* acinclude.m4 (GNUPG_PTH_VERSION_CHECK): Link a simple testV1-9-15

program to see whether the installation is sane.

* certreqgen.c (proc_parameters): Cast printf arg.

16 files changed, 175 insertions, 97 deletions

diff --git a/ChangeLog b/ChangeLog
index ac2784365..237999e8a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,19 @@
+2005-01-13  Werner Koch  <wk@g10code.com>
+
+	Released 1.9.15.
+
+	* acinclude.m4 (GNUPG_PTH_VERSION_CHECK): Link a simple test
+	program to see whether the installation is sane.
+
+2005-01-07  Werner Koch  <wk@g10code.com>
+
+	* configure.ac: Require gpg-error 1.0.
+
+2005-01-04  Werner Koch  <wk@g10code.com>
+
+	* configure.ac: Remove hack not to build gpg2 for W32.
+	* autogen.sh <build-w32>: Pass option --disable-gpg instead.
+
 2004-12-22  Werner Koch  <wk@g10code.com>
 
 	Released 1.9.14.
diff --git a/NEWS b/NEWS
index 3fae5417e..afb519487 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,11 @@
-Noteworthy changes in version 1.9.15
+Noteworthy changes in version 1.9.15 (2005-01-13)
 -------------------------------------------------
 
+ * Fixed passphrase caching bug.
+
+ * Better support for CCID readers; the reader from Cherry RS 6700 USB
+   does now work.
+
 
 Noteworthy changes in version 1.9.14 (2004-12-22)
 -------------------------------------------------
diff --git a/TODO b/TODO
index 16311a204..7a2292bd6 100644
--- a/TODO
+++ b/TODO
@@ -67,16 +67,14 @@ might want to have an agent context for each service request
 
 * Move pkcs-1 encoding into libgcrypt.
 
-* Use a MAC to protect some files.
+* Use a MAC to protect sensitive files.
+  The problem here is that we need yet another key and it is unlikely
+  that users are willing to remember that key too.  It is possible to
+  do this with a smartcard, though.
 
 * sm/export.c
 ** Return an error code or a status info per user ID.
 
-* Where is http.c, regcomp.c, srv.c, w32reg.c  ?
-
-* scd/sc-investigate
-** Enhance with card compatibility check
-
 * tests
 ** Makefile.am
   We use printf(1) to setup the library path, this is not portable.
diff --git a/acinclude.m4 b/acinclude.m4
index 5f742b279..31f540640 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -214,6 +214,8 @@ AC_DEFUN([GNUPG_PTH_VERSION_CHECK],
   [
     _pth_version=`$PTH_CONFIG --version | awk 'NR==1 {print [$]3}'`
     _req_version="ifelse([$1],,1.2.0,$1)"
+
+    AC_MSG_CHECKING(for PTH - version >= $_req_version)
     for _var in _pth_version _req_version; do
         eval "_val=\"\$${_var}\""
         _major=`echo $_val | sed 's/\([[0-9]]*\)\.\([[0-9]]*\)\([[ab.]]\)\([[0-9]]*\)/\1/'`
@@ -237,16 +239,37 @@ AC_DEFUN([GNUPG_PTH_VERSION_CHECK],
             fi
         fi
     fi
-    if test $have_pth = no; then
-       AC_MSG_WARN([[
-***
-*** Found Pth version $_pth_version, but require at least
-*** version $_req_version.  Please upgrade Pth first.
-***]])
+    if test $have_pth = yes; then
+       AC_MSG_RESULT(yes)
+       AC_MSG_CHECKING([whether PTH installation is sane])
+       AC_CACHE_VAL(gnupg_cv_pth_is_sane,[
+         _gnupg_pth_save_cflags=$CFLAGS
+         _gnupg_pth_save_ldflags=$LDFLAGS
+         _gnupg_pth_save_libs=$LIBS
+         CFLAGS="$CFLAGS `$PTH_CONFIG --ldflags`"
+         LDFLAGS="$LDFLAGS `$PTH_CONFIG --ldflags`"
+         LIBS="$LIBS `$PTH_CONFIG --libs`"
+         AC_LINK_IFELSE([AC_LANG_PROGRAM([#include <pth.h>
+                                         ],
+                                         [[ pth_init ();]])],
+                        gnupg_cv_pth_is_sane=yes,
+                        gnupg_cv_pth_is_sane=no)
+         CFLAGS=$_gnupg_pth_save_cflags
+         LDFLAGS=$_gnupg_pth_save_ldflags
+         LIBS=$_gnupg_pth_save_libs
+       ])
+       if test $gnupg_cv_pth_is_sane != yes; then
+          have_pth=no
+       fi
+       AC_MSG_RESULT($gnupg_cv_pth_is_sane)
+    else
+       AC_MSG_RESULT(no)
     fi    
   ])
 
 
+
+
 # Check whether mlock is broken (hpux 10.20 raises a SIGBUS if mlock
 # is not called from uid 0 (not tested whether uid 0 works)
 # For DECs Tru64 we have also to check whether mlock is in librt
diff --git a/agent/ChangeLog b/agent/ChangeLog
index fa450dfdb..c790482b4 100644
--- a/agent/ChangeLog
+++ b/agent/ChangeLog
@@ -1,5 +1,8 @@
 2005-01-04  Werner Koch  <wk@g10code.com>
 
+	* trustlist.c (agent_marktrusted): Use "Cancel" for the first
+	confirmation and made the strings translatable.
+
 	* cache.c (agent_put_cache): Fix the test for using the default
 	TTL.
 
diff --git a/agent/trustlist.c b/agent/trustlist.c
index a0b6b9861..edb00650d 100644
--- a/agent/trustlist.c
+++ b/agent/trustlist.c
@@ -30,6 +30,7 @@
 
 #include "agent.h"
 #include <assuan.h> /* fixme: need a way to avoid assuan calls here */
+#include "i18n.h"
 
 static const char headerblurb[] =
 "# This is the list of trusted keys.  Comment lines, like this one, as\n"
@@ -290,17 +291,30 @@ agent_marktrusted (CTRL ctrl, const char *name, const char *fpr, int flag)
       return gpg_error (GPG_ERR_NOT_SUPPORTED);
     }
 
-  /* insert a new one */
+  /* Insert a new one. */
   if (asprintf (&desc,
-                "Please verify that the certificate identified as:%%0A"
-                "  \"%s\"%%0A"
-                "has the fingerprint:%%0A"
-                "  %s", name, fpr) < 0 )
+                /* TRANSLATORS: This prompt is shown by the Pinentry
+                   and has one special property: A "%%0A" is used by
+                   Pinentry to insert a line break.  The double
+                   percent sign is actually needed because it is also
+                   a printf format string.  If you need to insert a
+                   plain % sign, you need to encode it as "%%25".  The
+                   second "%s" gets replaced by a hexdecimal
+                   fingerprint string whereas the first one receives
+                   the name as store in the certificate. */
+                _("Please verify that the certificate identified as:%%0A"
+                  "  \"%s\"%%0A"
+                  "has the fingerprint:%%0A"
+                  "  %s"), name, fpr) < 0 )
     {
       trustfp_used--;
       return out_of_core ();
     }
-  rc = agent_get_confirmation (ctrl, desc, "Correct", "No");
+
+  /* TRANSLATORS: "Correct" is the label of a button and intended to
+     be hit if the fingerprint matches the one of the CA.  The other
+     button is "the default "Cancel" of the Pinentry. */
+  rc = agent_get_confirmation (ctrl, desc, _("Correct"), NULL);
   free (desc);
   if (rc)
     {
@@ -309,15 +323,23 @@ agent_marktrusted (CTRL ctrl, const char *name, const char *fpr, int flag)
     }
 
   if (asprintf (&desc,
-                "Do you ultimately trust%%0A"
-                "  \"%s\"%%0A"
-                "to correctly certify user certificates?",
+                /* TRANSLATORS: This prompt is shown by the Pinentry
+                   and has one special property: A "%%0A" is used by
+                   Pinentry to insert a line break.  The double
+                   percent sign is actually needed because it is also
+                   a printf format string.  If you need to insert a
+                   plain % sign, you need to encode it as "%%25".  The
+                   "%s" gets replaced by the name as store in the
+                   certificate. */
+                _("Do you ultimately trust%%0A"
+                  "  \"%s\"%%0A"
+                  "to correctly certify user certificates?"),
                 name) < 0 )
     {
       trustfp_used--;
       return out_of_core ();
     }
-  rc = agent_get_confirmation (ctrl, desc, "Yes", "No");
+  rc = agent_get_confirmation (ctrl, desc, _("Yes"), _("No"));
   free (desc);
   if (rc)
     {
diff --git a/autogen.sh b/autogen.sh
index 87ddc6369..67d28ed38 100755
--- a/autogen.sh
+++ b/autogen.sh
@@ -90,7 +90,8 @@ if test "$1" = "--build-w32"; then
 	     --with-libgcrypt-prefix=${w32root} \
 	     --with-libassuan-prefix=${w32root} \
 	     --with-zlib=${w32root} \
-             --with-pth-prefix=${w32root}
+             --with-pth-prefix=${w32root} \
+             --disable-gpg
     rc=$?
     # Ugly hack to overcome a gettext problem.  Someone should look into
     # gettext to figure out why the po directory is not ignored as it used
diff --git a/configure.ac b/configure.ac
index 35886dfa6..041a4d1b8 100644
--- a/configure.ac
+++ b/configure.ac
@@ -24,12 +24,12 @@ min_automake_version="1.9.3"
 
 # Version number: Remember to change it immediately *after* a release.
 #                 Add a "-cvs" prefix for non-released code.
-AC_INIT(gnupg, 1.9.15-cvs, gnupg-devel@gnupg.org)
+AC_INIT(gnupg, 1.9.15, gnupg-devel@gnupg.org)
 # Set development_version to yes if the minor number is odd or you
 # feel that the default check for a development version is not
 # sufficient.
 development_version=yes
-NEED_GPG_ERROR_VERSION=0.7
+NEED_GPG_ERROR_VERSION=1.0
 
 NEED_LIBGCRYPT_API=1
 NEED_LIBGCRYPT_VERSION=1.1.94
@@ -133,6 +133,7 @@ test -n "$GNUPG_PROTECT_TOOL_PGM" \
       && show_gnupg_protect_tool_pgm="$GNUPG_PROTECT_TOOL_PGM"
 
 
+
 # Some folks want to use only the agent form this packet.  Make it
 # easier for them by providing the configure option
 # --enable-only-agent.
@@ -528,9 +529,8 @@ AC_SUBST(PTH_CFLAGS)
 AC_SUBST(PTH_LIBS)
 
 AC_ARG_ENABLE(threads,
-    AC_HELP_STRING([--disable-threads],[allow building without Pth support]);
-    
-)
+    AC_HELP_STRING([--disable-threads],[allow building without Pth support])
+             )
 
 
 dnl Must check for network library requirements before doing link tests
@@ -1034,19 +1034,13 @@ if test "$build_scdaemon" = "yes"; then
   fi
 fi
 
+
 if test "$build_agent_only" = "yes" ; then
   build_gpg=no
   build_gpgsm=no
   build_scdaemon=no
 fi
 
-# We don't yet want to build some parts for W32
-case "${host}" in 
-    *-mingw32*) 
-      build_gpg=no
-      ;;
-esac
-
 
 AM_CONDITIONAL(BUILD_GPG,   test "$build_gpg" = "yes")
 AM_CONDITIONAL(BUILD_GPGSM, test "$build_gpgsm" = "yes")
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 407b706b0..855c3ca38 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,3 +1,7 @@
+2005-01-04  Werner Koch  <wk@g10code.com>
+
+	* gnupg.texi: Updated to use @copying.
+
 2004-12-22  Werner Koch  <wk@g10code.com>
 
 	* gnupg.texi: Reordered.
diff --git a/doc/gnupg.texi b/doc/gnupg.texi
index 006e604a0..5c6925260 100644
--- a/doc/gnupg.texi
+++ b/doc/gnupg.texi
@@ -1,33 +1,49 @@
 \input texinfo                      @c -*-texinfo-*-
 @c %**start of header
 @setfilename gnupg.info
-
 @include version.texi
+@settitle Using the GNU Privacy Guard
+@c Create a separate index for command line options.
+@defcodeindex op
+@c Merge the standard indexes into a single one.
+@syncodeindex fn cp
+@syncodeindex vr cp
+@syncodeindex ky cp
+@syncodeindex pg cp
+@syncodeindex tp cp
+@c %**end of header
+@copying
+This is the @cite{The GNU Privacy Guard Manual}
+(version @value{VERSION}, @value{UPDATED}).
+
+@iftex
+Published by the Free Software Foundation@*
+59 Temple Place - Suite 330@*
+Boston, MA 02111-1307 USA
+@end iftex
 
-@macro copyrightnotice
 Copyright @copyright{} 2002, 2004 Free Software Foundation, Inc.
-@end macro
-@macro permissionnotice
+
+@quotation
 Permission is granted to copy, distribute and/or modify this document
 under the terms of the GNU General Public License as published by the
 Free Software Foundation; either version 2 of the License, or (at your
 option) any later version. The text of the license can be found in the
 section entitled ``Copying''.
-@end macro
+@end quotation
+@end copying
 
 
-@settitle Using the GNU Privacy Guard
+@dircategory GNU Utilities
+@direntry
+* gpg: (gnupg).            OpenPGP encryption and signing tool.
+* gpgsm: (gnupg).          S/MIME encryption and signing tool.
+@end direntry
 
-@c Create a separate index for command line options.
-@defcodeindex op
-@c Merge the standard indexes into a single one.
-@syncodeindex fn cp
-@syncodeindex vr cp
-@syncodeindex ky cp
-@syncodeindex pg cp
-@syncodeindex tp cp
 
-@c printing stuff taken from gcc.
+@c
+@c Printing stuff taken from gcc.
+@c
 @macro gnupgtabopt{body}
 @code{\body\}
 @end macro
@@ -48,36 +64,10 @@ section entitled ``Copying''.
 @end ifnottex
 
 
-@c Change the font used for @def... commands, since the default
-@c proportional one used is bad for names starting __.
-@tex
-\global\setfont\defbf\ttbshape{10}{\magstep1}
-@end tex
-
-@c %**end of header
-
-@ifnottex
-@dircategory GNU Utilities
-@direntry
-* gpg: (gnupg).            OpenPGP encryption and signing tool.
-* gpgsm: (gnupg).          S/MIME encryption and signing tool.
-@end direntry
-This file documents the use and the internals of the GNU Privacy Guard.
-
-This is Edition @value{EDITION}, last updated @value{UPDATED}, of
-@cite{The `GNU Privacy Guard' Manual}, for Version @value{VERSION}.
-@sp 1
-Published by the Free Software Foundation@*
-59 Temple Place - Suite 330@*
-Boston, MA 02111-1307 USA
-@sp 1
-@copyrightnotice{}
-@sp 1
-@permissionnotice{}
-@end ifnottex
-
+@c
+@c Titlepage
+@c
 @setchapternewpage odd
-
 @titlepage
 @title Using the GNU Privacy Guard
 @subtitle Version @value{VERSION}
@@ -89,26 +79,26 @@ Boston, MA 02111-1307 USA
 
 @sp 6
 
-@author Werner Koch @code{(wk@@gnupg.org)}
-
+@author Werner Koch (@email{wk@@gnupg.org})
 
 @page
 @vskip 0pt plus 1filll
-@copyrightnotice{}
-@sp 2
-@permissionnotice{}
+@insertcopying
 @end titlepage
+
+
 @summarycontents
 @contents
 @page
 
-
+@ifnottex
 @node Top
-@top Introduction
-@cindex introduction
+@top The GNU Privacy Guard
+@insertcopying
 
 This manual documents how to use the GNU Privacy Guard system as well as
 the administration and the architecture.
+@end ifnottex
 
 @menu
 * Invoking GPG::        Using the OpenPGP protocol.
diff --git a/po/de.po b/po/de.po
index e7227df59..bfcf40d67 100644
--- a/po/de.po
+++ b/po/de.po
@@ -317,7 +317,9 @@ msgstr "Mantra"
 msgid ""
 "Please verify that the certificate identified as:%%0A  \"%s\"%%0Ahas the "
 "fingerprint:%%0A  %s"
-msgstr "Bitte prüfen Sie, daß das Zertifikat mit dem Namen:%%0A  \"%s\"%%0Afolgenden Fingerabdruck hat:%%0A  %s"
+msgstr ""
+"Bitte prüfen Sie, daß das Zertifikat mit dem Namen:%%0A  \"%s\"%%0Afolgenden "
+"Fingerabdruck hat:%%0A  %s"
 
 #. TRANSLATORS: "Correct" is the label of a button and intended to
 #. be hit if the fingerprint matches the one of the CA.  The other
@@ -339,7 +341,9 @@ msgstr "Korrekt"
 msgid ""
 "Do you ultimately trust%%0A  \"%s\"%%0Ato correctly certify user "
 "certificates?"
-msgstr "Wenn Sie vollständiges Vertrauen haben, daß%%0A  \"%s\"%%0ABenutzerzertifikate verläßlich zertifiziert, so antworten Sie mit \"Ja\""
+msgstr ""
+"Wenn Sie vollständiges Vertrauen haben, daß%%0A  \"%s\"%%"
+"0ABenutzerzertifikate verläßlich zertifiziert, so antworten Sie mit \"Ja\""
 
 #: agent/trustlist.c:342
 msgid "Yes"
diff --git a/scd/ChangeLog b/scd/ChangeLog
index 4aae08536..e85c8d81c 100644
--- a/scd/ChangeLog
+++ b/scd/ChangeLog
@@ -9,6 +9,7 @@
 	(ccid_transceive_apdu_level): New.
 	(ccid_transceive): Divert to above.
 	(parse_ccid_descriptor): Allow APDU level exchange mode.
+	(do_close_reader): Pass the interface number to usb_release_interface.
 
 2004-12-21  Werner Koch  <wk@g10code.com>
 
diff --git a/scd/ccid-driver.c b/scd/ccid-driver.c
index eeea651a9..0694fe762 100644
--- a/scd/ccid-driver.c
+++ b/scd/ccid-driver.c
@@ -198,6 +198,7 @@ struct ccid_driver_s
   unsigned short id_vendor;
   unsigned short id_product;
   unsigned short bcd_device;
+  int ifc_no;
   int ep_bulk_out;
   int ep_bulk_in;
   int ep_intr;
@@ -914,6 +915,7 @@ ccid_open_reader (ccid_driver_t *handle, const char *readerid)
   (*handle)->id_vendor = dev->descriptor.idVendor;
   (*handle)->id_product = dev->descriptor.idProduct;
   (*handle)->bcd_device = dev->descriptor.bcdDevice;
+  (*handle)->ifc_no = ifc_no;
   (*handle)->ep_bulk_out = ep_bulk_out;
   (*handle)->ep_bulk_in = ep_bulk_in;
   (*handle)->ep_intr = ep_intr;
@@ -977,7 +979,7 @@ do_close_reader (ccid_driver_t handle)
     }
   if (handle->idev)
     {
-      usb_release_interface (handle->idev, 0);
+      usb_release_interface (handle->idev, handle->ifc_no);
       usb_close (handle->idev);
       handle->idev = NULL;
     }
@@ -1018,6 +1020,7 @@ ccid_shutdown_reader (ccid_driver_t handle)
 
 
   handle->idev = idev;
+  handle->ifc_no = ifc_no;
   handle->ep_bulk_out = ep_bulk_out;
   handle->ep_bulk_in = ep_bulk_in;
   handle->ep_intr = ep_intr;
@@ -2115,6 +2118,7 @@ main (int argc, char **argv)
   int no_pinpad = 0;
   int verify_123456 = 0;
   int did_verify = 0;
+  int no_poll = 0;
 
   if (argc)
     {
@@ -2139,6 +2143,11 @@ main (int argc, char **argv)
           ccid_set_debug_level (1);
           argc--; argv++;
         }
+      else if ( !strcmp (*argv, "--no-poll"))
+        {
+          no_poll = 1;
+          argc--; argv++;
+        }
       else if ( !strcmp (*argv, "--no-pinpad"))
         {
           no_pinpad = 1;
@@ -2157,7 +2166,8 @@ main (int argc, char **argv)
   if (rc)
     return 1;
 
-  ccid_poll (ccid);
+  if (!no_poll)
+    ccid_poll (ccid);
   fputs ("getting ATR ...\n", stderr);
   rc = ccid_get_atr (ccid, NULL, 0, NULL);
   if (rc)
@@ -2166,7 +2176,8 @@ main (int argc, char **argv)
       return 1;
     }
 
-  ccid_poll (ccid);
+  if (!no_poll)
+    ccid_poll (ccid);
   fputs ("getting slot status ...\n", stderr);
   rc = ccid_slot_status (ccid, &slotstat);
   if (rc)
@@ -2175,7 +2186,8 @@ main (int argc, char **argv)
       return 1;
     }
 
-  ccid_poll (ccid);
+  if (!no_poll)
+    ccid_poll (ccid);
 
   fputs ("selecting application OpenPGP ....\n", stderr);
   {
@@ -2188,7 +2200,8 @@ main (int argc, char **argv)
   }
   
 
-  ccid_poll (ccid);
+  if (!no_poll)
+    ccid_poll (ccid);
 
   fputs ("getting OpenPGP DO 0x65 ....\n", stderr);
   {
diff --git a/sm/ChangeLog b/sm/ChangeLog
index df1670082..a4f07b048 100644
--- a/sm/ChangeLog
+++ b/sm/ChangeLog
@@ -1,3 +1,7 @@
+2005-01-13  Werner Koch  <wk@g10code.com>
+
+	* certreqgen.c (proc_parameters): Cast printf arg.
+
 2004-12-22  Werner Koch  <wk@g10code.com>
 
 	* gpgsm.c (set_binary): New.
diff --git a/sm/certreqgen.c b/sm/certreqgen.c
index bbc7c98e9..7b29a5b8d 100644
--- a/sm/certreqgen.c
+++ b/sm/certreqgen.c
@@ -493,7 +493,7 @@ proc_parameters (ctrl_t ctrl,
 
   sprintf (numbuf, "%u", nbits);
   snprintf (keyparms, DIM (keyparms)-1, 
-            "(6:genkey(3:rsa(5:nbits%d:%s)))", strlen (numbuf), numbuf);
+            "(6:genkey(3:rsa(5:nbits%d:%s)))", (int)strlen (numbuf), numbuf);
   rc = gpgsm_agent_genkey (ctrl, keyparms, &public);
   if (rc)
     {
diff --git a/sm/decrypt.c b/sm/decrypt.c
index 8ac2e23fe..9e5518b0f 100644
--- a/sm/decrypt.c
+++ b/sm/decrypt.c
@@ -333,7 +333,7 @@ gpgsm_decrypt (ctrl_t ctrl, int in_fd, FILE *out_fp)
                                numbuf, algoid?algoid:"?", NULL);
               }
 
-              /* If it seems that this is not an ecrypted message we
+              /* If it seems that this is not an encrypted message we
                  return a more sensible error code. */
               if (!algoid)
                 rc = gpg_error (GPG_ERR_NO_DATA);