configure.ac | 2 2 + 0 - 0 !
doc/gnupg.texi | 6 3 + 3 - 0 !
2 files changed, 5 insertions(+), 3 deletions(-)

---

agent/protect.c | 32 19 + 13 - 0 !
1 file changed, 19 insertions(+), 13 deletions(-)

---

kbx/keybox-blob.c (working copy) | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

---

g10/import.c | 23 22 + 1 - 0 !
1 file changed, 22 insertions(+), 1 deletion(-)

 gpg: import only packets which are allowed in a keyblock.

NEWS | 2 2 + 0 - 0 !
g10/mainproc.c | 52 43 + 9 - 0 !
2 files changed, 45 insertions(+), 9 deletions(-)

 [patch 1/2] gpg: fix bug with deeply nested compressed packets.

* g10/mainproc.c (MAX_NESTING_DEPTH): New.
(proc_compressed): Return an error code.
(check_nesting): New.
(do_proc_packets): Check packet nesting depth.  Handle errors from
check_compressed.

Signed-off-by: Werner Koch <wk@gnupg.org>

common/iobuf.c | 11 11 + 0 - 0 !
g10/mainproc.c | 80 48 + 32 - 0 !
2 files changed, 59 insertions(+), 32 deletions(-)

 [patch 2/2] gpg: limit the nesting level of i/o filters.

* common/iobuf.c (MAX_NESTING_FILTER): New.
(iobuf_push_filter2): Limit the nesting level.

* g10/mainproc.c (mainproc_context): New field ANY.  Change HAVE_DATA
and ANY_SIG_SIGN to bit fields of ANY.  Add bit field
UNCOMPRESS_FAILED.
(proc_compressed): Avoid printing multiple Bad Data messages.
(check_nesting): Return GPG_ERR_BAD_DATA instead of UNEXPECTED_DATA.
--

This is a more general fix for the nested compression packet bug.  In
particular this helps g10/import.c:read_block to stop pushing
compression filters onto an iobuf stream.  This patch also reduces the
number of error messages for the non-import case.

Signed-off-by: Werner Koch <wk@gnupg.org>

g10/getkey.c | 8 7 + 1 - 0 !
include/cipher.h | 5 5 + 0 - 0 !
2 files changed, 12 insertions(+), 1 deletion(-)

---