aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJ0WI <J0WI@users.noreply.github.com>2024-01-26 18:03:54 +0100
committerNatanael Copa <ncopa@alpinelinux.org>2024-01-26 23:24:32 +0000
commit6c058714a13fd8426bc436ad0bc3ff550e5f6707 (patch)
tree4aa4968c84d760ccd193c3c365f14ef37649f31f
parentc7b2efb55796cab85b58c19608aafb30c05a5829 (diff)
main/gnupg: security upgrade to 2.4.4
-rw-r--r--main/gnupg/APKBUILD8
-rw-r--r--main/gnupg/emacs-easypg-fix.patch591
2 files changed, 3 insertions, 596 deletions
diff --git a/main/gnupg/APKBUILD b/main/gnupg/APKBUILD
index 1fcd53b0ea0..f9434f1d959 100644
--- a/main/gnupg/APKBUILD
+++ b/main/gnupg/APKBUILD
@@ -3,9 +3,9 @@
# Maintainer: Natanael Copa <ncopa@alpinelinux.org>
pkgname=gnupg
# Upgrade to LTS versions only.
-pkgver=2.4.3
+pkgver=2.4.4
_ver=${pkgver/_beta/-beta}
-pkgrel=1
+pkgrel=0
pkgdesc="GNU Privacy Guard 2 - meta package for full GnuPG suite"
url="https://www.gnupg.org/"
arch="all"
@@ -64,7 +64,6 @@ source="https://gnupg.org/ftp/gcrypt/gnupg/gnupg-$_ver.tar.bz2
0330-gpg-default-to-sha512-for-all-signature-types-on-rsa-keys.patch
0340-gpg-prefer-sha512-and-sha384-in-personal-digest.patch
0420-gpg-drop-import-clean-from-default-keyserver-import-options.patch
- emacs-easypg-fix.patch
fix-i18n.patch
HACK-revert-rfc4880bis-default.patch
60-scdaemon.rules
@@ -247,7 +246,7 @@ utils() {
}
sha512sums="
-193a9398445272ec3eb5b79e802efb7414f74bcfffc3db0bf72c0056e04228120c419ed91db168e5733a16a33e548bab5368dd9cf11ecd483825bce189341a1e gnupg-2.4.3.tar.bz2
+3d1a3b08d1ce2319d238d8be96591e418ede1dc0b4ede33a4cc2fe40e9c56d5bbc27b1984736d8a786e7f292ddbc836846a8bdb4bf89f064e953c37cb54b94ef gnupg-2.4.4.tar.bz2
0e2aef4ae5c43c43efe2c914534d73f8f7068b49b5826b1f999296c30395497c4af121e4e99152ff7b43dcf56d1792cd46aea5158ca48597d6e0fca6d7358711 0010-avoid-beta-warning.patch
18004e52925b1f03e67a29a3d43b39e8119cf3426cdad4136824b932ad906ac499b4ceb3d7573177a9f16410d3b80c8f0e4bcdc54dd284f3f803a2cef609ad01 0020-avoid-regenerating-defsincdate-use-shipped-file.patch
d77a230e099ac26cf70acf4bf5c4a8446460f677857818027c16fd029292c249a24f31f7073e0388757cf567656e416b7f91af3bba62a85a2ffbdcf985c5050c 0110-avoid-simple-memory-dumps-via-ptrace.patch
@@ -256,7 +255,6 @@ d77a230e099ac26cf70acf4bf5c4a8446460f677857818027c16fd029292c249a24f31f7073e0388
1afea38e6fe3206be1cc2b2bc1410753aba9bc1e1370da76e711f7107924fc169008e1fba15117e0c5b244d71146e86c49ce0d816ce49a50b2452159144e1893 0330-gpg-default-to-sha512-for-all-signature-types-on-rsa-keys.patch
462af7b1e530e00d3870062666ef427d6df57ee8358b043c06fb8b7b54e50891fc8a49beeaabe45d1822d222ffc47da624798ceb8889a02e38ce85612453bb8b 0340-gpg-prefer-sha512-and-sha384-in-personal-digest.patch
0c1c44932e47ded65d412c48f859f1615a896ae1dd0a9e0e46fd491f3a25adc80e29fe12e329c3f541a60729cdf82330e81ab7bb7cacf1ddc6a9701a38bbbfaf 0420-gpg-drop-import-clean-from-default-keyserver-import-options.patch
-1dc8f88db36ff74eb0cf58e2c1b416b3200fae5892903f7dbad665a6b794c27f86959e467174774beebdedc26fb4d30ac2ade92633f7a49388c5aa8d3c9b0c93 emacs-easypg-fix.patch
28cba87121c66b1bbc90bb0f3ca8c69ff19376243854577a4d24afa4a3d4a4b8a952a3a7bbecc200058b6f722cfcd4fc72d5630c822f78ef3fc819f972798e34 fix-i18n.patch
eeeab08c22844ee364a64d7b772f0e42e5404428aaf37ef2504f043d7a69d1d3b32a34c680c413756ffb419733f23cea16172a6a611986c70bbffc801d071de8 HACK-revert-rfc4880bis-default.patch
4bfb9742279c2d1c872d63cd4bcb01f6a2a13d94618eff954d3a37451fa870a9bb29687330854ee47e8876d6e60dc81cb2569c3931beaefacda33db23c464402 60-scdaemon.rules
diff --git a/main/gnupg/emacs-easypg-fix.patch b/main/gnupg/emacs-easypg-fix.patch
deleted file mode 100644
index d7abb5596c0..00000000000
--- a/main/gnupg/emacs-easypg-fix.patch
+++ /dev/null
@@ -1,591 +0,0 @@
-Patch-Source: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=patch;h=2f872fa68c6576724b9dabee9fb0844266f55d0d
-https://dev.gnupg.org/rG2f872fa68c6576724b9dabee9fb0844266f55d0d
---
-From 2f872fa68c6576724b9dabee9fb0844266f55d0d Mon Sep 17 00:00:00 2001
-From: NIIBE Yutaka <gniibe@fsij.org>
-Date: Wed, 24 May 2023 10:36:04 +0900
-Subject: [PATCH] gpg: Report BEGIN_* status before examining the input.
-
-* common/miscellaneous.c (is_openpgp_compressed_packet)
-(is_file_compressed): Moved to ...
-* common/iobuf.c: ... in this file.
-(is_file_compressed): Change the argument to INP, the iobuf.
-* common/util.h (is_file_compressed): Remove.
-* common/iobuf.h (is_file_compressed): Add.
-* g10/cipher-aead.c (write_header): Don't call write_status_printf
-here.
-(cipher_filter_aead): Call write_status_printf when called with
-IOBUFCTRL_INIT.
-* g10/cipher-cfb.c (write_header): Don't call write_status_printf
-here.
-(cipher_filter_cfb): Call write_status_printf when called with
-IOBUFCTRL_INIT.
-* g10/encrypt.c (encrypt_simple): Use new is_file_compressed function,
-after call of iobuf_push_filter.
-(encrypt_crypt): Likewise.
-* g10/sign.c (sign_file): Likewise.
-
---
-
-GnuPG-bug-id: 6481
-Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
----
- common/iobuf.c | 120 +++++++++++++++++++++++++++++++++++++++++++++++++
- common/iobuf.h | 3 ++
- common/miscellaneous.c | 106 -------------------------------------------
- common/util.h | 2 -
- g10/cipher-aead.c | 7 ++-
- g10/cipher-cfb.c | 9 ++--
- g10/encrypt.c | 103 ++++++++++++++++--------------------------
- g10/sign.c | 13 +-----
- 8 files changed, 174 insertions(+), 189 deletions(-)
-
-diff --git a/common/iobuf.c b/common/iobuf.c
-index 62cde27f9..e088812a6 100644
---- a/common/iobuf.c
-+++ b/common/iobuf.c
-@@ -3057,3 +3057,123 @@ iobuf_skip_rest (iobuf_t a, unsigned long n, int partial)
- }
- }
- }
-+
-+
-+/* Check whether (BUF,LEN) is valid header for an OpenPGP compressed
-+ * packet. LEN should be at least 6. */
-+static int
-+is_openpgp_compressed_packet (const unsigned char *buf, size_t len)
-+{
-+ int c, ctb, pkttype;
-+ int lenbytes;
-+
-+ ctb = *buf++; len--;
-+ if (!(ctb & 0x80))
-+ return 0; /* Invalid packet. */
-+
-+ if ((ctb & 0x40)) /* New style (OpenPGP) CTB. */
-+ {
-+ pkttype = (ctb & 0x3f);
-+ if (!len)
-+ return 0; /* Expected first length octet missing. */
-+ c = *buf++; len--;
-+ if (c < 192)
-+ ;
-+ else if (c < 224)
-+ {
-+ if (!len)
-+ return 0; /* Expected second length octet missing. */
-+ }
-+ else if (c == 255)
-+ {
-+ if (len < 4)
-+ return 0; /* Expected length octets missing */
-+ }
-+ }
-+ else /* Old style CTB. */
-+ {
-+ pkttype = (ctb>>2)&0xf;
-+ lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3));
-+ if (len < lenbytes)
-+ return 0; /* Not enough length bytes. */
-+ }
-+
-+ return (pkttype == 8);
-+}
-+
-+
-+/*
-+ * Check if the file is compressed, by peeking the iobuf. You need to
-+ * pass the iobuf with INP. Returns true if the buffer seems to be
-+ * compressed.
-+ */
-+int
-+is_file_compressed (iobuf_t inp)
-+{
-+ int i;
-+ char buf[32];
-+ int buflen;
-+
-+ struct magic_compress_s
-+ {
-+ byte len;
-+ byte extchk;
-+ byte magic[5];
-+ } magic[] =
-+ {
-+ { 3, 0, { 0x42, 0x5a, 0x68, 0x00 } }, /* bzip2 */
-+ { 3, 0, { 0x1f, 0x8b, 0x08, 0x00 } }, /* gzip */
-+ { 4, 0, { 0x50, 0x4b, 0x03, 0x04 } }, /* (pk)zip */
-+ { 5, 0, { '%', 'P', 'D', 'F', '-'} }, /* PDF */
-+ { 4, 1, { 0xff, 0xd8, 0xff, 0xe0 } }, /* Maybe JFIF */
-+ { 5, 2, { 0x89, 'P','N','G', 0x0d} } /* Likely PNG */
-+ };
-+
-+ if (!inp)
-+ return 0;
-+
-+ for ( ; inp->chain; inp = inp->chain )
-+ ;
-+
-+ buflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof buf, buf);
-+ if (buflen < 0)
-+ {
-+ buflen = 0;
-+ log_debug ("peeking at input failed\n");
-+ }
-+
-+ if ( buflen < 6 )
-+ {
-+ return 0; /* Too short to check - assume uncompressed. */
-+ }
-+
-+ for ( i = 0; i < DIM (magic); i++ )
-+ {
-+ if (!memcmp( buf, magic[i].magic, magic[i].len))
-+ {
-+ switch (magic[i].extchk)
-+ {
-+ case 0:
-+ return 1; /* Is compressed. */
-+ case 1:
-+ if (buflen > 11 && !memcmp (buf + 6, "JFIF", 5))
-+ return 1; /* JFIF: this likely a compressed JPEG. */
-+ break;
-+ case 2:
-+ if (buflen > 8
-+ && buf[5] == 0x0a && buf[6] == 0x1a && buf[7] == 0x0a)
-+ return 1; /* This is a PNG. */
-+ break;
-+ default:
-+ break;
-+ }
-+ }
-+ }
-+
-+ if (buflen >= 6 && is_openpgp_compressed_packet (buf, buflen))
-+ {
-+ return 1; /* Already compressed. */
-+ }
-+
-+ return 0; /* Not detected as compressed. */
-+}
-diff --git a/common/iobuf.h b/common/iobuf.h
-index c132c2f3c..ad416fe86 100644
---- a/common/iobuf.h
-+++ b/common/iobuf.h
-@@ -629,6 +629,9 @@ void iobuf_set_partial_body_length_mode (iobuf_t a, size_t len);
- from the following filter (which may or may not return EOF). */
- void iobuf_skip_rest (iobuf_t a, unsigned long n, int partial);
-
-+/* Check if the file is compressed, by peeking the iobuf. */
-+int is_file_compressed (iobuf_t inp);
-+
- #define iobuf_where(a) "[don't know]"
-
- /* Each time a filter is allocated (via iobuf_alloc()), a
-diff --git a/common/miscellaneous.c b/common/miscellaneous.c
-index f19cc539d..1a090b1f5 100644
---- a/common/miscellaneous.c
-+++ b/common/miscellaneous.c
-@@ -415,112 +415,6 @@ decode_c_string (const char *src)
- }
-
-
--/* Check whether (BUF,LEN) is valid header for an OpenPGP compressed
-- * packet. LEN should be at least 6. */
--static int
--is_openpgp_compressed_packet (const unsigned char *buf, size_t len)
--{
-- int c, ctb, pkttype;
-- int lenbytes;
--
-- ctb = *buf++; len--;
-- if (!(ctb & 0x80))
-- return 0; /* Invalid packet. */
--
-- if ((ctb & 0x40)) /* New style (OpenPGP) CTB. */
-- {
-- pkttype = (ctb & 0x3f);
-- if (!len)
-- return 0; /* Expected first length octet missing. */
-- c = *buf++; len--;
-- if (c < 192)
-- ;
-- else if (c < 224)
-- {
-- if (!len)
-- return 0; /* Expected second length octet missing. */
-- }
-- else if (c == 255)
-- {
-- if (len < 4)
-- return 0; /* Expected length octets missing */
-- }
-- }
-- else /* Old style CTB. */
-- {
-- pkttype = (ctb>>2)&0xf;
-- lenbytes = ((ctb&3)==3)? 0 : (1<<(ctb & 3));
-- if (len < lenbytes)
-- return 0; /* Not enough length bytes. */
-- }
--
-- return (pkttype == 8);
--}
--
--
--
--/*
-- * Check if the file is compressed. You need to pass the first bytes
-- * of the file as (BUF,BUFLEN). Returns true if the buffer seems to
-- * be compressed.
-- */
--int
--is_file_compressed (const byte *buf, unsigned int buflen)
--{
-- int i;
--
-- struct magic_compress_s
-- {
-- byte len;
-- byte extchk;
-- byte magic[5];
-- } magic[] =
-- {
-- { 3, 0, { 0x42, 0x5a, 0x68, 0x00 } }, /* bzip2 */
-- { 3, 0, { 0x1f, 0x8b, 0x08, 0x00 } }, /* gzip */
-- { 4, 0, { 0x50, 0x4b, 0x03, 0x04 } }, /* (pk)zip */
-- { 5, 0, { '%', 'P', 'D', 'F', '-'} }, /* PDF */
-- { 4, 1, { 0xff, 0xd8, 0xff, 0xe0 } }, /* Maybe JFIF */
-- { 5, 2, { 0x89, 'P','N','G', 0x0d} } /* Likely PNG */
-- };
--
-- if ( buflen < 6 )
-- {
-- return 0; /* Too short to check - assume uncompressed. */
-- }
--
-- for ( i = 0; i < DIM (magic); i++ )
-- {
-- if (!memcmp( buf, magic[i].magic, magic[i].len))
-- {
-- switch (magic[i].extchk)
-- {
-- case 0:
-- return 1; /* Is compressed. */
-- case 1:
-- if (buflen > 11 && !memcmp (buf + 6, "JFIF", 5))
-- return 1; /* JFIF: this likely a compressed JPEG. */
-- break;
-- case 2:
-- if (buflen > 8
-- && buf[5] == 0x0a && buf[6] == 0x1a && buf[7] == 0x0a)
-- return 1; /* This is a PNG. */
-- break;
-- default:
-- break;
-- }
-- }
-- }
--
-- if (buflen >= 6 && is_openpgp_compressed_packet (buf, buflen))
-- {
-- return 1; /* Already compressed. */
-- }
--
-- return 0; /* Not detected as compressed. */
--}
--
--
- /* Try match against each substring of multistr, delimited by | */
- int
- match_multistr (const char *multistr,const char *match)
-diff --git a/common/util.h b/common/util.h
-index aa24e39e6..6b948510e 100644
---- a/common/util.h
-+++ b/common/util.h
-@@ -360,8 +360,6 @@ char *try_make_printable_string (const void *p, size_t n, int delim);
- char *make_printable_string (const void *p, size_t n, int delim);
- char *decode_c_string (const char *src);
-
--int is_file_compressed (const byte *buf, unsigned int buflen);
--
- int match_multistr (const char *multistr,const char *match);
-
- int gnupg_compare_version (const char *a, const char *b);
-diff --git a/g10/cipher-aead.c b/g10/cipher-aead.c
-index 640d8432f..0c07e65de 100644
---- a/g10/cipher-aead.c
-+++ b/g10/cipher-aead.c
-@@ -174,8 +174,6 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a)
- log_debug ("aead packet: len=%lu extralen=%d\n",
- (unsigned long)ed.len, ed.extralen);
-
-- write_status_printf (STATUS_BEGIN_ENCRYPTION, "0 %d %d",
-- cfx->dek->algo, ed.aead_algo);
- print_cipher_algo_note (cfx->dek->algo);
-
- if (build_packet( a, &pkt))
-@@ -488,6 +486,11 @@ cipher_filter_aead (void *opaque, int control,
- {
- mem2str (buf, "cipher_filter_aead", *ret_len);
- }
-+ else if (control == IOBUFCTRL_INIT)
-+ {
-+ write_status_printf (STATUS_BEGIN_ENCRYPTION, "0 %d %d",
-+ cfx->dek->algo, cfx->dek->use_aead);
-+ }
-
- return rc;
- }
-diff --git a/g10/cipher-cfb.c b/g10/cipher-cfb.c
-index 3ba8eb738..29bf2477c 100644
---- a/g10/cipher-cfb.c
-+++ b/g10/cipher-cfb.c
-@@ -72,9 +72,6 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a)
- log_info (_("Hint: Do not use option %s\n"), "--rfc2440");
- }
-
-- write_status_printf (STATUS_BEGIN_ENCRYPTION, "%d %d",
-- ed.mdc_method, cfx->dek->algo);
--
- init_packet (&pkt);
- pkt.pkttype = cfx->dek->use_mdc? PKT_ENCRYPTED_MDC : PKT_ENCRYPTED;
- pkt.pkt.encrypted = &ed;
-@@ -182,6 +179,12 @@ cipher_filter_cfb (void *opaque, int control,
- {
- mem2str (buf, "cipher_filter_cfb", *ret_len);
- }
-+ else if (control == IOBUFCTRL_INIT)
-+ {
-+ write_status_printf (STATUS_BEGIN_ENCRYPTION, "%d %d",
-+ cfx->dek->use_mdc ? DIGEST_ALGO_SHA1 : 0,
-+ cfx->dek->algo);
-+ }
-
- return rc;
- }
-diff --git a/g10/encrypt.c b/g10/encrypt.c
-index 687b4344e..a524326bb 100644
---- a/g10/encrypt.c
-+++ b/g10/encrypt.c
-@@ -410,8 +410,6 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
- text_filter_context_t tfx;
- progress_filter_context_t *pfx;
- int do_compress = !!default_compress_algo();
-- char peekbuf[32];
-- int peekbuflen;
-
- if (!gnupg_rng_is_compliant (opt.compliance))
- {
-@@ -448,14 +446,6 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
- return rc;
- }
-
-- peekbuflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof peekbuf, peekbuf);
-- if (peekbuflen < 0)
-- {
-- peekbuflen = 0;
-- if (DBG_FILTER)
-- log_debug ("peeking at input failed\n");
-- }
--
- handle_progress (pfx, inp, filename);
-
- if (opt.textmode)
-@@ -517,17 +507,6 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
- /**/ : "CFB");
- }
-
-- if (do_compress
-- && cfx.dek
-- && (cfx.dek->use_mdc || cfx.dek->use_aead)
-- && !opt.explicit_compress_option
-- && is_file_compressed (peekbuf, peekbuflen))
-- {
-- if (opt.verbose)
-- log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]");
-- do_compress = 0;
-- }
--
- if ( rc || (rc = open_outfile (-1, filename, opt.armor? 1:0, 0, &out )))
- {
- iobuf_cancel (inp);
-@@ -598,6 +577,24 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
- else
- filesize = opt.set_filesize ? opt.set_filesize : 0; /* stdin */
-
-+ /* Register the cipher filter. */
-+ if (mode)
-+ iobuf_push_filter (out,
-+ cfx.dek->use_aead? cipher_filter_aead
-+ /**/ : cipher_filter_cfb,
-+ &cfx );
-+
-+ if (do_compress
-+ && cfx.dek
-+ && (cfx.dek->use_mdc || cfx.dek->use_aead)
-+ && !opt.explicit_compress_option
-+ && is_file_compressed (inp))
-+ {
-+ if (opt.verbose)
-+ log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]");
-+ do_compress = 0;
-+ }
-+
- if (!opt.no_literal)
- {
- /* Note that PT has been initialized above in !no_literal mode. */
-@@ -617,13 +614,6 @@ encrypt_simple (const char *filename, int mode, int use_seskey)
- pkt.pkt.generic = NULL;
- }
-
-- /* Register the cipher filter. */
-- if (mode)
-- iobuf_push_filter (out,
-- cfx.dek->use_aead? cipher_filter_aead
-- /**/ : cipher_filter_cfb,
-- &cfx );
--
- /* Register the compress filter. */
- if ( do_compress )
- {
-@@ -783,7 +773,7 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
- PKT_plaintext *pt = NULL;
- DEK *symkey_dek = NULL;
- STRING2KEY *symkey_s2k = NULL;
-- int rc = 0, rc2 = 0;
-+ int rc = 0;
- u32 filesize;
- cipher_filter_context_t cfx;
- armor_filter_context_t *afx = NULL;
-@@ -792,8 +782,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
- progress_filter_context_t *pfx;
- PK_LIST pk_list;
- int do_compress;
-- char peekbuf[32];
-- int peekbuflen;
-
- if (filefd != -1 && filename)
- return gpg_error (GPG_ERR_INV_ARG); /* Both given. */
-@@ -866,14 +854,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
- if (opt.verbose)
- log_info (_("reading from '%s'\n"), iobuf_get_fname_nonnull (inp));
-
-- peekbuflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof peekbuf, peekbuf);
-- if (peekbuflen < 0)
-- {
-- peekbuflen = 0;
-- if (DBG_FILTER)
-- log_debug ("peeking at input failed\n");
-- }
--
- handle_progress (pfx, inp, filename);
-
- if (opt.textmode)
-@@ -900,25 +880,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
- if (!cfx.dek->use_aead)
- cfx.dek->use_mdc = !!use_mdc (pk_list, cfx.dek->algo);
-
-- /* Only do the is-file-already-compressed check if we are using a
-- * MDC or AEAD. This forces compressed files to be re-compressed if
-- * we do not have a MDC to give some protection against chosen
-- * ciphertext attacks. */
-- if (do_compress
-- && (cfx.dek->use_mdc || cfx.dek->use_aead)
-- && !opt.explicit_compress_option
-- && is_file_compressed (peekbuf, peekbuflen))
-- {
-- if (opt.verbose)
-- log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]");
-- do_compress = 0;
-- }
-- if (rc2)
-- {
-- rc = rc2;
-- goto leave;
-- }
--
- make_session_key (cfx.dek);
- if (DBG_CRYPTO)
- log_printhex (cfx.dek->key, cfx.dek->keylen, "DEK is: ");
-@@ -960,6 +921,26 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
- else
- filesize = opt.set_filesize ? opt.set_filesize : 0; /* stdin */
-
-+ /* Register the cipher filter. */
-+ iobuf_push_filter (out,
-+ cfx.dek->use_aead? cipher_filter_aead
-+ /**/ : cipher_filter_cfb,
-+ &cfx);
-+
-+ /* Only do the is-file-already-compressed check if we are using a
-+ * MDC or AEAD. This forces compressed files to be re-compressed if
-+ * we do not have a MDC to give some protection against chosen
-+ * ciphertext attacks. */
-+ if (do_compress
-+ && (cfx.dek->use_mdc || cfx.dek->use_aead)
-+ && !opt.explicit_compress_option
-+ && is_file_compressed (inp))
-+ {
-+ if (opt.verbose)
-+ log_info(_("'%s' already compressed\n"), filename? filename: "[stdin]");
-+ do_compress = 0;
-+ }
-+
- if (!opt.no_literal)
- {
- pt->timestamp = make_timestamp();
-@@ -974,12 +955,6 @@ encrypt_crypt (ctrl_t ctrl, int filefd, const char *filename,
- else
- cfx.datalen = filesize && !do_compress ? filesize : 0;
-
-- /* Register the cipher filter. */
-- iobuf_push_filter (out,
-- cfx.dek->use_aead? cipher_filter_aead
-- /**/ : cipher_filter_cfb,
-- &cfx);
--
- /* Register the compress filter. */
- if (do_compress)
- {
-diff --git a/g10/sign.c b/g10/sign.c
-index b5e9d422d..fcb1bb749 100644
---- a/g10/sign.c
-+++ b/g10/sign.c
-@@ -1035,9 +1035,6 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
- int multifile = 0;
- u32 duration=0;
- pt_extra_hash_data_t extrahash = NULL;
-- char peekbuf[32];
-- int peekbuflen = 0;
--
-
- pfx = new_progress_context ();
- afx = new_armor_context ();
-@@ -1096,14 +1093,6 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
- goto leave;
- }
-
-- peekbuflen = iobuf_ioctl (inp, IOBUF_IOCTL_PEEK, sizeof peekbuf, peekbuf);
-- if (peekbuflen < 0)
-- {
-- peekbuflen = 0;
-- if (DBG_FILTER)
-- log_debug ("peeking at input failed\n");
-- }
--
- handle_progress (pfx, inp, fname);
- }
-
-@@ -1261,7 +1250,7 @@ sign_file (ctrl_t ctrl, strlist_t filenames, int detached, strlist_t locusr,
- int compr_algo = opt.compress_algo;
-
- if (!opt.explicit_compress_option
-- && is_file_compressed (peekbuf, peekbuflen))
-+ && is_file_compressed (inp))
- {
- if (opt.verbose)
- log_info(_("'%s' already compressed\n"), fname? fname: "[stdin]");
---
-2.11.0
-