Included LIBICONV in all Makefiles.

g10/
	* passphrase.c (passphrase_get): Set the cancel flag on all error
	from the agent.  Fixes a bug reported by Tom Duerbusch.
sm/
	* gpgsm.c (main): Let --gen-key print a more informative error
	message.

ChangeLog

@@ -1,3 +1,7 @@
+2007-01-31  Werner Koch  <wk@g10code.com>
+
+	Released 2.0.2.
+
 2006-11-30  Werner Koch  <wk@g10code.com>
 
 	* configure.ac: Save original LIBS when testing for dlopen.

NEWS

@@ -1,4 +1,4 @@
-Noteworthy changes in version 2.0.2 (unreleased)
+Noteworthy changes in version 2.0.2 (2007-01-31)
 ------------------------------------------------
 
  * Fixed a serious and exploitable bug in processing encrypted
@@ -8,12 +8,12 @@ Noteworthy changes in version 2.0.2 (unreleased)
    prompt for a new passphrase to be repeated.  This is useful to help
    memorize a new passphrase.  The default is 1 repetition.
 
- * Using a PIN pad does now also for for the signing key.
+ * Using a PIN pad does now also work for the signing key.
 
- * A warning is displayed if a new passphrase is too short.  New
-   option --min-passphrase-len defaults to 8.
+ * A warning is displayed bu gpg-agent if a new passphrase is too
+   short.  New option --min-passphrase-len defaults to 8.
 
- * The status code BEGIN_SIGNING now show the used hash algorithm.
+ * The status code BEGIN_SIGNING now shows the used hash algorithms.
  
 
 Noteworthy changes in version 2.0.1 (2006-11-28)

THANKS

@@ -232,6 +232,7 @@ Timo Schulz                twoaday at freakmail.de
 Tobias Winkler             tobias.winkler at s1998.tu-chemnitz.de
 Todd Vierling              tv at pobox.com
 TOGAWA Satoshi             Satoshi.Togawa at jp.yokogawa.com
+Tom Duerbusch              DuerbuschT at stlouiscity.com
 Tom Spindler		   dogcow at home.merit.edu
 Tom Zerucha		   tzeruch at ceddec.com
 Tomas Fasth		   tomas.fasth at twinspot.net

agent/ChangeLog

@@ -1,3 +1,7 @@
+2007-01-31  Werner Koch  <wk@g10code.com>
+
+	* Makefile.am (t_common_ldadd): Add LIBICONV.
+
 2007-01-25  Werner Koch  <wk@g10code.com>
 
 	* genkey.c (check_passphrase_constraints): Get ngettext call right

agent/Makefile.am

@@ -83,7 +83,7 @@ $(PROGRAMS): $(common_libs) $(commonpth_libs) $(pwquery_libs)
 TESTS = t-protect
 
 t_common_ldadd = $(common_libs) \
-                 $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL)
+                 $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV)
 
 t_protect_SOURCES = t-protect.c protect.c 
 t_protect_LDADD = $(t_common_ldadd)

common/ChangeLog

@@ -1,3 +1,7 @@
+2007-01-31  Werner Koch  <wk@g10code.com>
+
+	* Makefile.am (t_common_ldadd): Add LIBINCONV and LIBINTL.
+
 2007-01-25  Werner Koch  <wk@g10code.com>
 
 	* simple-pwquery.c (simple_pwquery): New arg OPT_CHECK.

common/Makefile.am

@@ -79,7 +79,7 @@ libgpgrl_a_SOURCES = \
 module_tests = t-convert
 
 t_common_ldadd = ../jnlib/libjnlib.a ../common/libcommon.a ../gl/libgnu.a \
-                 $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS)
+                 $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV)
 
 t_convert_DEPENDENCIES = convert.c libcommon.a
 t_convert_LDADD = $(t_common_ldadd)

configure.ac

@@ -27,7 +27,7 @@ min_automake_version="1.9.3"
 # Set my_issvn to "yes" for non-released code.  Remember to run an
 # "svn up" and "autogen.sh" right before creating a distribution.
 m4_define([my_version], [2.0.2])
-m4_define([my_issvn], [yes])
+m4_define([my_issvn], [no])
 
 
 m4_define([svn_revision], m4_esyscmd([echo -n $( (svn info 2>/dev/null \

doc/com-certs.pem

@@ -318,27 +318,28 @@ Subject ..: /CN=S-TRUST Qualified Root CA 2007-001:PN
 # Currently disabled because latest SVN versions of libgcrypt and
 # libksba a required to use this certificate.
 #-----BEGIN CERTIFICATE-----
-#MIIESzCCAzOgAwIBAgIRALwJjgQC6SlWuNfedJd+JvcwDQYJKoZIhvcNAQELBQAw
-#gZ4xCzAJBgNVBAYTAkRFMSAwHgYDVQQIExdCYWRlbi1XdWVydHRlbWJlcmcgKEJX
-#KTESMBAGA1UEBxMJU3R1dHRnYXJ0MSkwJwYDVQQKEyBEZXV0c2NoZXIgU3Bhcmth
-#c3NlbiBWZXJsYWcgR21iSDEuMCwGA1UEAxMlUy1UUlVTVCBRdWFsaWZpZWQgUm9v
-#dCBDQSAyMDA3LTAwMTpQTjAeFw0wNzAxMDEwMDAwMDBaFw0xMTEyMzAyMzU5NTla
-#MIGeMQswCQYDVQQGEwJERTEgMB4GA1UECBMXQmFkZW4tV3VlcnR0ZW1iZXJnIChC
-#VykxEjAQBgNVBAcTCVN0dXR0Z2FydDEpMCcGA1UEChMgRGV1dHNjaGVyIFNwYXJr
-#YXNzZW4gVmVybGFnIEdtYkgxLjAsBgNVBAMTJVMtVFJVU1QgUXVhbGlmaWVkIFJv
-#b3QgQ0EgMjAwNy0wMDE6UE4wggEjMA0GCSqGSIb3DQEBAQUAA4IBEAAwggELAoIB
-#AQCnJdNNiDQLKpPIfHTC3ifleXWTf96hLfvP58q41fuywQ+rXju453yjPgr/ej5i
-#RgYPyJnSc498wyu/XtPLIC3gQvowfiI8WmSj/eEToHUhrLIAtx1VXSi/Rugt3E1Y
-#uYGkPn/gnrkk+RtPJQuBl1NRxKEVi7rg1Ch5RJvWsUTOmxgeWlr8qZnPoLkA2y6N
-#lhL6LP3Th+OQIH4RFFfazNYWpH4Cg6I5nzyieHaR6LrGk0L7GfDKdZG4Eqan3JvI
-#ilrFHzzCm7qudd+31jcRamReqZqJ0wzBmY1LNAzDyCAC3Y+YWEz8crhDW3mK/wFY
-#H0RHHeow06RMTEVwls+FrhWfAgRAAACBo4GAMH4wEgYDVR0TAQH/BAgwBgEB/wIB
-#ATAOBgNVHQ8BAf8EBAMCAQYwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATAdBgNV
-#HQ4EFgQUPAujGBtjPCldr0A+EM4YCZSIX1cwHwYDVR0jBBgwFoAUPAujGBtjPCld
-#r0A+EM4YCZSIX1cwDQYJKoZIhvcNAQELBQADggEBAJ1pVXXcVb9m0yRPjvE4Rvko
-#tdjIm29YnY13ILCrPqjfgtpSlId6NHPhykGLkw3ratNlWQp3rmen/8EqQJa0rsPD
-#CiB20ilLb1CmF8/SViJ26C+K0ayzk8s2v7S/m7/Tx9Dgd2PXWwy2XjeGG/2SkISH
-#5CtSjbm8U+xTh5SQMgK1MX/bDiNJebDOO0N2lxAjtcGmw7K6OTWS7KnFfjzv6fKK
-#L7Ed2Gpd2gBkbuJVe/wX2mDP2P4rpcCEkXrDoWbi9WWc+eP5fCgE4Nj7/VhnbPf6
-#DJCvmUG571uf1oukFaoeeyzpw2q28Ly1KR8DNPw+B/3PzJUIjXYzPGyUjv3aPew=
+MIIESzCCAzOgAwIBAgIRALwJjgQC6SlWuNfedJd+JvcwDQYJKoZIhvcNAQELBQAw
+gZ4xCzAJBgNVBAYTAkRFMSAwHgYDVQQIExdCYWRlbi1XdWVydHRlbWJlcmcgKEJX
+KTESMBAGA1UEBxMJU3R1dHRnYXJ0MSkwJwYDVQQKEyBEZXV0c2NoZXIgU3Bhcmth
+c3NlbiBWZXJsYWcgR21iSDEuMCwGA1UEAxMlUy1UUlVTVCBRdWFsaWZpZWQgUm9v
+dCBDQSAyMDA3LTAwMTpQTjAeFw0wNzAxMDEwMDAwMDBaFw0xMTEyMzAyMzU5NTla
+MIGeMQswCQYDVQQGEwJERTEgMB4GA1UECBMXQmFkZW4tV3VlcnR0ZW1iZXJnIChC
+VykxEjAQBgNVBAcTCVN0dXR0Z2FydDEpMCcGA1UEChMgRGV1dHNjaGVyIFNwYXJr
+YXNzZW4gVmVybGFnIEdtYkgxLjAsBgNVBAMTJVMtVFJVU1QgUXVhbGlmaWVkIFJv
+b3QgQ0EgMjAwNy0wMDE6UE4wggEjMA0GCSqGSIb3DQEBAQUAA4IBEAAwggELAoIB
+AQCnJdNNiDQLKpPIfHTC3ifleXWTf96hLfvP58q41fuywQ+rXju453yjPgr/ej5i
+RgYPyJnSc498wyu/XtPLIC3gQvowfiI8WmSj/eEToHUhrLIAtx1VXSi/Rugt3E1Y
+uYGkPn/gnrkk+RtPJQuBl1NRxKEVi7rg1Ch5RJvWsUTOmxgeWlr8qZnPoLkA2y6N
+lhL6LP3Th+OQIH4RFFfazNYWpH4Cg6I5nzyieHaR6LrGk0L7GfDKdZG4Eqan3JvI
+ilrFHzzCm7qudd+31jcRamReqZqJ0wzBmY1LNAzDyCAC3Y+YWEz8crhDW3mK/wFY
+H0RHHeow06RMTEVwls+FrhWfAgRAAACBo4GAMH4wEgYDVR0TAQH/BAgwBgEB/wIB
+ATAOBgNVHQ8BAf8EBAMCAQYwGAYIKwYBBQUHAQMEDDAKMAgGBgQAjkYBATAdBgNV
+HQ4EFgQUPAujGBtjPCldr0A+EM4YCZSIX1cwHwYDVR0jBBgwFoAUPAujGBtjPCld
+r0A+EM4YCZSIX1cwDQYJKoZIhvcNAQELBQADggEBAJ1pVXXcVb9m0yRPjvE4Rvko
+tdjIm29YnY13ILCrPqjfgtpSlId6NHPhykGLkw3ratNlWQp3rmen/8EqQJa0rsPD
+CiB20ilLb1CmF8/SViJ26C+K0ayzk8s2v7S/m7/Tx9Dgd2PXWwy2XjeGG/2SkISH
+5CtSjbm8U+xTh5SQMgK1MX/bDiNJebDOO0N2lxAjtcGmw7K6OTWS7KnFfjzv6fKK
+L7Ed2Gpd2gBkbuJVe/wX2mDP2P4rpcCEkXrDoWbi9WWc+eP5fCgE4Nj7/VhnbPf6
+DJCvmUG571uf1oukFaoeeyzpw2q28Ly1KR8DNPw+B/3PzJUIjXYzPGyUjv3aPew=
 #-----END CERTIFICATE-----
+

doc/gpg.texi

@@ -1463,7 +1463,7 @@ Override the value of the environment variable
 @samp{GPG_AGENT_INFO}. This is only used when @option{--use-agent} has
 been given.  Given that this option is not anymore used by
 @command{gpg2}, it should be avoided if possible.
-@end gpgone
+@end ifset
 
 @item --lock-once
 Lock the databases the first time a lock is requested

doc/gpgsm.texi

@@ -164,7 +164,8 @@ use @samp{--help} to get a list of supported operations.
 @table @gnupgtabopt
 @item --gen-key
 @opindex gen-key
-Generate a new key and a certificate request.
+This command will only print an error message and direct the user to the
+@command{gpgsm-gencert.sh} script.
 
 @item --list-keys
 @itemx -k 

doc/qualified.txt

@@ -13,7 +13,8 @@
 # property with its OpenPGP signature.  Check this signature before
 # adding entries:
 #  svn pg gpg:signature qualified.txt | gpg --verify - qualified.txt
-
+# to create a new signature:
+#  f=qualified.txt; gpg -sba $f && svn ps gpg:signature -F $f.asc $f
 
 #*******************************************
 #
@@ -108,6 +109,79 @@ DB:45:3D:1B:B0:1A:F3:23:10:6B:DE:D0:09:61:57:AA:F4:25:E0:5B  de
 A0:8B:DF:3B:AA:EE:3F:9D:64:6C:47:81:23:21:D4:A6:18:81:67:1D  de
 
 
+#
+# D-Trust root certificates.  Probably by shifting a lot of Euros to
+# laywer companies, German CAs achieved to get the permission to
+# create their own legally binding root certificates - independent of
+# the Bundesnetzagentur.  The main problem with this is that it is
+# hard to figure out what qualified root certificates are actually
+# active.  There is now no way to be sure whether a signature is a
+# qualified one.  A pettifogger's way of validating certificates.
+#
+
+#Serial number: 00B95F
+#       Issuer: /CN=D-TRUST Qualified Root CA 1 2006:PN/O=D-Trust GmbH/C=DE
+#      Subject: /CN=D-TRUST Qualified Root CA 1 2006:PN/O=D-Trust GmbH/C=DE
+#          aka: info@d-trust.net
+#          aka: (uri http://www.d-trust.net)
+#     validity: 2006-04-27 12:40:54 through 2011-04-27 12:40:54
+#     key type: 2048 bit RSA
+#    key usage: certSign crlSign
+#     policies: 1.3.6.1.4.1.4788.2.30.1:N:
+# chain length: unlimited
+#[checked: 2007-01-31  by phone 030-259391-0 and callback by Mrs. Enke]
+E0:BF:1B:91:91:6B:88:E4:F1:15:92:22:CE:37:23:96:B1:4A:2E:5C  de
+
+
+#Serial number: 00B960
+#       Issuer: /CN=D-TRUST Qualified Root CA 2 2006:PN/O=D-Trust GmbH/C=DE
+#      Subject: /CN=D-TRUST Qualified Root CA 2 2006:PN/O=D-Trust GmbH/C=DE
+#          aka: info@d-trust.net
+#          aka: (uri http://www.d-trust.net)
+#     validity: 2006-04-27 12:40:54 through 2011-04-27 12:40:54
+#     key type: 2048 bit RSA
+#    key usage: certSign crlSign
+#     policies: 1.3.6.1.4.1.4788.2.30.1:N:
+# chain length: unlimited
+#[checked: 2007-01-31  by phone 030-259391-0 and callback by Mrs. Enke]
+98:2A:75:67:0F:F8:28:4A:94:E0:9D:23:D8:E7:62:C8:BD:A4:54:04  de
+
+
+#
+# S-Trust root certificates.
+#
+
+#Serial number: 00DF749F80AA51F0EDC0CB1FC183E97EE2
+#       Issuer: /CN=S-TRUST Qualified Root CA 2006-001:PN
+#               /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
+#               /ST=Baden-Wuerttemberg (BW)/C=DE
+#      Subject: /CN=S-TRUST Qualified Root CA 2006-001:PN
+#               /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
+#               /ST=Baden-Wuerttemberg (BW)/C=DE
+#     validity: 2006-01-01 00:00:00 through 2010-12-30 23:59:59
+#     key type: 2048 bit RSA
+#    key usage: certSign crlSign
+# chain length: 1
+#[checked: 2007-01-31 by phone 0711-782-0 Mr. Brommer]
+7D:DC:76:1C:FD:AF:4C:E0:3A:B5:3A:DD:C9:FA:13:35:19:A3:DE:C9  de
+
+#Serial number: 00BC098E0402E92956B8D7DE74977E26F7
+#       Issuer: /CN=S-TRUST Qualified Root CA 2007-001:PN
+#               /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
+#               /ST=Baden-Wuerttemberg (BW)/C=DE
+#      Subject: /CN=S-TRUST Qualified Root CA 2007-001:PN
+#               /O=Deutscher Sparkassen Verlag GmbH/L=Stuttgart
+#               /ST=Baden-Wuerttemberg (BW)/C=DE
+#     validity: 2007-01-01 00:00:00 through 2011-12-30 23:59:59
+#     key type: 2048 bit RSA
+#    key usage: certSign crlSign
+# chain length: 1
+#[checked: 2007-01-31 by phone 0711-782-0 Mr. Brommer]
+7A:3C:1B:60:2E:BD:A4:A1:E0:EB:AD:7A:BA:4F:D1:43:69:A9:39:FC  de
+
+
+
+
 #*******************************************
 #
 #                 End of file

g10/ChangeLog

@@ -1,3 +1,8 @@
+2007-01-31  Werner Koch  <wk@g10code.com>
+
+	* passphrase.c (passphrase_get): Set the cancel flag on all error
+	from the agent.  Fixes a bug reported by Tom Duerbusch.
+
 2007-01-30  Werner Koch  <wk@g10code.com>
 
 	* status.c (write_status_begin_signing): New.

g10/keygen.c

@@ -2446,9 +2446,9 @@ proc_parameter_file( struct para_data_s *para, const char *fname,
   /* make DEK and S2K from the Passphrase */
   r = get_parameter( para, pPASSPHRASE );
   if( r && *r->u.value ) {
-    /* we have a plain text passphrase - create a DEK from it.
+    /* We have a plain text passphrase - create a DEK from it.
      * It is a little bit ridiculous to keep it ih secure memory
-     * but becuase we do this alwasy, why not here */
+     * but because we do this always, why not here */
     STRING2KEY *s2k;
     DEK *dek;
 

g10/passphrase.c

@@ -377,7 +377,18 @@ passphrase_get ( u32 *keyid, int mode, const char *cacheid,
         *canceled = 1;
     }
   else 
-    log_error (_("problem with the agent: %s\n"), gpg_strerror (rc));
+    {
+      log_error (_("problem with the agent: %s\n"), gpg_strerror (rc));
+      /* Due to limitations in the API of the upper layers they
+         consider an error as no passphrase entered.  This works in
+         most cases but not during key creation where this should
+         definitely not happen and let it continue without requiring a
+         passphrase.  Given that now all the upper layers handle a
+         cancel correctly, we simply set the cancel flag now for all
+         errors from the agent.  */ 
+      if (canceled)
+        *canceled = 1;
+    }
       
 #ifdef ENABLE_NLS
   if (orig_codeset)
@@ -483,7 +494,7 @@ ask_passphrase (const char *description,
 
 /* Return a new DEK object Using the string-to-key sepcifier S2K.  Use
    KEYID and PUBKEY_ALGO to prompt the user.  Returns NULL is the user
-   selected to cancel the passphrase entry and it CANCELED is not
+   selected to cancel the passphrase entry and if CANCELED is not
    NULL, sets it to true.
 
    MODE 0:  Allow cached passphrase

kbx/ChangeLog

@@ -1,3 +1,8 @@
+2007-01-31  Werner Koch  <wk@g10code.com>
+
+	* Makefile.am (kbxutil_LDADD): Use GPG_ERROR_LIBS instead of -l.
+	Reordered args.
+
 2007-01-25  Werner Koch  <wk@g10code.com>
 
 	* Makefile.am (kbxutil_LDADD): Added LIBICONV.  Noted by Billy

kbx/Makefile.am

@@ -46,8 +46,8 @@ libkeybox_a_SOURCES = $(common_sources)
 
 # Note that libcommon is only required to resolve the LIBOBJS.
 kbxutil_SOURCES = kbxutil.c $(common_sources)
-kbxutil_LDADD   = ../jnlib/libjnlib.a ../gl/libgnu.a \
-	          $(KSBA_LIBS) $(LIBGCRYPT_LIBS) \
-                  -lgpg-error $(LIBINTL) ../common/libcommon.a $(LIBICONV)
+kbxutil_LDADD   = ../jnlib/libjnlib.a ../gl/libgnu.a ../common/libcommon.a \
+                  $(KSBA_LIBS) $(LIBGCRYPT_LIBS) \
+                  $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV)
 
 $(PROGRAMS) : ../jnlib/libjnlib.a ../gl/libgnu.a ../common/libcommon.a

po/ChangeLog

@@ -1,3 +1,11 @@
+2007-01-31  Werner Koch  <wk@g10code.com>
+
+	* de.po: Fixed a few fuzzy entries.
+
+2007-01-25  Werner Koch  <wk@g10code.com>
+
+	* de.po: Add Plural-Forms.
+
 2006-12-22  Werner Koch  <wk@g10code.com>
 
 	* sv.po: Installed revised and updated translation by Daniel

scd/ccid-driver.c

@@ -2371,9 +2371,9 @@ ccid_transceive_secure (ccid_driver_t handle,
       /* The CHERRY XX44 does not yet work. I have not investigated it
          closer because there is another problem: It echos a "*" for
          each entered character and we somehow need to arrange that it
-         doesn't get to the tty at all.  Given thate are running
+         doesn't get to the tty at all.  Given that we are running
          without a control terminal there is not much we can do about.
-         A weird hack using pinentry comes in mind but I doubnt that
+         A weird hack using pinentry comes in mind but I doubt that
          this is a clean solution.  Need to contact Cherry.
        */
     default:
@@ -2417,8 +2417,11 @@ ccid_transceive_secure (ccid_driver_t handle,
       msg[14] = 0x00; /* bmPINLengthFormat:
                          Units are bytes, position is 0. */
     }
-  msg[15] = pinlen_max;   /* wPINMaxExtraDigit-Maximum.  */
+
+  /* The following is a little endian word. */
+  msg[15] = pinlen_max;   /* wPINMaxExtraDigit-Maximum. */
   msg[16] = pinlen_min;   /* wPINMaxExtraDigit-Minimum.  */
+
   msg[17] = 0x02; /* bEntryValidationCondition:
                      Validation key pressed */
   if (pinlen_min && pinlen_max && pinlen_min == pinlen_max)

sm/ChangeLog

@@ -1,3 +1,8 @@
+2007-01-31  Werner Koch  <wk@g10code.com>
+
+	* gpgsm.c (main): Let --gen-key print a more informative error
+	message.
+
 2007-01-25  Werner Koch  <wk@g10code.com>
 
 	* Makefile.am (gpgsm_LDADD): Add LIBICONV.  Noted by Billy Halsey.

sm/gpgsm.c

@@ -253,7 +253,7 @@ static ARGPARSE_OPTS opts[] = {
     { aListSecretKeys, "list-secret-keys", 256, N_("list secret keys")},
     { aListChain,   "list-chain",  256, N_("list certificate chain")}, 
     { oFingerprint, "fingerprint", 256, N_("list keys and fingerprints")},
-    { aKeygen,	   "gen-key",  256, N_("generate a new key pair")},
+    { aKeygen,	   "gen-key",  256, "@" },
     { aDeleteKey, "delete-key",256, N_("remove key from the public keyring")},
     { aSendKeys, "send-keys"     , 256, N_("export keys to a key server") },
     { aRecvKeys, "recv-keys"     , 256, N_("import keys from a key server") },
@@ -1596,8 +1596,11 @@ main ( int argc, char **argv)
       break;
 
 
-    case aKeygen: /* generate a key */
-      log_error ("this function is not yet available from the commandline\n");
+    case aKeygen: /* Generate a key; well kind of. */
+      log_error 
+        (_("key generation is not available from the commandline\n"));
+      log_info (_("please use the script \"%s\" to generate a new key\n"),
+                "gpgsm-gencert.sh");
       break;
 
     case aImport:

tools/ChangeLog

@@ -1,3 +1,8 @@
+2007-01-31  Werner Koch  <wk@g10code.com>
+
+	* Makefile.am (symcryptrun_LDADD): Add LIBICONV.
+	(gpgkey2ssh_LDADD): Ditto.
+
 2006-12-13  David Shaw  <dshaw@jabberwocky.com>
 
 	* Makefile.am (gpgsplit_LDADD): Link to LIBINTL if we're using the

tools/Makefile.am

@@ -68,7 +68,7 @@ gpgparsemail_LDADD =
 
 symcryptrun_SOURCES = symcryptrun.c
 symcryptrun_LDADD = $(LIBUTIL_LIBS) $(common_libs) $(pwquery_libs) \
-                    $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL)
+                    $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBINCONV)
 
 watchgnupg_SOURCES = watchgnupg.c 
 watchgnupg_LDADD = $(NETLIBS)
@@ -82,7 +82,7 @@ gpgkey2ssh_CFLAGS = $(LIBGCRYPT_CFLAGS) $(GPG_ERROR_CFLAGS)
 # common sucks in jnlib, via use of BUG() in an inline function, which
 # some compilers do not eliminate.
 gpgkey2ssh_LDADD = $(common_libs) \
-                   $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL)
+                   $(LIBGCRYPT_LIBS) $(GPG_ERROR_LIBS) $(LIBINTL) $(LIBICONV)
 
 
 # Make sure that all libs are build before we use them.  This is