added gnuk.h fix

NEWS

@@ -17,15 +17,15 @@ setting PW3.  Without setting PW3, it becomes "admin-less" mode
 by setting PW1.
 
 ** Important two bug fixes.
+Gnuk (<= 0.11) had a bug which makes possible for attacker to change
+user password without knowing original password.
+
 Gnuk (<= 0.11) had a bug which makes possible for attacker to guess
 admin password easily.  When admin password is not set (the default
 value of factory setting), failure of VERIFY doesn't increment error
 counter in older versions.  Observing no increment of error counter,
 attacker could know that admin password is the one of factory setting.
 
-Gnuk (<= 0.11) had a bug which makes possible for attacker to change
-user password without knowing original password.
-
 ** tool/gnuk_put_binary.py now uses pyscard.
 Instead of PyUSB, it uses Python binding of PC/SC.  PyUSB version is
 still available as tool/gnuk_put_binary_libusb.py.

src/gnuk.h

@@ -79,6 +79,8 @@ extern void gpg_pw_increment_err_counter (uint8_t which);
 extern int ac_check_status (uint8_t ac_flag);
 extern int verify_pso_cds (const uint8_t *pw, int pw_len);
 extern int verify_other (const uint8_t *pw, int pw_len);
+extern int verify_user_0 (const uint8_t *pw, int buf_len, int pw_len_known,
+			  const uint8_t *ks_pw1);
 extern int verify_admin (const uint8_t *pw, int pw_len);
 extern int verify_admin_0 (const uint8_t *pw, int buf_len, int pw_len_known);