Pass on assuan comment lines from scd.

Fix confidential flag setting.
Print another status_error.

NEWS

@@ -1,11 +1,15 @@
+Noteworthy changes in version 2.0.17 (unreleased)
+-------------------------------------------------
+
+
 Noteworthy changes in version 2.0.16 (2010-07-19)
 -------------------------------------------------
 
  * If the agent's --use-standard-socket option is active, all tools
    try to start and daemonize the agent on the fly.  In the past this
    was only supported on W32; on non-W32 systems the new configure
-   option --use-standard-socket may now be used to use this feature by
-   default.
+   option --enable-standard-socket may now be used to use this feature
+   by default.
 
  * The gpg-agent commands KILLAGENT and RELOADAGENT are now available
    on all platforms.

agent/ChangeLog

@@ -1,5 +1,8 @@
 2010-08-11  Werner Koch  <wk@g10code.com>
 
+	* call-pinentry.c (agent_askpin, agent_get_passphrase): Fix
+	setting of confidential flag.
+
 	* call-scd.c (agent_card_scd): Pass assuan comment lines to the
 	caller.
 	(ASSUAN_CONVEY_COMMENTS): Provide replacement if needed.

agent/call-pinentry.c

@@ -705,6 +705,7 @@ agent_askpin (ctrl_t ctrl,
   struct entry_parm_s parm;
   const char *errtext = NULL;
   int is_pin = 0;
+  int saveflag;
 
   if (opt.batch)
     return 0; /* fixme: we should return BAD PIN */
@@ -782,8 +783,11 @@ agent_askpin (ctrl_t ctrl,
           errtext = NULL;
         }
       
+      saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL);
+      assuan_begin_confidential (entry_ctx);
       rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm,
                             inq_quality, entry_ctx, NULL, NULL);
+      assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag);
       /* Most pinentries out in the wild return the old Assuan error code
          for canceled which gets translated to an assuan Cancel error and
          not to the code for a user cancel.  Fix this here. */
@@ -845,6 +849,7 @@ agent_get_passphrase (ctrl_t ctrl,
   int rc;
   char line[ASSUAN_LINELENGTH];
   struct entry_parm_s parm;
+  int saveflag;
 
   *retpass = NULL;
   if (opt.batch)
@@ -895,9 +900,11 @@ agent_get_passphrase (ctrl_t ctrl,
   if (!parm.buffer)
     return unlock_pinentry (out_of_core ());
 
+  saveflag = assuan_get_flag (entry_ctx, ASSUAN_CONFIDENTIAL);
   assuan_begin_confidential (entry_ctx);
   rc = assuan_transact (entry_ctx, "GETPIN", getpin_cb, &parm,
                         inq_quality, entry_ctx, NULL, NULL);
+  assuan_set_flag (entry_ctx, ASSUAN_CONFIDENTIAL, saveflag);
   /* Most pinentries out in the wild return the old Assuan error code
      for canceled which gets translated to an assuan Cancel error and
      not to the code for a user cancel.  Fix this here. */

announce.txt

@@ -5,7 +5,7 @@ Mail-Followup-To: gnupg-users@gnupg.org
 Hello!
 
 We are pleased to announce the availability of a new stable GnuPG-2
-release:  Version 2.0.15.
+release:  Version 2.0.16.
 
 The GNU Privacy Guard (GnuPG) is GNU's tool for secure communication
 and data storage.  It can be used to encrypt data, create digital
@@ -31,12 +31,16 @@ GnuPG is distributed under the terms of the GNU General Public License
 What's New
 ===========
 
- * New command --passwd for GPG.
+ * If the agent's --use-standard-socket option is active, all tools
+   try to start and daemonize the agent on the fly.  In the past this
+   was only supported on W32; on non-W32 systems the new configure
+   option --use-standard-socket may now be used to use this feature by
+   default.
 
- * Fixes a regression in 2.0.14 which prevented unprotection of new
-   or changed gpg-agent passphrases.
+ * The gpg-agent commands KILLAGENT and RELOADAGENT are now available
+   on all platforms.
 
- * Uses libassuan 2.0 which is available as a DSO.
+ * Minor bug fixes.
 
 
 Getting the Software
@@ -45,7 +49,7 @@ Getting the Software
 Please follow the instructions found at http://www.gnupg.org/download/
 or read on:
 
-GnuPG 2.0.15 may be downloaded from one of the GnuPG mirror sites or
+GnuPG 2.0.16 may be downloaded from one of the GnuPG mirror sites or
 direct from ftp://ftp.gnupg.org/gcrypt/gnupg/ .  The list of mirrors
 can be found at http://www.gnupg.org/mirrors.html .  Note, that GnuPG
 is not available at ftp.gnu.org.
@@ -53,14 +57,14 @@ is not available at ftp.gnu.org.
 On the FTP server and its mirrors you should find the following files
 in the gnupg/ directory:
 
-  gnupg-2.0.15.tar.bz2 (3884k)
-  gnupg-2.0.15.tar.bz2.sig
+  gnupg-2.0.16.tar.bz2 (3910k)
+  gnupg-2.0.16.tar.bz2.sig
 
       GnuPG source compressed using BZIP2 and OpenPGP signature.
 
-  gnupg-2.0.14-2.0.15.diff.bz2 (40k)
+  gnupg-2.0.15-2.0.16.diff.bz2 (51k)
 
-      A patch file to upgrade a 2.0.14 GnuPG source tree.  This patch
+      A patch file to upgrade a 2.0.15 GnuPG source tree.  This patch
       does not include updates of the language files.
 
 Note, that we don't distribute gzip compressed tarballs for GnuPG-2. 
@@ -75,9 +79,9 @@ the following ways:
 
  * If you already have a trusted version of GnuPG installed, you
    can simply check the supplied signature.  For example to check the
-   signature of the file gnupg-2.0.15.tar.bz2 you would use this command:
+   signature of the file gnupg-2.0.16.tar.bz2 you would use this command:
 
-     gpg --verify gnupg-2.0.15.tar.bz2.sig
+     gpg --verify gnupg-2.0.16.tar.bz2.sig
 
    This checks whether the signature file matches the source file.
    You should see a message indicating that the signature is good and
@@ -101,15 +105,15 @@ the following ways:
 
  * If you are not able to use an old version of GnuPG, you have to verify
    the SHA-1 checksum.  Assuming you downloaded the file
-   gnupg-2.0.14.tar.bz2, you would run the sha1sum command like this:
+   gnupg-2.0.16.tar.bz2, you would run the sha1sum command like this:
 
-     sha1sum gnupg-2.0.15.tar.bz2
+     sha1sum gnupg-2.0.16.tar.bz2
 
    and check that the output matches the first line from the
    following list:
 
-3596668fb9cc8ec0714463a5009f990fc23434b0  gnupg-2.0.15.tar.bz2
-ed35765ae081706c8856fd491201f4f9576135fd  gnupg-2.0.14-2.0.15.diff.bz2
+e7eb4f60026884bd90803b531472bc518804b95d  gnupg-2.0.16.tar.bz2
+be77c0ba597b9ad9e38941e85ba1750890067227  gnupg-2.0.15-2.0.16.diff.bz2
 
 
 Internationalization

configure.ac

@@ -24,8 +24,8 @@ min_automake_version="1.10"
 # Remember to change the version number immediately *after* a release.
 # Set my_issvn to "yes" for non-released code.  Remember to run an
 # "svn up" and "autogen.sh" right before creating a distribution.
-m4_define([my_version], [2.0.16])
-m4_define([my_issvn], [no])
+m4_define([my_version], [2.0.17])
+m4_define([my_issvn], [yes])
 
 m4_define([svn_revision], m4_esyscmd([printf "%d" $(svn info 2>/dev/null \
           | sed -n '/^Revision:/ s/[^0-9]//gp'|head -1)]))

g10/ChangeLog

@@ -1,3 +1,8 @@
+2010-07-20  Werner Koch  <wk@g10code.com>
+
+	* mainproc.c (print_pkenc_list): Print a STATUS_ERROR.  Fixes
+	bug#1255.
+
 2010-06-18  Werner Koch  <wk@g10code.com>
 
 	* parse-packet.c (skip_packet, parse_gpg_control): Take care of

g10/mainproc.c

@@ -475,8 +475,11 @@ print_pkenc_list( struct kidlist_item *list, int failed )
 	    }
 	}
 	else if (list->reason)
+          {
 	    log_info(_("public key decryption failed: %s\n"),
 						g10_errstr(list->reason));
+            write_status_error ("pkdecrypt_failed", list->reason);
+          }
     }
 }