Index: armor.c
--- armor.c.orig	2002-09-05 15:12:16 +0200
+++ armor.c	2006-11-01 14:58:20 +0100
@@ -323,9 +323,9 @@
 }
 
 const unsigned char headerline_head[] = "-----BEGIN PGP ";
-const unsigned char headerline_tail[] = ("-----\n"
+const unsigned char headerline_tail[] = "-----\n"
 					 "Version: PGP Key Server "
-					 PKS_VERSION "\n\n");
+					 PKS_VERSION "\n\n";
 const unsigned char tailline_head[] = "-----END PGP ";
 const unsigned char tailline_tail[] = "-----\n";
 
Index: kd_delete.c
--- kd_delete.c.orig	2002-11-12 06:03:36 +0100
+++ kd_delete.c	2006-11-01 14:57:18 +0100
@@ -207,7 +207,7 @@
    /* fatal errors */
 
    if (err.fatal) {
-      log_fatal("ks_delete", err.str);
+      log_fatal("kd_delete", err.str);
       /* never returns */
    }
 
Index: kd_generic.c
--- kd_generic.c.orig	2002-09-08 22:54:24 +0200
+++ kd_generic.c	2006-11-01 14:57:18 +0100
@@ -41,7 +41,7 @@
 DB *worddb = NULL;
 DB *timedb = NULL;
 
-DB *keydb(DBT *key)
+int get_keydb_num(DBT *key)
 {
    /* keyid's are 8 bytes, msb first.  so start from the end.  use 16
       bits, since that's enough to divide by any small number of db
@@ -51,7 +51,12 @@
 
    keyidnum = (keydata[KEYDB_KEYID_BYTES-2]<<8)|keydata[KEYDB_KEYID_BYTES-1];
 
-   return(keydb_files[keyidnum % num_keydb]);
+   return (keyidnum % num_keydb);
+}
+
+DB *keydb(DBT *key)
+{
+   return (keydb_files[get_keydb_num (key)]);
 }
 
 int kd_add_userid_to_wordlist(llist *wl,
@@ -179,7 +184,7 @@
    if ((*(keydb(&key)->put))(keydb(&key), tid, &key, &newdata, 0) < 0) {
       xbuffer_free(&newxb);
       err->fatal = 1;
-      sprintf(err->buf, "error %s keydb, errno = %d", "writing to", errno);
+      sprintf(err->buf, "error writing to keydb[%d], errno = %d", get_keydb_num(&key), errno);
       fail();
    }
 
@@ -356,7 +361,7 @@
 	 goto do_create;
 
       for (i=0; i<num_keydb; i++) {
-	 sprintf(line, "keydb%03d", i);
+	 sprintf(line, "%s/keydb%03d", dbdir, i);
 	 unlink(line);
       }
 
Index: kd_get.c
--- kd_get.c.orig	2002-10-08 06:04:42 +0200
+++ kd_get.c	2006-11-01 14:57:18 +0100
@@ -163,7 +163,7 @@
    /* fatal errors */
 
    if (err.fatal)
-      log_fatal("ks_get", err.str);
+      log_fatal("kd_get", err.str);
 
    /* keep the compiler quiet */
 
Index: kd_index.c
--- kd_index.c.orig	2003-01-26 20:54:45 +0100
+++ kd_index.c	2006-11-01 14:57:18 +0100
@@ -107,7 +107,7 @@
    char buf[512];
 
    sprintf(buf, "                               %.*s\n",
-	   (int) ue->uidplen, ue->uidprint);
+	   ue->uidplen < 255 ? (int) ue->uidplen : 255, ue->uidprint);
 
    if (!xbuffer_append_str(s->xb, buf))
       return(0);
@@ -197,7 +197,7 @@
 	   c_tm->tm_year+1900, c_tm->tm_mon+1, c_tm->tm_mday,
 	   (ke->revocation.len?
 	    "*** KEY REVOKED ***\n                              ":""),
-	   (int) ke->primary->uidplen,
+	   ke->primary->uidplen < 255 ? (int) ke->primary->uidplen : 255,
 	   ke->primary->uidprint);
 
    if (!xbuffer_append_str(s->xb, buf))
@@ -283,7 +283,7 @@
 	   ke->keyidbits.buf[5],
 	   ke->keyidbits.buf[6],
 	   ke->keyidbits.buf[7],
-	   ke->keytype,ke->modsigbits,ke->create_time,
+	   ke->keytype,ke->modsigbits,(unsigned long)ke->create_time,
 	   ke->revocation.len?"r":"",
 	   ke->disabled?"d":""
 	   );
Index: kd_search.c
--- kd_search.c.orig	2003-02-02 18:22:27 +0100
+++ kd_search.c	2006-11-01 14:57:18 +0100
@@ -397,7 +397,7 @@
       {
 	 ddesc keyid;
 	 long sigclass;
-	 long sig_time;
+	 time_t sig_time;
 	 sigs_elem *se;
 	 int ret;
          static unsigned char maxid[8] = {0xff, 0xff, 0xff, 0xff,
Index: kd_since.c
--- kd_since.c.orig	2002-09-04 23:00:23 +0200
+++ kd_since.c	2006-11-01 14:57:18 +0100
@@ -123,11 +123,13 @@
    ows.err = err;
    ows.append = kd_keys_elem_marshall;
 
-   for (i=0; i<entries.len; i+=12)
-      if (i && memcmp((void *) (entries.buf+i-12),
-		      (void *) (entries.buf+i), 12) &&
-	  (!kd_output_wde((void *) (entries.buf+i), (void *) &ows)))
-	 return(0);
+   for (i = 12; i <= entries.len; i += 12) {
+       if (memcmp((void *)(entries.buf + i - 12),
+                  (void *)(entries.buf + i), 12) &&
+           (!kd_output_wde((void *)(entries.buf + i - 12), (void *) &ows))) {
+           return (0);
+       }
+   }
 
    xbuffer_free(&entries);
 
@@ -220,7 +222,7 @@
    /* fatal errors */
 
    if (err.fatal)
-      log_fatal("ks_get", err.str);
+      log_fatal("kd_since", err.str);
 
    /* keep the compiler quiet */
 
Index: mail_req.c
--- mail_req.c.orig	2002-09-08 21:27:34 +0200
+++ mail_req.c	2006-11-01 14:57:18 +0100
@@ -236,6 +236,7 @@
 
    if (hfrom == -1 || hfrom_len == 0) {
       log_error("mail_req", "mail message does not have From: header");
+      (*msc)(0, c); /* presumably spam; toss it */
       return;
    }
 
Index: pgputil.c
--- pgputil.c.orig	2003-01-26 17:08:58 +0100
+++ pgputil.c	2006-11-01 14:57:18 +0100
@@ -121,6 +121,11 @@
    if (!decode_num(data, 2, &(mpi->nbits)))
       return(0);
 
+   /* skip packets with 0-length MPIs for GPG's benefit (gnupg-1.4.2) */
+   if (mpi->nbits == 0) {
+     return (0);
+   }
+
    return(decode_bytestr(data, (mpi->nbits+7)/8, &(mpi->number)));
 }
 
@@ -433,7 +438,8 @@
 	 data, so making it a pointer to static data will work
 	 fine. */
       if (keyid->size == 0) {
-	 static unsigned char boguskeyid[8] = "????????";
+	 static unsigned char boguskeyid[8];
+	 memset((void *)&boguskeyid, 0, (size_t)8);
 	 keyid->data = boguskeyid;
 	 keyid->size = sizeof(boguskeyid);
 	 keyid->offset = 0;
Index: pks_socket.c
--- pks_socket.c.orig	2002-09-04 22:48:53 +0200
+++ pks_socket.c	2006-11-01 14:57:18 +0100
@@ -208,7 +208,7 @@
 #ifdef HAVE_SOCKLEN_T
    socklen_t sunlen;
 #else
-   int sunlen;
+   unsigned int sunlen;
 #endif
    int srv;
 
Index: pks_www.c
--- pks_www.c.orig	2003-01-06 19:52:27 +0100
+++ pks_www.c	2006-11-01 14:57:18 +0100
@@ -95,6 +95,7 @@
 void w_error(int fd, int vers, unsigned char *str, long len)
 {
    xbuffer xb;
+   const char *no_match = "No matching keys in database";
 
    xbuffer_alloc(&xb);
 
@@ -104,7 +105,10 @@
       log_fatal("w_error", "constructing reply");
    }
 
-   w_reply(fd, vers, NULL, xb.buf, xb.len);
+   if (strstr((const char *)str, no_match))
+       www_reply(fd, vers, 404, "Not Found", NULL, xb.buf, xb.len);
+   else /* generic error handler - w_reply hands back 200. wrong! */
+       www_reply(fd, vers, 500, "Server Error", NULL, xb.buf, xb.len);
 
    xbuffer_free(&xb);
 }
Index: pkscheck.c
--- pkscheck.c.orig	2003-02-07 02:01:21 +0100
+++ pkscheck.c	2006-11-01 14:57:18 +0100
@@ -83,6 +83,12 @@
       log_error("main", buf);
    }
 
+   memset (&ikey, 0, sizeof (ikey));
+   memset (&idata, 0, sizeof (idata));
+
+   memset (&kkey, 0, sizeof (kkey));
+   memset (&kdata, 0, sizeof (kdata));
+
    for (ret = (*(cursor->c_get))(cursor, &ikey, &idata, DB_FIRST);
 	ret == 0;
 	ret = (*(cursor->c_get))(cursor, &ikey, &idata, DB_NEXT)) {
@@ -97,7 +103,8 @@
 	 kkey.size = 4;
 	 kkey.data = ((unsigned char *) idata.data)+i+8;
 
-	 if ((*(keydb(&kkey)->get))(keydb(&kkey), NULL, &kkey, &kdata, 0)) {
+	 if ((((unsigned long *) kkey.data)[0] > 0) &&
+         (*(keydb(&kkey)->get))(keydb(&kkey), NULL, &kkey, &kdata, 0)) {
 	    sprintf(buf, "keyid %02X%02X%02X%02X in timedb but not keydb\n",
 		    ((unsigned char *) kkey.data)[0],
 		    ((unsigned char *) kkey.data)[1],
Index: www.c
--- www.c.orig	2003-02-07 02:01:21 +0100
+++ www.c	2006-11-01 14:57:18 +0100
@@ -33,7 +33,6 @@
 	#define TCPDSERVICE "pksd"
 	int allow_severity=LOG_WARNING ;
 	int deny_severity=LOG_WARNING ;
-	char *yp_get_default_domain=""  ;
 	extern int hosts_ctl(char *daemon,
 		char *client_name, char *client_addr,char *client_user) ;
 
@@ -109,7 +108,7 @@
    char num[20];
 
    if(content_type==NULL)
-     content_type="text/html";
+     content_type="text/html;charset=utf-8";
 
    if ((xb = (xbuffer *) malloc(sizeof(xbuffer))) == NULL)
       log_fatal("www_reply", "failed allocating memory for xbuffer");
@@ -138,12 +137,20 @@
       }
 
       if ((status_code/100) == 4) {
-	 if (!xbuffer_append_str(xb, "<HEAD><TITLE>") ||
+         if (!xbuffer_append_str(xb,
+                                 "<?xml version=\"1.0\"?>\015\012"
+                                 "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\"\015\012"
+                                 "    \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\015\012"
+                                 "<html xmlns=\"http://www.w3.org/1999/xhtml\">\015\012"
+                                 "  <head>\015\012"
+                                 "    <title>") ||
 	     !xbuffer_append_str(xb, num) ||
 	     !xbuffer_append_str(xb, reason_phrase) ||
-	     !xbuffer_append_str(xb, "</TITLE></HEAD><BODY>") ||
-	     !xbuffer_append(xb, reply, replylen) ||
-	     !xbuffer_append_str(xb, "</BODY>\015\012")) {
+             !xbuffer_append_str(xb, "</title>\015\012"
+                                 "  </head>\015\012"
+                                 "  <body>") ||
+             !xbuffer_append(xb, reply, replylen) ||
+             !xbuffer_append_str(xb, "  </body>\015\012" "</html>\015\012")) {
 	    xbuffer_free(xb);
 	    log_fatal("www_reply", "failed constructing www error reply");
 	 }
@@ -387,12 +394,18 @@
 	 }
       }
    } else if (is_token(input+s->method, s->method_len, post, post_len, 0)) {
-      if ((s->content_length == 0) || readonly) {
+      if (s->content_length == 0) {
 	 www_reply(fd, 1000, 400, bad_request, NULL, NULL, 0);
 	 mp_delete_read(fd);
 	 xbuffer_free(&(s->xb));
 	 free(s);
 	 return;
+      }else if (readonly) {
+         www_reply (fd, 1000, 403, "Forbidden", NULL, NULL, 0);
+         mp_delete_read(fd);
+         xbuffer_free(&(s->xb));
+         free(s);
+         return;
       }
    } else {
       www_reply(fd, 1000, 400, bad_request, NULL, NULL, 0);
@@ -423,7 +436,7 @@
 #ifdef HAVE_SOCKLEN_T
    socklen_t sinlen;
 #else
-   int sinlen;
+   unsigned int sinlen;
 #endif
    int srv;
    unsigned long addr;