit.c (sign_uids): Always use the primary key to sign keys. + * getkey.c (finish_lookup): Hack to return only the primary key if + a certification key has been requested. + + * trustdb.c (cmp_kid_for_make_key_array): Renamed to + (validate_one_keyblock): this and changed arg for direct calling. + (make_key_array): Renamed to + (validate_one_keyblock): this and changed args for direct calling. + (mark_usable_uid_certs, validate_one_keyblock) + (validate_key_list): Add next_expire arg to keep track of + expiration times. + (validate_keys): Ditto for UTKs and write the stamp. + + * tdbio.c (migrate_from_v2): Check return code of tbdio_sync. + + * tdbdump.c (import_ownertrust): Do a tdbio_sync(). + + * keyring.c: Made the offtbl an global object. + +2001-09-27 Werner Koch <[email protected]> + + * pkclist.c (do_edit_ownertrust): Allow settin of ultimate trust. + + * trustdb.c (mark_keyblock_seen): New. + (make_key_array): Use it to mark the subkeys too. + (validate_keys): Store validity for ultimatly trusted keys. + +2001-09-26 Werner Koch <[email protected]> + + * pkclist.c (check_signatures_trust, do_we_trust): Removed the + invocation of add_ownertrust. Minor changes to the wording. + (add_ownertrust, add_ownertrust_cb): Removed. + + * trustdb.c (get_validity): Allow to lookup the validity using a + subkey. + + * trustdb.c (new_key_hash_table): Increased the table size to 1024 + and changed the masks accordingly. + (validate): Changed stats printing. + (mark_usable_uid_certs): New. + (cmp_kid_for_make_key_array): Does now check the signatures and + figures out a usable one. + +2001-09-25 Werner Koch <[email protected]> + + * keyring.c (new_offset_item,release_offset_items) + (new_offset_hash_table, lookup_offset_hash_table) + (update_offset_hash_table, update_offset_hash_table_from_kb): New. + (keyring_search): Use a offset table to optimize search for + unknown keys. + (keyring_update_keyblock, keyring_insert_keyblock): Insert new + offsets. + * getkey.c (MAX_UNK_CACHE_ENTRIES): Removed the unknown keys + caching code. + + * g10.c, options.h, import.c: Removed the entire + allow-secret-key-import stuff because the validity is now + controlled by other means. + + * g10.c: New command --rebuild-keydb-caches. + * keydb.c (keydb_rebuild_caches): New. + * keyring.c (do_copy): Moved some code to + (create_tmp_file, rename_tmp_file, write_keyblock): new functions. + (keyring_rebuild_cache): New. + + * packet.h (PKT_ring_trust): Add sigcache field. + * parse-packet.c (parse_trust): Parse sigcache. + * keyring.c (do_copy): Always insert a sigcache packet. + (keyring_get_keyblock): Copy the sigcache packet to the signature. + * sig-check.c (cache_sig_result): Renamed from + cache_selfsig_result. Changed implementation to use the flag bits + and changed all callers. + (mdc_kludge_check): Removed this unused code. + (do_check): Do not set the sig flags here. + + * import.c (read_block): Make sure that ring_trust packets are + never imported. + * export.c (do_export_stream): and never export them. + + * trustdb.c (make_key_array): Skip revoked and expired keys. + +2001-09-24 Werner Koch <[email protected]> + + * g10.c, options.h: New option --no-auto-check-trustdb. + + * keygen.c (do_generate_keypair): Set newly created keys to + ultimately trusted. + + * tdbio.h, tdbio.c: Removed all support for records DIR, KEY, UID, + PREF, SIG, SDIR and CACH. Changed migration function to work + direct on the file. + (tdbio_read_nextcheck): New. + (tdbio_write_nextcheck): New. + +2001-09-21 Werner Koch <[email protected]> + + Revamped the entire key validation system. + * trustdb.c: Complete rewrite. No more validation on demand, + removed some functions, adjusted to all callers to use the new + and much simpler interface. Does not use the LID anymore. + * tdbio.c, tdbio.h: Add new record types trust and valid. Wrote a + migration function to convert to the new trustdb layout. + * getkey.c (classify_user_id2): Do not allow the use of the "#" + prefix. + * keydb.h: Removed the TDBIDX mode add a skipfnc to the + descriptor. + * keyring.c (keyring_search): Implemented skipfnc. + + * passphrase.c (agent_open): Add missing bracket. Include windows.h. + +2001-09-19 Werner Koch <[email protected]> + + * keylist.c (print_fingerprint): Renamed from fingerprint, made + global available. Added new arg to control the print style. + * mainproc.c (print_fingerprint): Removed. + * pkclist.c (print_fpr, fpr_info): Removed and changed callers to + use print_fingerprint. + * keyedit.c (show_fingerprint): Ditto. + + * passphrase.c (writen, readn) + (agent_open, agent_close) + (agent_get_passphrase) + (passphrase_clear_cache): Support for W32. Contributed by Timo. + + * import.c (import_one): Release keydb handles at 2 more places. + + * keyring.c (keyring_release): Close the iobuf. + (keyring_get_keyblock): Init ret_kb to NULL and store error contidion. + + * import.c (import_new_stats_handle): New. + (import_release_stats_handle): New. + (import_print_stats): Renamed from static fnc print_stats. + (import_keys, import_keys_stream): Add an optional status handle + arg and changed all callers. + * hkp.c (hkp_ask_import): Add an stats_handle arg and changed all + callers. + + * mainproc.c (print_pkenc_list): Use print_utf8_string2(). + +2001-09-18 Werner Koch <[email protected]> + + * g10.c: New command --refresh-keys. + * hkp.c (hkp_refresh_keys): New. Contributed by Timo Schulz. + + * parse-packet.c (parse): Stop on impossible packet lengths. + +2001-09-17 Werner Koch <[email protected]> + + * mainproc.c (print_notation_data): Wrap notation data status lines + after 50 chars. + + * mainproc.c (proc_pubkey_enc): Make option try-all-secrets work. + By [email protected]. + +2001-09-14 Werner Koch <[email protected]> + + * parse-packet.c (dump_sig_subpkt): List key server preferences + and show the revocable flag correctly. Contributed by David Shaw. + +2001-09-09 Werner Koch <[email protected]> + + * keyedit.c (keyedit_menu): No need to define another p. + + * keylist.c (print_capabilities): s/used/use/ so that it + does not shadow a global. + * sign.c (sign_file): Renamed arg encrypt to encryptflag + * keygen.c: Replaced all "usage" by "use". + * misc.c (openpgp_pk_algo_usage): Ditto. + + * pubkey-enc.c (get_it): Renamed arg k to enc so that the later + defined k does not shadow it. + + * parse-packet.c (parse_gpg_control): No need to define another i. + + * getkey.c (get_pubkey_byfprint): Must use the enum values and not + the fprint_len. + * keyring.c (keyring_search): Removed a non-sense break. Both + bugs pointed out by Stefan. + +2001-09-07 Werner Koch <[email protected]> + + * status.c, status.h: Added NO_RECP and ALREADY_SIGNED. + * pkclist.c (build_pk_list): Issue NO_RECP. + * keyedit.c (sign_uids): Added experimental ALREADY_SIGNED + + * hkp.c (hkp_import): Use log_error. Bug reported by Neal H + Walfield. + + * getkey.c (classify_user_id2): Change args to take the desc union + direct. It was a stupid idea to pass the individual fields of an + union to this function. Changed all callers. + (classify_user_id): Ditto and allow to pass NULL as the description. + +2001-09-06 Werner Koch <[email protected]> + + * getkey.c (fixup_uidnode): Features flag is now a bit vector. + * keygen.c (add_feature_mdc): Ditto. + + Revamped the entire key I/O code to be prepared for other ways of + key storages and to get rid of the existing shit. GDBM support has + gone. + * keydb.c: New + * keyring.c, keyring.h: New. + * ringedit.c: Removed. Moved some stuff to keyring.c + * getkey.c: Changed everything related to the key retrieving + functions which are now using the keydb_ functions. + (prepare_search, word_match_chars, word_match) + (prepare_word_match, compare_name): Moved to keyring.c + (get_pubkey_byname): Removed ctx arg and add ret_kdbhd + arg. Changed all callers. + (key_byname): Use get_pubkey_end to release the context and take + new ret_kbdhd arg. Changed all callers. + (classify_user_id2): Fill the 16 byte fingerprint up with 4 null + bytes not with zero bytes of value 4, tsss. + * import.c (import_one): Updated to use the new keydb interface. + (import_secret_one): Ditto. + (import_revoke_cert): Ditto. + * delkey.c (do_delete_key): Ditto. + * keyedit.c (keyedit_menu): Ditto. + (get_keyblock_byname): Removed. + * revoke.c (gen_revoke): Ditto. + * export.c (do_export_stream): Ditto. + * trustdb.c (update_trustdb): Ditto. + * g10.c, gpgv.c (main): Renamed add_keyblock_resource to + keydb_add_resource. + * Makefile.am: Added and removed files. + + * keydb.h: Moved KBNODE typedef and MAX_FINGERPRINT_LEN to + * global.h: this new header. + +2001-09-03 Werner Koch <[email protected]> + + * passphrase.c (agent_get_passphrase): Changed nread to size_t. + (passphrase_clear_cache): Ditto. + + * keyid.c (mk_datestr): Avoid trigraphs. + (fingerprint_from_pk): Cache the keyid in the pk. + + * options.h: Add opt.with_fingerprint so that we know whether the + corresponding options was used. + * g10.c (main): Set it here. + * pkclist.c (check_signatures_trust): Always print fingerprint + when this option is used. Mixed a minor memory leak. + + * status.c, status.h: New status INV_RECP. + * pkclist.c (build_pk_list): Issue this status. + +2001-08-31 Werner Koch <[email protected]> + + * parse-packet.c (parse_key,parse_pubkeyenc) + (parse_signature): Return error on reading bad MPIs. + + * mainproc.c (check_sig_and_print): Always print the user ID even + if it is not bound by a signature. Use the primary UID in the + status messages and encode them in UTF-8 + * status.c (write_status_text_and_buffer): New. + +2001-08-30 Werner Koch <[email protected]> + + * packet.h (sigsubpkttype_t): Add SIGSUBPKT_FEATURES. + (PKT_public_key, PKT_user_id): Add a flag for it. + * parse-packet.c, build-packet.c: Add support for them. + * getkey.c (fixup_uidnode, merge_selfsigs): Set the MDC flags. + * keygen.c (add_feature_mdc): New. + (keygen_upd_std_prefs): Always set the MDC feature. + * keyedit.c (show_prefs): List the MDC flag + * pkclist.c (select_mdc_from_pklist): New. + * encode.c (encode_crypt, encrypt_filter): Test whether MDC + should be used. + * cipher.c (write_header): Set MDC use depending on the above test. + Print more status info. + + * delkey.c (do_delete_key): Kludge to delete a secret key with no + public key available. + + * ringedit.c (find_secret_keyblock_direct): New. + * getkey.c (seckey_available): Simplified. + + * ringedit.c (cmp_seckey): Now compares the secret key against the + public key while ignoring all secret parts. + (keyring_search): Use a public key packet as arg. Allow to search + for subnkeys + (search): Likewise. Changed all callers. + (find_secret_keyblock_bypk): New. + (find_secret_keyblock_byname): First locate the pubkey and then + find the correponding secret key. + * parse-packet.c (parse): Renamed pkttype arg to onlykeypkts and + changed code accordingly. Changed all callers. + (search_packet): Removed pkttype arg. + * keyedit.c (keyedit_menu): First locate the public key and then + try to locate a secret key. + + * ringedit.c (locate_keyblock_by_fpr): Removed. + (locate_keyblock_by_keyid): Removed. + (find_keyblock_bysk): Removed. + + * sig-check.c (check_key_signature2): Print the keyid along with + the wrong sig class errors. + +2001-08-24 Werner Koch <[email protected]> + + * sign.c (sign_file): Stripped the disabled comment packet code. + (sign_file, sign_symencrypt_file): Moved common code to .. + (write_onepass_sig_packets): .. this new function. + (sign_file, clearsign_file, sign_symencrypt_file): Moved common + code to + (write_signature_packets): this new function. + (write_signature_packets, make_keysig_packet) + (update_keysig_packet): Moved common code to + (hash_uid, hash_sigclass_to_magic): these new functions + (sign_file, sign_symencrypt_file): Moved common code to + (write_plaintext_packet): this new function. + +2001-08-21 Stefan Bellon <[email protected]> + + * trustdb.c (query_trust_info): Changed trustlevel to signed int. + * g10.c [__riscos__]: Fixed handling of --use-agent --lock-multiple. + +2001-08-20 Werner Koch <[email protected]> + + * encr-data.c (decrypt_data): Keep track on whether we already + printed information about the used algorithm. + * mainproc.c (proc_encrypted): Removed the non-working IDEA hack + and print a message about the assumed algorithm. + * passphrase.c (passphrase_to_dek): Use the same algorithm as above. + (proc_symkey_enc): Print the algorithm, so that the user knows it + before entering the passphrase. + (proc_pubkey_enc, proc_pubkey_enc): Zero the DEK out. + * encode.c (encode_crypt, encrypt_filter): Ditto. + + * g10.c: Allow for --sign --symmetric. + * sign.c (sign_and_symencrypt): New. + + Applied patches from Stefan Bellon <[email protected]> to support + RISC OS. Nearly all of these patches are identified by the + __riscos__ macro. + * compress.c: Added a couple of casts. + * g10.c [__riscos__]: Some patches and new options foo-file similar + to all foo-fd options. + * gpgv.c, openfile.c, ringedit.c, tdbio.c: Minor fixes. Mainly + replaced hardcoded path separators with EXTSEP_S like macros. + * passprase.c [__riscos__]: Disabled agent stuff + * trustdb.c (check_trust): Changed r_trustlevel to signed int to + avoid mismatch problems in pkclist.c + * pkclist.c (add_ownertrust): Ditto. + * plaintext.c (handle_plaintext) [__riscos__]: Print a note when + file can't be created. + * options.h [__riscos__]: Use an extern unless included from the + main module. + * signal.c (got_fatal_signal) [__riscos__]: Close all files. + +2001-08-14 Werner Koch <[email protected]> + + * keygen.c (ask_algo): New arg r_usage. Allow for RSA keys. + (gen_rsa): Enabled the code. + (do_create): Enabled RSA branch. + (parse_parameter_usage): New. + (proc_parameter_file): Handle usage parameter. + (read_parameter_file): Ditto. + (generate_keypair): Ditto. + (generate_subkeypair): Ditto. + (do_generate_keypair): Ditto. + (do_add_key_flags): New. + (keygen_add_std_prefs): Use the new function. + (keygen_add_key_flags_and_expire): New. + (write_selfsig, write_keybinding): Handle new usage arg. + * build-packet.c (build_sig_subpkt): Make sure that key flags go + into the hashed area. + + * keygen.c (write_uid): Initialize the reference cunter. + + * keyedit.c (keyedit_menu): No more need to update the trustdb for + preferences. Added calls to merge keblock. + + * kbnode.c (dump_kbnode): Print some more flags. + +2001-08-10 Werner Koch <[email protected]> + + Revamped the preference handling. + + * packet.h (prefitem_t, preftype_t): New. + (PKT_public_key): Added a uid field. + (PKT_user_id): Added field to store preferences and a reference + counter. + * parse-packet.c (parse_user_id,parse_photo_id): Initialize them + * free-packet.c (free_user_id): Free them. + (copy_user_id): Removed. + (scopy_user_id): New. + (cmp_user_ids): Optimized for identical pointers. + (release_public_key_parts): Release the uid. + (copy_public_key_with_new_namehash): Removed. + (copy_prefs): New. + * keyedit.c (menu_adduid): Use the new shallow copy user id. + (show_prefs): Adjusted implementation. + (keyedit_menu): No more need to update the trustdb after changing + preferences. + * getkey.c (fixup_uidnode): Store preferences. + (find_by_name): Return a user id packet and remove namehash stuff. + (lookup): Removed the unused namehash stuff. + (finish_lookup): Added foundu arg. + (pk_from_block): Removed the namehash arg and changed all callers. + (merge_selfsigs): Copy prefs to all keys. + * trustdb.c (get_pref_data): Removed. + (is_algo_in_prefs): Removed. + (make_pref_record): Deleted and removed all class. + * pkclist.c (select_algo_from_prefs): Adjusted for the new + preference implementation. + * pubkey-enc.c (is_algo_in_prefs): New. + (get_it): Use that new function. + +2001-08-09 Werner Koch <[email protected]> + + * build-packet.c (build_sig_subpkt): Fixed calculation of + newarea->size. + + * g10.c (main): New option "--preference-list" + * keyedit.c (keyedit_menu): New commands "setpref" and "updpref". + (menu_set_preferences): New. + * keygen.c (keygen_set_std_prefs): New. + (set_one_pref): New. + (check_zip_algo): New. + (keygen_get_std_prefs): New. + (keygen_upd_std_prefs): New + (keygen_add_std_prefs): Move the pref setting code into the above fnc. + * build-packet.c (build_sig_subpkt): Updated the list of allowed + to update subpackets. + +2001-08-08 Werner Koch <[email protected]> + + * packet.h (subpktarea_t): New. + (PKT_signature): Use that type for hashed_data and unhashed_data and + removed the _data prefix from those fields. Changed all users. + * parse-packet.c (parse_signature): Changed allocation for that. + (parse_sig_subpkt): Changed declaration + (enum_sig_subpkt): Ditto and changed implementation accordingly. + * free-packet.c (cp_subpktarea): Renamed from cp_data_block and + adjusted implementation. Changed caller. + * sig-check.c (mdc_kludge_check): Adjusted the hashing. + (do_check): Ditto. + * sign.c (sign_file, clearsign_file, make_keysig_packet, + update_keysig_packet): Ditto. + * build-packet.c (build_sig_subpkt): Partial rewrite. + (find_subpkt): Adjusted and made static. + (delete_sig_subpkt): Adjusted. + (do_signature): Ditto. + + * keygen.c (ask_keysize): Do not print the notes about suggested + key sizes if just a DSA key is generated. + + * trustdb.c (add_ultimate_key): s/log_error/log_info/ for + duplicated inserted trusted keys. + +2001-08-07 Werner Koch <[email protected]> + + * sign.c (sleep): Redefine for W32. + + * g10.c, options.h: Set new flag opt.no_homedir_creation when + --no-options is given. + * openfile.c (try_make_homedir): Don't create the homedir in that case. + +2001-08-03 Werner Koch <[email protected]> + + * armor.c (armor_filter): Removed the default comment string + because it could get us in trouble due to translations using non + ascii characters. + +2001-08-01 Werner Koch <[email protected]> + + * keylist.c (list_keyblock_print): Do not list revoked UIDs unless + in verbose mode and we do no signature listing. + + * getkey.c (finish_lookup): Skip subkeys which are not yet valid. + * g10.c, options.h: New option --ignore-valid-from. + + * sign.c (make_keysig_packet): Added new sigversion argument to + allow the caller to force generation of required signature + version. Changed all callers. Suggested by Thomas Roessler. + + * keyedit.c (sign_uids): Force v4 signature generation for local + sigs. Removed the check for local signature and pre-v4 keys. + +2001-07-27 Werner Koch <[email protected]> + + * keyedit.c (sign_uids): Check that we are not trying to to a + lsign with a pre-v4 key. Bug noticed by Thomas Roessler. + +2001-07-26 Werner Koch <[email protected]> + + * parse-packet.c (parse_photo_id): Reset all variables. + * getkey.c (merge_selfsigs_main): Removed checks on PHOTO_ID + because this is handled identically to a user ID. + +2001-07-06 Werner Koch <[email protected]> + + * cipher.c (write_header): Don't use MDC with --rfc1991. Suggested + by [email protected]. + +2001-07-05 Werner Koch <[email protected]> + + * g10.c, options.h: New option --preserve-permissions. + * ringedit.c (add_keyblock_resource): Use it here + (keyring_copy): and here. + + * trustdb.c (verify_own_keys): Be more silent on --quiet. + Suggested by Thomas Roessler. + * sig-check.c (check_key_signature2): Ditto. + * mainproc.c (proc_encrypted, proc_tree): Ditto + * getkey.c (lookup): Ditto. + +2001-07-04 Werner Koch <[email protected]> + + * ringedit.c (add_keyblock_resource): Restore filename in case of error. + +2001-06-25 Werner Koch <[email protected]> + + * kbnode.c (dump_kbnode): Print the signature timestamp. + + * keyedit.c (keyedit_menu): New menu point "primary". + (change_primary_uid_cb): New. + (menu_set_primary_uid): New. + * sign.c (update_keysig_packet): New. + * build-packet.c (build_sig_subpkt): Put the primary UID flag into + the hashed area. Allow update of some more packets. + +2001-06-15 Werner Koch <[email protected]> + + * getkey.c (merge_selfsigs): Exit gracefully when a secret key is + encountered. May happen if a secret key is in public keyring. + Reported by Francesco Potorti. + +2001-06-12 Werner Koch <[email protected]> + + * getkey.c (compare_name): Use ascii_memistr(), ascii_memcasecmp() + * keyedit.c (keyedit_menu): Use ascii_strcasecmp(). + * armor.c (radix64_read): Use ascii_toupper(). + * ringedit.c (do_bm_search): Ditto. + * keygen.c (read_parameter_file): Ditto. + * openfile.c (CMP_FILENAME): Ditto. + * g10.c (i18n_init): We can now use just LC_ALL. + +2001-05-29 Werner Koch <[email protected]> + + * keygen.c (generate_subkeypair): Print a warning if a subkey is + created on a v3 key. Suggested by Brian M. Carlson. + +2001-05-27 Werner Koch <[email protected]> + + * keyid.c (get_lsign_letter): New. + * keylist.c (list_keyblock_colon): Use it here. + * mainproc.c (list_node): and here. + + * getkey.c, packet.h, free-packet.c: Removed that useless key + created field; I dunno why I introducded this at all - the + creation time is always bound to the key packet and subject to + fingerprint calculation etc. + + * getkey.c (fixup_uidnode): Add keycreated arg and use this + instead of the signature timestamp to calculate the + help_key_expire. Bug reported by David R. Bergstein. + (merge_selfsigs_main): Correct key expiration time calculation. + (merge_selfsigs_subkey): Ditto. + +2001-05-25 Werner Koch <[email protected]> + + * revoke.c (gen_revoke): Add a cast to a tty_printf arg. + * delkey.c (do_delete_key): Ditto. + * keyedit.c (print_and_check_one_sig): Ditto. + (ask_revoke_sig): Ditto. + (menu_revsig): Ditto. + (check_all_keysigs): Removed unused arg. + +2001-05-23 Werner Koch <[email protected]> + + * g10.c (opts): Typo fix by Robert C. Ames. + +2001-05-06 Werner Koch <[email protected]> + + * revoke.c: Small typo fix + +2001-05-04 Werner Koch <[email protected]> + + * passphrase.c (passphrase_clear_cache): Shortcut if agent usage + is not enabled. + +2001-05-01 Werner Koch <[email protected]> + + * passphrase.c (writen): Replaced ssize_t by int. Thanks to + to Robert Joop for reporting that SunOS 4.1.4 does not have it. + +2001-04-28 Werner Koch <[email protected]> + + * getkey.c (merge_public_with_secret): pkttype was not set to subkey. + +2001-04-27 Werner Koch <[email protected]> + + * skclist.c (build_sk_list): Changed one log_debug to log_info. + +2001-04-25 Werner Koch <[email protected]> + + * keyedit.c (show_prefs): Add a verbose mode. + (show_key_with_all_names): Pass verbose flag for special value of + with_pref. + (keyedit_menu): New command "showpref" + (show_key_with_all_names): Mark revoked uids and the primary key. + +2001-04-24 Werner Koch <[email protected]> + + * getkey.c (get_primary_uid): Return a different string in case of + error and made it translatable. + + * build-packet.c (do_secret_key): Ugly, we wrote a zero + instead of the computed ndays. Thanks to M Taylor for complaining + about a secret key import problem. + +2001-04-23 Werner Koch <[email protected]> + + * hkp.c (hkp_ask_import): Allow to specify a port number for the + keyserver. Add a kudge to set the no_shutdown flag. + (hkp_export): Ditto. + * options.skel: Document the changes + +2001-04-20 Werner Koch <[email protected]> + + * options.skel: Add some more comments. + +2001-04-19 Werner Koch <[email protected]> + + * keyid.c (mk_datestr): New. Handles negative times. We must do + this because Windoze segvs on negative times passed to gmtime(). + Changed all datestr_from function to use this one. + + * keyid.c, keyid.h (colon_strtime): New. To implement the + fixed-list-mode. + (colon_datestr_from_pk): New. + (colon_datestr_from_sk): New. + (colon_datestr_from_sig): New. + * keylist.c (list_keyblock_colon): Use these functions here. + * mainproc.c (list_node): Ditto. + +2001-04-18 Werner Koch <[email protected]> + + * openfile.c (open_sigfile): Fixed the handling of ".sign". + * mainproc.c (proc_tree): Use iobuf_get_real_fname. + Both are by Vincent Broman. + +2001-04-14 Werner Koch <[email protected]> + + * getkey.c (fixup_uidnode): Removed check for !sig which is + pointless here. Thanks to Jan Niehusmann. + +2001-04-10 Werner Koch <[email protected]> + + * sig-check.c (check_key_signature2): Use log_info instead of + log_error so that messed up keys do not let gpg return an error. + Suggested by Christian Kurz. + + * getkey.c (merge_selfsigs_main): Do a fixup_uidnode only if we + have both, uid and sig. Thanks to M Taylor. + +2001-04-05 Werner Koch <[email protected]> + + * armor.c (unarmor_pump_new,unarmor_pump_release): New. + (unarmor_pump): New. + * pipemode.c (pipemode_filter): Use the unarmor_pump to handle + armored or non-armored detached signatures. We can't use the + regular armor_filter becuase this does only chack for armored + signatures the very first time. In pipemode we may have a mix of + armored and binary detached signatures. + * mainproc.c (proc_tree): Do not print the "old style" notice when + this is a pipemode processes detached signature. + (proc_plaintext): Special handling of pipemode detached sigs. + + * packet.h (CTRLPKT_PLAINTEXT_MARK): New. + * parse-packet.c (create_gpg_control): New. + * kbnode.c (dump_kbnode): Support it here. + * mainproc.c (check_sig_and_print): Fixed the check for bad + sequences of multiple signatures. + (proc_plaintext): Add the marker packet. + (proc_tree): We can now check multiple detached signatures. + +2001-04-02 Werner Koch <[email protected]> + + The length of encrypted packets for blocksizes != 8 was not + correct encoded. I think this is a minor problem, because we + usually use partial length packets. Kudos to Kahil D. Jallad for + pointing this out. + * packet.h: Add extralen to PKT_encrypted. + * cipher.c (write_header): Set extralen. + * build-packet.c (do_encrypted): Use extralen instead of const 10. + (do_encrypted_mdc): Ditto. + * parse-packet.c (parse_encrypted): Set extralen to 0 because we + don't know it here. + +2001-03-30 Werner Koch <[email protected]> + + * getkey.c (premerge_public_with_secret): Changed wording an add + the keyID to the info message. + +2001-03-29 Werner Koch <[email protected]> + + * getkey.c (premerge_public_with_secret): Use log_info instead of + log_error when no secret key was found for a public one. + Fix the usage if the secret parts of a key are not available. + + * openfile.c (ask_outfile_name): Trim spaces. + (open_outfile): Allow to enter an alternate filename. Thanks to + Stefan Bellon. + * plaintext.c (handle_plaintext): Ditto. + +2001-03-28 Werner Koch <[email protected]> + + * mainproc.c (do_check_sig): Allow direct key and subkey + revocation signature. + * sig-check.c (check_key_signature2): Check direct key signatures. + Print the signature class along with an error. + +2001-03-27 Werner Koch <[email protected]> + + * packet.h: Add a missing typedef to an enum. Thanks to Stefan Bellon. + + * g10.c: New option --no-sig-create-check. + * sign.c (do_sign): Implement it here. + * g10.c: New option --no-sig-cache. + * sig-check.c (check_key_signature2): Implement it here. + (cache_selfsig_result): and here. + + * keylist.c (list_keyblock): Removed debugging stuff. + + * getkey.c (cache_public_key): Made global. + * keygen.c (write_selfsig, write_keybinding): Cache the new key. + + * getkey.c (key_byname): Add new arg secmode and changed all + callers to request explicitly the mode. Deriving this information + from the other supplied parameters does not work if neither pk nor + sk are supplied. + +2001-03-25 Werner Koch <[email protected]> + + * packet.h (ctrlpkttype_t): New. + * mainproc.c (add_gpg_control,proc_plaintext,proc_tree): Use the + new enum values. + * pipemode.c (make_control): Ditto. + * armor.c (armor_filter): Ditto. + +2001-03-24 Werner Koch <[email protected]> + + * sign.c (do_sign): Verify the signature right after creation. + +2001-03-23 Werner Koch <[email protected]> + + * status.c, status.h (STATUS_UNEXPECTED): New. + * mainproc.c (do_proc_packets): And emit it here. + +2001-03-21 Werner Koch <[email protected]> + + * status.c: Add sys/types.h so that it runs on Ultrix. Reported + by Georg Schwarz.x + + * build-packet.c (build_sig_subpkt): Fixed generaton of packet + length header in case where 2 bytes headers are needed. Thanks to + Piotr Krukowiecki. + +2001-03-19 Werner Koch <[email protected]> + + * g10.c (main): the default keyring is no always used unless + --no-default-keyring is given. + + * ringedit.c (add_keyblock_resource): invalidate cache after file + creation. + +2001-03-15 Werner Koch <[email protected]> + + * keygen.c (ask_algo): Changed the warning of the ElGamal S+E Algo. + + * keylist.c (print_capabilities): New. + (list_keyblock_colon): and use it here. + +2001-03-13 Werner Koch <[email protected]> + + * main.c, options.h: New option --fixed_list_mode. + * keylist.c (list_keyblock_colon): use it here. + + * getkey.c (merge_keys_and_selfsig): Divert merging of public keys + to the function used in key selection.. + * keylist.c (is_uid_valid): Removed. + (list_keyblock): Splitted into .. + (list_keyblock_print, list_keyblock_colon): .. these. + functions. Changed them to use the flags set in the key lookup code. + (reorder_keyblock): New, so that primary user IDs are listed first. + + * ringedit.c (keyring_copy): flush the new iobuf chaces before + rename or remove operations. This is mainly needed for W32. + + * hkp.c [HAVE_DOSISH_SYSTEM]: Removed the disabled code because we + have now W32 socket support in ../util/http.c + + * skclist.c (key_present_in_sk_list): New. + (is_duplicated_entry): New. + (build_sk_list): Check for duplicates and do that before unlocking. + +2001-03-12 Werner Koch <[email protected]> + + * armor.c (parse_header_line): Removed double empty line check. + (parse_header_line): Replaced trim_trailing_ws with a counting + function so that we can adjust for the next read. + + * options.skel: Fixed 3 typos. By Thomas Klausner. Replaced the + keyserver example by a better working server. + + * parse-packet.c (parse_symkeyenc): Return Invalid_Packet on error. + (parse_pubkeyenc): Ditto. + (parse_onepass_sig): Ditto. + (parse_plaintext): Ditto. + (parse_encrypted): Ditto. + (parse_signature): Return error at other places too. + (parse_key): Ditto. + * g10.c (main): Set opt.list_packets to another value when invoked + with the --list-packets command. + * mainproc.c (do_proc_packets): Don's stop processing when running + under --list-packets command. + + * signal.c (do_sigaction): Removed. + (init_one_signal): New to replace the above. Needed to support + systems without sigactions. Suggested by Dave Dykstra. + (got_fatal_signal,init_signals): Use the above here. + (do_block): Use sigset() if sigprocmask() is not available. + + * armor.c (parse_hash_header): Test on TIGER192, which is the + correct value as per rfc2440. By Edwin Woudt. + +2001-03-08 Werner Koch <[email protected]> + + * misc.c: Include time.h. By James Troup. + + * getkey.c: Re-enabled the unknown user Id and PK caches and + increased their sizes. + + * getkey.c (merge_selfsigs_main): Set expire date and continue + processing even if we found a revoked key. + (merge_selfsigs_subkeys): Ditto. + + * packet.h: Add an is_revoked flag to the user_id packet. + * getkey.c (fixup_uidnode): Set that flag here. + (merge_selfsigs_main): Fix so that the latest signature is used to + find the self-signature for an UID. + * parse-packet.c (parse_user_id): Zero out all fields. + * mainproc.c (check_sig_and_print): Print the primary user ID + according the the node flag and then all other non-revoked user IDs. + (is_uid_revoked): Removed; it is now handled by the key selection code. + + Changed the year list of all copyright notices. + +2001-03-07 Werner Koch <[email protected]> + + * getkey.c (finish_lookup): Print an info message only in verbose mode. + +2001-03-05 Werner Koch <[email protected]> + + * packet.h: Replaced sigsubpkt_t value 101 by PRIV_VERIFY_CACHE. + We have never used the old value, so we can do this without any harm. + * parse-packet.c (dump_sig_subpkt): Ditto. + (parse_one_sig_subpkt): Parse that new sub packet. + * build-packet.c (build_sig_subpkt): Removed the old one from the + hashed area. + (delete_sig_subpkt): New. + (build_sig_subpkt): Allow an update of that new subpkt. + * sig-check.c (check_key_signature2): Add verification caching + (cache_selfsig_result): New. + * export.c (do_export_stream): Delete that sig subpkt before exporting. + * import.c (remove_bad_stuff): New. + (import): Apply that function to all imported data + +2001-03-03 Werner Koch <[email protected]> + + * getkey.c: Introduced a new lookup context flag "exact" and used + it in all place where we once used primary. + (classify_user_id2): Replaced the old function and add an extra + argument to return whether an exact keyID has been requested. + (key_byname): Removed the unused ctx.primary flag + (get_seckey_byname2): Ditto. + (finish_lookup): Changed debugging output. + +2001-03-02 Werner Koch <[email protected]> + + * keylist.c (list_one): Remove the merge key calls. + +2001-03-01 Werner Koch <[email protected]> + + * getkey.c (finish_lookup): Don't use it if we no specific usage + has been requested. + (merge_selfsigs_main): fix UID only if we have an signature. + (lookup): Return UNU_PUBKEY etc. instead of NO_PUBKEY if we found + a key but the requested usage does not allow this key. + * import.c (import_one): Take UNU_PUBKEY into account. + * mainproc.c (list_node): Ditto. + * keylist.c (list_keyblock): Ditto. + * keyedit.c (print_and_check_one_sig): Ditto. + +2001-02-09 Werner Koch <[email protected]> + + * delkey.c (delete_key): Removed that silly assert which rendered + the whole new stuff meaningless. + +2001-02-08 Werner Koch <[email protected]> + + * getkey.c (key_byname): It can happen that we have both, sk and pk + NULL, fix for that. + + * parse-packet.c (parse_one_sig_subpkt): Add support for + primary_uid and key_flags. + (can_handle_critical): Ditto + + * parse-packet.c (parse_encrypted): Fixed listing of pktlen for + MDC packets. + + * getkey.c: Backported the version of this file from gpg 1.1. this + involved some changes in other files too. + * parse-packet.c (parse_key): Clear req_usage. + * skclist.c (build_sk_list): Use req_usage to pass the usage + information to the lookup function. + * pkclist.c (build_pk_list): Ditto. + * free-packet.c (copy_public_parts_to_secret_key): New. + * keydb.h: Add IS_* macros to check the sig_class. + * misc.c (openpgp_cipher_test_algo): New. + (openpgp_pk_test_algo): New. + (openpgp_pk_algo_usage): New. + (openpgp_md_test_algo): New. + * packet.h: Add a few fields to PKT_{public,secret}_key and + PKT_user_id. + * seckey-cert.c (do_check): Use the new main_keyid field. + +2001-02-04 Werner Koch <[email protected]> + + * encr-data.c (decrypt_data): Catch error when we had problems to + parse the encrypted packet. By Timo. + +2001-01-29 Werner Koch <[email protected]> + + * g10.c (main): --batch does now set nogreeting. + + * delkey.c (do_delete_key): Fixed delete-both functionality. + +2001-01-22 Werner Koch <[email protected]> + + * g10.c: New command --delete-secret-and-public-key. + * delkey.c (delete_key): Add new arg allow_both. + (do_delete_key): Move most stuff from above to this new function. + +2001-01-12 Werner Koch <[email protected]> + + * passphrase.c (passphrase_to_dek): Use MD5 when IDEA is installed + and we have no S2K. + * mainproc.c (proc_encrypted): Likewise + +2001-01-11 Werner Koch <[email protected]> + + * sig-check.c (do_check): Print the signature key expire message + only in verbose mode and added the keyID. + +2001-01-09 Werner Koch <[email protected]> + + * status.c, status.h: New status USERID_HINT. + (write_status_text): Replace LF and CR int text by C-escape sequence. + + * passphrase.c (passphrase_to_dek): Fixed the NEED_PASSPHRASE + output. It does now always print 2 keyIDs. Emit the new + USERID_HINT. + +2001-01-08 Werner Koch <[email protected]> + + * g10.c, options.h: New option --no-expensive-trust-checks. + * keylist.c (list_keyblock): Act on this option. + +2001-01-04 Werner Koch <[email protected]> + + * g10.c (main): Set homedir only in the pre-parsing phase and + replace backslashes in the W32 version. + +2001-01-03 Werner Koch <[email protected]> + + * status.c, status.h : New status KEY_CREATED + * keygen.c (do_generate_keypair,generate_subkeypair): Emit it. + +2000-12-28 Werner Koch <[email protected]> + + * signal.c (got_fatal_signal): Remove lockfiles here because the + atexit stuff does not work due to the use of raise. Suggested by + Peter Fales. + * gpgv.c (remove_lockfiles): New stub. + +2000-12-19 Werner Koch <[email protected]> + + * status.c, status.h (cpr_get_no_help): New. + * keyedit.c (keyedit_menu): Use it here because we have our own + help list here. + +2000-12-18 Werner Koch <[email protected]> + + * mainproc.c (print_failed_pkenc): Don't print the sometimes + confusing message about unavailabe secret key. Renamed ... + (print_pkenc_list): ... to this and introduced failed arg. + (proc_encrypted): Print the failed encryption keys and then + the one to be used. + (proc_pubkey_enc): Store also the key we are going to use. + + * mainproc.c (check_sig_and_print): Don't list revoked user IDs. + (is_uid_revoked): New. + +2000-12-08 Werner Koch <[email protected]> + + * pipemode.c: Made the command work. Currently only for + non-armored detached signatures. + * mainproc.c (release_list): Reset the new pipemode vars. + (add_gpg_control): Handle the control packets for pipemode + * status.c, status.h: New stati {BEGIN,END}_STREAM. + +2000-12-07 Werner Koch <[email protected]> + + * g10.c: New option --allow-secret-key-import. + * import.c (import_keys,import_keys_stream): Honor this option. + (import): New arg allow_secret and pass that arg down to ... + (import_secret_one): to this and print a warning if secret key + importing is not allowed. + +2000-12-05 Werner Koch <[email protected]> + + * cipher.c (cipher_filter): Moved the end_encryption status ... + * encode.c (encode_simple,encode_crypt): to here + * sign.c (sign_file): and here. + + * status.c (mywrite): Removed. + (get_status_string): Removed the LFs from the strings. + (set_status_fd,is_status_enabed,write_status_text, + write_status_buffer): Replaced all mywrite by stdio calls and use + fdopen to create a strem. This is needed to make things smoother + in the W32 version. + +2000-12-04 Werner Koch <[email protected]> + + * import.c (merge_blocks): Increment n_sigs for revocations. + +2000-11-30 Werner Koch <[email protected]> + + * g10.c (main): Use iobuf_translate_file_handle for all options + with filehandles as arguments. This is function does some magic + for the W32 API. + + * verify.c (verify_signatures): Add a comment rant about the + detached signature problem. + * mainproc.c (proc_tree): Issue an error if a detached signature + is assumed but a standard one was found. + * plaintext.c (hash_datafiles): Don't fall back to read signature + from stdin. + * openfile.c (open_sigfile): Print verbose message only if the + file could be accessed. + +2000-11-24 Werner Koch <[email protected]> + + * passphrase.c [HAVE_DOSISH_SYSTEM]: Disabled all the agent stuff. + +2000-11-16 Werner Koch <[email protected]> + + * g10.c: New option --use-agent + * passphrase.c (agent_open,agent_close): New. + (agent_get_passphrase,agent_clear_passphrase): New. + (passphrase_clear_cache): New. + (passphrase_to_dek): Use the agent here. + * seckey-cert.c (do_check): Clear cached passphrases. + +2000-11-15 Werner Koch <[email protected]> + + * status.c (write_status_text): Moved the big switch to ... + (get_status_string): ... new function. + (write_status_buffer): New. + + * status.c (mywrite): New and replaced all write() by this. + + * status.c, status.h: Add 3 status lcodes for notaions and policy. + * mainproc.c (print_notation_data): Do status output of notations. + +2000-11-13 Werner Koch <[email protected]> + + * sign.c (clearsign_file): Use LF macro to print linefeed. + +2000-11-11 Paul Eggert <[email protected]> + + Clean up the places in the code that incorrectly use "long" or + "unsigned long" for file offsets. The correct type to use is + "off_t". The difference is important on large-file hosts, + where "off_t" is longer than "long". + + * keydb.h (struct keyblock_pos_struct.offset): + Use off_t, not ulong, for file offsets. + * packet.h (dbg_search_packet, dbg_copy_some_packets, + search_packet, copy_some_packets): Likewise. + * parse-packet.c (parse, dbg_search_packet, search_packet, + dbg_copy_some_packets, copy_some_packets): Likewise. + * ringedit.c (keyring_search): Likewise. + + * parse-packet.c (parse): Do not use %lu to report file + offsets in error diagnostics; it's not portable. + * ringedit.c (keyring_search): Likewise. + +2000-11-09 Werner Koch <[email protected]> + + * g10.c (main): New option --enable-special-filenames. + +2000-11-07 Werner Koch <[email protected]> + + * g10.c (main): New command --pipemode. + * pipemode.c: New. + +2000-10-23 Werner Koch <[email protected]> + + * armor.c (armor_filter): Changed output of hdrlines, so that a CR + is emitted for DOS systems. + + * keygen.c (read_parameter_file): Add a cast for isspace(). + + * status.c (myread): Use SIGINT instead of SIGHUP for DOS. + +2000-10-19 Werner Koch <[email protected]> + + * g10.c: New option --ignore-crc-error + * armor.c (invalid_crc): New. + (radix64_read): Act on new option. + + * openfile.c (try_make_homedir): Klaus Singvogel fixed a stupid + error introduced on Sep 6th. + +2000-10-18 Werner Koch <[email protected]> + + * misc.c (print_cipher_algo_note): Don't print the note for AES. + Changed wording. + +2000-10-16 Werner Koch <[email protected]> + + * mainproc.c (do_proc_packets): Hack to fix the problem that + signatures are not detected when there is a MDC packet but no + compression packet. + + * g10.c (print_hashline): New. + (print_mds): Use above func with --with-colons. + + * mainproc.c (check_sig_and_print): Detect multiple signatures + and don't verify them. + +2000-10-14 Werner Koch <[email protected]> + + * mainproc.c (add_onepass_sig): There is an easier solution to the + error fixed yesterday; just check that we only have onepass + packets. However, the other solution provides an cleaner + interface and opens the path to get access to other information + from the armore headers. + (release_list): Reset some more variables. + +2000-10-13 Werner Koch <[email protected]> + + * mainproc.c (add_gpg_control): New. + (do_proc_packets): use it. + (proc_plaintext): Changed logic to detect clearsigns. + (proc_tree): Check the cleartext sig with some new code. + + * packet.h: New packet PKT_GPG_CONTROL. + * parse-packet.c (parse_gpg_control): New. + * misc.c (get_session_marker): New. + * armor.c (armor_filter): Replaced the faked 1-pass packet by the + new control packet. + + * keyedit.c (keyedit_menu): Allow batchmode with a command_fd. + * status.c (my_read): New. + (do_get_from_fd): use it. + +2000-10-12 Werner Koch <[email protected]> + + * keygen.c (keygen_add_std_prefs): Add Rijndael to the prefs. + +2000-10-07 Werner Koch <[email protected]> + + * gpgv.c: Add more stubs for ununsed code to make the binary smaller. + +Wed Oct 4 15:50:18 CEST 2000 Werner Koch <[email protected]> + + * sign.c (hash_for): New arg to take packet version in account, changed + call callers. + + * gpgv.c: New. + * Makefile.am: Rearranged source files so that gpgv can be build with + at least files as possible. + +Mon Sep 18 12:13:52 CEST 2000 Werner Koch <[email protected]> + + * hkp.c (not_implemented): Print a notice for W32 + +Fri Sep 15 18:40:36 CEST 2000 Werner Koch <[email protected]> + + * keygen.c (keygen_add_std_prefs): Changed order of preferences to + twofish, cast5, blowfish. + + * pkclist.c (algo_available): Removed hack to disable Twofish. + +Thu Sep 14 17:45:11 CEST 2000 Werner Koch <[email protected]> + + * parse-packet.c (dump_sig_subpkt): Dump key flags. Print special + warning in case of faked ARRs. + + * getkey.c (finsih_lookup): Hack so that for v4 RSA keys the subkey + is used for encryption. + +Thu Sep 14 14:20:38 CEST 2000 Werner Koch <[email protected]> + + * g10.c (main): Default S2K algorithms are now SHA1 and CAST5 - this + should solve a lot of compatibility problems with other OpenPGP + apps because those algorithms are SHOULD and not optional. The old + way to force it was by using the --openpgp option whith the drawback + that this would disable a couple of workarounds for PGP. + + * g10.c (main): Don't set --quite along with --no-tty. By Frank Tobin. + + * misc.c (disable_core_dump): Don't display a warning here but a return + a status value and ... + * g10.c (main): ...print warnining here. Suggested by Sam Roberts. + +Wed Sep 13 18:12:34 CEST 2000 Werner Koch <[email protected]> + + * keyedit.c (keyedit_menu): Allow to use "debug" on the secret key. + + * ringedit.c (cmp_seckey): Fix for v4 RSA keys. + * seckey-cert.c (do_check): Workaround for PGP 7 bug. + +Wed Sep 6 17:55:47 CEST 2000 Werner Koch <[email protected]> + + * misc.c (print_pubkey_algo_note): Do not print the RSA notice. + * sig-check.c (do_signature_check): Do not emit the RSA status message. + * pubkey-enc.c (get_session_key): Ditto. + + * encode.c (encode_simple, encode_crypt): Fix for large files. + * sign.c (sign_file): Ditto. + +Wed Sep 6 14:59:09 CEST 2000 Werner Koch <[email protected]> + + * passphrase.c (hash_passphrase): Removed funny assert. Reported by + David Mathog. + + * openfile.c (try_make_homedir): Changes for non-Posix systems. + * g10.c (main): Take the default homedir from macro. + + * g10.c: The --trusted-key option is back. + * trustdb.c (verify_own_key): Handle this option. + (add_ultimate_key): Moved stuff from verify_own_key to this new func. + (register_trusted_key): New. + +Fri Aug 25 16:05:38 CEST 2000 Werner Koch <[email protected]> + + * parse-packet.c (dump_sig_subpkt): Print info about the ARR. + + * openfile.c (overwrite_filep): Always return okay if the file is + called /dev/null. + (make_outfile_name): Add ".sign" to the list of know extensions. + (open_sigfile): Ditto. + +Wed Aug 23 19:52:51 CEST 2000 Werner Koch <[email protected]> + + * g10.c: New option --allow-freeform-uid. By Jeroen C. van Gelderen. + * keygen.c (ask_user_id): Implemented here. + +Fri Aug 4 14:23:05 CEST 2000 Werner Koch <[email protected]> + + * status.c (do_get_from_fd): Ooops, we used fd instead of opt.command_fd. + Thanks to Michael Tokarev. + +Tue Aug 1 20:06:23 CEST 2000 Werner Koch <[email protected]> + + * g10.c: New opttion --try-all-secrets on suggestion from Matthias Urlichs. + * pubkey-enc.c (get_session_key): Quite easy to implement here. + +Thu Jul 27 17:33:04 CEST 2000 Werner Koch <[email protected]> + + * g10.c: New option --merge-only. Suggested by Brendan O'Dea. + * import.c (import_one): Implemented it here + (import_secret_one): Ditto. + (print_stats): and give some stats. + +Thu Jul 27 12:01:00 CEST 2000 Werner Koch <[email protected]> + + * g10.c: New options --show-session-key and --override-session-key + * pubkey-enc.c (hextobyte): New. + (get_override_session_key): New. + * mainproc.c (proc_pubkey_enc): Add session-key stuff. + * status.h, status.c (STATUS_SESSION_KEY): New. + +Thu Jul 27 10:02:38 CEST 2000 Werner Koch <[email protected]> + + * g10.c (main): Use setmode(O_BINARY) for MSDOS while generating random bytes + (print_mds): Likewise for stdin. + * plaintext.c (handle_plaintext): Likewise for stdout. + +Mon Jul 24 10:30:17 CEST 2000 Werner Koch <[email protected]> + + * keyedit.c (menu_expire): expire date for primary key can be set again. + +Wed Jul 19 11:26:43 CEST 2000 Werner Koch <[email protected]> + + * keylist.c (is_uid_valid): New. + (list_keyblock): Print validity information for all user IDs. Note, this + has to be done at other places too; for now we have only minimal support. + +Wed Jul 12 13:32:06 CEST 2000 Werner Koch <[email protected]> + + * helptext.c, pkclist.c: s/superseeded/superseded/ + +Mon Jul 10 16:08:57 CEST 2000 Werner Koch <[email protected]> + + * parse-packet.c (enum_sig_subpkt): Fixed testing on crtitical bit in case + of a NULL buffer. Reported by Peter Marschall. + +Wed Jul 5 13:28:45 CEST 2000 Werner Koch <[email protected]> + + * keyedit.c, keyid.c: Add some _() + + * argparse.c: Changed the flag to suppress --version handling to also + suppress --help. + +Wed Jun 28 11:54:44 CEST 2000 Werner Koch <[email protected]> + + * armor.c (armor_filter): Set sigclass to 0 in case of non-dash-escaped + clearsig. This makes this mode work again. + + * mainproc.c (proc_tree): Fixed handling of one-pass-sig packets in textmode. + Disabled the ugly workaround for PGP 5 - let's see whether thi breaks less + cases. Found by Ted Cabeen. + + * options.h (DBG_HASHING): New. All commented md_start_debug are now + controlled by this debug option. + + * sign.c (print_status_sig_created): New and called from 2 places. + + * keygen.c (gen_rsa): New, but commented. + (ask_algo): Commented support for RSA. + + * seckey-cert.c (protect_secret_key): Started to fix the code for v4 RSA + keys - it is not solved yet. However, we have time until, Sep 20th ;) + +Wed Jun 14 12:27:09 CEST 2000 Werner Koch <[email protected]> + + * status.c (init_shm_coprocessing): Changed the sequence of the get,attach + to cope with the changes in newer Linux kernels. This bug has been found + by <[email protected]> who also proposed this solution. Hopefully + this does not break gpg on to many systems. + + * cipher.c (write_header): Protect the IV with the MDC too. + * encr-data.c (decrypt_data): Likewise. + +Fri Jun 9 10:09:52 CEST 2000 Werner Koch <[email protected]> + + * g10.c: New options --no-auto-key-retrieve + * options.h (auto_key_retrieve): New. + * mainproc.c (check_sig_and_print): Implemented that. + +Wed Jun 7 19:19:09 CEST 2000 Werner Koch <[email protected]> + + * sig-check.c (do_check): Use EMULATE_MDENCODE also on v4 packets. + +Wed Jun 7 17:25:38 CEST 2000 Werner Koch <[email protected]> + + * cipher.c (write_header): Use plain CFB mode for MDC encrypted packets. + * encr-data.c (decrypt_data): Ditto. + +Mon Jun 5 23:41:54 CEST 2000 Werner Koch <[email protected]> + + * seskey.c (do_encode_md, encode_md_value): Add new arg v3compathack to work + around a bug in old versions. + * sig-check.c (do_check): use the aboved workaround when enabled. + * g10.c: New option --emulate-md-decode-bug + +Mon Jun 5 12:37:43 CEST 2000 Werner Koch <[email protected]> + + * build-packet.c (do_mdc): New. + (do_encrypted_mdc): Changed for the new proposal. + * parse-packet.c (parse_mdc): New. + (parse_encrypted): Fixed for the new proposal. + * packet.h (PKT_MDC): New. + * cipher.c (cipher_filter): Build the MDC packet here. + * g10.c (main): Enable --force-mdc. + * encr-data.c (mdc_decode_filter): Fixed for new MDC method + + * options.h(rfc2440): New. + * g10.c (main): Changed the selected values for --openpgp to not include + optional algorithms. + +Thu May 18 11:38:54 CEST 2000 Werner Koch <[email protected]> + + * keyedit.c (keyedit_menu): Add a keyword arg to the prompt. + + * status.c, status.h: Added 3 new status tokens. + * status.c (do_get_from_fd): New. + (cpr_enabled,cpr_get,cpr_get_hidden,cpr_kill_prompt, + cpr_get_answer_is_yes,cpr_get_answer_yes_no_quit): Modified to work + with the new function. + * g10.c: Add new option --command-fd. + + * status.c (progress_cb): New. + (set_status_fd): Register progress functions + +Fri May 12 14:01:20 CEST 2000 Werner Koch <[email protected]> + + * delkey.c (delete_key): Add 2 new status messages + * status.c, status.h (STATUS_DELETE_PROBLEM): New. + + Fixed years of copyright in all source files. + +Mon May 1 17:08:14 CEST 2000 Werner Koch <[email protected]> + + * trustdb.c (propagate_validity): Fixed the bug that only one uid + gets fully trusted even when all are signed by an ultimate key. + +Mon May 1 15:38:04 CEST 2000 Werner Koch <[email protected]> + + * getkey.c (key_byname): Always returned a defined context. Fixed + a segv for invalid user id specifications. Reported by Walter Koch. + + * getkey.c (get_user_id): I18ned "no user id" string. By Walter. + + * pkclist.c (do_show_revocation_reason): Typo fixes. + * helptext.c: Ditto. + + * armor.c (armor_filter): Fixed some CRLF issues. By Mike McEwan. + +Fri Apr 14 19:37:08 CEST 2000 Werner Koch <[email protected]> + + * pkclist.c (do_show_revocation_reason): New. + (show_revocation_reason): New and called at various places. + + * g10.c (main): Fixed small typo. + + * pkclist.c (do_we_trust): Act on always_trust but not for revoked + keys. Suggested by Chip Salzenberg. + + * g10.c: New option --lock-never. + + * ringedit.c (get_writable_keyblock_file): New. + * keygen.c (do_generate_keypair): Use this instead of the hardwired one. + + * keygen.c (ask_user_id): Check that the email address is in the + correct field. Suggested by Christian Kurz. + +Mon Apr 10 13:34:19 CEST 2000 Werner Koch <[email protected]> + + * keyedit.c (show_key_with_all_names): s/sbb/ssb/ + +Tue Mar 28 14:26:58 CEST 2000 Werner Koch <[email protected]> + + * trustdb.c (verify_own_keys): Do not print warning about unprotected + key when in quiet mode. + +Wed Mar 22 13:50:24 CET 2000 Werner Koch <[email protected]> + + * mainproc.c (print_userid): Do UTF8 conversion before printing. + * import.c (import_one): Ditto. + (import_secret_one): Ditto. + (delete_inv_parts): Ditto. + +Thu Mar 16 16:20:23 CET 2000 Werner Koch <[email protected]> + + * keylist.c (print_key_data): Handle a NULL pk gracefully. + + * getkey.c (merge_one_pk_and_selfsig): Fixed silly code for + getting the primary keys keyID but kept using the one from the + subkey. + * pubkey-enc.c (get_it): Print a note for expired subkeys. + + * getkey.c (has_expired): New. + (subkeys_expiretime): New. + (finish_lookup): Check for expired subkeys needed for encryption. + (merge_keys_and_selfsig): Fixed expiration date merging for subkeys. + + * keylist.c (list_keyblock): Print expiration time for "sub". + (list_one): Add missing merging for public keys. + * mainproc.c (list_node): Ditto. + +2000-03-14 13:49:38 Werner Koch ([email protected]) + + * keygen.c (keyedit_menu): Do not allow to use certain commands + while the secret key is selected. + +2000-03-09 12:53:09 Werner Koch ([email protected]) + + * keygen.c (ask_expire_interval): Movede parsig to ... + (parse_expire_string): ... this new function. And some new control + commands. + (proc_parameter_file): Add expire date parsing. + (do_generate_keypair): Allow the use of specified output files. + +2000-03-08 10:38:38 Werner Koch ([email protected]) + + * keygen.c (ask_algo): Removed is_v4 return value and the commented + code to create Elg keys in a v3 packet. Removed the rounding + of key sizes here. + (do_create): Likewise removed arg v4_packet. + (gen_elg): Likewise removed arg version. Now rounding keysizes here. + (gen_dsa): Rounding keysize now here. + (release_parameter_list): New + (get_parameter*): New. + (proc_parameter_file): New. + (read_parameter_file): New. + (generate_keypair): Splitted. Now uses read_parameter_file when in + batch mode. Additional argument to specify a parameter file. + (do_generate_keypair): Main bulk of above fucntion and uses the + parameter list. + (do_create): Don't print long notice in batch mode. + * g10.c (main): Allow batched key generation. + +Thu Mar 2 15:37:46 CET 2000 Werner Koch <[email protected]> + + * pubkey-enc.c (get_it): Print a note about unknown cipher algos. + + * g10.c (opts): Add a note to the help listing about the man page + and removed some options from the help listing. + + * keyedit.c (print_and_check_one_sig): Use a new function to truncate + the output of the user ID. Suggested by Jan-Benedict Glaw. + +Wed Feb 23 10:07:57 CET 2000 Werner Koch <[email protected]> + + * helptext.c: typo fix. + +Thu Feb 17 13:39:32 CET 2000 Werner Koch <[email protected]> + + * revoke.c: Removed a bunch of commented code. + + * packet.h (SIGSUBPKT_REVOC_REASON): New. + * build-packet.c (build_sig_subpkt): Support new sub packet. + * parse-packet.c (parse_one_sig_subpkt): Ditto. + (dump_sig_subpkt): Ditto. + * revoke.c (ask_revocation_reason): New. + (release_revocation_reason_info): New. + (revocation_reason_build_cb): New. + (gen_revoke): Ask for reason. + * main.h (struct revocation_reason_info): Add declaration. + * keyedit.c (menu_revsig): Add support for revocation reason. + (menu_revkey): Ditto. + (sign_uid_mk_attrib): Renamed to ... + (sign_mk_attrib): ... this, made static and add support for reasons. + +Tue Feb 15 08:48:13 CET 2000 Werner Koch <[email protected]> + + * build-packet.c (build_packet): Fixed fixing of old comment packets. + + * import.c (import_keys): Fixed importing from stdin when called with + nnames set to zero as it normally happens. + +Mon Feb 14 14:30:20 CET 2000 Werner Koch <[email protected]> + + * sig-check.c (check_key_signature2): Add new arg r_expired. + (do_signature_check): New arg to pass it down to ... + (do_check): New arg r-expire which is set when the signature + has expired. + * trustdb.c (check_sig_record): Set SIGF_EXPIRED flag and set + the expiretime to zero so that thi signature will not be checked + anymore. + +Fri Feb 11 17:44:40 CET 2000 Werner Koch <[email protected]> + + * g10.c (g10_exit): Update the random seed_file. + (main): Set the random seed file. New option --no-random-seed-file. + +Thu Feb 10 17:39:44 CET 2000 Werner Koch <[email protected]> + + * keyedit.c (menu_expire): Fixed segv due to unitialized sub_pk. + By Rémi. + +Thu Feb 10 11:39:41 CET 2000 Werner Koch <[email protected]> + + * keylist.c (list_keyblock): Don't print warnings in the middle of + regulat output lines. By Rémi. + + * sig-check.c: Include options.h + +Wed Feb 9 15:33:44 CET 2000 Werner Koch <[email protected]> + + * gpg.c: New option --ignore-time-conflict + * sig-check.c (do_check): Implemented this option. + * trustdb.c (check_trust): Ditto. + * sign.c (do_sign): Ditto. + * keygen.c (generate_subkeypair): Ditto. + + * encode.c (encode_simple): use iobuf_cancel after open failure. + Reported by Huy Le. + +Fri Jan 14 18:32:01 CET 2000 Werner Koch <[email protected]> + + * packet.h (STRING2KEY): Changed mode from byte to int. + * parse-packet.c (parse_key): Add the special GNU protection stuff + * build-packet.c (so_secret_key): Ditto. + * seckey-cert.c (do_check): Ditto. + * keyedit.c (change_passphrase): Ditto. + * export.c (export_secsubkeys): New. + (do_export_stream): Hack to export the primary key using mode 1001. + * g10.c: New command --export-secret-subkeys + +Thu Jan 13 19:31:58 CET 2000 Werner Koch <[email protected]> + + * armor.c (is_armored): Check for 1-pass-sig packets. Reported by + David Hallinan <[email protected]>. + (armor_filter): Replaced one LF by the LF macro. Reported by + Wolfgang Redtenbacher. + +Wed Jan 5 11:51:17 CET 2000 Werner Koch <[email protected]> + + * g10.c (main): Reset new global flag opt.pgp2_workarounds + when --openpgp is used. + * mainproc.c (proc_plaintext): Do the PGP2,5 workarounds only + when the global flag is set. + (proc_tree): Ditto. + * textfilter.c (copy_clearsig_text): Ditto. + * armor.c (armor_filter): Ditto. + + * g10.c: New option --list-only + * mainproc.c (proc_tree): Don't do it if opt.list_only is active. + (proc_pubkey_enc): Implement option. + + * status.h, status.c ({BEGIN,END}_{EN,DE}CRYPTION): New. + * cipher.c (cipher_filter): New status outputs. + * mainproc.c (proc_encrypted): New status outputs. + +Fri Dec 31 14:08:15 CET 1999 Werner Koch <[email protected]> + + * armor.c (armor_filter): Made the "Comment:" header translatable. + + * hkp.c (hkp_import): Make sure that the program does not return + success when there is a connection problem. Reported by Phillip Jones. + +Sun Dec 19 15:22:26 CET 1999 Werner Koch <[email protected]> + + * armor.c (LF): Use this new macro at all places where a line LF + is needed. This way DOSish textfiles should be created when the + input data is also in dos mode. + * sign.c (LF): Ditto. + * textfilter.c (LF): Ditto. + (copy_clearsig_text): Disabled the forcing of CR,LF sequences + for DOS systems. + + * plaintext.c (handle_plaintext): Fixes for line endings on DOS. + and react on a LF in cleartext. + * armor.c (fake_packet): Restore the original line ending after + removing trailing spaces. + + * signal.c (got_fatal_signal): DOS fix. + +Thu Dec 16 10:07:58 CET 1999 Werner Koch <[email protected]> + + * mainproc.c (print_failed_pkenc): Fix for unknown algorithm. + Found by [email protected]. + +Thu Dec 9 10:31:05 CET 1999 Werner Koch <[email protected]> + + * hkp.c: i18n the strings. + +Sat Dec 4 15:32:20 CET 1999 Werner Koch <[email protected]> + + * trustdb.c (verify_key): Shortcut for ultimately trusted keys. + +Sat Dec 4 12:30:28 CET 1999 Werner Koch <[email protected]> + + * pkclist.c (build_pk_list): Validate the trust using the namehash + if this one has been set by the key lookup. + + * g10.c: Add --delete-secret-key to the help page. + + * openfile.c (copy_options_file): Made static. + (try_make_homedir): New. + * ringedit.c (add_keyblock_resource): Use the try_make_hoemdir logic. + * tdbio.c (tdbio_set_dbname): Likewise. + + * keygen.c (generate_user_id): Use m_alloc_clear() here. We should + better use an allocation function specific to the user_id packet. + + * keygen.c (keygen_add_std_prefs): Changed symmetric preferences + to include Blowfish again. This is due to it's better speed compared + to CAST5. + + * g10.c (strusage): Print the home directory. + + * armor.c (armor_filter): Take action on the cancel control msg. + * filter.h (armor_filter_context_t): Add cancel flag. + +Mon Nov 29 21:52:11 CET 1999 Werner Koch <[email protected]> + + * g10.c: New option --fast-list-mode .. + * keylist.c (list_keyblock): .. and implemented. + * mainproc.c (list_node): Ditto. + + * import.c (mark_non_selfsigned_uids_valid): Fixed the case that there + is a uid without any packet following. + +Mon Nov 22 11:14:53 CET 1999 Werner Koch <[email protected]> + + * mainproc.c (proc_plaintext): Never enable the hash processing + when skip_verify is active. + + * armor.c (parse_header_line): Stop parsing on a WS line too. + Suggested by Aric Cyr. + + * tdbdump.c (HEXTOBIN): Changed the name of the argument, so that + traditional cpp don't mess up the macros. Suggested by Jos Backus. + + * mainproc.c (list_node): Print the PK algo in the --with-colon mode. + * keylist.c (list_keyblock): Ditto. + + * signal.c (got_fatal_signal): Found the reason why exit(8) did not + work - it is better to set the disposition back to default before + raising the signal. Print the notice on stderr always. + +Fri Nov 12 20:33:19 CET 1999 Werner Koch <[email protected]> + + * g10.c (make_username): Swapped the logic. + * keylist.c (public_key_list): Now takes a STRLIST as arg and moved + the creation ot this list to the caller, so that he can copy with + UTF-conversion of user IDs. Changed all callers. + (secret_key_list): Likewise. + + * getkey.c (get_user_id_string_native): New and ... + * encode.c (write_pubkey_enc_from_list): ... use it here. + + * pubring.asc: Updated. + + * packet.h (PKT_PHOTO_ID): New. + * parse-packet.c (parse_photo_id): New. + * build-packet.c (do_user_id: Handle photo IDs. + (build_packet): Change CTB for photo IDs + * free-packet.c (free_user_id): Release memory used for photo IDs + * sig-check.c (hash_uid_node): Handle photo IDs too. + * trustdb.c (print_uid_from_keyblock): Hash photo ID. + (make_uid_records): Ditto. + * getkey.c (find_by_name): Ditto. + * keyedit.c (show_prefs): Ditto. + * keylist.c (list_keyblock): Ditto. + +Thu Oct 28 16:08:20 CEST 1999 Werner Koch <[email protected]> + + * keygen.c (ask_expire_interval): Print a warning for systems + with a signed 32 time_t if the exiration time is beyoind 2038. + +Fri Oct 8 20:40:50 CEST 1999 Werner Koch <[email protected]> + + * ringedit.c (enum_keyblocks): The last fix way really stupid; + reverted and set rt to Unknown. + +Fri Oct 8 20:32:01 CEST 1999 Werner Koch <[email protected]> + + * ringedit.c (enum_keyblocks): Zero the entire kbpos out on open. + + * g10.c (oEntropyDLL): Removed option. + (main): Made the warning on development versions more verbose. + + * g10.c (oHonorHttpProxy): New option. + * hkp.c (hkp_ask_import,hkp_export): Implement this option. + * options.skel: Enable this option for new installations + +Mon Oct 4 21:23:04 CEST 1999 Werner Koch <[email protected]> + + * import.c (import_keys): Changed calling interface, adjusted caller. + (import): Moved printing of stats out ... + (print_stats): New. ... to here. + (import_keys_stream): Call stats print here. + (import_keys): Print stats as totals for all files. + + * tdbio.h (DIRF_NEWKEYS): New + * tdbio.c (tdbio_dump_record): Print the new flag. + * trustdb.c (check_trust_record): New arg sigs_only. Adapted all + callers. + (do_update_trust_record): Removed recheck arg and add a new sigs_only + do we can later improve on the performance. Changed all callers too. + (check_trustdb): Evalutate the new flag and add a status output. + Do a check when the dir record has not been checked. + (build_cert_tree): Evaluate the new flag. + (check_trust): Ditto. Do a trust_record check, when the dir record + is not marked as checked. + (mark_fresh_keys): New. + (clear_lid_table): New. + (sync_trustdb): New. + * import.c (import_keys): Call sync_trustdb() after processing. + (import_keys_stream): Ditto. + * tdbdump.c (import_ownertrust): Ditto. + + * import.c (import_revoke_cert): Notify the trust DB. + (do_update_trust_record): Use |= to set the REVOKED bit and not &=; + shame on me for this bad copy+paste introduced bug. + (do_we_trust): Add trustmask to allow revoked key override to work. + Chnaged are to allow return of a mofified trustlevel. Adapted the + one caller. + + * g10.c: New options --emulate-3des-s2k-bug + * passphrase.c (hash_passphrase): Implemented above. + + * mainproc.c (proc_tree): Check for standalone signatures. + (do_check_sig): Print a notice for a standalone revocation + (check_sig_and_print): Do not print an error for unchecked standalone + revocations. + +Tue Sep 28 20:54:37 CEST 1999 Werner Koch <[email protected]> + + * encode.c (encode_simple): Use new CTB when we don't have the + length of the file. This is somewhat strange as the comment above + indicates that this part is actually fixed for PGP 5 - maybe I simply + lost the source line, tsss. + + * armor.c (armor_filter): Set a flag if no OpenPGP data has been found. + * verify.c (verify_signatures): Add an error helptext. + +Thu Sep 23 19:24:30 CEST 1999 Werner Koch <[email protected]> + + * openfile.c (open_outfile): Fixed the 8dot3 handling. + + * passphrase.c (passphrase_to_dek): Print uid using utf8 func. + * delkey.c (delete_key): Ditto. + * pkclist.c (show_paths,do_edit_ownertrust,do_we_trust): Ditto + (do_we_trust_pre): Ditto. + * trustdb.c (print_user_id,check_uidsigs): Ditto. + * revoke.c (gen_revoke,ask_revoke_sig): Ditto. + +Thu Sep 23 09:52:58 CEST 1999 Werner Koch <[email protected]> + + * verify.c (print_file_status): New. + (verify_one_file): Moved status print to th new fnc. Add error status. + * status.c, status.h (STATUS_FILE_ERROR): New + +Wed Sep 22 10:14:17 CEST 1999 Werner Koch <[email protected]> + + * openfile.c (make_outfile_name): Use case-insenstive compare for + DOS systems. Add ".pgp" to the list of know extensions. + (open_outfile): For DOS systems try to replace the suffiy instead of + appending it. + + * status.c, status.h: Add STATUS_FILE_{START,DONE}. + * verify.c (verify_one_file): Emit these new stati. + + * sign.c (clearsign_file): Avoid duplicated Entries in the "Hash:" + line. Those headers are now only _not_ printed when there are + only old-style keys _and_ all hashs are MD5. + +Mon Sep 20 12:24:41 CEST 1999 Werner Koch <[email protected]> + + + * verify.c (verify_files, ferify_one_file): New. + * g10.c: New command --verify-files + +Fri Sep 17 12:56:42 CEST 1999 Werner Koch <[email protected]> + + * g10.c: Add UK spelling as alias for armor options ;-) + + * import.c (append_uid): Fixed a SEGV when there is no selfsig and + no subkey. + (merge_sigs): Ditto. Removed the assertion. + +Wed Sep 15 16:22:17 CEST 1999 Werner Koch <[email protected]> + + * g10.c: New option --entropy-dll-name + +Mon Sep 13 10:51:29 CEST 1999 Werner Koch <[email protected]> + + * signal.c (got_fatal_signal): Print message using write(2) and + only for development versions. + +Mon Sep 6 19:59:08 CEST 1999 Werner Koch <[email protected]> + + * tdbio.c (tdbio_set_dbname): Use mkdir macro + * ringedit.c (add_keyblock_resource): Ditto. + +Fri Sep 3 10:04:45 CEST 1999 Werner Koch <[email protected]> + + * pkclist.c (build_pk_list): Skip keys set with --encrypt-to also + when asking for a key. + + * plaintext.c (handle_plaintext): Make sure that we don't read a + second EOF in the read loop for partial length packets. + + * mainproc.c (check_sig_and_print): print user ID as utf-8. + +Thu Sep 2 16:40:55 CEST 1999 Werner Koch <[email protected]> + + * import.c (merge_blocks): First add new subkeys, then merge subkey + certificates. + (merge_sigs): Don't merge subkey signatures here. + +Wed Sep 1 15:30:44 CEST 1999 Werner Koch <[email protected]> + + * keygen.c (ask_expire_interval): Fixed bug related to cpr_xx (tnx + Francis J. Lacoste). + +Tue Aug 31 17:20:44 CEST 1999 Werner Koch <[email protected]> + + * plaintext.c (do_hash): Hash CR,LF for a single CR. + (ask_for_detached_datafile): Changed arguments to be closer to + those of hash_datafiles and cleanup the code a bit. + * mainproc.c (proc_tree): Workaround for pgp5 textmode detached + signatures. Changed behavior of asking for data file to be the same + as with provided data files. + + * keylist.c (list_keyblock): Use UTF8 print functions. + +Mon Aug 30 20:38:33 CEST 1999 Werner Koch <[email protected]> + + * import.c (chk_self_sigs): some s/log_error/log_info/ so that gpg + does not return an error if a key has some invalid packets. + + * helptext.c: Fixed some typos and changed the way the + translation works. The english text is now the keyword for gettext + and not anymore the keyword supplied to the function. Done after + some discussion with Walter who thinks this is much easier for the + translators. + + * misc.c (disable_core_dumps): Don't do it for DOSish systems. + + * signal.c (signal_name): Bounds check on signum. + +Wed Aug 4 10:34:18 CEST 1999 Werner Koch <[email protected]> + + * pubring.asc: Updated. + + * pkclist.c (do_we_trust_pre,check_signatures_trust): Do not print + the warning about --always_trust when --quiet is used. + + * pkclist.c (fpr_info): New and called at several places. + + * parse-packet.c (dump_sig_subpkt): List revocation key contents. + +Mon Jul 26 09:34:46 CEST 1999 Werner Koch <[email protected]> + + * pkclist.c (build_pk_list): Fixed typo in format string. + + * trustdb.c (create_shadow_dir): Don't translate the error string. + + * g10.c (main): Fixed spelling of user-id. + * getkey.c (find_by_name_pk,find_by_name_sk, + find_by_keyid,find_by_keyid_sk): Ditto and translate it. + * import.c (mark_non_selfsigned_uids_valid,delete_inv_parts): Ditto. + + +Mon Jul 26 01:01:39 CEST 1999 Michael Roth <[email protected]> + + * g10.c, options.h: New options --no-literal and --set-filesize + + * encode.c (encode_simple, encode_crypt): Support for the options + --no-literal and --set-filesize. + + * sign.c (sign_file): ditto. + +Fri Jul 23 13:53:03 CEST 1999 Werner Koch <[email protected]> + + + * ringedit.c (enum_keyblocks): Removed annoying error message in cases + when we have no keyring at all to enum. + + * getkey.c (classify_user_id): Rewrote to relax the recognition of + keyIDs and fingerprints (Michael). + + * mainproc.c (check_sig_and_print): Print status NO_PUBKEY. + (print_failed_pkenc): Print status NO_SECKEY. + + * import.c (mark_non_selfsigned_uids_valid): New. + * g10.c: New option --allow-non-selfsigned-uid. + + * pkclist.c (print_fpr): New. + (do_we_trust_pre): Print the fpr before asking whether to use the key + anyway. + (do_edit_ownertrust): Likewise. + +Thu Jul 22 20:03:03 CEST 1999 Werner Koch <[email protected]> + + + * ringedit.c (enum_keyblocks): Removed annoying error message in cases + when we have no keyring at all to enum. + + * getkey.c (classify_user_id): Rewrote to relax the recognition of + keyIDs and fingerprints (Michael). + + * mainproc.c (check_sig_and_print): Print status NO_PUBKEY. + (print_failed_pkenc): Print status NO_SECKEY. + + * import.c (mark_non_selfsigned_uids_valid): New. + * g10.c: New option --allow-non-selfsigned-uid. + +Thu Jul 15 10:15:35 CEST 1999 Werner Koch <[email protected]> + + * g10.c: New options --disable-{cipher,pubkey}-algo. + +Wed Jul 14 19:42:08 CEST 1999 Werner Koch <[email protected]> + + * status.h (STATUS_IMPORTED): New. + * import.c (import): Print some status information (Holger Schurig). + + * g10.c (main): Make --no-greeting work again. Add a warning when + --force-mds is used. + +Tue Jul 13 17:39:25 CEST 1999 Werner Koch <[email protected]> + + * pkclist.c (do_edit_ownertrust): Changed the way help works. + (build_pk_list): Implemented default recipient stuff. + * g10.c: New options --default-recipient[-self] + (main): Suppress greeting in most cases, entering a passphrase or + a missing value is not considered to be interactive use. + Merged --print-md and --print-mds; the latter is now obsolete. + Changed the way --gen-random works and documented it. + Changed the way --gen-prime works and add a man entry. + * g10.c (MAINTAINER_OPTIONS): Removed. + +Mon Jul 12 18:45:57 CEST 1999 Werner Koch <[email protected]> + + * keyedit.c (keyedit_menu): Add arg sign_mode and changed callers + * g10.c (main): New command --lsign-key. + +Mon Jul 12 14:55:34 CEST 1999 Werner Koch <[email protected]> + + * mainproc.c (kidlist_item): New. + (release_list): Release failed pk-enc-list. + (print_failed_pkenc): New + (proc_encrypted): Print info about failed PK enc. + + * openfile.c (make_outfile_name): s/error/info/ + + * passphrase.c (passphrase_to_dek): Return an empty passphrase when + in batch mode and don't make the warning message fatal + * seckey-cert.c (check_secret_key): Try only once when in batch mode. + + * g10.c (make_username): New. + +Thu Jul 8 16:21:27 CEST 1999 Werner Koch <[email protected]> + + + * packet.h (PKT_ring_trust): New + * parse-packet.c (parse_trust): Store trust value + * build-packet (build_packet): Ignore ring trust packets. + * mainproc.c (add_ring_trust): New. + (list_node): Print "rtv" records. + * g10.c: New option --with-fingerprint. + + * trustdb.c (verify_own_keys): Don't insert if we are dry running + (check_trust): Ditto. + +Wed Jul 7 13:08:40 CEST 1999 Werner Koch <[email protected]> + + * Makefile.am: Support for libtool. + + * keygen.c (ask_expire_interval): Hack to allow for an expire date. + + * trustdb.c (do_update_trust_record,update_trust_record): Splitted. + (check_trust_record): New. + (check_trust,build_cert_tree): Check the dir record as needed. + (upd_pref_record): Removed. + (make_pref_record): New. + (propagate_validity): Stop as soon as we have enough validity. + + * tbdio.c (MAX_CACHE_ENTRIES_HARD): Increased the limit. + + +Fri Jul 2 11:45:54 CEST 1999 Werner Koch <[email protected]> + + * g10.c (g10_exit): Dump random stats. + + * sig-check.c (check_key_signature,check_key_signature2): Enhanced + version and wrapper for old function. + (do_signature_check,signature_check): Ditto. + +Thu Jul 1 12:47:31 CEST 1999 Werner Koch <[email protected]> + + + * keyedit.c (show_key_with_all_names): Print a notice for disabled keys. + (enable_disable_keys): Add functionality + * pkclist.c (edit_ownertrust): preserve disabled state. + (build_pk_list): Skip disabled keys. + * trustdb.c (upd_one_ownertrust): Ditto. + (build_cert_tree): Mask the ownertrust. + (trust_letter): Mask the value. + (do_check): Take disabled flag into account. + + * passphrase.c (passphrase_to_dek): Add a pubkey_algo arg and changed + all callers. + + * g10.c (utf8_strings): 2 new options. + + * trustdb.c (insert_trust_record_by_pk): New, replaces the next one. + (insert_trust_record): Now takes a keyblock as arg. Changed all + callers to use the appropritae function. + + * openfile.c (ask_outfile_name): New. + * plaintext.c (handle_plaintext): Ask for filename if there is + no valid syntax. Don't use fname varbatim but filter it. + +Tue Jun 29 21:44:25 CEST 1999 Werner Koch <[email protected]> + + + * trustdb.h (TRUST_FLAG_DISABLED): New. + + * status.c (USE_CAPABILITIES): Capabilities support (Remi). + + * tdbio.c : Added new fields to the DIR record. + (tdbio_write_record): Fixed the update of the hash tables. + (tdbio_delete_record): Drop the record from the hash tables. + (drop_from_hashtbl): New. + + * status.c (cpr_get): Special online help mode. + * helptext.c ("keyedit.cmd"): Removed. + * keyedit.c (keyedit_menu): Use only help system. + (enable_disable_key): New bit doies not yet work. + +Sat Jun 26 12:15:59 CEST 1999 Werner Koch <[email protected]> + + + * dearmor.c (enarmor_file): Fixed comment string. + * tdbdump.c (export_ownertrust): Text fix. + * tbio.c (tdbio_invalid): Ditto. + + * parse-packet.c (parse_key): Made temp buffer larger. + + * Makefile.am (install-data-local): Add missing backslashes + +Tue Jun 15 12:21:08 CEST 1999 Werner Koch <[email protected]> + + * g10.c (main): Made iterated+salted the default S2K method. + + * Makefile.am (install-data-local): Use DESTDIR. + + * passphrase.c (passphrase_to_dek): Emit missing-passphrase while in + batchmode. + + * parse-packet.c (parse_pubkeyenc): Fixed a SEGV. + +Mon Jun 14 21:18:54 CEST 1999 Michael Roth <[email protected]> + + * g10.c: New options --openpgp, --no-tty, --emit-version, + --default-comment and --lock-multiple + +Thu Jun 10 14:18:23 CEST 1999 Werner Koch <[email protected]> + + * free-packet.c (free_encrypted): Fixed EOF case (Remi). + (free_plaintext): Ditto. + + * helptext.c (keyedit.delsig.unknown): New (Remi). + * keyedit.c (print_and_check_one_sig): Add arg print_without_key and + changed all callers to make use of it (Remi): + +Tue Jun 8 13:36:25 CEST 1999 Werner Koch <[email protected]> + + * keylist.c (print_key_data): New and called elsewhere. + * g10.c: New option --with-key-data + +Wed Jun 2 14:17:19 CEST 1999 Werner Koch <[email protected]> + + * mainproc.c (proc_tree): Yet another bad hack to cope with + broken pgp2 created detached messages in textmode. + +Tue Jun 1 16:01:46 CEST 1999 Werner Koch <[email protected]> + + * openfile.c (make_outfile_name): New. + * plaintext.c (handle_plaintext): Outputfile is now the inputfile + without the suffix. + * g10.c: New option --use-embedded-filename + +Mon May 31 19:41:10 CEST 1999 Werner Koch <[email protected]> + + * g10.c (main): Fix for SHM init (Michael). + + * compress.c, encr-data.c, mdfilter.c, + plaintext.c, free-packet.c: Speed patches (Rémi). + +Thu May 27 09:40:55 CEST 1999 Werner Koch <[email protected]> + + * status.c (cpr_get_answer_yes_no_quit): New. + * keyedit.c (menu_delsig): New. + (check_all_keysigs): Splitted. + (print_and_check_one_sig): New. + +Wed May 26 14:36:29 CEST 1999 Werner Koch <[email protected]> + + * build-packet.c (build_sig_subpkt): Support large packets. + * parse-packet.c (enum_sig_subpkt): Replaces parse_sig_subpkt. + * mainproc.c (print_notation_data): Print all notation packets. + * g10.c (add_notation_data): Add a way to specify the critical flag. + (main): Add option --set-policy-url. + (check_policy_url): Basic checks. + * sign.c (mk_notation_and_policy): Replaces mk_notation. + + * parse-packet.c (can_handle_critical): Moved decision whether we can + handle critical subpacket to an extra function. + +Tue May 25 19:50:32 CEST 1999 Werner Koch <[email protected]> + + * sign.c (sign_file): Always use compression algo 1 for signed + onyl file becuase we can´ be sure the the verifier supports other + algorithms. + + * build-packet.c (build_sig_subpkt): Support for notation data. + * sign.c (sign_file,clearsign_file,make_keysig_packet): Ditto. + (mk_notation): New. + * g10.c (add_notation_data): New and add option -N + * mainproc.c (print_notation_data): New. + (check_sig_and_print): Print any notation data of the signed text. + +Sun May 23 14:20:22 CEST 1999 Werner Koch <[email protected]> + + * pkclist.c (check_signatures_trust): Print a warning and return + immediateley if opt.always_trust is true. + + * g10.c (main): Corrected handling of no-default-keyring + + * pkclist.c (algo_available): Disable Twofish until we have settled + how to do the MDC. + + * hkp.c: Disable everything for mingw32 + +Sat May 22 22:47:26 CEST 1999 Werner Koch <[email protected]> + + * mainproc.c (check_sig_and_print): Add sig creation time to the + VALIDSIG status output. Add more info to the ERRSIG output. + * sig-check.c (signature_check): Add sig time after epoch to SIG_ID. + + * import.c (import_one): Merge duplicate user IDs. + (collapse_uids): New. + * kbnode.c (move_kbnode): New. + (remove_kbnode): New. + * keyedit.c (keyedit_menu): Call collapse_uids. + + * g10.c: new option --logger-fd. + + * import.c: s/log_*_f/log_*/ + +Thu May 20 14:04:08 CEST 1999 Werner Koch <[email protected]> + + * misc.c (pull_in_libs): do the volatile only for gcc + + * sig-check (signature_check): Emit SIG_iD only for classes 0 and 1. + + * armor.c (armor_filter): Add detection of PGP2 created clearsigs. + (fake_packet): A tab is not a WS for pgp2 - handle this. + * textfilter.c (len_without_trailing_chars): New. + (copy_clearsig_text): Add pgp2mode arg. + * sign.c (clearsign_file): pass old_style to the above fnc. + + +Wed May 19 16:04:30 CEST 1999 Werner Koch <[email protected]> + + * g10.c: New option --interactive. + + * mainproc.c (proc_plaintext): Add workaround for pgp2 bug + (do_check_sig): Ditto. + (proc_tree): Ditto. + * plaintext.c (do_hash): Ditto. + (hash_datafiles): Ditto, add an arg, changed all callers. + * mdfilter.c (md_filter): Add support for the alternate hash context. + +Mon May 17 21:54:43 CEST 1999 Werner Koch <[email protected]> + + * parse-packet.c (parse_encrypted): Support for PKT_ENCRYPTED_MDC. + * build-packet.c (do_encrypted_mdc): Ditto. + * cipher.c (write_header): Add mdc hashing. + (cipher_filter): write out the hash. + * mainproc.c (do_proc_packets): Add PKT_ENCRYPTED_MDC. + * encr-data.c (decrypt_data): Add mdc hashing. + (mdc_decode_filter): New. + + * parse-packet.c (parse_sig_subpkt): Fixed stupid bug for subpkt + length calculation + (parse_signature): Fixed even more stupid bug. + +Sat May 8 19:28:08 CEST 1999 Werner Koch <[email protected]> + + * build-packet.c (do_signature): Removed MDC hack. + * encode.c (encode_crypt_mdc): Removed. + * mainproc.c (do_check_sig): Removed MDC hack. + (check_sig_and_print): Ditto. + * parse-packet.c (parse_signature): Ditto. + * sig-check.c (mdc_kludge_check): Ditto. + * free-packte.c (copy_signature, free_seckey_enc): Ditto. + + * parse-packet.c (parse_signature,parse_key): Store data of + unknown algorithms with mpi_set_opaque inseatd of the old + faked data stuff. + (read_rest): Removed. + (read_rest2): Renamed to read_rest + * build-packet.c (write_fake_data): Use mpi_get_opaque. + * free-packet.c (cp_fake_data): Removed and cahnged all callers + to use mpi_copy. + (free_pubkey_enc,free_seckey_enc,release_public_key_parts, + release_secret_key_parts): Use mpi_free for opaque data. + +Thu May 6 14:18:17 CEST 1999 Werner Koch <[email protected]> + + * trustdb.c (check_trust): Check for revoked subkeys. + * pkclist.c (do_we_trust): Handled revoked subkeys. + (do_we_trust_pre): Ditto. + (check_signatures_trust): Ditto. + + * build-packet.c (hash_public_key): Fix for ancient g10 keys. + + * mainproc.c (do_proc_packets): Return EOF if no data has been read. + * g10.c (main): Catch errors for default operation. + +Thu Apr 29 12:29:22 CEST 1999 Werner Koch <[email protected]> + + * sign.c (sign_file): Fixed hashing in case of no subpackets. + (clearsign_file): Ditto. + (make_keysig_packet): Ditto. + +Wed Apr 28 13:03:03 CEST 1999 Werner Koch <[email protected]> + + * keyedit.c (keyedit_menu): Add new command revkey. + * (menu_revkey): New. + + +Mon Apr 26 17:48:15 CEST 1999 Werner Koch <[email protected]> + + * parse-packet.c (parse_signature): Add the MDC hack. + * build-packet.c (do_signature): Ditto. + * free-packet.c (free_seckey_enc,copy_signature,cmp_signatures): Ditto. + * mainproc.c (do_check_sig): Ditto. + * sig-check.c (mdc_kludge_check): New. + * encode.c (encrypt_mdc_file): New. + + * keyedit.c (check_all_keysigs): List revocations. + * (menu_revsig): New. + * sign (make_keysig_packet): Support for class 0x30. + +Sun Apr 18 20:48:15 CEST 1999 Werner Koch <[email protected]> + + * pkclist.c (select_algo_from_prefs): Fixed the case that one key + has no preferences (Remi Guyomarch). + + keylist.c (list_keyblock): ulti_hack to propagate trust to all uids. + +Sun Apr 18 10:11:28 CEST 1999 Werner Koch <[email protected]> + + * seckey-cert.c (do_check): Use real IV instead of a 0 one, so that + it works even if the length of the IV doesn't match the blocksize. + Removed the save_iv stuff. + (protect_secret_key): Likewise. Create the IV here. + * packet.h (PKT_secret_key): Increased size of IV field and add a + ivlen field. + * parse-packet.c (parse_key): Use the len protect.ivlen. + * build-packet.c (do_secret_key). Ditto. + + * getkey.c (key_byname): Close keyblocks. + + * Makefile.am (gpgm): Removed this + * g10.c: Merged gpg and gpgm + + * import.c (import): Utilize option quiet. + * tdbio.c (tdbio_set_dbname): Ditto. + * ringedit.c (add_keyblock_resource,keyring_copy): Ditto. + + * keyedit.c (sign_uids): Add some batch support. + + * g10.c (main): add call to tty_batchmode. + +Fri Apr 9 12:26:25 CEST 1999 Werner Koch <[email protected]> + + * status.c (write_status_text): Some more status codes. + * passphrase_to_dek (passphrase_to_dek): add a status code. + * seckey_cert.c (check_secret_key): Likewise. + + * encr-data.c (decrypt_data): Reverse the last changes + * cipher.c (write_header): Ditto. + + * parse-packet.c (parse_key): Dropped kludge for ancient blowfish mode. + +Thu Apr 8 09:35:53 CEST 1999 Werner Koch <[email protected]> + + * mainproc.c (proc_encrypted): Add a new status output + * passphrase.c (passphrase_to_dek): Ditto. + * status.h status.c: Add new status tokens. + +Wed Apr 7 20:51:39 CEST 1999 Werner Koch <[email protected]> + + * encr-data.c (decrypt_data): Fixes for 128 bit blocksize + * cipher.c (write_header): Ditto. + * seckey-cert.c (do_check): Ditto. + (protect_secret_key). Ditto. + * misc.c (print_cipher_algo_note): Twofish is now a standard algo. + + * keygen.c (do_create): Fixed spelling (Gaël Quéri) + (ask_keysize): Only allow keysizes up to 4096 + + * ringedit.c (add_keyblock_resource): chmod newly created secrings. + + * import.c (delete_inv_parts): Fixed accidently deleted subkeys. + +Tue Apr 6 19:58:12 CEST 1999 Werner Koch <[email protected]> + + * armor.c: Removed duped include (John Bley) + * mainproc.c: Ditto. + + * build-packet.c (hash_public_key): Fixed hashing of the header. + + * import.c (delete_inv_parts): Allow import of own non-exportable sigs. + +Sat Mar 20 13:59:47 CET 1999 Werner Koch <[email protected]> + + * armor.c (fake_packet): Fix for not not-dash-escaped + +Sat Mar 20 11:44:21 CET 1999 Werner Koch <[email protected]> + + * g10.c (main): Added command --recv-keys + * hkp.c (hkp_import): New. + +Wed Mar 17 13:09:03 CET 1999 Werner Koch <[email protected]> + + * trustdb.c (check_trust): add new arg add_fnc and changed all callers. + (do_check): Ditto. + (verify_key): Ditto. + (propagate_validity): Use the new add_fnc arg. + (print_user_id): Add the FILE arg. + (propagate_ownertrust): New. + * pkclist.c (add_ownertrust_cb): New and changed the add_ownertrust + logic. + + * getkey.c (get_keyblock_bylid): New. + * trustdb.c (print_uid_from_keyblock): New. + (dump_tn_tree_with_colons): New. + (list_trust_path): Add colon print mode. + + * trustdb.c (insert_trust_record): Always use the primary key. + + * encode.c (encode_simple): Added text_mode filter (Rémi Guyomarch) + (encode_crypt): Ditto. + + * mainproc.c (proc_pubkey_enc): Added status ENC_TO. + * armor.c (armor_filter): Added status NODATA. + * passphrase.c (passphrase_to_dek): Always print NEED_PASSPHRASE + * seckey_cert.c (check_secret_key): Added BAD_PASS status. + + * g10.c (main): Set g10_opt_homedir. + +Sun Mar 14 19:34:36 CET 1999 Werner Koch <[email protected]> + + * keygen.c (do_create): Changed wording of the note (Hugh Daniel) + +Thu Mar 11 16:39:46 CET 1999 Werner Koch <[email protected]> + + * tdbdump.c: New + + * trustdb.c (walk_sigrecs,do_list_sigs,list_sigs, + list_records,list_trustdb,export_ownertrust,import_ownertrust): Moved + to tdbdump.c + (init_trustdb): renamed to setup_trustdb. Changed all callers. + (do_init_trustdb): renamed to init_trustdb(). + * trustdb.c (die_invalid_db): replaced by tdbio_invalid. + * tdbio.c (tdbio_invalid): New. + + * import.c (delete_inv_parts): Skip non exportable signatures. + * keyedit.c (sign_uid_mk_attrib): New. + (sign_uids): Add the local argument. + (keyedit_menu): New "lsign" command. + * trustdb.c (register_trusted_key): Removed this and all related stuff. + * g10.c (oTrustedKey): Removed option. + + * tdbio.h (dir.valcheck): New trustdb field. + * tdbio.c: Add support for this field + (tdbio_read_modify_stamp): New. + (tdbio_write_modify_stamp): New. + * trustdb.c (do_check): Check against this field. Removed cache update. + (verify_key): Add cache update. + (upd_uid_record): Some functional changes. + (upd_cert_record): Ditto + +Wed Mar 10 11:26:18 CET 1999 Werner Koch <[email protected]> + + * keylist.c (list_keyblock): Fixed segv in uid. Print 'u' as + validity of sks. + +Mon Mar 8 20:47:17 CET 1999 Werner Koch <[email protected]> + + * getkey.c (classify_user_id): Add new mode 12 (#<lid>). + + * seckey-cert.c (check_secret_key): replaced error by info. + + * trustdb.c (query_trust_info): Add another arg, changed all callers. + (check_trust): Ditto. + (do_check): Ditto. + (verify_key): Handle namehash. + * keylist.c (list_keyblock): print trust info for user ids. + + * sig-check.c (signature_check): Add sig-created to status output. + +Tue Mar 2 16:44:57 CET 1999 Werner Koch <[email protected]> + + * textfilter.c (copy_clearsig_text): New. + (clearsign): Removed. + * sign.c (clearsign_file): does not use textfiler anymore. + + * keygen.c (ask_user_id): print a note about the used charset. + +Tue Mar 2 10:38:42 CET 1999 Werner Koch <[email protected]> + + * sig-check.c (signature_check): sig-id now works for all algos. + + * armor.c (armor_filter): Fixed armor bypassing. + +Sun Feb 28 19:11:00 CET 1999 Werner Koch <[email protected]> + + * keygen.c (ask_user_id): Don't change the case of email addresses. + (has_invalid_email_chars): Adjusted. + + * keylist.c (list_one): Really list serect keys (Remi Guyomarch) + + * keyedit.c (menu_select_uid): Add some braces to make egcs happy. + (menu_select_key): Ditto. + + * mainproc.c (do_proc_packets): List sym-enc packets (Remi Guyomarch) + +Fri Feb 26 17:55:41 CET 1999 Werner Koch <[email protected]> + + * pkclist.c (build_pk_list): Return error if there are no recipients. + + * sig-check.c (signature_check): New signature id feature. + * armor.c (make_radic64_string): New. + + * mainproc.c (proc_pubkey_enc): early check for seckey availability. + + * pkclist.c (do_we_trust_pre): print user id before asking. + + * ringedit.c (add_keyblock_resource,get_keyblock_handle): Cleaner + handling of default resource. + + +Thu Feb 25 18:47:39 CET 1999 Werner Koch <[email protected]> + + * pkclist.c (algo_available): New. + (select_algo_from_prefs): Check whether algo is available. + + * ringedit.c (keyring_copy): Take care of opt.dry_run. + (do_gdbm_store): Ditto. + * openfile.c (open_outfile). Ditto. + (copy_options_file): Ditto. + * trustdb.c (update_trustdb): Ditto. + (clear_trust_checked_flag): Ditto. + (update_trust_record): Ditto. + (insert_trust_record): Ditto. + +Wed Feb 24 11:07:27 CET 1999 Werner Koch <[email protected]> + + * keylist.c (secret_key_list): Now really list the secret key. + + * trustdb.c (do_init_trustdb): New. Init is now deferred. + +Mon Feb 22 20:04:00 CET 1999 Werner Koch <[email protected]> + + * getkey.c (lookup_sk): Return G10ERR_NO_SECKEY and not x_PUBKEY. + +Fri Feb 19 15:49:15 CET 1999 Werner Koch <[email protected]> + + * pkclist.c (select_algo_from_prefs): retrieve LID if not there. + + * armor.c (fake_packet): Replaced ugly lineending handling. + + * g10.c (oNoEncryptTo): New. + * pkclist.c (build_pk_list): Implemented this option. + + * g10.c (main): Greeting is now printed to stderr and not to tty. + Use add_to_strlist() instead of direct coding. + + * import.c (import): Use iobuf_push_filter2. + + * mainproc.c (check_sig_and_print): Print all user ids + for good signatures. + * getkey.c (get_pubkeyblock): New. + + * import.c (chk_self_sigs): Fixed SEGV for unbounded class 0x18 keys. + (delete_inv_parts): Delete special marked packets. + +Tue Feb 16 14:10:02 CET 1999 Werner Koch <[email protected]> + + * g10.c (main): New option --encrypt-to + + * pkclist.c (build_pk_list): Implemented encrypt-to. + + * parse-packet.c (parse_user_id): Removed the hack to work with + utf-8 strings. + + * g10.c (main): Install lockfile cleanup handler. + * tdbio.c (cleanup): Removed: this is now handled by dotlock. + +Sat Feb 13 14:13:04 CET 1999 Werner Koch <[email protected]> + + * tdbio.c (tdbio_set_dbname): Init lockhandle for a new trustdb + +Wed Feb 10 17:15:39 CET 1999 Werner Koch <[email protected]> + + * g10.c (main): check for development version now in configure + + * tdbio.c (tdbio_write_record): Add uid.validity + (tdbio_read_record) : Ditto. + (tdbio_dump_record) : Ditto. + + * keygen.c (keygen_add_std_prefs): Replaced Blowfish by Twofish, + removed MD5 and Tiger. + * pubkey-enc.c (get_it): Suppress warning about missing Blowfish + in preferences in certain cases. + + * ringedit.c (lock_rentry,unlock_rentry): New. + + * getkey.c (key_byname): Pass ret_kb down to lookup_xx. + + * armor.c (armor_filter): No output of of empty comment lines. + Add option --no-version to suppress the output of the version string. + + * getkey.c: Release the getkey context for auto context variables. + +Sun Jan 24 18:16:26 CET 1999 Werner Koch <[email protected]> + + * getkey.c: Changed the internal design to allow simultaneous + lookup of multible user ids + (get_pubkey_bynames): New. + (get_seckey_bynames): New. + (get_seckey_next): New. + (get_seckey_end): New. + * keylist.c (list_one): Use the new functions. + + * keylist.c (list_keyblock): add a newline for normal listings. + + * g10.c (--recipient): New option name to replace --remote-user + + +Wed Jan 20 18:59:49 CET 1999 Werner Koch <[email protected]> + + * textfilter.c: Mostly rewritten + * plaintext.c (handle_plaintext): Use now text_filter semantics. + +Tue Jan 19 19:34:58 CET 1999 Werner Koch <[email protected]> + + * export.c (export_pubkeys_stream): New. + (do_export_stream): New. + * g10.c (aSendKeys): New command. + * hkp.c (hkp_export): New. + + * compress.c (do_uncompress): Hack for algo 1 and 1.1.3 + +Sun Jan 17 11:04:33 CET 1999 Werner Koch <[email protected]> + + * textfilter.c (text_filter): Now uses iobuf_read_line(). + (read_line): Removed. + + * armor.c (trim_trailing_spaces): Removed and replaced + by trim_trailing_ws from libutil + +Sat Jan 16 12:03:27 CET 1999 Werner Koch <[email protected]> + + * hkp.c (hkp_ask_import): Use only the short keyid + +Sat Jan 16 09:27:30 CET 1999 Werner Koch <[email protected]> + + * import.c (import_key_stream): New + (import): New, moved most of import_keys here. + * g10.c: New option --keyserver + * mainproc.c (check_sig_and_print): Hook to import a pubkey. + + * pref.c pref.h : Removed + + * hkp.c hkp.h: New + +Wed Jan 13 14:10:15 CET 1999 Werner Koch <[email protected]> + + * armor.c (radix64_read): Print an error if a bad armor was detected. + +Wed Jan 13 12:49:36 CET 1999 Werner Koch <[email protected]> + + * armor.c (radix64_read): Now handles malformed armors produced + by some buggy MUAs. + +Tue Jan 12 11:17:18 CET 1999 Werner Koch <[email protected]> + + * ringedit.c (find_keyblock_bysk): New. + + * skc_list.c (is_insecure): New. + (build_sk_list): usage check for insecure keys. + + * import.c (chk_self_sigs): Add handling for subkeys. + (delete_inv_parts): Skip unsigned subkeys + + * sig-check.c (do_check): Print info if the signature is older + than the key. + * keygen.c (generate_subkeypair): Fail on time warp. + * sign.c (do_sign): Ditto. + +Sun Jan 10 15:10:02 CET 1999 Werner Koch <[email protected]> + + * armor.c (fake_packet): Fixed not-dash-escaped bug. + +Sat Jan 9 16:02:23 CET 1999 Werner Koch <[email protected]> + + * sig-check.c (do_check): Output time diff on error + + * status.c (STATUS_VALIDSIG): New. + (is_status_enabled): New. + * mainproc.c (check_sig_and_print): Issue that status message. + + * plaintext.c (special_md_putc): Removed + + * armor.c (armor_filter): print error for truncated lines. + + * free-packet.c (free_encrypted): Revomed call to set_block_mode. + (free_plaintext): Ditto. + +Thu Jan 7 18:00:58 CET 1999 Werner Koch <[email protected]> + + * pkclist.c (add_ownertrust): Fixed return value. + + * encr-data.c (decrypt_data): Disabled iobuf_set_limit and + iobuf_pop_filter stuff. + * compress.c (handle_compressed): Disabled iobuf_pop_filter. + + * packet.h (PKT_secret_key): Add is_primary flag. + * parse-packet.c (parse_key): Set this flag. + * passphrase.c (passphrase_to_dek): Kludge to print the primary + keyid - changed the API: keyid must now hold 2 keyids. + * getkey.c (get_primary_seckey): New. + * seckey-cert.c (do_check): pass primary keyid to passphrase query + + * tbdio.c (open_db): removed the atexit + (tdbio_set_dbname): and moved it to here. + + * armor.c: Rewrote large parts. + +Tue Dec 29 19:55:38 CET 1998 Werner Koch <[email protected]> + + * revoke.c (gen_revoke): Removed compression. + + * pkclist.c (do_we_trust_pre): special check for revoked keys + + * trustdb.c (update_trust_record): Fixed revoke flag. + +Tue Dec 29 14:41:47 CET 1998 Werner Koch <[email protected]> + + * misc.c (disable_core_dumps): Check for EINVAL (Atari) + + * getkey (merge_one_pk_and_selfsig): Fixed search of expiredate. + (merge_keys_and_selfsig): Ditto. + + * free-packet.c (cmp_public_keys): cmp expire only for v3 packets + (cmp_secret_keys): Ditto. + (cmp_public_secret_key): Ditto. + +Wed Dec 23 17:12:24 CET 1998 Werner Koch <[email protected]> + + * armor.c (find_header): Reset not_dashed at every header + +Wed Dec 23 13:18:14 CET 1998 Werner Koch <[email protected]> + + * pkclist.c (add_ownertrust): Refresh validity values. + + * trustdb.c (enum_cert_paths_print): New arg refresh. + + * ringedit.c: Fixed problems fix keyrings + * parse-packet.c (dbg_parse_packet): New debug functions. + + * getkey.c (getkey_disable_caches): New. + * import.c (import_keys): Disable caches. + +Thu Dec 17 18:31:15 CET 1998 Werner Koch <[email protected]> + + * misc.c (trap_unaligned): Only for glibc 1 + + * sign.c (write_dash_escaped): Now escapes "From " lines + * g10.c: New option --escape-from-lines + + * trustdb.c (sort_tsl_list): New + (list_trust_path): Now prints sorted list. + (enum_cert_paths): Likewise. + (enum_cert_paths_print): New. + (print_paths): New printing format. + * pkclist.c (add_ownertrust): New arg quit. + (edit_ownertrust): New quit selection and does not query + the recipients ownertrust anymore. + (add_ownertrust): Print the ceritficate path. + + +Mon Dec 14 21:18:49 CET 1998 Werner Koch <[email protected]> + + * parse-packet.c (parse_signature): Now checks for critical bit + (parse_sig_subpkt): Splitted. + (parse_one_sig_subpkt): New. + * sig-check.c (do_check): handle critical bit. + +Sun Dec 13 14:10:56 CET 1998 Werner Koch <[email protected]> + + * pcklist.c (select_algo_from_prefs): Preferences should + now work (lost the != ? ) + +Thu Dec 10 20:15:36 CET 1998 Werner Koch <[email protected]> + + * ringedit.c (gdbm_store): Fix for inserts + + * g10.c (main): New option --export-all + * export.c (export_pubkeys): New arg. + (do_export): Now may skip old keys. + + * status.c: Minor patches for Sun's cc + + * keygen.c (ask_algo): Disabled v3 ElGamal choice, rearranged + the numbers. Add a warning question when a sign+encrypt key + is selected. + + * g10.c (do_not_use_RSA): Removed. + * misc.c (print_pubkey_algo_note): New as replacement for the + do_not_use_RSA() and chnaged all callers. + (print_cipher_algo_note): New. + (print_hash_algo_note): New. + + * cipher.c (write_header): Add a call to print_cipher_algo_note. + * seckey-cert.c (protect_secret_key): Ditto + * sign.c (do_sign): Add a call to print_digest_algo_note. + + * getkey.c (get_long_user_id_string): New. + * mainproc.c (check_sig_and_print): Changed the format of the + status output. + + * encrypt.c (write_pubkey_enc_from_list): print used symmetric cipher. + + * pkclist.c (do_we_trust): Changed a message. + +Wed Dec 9 13:41:06 CET 1998 Werner Koch <[email protected]> + + * misc.c (trap_unaligned) [ALPHA]: Only if UAC_SIGBUS is defined. + + * sign.c (write_dash_escaped): Add the forgotten patch by Brian Moore. + + * compress.c (do_uncompress): Fixed the inflating bug. + + +Tue Dec 8 13:15:16 CET 1998 Werner Koch <[email protected]> + + * trustdb.c (upd_uid_record): Now uses the newest self-signature + (insert_trust_record): Now calls update with recheck set to true. + (register_trusted_key): New. + (verify_own_keys): Enhanced by list of trusted keys. + + * g10.c (main): Print a warning when a devel version is used. + (main): New option --trusted-key + + * import.c (merge_blocks): Fixed merging of new user ids and + added merging of subkeys. + (append_uid): Ditto. + (merge_keysig): New. + (append_key): New. + * getkey.c (merge_one_pk_and_selfsig): Get the expiration time + from the newest self-signature. + (merge_keys_and_selfsig): Ditto. + + * free-packet.c (cmp_secret_key): New. + + +Fri Nov 27 21:37:41 CET 1998 Werner Koch <[email protected]> + + * g10.c: New option --lock-once + * tdbio.c (open_db): Add an atexit + (cleanup): New. + (tdbio_sync): Add locking. + (tdbio_end_transaction): Ditto. + (put_record_into_cache): Ditto. + * ringedit.c (keyring_copy): Ditto. + (cleanup): New. + (add_keyblock_resource): Add an atexit. + +Fri Nov 27 15:30:24 CET 1998 Werner Koch <[email protected]> + + * armor.c (find_header): Another fix for clearsigs. + +Fri Nov 27 12:39:29 CET 1998 Werner Koch <[email protected]> + + + * status.c (display_help): Removed. + * helptext.c: New and removed the N_() from all cpr_gets. + + +Fri Nov 20 16:54:52 1998 Werner Koch ([email protected]) + + * g10.c (main): New option --not-dash-escaped + * sign.c (write_dashed_escaped): Ditto. + * armor.c (find_header): Support for NotDashEscaped header. + + * getkey.c: print "disabled cache.." only if verbose is used. + +Thu Nov 19 07:17:31 1998 Werner Koch <[email protected]> + + * parse-packet.c (dump_sig_subpkt): Fixed expire listing + * getkey.c (merge_keys_and_selfsig): Fixed expire calculation. + (merge_one_pk_and_selfsig): Ditto. + * keyedit.c (menu_expire). Ditto. + * keygen.c (keygen_add_key_expire): Ditto. + (ask_expire_interval): New and changed all local function to use + this instead. + (keygen_add_key_expire): Opaque should now be a public key; + changed all callers. + + * parse.packet.c (parse): use skip_rest to skip packets. + + * keyedit.c (keyedit_menu): New arg for cmdline cmds. + +Wed Nov 18 20:33:50 1998 Werner Koch ([email protected]) + + * trustdb.c (check_trustdb): Now rechecks all gived userids. + (collect_paths): Some fixes. + (upd_pref_records): Skips empty items, evaluate all items. + + * parse-packet.c (dump_sig_subpkt): Better listing of prefs. + (skip_packet): Now knows about marker packet + + * g10.c: removed cmd "--edit-sig". + + * pubring.asc: Updated. + +Sat Nov 14 14:01:29 1998 Werner Koch ([email protected]) + + * g10.c (main): Changed syntax of --list-trust-path + * trustdb.c (list_trust_path): Replaced max_depth by + opt.max_cert_depth + +Fri Nov 13 07:39:58 1998 Werner Koch <[email protected]> + + * trustdb.c (collect_paths): Removed a warning message. + (enum_trust_web): Removed. + (enum_cert_paths): New. + * pkclist.c (add_ownertrust): Changed to use enum_cert_paths. + (edit_ownertrust): Now list ceritficates on request. + (show_paths): New. + +Wed Nov 11 18:05:44 1998 Werner Koch <[email protected]> + + * g10.c (main): New option --max-cert-depth + * tdbio.h: add new fields to ver and dir record. + * tdbio.c: read/write/dump of these fields. + (tdbio_db_matches_options): New. + * trustdb.c: replaced MAC_CERT_DEPTH by opt.max_cert_depth. + (do_check): cache validity and changed other functions + to reset the cached value. + + * keylist.c (list_one): Now lists the ownertrust. + * mainproc.c (list_node): Ditto. + +Tue Nov 10 10:08:59 1998 Werner Koch ([email protected]) + + * g10.c (g10_exit): Now looks at the new g10_errors_seen. + * mainproc.c (check_sig_and_print): Sets g10_errors_seen. + + * *.c : i18n many more strings. + + * ringedit.c (locate_keyblock_by_keyid): Add HAVE_LIBGDBM + (locate_keyblock_by_fpr): Ditto. + + * g10.c (main): removed unsused "int errors". + (main): Add new option --charset. + + * g10.c (main): special message for the unix newbie. + +Mon Nov 9 07:17:42 1998 Werner Koch <[email protected]> + + * getkey.c (finish_lookup): Kludge to prefere algo 16. + + * trustdb.c (new_lid_table): Clear cached item. + + * status.c (cpr_get_utf8): New. + * pkclist.c (build_pk_list): Uses this. + +Sun Nov 8 17:20:39 1998 Werner Koch ([email protected]) + + * mainproc.c (check_sig_and_print): Why did I use strlen()-1 + in the printf? - This truncated the TZ. + +Sat Nov 7 15:57:28 1998 me,,, (wk@tobold) + + * getkey.c (lookup): Changes to support a read_next. + (get_pubkey): Fixed a memory leak. + + * keylist.c (list_one): Now lists all matching user IDs. + +Tue Nov 3 16:19:21 1998 Werner Koch ([email protected]) + + * keygen.c (ask_user_id): Now converted to UTF-8 + + * g10.c (main): Kludge for pgp clearsigs and textmode. + +Fri Oct 30 16:40:39 1998 me,,, (wk@tobold) + + * signal.c (block_all_signals): New. + (unblock_all_signals): New + * tdbio.c (tdbio_end_transaction): Now blocks all signals. + + * trustdb.c (new_lid_table): Changed the representation of the + former local_lid_info stuff. + + * trustdb.c (update_trust_record): Reorganized the whole thing. + * sig-check.c (check_key_signature): Now handles class 0x28 + + +Wed Oct 28 18:56:33 1998 me,,, (wk@tobold) + + * export.c (do_export): Takes care of the exportable sig flag. + +Tue Oct 27 14:53:04 1998 Werner Koch ([email protected]) + + * trustdb.c (update_trust_record): New "fast" parameter. + +Sun Oct 25 19:32:05 1998 Werner Koch ([email protected]) + + * openfile.c (copy_options_File): New. + * ringedit.c (add_keyblock_resource): Creates options file + * tdbio.c (tdbio_set_dbname): Ditto. + +Sat Oct 24 14:10:53 1998 brian moore <[email protected]> + + * mainproc.c (proc_pubkey_enc): Don't release the DEK + (do_proc_packets): Ditto. + +Fri Oct 23 06:49:38 1998 me,,, (wk@tobold) + + * keyedit.c (keyedit_menu): Comments are now allowed + + * trustdb.c: Rewrote large parts. + + +Thu Oct 22 15:56:45 1998 Michael Roth ([email protected]) + + * encode.c: (encode_simple): Only the plain filename without + a given directory is stored in generated packets. + (encode_crypt): Ditto. + + * sign.c: (sign_file) Ditto. + + +Thu Oct 22 10:53:41 1998 Werner Koch ([email protected]) + + * trustdb.c (update_trust_record): Add new optional arg. + + * import.c (import_keys): Add statistics output + * trustdb.c (update_trustdb): Ditto. + (insert_trustdb): Ditto. + + * tdbio.c (tdbio_begin_transaction): New. + (tdbio_end_transaction): New. + (tdbio_cancel_transaction): New. + + * g10.c (main): New option --quit. + + * trustdb.c (check_hint_sig): No tests for user-id w/o sig. + This caused an assert while checking the sigs. + + * trustdb.c (upd_sig_record): Splitted into several functions. + + * import.c (import_keys): New arg "fast". + * g10.c (main): New command --fast-import. + +Wed Oct 21 18:19:36 1998 Michael Roth <[email protected]> + + * ringedit.c (add_keyblock_resource): Directory is now created. + * tdbio.c (tdbio_set_dbname): New info message. + +Wed Oct 21 11:52:04 1998 Werner Koch ([email protected]) + + * trustdb.c (update_trustdb): released keyblock in loop. + + * keylist.c (list_block): New. + (list_all): Changed to use list_block. + + * trustdb.c: Completed support for GDBM + + * sign.c (only_old_style): Changed the way force_v3 is handled + (sign_file): Ditto. + (clearsign_file): Ditto. + + * keygen.c (has_invalid_email_chars): Splitted into mailbox and + host part. + + * keylist.c (list_one): Add a merge_keys_and_selfsig. + * mainproc.c (proc_tree): Ditto. + +Sun Oct 18 11:49:03 1998 Werner Koch ([email protected]) + + * sign.c (only_old_style): Add option force_v3_sigs + (sign_file): Fixed a bug in sig->version + (clearsign_file): Ditto. + + * parse-packet.c (dump_sig_subpkt): New + + * keyedit.c (menu_expire): New. + * free-packet.c (cmp_signatures): New + + +Sat Oct 17 10:22:39 1998 Werner Koch ([email protected]) + + * armor.c: changed output line length from 72 to 64. + + * keyedit.c (fix_keyblock): New. + +Fri Oct 16 10:24:47 1998 Werner Koch ([email protected]) + + * trustdb.c: Rewrote most. + * tdbio.c: Add cache and generalized hash tables. + + * options.h (ENABLE_COMMENT_PACKETS): New but undef'ed. + * encode.c, sign.c, keygen.c: Disabled comment packets. + * export.c (do_export): Comment packets are never exported, + except for those in the secret keyring. + + * g10.c (main): Removed option do-no-export-rsa; should be + be replaced by a secpial tool. + * export.c (do_export): Removed the code for the above option. + + * armor.c (find_header): Support for new only_keyblocks. + * import.c (import_keys): Only looks for keyblock armors. + + * packet.h: replaced valid_days by expiredate and changed all users. + * build-packet.c (do_public_key): calculates valid-days + (do_secret_key): Ditto. + * parse-packet.c (parse_key): expiredate is calucated from the + valid_period in v3 packets. + * keyid.c (do_fingerprint_md): calculates valid_dates. + + * keygen.c (add_key_expire): fixed key expiration time for v4 packets. + + * armor.c (find_header): A LF in the first 28 bytes + was skipped for non-armored data. + +Thu Oct 8 11:35:51 1998 Werner Koch ([email protected]) + + * armor.c (is_armored): Add test on old comment packets. + + * tdbio.c (tdbio_search_dir_bypk): fixed memory leak. + + * getkey.c: Changed the caching algorithms. + +Wed Oct 7 19:33:28 1998 Werner Koch ([email protected]) + + * kbnodes.c (unused_nodes): New. + +Wed Oct 7 11:15:36 1998 Werner Koch ([email protected]) + + * keyedit.c (sign_uids): Fixed a problem with SK which could caused + a save of an unprotected key. + (menu_adduid): Ditto. + + * keyedit.c (keyedit_menu): Prefs are now correctly listed for + new user ids. + + * trustdb.c (update_trust_record): New. + (insert_trust_record): Now makes use of update_trust_record. + +Tue Oct 6 16:18:03 1998 Werner Koch ([email protected]) + + * trustdb.c (read_record): replaces most of the tdbio_read_records. + (write_record): Ditto. + +Sat Oct 3 11:01:21 1998 Werner Koch ([email protected]) + + * keygen.c (ask_alogo): enable ElGamal enc-only only for addmode. + +Wed Sep 30 10:15:33 1998 Werner Koch ([email protected]) + + * import.c (import_one): Fixed update of wrong keyblock. + +Tue Sep 29 08:32:08 1998 me,,, (wk@tobold) + + * mainproc.c (proc_plaintext): Display note for special filename. + * plaintext.c (handle_plaintext): Suppress output of special file. + +Mon Sep 28 12:57:12 1998 Werner Koch ([email protected]) + + * g10.c (verify_own_keys): Add warning if a key is not protected. + + * passphrase (hash_passphrase): Fixed iterated+salted mode and + setup for keysizes > hashsize. + + * g10.c (main): New options: --s2k-{cipher,digest,mode}. + +Fri Sep 25 09:34:23 1998 Werner Koch ([email protected]) + + * g10.c: Chnaged some help texts. + +Tue Sep 22 19:34:39 1998 Werner Koch ([email protected]) + + * passphrase.c (read_passphrase_from_fd): fixed bug for long + passphrases. + +Mon Sep 21 11:28:05 1998 Werner Koch (wk@(none)) + + * getkey.c (lookup): Add code to use the sub key if the primary one + does not match the usage. + + * armor.c (armor_filter): New error message: no valid data found. + (radix64_read): Changes to support multiple messages. + (i18n.h): New. + * mainproc.c (add_onepass_sig): bug fix. + +Mon Sep 21 08:03:16 1998 Werner Koch ([email protected]) + + * pkclist.c (do_we_trust): Add keyid to most messages. + + * passphrase.c (read_passphrase_from_fd): New. + (have_static_passphrase): New + (get_passphrase_fd): Removed. + (set_passphrase_fd): Removed. + * g10.c (main): passphrase is now read here. + + * keyedit.c (keyedit_menu): "help" texts should now translate fine. + +Mon Sep 21 06:40:02 1998 Werner Koch ([email protected]) + + * encode.c (encode_simple): Now disables compression + when --rfc1991 is used. + (encode_crypt): Ditto. + +Fri Sep 18 16:50:32 1998 Werner Koch ([email protected]) + + * getkey.c (merge_key_and_selfsig): New. + +Fri Sep 18 10:20:11 1998 Werner Koch ([email protected]) + + * pkclist.c (select_algo_from_prefs): Removed 3DES kludge. + + * seskey.c (make_session_key): Fixed SERIOUS bug introduced + by adding the weak key detection code. + + * sign.c (sign_file): Changed aremor header in certain cases. + +Tue Sep 15 17:52:55 1998 Werner Koch ([email protected]) + + * mainproc.c (check_sig_and_print): Replaced ascime by asctimestamp. + +Mon Sep 14 11:40:52 1998 Werner Koch ([email protected]) + + * seskey.c (make_session_key): Now detects weak keys. + + * trustdb (clear_trust_checked_flag): New. + + * plaintext.c (handle_plaintext): Does no anymore suppress CR from + cleartext signed messages. + +Sun Sep 13 12:54:29 1998 Werner Koch ([email protected]) + + * trustdb.c (insert_trust_record): Fixed a stupid bug in the free + liunked list loops. + +Sat Sep 12 15:49:16 1998 Werner Koch ([email protected]) + + * status.c (remove_shmid): New. + (init_shm_comprocess): Now sets permission to the real uid. + +Wed Sep 9 11:15:03 1998 Werner Koch ([email protected]) + + * packet.h (PKT_pubkey_enc): New flah throw_keyid, and add logic to + implement it. + * g10.c (main): New Option --throw-keyid + + * getkey.c (enum_secret_keys): Add new ar and changed all callers. + +Tue Sep 8 20:04:09 1998 Werner Koch ([email protected]) + + * delkey.c (delete_key): Moved from keyedit.c. + +Mon Sep 7 16:37:52 1998 Werner Koch ([email protected]) + + * build-packet.c (calc_length_header): New arg new_ctb to correctly + calculate the length of new style packets. + + * armor.c (is_armored): Checks for symkey_enc packets. + + * pkclist.c (select_algo_from_prefs): 3DEs substitute is now CAST5. + +Tue Aug 11 17:54:50 1998 Werner Koch ([email protected]) + + * build-packet.c (do_secret_key): Fixed handling of old keys. + + * getkey.c (compare_name): Fixed exact and email matching + + * openfile.c (open_outfile): Changed arguments and all callers. + +Tue Aug 11 09:14:35 1998 Werner Koch ([email protected]) + + * encode.c (encode_simple): Applied option set-filename and comment. + (encode_crypt): Ditto. + * sign.c (sign_file): Ditto. + * armor.c (armor_filter): Applied option comment. + + * encode.c (encode_crypt): Moved init_packet to the begin. + (encode_simple): add an init_packet(). + + * comment (write_comment): Now enforces a hash sign as the 1st byte. + + * import.c (import_one): Add explanation for "no user ids". + + * compress.c (do_uncompress): Applied Brian Warner's patch to support + zlib 1.1.3 etc. + + * trustdb.c (check_trust): Fixed a problem after inserting new keys. + + * getkey (lookup): do not return the primary key if usage is given + (lookup_sk): Ditto and take usage into account. + + * status.c (cpr_get_answer_is_yes): add display_help. + +Mon Aug 10 10:11:28 1998 Werner Koch ([email protected]) + + * getkey.c (lookup_sk): Now always returns the primary if arg + primary is true. + (lookup): Likewise. + (get_pubkey_byname): Now returns the primary key + (get_seckey_byname): Ditto. + + +Mon Aug 10 08:34:03 1998 Werner Koch ([email protected]) + + * keyid.c (pubkey_letter): ELG_E is now a small g. + +Sat Aug 8 17:26:12 1998 Werner Koch ([email protected]) + + * openfile (overwrite_filep): Changed semantics and all callers. + +Sat Aug 8 12:17:07 1998 Werner Koch ([email protected]) + + * status.c (display_help): New. + +Thu Aug 6 16:30:41 1998 Werner Koch,mobil,,, (wk@tobold) + + * seskey.c (encode_session_key): Now uses get_random_bits(). + +Thu Aug 6 07:34:56 1998 Werner Koch,mobil,,, (wk@tobold) + + * ringedit.c (keyring_copy): No more backupfiles for + secret keyrings and add additional warning in case of + a failed secret keyring operation. + +Wed Aug 5 11:54:37 1998 Werner Koch ([email protected]) + + * g10.c (check_opts): Moved to main. Changed def_cipher_algo + semantics and chnaged all users. + + * pubkey-enc.c (get_sssion_key): New informational output + about preferences. + + * parse-packet.c (parse_symkeyenc): Fixed salted+iterated S2K + (parse_key): Ditto. + * build-packet.c (do_secret_key): Ditto. + (do_symkey_enc): Ditto. + +Tue Aug 4 08:59:10 1998 Werner Koch ([email protected]) + + * getkey.c (enum_secret_keys): Now returns only primary keys. + + * getkey (lookup): Now sets the new namehash field. + + * parse-packet.c (parse_sig_subpkt2): New. + + * sign.c (sign_file): one-pass sigs are now emiited reverse. + Preference data is considered when selecting the compress algo. + +Wed Jul 29 12:53:03 1998 Werner Koch ([email protected]) + + * free-packet.c (copy_signature): New. + + * keygen.c (generate_subkeypair): rewritten + * g10.c (aKeyadd): Removed option --add-key + +Mon Jul 27 10:37:28 1998 Werner Koch ([email protected]) + + * seckey-cert.c (do_check): Additional check on cipher blocksize. + (protect_secret_key): Ditto. + * encr-data.c: Support for other blocksizes. + * cipher.c (write_header): Ditto. + +Fri Jul 24 16:47:59 1998 Werner Koch ([email protected]) + + * kbnode.c (insert_kbnode): Changed semantics and all callers. + * keyedit.c : More or less a complete rewrite + +Wed Jul 22 17:10:04 1998 Werner Koch ([email protected]) + + * build-packet.c (write_sign_packet_header): New. + +Tue Jul 21 14:37:09 1998 Werner Koch ([email protected]) + + * import.c (import_one): Now creates a trustdb record. + + * g10.c (main): New command --check-trustdb + +Mon Jul 20 11:15:07 1998 Werner Koch ([email protected]) + + * genkey.c (generate_keypair): Default key is now DSA with + encryption only ElGamal subkey. + +Thu Jul 16 10:58:33 1998 Werner Koch ([email protected]) + + * keyid.c (keyid_from_fingerprint): New. + * getkey.c (get_pubkey_byfprint): New. + +Tue Jul 14 18:09:51 1998 Werner Koch ([email protected]) + + * keyid.c (fingerprint_from_pk): Add argument and changed all callers. + (fingerprint_from_sk): Ditto. + +Tue Jul 14 10:10:03 1998 Werner Koch ([email protected]) + + * plaintext.c (handle_plaintext): Now returns create error if + the file could not be created or the user responded not to overwrite + the file. + * mainproc.c (proc_plaintext): Tries again if the file could not + be created to check the signature without output. + + * misc.c (disable_core_dumps): New. + * g10.c (main): disable coredumps for gpg + + * g10.c (MAINTAINER_OPTIONS): New to disable some options + +Mon Jul 13 16:47:54 1998 Werner Koch ([email protected]) + + * plaintext.c (hash_datafiles): New arg for better support of + detached sigs. Changed all callers. + * mainproc.c (proc_signature_packets): Ditto. + + * g10.c (main): New option "compress-sigs" + * sig.c (sign_file): detached signatures are not anymore compressed + unless the option --compress-sigs is used. + +Thu Jul 9 19:54:54 1998 Werner Koch ([email protected]) + + * armor.c: Fixes to allow zero length cleartext signatures + +Thu Jul 9 14:52:47 1998 Werner Koch ([email protected]) + + * g10.c (build_list): Now drops setuid. + (main): Changed the way keyrings and algorithms are registered . + +Wed Jul 8 14:17:30 1998 Werner Koch ([email protected]) + + * packet.h (PKT_public_key): Add field keyid. + * parse-packet.c (parse_key): Reset the above field. + * keyid.c (keyid_from_pk): Use above field as cache. + + * tdbio.c, tdbio.h: New + * trustdb.c: Moved some functions to tdbio.c. + (print_keyid): New. + + * pkclist.c (check_signatures_trust): New. + +Wed Jul 8 10:45:28 1998 Werner Koch ([email protected]) + + * plaintext.c (special_md_putc): New. + (handle_plaintext): add clearsig argument + * mainproc.c (proc_plaintext): detection of clearsig + * sign.c (write_dased_escaped): Changed clearsig format + +Tue Jul 7 18:56:19 1998 Werner Koch ([email protected]) + + * armor.c (find_header): Now makes sure that there is only one + empty line for clearsigs, as this is what OP now says. + +Mon Jul 6 13:09:07 1998 Werner Koch ([email protected]) + + * g10.c (main): New option default-secret-key + * getkey.c (get_seckey_byname): support for this option. + +Mon Jul 6 09:03:49 1998 Werner Koch ([email protected]) + + * getkey.c (add_keyring): Keyrings are now added to end of the + list of keyrings. The first added keyringwill be created. + (add_secret_keyring): Likewise. + + * ringedit.c (add_keyblock_resource): Files are created here. + + * g10.c (aNOP): Removed + + * getkey.c (lookup): Add checking of usage for name lookups + * packet.h (pubkey_usage): Add a field which may be used to store + usage capabilities. + * pkclist.c (build_pk_list): getkey now called with usage arg. + * skclist.c (build_sk_list): Ditto. + + * sign.c (clearsign_file): Fixed "Hash:" headers + +Sat Jul 4 13:33:31 1998 Werner Koch ([email protected]) + + * trustdb.c (list_ownertrust): New. + * g10.c (aListOwnerTrust): New. + + * g10.c (def_pubkey_algo): Removed. + + * trustdb.c (verify_private_data): Removed and also the call to it. + (sign_private_data): Removed. + +Fri Jul 3 13:26:10 1998 Werner Koch ([email protected]) + + * g10.c (aEditKey): was aEditSig. Changed usage msg. + + * keyedit.c: Done some i18n stuff. + + * g10.c (do_not_use_RSA): New. + * sign.c (do_sign): Add call to above function. + * encode.c (write_pubkey_enc_from_list): Ditto. + +Thu Jul 2 21:01:25 1998 Werner Koch ([email protected]) + + * parse-packet.c: Now is able sto store data of unknown + algorithms. + * free-packet.c: Support for this. + * build-packet.c: Can write data of packet with unknown algos. + +Thu Jul 2 11:46:36 1998 Werner Koch ([email protected]) + + * parse-packet.c (parse): fixed 4 byte length header + +Wed Jul 1 12:36:55 1998 Werner Koch ([email protected]) + + * packet.h (new_ctb): New field for some packets + * build-packet.c (build_packet): Support for new_ctb + * parse-packet.c (parse): Ditto. + +Mon Jun 29 12:54:45 1998 Werner Koch ([email protected]) + + * packet.h: changed all "_cert" to "_key", "subcert" to "subkey". + + * free-packet.c (free_packet): Removed memory leak for subkeys. + +Sun Jun 28 18:32:27 1998 Werner Koch ([email protected]) + + * import.c (import_keys): Renamed from import_pubkeys. + (import_secret_one): New. + + * g10.c (aExportSecret): New. + + * export.c (export_seckeys): New. + + * parse-packet.c (parse_certificate): Cleaned up. + (parse_packet): Trust packets are now considered as unknown. + (parse_pubkey_warning): New. + +Fri Jun 26 10:37:35 1998 Werner Koch ([email protected]) + + * keygen.c (has_invalid_email_chars): New. + +Wed Jun 24 16:40:22 1998 Werner Koch ([email protected]) + + * armor.c (armor_filter): Now creates valid onepass_sig packets + with all detected hash algorithms. + * mainproc.c (proc_plaintext): Now uses the hash algos as specified + in the onepass_sig packets (if there are any) + +Mon Jun 22 11:54:08 1998 Werner Koch ([email protected]) + + * plaintext.c (handle_plaintext): add arg to disable outout + * mainproc.c (proc_plaintext): disable output when in sigs_only mode. + +Thu Jun 18 13:17:27 1998 Werner Koch ([email protected]) + + * keygen.c: Removed all rsa packet stuff, chnaged defaults + for key generation. + +Sun Jun 14 21:28:31 1998 Werner Koch ([email protected]) + + * misc.c (checksum_u16): Fixed a stupid bug which caused a + wrong checksum calculation for the secret key protection and + add a backward compatibility option. + * g10.c (main): Add option --emulate-checksum-bug. + +Thu Jun 11 13:26:44 1998 Werner Koch ([email protected]) + + * packet.h: Major changes to the structure of public key material + which is now stored in an array and not anaymore in a union of + algorithm specific structures. These is needed to make the system + more extendable and makes a lot of stuff much simpler. Changed + all over the system. + + * dsa.c, rsa.c, elg.c: Removed. + +Wed Jun 10 07:22:02 1998 Werner Koch,mobil,,, (wk@tobold) + + * g10.c ("load-extension"): New option. + +Mon Jun 8 22:23:37 1998 Werner Koch ([email protected]) + + * seckey-cert.c (do_check): Removed cipher constants + (protect_secret_key): Ditto. + +Fri May 29 10:00:28 1998 Werner Koch ([email protected]) + + * trustdb.c (query_trust_info): New. + * keylist.c (list_one): Add output of trust info + * mainproc (list_node): ditto. + * g10.c (main): full trustdb init if -with-colons and any of the + key list modes. + +Thu May 28 10:34:42 1998 Werner Koch ([email protected]) + + * status.c (STATUS_RSA_OR_IDEA): New. + * sig-check.c (check_signature): Output special status message. + * pubkey-enc.c (get_session_key): Ditto. + + * mainproc.c (check_sig_and_print): Changed format of output. + * passpharse.c (passphrase_to_dek): Likewise. + +Wed May 27 13:46:48 1998 Werner Koch ([email protected]) + + * g10.c (aListSecretKeys): New option --list-secret-keys + * keylist.c (std_key_list): Renamed to public_key_list. + (secret_key_list): New + (list_one, list_all): Add support for secret keys. + * getkey.c (get_secret_keyring): New. + * mainproc.c (list_node): Add option --with-colons for secret keys + + * sig-check.c (check_key_signature): detection of selfsigs + * mainproc.c (list_node): fixed listing. + + * g10.c (aListSecretKeys): New option --always-trust + * pkclist.c (do_we_trust): Override per option added + + * status.c (write_status_text): Add a prefix to every output line. + +Wed May 27 07:49:21 1998 Werner Koch ([email protected]) + + * g10 (--compress-keys): New. + * options.h (compress_keys): New. + * export.c (export_pubkeys): Only compresses with the new option. + +Tue May 26 11:24:33 1998 Werner Koch ([email protected]) + + * passphrase.c (get_last_passphrase): New + (set_next_passphrase): New. + (passphrase_to_dek): add support for the above functions. + * keyedit.c (make_keysig_packet): Add sigclass 0x18, + changed all callers due to a new argument. + * keygen.c (write_keybinding): New + (generate_subkeypair): Add functionality + (ask_algo, ask_keysize, ask_valid_days): Broke out of generate_keypair + (ask_user_id, ask_passphrase): Ditto. + +Thu May 21 11:26:13 1998 Werner Koch ([email protected]) + + * g10.c,gpgd.c (main): Does now return an int, so that egcs does + not complain. + + * armor.c (fake_packet): Removed erro message and add a noticed + that this part should be fixed. + + * sign.c (sign_file): Compression now comes in front of encryption. + * encode.c (encode_simple): Ditto. + (encode_crypt): Ditto. + +Tue May 19 16:18:19 1998 Werner Koch ([email protected]) + + * armor.c (fake_packet): Changed assertion to log_error + +Sat May 16 16:02:06 1998 Werner Koch ([email protected]) + + * build-packet.c (build_packet): Add SUBKEY packets. + +Fri May 15 17:57:23 1998 Werner Koch ([email protected]) + + * sign.c (hash_for): New and used in all places here. + * main.h (DEFAULT_): new macros. + * g10.c (opt.def_digest_algo): Now set to 0 + + * compress.c (init_compress): Add support for algo 1 + * options.h (def_compress_algo): New + * g10.c (main): New option --compress-algo + +Fri May 15 13:23:59 1998 Werner Koch ([email protected]) + + * g10.c (print_mds): New feature to print only one hash, + chnaged formatting. + +Thu May 14 15:36:24 1998 Werner Koch ([email protected]) + + * misc.c (trap_unaligned) [__alpha__]: New + * g10.c (trap_unaligned): Add call to this to track down SIGBUS + on Alphas (to avoid the slow emulation code). + +Wed May 13 11:48:27 1998 Werner Koch ([email protected]) + + * build-packet.c (do_signature): Support for v4 pakets. + * keyedit.c (make_keysig_packet): Ditto. + * build-packet.c (build_sig_subpkt_from_sig): New. + (build_sig_subpkt): New. + + * elg.c (g10_elg_sign): removed keyid_from_skc. + * dsa.c (g10_dsa_sign): Ditto. + * rsa.c (g10_rsa_sign): Ditto. + * keyedit.c (make_keysig_packet): Add call to keyid_from_skc + + * sign.c (clearsign_file): Support for v4 signatures. + (sign_file): Ditto. + +Wed May 6 09:31:24 1998 Werner Koch ([email protected]) + + * parse-packet.c (do_parse): add support for 5 byte length leader. + (parse_subpkt): Ditto. + * build-packet.c (write_new_header): Ditto. + + * packet.h (SIGSUBPKT_): New constants. + * parse-packet.c (parse_sig_subpkt): Changed name, made global, + and arg to return packet length, chnaged all callers + + +Tue May 5 22:11:59 1998 Werner Koch ([email protected]) + + * keygen.c (gen_dsa): New. + * build_packet.c (do_secret_cert): Support for DSA + +Mon May 4 19:01:25 1998 Werner Koch ([email protected]) + + * compress.c: doubled buffer sizes + * parse-packet.c (do_plaintext): now uses iobuf_read/write. + +Mon May 4 09:35:53 1998 Werner Koch ([email protected]) + + * seskey.c (encode_md_value): Add optional argument hash_algo, + changed all callers. + + * passphrase.c (make_dek_from_passphrase): Removed + * (get_passhrase_hash): Changed name to passphrase_to_dek, add arg, + changed all callers. + + * all: Introduced the new ELG identifier and added support for the + encryption only one (which is okay to use by GNUPG for signatures). + +Sun May 3 17:50:26 1998 Werner Koch ([email protected]) + + * packet.h (PKT_OLD_COMMENT): New name for type 16. + * parse-packet.c (parse_comment): Now uses type 61 + +Fri May 1 12:44:39 1998 Werner Koch,mobil,,, (wk@tobold) + + * packet.h (count): Chnaged s2k count from byte to u32. + * seckey-cert.c (do_check): Changed s2k algo 3 to 4, changed + reading of count. + * build-packet.c (do_secret_cert): ditto. + * parse-packet.c (parse_certificate): ditto. + + * parse-packet.c (parse_symkeyenc): New. + * build-packet.c (do_symkey_enc): New. + +Thu Apr 30 16:33:34 1998 Werner Koch ([email protected]) + + * sign.c (clearsign_file): Fixed "Hash: " armor line. + +Tue Apr 28 14:27:42 1998 Werner Koch ([email protected]) + + * parse-packet.c (parse_subpkt): Some new types. + +Mon Apr 27 12:53:59 1998 Werner Koch ([email protected]) + + * g10.c (main): Add option --skip-verify. + * mainproc.c (check_sig_and_print): Ditto. + + * g10.c (print_mds): Add output for Tiger. + + * sign.c (sign_file): Now uses partial length headers if used + in canonical textmode (kludge to fix a bug). + + * parse-packet.c (parse_certificate): Changed BLOWFISH id. + * pubkey-enc.c (get_session_key): Ditto. + * seskey.c (make_session_key): Ditto. + * seckey-cert.c (protect_secret_key,do_check): Add BLOWFISH160. + +Fri Apr 24 17:38:48 1998 Werner Koch,mobil,,, (wk@tobold) + + * sig-check.c (check_key_signature): Add sig-class 0x14..0x17 + * keyedit.c (sign-key): Some changes to start with support of + the above new sig-classes. + +Wed Apr 22 09:01:57 1998 Werner Koch,mobil,,, (wk@tobold) + + * getkey.c (compare_name): add email matching + +Tue Apr 21 16:17:12 1998 Werner Koch,mobil,,, (wk@tobold) + + * armor.c (armor_filter): fixed missing last LF before CSUM. + +Thu Apr 9 11:35:22 1998 Werner Koch ([email protected]) + + * seckey-cert.c (do_check): New; combines all the check functions + into one. + + * sign.c: removed all key management functions + * keyedit.c: New. + +Thu Apr 9 09:49:36 1998 Werner Koch ([email protected]) + + * import.c (chk_self_sigs): Changed an error message. + +Wed Apr 8 16:19:39 1998 Werner Koch ([email protected]) + + * packet.h: packet structs now uses structs from the pubkey, + removed all copy operations from packet to pubkey structs. + +Wed Apr 8 13:40:33 1998 Werner Koch ([email protected]) + + * trustdb.c (verify_own_certs): Fixed "public key not found". + + * getkey.c (key_byname): New, combines public and secret key search. + + * pkclist.c (build_pkc_list): Add new arg usage, changed all callers. + * skclist.c (build_skc_list): Likewise. + + * ringedit.c (find_keyblock, keyring_search2): Removed. + +Wed Apr 8 09:47:21 1998 Werner Koch ([email protected]) + + * sig-check.c (do_check): Applied small fix from Ulf Möller. + +Tue Apr 7 19:28:07 1998 Werner Koch ([email protected]) + + * cipher.c, encr-data.c, seckey-cert.c: Now uses cipher_xxxx + functions instead of blowfish_xxx or cast_xxx + +Tue Apr 7 11:04:02 1998 Werner Koch ([email protected]) + + * Makefile.am (g10maint.o): Changed the way it is created. + +Mon Apr 6 11:17:08 1998 Werner Koch ([email protected]) + + * misc.c: New. + * keygen.c (checksum,checksum_u16,checksum_mpi): Moved to misc.c + * seckey-cert.c: Kludge for wrong ELG checksum implementation. + +Sat Apr 4 20:07:01 1998 Werner Koch ([email protected]) + + * cipher.c (cipher_filter): Support for CAST5 + * encr-data.c (decode_filter): Ditto. + (decrypt_data): Ditto. + * seskey.c (make_session_key): Ditto. + * seckey-cert.c (check_elg, check_dsa): Ditto, + (protect_secret_key): Ditto. + * pubkey-enc.c (get_session_key): Ditto. + * passphrase.c (hash_passphrase): Ditto. + +Thu Apr 2 20:22:35 1998 Werner Koch ([email protected]) + + * gpgd.c: New + +Thu Apr 2 10:38:16 1998 Werner Koch ([email protected]) + + * keygen.c (generate_keypair): Add valid_days stuff. + * trustdb.c (check_trust): Add check for valid_days. + +Wed Apr 1 16:15:58 1998 Werner Koch ([email protected]) + + * keygen.c (generate_keypair): Addional question whether the + selected large keysize is really needed. + +Wed Apr 1 15:56:33 1998 Werner Koch ([email protected]) + + * seckey-cert.c (protect_secret_key): merged protect_xxx to here. + +Wed Apr 1 10:34:46 1998 Werner Koch ([email protected]) + + * Makefile.am (g10maint.c): Changed creation rule, so that it works + on FreeBSD (missing CFLAGS). + + * parse-packet.c (parse_subkey): Removed. + +Thu Mar 19 15:22:36 1998 Werner Koch ([email protected]) + + * ringedit.c (keyring_enum): Fixed problem with reading too + many packets. Add support to read secret keyrings. + + * getkey.c (scan_keyring): Removed + (lookup): New to replace scan_keyring. + (scan_secret_keyring): Removed. + (lookup_skc): New. + +Wed Mar 18 11:47:34 1998 Werner Koch ([email protected]) + + * ringedit.c (enum_keyblocks): New read mode 11. + + * keyid.c (elg_fingerprint_md): New and changed all other functions + to call this if the packet version is 4 or above. + +Tue Mar 17 20:46:16 1998 Werner Koch ([email protected]) + + * parse-packet.c (parse_certificate): Add listing support for subkeys. + +Tue Mar 17 20:32:22 1998 Werner Koch ([email protected]) + + * armor.c (is_armored): Allow marker packet. + +Thu Mar 12 13:36:49 1998 Werner Koch ([email protected]) + + * trustdb.c (check_trust): Checks timestamp of pubkey. + * sig-check. (do_check): Compares timestamps. + +Tue Mar 10 17:01:56 1998 Werner Koch ([email protected]) + + * g10.c (main): Add call to init_signals. + * signal.c: New. + +Mon Mar 9 12:43:42 1998 Werner Koch ([email protected]) + + * dsa.c: New + * packet.h, free-packet.c, parse-packet.c : Add support for DSA + * sig-check.c, getkey.c, keyid.c, ringedit.c: Ditto. + * seckey-cert.c: Ditto. + + * packet.h : Moved .digest_algo of signature packets to outer + structure. Changed all references + +Sun Mar 8 13:06:42 1998 Werner Koch ([email protected]) + + * openfile.c : Support for stdout filename "-". + + * mainproc.c (check_sig_and_print): Enhanced status output: + * status.c (write_status_text): New. + +Fri Mar 6 16:10:54 1998 Werner Koch ([email protected]) + + * kbnode.c (clone_kbnode): Fixed private_flag. + + * mainproc.c (list_node): Output of string "Revoked" as user-id. + +Fri Mar 6 14:26:39 1998 Werner Koch ([email protected]) + + * g10.c (main): Add userids to "-kv" and cleaned up this stuff. + +Fri Mar 6 12:45:58 1998 Werner Koch ([email protected]) + + * g10.c (main): Changed semantics of the list-... commands + and added a new one. Removed option "-d" + + * decrypt.c: New. + + * trustdb.c (init_trustdb): Autocreate directory only if it ends + in "/.gnupg". + +Thu Mar 5 12:12:11 1998 Werner Koch ([email protected]) + + * mainproc.c (do_proc_packets): New. Common part of proc_packet. + (proc_signature_packets): special version to handle signature data. + * verify.c: New. + * g10.c (aVerify): New. + * plaintext.c (hash_datafiles): New. + * compress.c (handle_compressed): Add callback arg, changed caller. + +Thu Mar 5 10:20:06 1998 Werner Koch ([email protected]) + + * g10.c: Is nom the common source for gpg and gpgm + * g10maint.c: Removed + * Makefile.am: Add rule to build g10maint.c + +Thu Mar 5 08:43:59 1998 Werner Koch ([email protected]) + + * g10.c (main): Changed the way clear text sigs are faked. + +Wed Mar 4 19:47:37 1998 Werner Koch ([email protected]) + + * g10maint.c (aMuttKeyList): New + * keylist.c: New. + +Wed Mar 4 17:20:33 1998 Werner Koch ([email protected]) + + * getkey.c (get_pubkey_byname): Kludge to allow 0x prefix. + +Tue Mar 3 13:46:55 1998 Werner Koch ([email protected]) + + * g10maint.c (main): New option --gen-random. + +Tue Mar 3 09:50:08 1998 Werner Koch ([email protected]) + + * g10.c (aDeleteSecretKey): New. + (aEditSig): Add option "--edit-key" as synonym for "--edit-sig". + (aDeleteSecretKey): New. + * getkey.c (seckey_available): New. + * sign.c (delete_key): Enhanced to delete secret keys, changed all + callers. + +Mon Mar 2 21:23:48 1998 Werner Koch ([email protected]) + + * pkc_list.c (build_pkc_list): Add interactive input of user ID. + +Mon Mar 2 20:54:05 1998 Werner Koch ([email protected]) + + * pkclist.c (do_we_trust_pre): New. + (add_ownertrust): Add message. + * trustdb.c (enum_trust_web): Quick fix. + +Mon Mar 2 13:50:53 1998 Werner Koch ([email protected]) + + * g10.c (main): New action aDeleteKey + * sign.c (delete_key): New. + +Sun Mar 1 16:38:58 1998 Werner Koch ([email protected]) + + * trustdb.c (do_check): No returns TRUST_UNDEFINED instead of + eof error. + +Fri Feb 27 18:14:03 1998 Werner Koch ([email protected]) + + * armor.c (find_header): Removed trailing CR on headers. + +Fri Feb 27 18:02:48 1998 Werner Koch ([email protected]) + + * ringedit.c (keyring_search) [MINGW32]: Open and close file here + because rename does not work on open files. Chnaged callers. + +Fri Feb 27 16:43:11 1998 Werner Koch ([email protected]) + + * sig-check.c (do_check): Add an md_enable. + * mainproc.c (do_check_sig): Use md_open in case of detached sig + (proc_tree): Take detached sigs into account. + +Fri Feb 27 15:22:46 1998 Werner Koch ([email protected]) + + * g10.c (main): Make use of GNUPGHOME envvar. + * g10main.c (main): Ditto. + +Wed Feb 25 11:40:04 1998 Werner Koch ([email protected]) + + * plaintext.c (ask_for_detached_datafile): add opt.verbose to + info output. + + * openfile.c (open_sigfile): Try also name ending in ".asc" + +Wed Feb 25 08:41:00 1998 Werner Koch ([email protected]) + + * keygen.c (generate_keypair): Fixed memory overflow. + +Tue Feb 24 15:51:55 1998 Werner Koch ([email protected]) + + * parse-packet.c (parse_certificate): Support for S2K. + * build-packet.c (do_secret_cert): Ditto. + * keygen.c (gen_elg): Ditto. + * seckey-cert.c (check_elg): Ditto + (protect_elg): Ditto. + * sign.c (chnage_passphrase): Ditto. + * passphrase.c (get_passphrase_hash): Support for a salt and + changed all callers. + (make_dek_from_passphrase): Ditto. + +Tue Feb 24 12:30:56 1998 Werner Koch ([email protected]) + + * build-packet.c (hash_public_cert): Disabled debug output. + +Fri Feb 20 17:22:28 1998 Werner Koch ([email protected]) + + * trustdb.c (init_trustdb) [MINGW32]: Removed 2nd mkdir arg. + (keyring_copy) [MINGW32]: Add a remove prior to the renames. + +Wed Feb 18 18:39:02 1998 Werner Koch ([email protected]) + + * Makefile.am (OMIT_DEPENDENCIES): New. + + * rsa.c: Replaced log_bug by BUG. + +Wed Feb 18 13:35:58 1998 Werner Koch ([email protected]) + + * mainproc.c (do_check_sig): Now uses hash_public_cert. + * parse-packet.c (parse_certificate): Removed hashing. + * packet.h (public_cert): Removed hash variable. + * free-packet.c (copy_public_cert, free_public_cert): Likewise. + + * sig-check.c (check_key_signatures): Changed semantics. + +Wed Feb 18 12:11:28 1998 Werner Koch ([email protected]) + + * trustdb.c (do_check): Add handling for revocation certificates. + (build_sigrecs): Ditto. + (check_sigs): Ditto. + +Wed Feb 18 09:31:04 1998 Werner Koch ([email protected]) + + * armor.c (armor_filter): Add afx->hdrlines. + * revoke.c (gen_revoke): Add comment line. + * dearmor.c (enarmor_file): Ditto. + + * sig-check.c (check_key_signature): Add handling for class 0x20. + * mainproc.c : Ditto. + +Tue Feb 17 21:24:17 1998 Werner Koch ([email protected]) + + * armor.c : Add header lines "...ARMORED FILE .." + * dearmor.c (enarmor_file): New. + * g10maint.c (main): New option "--enarmor" + +Tue Feb 17 19:03:33 1998 Werner Koch ([email protected]) + + * mainproc.c : Changed a lot, because the packets are now stored + a simple linlked list and not anymore in a complicatd tree structure. + +Tue Feb 17 10:14:48 1998 Werner Koch ([email protected]) + + * free_packet.c (cmp_public_certs): New. + (cmp_user_ids): New. + + * kbnode.c (clone_kbnode): New. + (release_kbnode): Add clone support. + + * ringedit.c (find_keyblock_bypkc): New. + + * sign.c (remove_keysigs): Self signatures are now skipped, + changed arguments and all callers. + + * import.c : Add functionality. + +Tue Feb 17 09:31:40 1998 Werner Koch ([email protected]) + + * options.h (homedir): New option. + * g10.c, g10maint.c, getkey.c, keygen.c, trustdb.c (opt.homedir): New. + + * trustdb.c (init_trustdb): mkdir for hoem directory + (sign_private_data): Renamed "sig" to "g10.sig" + +Mon Feb 16 20:02:03 1998 Werner Koch ([email protected]) + + * kbnode.c (commit_kbnode): New. + (delete_kbnode): removed unused first arg. Changed all Callers. + + * ringedit.c (keyblock_resource_name): New. + (get_keyblock_handle): NULL for filename returns default resource. + +Mon Feb 16 19:38:48 1998 Werner Koch ([email protected]) + + * sig-check.s (check_key_signature): Now uses the supplied + public key to check the signature and not any more the one + from the getkey.c + (do_check): New. + (check_signature): Most work moved to do_check. + +Mon Feb 16 14:48:57 1998 Werner Koch ([email protected]) + + * armor.c (find_header): Fixed another bug. + +Mon Feb 16 12:18:34 1998 Werner Koch ([email protected]) + + * getkey.c (scan_keyring): Add handling of compressed keyrings. + +Mon Feb 16 10:44:51 1998 Werner Koch ([email protected]) + + * g10.c, g10maint.c (strusage): Rewrote. + (build_list): New + +Mon Feb 16 08:58:41 1998 Werner Koch ([email protected]) + + * armor.c (use_armor): New. + +Sat Feb 14 14:30:57 1998 Werner Koch ([email protected]) + + * mainproc.c (proc_tree): Sigclass fix. + +Sat Feb 14 14:16:33 1998 Werner Koch ([email protected]) + + * armor.c (armor_filter): Changed version and comment string. + * encode.c, sign.c, keygen.c: Changed all comment packet strings. + +Sat Feb 14 12:39:24 1998 Werner Koch ([email protected]) + + * g10.c (aGenRevoke): New command. + * revoke.c: New. + * sign.c (make_keysig_packet): Add support for sigclass 0x20. + +Fri Feb 13 20:18:14 1998 Werner Koch ([email protected]) + + * ringedit.c (enum_keyblocks, keyring_enum): New. + +Fri Feb 13 19:33:40 1998 Werner Koch ([email protected]) + + * export.c: Add functionality. + + * keygen.c (generate_keypair): Moved the leading comment behind the + key packet. + * kbnode.c (walk_kbnode): Fixed. + + * g10.c (main): listing armored keys now work. + +Fri Feb 13 16:17:43 1998 Werner Koch ([email protected]) + + * parse-packet.c (parse_publickey, parse_signature): Fixed calls + to mpi_read used for ELG b. + +Fri Feb 13 15:13:23 1998 Werner Koch ([email protected]) + + * g10.c (main): changed formatting of help output. + +Thu Feb 12 22:24:42 1998 Werner Koch (wk@frodo) + + * pubkey-enc.c (get_session_key): rewritten + + + Copyright 1998, 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006, + 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc. + + This file is free software; as a special exception the author gives + unlimited permission to copy and/or distribute it, with or without + modifications, as long as this notice is preserved. + + This file is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY, to the extent permitted by law; without even the + implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. |