[git] GnuPG - branch, master, updated. gnupg-2.2.7-311-g70a8db0

by Werner Koch cvs at cvs.gnupg.org
Tue Dec 18 08:23:46 CET 2018 

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "The GNU Privacy Guard".

The branch, master has been updated
       via  70a8db0333e3c22403b3647f8b5f924f6dace719 (commit)
      from  e6b7e0ff9990813ac9f11b2d9d92596d6379ebfe (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 70a8db0333e3c22403b3647f8b5f924f6dace719
Author: Werner Koch <wk at gnupg.org>
Date:   Tue Dec 18 08:21:03 2018 +0100

    wks: Do not use compression for the encrypted data.
    
    * tools/gpg-wks-client.c (encrypt_response): Add arg -z0.
    * tools/gpg-wks-server.c (encrypt_stream): Ditto.
    --
    
    If for example a server was built without the development packages of
    the compression libraries installed, the server will not be able to
    decrypt a request.  In theory this can't happen due to the preference
    system but it is just to easy to create the server's key using a
    different version of gpg and then use gpg-wks-server built
    differently.
    
    For the short messages we exchange compression is not really required
    and thus we better do without to make the system more robust.
    
    Signed-off-by: Werner Koch <wk at gnupg.org>

diff --git a/tools/gpg-wks-client.c b/tools/gpg-wks-client.c
index 0dee1a2..e59d52d 100644
--- a/tools/gpg-wks-client.c
+++ b/tools/gpg-wks-client.c
@@ -1151,6 +1151,7 @@ encrypt_response (estream_t *r_output, estream_t input, const char *addrspec,
   ccparray_put (&ccp, "--status-fd=2");
   ccparray_put (&ccp, "--always-trust");
   ccparray_put (&ccp, "--armor");
+  ccparray_put (&ccp, "-z0");  /* No compression for improved robustness.  */
   if (fake_submission_addr)
     ccparray_put (&ccp, "--auto-key-locate=clear,local");
   else
diff --git a/tools/gpg-wks-server.c b/tools/gpg-wks-server.c
index 1a0ba8f..f83ef65 100644
--- a/tools/gpg-wks-server.c
+++ b/tools/gpg-wks-server.c
@@ -586,6 +586,7 @@ encrypt_stream (estream_t *r_output, estream_t input, const char *keyfile)
   ccparray_put (&ccp, "--always-trust");
   ccparray_put (&ccp, "--no-keyring");
   ccparray_put (&ccp, "--armor");
+  ccparray_put (&ccp, "-z0");  /* No compression for improved robustness.  */
   ccparray_put (&ccp, "--recipient-file");
   ccparray_put (&ccp, keyfile);
   ccparray_put (&ccp, "--encrypt");

-----------------------------------------------------------------------

Summary of changes:
 tools/gpg-wks-client.c | 1 +
 tools/gpg-wks-server.c | 1 +
 2 files changed, 2 insertions(+)


hooks/post-receive
-- 
The GNU Privacy Guard
http://git.gnupg.org

More information about the Gnupg-commits mailing list