patch-ag and patch-ao already had security fixes for CESA-2004-006.

But now these are improved in response to
 iDEFENSE Security Advisory 12.21.04
 www.idefense.com/application/poi/display?id=173&type=vulnerabilities
 libtiff STRIPOFFSETS Integer Overflow Vulnerability
 December 21, 2004

This fix (in two files) was from that advisory and also seen
in tiff 3.7.1.

PKGREVISION is bumped to 6 and BUILDLINK_RECOMMENDED is adjusted for
this possible security issue. Other packages depending on this are not
bumped.

2 files changed, 4 insertions, 4 deletions

diff --git a/graphics/tiff/patches/patch-ag b/graphics/tiff/patches/patch-ag
index f7a7ef05d1c..377ae4c0cf2 100644
--- a/graphics/tiff/patches/patch-ag
+++ b/graphics/tiff/patches/patch-ag
@@ -1,4 +1,4 @@
-$NetBSD: patch-ag,v 1.7 2004/10/18 14:37:24 tron Exp $
+$NetBSD: patch-ag,v 1.8 2004/12/22 03:57:15 reed Exp $
 
 --- libtiff/tif_fax3.c.orig	2003-11-06 09:22:13.000000000 +0100
 +++ libtiff/tif_fax3.c	2004-10-18 16:24:04.000000000 +0200
@@ -12,7 +12,7 @@ $NetBSD: patch-ag,v 1.7 2004/10/18 14:37:24 tron Exp $
 +	char	*cp = NULL;
 +	tsize_t	bytes = nmemb * elem_size;
 +
-+	if (elem_size && bytes / elem_size == nmemb)
++	if (nmemb && elem_size && bytes / elem_size == nmemb)
 +		cp = (char*) _TIFFmalloc(bytes);
 +
 +	if (cp == NULL)
diff --git a/graphics/tiff/patches/patch-ao b/graphics/tiff/patches/patch-ao
index f2be1528adf..91d2fa79a0c 100644
--- a/graphics/tiff/patches/patch-ao
+++ b/graphics/tiff/patches/patch-ao
@@ -1,4 +1,4 @@
-$NetBSD: patch-ao,v 1.1 2004/10/18 14:37:24 tron Exp $
+$NetBSD: patch-ao,v 1.2 2004/12/22 03:57:15 reed Exp $
 
 --- libtiff/tif_dirread.c.orig	2003-12-22 09:22:15.000000000 +0100
 +++ libtiff/tif_dirread.c	2004-10-18 16:25:32.000000000 +0200
@@ -13,7 +13,7 @@ $NetBSD: patch-ao,v 1.1 2004/10/18 14:37:24 tron Exp $
 +	char	*cp = NULL;
 +	tsize_t	bytes = nmemb * elem_size;
 +
-+	if (elem_size && bytes / elem_size == nmemb)
++	if (nmemb && elem_size && bytes / elem_size == nmemb)
 +		cp = (char*)_TIFFmalloc(bytes);
 +
  	if (cp == NULL)