From d832a0f7c72fed2d86631779e0e765258c273a60 Mon Sep 17 00:00:00 2001
From: des <des@FreeBSD.org>
Date: Mon, 10 Sep 2018 13:19:46 +0000
Subject: Regenerate with 'make makepatch' and add a comment.  Note that I am
 unsure if the patch is still required, or even if it is correct.

---
 security/p5-Crypt-OpenPGP/files/patch-CVE-2005-0366     | 13 -------------
 .../files/patch-lib_Crypt_OpenPGP_Ciphertext.pm         | 17 +++++++++++++++++
 2 files changed, 17 insertions(+), 13 deletions(-)
 delete mode 100644 security/p5-Crypt-OpenPGP/files/patch-CVE-2005-0366
 create mode 100644 security/p5-Crypt-OpenPGP/files/patch-lib_Crypt_OpenPGP_Ciphertext.pm

(limited to 'security')

diff --git a/security/p5-Crypt-OpenPGP/files/patch-CVE-2005-0366 b/security/p5-Crypt-OpenPGP/files/patch-CVE-2005-0366
deleted file mode 100644
index b7932d70d4ae..000000000000
--- a/security/p5-Crypt-OpenPGP/files/patch-CVE-2005-0366
+++ /dev/null
@@ -1,13 +0,0 @@
---- lib/Crypt/OpenPGP/Ciphertext.pm.orig	Tue Apr 10 15:51:46 2007
-+++ lib/Crypt/OpenPGP/Ciphertext.pm	Tue Apr 10 15:52:03 2007
-@@ -87,8 +87,8 @@ sub decrypt {
-     my $padlen = $cipher->blocksize + 2;
-     my $pt = $enc->{prefix} =
-         $cipher->decrypt(substr $enc->{ciphertext}, 0, $padlen);
--    return $enc->error("Bad checksum")
--        unless substr($pt, -4, 2) eq substr($pt, -2, 2);
-+    # return $enc->error("Bad checksum")
-+    #     unless substr($pt, -4, 2) eq substr($pt, -2, 2);
-     $cipher->sync unless $enc->{is_mdc};
-     $pt = $cipher->decrypt(substr $enc->{ciphertext}, $padlen);
-     if ($enc->{is_mdc}) {
diff --git a/security/p5-Crypt-OpenPGP/files/patch-lib_Crypt_OpenPGP_Ciphertext.pm b/security/p5-Crypt-OpenPGP/files/patch-lib_Crypt_OpenPGP_Ciphertext.pm
new file mode 100644
index 000000000000..6a9f0bb7b6d0
--- /dev/null
+++ b/security/p5-Crypt-OpenPGP/files/patch-lib_Crypt_OpenPGP_Ciphertext.pm
@@ -0,0 +1,17 @@
+Patch for CVE-2005-0366: plaintext recovery using checksum failure oracle.
+
+https://nvd.nist.gov/vuln/detail/CVE-2005-0366
+
+--- lib/Crypt/OpenPGP/Ciphertext.pm.orig	2009-12-11 00:05:35 UTC
++++ lib/Crypt/OpenPGP/Ciphertext.pm
+@@ -85,8 +85,8 @@ sub decrypt {
+     my $padlen = $cipher->blocksize + 2;
+     my $pt = $enc->{prefix} =
+         $cipher->decrypt(substr $enc->{ciphertext}, 0, $padlen);
+-    return $enc->error("Bad checksum")
+-        unless substr($pt, -4, 2) eq substr($pt, -2, 2);
++    # return $enc->error("Bad checksum")
++    #     unless substr($pt, -4, 2) eq substr($pt, -2, 2);
+     $cipher->sync unless $enc->{is_mdc};
+     $pt = $cipher->decrypt(substr $enc->{ciphertext}, $padlen);
+     if ($enc->{is_mdc}) {
-- 
cgit