diff options
Diffstat (limited to '')
| -rw-r--r-- | g10/ChangeLog | 70 | ||||
| -rw-r--r-- | g10/Makefile.am | 2 | ||||
| -rw-r--r-- | g10/g10.c | 9 | ||||
| -rw-r--r-- | g10/getkey.c | 4 | ||||
| -rw-r--r-- | g10/keyedit.c | 51 | ||||
| -rw-r--r-- | g10/keygen.c | 13 | ||||
| -rw-r--r-- | g10/keylist.c | 14 | ||||
| -rw-r--r-- | g10/keyserver.c | 9 | ||||
| -rw-r--r-- | g10/mainproc.c | 27 | ||||
| -rw-r--r-- | g10/misc.c | 30 | ||||
| -rw-r--r-- | g10/options.skel | 6 | ||||
| -rw-r--r-- | g10/parse-packet.c | 7 | ||||
| -rw-r--r-- | g10/revoke.c | 2 | ||||
| -rw-r--r-- | g10/signal.c | 37 | ||||
| -rw-r--r-- | g10/tdbdump.c | 2 | ||||
| -rw-r--r-- | g10/tdbio.c | 6 | ||||
| -rw-r--r-- | g10/trustdb.c | 17 |
17 files changed, 237 insertions, 69 deletions
diff --git a/g10/ChangeLog b/g10/ChangeLog index f289a4d86..2feda9a84 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,73 @@ +2003-07-10 David Shaw <[email protected]> + + * parse-packet.c (parse_signature): No need to reserve 8 bytes for + the unhashed signature cache any longer. + + * misc.c (pct_expando): Add two new expandos - signer's + fingerprint (%g), and signer's primary fingerprint (%p). + + * Makefile.am: Include W32LIBS where appropriate. + + * g10.c (main): Add --rfc2440 alias for --openpgp since in a few + months, they won't be the same thing. + + * keyserver.c (parse_keyserver_uri): Accept "http" as an alias for + "hkp", since it is occasionally written that way. + (keyserver_spawn): Use ascii_isspace to avoid locale issues. + + * keygen.c (ask_user_id): Make --allow-freeform-uid apply to the + email field as well as the name field, and allow mixing fields + when it is set. + + * options.skel: Use subkeys.pgp.net as the default keyserver. + + * trustdb.c (validate_one_keyblock): Certifications on revoked or + expired uids do not count in the web of trust. + + * signal.c (init_one_signal, pause_on_sigusr, do_block): Only use + sigprocmask() if we have sigset_t, and only use sigaction() if we + have struct sigaction. This is for Forte c89 on Solaris which + seems to define only the function call half of the two pairs by + default. + (pause_on_sigusr): Typo. + (do_block): If we can't use sigprocmask() and sigset_t, try to get + the number of signals from NSIG as well as MAXSIG, and if we + can't, fail with an explanation. + + * signal.c, tdbio.c: Comment out the transaction code. It was not + used in this version, and was causing some build problems on + quasi-posix platforms (Solaris and Forte c89). + + * keylist.c (list_keyblock_colon): Don't include validity values + when listing secret keys since they can be incorrect and/or + misleading. This is a temporary kludge, and will be handled + properly in 1.9/2.0. + + * mainproc.c (check_sig_and_print): Only show the "key available + from" preferred keyserver line if the key is not currently + present. + + * keyedit.c (sign_uids): Do not sign expired uids without --expert + (same behavior as revoked uids). Do not allow signing a user ID + without a self-signature. --expert overrides. Add additional + prompt to the signature level question. + (menu_expire): When changing expiration dates, don't replace + selfsigs on revoked uids since this would effectively unrevoke + them. There is also no point in replacing expired selfsigs. This + is bug #181 + +2003-07-10 David Shaw <[email protected]> (from Werner on stable branch) + + * g10.c (add_notation_data): Make sure that only ascii is passed + to iscntrl. Noted by Christian Biere. + * getkey.c (classify_user_id2): Replaced isspace by spacep + * keygen.c (ask_user_id): Ditto. + (get_parameter_algo): Ditto. + * keyedit.c (keyedit_menu): Ditto. + * tdbdump.c (import_ownertrust): Ditto. s/isxdigit/hexdigitp/. + * revoke.c (ask_revocation_reason): + * keyserver.c (keyserver_spawn): Dito. + 2003-06-10 Werner Koch <[email protected]> * parse-packet.c (parse): Disallow old style partial length for diff --git a/g10/Makefile.am b/g10/Makefile.am index a7e3117f8..1bd2d0a51 100644 --- a/g10/Makefile.am +++ b/g10/Makefile.am @@ -106,7 +106,7 @@ gpgv_SOURCES = gpgv.c \ # ks-db.h \ # $(common_source) -LDADD = $(needed_libs) @INTLLIBS@ @CAPLIBS@ @ZLIBS@ +LDADD = $(needed_libs) @INTLLIBS@ @CAPLIBS@ @ZLIBS@ @W32LIBS@ # gpg gets LIBOBJS to add in mkdtemp if the platform doesn't have it gpg_LDADD = @LIBOBJS@ $(LDADD) @DLLIBS@ @EGDLIBS@ @@ -171,6 +171,7 @@ enum cmd_and_opt_values { aNull = 0, oLoadExtension, oGnuPG, oRFC1991, + oRFC2440, oOpenPGP, oPGP2, oPGP6, @@ -465,6 +466,7 @@ static ARGPARSE_OPTS opts[] = { { oGnuPG, "no-pgp7", 0, "@"}, { oGnuPG, "no-pgp8", 0, "@"}, { oRFC1991, "rfc1991", 0, N_("emulate the mode described in RFC1991")}, + { oRFC2440, "rfc2440", 0, "@" }, { oOpenPGP, "openpgp", 0, N_("set all packet, cipher and digest options to OpenPGP behavior")}, { oPGP2, "pgp2", 0, N_("set all packet, cipher and digest options to PGP 2.x behavior")}, { oPGP6, "pgp6", 0, "@"}, @@ -1543,6 +1545,7 @@ main( int argc, char **argv ) opt.disable_mdc = 1; opt.escape_from = 1; break; + case oRFC2440: case oOpenPGP: /* TODO: When 2440bis becomes a RFC, these may need changing. */ @@ -3088,13 +3091,13 @@ add_notation_data( const char *string, int which ) /* we only support printable text - therefore we enforce the use * of only printable characters (an empty value is valid) */ for( s++; *s ; s++ ) { - if( iscntrl(*s) ) { + if ((*s & 0x80)) + highbit = 1; + else if (iscntrl(*s)) { log_error(_("a notation value must not use " "any control characters\n") ); return; } - else if( *s & 0x80 ) - highbit = 1; } if( highbit ) /* must use UTF8 encoding */ diff --git a/g10/getkey.c b/g10/getkey.c index 1944c2a8d..4dd8085b8 100644 --- a/g10/getkey.c +++ b/g10/getkey.c @@ -570,7 +570,7 @@ classify_user_id( const char *name, KEYDB_SEARCH_DESC *desc ) memset (desc, 0, sizeof *desc); /* skip leading spaces. Fixme: what is with trailing spaces? */ - for(s = name; *s && isspace(*s); s++ ) + for(s = name; *s && spacep (s); s++ ) ; switch (*s) { @@ -651,7 +651,7 @@ classify_user_id( const char *name, KEYDB_SEARCH_DESC *desc ) } /* check if a hexadecimal number is terminated by EOS or blank */ - if (hexlength && s[hexlength] && !isspace(s[hexlength])) { + if (hexlength && s[hexlength] && !spacep(s+hexlength)) { if (hexprefix) /* a "0x" prefix without correct */ return 0; /* termination is an error */ else /* The first chars looked like */ diff --git a/g10/keyedit.c b/g10/keyedit.c index d36623a6a..9c6e8f081 100644 --- a/g10/keyedit.c +++ b/g10/keyedit.c @@ -498,10 +498,46 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, tty_printf(_(" Unable to sign.\n")); } } - else if(!uidnode->pkt->pkt.user_id->created) + else if(uidnode->pkt->pkt.user_id->is_expired) { - tty_printf(_("WARNING: user ID \"%s\" is not " - "self-signed.\n"),user); + tty_printf(_("User ID \"%s\" is expired."),user); + + if(opt.expert) + { + tty_printf("\n"); + /* No, so remove the mark and continue */ + if(!cpr_get_answer_is_yes("sign_uid.expire_okay", + _("Are you sure you " + "still want to sign " + "it? (y/N) "))) + uidnode->flag &= ~NODFLG_MARK_A; + } + else + { + uidnode->flag &= ~NODFLG_MARK_A; + tty_printf(_(" Unable to sign.\n")); + } + } + else if(!uidnode->pkt->pkt.user_id->created && !selfsig) + { + tty_printf(_("User ID \"%s\" is not self-signed."), + user); + + if(opt.expert) + { + tty_printf("\n"); + /* No, so remove the mark and continue */ + if(!cpr_get_answer_is_yes("sign_uid.nosig_okay", + _("Are you sure you " + "still want to sign " + "it? (y/N) "))) + uidnode->flag &= ~NODFLG_MARK_A; + } + else + { + uidnode->flag &= ~NODFLG_MARK_A; + tty_printf(_(" Unable to sign.\n")); + } } m_free(user); @@ -737,8 +773,8 @@ sign_uids( KBNODE keyblock, STRLIST locusr, int *ret_modified, while(class==0) { - answer = cpr_get("sign_uid.class",_("Your selection? ")); - + answer = cpr_get("sign_uid.class",_("Your selection? " + "(enter '?' for more information): ")); if(answer[0]=='\0') class=0x10+opt.def_cert_check_level; /* Default */ else if(ascii_strcasecmp(answer,"0")==0) @@ -1232,7 +1268,7 @@ keyedit_menu( const char *username, STRLIST locusr, STRLIST commands, cmd = cmdLIST; else if( *answer == CONTROL_D ) cmd = cmdQUIT; - else if( isdigit( *answer ) ) { + else if( digitp(answer ) ) { cmd = cmdSELUID; arg_number = atoi(answer); } @@ -2782,7 +2818,8 @@ menu_expire( KBNODE pub_keyblock, KBNODE sec_keyblock ) && ( mainkey || sub_pk ) ) { PKT_signature *sig = node->pkt->pkt.signature; if( keyid[0] == sig->keyid[0] && keyid[1] == sig->keyid[1] - && ( (mainkey && uid && (sig->sig_class&~3) == 0x10) + && ( (mainkey && uid + && uid->created && (sig->sig_class&~3) == 0x10) || (!mainkey && sig->sig_class == 0x18) ) ) { /* this is a selfsignature which is to be replaced */ PKT_signature *newsig; diff --git a/g10/keygen.c b/g10/keygen.c index ff6fec852..10f1f033d 100644 --- a/g10/keygen.c +++ b/g10/keygen.c @@ -993,10 +993,10 @@ gen_rsa(int algo, unsigned nbits, KBNODE pub_root, KBNODE sec_root, DEK *dek, static int check_valid_days( const char *s ) { - if( !isdigit(*s) ) + if( !digitp(s) ) return 0; for( s++; *s; s++) - if( !isdigit(*s) ) + if( !digitp(s) ) break; if( !*s ) return 1; @@ -1330,7 +1330,7 @@ ask_user_id( int mode ) if( strpbrk( aname, "<>" ) ) tty_printf(_("Invalid character in name\n")); - else if( isdigit(*aname) ) + else if( digitp(aname) ) tty_printf(_("Name may not start with a digit\n")); else if( strlen(aname) < 5 ) tty_printf(_("Name must be at least 5 characters long\n")); @@ -1344,7 +1344,7 @@ ask_user_id( int mode ) amail = cpr_get("keygen.email",_("Email address: ")); trim_spaces(amail); cpr_kill_prompt(); - if( !*amail ) + if( !*amail || opt.allow_freeform_uid ) break; /* no email address is okay */ else if( has_invalid_email_chars(amail) || string_count_chr(amail,'@') != 1 @@ -1397,7 +1397,8 @@ ask_user_id( int mode ) tty_printf(_("You selected this USER-ID:\n \"%s\"\n\n"), uid); /* fixme: add a warning if this user-id already exists */ - if( !*amail && (strchr( aname, '@' ) || strchr( acomment, '@'))) { + if( !*amail && !opt.allow_freeform_uid + && (strchr( aname, '@' ) || strchr( acomment, '@'))) { fail = 1; tty_printf(_("Please don't put the email address " "into the real name or the comment\n") ); @@ -1600,7 +1601,7 @@ get_parameter_algo( struct para_data_s *para, enum para_name key ) struct para_data_s *r = get_parameter( para, key ); if( !r ) return -1; - if( isdigit( *r->u.value ) ) + if( digitp( r->u.value ) ) i = atoi( r->u.value ); else i = string_to_pubkey_algo( r->u.value ); diff --git a/g10/keylist.c b/g10/keylist.c index 680ff2f59..9d27404ff 100644 --- a/g10/keylist.c +++ b/g10/keylist.c @@ -161,7 +161,7 @@ show_policy_url(PKT_signature *sig,int indent,int mode) mode=1 for log_info + status messages mode=2 for status messages only */ - +/* TODO: use this */ void show_keyserver_url(PKT_signature *sig,int indent,int mode) { @@ -838,7 +838,7 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr ) pk = NULL; sk = node->pkt->pkt.secret_key; keyid_from_sk( sk, keyid ); - printf("sec:u:%u:%d:%08lX%08lX:%s:%s:::", + printf("sec::%u:%d:%08lX%08lX:%s:%s:::", nbits_from_sk( sk ), sk->pubkey_algo, (ulong)keyid[0],(ulong)keyid[1], @@ -904,13 +904,17 @@ list_keyblock_colon( KBNODE keyblock, int secret, int fpr ) if( any ) { int i; char *str=uid->attrib_data?"uat":"uid"; - if ( uid->is_revoked ) + /* If we're listing a secret key, leave out the + validity values for now. This is handled better in + 1.9. */ + if ( sk ) + printf("%s:::::",str); + else if ( uid->is_revoked ) printf("%s:r::::",str); else if ( uid->is_expired ) printf("%s:e::::",str); - else if ( opt.no_expensive_trust_checks ) { + else if ( opt.no_expensive_trust_checks ) printf("%s:::::",str); - } else { int uid_validity; diff --git a/g10/keyserver.c b/g10/keyserver.c index 7759de198..7ec744c66 100644 --- a/g10/keyserver.c +++ b/g10/keyserver.c @@ -168,7 +168,8 @@ parse_keyserver_uri(char *uri,const char *configname,unsigned int configlineno) opt.keyserver_scheme="hkp"; opt.keyserver_options.broken_http_proxy=1; } - else if(ascii_strcasecmp(opt.keyserver_scheme,"x-hkp")==0) + else if(ascii_strcasecmp(opt.keyserver_scheme,"x-hkp")==0 + || ascii_strcasecmp(opt.keyserver_scheme,"http")==0) { /* Canonicalize this to "hkp" so it works with both the internal and external keyserver interface. */ @@ -201,7 +202,7 @@ parse_keyserver_uri(char *uri,const char *configname,unsigned int configlineno) ch=opt.keyserver_port; while(*ch!='\0') { - if(!isdigit(*ch)) + if(!digitp(ch)) return G10ERR_BAD_URI; ch++; @@ -338,7 +339,7 @@ parse_keyrec(char *keystring) /* Remove trailing whitespace */ for(i=strlen(keystring);i>0;i--) - if(isspace(keystring[i-1])) + if(ascii_isspace(keystring[i-1])) keystring[i-1]='\0'; else break; @@ -976,7 +977,7 @@ keyserver_spawn(int action,STRLIST list, /* remove trailing whitespace */ plen=strlen(ptr); - while(plen>0 && isspace(ptr[plen-1])) + while(plen>0 && ascii_isspace(ptr[plen-1])) plen--; plen[ptr]='\0'; diff --git a/g10/mainproc.c b/g10/mainproc.c index 9b091b222..99cc4f11b 100644 --- a/g10/mainproc.c +++ b/g10/mainproc.c @@ -1278,6 +1278,28 @@ check_sig_and_print( CTX c, KBNODE node ) if( keyserver_import_keyid ( sig->keyid )==0 ) rc = do_check_sig(c, node, NULL, &is_expkey ); } + + /* If the key still isn't found, try to inform the user where it + can be found. */ + + if(rc==G10ERR_NO_PUBKEY && opt.verify_options&VERIFY_SHOW_KEYSERVER) + { + const byte *p; + int seq=0; + size_t n; + + while((p=enum_sig_subpkt(sig->hashed,SIGSUBPKT_PREF_KS,&n,&seq,NULL))) + { + /* According to my favorite copy editor, in English + grammar, you say "at" if the key is located on a web + page, but "from" if it is located on a keyserver. I'm + not going to even try to make two strings here :) */ + log_info(_("Key available at: ") ); + print_string( log_stream(), p, n, 0 ); + putc( '\n', log_stream() ); + } + } + if( !rc || rc == G10ERR_BAD_SIGN ) { KBNODE un, keyblock; int count=0, statno; @@ -1411,11 +1433,6 @@ check_sig_and_print( CTX c, KBNODE node ) show_notation(sig,0,1); else show_notation(sig,0,2); - - if(opt.verify_options&VERIFY_SHOW_KEYSERVER) - show_keyserver_url(sig,0,1); - else - show_keyserver_url(sig,0,2); } if( !rc && is_status_enabled() ) { diff --git a/g10/misc.c b/g10/misc.c index 1b8e6172a..c98c9752e 100644 --- a/g10/misc.c +++ b/g10/misc.c @@ -322,6 +322,8 @@ pct_expando(const char *string,struct expando_args *args) if(args->sk) keyid_from_sk(args->sk,sk_keyid); + /* This is used so that %k works in photoid command strings in + --list-secret-keys (which of course has a sk, but no pk). */ if(!args->pk && args->sk) keyid_from_sk(args->sk,pk_keyid); @@ -383,16 +385,38 @@ pct_expando(const char *string,struct expando_args *args) } break; - case 'f': /* fingerprint */ + case 'p': /* primary pk fingerprint of a sk */ + case 'f': /* pk fingerprint */ + case 'g': /* sk fingerprint */ { byte array[MAX_FINGERPRINT_LEN]; size_t len; int i; - if(args->pk) + if((*(ch+1))=='p' && args->sk) + { + if(args->sk->is_primary) + fingerprint_from_sk(args->sk,array,&len); + else if(args->sk->main_keyid[0] || args->sk->main_keyid[1]) + { + PKT_public_key *pk= + m_alloc_clear(sizeof(PKT_public_key)); + + if(get_pubkey_fast(pk,args->sk->main_keyid)==0) + fingerprint_from_pk(pk,array,&len); + else + memset(array,0,(len=MAX_FINGERPRINT_LEN)); + free_public_key(pk); + } + else + memset(array,0,(len=MAX_FINGERPRINT_LEN)); + } + else if((*(ch+1))=='f' && args->pk) fingerprint_from_pk(args->pk,array,&len); + else if((*(ch+1))=='g' && args->sk) + fingerprint_from_sk(args->sk,array,&len); else - memset(array,0, (len=MAX_FINGERPRINT_LEN)); + memset(array,0,(len=MAX_FINGERPRINT_LEN)); if(idx+(len*2)<maxlen) { diff --git a/g10/options.skel b/g10/options.skel index 5c8afced2..c03221ff3 100644 --- a/g10/options.skel +++ b/g10/options.skel @@ -90,7 +90,7 @@ # support). # # Example HKP keyserver: -# x-hkp://subkeys.pgp.net +# hkp://subkeys.pgp.net # # Example email keyserver: # mailto:[email protected] @@ -101,7 +101,7 @@ # # Regular URL syntax applies, and you can set an alternate port # through the usual method: -# x-hkp://keyserver.example.net:22742 +# hkp://keyserver.example.net:22742 # # If you have problems connecting to a HKP server through a buggy http # proxy, you can use keyserver option broken-http-proxy (see below), @@ -112,7 +112,7 @@ # Most servers do synchronize with each other and DNS round-robin may # give you a quasi-random server each time. -#keyserver x-hkp://subkeys.pgp.net +keyserver hkp://subkeys.pgp.net #keyserver mailto:[email protected] #keyserver ldap://pgp.surfnet.nl:11370 #keyserver ldap://keyserver.pgp.com diff --git a/g10/parse-packet.c b/g10/parse-packet.c index bdf68c551..b1d1e17df 100644 --- a/g10/parse-packet.c +++ b/g10/parse-packet.c @@ -1245,11 +1245,8 @@ parse_signature( IOBUF inp, int pkttype, unsigned long pktlen, goto leave; } if( n ) { - /* we add 8 extra bytes so that we have space for the signature - * status cache. Well we are wasting this if there is a cache - * packet already, but in the other case it avoids an realloc */ - sig->unhashed = m_alloc (sizeof(*sig->unhashed) + n + 8 - 1 ); - sig->unhashed->size = n + 8; + sig->unhashed = m_alloc (sizeof(*sig->unhashed) + n - 1 ); + sig->unhashed->size = n; sig->unhashed->len = n; if( iobuf_read(inp, sig->unhashed->data, n ) != n ) { log_error("premature eof while reading " diff --git a/g10/revoke.c b/g10/revoke.c index a45d2d623..6c1180c71 100644 --- a/g10/revoke.c +++ b/g10/revoke.c @@ -608,7 +608,7 @@ ask_revocation_reason( int key_rev, int cert_rev, int hint ) return NULL; /* cancel */ if( hint && !*answer ) n = hint; - else if(!isdigit( *answer ) ) + else if(!digitp( answer ) ) n = -1; else n = atoi(answer); diff --git a/g10/signal.c b/g10/signal.c index 1028ab705..ced507b83 100644 --- a/g10/signal.c +++ b/g10/signal.c @@ -1,5 +1,5 @@ /* signal.c - signal handling - * Copyright (C) 1998, 1999, 2000, 2001 Free Software Foundation, Inc. + * Copyright (C) 1998, 1999, 2000, 2001, 2003 Free Software Foundation, Inc. * * This file is part of GnuPG. * @@ -34,7 +34,6 @@ #include "main.h" #include "ttyio.h" - static volatile int caught_fatal_sig = 0; static volatile int caught_sigusr1 = 0; @@ -42,7 +41,7 @@ static void init_one_signal (int sig, RETSIGTYPE (*handler)(int), int check_ign ) { #ifndef HAVE_DOSISH_SYSTEM -#ifdef HAVE_SIGACTION +#if defined(HAVE_SIGACTION) && defined(HAVE_STRUCT_SIGACTION) struct sigaction oact, nact; if (check_ign) { @@ -132,7 +131,7 @@ void pause_on_sigusr( int which ) { #ifndef HAVE_DOSISH_SYSTEM -#ifdef HAVE_SIGPROCMASK +#if defined(HAVE_SIGPROCMASK) && defined(HAVE_SIGSET_T) sigset_t mask, oldmask; assert( which == 1 ); @@ -150,18 +149,19 @@ pause_on_sigusr( int which ) while (!caught_sigusr1) sigpause(SIGUSR1); caught_sigusr1 = 0; - sigrelse(SIGUSR1); ???? -#endif /*!HAVE_SIGPROCMASK*/ + sigrelse(SIGUSR1); +#endif /*! HAVE_SIGPROCMASK && HAVE_SIGSET_T */ #endif } - +/* Disabled - see comment in tdbio.c:tdbio_begin_transaction() */ +#if 0 static void do_block( int block ) { #ifndef HAVE_DOSISH_SYSTEM static int is_blocked; -#ifdef HAVE_SIGPROCMASK +#if defined(HAVE_SIGPROCMASK) && defined(HAVE_SIGSET_T) static sigset_t oldmask; if( block ) { @@ -179,14 +179,23 @@ do_block( int block ) sigprocmask( SIG_SETMASK, &oldmask, NULL ); is_blocked = 0; } -#else /*!HAVE_SIGPROCMASK*/ - static void (*disposition[MAXSIG])(); +#else /*! HAVE_SIGPROCMASK && HAVE_SIGSET_T */ + +#if defined(NSIG) +#define SIGSMAX (NSIG) +#elif defined(MAXSIG) +#define SIGSMAX (MAXSIG+1) +#else +#error "define SIGSMAX to the number of signals on your platform plus one" +#endif + + static void (*disposition[SIGSMAX])(int); int sig; if( block ) { if( is_blocked ) log_bug("signals are already blocked\n"); - for (sig=1; sig < MAXSIG; sig++) { + for (sig=1; sig < SIGSMAX; sig++) { disposition[sig] = sigset (sig, SIG_HOLD); } is_blocked = 1; @@ -194,16 +203,15 @@ do_block( int block ) else { if( !is_blocked ) log_bug("signals are not blocked\n"); - for (sig=1; sig < MAXSIG; sig++) { + for (sig=1; sig < SIGSMAX; sig++) { sigset (sig, disposition[sig]); } is_blocked = 0; } -#endif /*!HAVE_SIGPROCMASK*/ +#endif /*! HAVE_SIGPROCMASK && HAVE_SIGSET_T */ #endif /*HAVE_DOSISH_SYSTEM*/ } - void block_all_signals() { @@ -215,3 +223,4 @@ unblock_all_signals() { do_block(0); } +#endif diff --git a/g10/tdbdump.c b/g10/tdbdump.c index cd46f1f5a..b5258a914 100644 --- a/g10/tdbdump.c +++ b/g10/tdbdump.c @@ -153,7 +153,7 @@ import_ownertrust( const char *fname ) break; /* can't continue */ } for(p = line; *p && *p != ':' ; p++ ) - if( !isxdigit(*p) ) + if( !hexdigitp(p) ) break; if( *p != ':' ) { log_error_f(fname, _("error: missing colon\n") ); diff --git a/g10/tdbio.c b/g10/tdbio.c index bc609adee..07e64a250 100644 --- a/g10/tdbio.c +++ b/g10/tdbio.c @@ -332,7 +332,9 @@ tdbio_sync() return 0; } - +#if 0 +/* The transaction code is disabled in the 1.2.x branch, as it is not + yet used. It will be enabled in 1.3.x. */ /**************** * Simple transactions system: @@ -402,7 +404,7 @@ tdbio_cancel_transaction() in_transaction = 0; return 0; } - +#endif /******************************************************** diff --git a/g10/trustdb.c b/g10/trustdb.c index 457d83b9d..d9b09063d 100644 --- a/g10/trustdb.c +++ b/g10/trustdb.c @@ -1572,10 +1572,14 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist, signed (but not self-signed) uid does carry trust, of a sort, even if it is a statement being made by people other than the key owner "through" the uids on the key owner's key. I'm - going with the latter. -dshaw */ + going with the latter. However, if the user ID was + explicitly revoked, or passively allowed to expire, that + should stop validity through the user ID until it is + resigned. -dshaw */ - /* && node->pkt->pkt.user_id->created) */ - if (node->pkt->pkttype == PKT_USER_ID) + if (node->pkt->pkttype == PKT_USER_ID + && !node->pkt->pkt.user_id->is_revoked + && !node->pkt->pkt.user_id->is_expired) { if (uidnode && issigned) { @@ -1589,12 +1593,11 @@ validate_one_keyblock (KBNODE kb, struct key_item *klist, } uidnode = node; uid=uidnode->pkt->pkt.user_id; -#if 0 - /* If the selfsig is going to expire... This is disabled as - we do count un-self-signed uids in the web of trust. */ + + /* If the selfsig is going to expire... */ if(uid->expiredate && uid->expiredate<*next_expire) *next_expire = uid->expiredate; -#endif + issigned = 0; get_validity_counts(pk,uid); mark_usable_uid_certs (kb, uidnode, main_kid, klist, |