- I recently received a GnuPG 1.0.7 message that went into an
infinite loop while decompressing. Investigation showed that the
problem was incomplete support for the OpenPGP indefinite length
packets in the code.
- In trying to diagnose this, going to use the "Extract session key"
feature in CTCjava to keep from having to enter my passphrase, I find
that there is something up in the JNI layer for this which faults,
rendering the feature inoperative. JNI is sufficiently brittle that I
don't think this will be fixed. I will now declare CTCjava as having
had its last full release.
I have made changes that accomodate the former issue, though this is
by way of a stop-gap, copying into a separate buffer the multiple
sections of a packet that is of that format, rather than the proper fix,
which would be to put an extra abstraction layer of packet reading on top
of the file being read. I have produced updated source
including fixes for the 30-May-01 and 9-Jun-02 issues, and a replacement dll (version
1.2.1044.27931) for Windows users.
The former is a source archive and a signature inside a zip. Unshell,
verify, then unpack over the CTClib 2.3 code, and build. It contains
VS.NET and C++ Builder projects, and the CTClib 2.3 makefile should also
work - though I've not verified this. The latter is the dll (debug build
from VC++.NET) and a signature. Save the old dll, verify the signature on
the new one, and drop it in place. Keeping the old dll (and swapping by
renaming) allows you to revert if you come across new bugs.
In order to fix the packet length bug properly, I really need to start
a full refactoring of CTClib, the end result of which would be a CTClib
3.0, with new, but stable interfaces, and a major revision into C++. What
is likely to happen is a series of 2.4 releases (but don't hold your
breath) which may change some of the interfaces at each step. Meanwhile
there may be a number of 2.3-compatibility interim releases (with later
CTCjlib 1.2 version dlls) to patch up serious bugs in the core still
being accessed by the Java-based GUI.
In the meantime, there is a FOX-1.1.19 compatible
start of a GUI in the source drop, which can do the unpicking of session
keys, for those who really need that feature - but you have to build it
yourself.